0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:14:52 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendmsg(r0, &(0x7f0000000400)={&(0x7f00000000c0)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="68000000880000000010000065a8818b11008b557aa6d9a883766587d6ee64dcb010ea7d4d9dd62588da5072216edfbc206dc71e4cd1a22e9f3adbd6a2947c21a94f06e9ef18942c34291b5024f34ebddba64de9c21934d7c2be8460e1e6b35cbda0ca2c62000000340000000000000003000000a0fda39c2e332ec380c70f22a665e26cb4a53df1c5d75f6634681097183ca0ca4124ccd9840a38002c000000010000007f000000ce26e0abc401a89eec3d130d0f1a66328fd5ef386a069040d2ffb038571c00004c00000084000000030000007d2a831dfeb433b60ef17cd61bccdb95a6a84a3e03431edf025951ee3c1b60bd42487f1094baf93c76243bfdb6d24c13ba0fc868fd8653163ac4ee11c4000000bc"], 0x1d0}, 0x0) 21:14:53 executing program 2: r0 = socket(0x1c, 0x10000001, 0x84) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x901, &(0x7f0000000140), 0x8) [ 2461.429988][T25851] loop4: detected capacity change from 0 to 253983 [ 2461.558606][T25851] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2461.567463][T25851] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:14:53 executing program 5: openat$ptmx(0xffffff9c, &(0x7f0000000000), 0x80, 0x0) [ 2461.686435][T25851] F2FS-fs (loop4): invalid crc_offset: 0 [ 2461.740963][T25858] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2461.820887][T25851] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2461.827972][T25851] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:14:54 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f00000028c0)=@in6={0x1c, 0x1c, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0x3}, 0x1c) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = dup2(r0, r1) connect(r2, &(0x7f0000000300)=@in6={0x1c, 0x1c, 0x1}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="d661d4f86909fb800e8a67f4230155ca0157c27f4a4a053f2dbae4064ad3ee009a4bab9fc903c794cdd258e5a350dbe3f4757113d55c33c035791731d0e14a6183e1d7ecda61421fbc87a06d2b7203639cee857b93628d8d151688abb6b944c045cfb6d711b4a53882b91f57d0f6651bd49e15edd1cf0b8bb814c1220739b42401db9012f4e3c34be809fdb6a4825755dde3a9065d8f", 0x96, 0x0, &(0x7f0000000040)={0x1c, 0x1c, 0x3}, 0x1c) [ 2461.911477][T25864] device bond134 entered promiscuous mode [ 2461.954715][T25846] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2461.965331][T25846] CPU: 1 PID: 25846 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2461.977075][T25846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2461.987288][T25846] Call Trace: [ 2461.990688][T25846] [ 2461.993723][T25846] dump_stack_lvl+0x200/0x28c [ 2461.998619][T25846] dump_stack+0x29/0x2c [ 2462.002958][T25846] dump_header+0x1e5/0xae0 [ 2462.007651][T25846] oom_kill_process+0x3a7/0xba0 [ 2462.012725][T25846] out_of_memory+0x111c/0x1570 [ 2462.017698][T25846] ? slab_debugfs_show+0xa40/0xaa0 [ 2462.023047][T25846] mem_cgroup_out_of_memory+0x46b/0x590 [ 2462.028853][T25846] mem_cgroup_oom+0xa3d/0xd30 [ 2462.033760][T25846] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2462.039015][T25846] try_charge_memcg+0x18b0/0x2110 [ 2462.044275][T25846] ? kmsan_get_metadata+0x33/0x220 [ 2462.049671][T25846] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2462.055719][T25846] charge_memcg+0x1a9/0x6b0 [ 2462.060442][T25846] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2462.066222][T25846] __mem_cgroup_charge+0xb9/0x2e0 [ 2462.071494][T25846] wp_page_copy+0x719/0x4310 [ 2462.076290][T25846] ? kmsan_get_metadata+0x33/0x220 [ 2462.081620][T25846] ? kmsan_get_metadata+0x33/0x220 [ 2462.086953][T25846] ? preempt_count_sub+0xfc/0x340 [ 2462.092183][T25846] do_wp_page+0xc81/0x29c0 [ 2462.096823][T25846] handle_mm_fault+0x43e1/0x47a0 [ 2462.102058][T25846] do_user_addr_fault+0x11f5/0x1e50 [ 2462.107517][T25846] exc_page_fault+0x60/0x140 [ 2462.112331][T25846] ? asm_exc_page_fault+0x8/0x30 [ 2462.117452][T25846] asm_exc_page_fault+0x1e/0x30 [ 2462.122513][T25846] RIP: 0023:0xf6e1f418 [ 2462.126718][T25846] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2462.146539][T25846] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 21:14:54 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000), 0x0, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2462.152784][T25846] RAX: 00000000f6f50000 RBX: 000000009e28bb7e RCX: 0000000000001b7e [ 2462.160908][T25846] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 000000008c7dc1c2 [ 2462.169036][T25846] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2462.177154][T25846] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2462.185289][T25846] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2462.193415][T25846] [ 2462.203227][T25846] memory: usage 307200kB, limit 307200kB, failcnt 11996 [ 2462.210303][T25846] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2462.213731][T25864] device bond134 left promiscuous mode [ 2462.219024][T25846] Memory cgroup stats for /syz1: [ 2462.224249][T25846] anon 122880 [ 2462.224249][T25846] file 313262080 [ 2462.224249][T25846] kernel 1187840 [ 2462.224249][T25846] kernel_stack 49152 [ 2462.224249][T25846] pagetables 69632 [ 2462.224249][T25846] percpu 0 [ 2462.224249][T25846] sock 0 [ 2462.224249][T25846] vmalloc 0 [ 2462.224249][T25846] shmem 313262080 [ 2462.224249][T25846] file_mapped 40960 [ 2462.224249][T25846] file_dirty 0 [ 2462.224249][T25846] file_writeback 0 [ 2462.224249][T25846] swapcached 0 [ 2462.224249][T25846] anon_thp 0 [ 2462.224249][T25846] file_thp 0 [ 2462.224249][T25846] shmem_thp 0 [ 2462.224249][T25846] inactive_anon 311894016 [ 2462.224249][T25846] active_anon 1486848 [ 2462.224249][T25846] inactive_file 0 [ 2462.224249][T25846] active_file 0 [ 2462.224249][T25846] unevictable 0 [ 2462.224249][T25846] slab_reclaimable 786584 [ 2462.224249][T25846] slab_unreclaimable 270136 [ 2462.224249][T25846] slab 1056720 [ 2462.224249][T25846] workingset_refault_anon 0 [ 2462.224249][T25846] workingset_refault_file 0 [ 2462.320473][T25846] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25846,uid=0 [ 2462.336707][T25846] Memory cgroup out of memory: Killed process 25846 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:14:54 executing program 2: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000000)='8', 0x1, 0x9, &(0x7f00000001c0)={0x1c, 0x1c, 0x1}, 0x1c) 21:14:54 executing program 1: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffffffffffffff) 21:14:54 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:14:55 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 2463.066893][T25876] loop4: detected capacity change from 0 to 253983 [ 2463.218057][T25876] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2463.226226][T25876] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2463.368509][T25882] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2463.454818][T25876] F2FS-fs (loop4): invalid crc_offset: 0 21:14:55 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000080), 0x81) 21:14:55 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000000)=@raw=[@call, @func, @generic, @kfunc], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 2463.526323][T25886] device bond135 entered promiscuous mode [ 2463.578694][T25876] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2463.585518][T25876] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 2463.597925][T25886] device bond135 left promiscuous mode 21:14:56 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:14:56 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000), 0x0, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:14:56 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f0000001580)={{0xeb9f, 0x1, 0x0, 0x1a, 0x0, 0xc, 0xc, 0x2, [@union]}}, &(0x7f0000001680)=""/171, 0x26, 0xab, 0x1}, 0x20) [ 2463.969664][T25883] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2463.980657][T25883] CPU: 0 PID: 25883 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2463.992388][T25883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2464.002560][T25883] Call Trace: [ 2464.005923][T25883] [ 2464.008936][T25883] dump_stack_lvl+0x200/0x28c [ 2464.013804][T25883] dump_stack+0x29/0x2c [ 2464.018113][T25883] dump_header+0x1e5/0xae0 [ 2464.022746][T25883] oom_kill_process+0x3a7/0xba0 [ 2464.027802][T25883] out_of_memory+0x111c/0x1570 [ 2464.032830][T25883] ? slab_debugfs_show+0xa40/0xaa0 [ 2464.038142][T25883] mem_cgroup_out_of_memory+0x46b/0x590 [ 2464.044024][T25883] mem_cgroup_oom+0xa3d/0xd30 [ 2464.048903][T25883] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2464.054146][T25883] try_charge_memcg+0x18b0/0x2110 [ 2464.059375][T25883] ? kmsan_get_metadata+0x33/0x220 [ 2464.064728][T25883] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2464.070732][T25883] charge_memcg+0x1a9/0x6b0 [ 2464.075420][T25883] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2464.081174][T25883] __mem_cgroup_charge+0xb9/0x2e0 [ 2464.086406][T25883] wp_page_copy+0x719/0x4310 [ 2464.091183][T25883] ? kmsan_get_metadata+0x33/0x220 [ 2464.096491][T25883] ? kmsan_get_metadata+0x33/0x220 [ 2464.101800][T25883] ? preempt_count_sub+0xfc/0x340 [ 2464.107017][T25883] do_wp_page+0xc81/0x29c0 [ 2464.111644][T25883] handle_mm_fault+0x43e1/0x47a0 [ 2464.116748][T25883] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2464.121936][T25883] ? kmsan_get_metadata+0x33/0x220 [ 2464.127305][T25883] do_user_addr_fault+0x11f5/0x1e50 [ 2464.132715][T25883] exc_page_fault+0x60/0x140 [ 2464.137488][T25883] ? asm_exc_page_fault+0x8/0x30 [ 2464.142583][T25883] asm_exc_page_fault+0x1e/0x30 [ 2464.147583][T25883] RIP: 0023:0xf6e1f418 [ 2464.151767][T25883] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2464.171626][T25883] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2464.177835][T25883] RAX: 00000000f6f50000 RBX: 000000004ddc906a RCX: 000000000000106a [ 2464.185929][T25883] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000816309a2 [ 2464.194032][T25883] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2464.202129][T25883] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2464.210221][T25883] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2464.218339][T25883] [ 2464.225615][T25883] memory: usage 307200kB, limit 307200kB, failcnt 12061 [ 2464.233987][T25883] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2464.240984][T25883] Memory cgroup stats for /syz1: [ 2464.242329][T25883] anon 135168 [ 2464.242329][T25883] file 313262080 [ 2464.242329][T25883] kernel 1175552 [ 2464.242329][T25883] kernel_stack 32768 [ 2464.242329][T25883] pagetables 65536 [ 2464.242329][T25883] percpu 0 [ 2464.242329][T25883] sock 0 [ 2464.242329][T25883] vmalloc 0 [ 2464.242329][T25883] shmem 313262080 [ 2464.242329][T25883] file_mapped 40960 [ 2464.242329][T25883] file_dirty 0 [ 2464.242329][T25883] file_writeback 0 [ 2464.242329][T25883] swapcached 0 [ 2464.242329][T25883] anon_thp 0 [ 2464.242329][T25883] file_thp 0 [ 2464.242329][T25883] shmem_thp 0 [ 2464.242329][T25883] inactive_anon 311877632 [ 2464.242329][T25883] active_anon 1486848 [ 2464.242329][T25883] inactive_file 0 [ 2464.242329][T25883] active_file 0 [ 2464.242329][T25883] unevictable 0 [ 2464.242329][T25883] slab_reclaimable 786584 [ 2464.242329][T25883] slab_unreclaimable 271728 [ 2464.242329][T25883] slab 1058312 [ 2464.242329][T25883] workingset_refault_anon 0 [ 2464.242329][T25883] workingset_refault_file 0 [ 2464.338452][T25883] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25883,uid=0 [ 2464.354547][T25883] Memory cgroup out of memory: Killed process 25883 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:14:56 executing program 1: syz_clone(0xc0100400, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) socketpair(0x2, 0x0, 0x0, 0x0) 21:14:56 executing program 3: socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000540)={0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000200)={&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000080)="2fd6e8d808bb1d512601889f2bf2a96d47097d8a3920fecc89de127832e9", 0x1e}, {&(0x7f0000000280)="83f450b7cf49c545742c0cffac19f1194c5653b6e00b1f409b403ce8ccad0ac60a0825a9e5180a60be1053132e810039a087ddaed8389249ff0cc5d874535bf06a6453aa29127e4e8542680c270e1c2ded3751426b574f56fd4cb9641708c215fae3a18a345a14be6195609f5dbc09078098b0ceb8a4d2d7386f9f6611cdcdf5537b6d6d1252d3812e5c4a7243d2d30abb66cf0686abf2abadbc653734dafe30557214e1061befea8bbb201e655fa9007d66", 0xb2}, {&(0x7f0000000240)="3fd84e", 0x3}], 0x100000000000005a}, 0x4000) 21:14:57 executing program 2: syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/pid\x00') [ 2464.940999][T25899] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2465.064907][T25901] device bond136 entered promiscuous mode [ 2465.088929][T25903] loop4: detected capacity change from 0 to 253983 [ 2465.096717][T25901] device bond136 left promiscuous mode [ 2465.168922][T25903] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2465.177434][T25903] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:14:57 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2465.242449][T25903] F2FS-fs (loop4): invalid crc_offset: 0 21:14:57 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f0000001580)={{0xeb9f, 0x1, 0x0, 0x1a, 0x0, 0xc, 0xc, 0x2, [@union]}}, &(0x7f0000001680)=""/171, 0x26, 0xab, 0x1}, 0x20) [ 2465.324350][T25903] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2465.330968][T25903] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:14:57 executing program 3: socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) syz_clone(0x1a240100, 0x0, 0x1000000, 0x0, 0x0, 0x0) 21:14:57 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000), 0x0, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2465.745379][T25902] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2465.756070][T25902] CPU: 1 PID: 25902 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2465.767824][T25902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2465.778024][T25902] Call Trace: [ 2465.781405][T25902] [ 2465.784429][T25902] dump_stack_lvl+0x200/0x28c [ 2465.789302][T25902] dump_stack+0x29/0x2c [ 2465.793695][T25902] dump_header+0x1e5/0xae0 [ 2465.798283][T25902] oom_kill_process+0x3a7/0xba0 [ 2465.803292][T25902] out_of_memory+0x111c/0x1570 [ 2465.808182][T25902] ? slab_debugfs_show+0xa40/0xaa0 [ 2465.813449][T25902] mem_cgroup_out_of_memory+0x46b/0x590 [ 2465.819251][T25902] mem_cgroup_oom+0xa3d/0xd30 [ 2465.824151][T25902] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2465.829385][T25902] try_charge_memcg+0x18b0/0x2110 [ 2465.834646][T25902] ? kmsan_internal_set_shadow_origin+0x62/0xe0 [ 2465.841131][T25902] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2465.847167][T25902] ? __rcu_read_unlock+0x85/0xf0 [ 2465.852243][T25902] obj_cgroup_charge_pages+0x352/0x760 [ 2465.857878][T25902] obj_cgroup_charge+0x28d/0x430 [ 2465.863058][T25902] kmem_cache_alloc+0x2c1/0x1170 [ 2465.868165][T25902] ? kmsan_get_metadata+0x33/0x220 [ 2465.873478][T25902] ? vm_area_dup+0x77/0x480 [ 2465.878183][T25902] vm_area_dup+0x77/0x480 [ 2465.882678][T25902] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2465.888714][T25902] __split_vma+0x1ea/0xbb0 [ 2465.893274][T25902] split_vma+0x140/0x1a0 [ 2465.897649][T25902] mprotect_fixup+0xdf2/0x1530 [ 2465.902732][T25902] do_mprotect_pkey+0xec0/0x1500 [ 2465.907843][T25902] __ia32_sys_mprotect+0xec/0x140 [ 2465.913015][T25902] __do_fast_syscall_32+0x95/0xf0 [ 2465.918294][T25902] do_fast_syscall_32+0x33/0x70 [ 2465.923356][T25902] do_SYSENTER_32+0x1b/0x20 [ 2465.928017][T25902] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 2465.934475][T25902] RIP: 0023:0xf7fb7549 [ 2465.938671][T25902] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 [ 2465.958463][T25902] RSP: 002b:00000000ffacc068 EFLAGS: 00000286 ORIG_RAX: 000000000000007d [ 2465.967002][T25902] RAX: ffffffffffffffda RBX: 00000000f7f72000 RCX: 0000000000020000 [ 2465.975129][T25902] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000000000 [ 2465.983263][T25902] RBP: 00000000ffacc118 R08: 0000000000000000 R09: 0000000000000000 [ 2465.991374][T25902] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2465.999495][T25902] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2466.007690][T25902] [ 2466.013356][T25902] memory: usage 307200kB, limit 307200kB, failcnt 12118 [ 2466.020422][T25902] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2466.028280][T25902] Memory cgroup stats for /syz1: [ 2466.029701][T25902] anon 110592 [ 2466.029701][T25902] file 313262080 [ 2466.029701][T25902] kernel 1200128 [ 2466.029701][T25902] kernel_stack 49152 [ 2466.029701][T25902] pagetables 65536 [ 2466.029701][T25902] percpu 0 [ 2466.029701][T25902] sock 0 [ 2466.029701][T25902] vmalloc 0 [ 2466.029701][T25902] shmem 313262080 [ 2466.029701][T25902] file_mapped 40960 [ 2466.029701][T25902] file_dirty 0 [ 2466.029701][T25902] file_writeback 0 [ 2466.029701][T25902] swapcached 0 [ 2466.029701][T25902] anon_thp 0 [ 2466.029701][T25902] file_thp 0 [ 2466.029701][T25902] shmem_thp 0 [ 2466.029701][T25902] inactive_anon 311885824 [ 2466.029701][T25902] active_anon 1486848 [ 2466.029701][T25902] inactive_file 0 [ 2466.029701][T25902] active_file 0 [ 2466.029701][T25902] unevictable 0 [ 2466.029701][T25902] slab_reclaimable 786584 [ 2466.029701][T25902] slab_unreclaimable 280120 [ 2466.029701][T25902] slab 1066704 [ 2466.029701][T25902] workingset_refault_anon 0 [ 2466.029701][T25902] workingset_refault_file 0 [ 2466.125970][T25902] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25902,uid=0 [ 2466.142072][T25902] Memory cgroup out of memory: Killed process 25902 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:14:58 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f0000001580)={{0xeb9f, 0x1, 0x0, 0x64, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000001680)=""/171, 0x1a, 0xab, 0x1}, 0x20) 21:14:58 executing program 1: bpf$BPF_BTF_LOAD(0x10, &(0x7f0000001740)={0x0, &(0x7f0000001680)=""/171, 0x0, 0xab}, 0x20) [ 2466.530379][T25915] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:14:58 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f0000001580)={{0xeb9f, 0x1, 0x0, 0x1a, 0x0, 0xc, 0xc, 0x2, [@union]}}, &(0x7f0000001680)=""/171, 0x26, 0xab, 0x1}, 0x20) [ 2466.669686][T25919] device bond137 entered promiscuous mode [ 2466.706574][T25919] device bond137 left promiscuous mode 21:14:59 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2466.884709][T25924] loop4: detected capacity change from 0 to 253983 [ 2466.964455][T25924] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2466.972504][T25924] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2466.997218][T25924] F2FS-fs (loop4): invalid crc_offset: 0 21:14:59 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) [ 2467.115108][T25924] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2467.122665][T25924] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:14:59 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/14, 0xe, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:14:59 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f0000001580)={{0xeb9f, 0x1, 0x0, 0x1a, 0x0, 0xc, 0xc, 0x2, [@union]}}, &(0x7f0000001680)=""/171, 0x26, 0xab, 0x1}, 0x20) 21:14:59 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}]}}, &(0x7f0000000080)=""/214, 0x2e, 0xd6, 0x1}, 0x20) [ 2467.683209][T25929] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2467.694049][T25929] CPU: 1 PID: 25929 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2467.705786][T25929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2467.715971][T25929] Call Trace: [ 2467.719316][T25929] [ 2467.722347][T25929] dump_stack_lvl+0x200/0x28c [ 2467.727223][T25929] dump_stack+0x29/0x2c [ 2467.731507][T25929] dump_header+0x1e5/0xae0 [ 2467.736168][T25929] oom_kill_process+0x3a7/0xba0 [ 2467.741185][T25929] out_of_memory+0x111c/0x1570 [ 2467.746171][T25929] ? slab_debugfs_show+0xa40/0xaa0 [ 2467.751537][T25929] mem_cgroup_out_of_memory+0x46b/0x590 [ 2467.757347][T25929] mem_cgroup_oom+0xa3d/0xd30 [ 2467.762239][T25929] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2467.767477][T25929] try_charge_memcg+0x18b0/0x2110 [ 2467.772730][T25929] ? kmsan_get_metadata+0x33/0x220 [ 2467.778117][T25929] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2467.784156][T25929] charge_memcg+0x1a9/0x6b0 [ 2467.788800][T25929] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2467.794547][T25929] __mem_cgroup_charge+0xb9/0x2e0 [ 2467.799803][T25929] wp_page_copy+0x719/0x4310 [ 2467.804611][T25929] ? kmsan_get_metadata+0x33/0x220 [ 2467.809950][T25929] ? kmsan_get_metadata+0x33/0x220 [ 2467.815296][T25929] ? preempt_count_sub+0xfc/0x340 [ 2467.820516][T25929] do_wp_page+0xc81/0x29c0 [ 2467.825086][T25929] handle_mm_fault+0x43e1/0x47a0 [ 2467.830224][T25929] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2467.836400][T25929] do_user_addr_fault+0x11f5/0x1e50 [ 2467.841839][T25929] exc_page_fault+0x60/0x140 [ 2467.846649][T25929] ? asm_exc_page_fault+0x8/0x30 [ 2467.851695][T25929] asm_exc_page_fault+0x1e/0x30 [ 2467.856685][T25929] RIP: 0023:0xf6e1f418 [ 2467.860886][T25929] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2467.880663][T25929] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2467.887139][T25929] RAX: 00000000f6f50000 RBX: 000000006f9299b2 RCX: 00000000000019b2 [ 2467.895195][T25929] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863c4b4a [ 2467.903261][T25929] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2467.911382][T25929] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2467.919483][T25929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2467.927574][T25929] [ 2467.932834][T25929] memory: usage 307200kB, limit 307200kB, failcnt 12188 [ 2467.939900][T25929] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2467.947756][T25929] Memory cgroup stats for /syz1: [ 2467.949196][T25929] anon 131072 [ 2467.949196][T25929] file 313262080 [ 2467.949196][T25929] kernel 1179648 [ 2467.949196][T25929] kernel_stack 32768 [ 2467.949196][T25929] pagetables 69632 [ 2467.949196][T25929] percpu 0 [ 2467.949196][T25929] sock 0 [ 2467.949196][T25929] vmalloc 0 [ 2467.949196][T25929] shmem 313262080 [ 2467.949196][T25929] file_mapped 40960 [ 2467.949196][T25929] file_dirty 0 [ 2467.949196][T25929] file_writeback 0 [ 2467.949196][T25929] swapcached 0 [ 2467.949196][T25929] anon_thp 0 [ 2467.949196][T25929] file_thp 0 [ 2467.949196][T25929] shmem_thp 0 [ 2467.949196][T25929] inactive_anon 311898112 [ 2467.949196][T25929] active_anon 1486848 [ 2467.949196][T25929] inactive_file 0 [ 2467.949196][T25929] active_file 0 [ 2467.949196][T25929] unevictable 0 [ 2467.949196][T25929] slab_reclaimable 786584 [ 2467.949196][T25929] slab_unreclaimable 271896 [ 2467.949196][T25929] slab 1058480 [ 2467.949196][T25929] workingset_refault_anon 0 [ 2467.949196][T25929] workingset_refault_file 0 [ 2468.045973][T25929] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25929,uid=0 [ 2468.062139][T25929] Memory cgroup out of memory: Killed process 25929 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:00 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x1, &(0x7f0000000040)=@raw=[@jmp], &(0x7f0000000180)='syzkaller\x00', 0x6, 0xa3, &(0x7f00000001c0)=""/163, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 2468.116815][T25935] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:00 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x5, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x4, 0x5}]}, @array]}, {0x0, [0x0, 0x0, 0x0]}}, &(0x7f0000000080)=""/214, 0x49, 0xd6, 0x1}, 0x20) 21:15:00 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:00 executing program 5: syz_clone(0x10104080, 0x0, 0x0, 0x0, 0x0, 0x0) [ 2468.637450][T25943] loop4: detected capacity change from 0 to 253983 [ 2468.813794][T25943] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2468.821716][T25943] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:15:01 executing program 3: bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000001d00)={0xffff7fff}, 0x8) [ 2468.921317][T25943] F2FS-fs (loop4): invalid crc_offset: 0 [ 2468.997809][T25943] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2469.004618][T25943] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 2469.159996][T25951] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2469.270397][T25945] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2469.280916][T25945] CPU: 1 PID: 25945 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2469.292650][T25945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2469.302846][T25945] Call Trace: [ 2469.306227][T25945] [ 2469.309254][T25945] dump_stack_lvl+0x200/0x28c [ 2469.314134][T25945] dump_stack+0x29/0x2c 21:15:01 executing program 2: bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)={&(0x7f0000000300)='./file0\x00'}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)={&(0x7f0000000380)='./file0\x00'}, 0x10) [ 2469.318472][T25945] dump_header+0x1e5/0xae0 [ 2469.323116][T25945] oom_kill_process+0x3a7/0xba0 [ 2469.328276][T25945] out_of_memory+0x111c/0x1570 [ 2469.333242][T25945] ? slab_debugfs_show+0xa40/0xaa0 [ 2469.338576][T25945] mem_cgroup_out_of_memory+0x46b/0x590 [ 2469.344450][T25945] mem_cgroup_oom+0xa3d/0xd30 [ 2469.349336][T25945] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2469.354562][T25945] try_charge_memcg+0x18b0/0x2110 [ 2469.359821][T25945] ? kmsan_get_metadata+0x33/0x220 [ 2469.365202][T25945] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2469.371244][T25945] charge_memcg+0x1a9/0x6b0 [ 2469.375954][T25945] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2469.381731][T25945] __mem_cgroup_charge+0xb9/0x2e0 [ 2469.386994][T25945] wp_page_copy+0x719/0x4310 [ 2469.391786][T25945] ? kmsan_get_metadata+0x33/0x220 [ 2469.397120][T25945] ? kmsan_get_metadata+0x33/0x220 [ 2469.402454][T25945] ? preempt_count_sub+0xfc/0x340 [ 2469.407677][T25945] do_wp_page+0xc81/0x29c0 21:15:01 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/14, 0xe, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2469.417298][T25945] handle_mm_fault+0x43e1/0x47a0 [ 2469.422429][T25945] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2469.427645][T25945] ? kmsan_get_metadata+0x33/0x220 [ 2469.433084][T25945] do_user_addr_fault+0x11f5/0x1e50 [ 2469.438525][T25945] exc_page_fault+0x60/0x140 [ 2469.443324][T25945] ? asm_exc_page_fault+0x8/0x30 [ 2469.448441][T25945] asm_exc_page_fault+0x1e/0x30 [ 2469.453441][T25945] RIP: 0023:0xf6e1f418 21:15:01 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2469.457644][T25945] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2469.477439][T25945] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2469.483671][T25945] RAX: 00000000f6f50000 RBX: 000000006f9299b2 RCX: 00000000000019b2 [ 2469.491775][T25945] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863c4b4a [ 2469.499880][T25945] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2469.507984][T25945] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2469.516089][T25945] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2469.524232][T25945] [ 2469.529875][T25945] memory: usage 307200kB, limit 307200kB, failcnt 12245 [ 2469.537784][T25945] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2469.544930][T25945] Memory cgroup stats for /syz1: [ 2469.546518][T25945] anon 131072 [ 2469.546518][T25945] file 313262080 [ 2469.546518][T25945] kernel 1179648 [ 2469.546518][T25945] kernel_stack 32768 [ 2469.546518][T25945] pagetables 69632 [ 2469.546518][T25945] percpu 0 [ 2469.546518][T25945] sock 0 [ 2469.546518][T25945] vmalloc 0 [ 2469.546518][T25945] shmem 313262080 [ 2469.546518][T25945] file_mapped 40960 [ 2469.546518][T25945] file_dirty 0 [ 2469.546518][T25945] file_writeback 0 [ 2469.546518][T25945] swapcached 0 [ 2469.546518][T25945] anon_thp 0 [ 2469.546518][T25945] file_thp 0 [ 2469.546518][T25945] shmem_thp 0 [ 2469.546518][T25945] inactive_anon 311873536 [ 2469.546518][T25945] active_anon 1486848 [ 2469.546518][T25945] inactive_file 0 [ 2469.546518][T25945] active_file 0 [ 2469.546518][T25945] unevictable 0 [ 2469.546518][T25945] slab_reclaimable 786584 [ 2469.546518][T25945] slab_unreclaimable 271896 [ 2469.546518][T25945] slab 1058480 [ 2469.546518][T25945] workingset_refault_anon 0 [ 2469.546518][T25945] workingset_refault_file 0 [ 2469.642932][T25945] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25945,uid=0 [ 2469.658922][T25945] Memory cgroup out of memory: Killed process 25945 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:02 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, &(0x7f0000000080)=""/214, 0x26, 0xd6, 0x1}, 0x20) 21:15:02 executing program 5: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x9, 0x4, &(0x7f00000002c0)=@framed={{}, [@generic={0x46}]}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 21:15:02 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f0000001580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union={0x0, 0x0, 0x0, 0x5, 0x0, 0xfffff}]}}, &(0x7f0000001680)=""/171, 0x26, 0xab, 0x1}, 0x20) [ 2470.313017][T25965] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:02 executing program 2: ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, &(0x7f0000000000)={0x1, 0x3, 0xffff0000, 0x200, 0x4, 0x9}) ioctl$HIDIOCGRAWINFO(0xffffffffffffffff, 0x80084803, &(0x7f0000000040)=""/251) syz_open_dev$hidraw(&(0x7f0000000140), 0x8, 0x422000) r0 = syz_open_dev$hidraw(&(0x7f0000000180), 0x100000000, 0x800) ioctl$HIDIOCGRAWINFO(r0, 0x80084803, &(0x7f00000001c0)=""/139) ioctl$HIDIOCSFEATURE(r0, 0xc0404806, &(0x7f0000000280)="41863452362384fe6efc5d9bf62c32a4c10ab9cace286bc47d402643f9245a4888165dff12a7eae7f834805ab50d0b0f25b51d561ee0c83c5888accca5fdc7219c98018b6c45cde930f4eb466dcf2c76d81d819bded8803e7bc26dcd598c4ce54cf246750375d32297e44aa917adf435ef8f00e3e8da923f360449abc02270cc1c1e634189be78aa363a4cf112b873b7b3599accb9525319e7325a7ac51f3ece518c3fc188b2766ec7b48559d9bd86b84ffb10d164367f5936faf52a06c86a1b984760f4c2cc13d1bd3e69add436600bb82044705cd50f5adacef0015e47494c80648c3fe4638dbb34f04ac12e0159d0c6efe6bd19590baaf95c7b9b4cc50a588bc7ded1f9b24373cd78849f82eb9e9ea039ff9271d4fab9990576be9f667893d6d711b72140ba472aa5c950a02f231c0a0b8c1f6e2233ffe2d69615e9e7e418b62b3d1012cf8c2bf30604fa48897ff6b23d59226f5e526b44077e96f8cde6ebf27f03085117cea7ea838ab2911079743be89d7149a184d5ae555987a75fa3b4038254ee03ae8115e455c1050f3f09732e1042fa90010e62a07eab100aa860767c3bb35de5f7806d196060d872d5a2737ecd92440262215679ad12875c8d784de9d2ff295cd725e636bf3f76cb572e1c1c979e98bcc9e78d30ce609d34a9d73ffd7dacbe5745b4e06ad7eb073c47ecffe5d61e54f73d202de9b592fefb312e21d65d3e8a4260128d6b3a651f012ac2a6f32f769b8c6ca8ccafe5be8c9f5b9ee3039d45eb5f76652aba69018dc9168519f36bea0731928817ac792f40d86a14777baf8ca9b746202381ae9f3236b0f69b79a7bdb2f49d9372e01a70da547e34c17ce6909046f45dc067a1a275c32b71a8f5ac49d231bddc4ce810c784d7ec59028a99e8b01933897d092faf0e94b26ec86a20d972cecbebda9d91216603d761a60b2f9bae3f5eeb3f578cc418e0371e3894fdd691366536fc30872db965bfbbee66c54295b9d584b93bc4572a3551c267dceab6e704ef165cea806a00993b244a3a7fd8285634741ec77dbf7255a8618a98984a6511ab5f9b13c451b1267b163d8b2498a7066dabe8e26f0e6bbc81ea7d1ce62fa3c0c2ba498760656ce76c455bee542339679f3e660b199293c300665604470da1c06ed13ff9aa6b5fd41262067d80aacf6abf4dbd07f63a5e42313bda66626da503c2f01980fc49ebf8410881635778b765371061ea65b9f3c5f21dd5fb7c78016440adf6c5de5f41dc3bbe477f07646b12ec0506f1b26168b3fb08630d16b956d24c336c53a04499f579ca24f4a830eb425bf7dee0a18b6af082ce13e365520b0d92ca2f46d622bce5c62211b8970628a9050d2080bb39becadf33f7d704378b373eab330e944bfe89d805c5e931d9b9968504fbb1ab857a40a2ae525a7d7969296596149c728dca1ab51eddc64cf62f5d911879fb739dc487c8ee940a1e699b0928c42595f5f76af834ced34f1c108c7be6a8f009c7d730c3158861f28deddf024f2d6e346bb6c63d9a3f64d4b00665e7754f3b16e5b1a8a7c11247dc9cd4a20c8bed37729af4358f70531138a5ecaf06164f5b53e51c4b15bae8fcb1daf305230e04c046a9f2584e63d620724067d878ca6b6860c76c29586255b2b36a0f96fd9b03b18021f239d2c77284139ac0709df36fb41af3d37b49ec1443cbb25a2489d6cdd8f9507ce0e925444af973f598ff6a5231d1e94ce6e7566e18bd026938e58651f630484011aa23e1bd90bfb450bfc1bbb562bda3e0b1f7a170e5c2a4a885815fa18cd3128852a149ba82f52bb9c815a4eea1608b6e0139eeb2db9cdd2c95938e4900282d038342b755594db323708ee1ffe9ed1f2cbbbb9babbd0503147b9242927074c7706be860c3e1cab54313766df5ebf4de0c6e9e25d8fc1e161710461062ff6896d823bdfe9e6c7543db0fb874cfa78105b1b679ed6ff86748ad71c060d7bcb85104b75b15d650d4135aa462750fdad93db558b4bada6880e1284749096512cb27403bbb68d3325e3a79564a580aa8ba80356a0ea2d8e6813fc3328d0cf0b164decbbc526d789b4469c05c9a37b83eb24341d206fa3fc772755ad9ad611810312b2822a69eee20226d7c24ea8d43a892b0f30cb287efd34a16879cf32d0f56a65699597b1c951816aee6037d604043183e030b20b42c20d400384b9244ebc4c31d7134244aa64ae2c58732a3b30f043ae7f8e2b7398e5991d9eb611cc2ef9435eba905c18184dd96bf9a99808df43ef6ee07131a3aba405b34dfa9aa8b0a6879bef9c18c7ceb25f24e73a929bf0cd69d2d1da1115109bcd5104d03d4dd0ac49eecfee5854d3d8c08f4c4931ab1699e93e8151a3fbd07643db315aad2d0a97b909f7a5098188e8a6ee5c99d9684204ac473ce024d03456f070046054382cba59df00fa6bd1fda7dd33145da82e960d6cdb0f485a44e1f528e498dce615b7e62300a92a5a9266d7f2e4aed244415c2df7c5a848a775952592fb86a17279c0d649bcb83bb7e369b8a93bab37a0ca848022921a0856ebfe847733b37bcd1555991bff827284f6baea0166cffa39ec316d510aa05c8a33d08a8b41aab0d8399e457444b921cc474ca4d0ee199ac1dd224ac37159da1a6326747813e451bf9221ac8507f40a95cd5bcaf6c14fcf44e992c6bf4e7bf32b03e5788021fe3063772c03504a0b1605867ab576ff881dbe4d4c6f7e4cba8ba80310a438f1c6f56d6ac22dd660454fd7a039fd21981c78c18c7bb9e599c0d18757114ada085f60fadf98489e19c978b01eb6fbab3e210ff7913294daa4ea789932d1742c681a3063a59a61927d267509b7b9ff365e9edef437035579fe6634660838fed615691372ea9278d06bd963ff34a8bb093a90fb5703244c7e4d036915d561d1cc957ed4187fd59ade0f5def3f3e65b2cb13397d1f489930bd401cb2d228e3220157046ad04b6d4470039ccab67925e2b15303f969ac6417708385844a3b4481463967e8cda2c28cb03d06e19bd3b4a7df56841c27b3a653306538a605e89f591afa4608e393a5df088651be47d56893a4d895186ba4777fa1cfc836899e6c13d305b5a9e9dd368fbe38dd1693b050ea1022ab6efe3cbeb18cb6e176e383443fa06f92b72182230345c535e9a94619607fb142e1fcfb9d021b6ff3da8dd0aa845cb00e5e5dc83d7c839a9332cd6d0b920368a15bdb7a3f839023deca70ea3dfdda77b94c0bfedecc5f71936fc5fef0efdd32af328bb4ff4eb01d5bfe44238ba92b1daaf52383cd7e1b7f476f4b038d4f14d0f326f2ae8d3275dd57b82421238ea763e02f82c73ecc41666a775548f0e606b03948ac2c69650a184c34304b9eb8de380476632a72bdc428bf4d77b3f3edcce17118b34222f52eda456ddd8a683bdb82d241217d5cb252c2d7cdacb0c290bfeaf47fe524f0f6e9b8e2ebf2186fe3d54f996d51f9f9fbc46ae1848dd6333d01ec9077770c2809f11802e779ba24c90df4745b011fe943c980c177343f5e4b00e02ee790b458d241b1c850ed9ece99926df1b669290efd4c2675f96108962183d4cdccab9a37bbc93e163b35de114493ca6e0eb6ad9815f3d563b66aaad75f95e6f07ac877b8b45620432ac6d749caf83c93aa1223fd8d5889860c0d0b2f36e75c1d92965618982305e7e0a22c87b9a72f1156cc9d001faf9c52516fee1059ed4642e466961ca8baa79ad07f8e37d6fb7fd3ac334ea549d0d38c4b68e90697f37f336b899776e0fac781c522e995c0834bb5899888ecf1047cc9849c334d334f150ff199cabe0a027f85b9e68fe2d3f7b445c4cb5269610a7673995517fb1136d948f309b6116a7f59ef3bcfc257797669d56e1a4988e84707f99ecb3e62042f82109c1ea77319a8f226d75fd398694546f9128b36836168937000364622737227866d6ae0a8a0bd045d0f87cd1c6927398ea7a9d219e5e49654b9fb96c831674f396c4b755f24dcd55c5749beea77cf289e11fceb7afe898c09fc70e047b98c3b2e90a5bf2618fd4c6413ecb78f7be6e5ba7b6ac3d29c32c638b55dbdce9b22487aecd10c10a0438e56c33b9ddbead196824ee335527c2a5e1750cf607e1509aaa26f61228d65672cc1c06ef49231b5ae7456ef471592603236ccd8b028aaa17662b83815bb52de5c24eda5cfc1e4973f3492c8c886ff607ce6daf2e775e984310cf1f124c7638956aab3e4e3d0d9594b5fac2d8c63d5932e9756ffb3b0246ae78288b03d3eb7c28c65c729337a4d86f1d342196b59d5ec80bfd3882274484439c6de378c3d7d1a5b7f62289629f7c30b94d86754dc7d0bae88ead5cb0a1e55c7a0f5a3d1ec1afdf78dce74105fc625eb9a4a8c24b918a59e5c909697f9eb67ee103ec655cdccb041ecf78b4f79da277df187c9a4ac723f7335c52c72d90350b4b25605928f9bda58f17e936ef252658057318a79120485a734c17e02fd61d1c2114ac69bf9b89c7d78ee38193b6651ad44c4836ebfd5eefd38decb8e2b798dd3410abd07ef38985822e8e95069cfd9b2dd2f4538356aef20bd94dbb629bf2ada23ab28d57141a70b4d66693abe615967ed3030967e98470592139cfb8bd4588ca6d943a46d6ead14f3ca408574436020711b019d3e33248c00f20a6666b95286e36d1cc7755c55624aa6637af66c0c9a0e923090fd37e38df4d48a13a760d10c0eae9e78cf5bc6faea48bd3d4470882b35cb3f3cca2312f796490ce6248f484687b8e20f4e621adc65bc642f013f3251009b7559b736502052134dbdb2fc01adeb5c78625569769c82cd9238ec003cdf5c5c382f8864322f12fd055b9069a19efc92a6e99dfee9d20e7e80688abc9a7fd41e36418a8344a669f9ce7fc2b7a1703dfa83b977ad22531115864b0a126f384eabde9f94220ed10d7096a7fb9c18449fae3b65e878e945f3e932a7a0fb45ad1906e08b519b9fce6c1cc6d75fc80c0bc74e62cdfbd5b508c5f1183f2d3172ccd396205936dda0e3e1cc7a693015c9c2d8a930cce01c9f5979b6b1dc4afde89719ac35a3c6e5c93c3d4d9dd9548aad198bffc6f804768e9e41d9b86afcf0ac20b83c2af24e527a6e51da0c6d61af680ab3e6087de48cbf78cebf7c7723ab711b9891244bd53af2daaffdeed8775579093f3827a2d6c181df928ab977a575f7a68642b144ef51180f8758889c5731d7edd5003e143a865bbffd871d6511c6453bd978c76ff2438d466295167a53e2aabaaeaa63f40e3ac5219df5394859ea35a308079f202bb72058283d986f4e5ac7119e444e5e2b7e8b005f90df990a512c6f762a175d6a6e202e1761fc201982bd66e7dfa2da33ee0918aca425f24da16550d05aad12a3ead2ede7818f33a8ab14c3c7909e1f91df25c3ccdb2cd43909d896f22de17627df3d4cfe457cdb8b75d80c324281b6e57df11692a6785c3abde28a59cc9635804b8c10b1dec5443f457d5309fbd09860fb776e28926f70b0c1dfd925c57336a11908c07ac925e33076326488a56899a83a9d3d710368d54483ef879b6fd914eaba5f76b42cae50d88672064514bb8090a65bf2483495dd1cdf6d0da9144cf8474d8de2090a6d31f46a1cccf4cb7815d21d2ff2f2d6b417b98643ab5624041b2a6e6b2744dba2ec345b98110f7069f4999253a325ba66746f8b2a237dc663c6b26d9d9dfd64ec7ff2abe019022d03b54c44402e9c97da76ecb3f291751e112d5d789473026b23f8b9ff11a35b540424bfc63de4037ddc895607e3537f9620324190b02334637318705") ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000001280)={0x1000, "12620fd1dd6d112e11312cde352853c5d23697dd81446c9a9c8bc8a821b45545211ca1de285b21250e93a55176601df592a92fb9f967a94b87266825353307282772ca570d1291d5c10ce493f8f7166da7b1edccd6fe19d7b876257dd9b695891507c879b5184a72a32701709d31b14addc54a2078c74ea10e3a1823174f6b64ca1858190dd6585a55e19075d40c4e7cfe0d1af3b7d329f82e37dc6daecbc4e0da1fe4358623bf21e63b0c54945a1a1db0bbe56cda63768ff33abda9e5d1e2d9b250aca0e4637e7c981c99d05f8c99aa2c3b3122e69876ea13bd9121f6822aa32683bb37dd2ffa229aafa842fdbe02e56119bdd1ad42d1971a7bde45ba0cc910fb413fc8d699cb0c4826c7afe381f3f3c93125116a084380ac0b5fd01d16bade901596bcb8989a799f475cf3e7cee333be3a10db69d9a75d9e18749e6e69bc5ac24577734a97f1196d653dcaa32807d60d7e40820e6b9355f9ea2753ead70880970f36b178b426bf7381d97e829178a0a7015b0b6e0cee7b126031877f55a893d303bc552c95c5e1fd656e8234a8db72115c768b2171fda0e4ac6b2bf87de0268d359b6e3bf6cba3ae2cc82b1953c22f22a405f2bded43247331f3155ff91a3fa0fa18b639d13351213809421ebdb002695923cbe685304ec8509df6f1328cc8d7987dadbb4bd32b4c54fe44c8dd359ef0e0b27e7c97b10a19a14ef1dc23f83441088103ca60e5097381b84a6b94e5a9e64a093ff3959a5b2f19611c742783ddbd46d993dca9325ad28e1e35a7a65dea054254215ca9b3cf2fe08aa8ef4aad236a9b02a53be70fdf57001b99b87a6bf0a0fa76fe785f7d756b46a2dcbbb57b1a391c501def2099a48726c85c7b3e9ddbb72eedb8f6e44fc34a3c2afb33d7d79abc48e084668f32fd0eb7b1a8e79d4b3b3d03bdb6bcd6e04d07668ba3b63bd102e5dbb4849db246bfadc93f63220feb87d77b01716d55cd8319d4a9a1e1aeddd736ea1eba0b0760e74b74a191471044f704ea1a907e8872428b395b219189227b1bc17231a23ee0862f59c572033fae8ad6f28b3480e443016329c1ad0f8cbd10bed51638a13cb9974525f6e34cf740a8f026745c6741f0d943312b9e1c4d6d98f993ebeda372113378c8e9c1a90dd2af18ef68c02c5393451764b015b8d149846ec079325156cc4d7ed7238866f2300e3d286db0e80d7f295b3645d5a5828a6731e0c34c98446cc69b33f5855dafa9454c5e2dba2632a046b0e7f6e572351c2df14deba550915eef0ba72f11c9160b95d4cd244a5d0eedd01583562011a4f70d80b576074dadef4db245312eccbe11de81265ec2ef300840a9d41c2a3b2b9082970d2c7a2694144004f3532c335a4e84d991f58cc6f98372477dfb21e7efa417fbc1404725446970a8fabc8fca6cfc33d7914d93a2a0dfc5329b85bef0e3653cc07261c62a4b88f12d2b54da01d1bbdfb4c3c8d326e5612cc8393b56dd6636e1a208ddae2d9b9211114d73495bcc50d7f11d5fd173d3c0da8316bfdaf335d6a947959c240b007ee09a16a878f2ee703a65203ef6c90260e5efcdc800ab5e277117be2c3811cd16f3aa1480b16a8a2b71b23b20b7e232a09be0fd5069ace18c668c26f20a63588c73d4ce1c9e8bd0202170456f474f03608dd0954f1f5c763a7631d6725f326cee44d1301c0e9b7d959708f6b3ef66cb235b935521ede347d94afad1434de289d58f6671309868d90747b184c5235e75575f7d2fee86030af40bcdba165c1bf9f6922af925e3be322ae21bb877fc1d059171d6339d72cb9c6fe20f8b16eb46e85f8c8f72ffa8cddb6a3db7c2e3ce1cf8cfa1c6d7cc3688dea9f1c9d37dd3db86ccada06acb8367215d3acbbd995c36a0dd1d4a6c6f05d37d476b99644e02105459ef344988c21aa2c0ac9cd3ca1d084e01e2095bc3b704b0fe2e107b59e0338299a60be5b014f7eb0717978c1a937901a65a24d5b29dfed82225059d29c329f4651864c9bef9767e91a456f5e61f5df79ea4d784e3d570d5548fe1ea78c09d1b51df64f31db6118c85789e9f875b6db196497b1606c29126e5c678cc434b33d292bf8f89da7f9c8d8d25a9288b6a8083cf85765d56a3ce8407f9949c2916b4bc656306ac40b89c0fa0c8d8f105736b08c90c15801a3688b540aa9791bfc5aa0d5344b608626931dd7af0086d4e061b4e290861ac9c3ad35d5d024be43c0a623039d49419040090d7638383bf5f44cd5ef9142a9b8bb2720b3958fb0b04bea0a010851806fc3971cfb11ffde7f8f0a2f0198c8bba0779a580de801ffd9af56990402f0d5e35c489c08fb3f2d84e7fc594ae62e0473b8d7b2dcdaa20753b472e0b13b8a7981e0d694faf1442646f9c96e9cee92f23a4b22e4c28d83af219f11fdcd738ba80fdd6c3e00fb9af20e041c3fd0140ac2df3c91539fd9d36cad7982884a4405dfbc7704cbd9797029883267ed46e72bcdff2876028f3194b9c32efc20cf7a45493fbe273efa6773e04e4781a154a35f856cb9c2fd685d19f4b5137e0594d9b3d328fb5b31d4d48a14b812691ce69e799d8f546b10a2875c14cbb318ff1dd907a92440413dba50f8611079b80ba90b603839f080a85e3303d9a1b7b3dc4f0230d4f7f49e49ded5411730821c43211e7b9b579c8d6e1b2c1ab14d23ed9017da8fe8a62d55410bd964202ccb6ed38320707da94bea333b259866fac290691414fcdabcaa2aed9679868b9d171e70b295e24169df18bb1bb4978906680f1f0d90332b8e6be55eef9c5ac0510214021bee1937e370287c10f1f34090014c45ca40c265c42ebb51d519529515d509acfdec9150f99c6496fe29c352b5bac1ae4ecd23c7bd96906f1cd490e32bb8fe761b0cf2937686bb7c77e8861b6c481946bf4ae28160cdd29b54f247026a6bee976a2c8b144f420db98e4c515e597b5f9248df871735791d33e30d29d4db63bb45f7654edd13513891bd439abb027bb58e51d9662443c3c17ab4dbb22420d868406d006a4288607ff254885e6d138b32f1876c7ef1b1faaa550d1ba2ff91aed8d030ade549ac43633b213087a7f0d2ee7270cc7200bda259606b63619e5b3798800a56bea585e3caee73263a46c787211f891416521500fc13dd0b930708108700a7d64bd3a318b3e336f18c246fa79b28151cb40c943c1c2167501f88388c6a973bf845462e9bd1882c7710a64998c5bae878662341d0216f9842500a4c8f295e9cd1cf6e02d07b62eca083c2724db6bbf996b4f260e2c4cc7812ea842f8877f95aca0db1cdf2217265285ee47bfcf438eb700c479b541de7330e65e980b1589689649d863fbb8bac7587c6ed03d7948ab03cbe7e9b3a8022f92133d8f2941d0a21a16ed2ee16b139d7cec07737aeee0d2a10e3933dd39244c6dead067f8ca8198000fa0e561d0b5cec59307ea2aaadf6b938570999fd811d8c19a19821a8de877dd104ac013e5aa7937f4d03561f03e7924b3bb6aa243da9c3b43d6ad8e3ca523e04af7dee926f073fe7ccd02af5b0aeeb37bee1f10869cfbcab21b8efde8b1e48859a6d588e6f47470fb71a4ac8f58eac28c2f1e059896801a2f2adcd68198850cac9cff26a9b3d142fcb66724b9e36eec00d4dc9e82f6aff4760d4c4964fc29a02dea862895ed5ce6b537a957bde423a1d2fd1d08943f68bb7bd74c985a9f2157cd105d40feb1c00f6511b94426f9763ad3c4b1cd01aa881066ae2a5f24dbf97a2c0250556b7080b7f4ca0211bdadc551432cfa0c0a2062c1ed13ae326365829a53522e54b9d2081282cf671cf1ee0e917183f777350fe5a063e1be26df0956bf8056a6ac28f3e6126d4a413e7272060e405486fc2b90f8355936debce5f70f80c8db4171a268222121140e60bd551bead06516898f77c22e2e76e8f03c5e15cd0816b3564338af04443128bde40fbeaba96580fa1eecaaaa89e1251e358ffe56ade58e5bb37fc9e3bf9ca24fe87a29c671cded0fe8e6848a736d377095c460d2aa3b0668ddb665c8b7bd08c5fbe64ef5e0f72d48ebac635edf38c0700030a4a7f534e7db211607d9c6e070d8f30827a7b9012d6056f735e5100ad9acda0fc79231b3f2b9833075914d8dd205cbe37564ca53117ca232f1af6036c28a915259662d600c1c243173e8af35d37e76f11c825fcd086f322c03ee701bdb7ca55a845869d57eb032fc67620f331e376e8b0d21a66a094faf5786f950fd74820f158d1cfc6f35f20fc80de53ccdb1cc9cb7991db9fcb97b95eed60cf1890dd8e256552b8ab5c7e73f5d3d553519a092d0a7f29a3da1b68c671cfa491dc64cb6a65cedcef66a7966a598249e7bbf42155caeb3b1111788d13550bb0db96c2adff40b5a73bd4fb714ff5be50158761c937b8477dcc1ca4b8c04d98017e446baf077e06fa79bb580133c5f1d5ecf83e54fc8eaf331d714397f72a2313604a3b6f2707814d344b928d714283a329b782e939049fbc7670d5274af3324ec9e99d63702f484a24f507ba76afe19a7e60a8d806fb4f42b634a68a15b8cedeebffccd2d1d9749e993bd0e0621f33c69002a6001761b95581d1ba27f5bba0dce103993421367063924f6bf75bf300f7ac4520f3130d466d149f67c40137189faf8ea0014321e52ed70e750724e9e0059dc59a5ffc6f1e7c6af822dfcf625fea036f33f809c266673f0e44ede7f4e2e68945f04be28ad6b2d237d66a4f69ecd7dd5597b280d6b2f7b8d52882a3a5772dd21c8cde83410f62ad9d3d9478bc18a1377406659f291517ff374208fc5b4ddc5480d039f00358c190c1cb09f00e70aa73ff4a21bdfc641a017656fedff3b85f0d3a7f29f6c993f85a132c810bd99b3ad9fd3e8c457f01ba6036d75302b14fcdba9a75fd21d50ea659a7c986653cd5df8dfa77a8db0135cea604b268ab76266b3cf30d5c135443f03ebc01d65fd56d94c73dad73a103eadc60b0fd426b0d04b5a5be33f5e2688ccd08d357361a7b1df70b187dda084893a93325612a07186593930cc6876064ea1b2bb7857839f518c7174b7d64b594b4a519b2d335ff85e870dd4552bae0ca9470dddfa33fd3606487e6508e113d3b6c9679c5870766d0383094b872517e0a789e87847ce1e19106364662fa1b03e8a3c81e0a0ba18a5c817bf2c18d33600e42b8e20a90088abc0fefb8b94c3aafbed0482838582563724868566820afeca927752b89f37a43eba483f5dfd87e7aac60dfdd55946c86ca39a0b23bc676348cecddc704efa7a09ac2ce0216397d7b28df8861b1b8fd5c6712b2d7cc5f64278a34533fe9aca982ce9996b568522453a491884bc1498328d378974c4a26d67830c0615d35e848459d4bceaf4321a4153aa2b1b2109dddd60c158c67a3f074c5478b59ede9bf76e2c5e751936fdf9860e5038346fc97f7876dbba8d9cd4b94d66eea4676c3ead8e1a052c984767973e1512e36c049d70f32e46800cd1753a11e83a87135e189983e8f6fe7cf44b9c58353394f9d0c9b91cbc1a6a40bd0c2e68a12551eb040d9db13da3694db36c986f5d67571c736f8880d6d928935a9053ec57671b2700ea2a78f405a25cdfe1ab186af90e05a541ca71fcb0986a082be5bcf8a0f1e6d1afa0d289f7b7114c8a155af4994ec05190debf2fe77174ed2502980d3ea604a2cbba90bcd1186b221ee0d508b9445c986e87c9d4b1da6c1349248edf79cfbab6852556cb41e52948ad66c4589fb20982498faf9856b06591540538923d0fc598ba7030aabeba386df5cdb760b06315e90425afd093124449"}) ioctl$HIDIOCSFEATURE(r0, 0xc0404806, &(0x7f00000022c0)="2f7ccf4f272d67730fca8b14b4b07641645d5f6660887b86c6bec7e2e270a177fe17a40db63293ae15be9b22cdba6971b90a0942302e485dc2a2a6d7e55072274c596d498bdff7935787b4eb76ed19376c960fc5b13ea2de1aa418a5753517a66cbf861f578e9b3ca427a221ceb8807060977c770feee305f88bbff3e1864c735fe3826014fe99aadb23463522") r1 = syz_open_dev$hidraw(&(0x7f0000002380), 0x81, 0x40) ioctl$HIDIOCGRDESC(r1, 0x90044802, &(0x7f00000023c0)={0x9c5, "fd09b1cffe8611c1298a2422f2b442577fed2d1daa68800cfcfcd013c6841df1376a9a31cf55ed76a413fd4d91f9654c08e5b011af93257c22587cc3985bc436d1c9292bb7c58ac32ae0278f36a2d5eb37fd6437455ba6e361afb49d51986afe69ca6b51f978e3d20f398dbfbcb458c4eccfd4da93d69129880efac6be321b5054bb95c81968f2fe04797f545fd9fdd431719bfb693750c1ab5560dfe6687e5b662c41e3d0f2df0c5519f1a0c23428d627b3b1e0be755852e32bc7c6869c3c5df8a63a1d30b7fb1179d287999b05072b2903d54e8c612a342dd019f3498d7bf303397f5d2ebf54edb24f06901cfdeda0d20ac8127c49972026de253d05e905ee6a50c18f1e7d963d9bdef2d1ef62a8c03e8d5d9d2665a139c114b49d16f7579e3660994588a37686b23dc6420f761c87fa635056297046d44754b3cfd688b0769993fb0a0548e1e6cdb3363cf380cc3924f6ccc138f66c8f66f69bb84c08ba410d55dd3a40ff9f027ccf377d710372d611b2effa3072479e88945ee38afd9a810d9936993333899bacd19da95e14e281e2a9c0ce5a5778b796bee9b0fe1d943642273e535c1a9a65abb07a0fb0797bc3a471ec6faf1e450402e2486e6f125c563e9bc37b6cd22a08c925902525ecfcc4d87e6cf9e4129a6cb3f1d19f3ea9bc39bfd71894eaaf2ee49e9e8a24fd8bbeaa3c61fc220406a4a460d99c5ffd6589cc9866624fc668c0843a5e4bbb4dca9a4391496a66a8c3f2cc54424bb2570eba375c7b32843f483459b932754b1a8e0645823b5924057c85fdd2269ca9c4708b1b21a43e749d5e92185bd31bf96a773f949fba541149267150501eccbfbb2164ca43d5c6ca474ab7961a8b198e6c8f5f392f3b7388a3c10c9cff4de2fd028ff4aa41ace4be501ee9ecb185e1f0ddef4aa367bdaae52c58afacf328953605234bb44a0bd47793e51ba398be4e2052d409cb33a75f84ae02fefc155f4dcba81a78e48d10c2e5e892f0553d8fa20523c8d6482613765651fdfcb217c3eb4e57413d51806e478661d6119ee6324530783c7deeaa5bd382cb3a71da39fe7d708d7ce624d77d45cc15e312fabe51795e94263cb180494720c51fbba3b00124d2578a2793e9cc679a1da4d46c9edbdbe6b75f3ae33a32cabfe6697c612ad326bed995820a7f019888e45969374dd9b6b9a7b2105d25e9b7bbbd357fb9f7801121e26f66a9e5614a738fdf630d2e43f0bc2264e1a358a172ed30e98379aacf283085c32d969ac880fb2b1947bfd9c58ff2731e17ef0e91020e2e97f231406555b8798e65e43662c7b02e0d3e7d5f296488b7d25d70aa17cd0d6d0075829a34769a290c15172011e19f834e057bcb4cddbfce1bf18a967c0bf3582f3178ea9b732c03bd49e4e25caca98ada98a883b56d4a633ac21ffa403ca1deda8ea85dd0e2444e0c72c015e9ae2f9c65a01c8ab30e2dea083f8b96c3edf4eb5ae814dd06bfe971f07c7a4c43c4b3f2ef2784c840274abe534e001156c54badb711875d6f7a1a8f7498fabb53c6b46e144e1affb4f724499840be6c7b239c8e89fdc911e939b41e307ea8c387397e247dbaba17423c5eec7db3f8f34fc7f23681abb84f79f548cbdd9b3e1e8a26b23564423dab1f1b43be8c08b0d1f3ed8577b0171ae6766f5462ff3a39934c05a06dc1af4e055c5fbf30b822059f8a7410d79f5e8f9c2ce920a91b9ca14571e1155725968f0db3c2e32988464552949a856190ea04c8ae49df4ec3c632367b3a5c11421be2fecb8c501c4e60b1a18d42d90239878cd118eb726eafee0d2bcfb8d087fa7e2767abf0341957d7a667746d5d319b61b57bd77fb64862eccc9c59a8d587dbb025a47f0ce2b14839a28dc29a16b1efa23f47b48f7f8bfca5ce6e58dc2722bf55f7b9a3a0f3560d6343558ed691efe0ef88197d2484a030bd173cb1483880a183bb1b8b48cddb5be1fef20ba8fe9ddf216abc3b1493e814109dc45aeae5970bee4a932a5fada706c1d670e9490c1cb2c56c10d2def4d9419787b16a7cd1dfe1e864f49d2f1606735c5f224a07c2d5ed7aa6cf167d412f96620866e9fe03f03bad8cd28ce80b858bbef443b85e12feda9e405e35e348a7571ee10dd28fc59fa950c4c957a1bdfe65b2d4c3398969f304735c48538405de82329614693e70e741b6e6b535a1a344cc1f9924f8dc25d0fc7c185cde4619412f6ef8b74914f1ab37162d0259974dd139ed8349a74c0105b8549ac118ac0fa0fb2c1cff3a6c24f14a9725f4b4fef3b94d1ca00fabfabb02b167b3c79ce8ef00c8cd782c04be73f78ffc793c27ab0e8de0bb53da29a6339368b660c2db74b9bd57d52d41b6be9aeec564eaabe386d3e7371422f38aa6989ca8934bba0e44ef2140007d2a369db8216acdc52008f6278d19000303d5070b5adcabf94e2d514e46841c20e75cc82b408fa792e90b756abee28e55582edc34859cf3fc06c7d5b4e920c9dd7e696a947641174a607979a2d4b007f0d4fa580676b6c4363a38ab04bc389f4620c9daf62ba35378b8a713b4bd0188d1218879161045d052139e564abfe06d650a060e344b678b89cb1ec170a28874c18c52ce7681963bdedc4c38e511976b23fe84035e43219b53664d68c95d00accda941136e5e78d6683ee0276ca2a85a476fc77b81b580d9cf5eb8d00247d86e34ed9961f00e58457851bbdef37179ac58ac83ff2d0e448e5be0cfbe2602f7fa63f0dccc708a9004ab9e3a6211cf8c06837bd0b1c858f2a04def5a029afc8483560b00c88c9810f2e742458d96584a313cb54b0e87acde98c68496fa2da927820e2b8f5b660b61fa63cdfd9f5e7ece8053b04214734073e6862765747cbaaaf73ac6c87686463cad281d3e6e52e36c38b95a51cc37e85f1bb8d3694fb2771998c291288cafe3a649228f36e9424a2009efbb1f8c6951bdd2a2dffbaadbd67ed5b11e68180d0feaa7eabfae6669c8c16982941c176d1fd25a05367d09374bc46b2f5d88eef763b67de3a6ea53474c9097c036e8b2faaf145e8c9ee0836b38c2417e404ced4c7e319835ada5d11131b5d1267d028b0c27248647d1e809b02d5efdf6fff98404e663df50738dde5e212e13fa9d5c01beba21b6f8609d2e1c5eeb2c152e758bb47ac0a567e9d74a0263c9fdb05aca73bf1c95892e0fee541a77149d0c665b7ea1f0633e5ba1f950b8857e55c4c4ea2a492b6f4ba54754d1869692f073dd56dbb01cd3bfa0956b5596bdba272170648197f11301ce301366fb6ce4703b8e625c2614935869e525b79536933a801e5a54cc3f8b38332e05a0a725d976611d9754110644b9d86ab4af93fc9f5b541a88fc8f4e2635086438503b1acfb13e7dec238e23e308943ee282c670eb0b8cf9377e199ab62f368bba9f1049d462b949b0fec3407f67712bf52a434ca6274b844e8038b30abb64546f15749aa6775d784b780da3630362930ace1a479982fb7a0357c72581b6459edc563c5fcdfcbd3cb0ca5f36918af5d98809d0c4b9339cdda9f74134"}) ioctl$HIDIOCGRDESC(r0, 0x90044802, &(0x7f0000002dc0)={0x636, "eb4abbba8117620ddaeaede1c694236c4a8f65888de67fbf1f2a601f52b07fe145a0915ab4da301beae0aa65a1139c166c448f1f33a3bc20aefb9706511b4111332138f119a8e3fb4414bdaabf469d2025879ce90904ad59dd00e05261bdb9a1651079c05f2e3aee0631cd631f76a52c26a4310b9585eccbe03edf31693ef4d9221c900f43cbfc4f5247d28b34a852890c8f49240bed3f9cdcfe8d94f9e009ad9cb485e762c0e4d9bf6c74fcea3153c31dd9d51a4f811222476dd6d001c1225745b49d5c8f225bf47a12bbd8dd3503290b7a90b898dffd6839e09d421adfb3c8df8368fbbb7ea2655c30f124a2cdf78e32a5efab7a74951d29d55df44293053873e8caf57572cd883ca9f1cb0b47acf77bedd5c8e2a59ea9dfc3f39d0e24911a6c4314696ef0c5d032ac09be4180c37a7fa2a24f14d690287c870ec6c48d3fb244e1d04399f349230986459a691a19f26cfd95f80daf32120a3268d721d3e3a98780053eda6c4308fbd75099d8df127d664f3bc3ecce7ae0355a0254f9b267190a7d80e22768448d604c9376ef2466154a869d280057cdca7f66aecef718188e186eeb70399e46a88202b622cb8d1a8acbf7085126edf81708c40d1c22c3a7b5e0b52ee720943bea8dfc1d6acda01d7672ceb12caab6586359b263f7f2ade741a6f79d1edc7be792a61b6263b205ea40c11602829571aed9f016cf026d7630b1d8e3a4b2ecfadc07491e00a040e9ba51bdc26903a87f2e31ddabbf6565b2be0a6fc665e26c45a9003de9910ee5a7a68c94709adb8ef0a70a6e0f03461e0e7c81b6306d0185a56185020491df8b7dc0db90edd91178ed824e43c360d7753b18043c28b816106fbc0cfcf7142e6b453f2d39ec0993255a2b63335cf6a24a57c1581ef8aaf09d1ce964c0dfc0a46796c8d35d999cb386e489f388f853e491303699378378b7d0e45212de3c106d1494393d15b558f475e7f824a8625517df842f809a45b8687f60dcff48d6272c93c8f0ce5a12c0c36c0c5f1c286c2d87a8c17a3f9202def4f7a605aaab2b3e979f4536f4d0f01ca90c1b18c49133af5b43bcb287f447fe6542794b6d456413ba33c13a4e8aaefdf433fe1c23741fef0161634100065a1ef9260474a84398849c9b69dcc984ff7ffdc269ade2e0da2cabee99708610fd6b565a3155043b6033a613159daf27a5dce7751bc38a5a5ff8d37291b634c45be34f844576bff7348f6b1e213293f112f09abcae199cd0f0952353fc60ab704d567784ea2a5e103c1a37230ed241fac048bec62e4566ebcfa68431a7490cb52ddd35a7cf089379ce92bdffaa22a297cc7b866602f75c4447143240f83ec0be1bf33361b9f0f4fbf8fc2df7f20195cfd608a436f94112594b2a21defbe1fb4bdaf5e82bb19ac068bbe31dac0ed7c5c6302bde4cc571851059fa35b0b7d34f63bb60564753c49ac647567ae95e467d7efd9824533b9153315380367ddb761b03b8951d886ee9a9209289bda17fd9b3cfb886c9af7e67cd5ba78f764a82aa82c1221e5c79a9fc54fd433edeb0d8d9329d138000c7080a451b0b62a11d44c67592cb58c8e152220ca95aff39bc2de273f72d5e8ccfb276536bb799f51edc2ba25a57f55ddf65ae568561ff7bcbfa89f41b0b29e5682bf5996d138239469f8f897167c2ce6427b4476a7caf3102f283dafa8e3e55222a1d4b56d9a507f817af5fca4fe38cf6230ff45459768078802577acc7af198d8c1c2350f29b4685b94a208e79c6a6c0205e01f219ef92b8a6ce3e94e78d7bccb5a422b8bca0754de2a80e483ee8fbc39ed74fc121c60fcae9f5e904bcb0d63d40786dfc1b5f36fe18dee1c3366518852f3ada29588013fe6eaad02dc37c022ae78a12164e19327e1cbf6cb6adad7e6fb52812f9993e2ebc81777b73ddcb2b77916e8d87ad9e829b635fcd799b79c37a127550aa2ec596625792512390c08bc7fe76962b985c619cfe2ee9cd16268490435abaebef54355efaa6b0a2d954b7c78d478f30b20ced143c809af287618316bd2f30f9a0ba964ee44fb72e4d4f37e928b20fa6625021c2b8274735ddddc39b98e9157fe645c4292baaa071bbe9a03a0fbfdfe4ea7cc97dd82c96c4023f3303b8eb2c606b2abe5457fa44e0d6388dd5068649d1989e213901b3846c721d354ad5481ef14a7a9f2070853fdbc4c44ffebafb1c97d654070709a9b304f7ef118f2d357466f948572800aeaeb7cbda9c12c6"}) r2 = syz_open_dev$hiddev(&(0x7f0000003400), 0x72, 0x2a000) ioctl$HIDIOCSREPORT(r2, 0x400c4808, &(0x7f0000003440)={0x2, 0x2, 0x6}) r3 = syz_open_dev$hidraw(&(0x7f0000003480), 0x80000000, 0x0) ioctl$HIDIOCSFEATURE(r3, 0xc0404806, &(0x7f00000034c0)="66a7a42a654272d972960ab9ae48fab0a89628b555fee075b1fda154dfd603f811b5617a669eb7097d67d2c035ce61c3e145d26e91bdc6ed6e1dae7288298c21034a3b5c42d7db155ae2838716308a0b345b6aa69b0d4fa52b1e75936aac7511eb54cc19db63a155cd04f76618c905e9664540e46547c306cd48a2eee7a75ef8515840e3a4715ee4e06caba2a49db5894df0c681caa114bcdbad13aac8405f68209ef7975272b6cfcf508fbf50ba720dae50750d56cc872d80567ab3107d9eab5185670140cd1072203c287d729bbc70c834ae15e53205dd1efedd399d785d59e760b06e6fb8a8e9642ac485dc4f981b31fc5b33039ad8dc78d496e7aa7153f7a92850351426a0bec3a414302b45fc39e68fff243e63b11caaa05a86bcd83085c3bfe442e7d41aa0e167ab4ed24f8b2c0b0b4fa0a8221f2f84f0459decad60cf5169f271f02c2125bbe8b92735033c0172ad7900f3a42f6d667e724313dd2f00a260f3c608370b7d8ff9349c18fbf0d0cbd644204e3a5e47056fde4c1edf564d7996f74dd1798344a1bfcf0471fe648e294bf9fa7af356ad9b0fbafbda8ec56799f45316a28d593b04108bf16e63d8497ea0853c5b7b9d616f400c795f8bca32ec933af1d7d3a5b3c44559b9e7143589d8b1f191bf95250bb70112600b47a243ba9acc4d371f33b9628b71fb6ee84ea577d9ab2a0d8f282e2840ef89d4da0a9337c8d2af3a0ba3828f7dcc86f8399e886c0f22988d3c274e6c7a70efcc3e0c3ece0be37a834d431a1255c2062e709dd87891b94f08282afc267e4937471630c66577ff1e8f8fb2ef09bac479b06cea8c0427471af9d10e020387fb79f4340fa2a816d8de43657da1037137208c0d8ed796cb1549c4e9acbc7b304d13721bf302862d51aabf0643dcaed730141b7fa338934c05880b9767f2624f32572dfd2067d864a83bd15508b08f1e96d02b6499f9c2039bee23f232855979a4f59ee375c49d4bba60a0fdd06b6667a72442657430782d779f399bda72fb67334161450d87e1189595031e79057763a4b7fdc0d1f034811b97ee4bdb0f667536393bcd516e446e70fd9cc45ef87eb700404446e8b9e3acd6297bc23823d90a31dd0397e5f00ed31162669daf488a94f8e38a89afd5727d21c9ac892b6219f08e607f8cc9843929ff2808b1118e27ea032587e03161c2c1aa03b8686b2bc4a0a26eea036393b4545d5b41998fd1a617b726bff06ef531a83b1742f58228425df7f3f9bc9251967a0dfc1ddf898e24267f1f63fe48fe0dd5cdfacdde35c7ccf3741dc27b4ef5a186bdf6b52cbd23da1b77685a6aff921551659be001c36f2e0161a9ae5a653b59b6caa3262e6fc27e8e15bcf18fb3409be26b089aff44d6da45b4c50499b3edc7707b4918bce07c32ca6ba540c5d436d2db120f8959cb1514315e7f45c3276be48797be244786df20f267a49c1317cf0fc9abcc793a26ce388a315fcb0f79d54c1d9eaefd2175fd6933c418f13920bda10064d1f78ba9664a9df5032a2dcd696f3fca58e8e0428eed8aebfc49cd31405de4530db731df3acf1774d7009274682a9570e50e5beafba890269ba8898ccfa3d6edea9769e7fc4b17068464cb2e3d011523be648510947d0564266396950be34fca152447dcaf0c6d5ec73693c4ae760df45c897fce3f82916c2589ac07521ce8a1b7c7c32ec0aad6956b9d690ca8a9ed30a9015ea3c7e16522eeb73c32fb076fff8f8cd2ebebf3cca188d8e491396dec8c2b0fdedbf3ad0b59cf44a8d14639cdf987e180ae42cb642299a3602dac9b7b16e465920a5b33ab0289e4dfbce96e7f76bbb057cde059c5e8058712d8b41ac92a4cc94aa68d35e0af73c5403ff103c4bdd74ad89371649d74255efec002d5379568ef719121c9ef54f3c3fc1d01eb8bd6b8a3c4f0a90423c426ca9b3c76afcee2f0d216295ef2cf58b81de94b581400bfeca7477fc406da6d2a328d799ba2b439538846b2729044fa910d13a0a1bb22decf4890e829850b66e3b32d1bce34e378d3c736d604990f92e6a767f5876f2110acc4f5aa92e024005728ec40bca67943e3515794d5d862fc545b0c5f3e51e504729e8486e524d9591baa4a8ec876146b1d6e15610f1272eb058621e39f0e3be65a0945a5a8e722281c4a939d73cdf7c3aeb39ea4895e42cd7d03a2f342fe0117f6e52802385c9555b0e4491b16a039229ce920194c6e6e82d9943b52739786d2c54b0e2081d2e9a5b40d782d07617e0ed6932a54c53ccf42b5eb323493dde7461fc2ba86a653276e9ab6ea6701898249fa002aa3109b6bc7613ae16a4b3f5a9a5c2bf9e462e9232f23c797be9876b2afbd0d1d45e9f7cbf35e63534b1b9b078530df31acfc0f864725bedb7d10e0857bc6af8a1ed6b47008afb0e46d78b388f03004a670a61c0ee693781bcf1f1ddf061f08aff1532307bfa8e0b5bce3939464db4c3953e0ecdee6611f8a4a605374a369f8ae1903ea89ffbdb140567118412a90644bc46d7c713922984bcf5aac039870d9d885273a5347b1c852e5b95b6eaf8b71e25f4e60f3ae6ae60f4b9d302eaa185488efe39e7f830ced17452286a0c8ae6fd50c0c1810f75bbd2674c06023b2e1a32701ce8c2cb8ea5cdfbf67d45b05ef56426d1f2a5e69e51619dfd00ef4cbabb1cc15ba5155b1527973d4d681003dfa51ce0afcd683714f731296851469a764a7d18619439997f4630788c15c338af995a08ea9866bf1525d24552052317074a2705376eb64790a21dcdd689bb63e1f8aa03322f97896d34aec5b1d479678c3462e04627574c7047dc473e41fddcbae678873f72e9031f2365a505f97cce7ec22ffabe424e670f475c02b05833144ecfae1d89e0f506cb2eacc0f8a549114f1c63b4f5e7c0f57e1898dd33e7bbdb05d66846b654c3aab709e080e8c339f5100e306b838b05c470977464d9d8235a1499cdb6d14bcf79a2e577be0bc37f2bd36c4d0e41e7f04157e7ca1c583fc477ebb2748cfe8f0b448037df9528c5f9809b98efacccb62f8dc6c88095cddd125ebb1d4b3047250a706959c958a750fa49d271a6a1a796b585c058ac5862d0ce72ef272c8525803e84da46c910eea406a091e23e966ca79c821dc8592b733089950322f2817a69d5aff2ff589dd66ebe5b03f492eb1cf8ec1d9d1b5b5389a78e2f3a3bc2a90ee86a5978f9c3b5ce997ce9ad8cbac726ac321ef95458276eb671cfdc71ecffcbb6a6b0b2fcff3d10b8afef8f47619b78c0e18001d975845c21245c1199837e16b6c63a3d0fd59acf11e82ddb90c57d88e6d0be38c255beba120987a9e3a36e6a51697be6794c1a6a012269e99f7b5de579dbcb44c6eadedf8fd61822282883e608fb826aec94bfb718694b85794ac6f0a3c3866105563b3aefb0e237a9cee492cbf1062c37bd3a78c0c7b3e4039c397a2f1d3b4f3ade1b71015d8520dfc2677328a62b31a2bfe86e751bec9d21a7496de85bbd3aa832cf8e345465a606191099129e2ae37f66462c528d44501fe44e269fb4eac79a3ca605f6729df010d542b8752ff104ce44c3b4c041f469a744243d3871d99fb9624fdb91d22c82f795956f8d6b4734db99ba2c91cd7919f387145e820e4762d0bac5c6cc1c91d8394aa3bb004a5eb4b0af2758d598b0907479d9a57df33682095713ecccee9304441804f061f9efe1ae675ba836d08849c9ee61b0a8c878b3428bfc629d25612997acf53eea8096f9f197d38428a1153495dd1e6bb6fe79aaf3c9d89772f36f11edc0012bb44e7a8051964f0e74d4d0f06805526fa89071ada09c9712ac1adc4db1ba6d7539a8b020b6e8d9dee02d20f16dde145f6369fe02fbcf082822fcf7af01aea5c8793cdbf51a3d6b8577b4f00e95b2e5d6b89054f3641524234eb138519b503b7321001e4490e2d3f70030451fa6c27ce96dfaf049b126a7a48333312b962c79b46bcd4c1068ca50f3d242640eb18e024d0c1f791f8df70cfab626c0ac0c74f17e2421f146cb7e9134851720867b24579ca72dd76a101428ded6f4c2ec531d88b20fc77c2045bf15bd59b68c2fbf1b4eb12280e34449c5c61229f6bd0a36b9aa1857597b65a27f9cb5128ca4a89b2315b6206a82707f75f404b884b2beb813e3d531e12b89808e98fa7f90ceffe76b48e7fc72873ce600505117fc8ec493d67fa3d91486fae9baf6a83506047bc91fafe74104fd871b95c869a5085f5919f1b41d4af5c4eaa7ab7620917e7270f9d8af499c0fade14b55784b4669fca9dd7a45a1c7cecc8ca0ae8de4eaf2953bedc4ca6a906c4f5912ac53d544856114e21e35a58f993ca309a9852cc07fc052c2df9a62102907e4532858855837e86a17d22714eb2702f875d4236f77fa86e0905aab81330ef98b73617487a71317416bbddccccc983295aed3c8f920db5e6a30875ac123d9673592958ab78f763983c5547acc2c79b5beddf3f267efa310a0814b182c26aecc5c10783668d1b454dde33ede25f07f2f431f96dec9ad6915272881b951d8787334d0946b55d912a50317fc5bbad1ec6435a431b88731a04658a30587186c41c7c976e62d93cd963f9c28ce5e8a67e7feef1eff19e10aca3cf526286d6b1bb490c8a48042f91400906030faf46398068fff778a53ed20175a64bf2fd9ee42496c6d2947c12a0fb74056f65b4a0403409d0631ec7b44027576def2f66d990f8d9c286211c1b819b81ed201689813aeec2e1221bebdd04a58468e1cfda8dfb5401a770d99f76220a05c1240cbdddc9151438a7e476874c7fc32be03e8a73ac7bce1e3bc56785c3c61f6e496ba4bc69e7fe9c00ff3996cf9e374fb11c79176eb958943b5eaeea88eb05f1d1582c93c4e17e587cab1acbb8ff24adff24adb8553d7d93f573875b5be60557844b143b91944a8c8e3f641c51c6542541e56ad8e3bc520adfb7a53e28deeaa7d124d2dee61e7b77a39139b3010624ecabf3e847ef4fa586e6502f3c275bd78f5090a0d9f5c473e11573d7ac289d2f087cb89e2e0d61f43660fc7eb6be9aedbfe4b2ed3a2f2d93456182feff6301433196696328b08f0d7a89c0a46204c51ce90c0b713a88ed46843d3e83253368c3918aaa0a224134cdd79779a09f43a36f213f862af70ae71dccb259b8ed264c5ec39e71b266e38e0aa5626d22cbd0a291114cc498e26c3f45feb8d417338cc0cb4b9b4311c5bff96543cf85888f1a4e25d9cdd38ec8cadfe9e0f17d94a66a31590ef77c113fc3b37a358e94f3953de9733a69ddf07981d866d88132021a6810cda95ff9f726782808a3b5e7eadd14b55e907b89922c9f7f183fe91fdd233859e8f3bc82a79448d2e43d7e27f7c6ce4754031f99d6474fe243d680533cca13b8ae4a186b26bd607df7c1eb5c29343e52ee618741734b4cd3a54f7a7b85f1d1c2ff77ef3c2373ff4ca92bb3c35b3ad9c6fa05bd7b520aa7307efe697a5fb40fa8956f4b92e222f6d2fad0cc426d15653c6ec7a039f044a3aa34c5503cb872a1b94aba133c250f1ba1adef612e6c59e99a51cd295211f29bec5e6ec42a2163f2280f8141b29d29da4602cc20d5f099cf0eadec6225c44bb481db885fbb638c349eb607a8a761891ccc8659b991f3b6b16ff27e1ab459da55d8ec211a041c3f1400155478f3519df54ff7a29de9b7c5e0887f171404b5600d77c408a3ef7dba7b4c0510adf5a101e6f814539d9809660e3d4aba4be8156c76c72b60e898f3b0c5f3f45427cd512c85cc76394a08ae97b0190f33952ca7b852aa09860050787afb") ioctl$HIDIOCGRAWNAME(r3, 0x80404804, &(0x7f00000044c0)) ioctl$HIDIOCGFEATURE(r1, 0xc0404807, &(0x7f0000004500)={0x3f, "ec775d41fdb2a6f9a5c3415a4cb7644e99b78610e738e500ec6cd7e76ab40f43a3ee95b29545eb803e68fea698e194c2cef3770c8e792e6d0077553cafe60f71"}) ioctl$HIDIOCSFEATURE(r3, 0xc0404806, &(0x7f0000004580)="c282a867e72e688d26290f111c8cb2ed261620ca3f0aa4fb2301939f37966d48058081587202ff5ba730a3bff68ed39e6b71399938b3727e1a030f3391efcd1a3c68607e4e8e3dcfece2a612611911d5bedc3b4eb076b51c4486acd41b5a26c9755a73bb948e2b7e9809a125d2e33cbd6ce0d0d806d0323f749768") syz_usb_connect$uac1(0x2, 0xcc, &(0x7f0000004640)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xba, 0x3, 0x1, 0x0, 0x40, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x8, 0x6}, [@mixer_unit={0x7, 0x24, 0x4, 0x2, 0x5, "63ca"}, @input_terminal={0xc, 0x24, 0x2, 0x5, 0x206, 0x6, 0x9, 0xb8, 0x40, 0x7}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x40, 0x4, 0x3, 0x5, 'w'}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0xf7, 0x2, 0x5, 0x7, "b90c", "661f"}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x96a, 0x5, 0x6, '\'S'}, @as_header={0x7, 0x24, 0x1, 0x3, 0x3, 0x2}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x6, 0xeb57, 0x80, "d9386729"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x1f, 0x0, 0x0, {0x7, 0x25, 0x1, 0x1, 0x1f, 0x3f}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x1f, 0x2, 0x89, 0x6c}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x4, 0x3, 0x49, "2214e3"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x3, 0x7, 0x9, {0x7, 0x25, 0x1, 0x81, 0x0, 0xd0}}}}}}}]}}, &(0x7f0000004900)={0xa, &(0x7f0000004740)={0xa, 0x6, 0x201, 0xbd, 0x1, 0xb, 0x10, 0x2}, 0x12a, &(0x7f0000004780)={0x5, 0xf, 0x12a, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0x9, "d986578491490877a3317f8bdaa9cbd3"}, @generic={0xf6, 0x10, 0x2, "94ef2694813c14ea5ec3425d90aefdab06d6c9d2260eb40602dd51d0cf1e11128089507ff16b2fa48924f2ff4ea8fd1aab99e856f5b537a218b03712d19fdd0416deecff181bd53310cca1dd305ba1558efefee94411a7b72641927871ac04f8fd6799ae7443effd3d5748d45339f11c2d84ae4aff084e0da5c7bcd589f044aea022e3ba7b93aa583642d0bd28c2cc7c099affb266f71d41e765015e849143ba627eca92a6be1f54cf19bf56c61dd4171d71172ee2548b18de0121b3327974d4c0bbfa4a2fca31e780eb787ca9a8a84d3991cf72061b3cfa1c38ee9192e11d7fcde453edb557f5a5f3e99b9c7a4d8ca1129df6"}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x2, 0xc, 0x3f}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xb, 0x3, 0xfff}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x5, 0x9, 0x3ff}]}, 0x1, [{0x25, &(0x7f00000048c0)=@string={0x25, 0x3, "c7e8ea84d2bc563bcc06fdd07e9341dd75ffd6f3c6f668ac73d451f55113f01198265e"}}]}) 21:15:02 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2470.506461][T25969] loop4: detected capacity change from 0 to 253983 [ 2470.671610][T25969] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2470.679711][T25969] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2470.811373][T25969] F2FS-fs (loop4): invalid crc_offset: 0 21:15:03 executing program 3: syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0xa0000) [ 2470.916387][T25969] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2470.923102][T25969] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 2471.010822][T25964] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2471.021553][T25964] CPU: 1 PID: 25964 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2471.033304][T25964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2471.043499][T25964] Call Trace: [ 2471.046879][T25964] [ 2471.049891][T25964] dump_stack_lvl+0x200/0x28c [ 2471.054776][T25964] dump_stack+0x29/0x2c [ 2471.059119][T25964] dump_header+0x1e5/0xae0 [ 2471.063776][T25964] oom_kill_process+0x3a7/0xba0 [ 2471.068832][T25964] out_of_memory+0x111c/0x1570 [ 2471.073789][T25964] ? slab_debugfs_show+0xa40/0xaa0 [ 2471.079141][T25964] mem_cgroup_out_of_memory+0x46b/0x590 [ 2471.084960][T25964] mem_cgroup_oom+0xa3d/0xd30 [ 2471.089837][T25964] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2471.095050][T25964] try_charge_memcg+0x18b0/0x2110 [ 2471.100271][T25964] ? kmsan_get_metadata+0x33/0x220 [ 2471.105628][T25964] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2471.111645][T25964] charge_memcg+0x1a9/0x6b0 [ 2471.116347][T25964] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2471.122099][T25964] __mem_cgroup_charge+0xb9/0x2e0 [ 2471.127340][T25964] wp_page_copy+0x719/0x4310 [ 2471.132118][T25964] ? kmsan_get_metadata+0x33/0x220 [ 2471.137431][T25964] ? kmsan_get_metadata+0x33/0x220 [ 2471.142758][T25964] ? preempt_count_sub+0xfc/0x340 [ 2471.148022][T25964] do_wp_page+0xc81/0x29c0 [ 2471.152638][T25964] handle_mm_fault+0x43e1/0x47a0 [ 2471.157739][T25964] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2471.163894][T25964] do_user_addr_fault+0x11f5/0x1e50 [ 2471.169306][T25964] exc_page_fault+0x60/0x140 [ 2471.174076][T25964] ? asm_exc_page_fault+0x8/0x30 [ 2471.179190][T25964] asm_exc_page_fault+0x1e/0x30 [ 2471.184196][T25964] RIP: 0023:0xf6e1f418 [ 2471.188387][T25964] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2471.208150][T25964] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2471.214357][T25964] RAX: 00000000f6f50000 RBX: 000000006f9299b2 RCX: 00000000000019b2 [ 2471.222450][T25964] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863c4b4a [ 2471.230535][T25964] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2471.238648][T25964] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2471.246741][T25964] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2471.254891][T25964] [ 2471.260747][T25964] memory: usage 307200kB, limit 307200kB, failcnt 12313 [ 2471.268802][T25964] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2471.275929][T25964] Memory cgroup stats for /syz1: [ 2471.277315][T25964] anon 131072 [ 2471.277315][T25964] file 313262080 [ 2471.277315][T25964] kernel 1179648 [ 2471.277315][T25964] kernel_stack 32768 [ 2471.277315][T25964] pagetables 69632 [ 2471.277315][T25964] percpu 0 [ 2471.277315][T25964] sock 0 [ 2471.277315][T25964] vmalloc 0 [ 2471.277315][T25964] shmem 313262080 [ 2471.277315][T25964] file_mapped 40960 [ 2471.277315][T25964] file_dirty 0 [ 2471.277315][T25964] file_writeback 0 [ 2471.277315][T25964] swapcached 0 [ 2471.277315][T25964] anon_thp 0 [ 2471.277315][T25964] file_thp 0 [ 2471.277315][T25964] shmem_thp 0 [ 2471.277315][T25964] inactive_anon 311906304 [ 2471.277315][T25964] active_anon 1486848 [ 2471.277315][T25964] inactive_file 0 [ 2471.277315][T25964] active_file 0 [ 2471.277315][T25964] unevictable 0 [ 2471.277315][T25964] slab_reclaimable 786784 [ 2471.277315][T25964] slab_unreclaimable 272160 [ 2471.277315][T25964] slab 1058944 [ 2471.277315][T25964] workingset_refault_anon 0 [ 2471.277315][T25964] workingset_refault_file 0 [ 2471.373700][T25964] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25964,uid=0 [ 2471.389823][T25964] Memory cgroup out of memory: Killed process 25964 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:03 executing program 5: socketpair(0x18, 0x0, 0x0, &(0x7f0000000100)) 21:15:03 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/14, 0xe, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:03 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x10, r0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[], 0x0) [ 2471.819682][T25981] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:04 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2472.072491][T15156] usb 3-1: new full-speed USB device number 72 using dummy_hcd 21:15:04 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 21:15:04 executing program 5: syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}}}}}]}}, 0x0) syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}}}}}]}}, 0x0) [ 2472.472732][T15156] usb 3-1: not running at top speed; connect to a high speed hub [ 2472.553076][T15156] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 2472.566473][T15156] usb 3-1: config 1 has no interface number 1 [ 2472.572912][T15156] usb 3-1: too many endpoints for config 1 interface 2 altsetting 5: 99, using maximum allowed: 30 [ 2472.583922][T15156] usb 3-1: config 1 interface 2 altsetting 5 endpoint 0x1 has an invalid bInterval 31, changing to 4 [ 2472.595174][T15156] usb 3-1: config 1 interface 2 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 99 [ 2472.600079][T25991] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2472.608354][T15156] usb 3-1: config 1 interface 2 has no altsetting 2 [ 2472.615057][T25992] loop4: detected capacity change from 0 to 253983 [ 2472.700617][T25992] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2472.708971][T25992] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2472.793106][T15156] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2472.802775][T15156] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2472.808040][T25992] F2FS-fs (loop4): invalid crc_offset: 0 [ 2472.810928][T15156] usb 3-1: Product: syz [ 2472.811027][T15156] usb 3-1: Manufacturer: syz [ 2472.811122][T15156] usb 3-1: SerialNumber: syz 21:15:05 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2472.896531][T25992] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2472.903761][T25992] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:05 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setscheduler(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x800) 21:15:05 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/21, 0x15, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2473.270789][T15156] usb 3-1: USB disconnect, device number 72 [ 2473.492271][T23251] udevd[23251]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 2473.626766][T26005] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2473.673873][T25740] usb 6-1: new high-speed USB device number 70 using dummy_hcd 21:15:06 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000000c0)) 21:15:06 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2473.856615][T25990] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2473.868771][T25990] CPU: 1 PID: 25990 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2473.880522][T25990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2473.890709][T25990] Call Trace: [ 2473.894078][T25990] [ 2473.897087][T25990] dump_stack_lvl+0x200/0x28c [ 2473.901949][T25990] dump_stack+0x29/0x2c [ 2473.906252][T25990] dump_header+0x1e5/0xae0 [ 2473.910873][T25990] oom_kill_process+0x3a7/0xba0 [ 2473.915930][T25990] out_of_memory+0x111c/0x1570 [ 2473.920875][T25990] ? slab_debugfs_show+0xa40/0xaa0 [ 2473.926191][T25990] mem_cgroup_out_of_memory+0x46b/0x590 [ 2473.931975][T25990] mem_cgroup_oom+0xa3d/0xd30 [ 2473.936844][T25990] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2473.942074][T25990] try_charge_memcg+0x18b0/0x2110 [ 2473.947298][T25990] ? kmsan_get_metadata+0x33/0x220 [ 2473.952659][T25990] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2473.958688][T25990] charge_memcg+0x1a9/0x6b0 [ 2473.963421][T25990] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2473.969177][T25990] __mem_cgroup_charge+0xb9/0x2e0 [ 2473.974424][T25990] wp_page_copy+0x719/0x4310 [ 2473.979210][T25990] ? kmsan_get_metadata+0x33/0x220 [ 2473.984532][T25990] ? kmsan_get_metadata+0x33/0x220 [ 2473.989847][T25990] ? preempt_count_sub+0xfc/0x340 [ 2473.995053][T25990] do_wp_page+0xc81/0x29c0 [ 2473.999664][T25990] handle_mm_fault+0x43e1/0x47a0 [ 2474.004779][T25990] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2474.009971][T25990] ? kmsan_get_metadata+0x33/0x220 [ 2474.015349][T25990] do_user_addr_fault+0x11f5/0x1e50 [ 2474.020770][T25990] exc_page_fault+0x60/0x140 [ 2474.025546][T25990] ? asm_exc_page_fault+0x8/0x30 [ 2474.030654][T25990] asm_exc_page_fault+0x1e/0x30 [ 2474.035666][T25990] RIP: 0023:0xf6e1f418 [ 2474.039868][T25990] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2474.059633][T25990] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2474.065852][T25990] RAX: 00000000f6f50000 RBX: 0000000018068083 RCX: 0000000000000083 [ 2474.073950][T25990] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000823550af [ 2474.082049][T25990] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2474.090168][T25990] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2474.098292][T25990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2474.106415][T25990] [ 2474.109880][T25990] memory: usage 307200kB, limit 307200kB, failcnt 12380 [ 2474.117092][T25990] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2474.124224][T25990] Memory cgroup stats for /syz1: [ 2474.125653][T25990] anon 122880 [ 2474.125653][T25990] file 313262080 [ 2474.125653][T25990] kernel 1187840 [ 2474.125653][T25990] kernel_stack 49152 [ 2474.125653][T25990] pagetables 69632 [ 2474.125653][T25990] percpu 0 [ 2474.125653][T25990] sock 0 [ 2474.125653][T25990] vmalloc 0 [ 2474.125653][T25990] shmem 313262080 [ 2474.125653][T25990] file_mapped 40960 [ 2474.125653][T25990] file_dirty 0 [ 2474.125653][T25990] file_writeback 0 [ 2474.125653][T25990] swapcached 0 [ 2474.125653][T25990] anon_thp 0 [ 2474.125653][T25990] file_thp 0 [ 2474.125653][T25990] shmem_thp 0 [ 2474.125653][T25990] inactive_anon 311898112 [ 2474.125653][T25990] active_anon 1486848 [ 2474.125653][T25990] inactive_file 0 [ 2474.125653][T25990] active_file 0 [ 2474.125653][T25990] unevictable 0 [ 2474.125653][T25990] slab_reclaimable 786584 [ 2474.125653][T25990] slab_unreclaimable 270136 [ 2474.125653][T25990] slab 1056720 [ 2474.125653][T25990] workingset_refault_anon 0 [ 2474.125653][T25990] workingset_refault_file 0 [ 2474.182741][T25740] usb 6-1: Using ep0 maxpacket: 8 [ 2474.222038][T25990] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=25990,uid=0 [ 2474.243160][T25990] Memory cgroup out of memory: Killed process 25990 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:06 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000000c0)=@req={0x28, &(0x7f0000000080)={'veth0_to_batadv\x00', @ifru_ivalue}}) [ 2474.463071][T25740] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2474.474504][T25740] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2474.487035][T25740] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2474.497531][T25740] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 21:15:06 executing program 3: bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup, 0xffffffffffffffff, 0x8}, 0x10) [ 2474.507545][T25740] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 2474.517547][T25740] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 2474.545780][T26011] loop4: detected capacity change from 0 to 253983 [ 2474.622298][T26011] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2474.630315][T26011] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2474.681443][T26011] F2FS-fs (loop4): invalid crc_offset: 0 [ 2474.733049][T25740] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2474.742473][T25740] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2474.749696][T26011] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2474.750620][T25740] usb 6-1: Product: syz [ 2474.750722][T25740] usb 6-1: Manufacturer: syz [ 2474.750816][T25740] usb 6-1: SerialNumber: syz [ 2474.757411][T26011] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:07 executing program 2: r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_ifreq(r0, 0x89a0, 0x0) 21:15:07 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/21, 0x15, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2475.085892][T26018] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2475.118696][T26002] UDC core: couldn't find an available UDC or it's busy: -16 [ 2475.127094][T26002] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 2475.210424][T25740] cdc_ncm 6-1:1.0: bind() failure [ 2475.249206][T25740] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 2475.261182][T25740] cdc_ncm 6-1:1.1: bind() failure 21:15:07 executing program 3: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000010c0)='ns/cgroup\x00') 21:15:07 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2475.481583][T25740] usb 6-1: USB disconnect, device number 70 [ 2475.589736][T26021] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2475.600307][T26021] CPU: 1 PID: 26021 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2475.611979][T26021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2475.622361][T26021] Call Trace: [ 2475.625723][T26021] [ 2475.628763][T26021] dump_stack_lvl+0x200/0x28c [ 2475.633596][T26021] dump_stack+0x29/0x2c [ 2475.637944][T26021] dump_header+0x1e5/0xae0 [ 2475.642523][T26021] oom_kill_process+0x3a7/0xba0 [ 2475.647600][T26021] out_of_memory+0x111c/0x1570 [ 2475.652518][T26021] ? slab_debugfs_show+0xa40/0xaa0 [ 2475.658319][T26021] mem_cgroup_out_of_memory+0x46b/0x590 [ 2475.664112][T26021] mem_cgroup_oom+0xa3d/0xd30 [ 2475.668949][T26021] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2475.674315][T26021] try_charge_memcg+0x18b0/0x2110 [ 2475.679706][T26021] ? kmsan_get_metadata+0x33/0x220 [ 2475.685048][T26021] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2475.691100][T26021] charge_memcg+0x1a9/0x6b0 [ 2475.695898][T26021] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2475.701660][T26021] __mem_cgroup_charge+0xb9/0x2e0 [ 2475.706930][T26021] wp_page_copy+0x719/0x4310 [ 2475.711709][T26021] ? kmsan_get_metadata+0x33/0x220 [ 2475.717068][T26021] ? kmsan_get_metadata+0x33/0x220 [ 2475.722407][T26021] ? preempt_count_sub+0xfc/0x340 [ 2475.727628][T26021] do_wp_page+0xc81/0x29c0 [ 2475.732247][T26021] handle_mm_fault+0x43e1/0x47a0 21:15:08 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000400)={@remote, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000480)=0x20) [ 2475.737364][T26021] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2475.743550][T26021] do_user_addr_fault+0x11f5/0x1e50 [ 2475.748977][T26021] exc_page_fault+0x60/0x140 [ 2475.753782][T26021] ? asm_exc_page_fault+0x8/0x30 [ 2475.758888][T26021] asm_exc_page_fault+0x1e/0x30 [ 2475.763911][T26021] RIP: 0023:0xf6e1f418 [ 2475.768109][T26021] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2475.788274][T26021] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2475.794439][T26021] RAX: 00000000f6f50000 RBX: 00000000c9562e15 RCX: 0000000000000e15 [ 2475.802498][T26021] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000827e4f6c [ 2475.810599][T26021] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2475.818696][T26021] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2475.826881][T26021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2475.834968][T26021] [ 2475.838236][T26021] memory: usage 307200kB, limit 307200kB, failcnt 12422 [ 2475.845442][T26021] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2475.852506][T26021] Memory cgroup stats for /syz1: [ 2475.853725][T26021] anon 126976 [ 2475.853725][T26021] file 313262080 [ 2475.853725][T26021] kernel 1183744 [ 2475.853725][T26021] kernel_stack 32768 [ 2475.853725][T26021] pagetables 69632 [ 2475.853725][T26021] percpu 0 [ 2475.853725][T26021] sock 0 [ 2475.853725][T26021] vmalloc 0 [ 2475.853725][T26021] shmem 313262080 [ 2475.853725][T26021] file_mapped 40960 [ 2475.853725][T26021] file_dirty 0 [ 2475.853725][T26021] file_writeback 0 [ 2475.853725][T26021] swapcached 0 [ 2475.853725][T26021] anon_thp 0 [ 2475.853725][T26021] file_thp 0 [ 2475.853725][T26021] shmem_thp 0 [ 2475.853725][T26021] inactive_anon 311902208 [ 2475.853725][T26021] active_anon 1486848 [ 2475.853725][T26021] inactive_file 0 [ 2475.853725][T26021] active_file 0 [ 2475.853725][T26021] unevictable 0 [ 2475.853725][T26021] slab_reclaimable 788664 [ 2475.853725][T26021] slab_unreclaimable 274616 [ 2475.853725][T26021] slab 1063280 [ 2475.853725][T26021] workingset_refault_anon 0 [ 2475.853725][T26021] workingset_refault_file 0 [ 2475.949822][T26021] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26021,uid=0 [ 2475.965936][T26021] Memory cgroup out of memory: Killed process 26021 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:08 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGETKEYCODE(r0, 0x4b66, 0x0) 21:15:08 executing program 2: r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_ivalue}) [ 2476.464209][T26030] loop4: detected capacity change from 0 to 253983 [ 2476.573341][T26030] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2476.581259][T26030] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2476.588326][T26032] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:08 executing program 3: syz_mount_image$msdos(&(0x7f0000001780), &(0x7f00000017c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002cc0), 0x0, &(0x7f0000002d80)={[{@dots}, {@fat=@sys_immutable}, {@nodots}], [{@fsname}]}) [ 2476.622777][T26030] F2FS-fs (loop4): invalid crc_offset: 0 21:15:09 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2476.783731][T26030] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2476.790492][T26030] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:09 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmmsg$sock(r0, 0x0, 0x0, 0x0) 21:15:09 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/21, 0x15, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2477.175622][T26039] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 2477.188120][T26039] CPU: 0 PID: 26039 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2477.199859][T26039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2477.210037][T26039] Call Trace: [ 2477.213398][T26039] [ 2477.216404][T26039] dump_stack_lvl+0x200/0x28c [ 2477.221297][T26039] dump_stack+0x29/0x2c [ 2477.225638][T26039] dump_header+0x1e5/0xae0 [ 2477.230274][T26039] oom_kill_process+0x3a7/0xba0 [ 2477.235338][T26039] out_of_memory+0x111c/0x1570 [ 2477.240284][T26039] ? slab_debugfs_show+0xa40/0xaa0 [ 2477.245697][T26039] mem_cgroup_out_of_memory+0x46b/0x590 [ 2477.251480][T26039] mem_cgroup_oom+0xa3d/0xd30 [ 2477.256439][T26039] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2477.261664][T26039] try_charge_memcg+0x18b0/0x2110 [ 2477.266979][T26039] ? __rcu_read_unlock+0x85/0xf0 [ 2477.272081][T26039] obj_cgroup_charge_pages+0x352/0x760 [ 2477.277776][T26039] __memcg_kmem_charge_page+0x5b2/0x910 [ 2477.283544][T26039] __alloc_pages+0x82e/0x1040 [ 2477.288639][T26039] dup_task_struct+0x310/0xaf0 [ 2477.293590][T26039] ? kmsan_get_metadata+0x33/0x220 [ 2477.298942][T26039] copy_process+0xb32/0x68e0 [ 2477.303730][T26039] ? kernel_clone+0x84/0x1110 [ 2477.308799][T26039] kernel_clone+0x4c4/0x1110 [ 2477.313579][T26039] ? __stack_depot_save+0x21/0x4b0 [ 2477.318897][T26039] ? kmsan_get_metadata+0x33/0x220 [ 2477.324221][T26039] ? kmsan_get_shadow_origin_ptr+0xe0/0xf0 [ 2477.330252][T26039] __ia32_compat_sys_ia32_clone+0x29a/0x410 [ 2477.336408][T26039] do_int80_syscall_32+0x4d/0xa0 [ 2477.341603][T26039] ? asm_exc_page_fault+0x8/0x30 [ 2477.346704][T26039] entry_INT80_compat+0x71/0x76 [ 2477.351724][T26039] RIP: 0023:0xf6e5a3a4 [ 2477.355915][T26039] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00 [ 2477.375679][T26039] RSP: 002b:00000000ffacc000 EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 2477.384256][T26039] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f917a4 [ 2477.392354][T26039] RDX: 00000000f7f91ba8 RSI: 00000000ffacc04c RDI: 00000000f7f91ba8 [ 2477.400449][T26039] RBP: 00000000f6f36000 R08: 0000000000000000 R09: 0000000000000000 [ 2477.408542][T26039] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 2477.416628][T26039] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2477.424751][T26039] [ 2477.431561][T26039] memory: usage 307192kB, limit 307200kB, failcnt 12466 [ 2477.439084][T26039] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2477.446188][T26039] Memory cgroup stats for /syz1: [ 2477.447722][T26039] anon 118784 [ 2477.447722][T26039] file 313262080 [ 2477.447722][T26039] kernel 1183744 [ 2477.447722][T26039] kernel_stack 32768 [ 2477.447722][T26039] pagetables 65536 [ 2477.447722][T26039] percpu 0 [ 2477.447722][T26039] sock 0 21:15:09 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KDGKBMETA(r0, 0x540f, 0x0) [ 2477.447722][T26039] vmalloc 0 [ 2477.447722][T26039] shmem 313262080 [ 2477.447722][T26039] file_mapped 40960 [ 2477.447722][T26039] file_dirty 0 [ 2477.447722][T26039] file_writeback 0 [ 2477.447722][T26039] swapcached 0 [ 2477.447722][T26039] anon_thp 0 [ 2477.447722][T26039] file_thp 0 [ 2477.447722][T26039] shmem_thp 0 [ 2477.447722][T26039] inactive_anon 311894016 [ 2477.447722][T26039] active_anon 1486848 [ 2477.447722][T26039] inactive_file 0 [ 2477.447722][T26039] active_file 0 [ 2477.447722][T26039] unevictable 0 [ 2477.447722][T26039] slab_reclaimable 786584 [ 2477.447722][T26039] slab_unreclaimable 282000 [ 2477.447722][T26039] slab 1068584 [ 2477.447722][T26039] workingset_refault_anon 0 [ 2477.447722][T26039] workingset_refault_file 0 [ 2477.544148][T26039] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26039,uid=0 [ 2477.560865][T26039] Memory cgroup out of memory: Killed process 26039 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:15:10 executing program 1: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x20) socketpair(0x0, 0x0, 0x0, &(0x7f0000000400)) [ 2477.870844][T26048] FAT-fs (loop3): Unrecognized mount option "fsname=" or missing value [ 2477.926323][T26049] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:10 executing program 3: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x8000000) 21:15:10 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040), 0x4) 21:15:10 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2478.198429][T26055] loop4: detected capacity change from 0 to 253983 [ 2478.243164][T26055] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2478.251098][T26055] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2478.283226][T26055] F2FS-fs (loop4): invalid crc_offset: 0 21:15:10 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80) [ 2478.343700][T26055] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2478.350383][T26055] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:10 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/25, 0x19, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:11 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r0, &(0x7f0000005680)=[{{0x0, 0x0, &(0x7f0000002d00)=[{&(0x7f0000003080)="0f", 0x1}], 0x1}}], 0x1, 0x0) [ 2479.033586][T26068] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:11 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000007c0)=@buf={0x28, &(0x7f00000006c0)="8361cc99e9d5ee32569d45a784e3405074e72986ae0baf7a02ea0cc545730fd45e25ef37af545192"}) [ 2479.166921][T26060] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2479.177785][T26060] CPU: 1 PID: 26060 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2479.189530][T26060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2479.199763][T26060] Call Trace: [ 2479.203147][T26060] [ 2479.206176][T26060] dump_stack_lvl+0x200/0x28c [ 2479.211148][T26060] dump_stack+0x29/0x2c [ 2479.215474][T26060] dump_header+0x1e5/0xae0 [ 2479.220135][T26060] oom_kill_process+0x3a7/0xba0 [ 2479.225214][T26060] out_of_memory+0x111c/0x1570 [ 2479.230199][T26060] ? slab_debugfs_show+0xa40/0xaa0 [ 2479.235531][T26060] mem_cgroup_out_of_memory+0x46b/0x590 [ 2479.241349][T26060] mem_cgroup_oom+0xa3d/0xd30 [ 2479.246245][T26060] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2479.251468][T26060] try_charge_memcg+0x18b0/0x2110 [ 2479.256716][T26060] ? kmsan_get_metadata+0x33/0x220 [ 2479.262110][T26060] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2479.268202][T26060] charge_memcg+0x1a9/0x6b0 [ 2479.272930][T26060] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2479.278732][T26060] __mem_cgroup_charge+0xb9/0x2e0 [ 2479.284005][T26060] wp_page_copy+0x719/0x4310 [ 2479.288808][T26060] ? kmsan_get_metadata+0x33/0x220 [ 2479.294248][T26060] ? kmsan_get_metadata+0x33/0x220 [ 2479.299572][T26060] ? preempt_count_sub+0xfc/0x340 [ 2479.304800][T26060] do_wp_page+0xc81/0x29c0 [ 2479.309429][T26060] handle_mm_fault+0x43e1/0x47a0 [ 2479.314562][T26060] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2479.320717][T26060] do_user_addr_fault+0x11f5/0x1e50 [ 2479.326102][T26060] exc_page_fault+0x60/0x140 [ 2479.330899][T26060] ? asm_exc_page_fault+0x8/0x30 [ 2479.336002][T26060] asm_exc_page_fault+0x1e/0x30 [ 2479.341035][T26060] RIP: 0023:0xf6e1f418 [ 2479.345281][T26060] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2479.365084][T26060] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2479.371320][T26060] RAX: 00000000f6f50000 RBX: 000000006f9299b2 RCX: 00000000000019b2 [ 2479.379394][T26060] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863c4b4a [ 2479.387515][T26060] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2479.395633][T26060] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2479.403743][T26060] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2479.412678][T26060] [ 2479.418264][T26060] memory: usage 307200kB, limit 307200kB, failcnt 12519 [ 2479.426019][T26060] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2479.433234][T26060] Memory cgroup stats for /syz1: [ 2479.434788][T26060] anon 131072 [ 2479.434788][T26060] file 313262080 [ 2479.434788][T26060] kernel 1179648 [ 2479.434788][T26060] kernel_stack 32768 [ 2479.434788][T26060] pagetables 69632 [ 2479.434788][T26060] percpu 0 [ 2479.434788][T26060] sock 0 [ 2479.434788][T26060] vmalloc 0 [ 2479.434788][T26060] shmem 313262080 [ 2479.434788][T26060] file_mapped 40960 [ 2479.434788][T26060] file_dirty 0 [ 2479.434788][T26060] file_writeback 0 [ 2479.434788][T26060] swapcached 0 [ 2479.434788][T26060] anon_thp 0 [ 2479.434788][T26060] file_thp 0 [ 2479.434788][T26060] shmem_thp 0 [ 2479.434788][T26060] inactive_anon 311902208 [ 2479.434788][T26060] active_anon 1486848 [ 2479.434788][T26060] inactive_file 0 [ 2479.434788][T26060] active_file 0 [ 2479.434788][T26060] unevictable 0 [ 2479.434788][T26060] slab_reclaimable 786584 [ 2479.434788][T26060] slab_unreclaimable 271896 [ 2479.434788][T26060] slab 1058480 [ 2479.434788][T26060] workingset_refault_anon 0 [ 2479.434788][T26060] workingset_refault_file 0 [ 2479.529833][T26068] device bond147 entered promiscuous mode [ 2479.531366][T26060] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26060,uid=0 [ 2479.553475][T26060] Memory cgroup out of memory: Killed process 26060 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 [ 2479.580349][T26068] device bond147 left promiscuous mode 21:15:11 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r0, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) 21:15:11 executing program 2: socketpair(0x0, 0x0, 0x0, &(0x7f0000000040)) time(&(0x7f0000000000)) [ 2479.730523][T26074] loop4: detected capacity change from 0 to 253983 [ 2479.795380][T26074] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2479.805582][T26074] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:15:12 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2479.836656][T26074] F2FS-fs (loop4): invalid crc_offset: 0 [ 2479.967581][T26074] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2479.974527][T26074] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:12 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ifreq(r0, 0x8994, &(0x7f0000000000)={'veth1\x00', @ifru_mtu}) 21:15:12 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/25, 0x19, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:12 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e2c, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 21:15:12 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000080)={{{@in=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x6e6bbb}, {{@in6=@mcast1}, 0x0, @in6=@mcast1}}, 0xe8) [ 2480.630662][T26088] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2480.702276][T26090] device bond148 entered promiscuous mode [ 2480.728802][T26090] device bond148 left promiscuous mode 21:15:13 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2480.841182][T26082] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2480.853051][T26082] CPU: 1 PID: 26082 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2480.864800][T26082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2480.875077][T26082] Call Trace: [ 2480.878468][T26082] [ 2480.881494][T26082] dump_stack_lvl+0x200/0x28c [ 2480.886299][T26082] dump_stack+0x29/0x2c [ 2480.890577][T26082] dump_header+0x1e5/0xae0 [ 2480.895163][T26082] oom_kill_process+0x3a7/0xba0 [ 2480.900241][T26082] out_of_memory+0x111c/0x1570 [ 2480.905131][T26082] ? slab_debugfs_show+0xa40/0xaa0 [ 2480.910379][T26082] mem_cgroup_out_of_memory+0x46b/0x590 [ 2480.916094][T26082] mem_cgroup_oom+0xa3d/0xd30 [ 2480.920989][T26082] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2480.926202][T26082] try_charge_memcg+0x18b0/0x2110 [ 2480.931452][T26082] ? kmsan_get_metadata+0x33/0x220 [ 2480.936852][T26082] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2480.942877][T26082] charge_memcg+0x1a9/0x6b0 [ 2480.947573][T26082] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2480.953346][T26082] __mem_cgroup_charge+0xb9/0x2e0 [ 2480.958531][T26082] wp_page_copy+0x719/0x4310 [ 2480.963341][T26082] ? kmsan_get_metadata+0x33/0x220 [ 2480.968686][T26082] ? kmsan_get_metadata+0x33/0x220 [ 2480.974025][T26082] ? preempt_count_sub+0xfc/0x340 [ 2480.979249][T26082] do_wp_page+0xc81/0x29c0 [ 2480.983817][T26082] handle_mm_fault+0x43e1/0x47a0 [ 2480.988937][T26082] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2480.994080][T26082] ? kmsan_get_metadata+0x33/0x220 [ 2480.999409][T26082] do_user_addr_fault+0x11f5/0x1e50 [ 2481.004795][T26082] exc_page_fault+0x60/0x140 [ 2481.009508][T26082] ? asm_exc_page_fault+0x8/0x30 [ 2481.014576][T26082] asm_exc_page_fault+0x1e/0x30 [ 2481.020041][T26082] RIP: 0023:0xf6e1f418 [ 2481.024229][T26082] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2481.043953][T26082] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2481.050129][T26082] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2481.058286][T26082] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2481.066386][T26082] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2481.074685][T26082] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2481.074729][ T1194] ieee802154 phy0 wpan0: encryption failed: -22 [ 2481.074936][ T1194] ieee802154 phy1 wpan1: encryption failed: -22 [ 2481.082871][T26082] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2481.082984][T26082] [ 2481.083176][T26082] memory: usage 307200kB, limit 307200kB, failcnt 12567 [ 2481.114094][T26082] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2481.121079][T26082] Memory cgroup stats for /syz1: [ 2481.122745][T26082] anon 131072 [ 2481.122745][T26082] file 313262080 [ 2481.122745][T26082] kernel 1179648 [ 2481.122745][T26082] kernel_stack 32768 [ 2481.122745][T26082] pagetables 65536 [ 2481.122745][T26082] percpu 0 [ 2481.122745][T26082] sock 0 [ 2481.122745][T26082] vmalloc 0 [ 2481.122745][T26082] shmem 313262080 [ 2481.122745][T26082] file_mapped 40960 [ 2481.122745][T26082] file_dirty 0 [ 2481.122745][T26082] file_writeback 0 [ 2481.122745][T26082] swapcached 0 [ 2481.122745][T26082] anon_thp 0 [ 2481.122745][T26082] file_thp 0 [ 2481.122745][T26082] shmem_thp 0 [ 2481.122745][T26082] inactive_anon 311889920 [ 2481.122745][T26082] active_anon 1486848 [ 2481.122745][T26082] inactive_file 0 [ 2481.122745][T26082] active_file 0 [ 2481.122745][T26082] unevictable 0 [ 2481.122745][T26082] slab_reclaimable 787624 [ 2481.122745][T26082] slab_unreclaimable 271992 [ 2481.122745][T26082] slab 1059616 [ 2481.122745][T26082] workingset_refault_anon 0 [ 2481.122745][T26082] workingset_refault_file 0 [ 2481.219441][T26082] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26082,uid=0 [ 2481.235548][T26082] Memory cgroup out of memory: Killed process 26082 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:15:13 executing program 1: r0 = socket$nl_audit(0x10, 0x3, 0x9) bind(r0, &(0x7f0000000000)=@nl=@proc, 0x80) 21:15:13 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000016c0)=[{0x0}, {0x0}, {0xffffffffffffffff}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) [ 2481.703221][T26098] loop4: detected capacity change from 0 to 253983 [ 2481.782828][T26098] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2481.790738][T26098] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2481.818334][T26098] F2FS-fs (loop4): invalid crc_offset: 0 [ 2481.934524][T26098] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2481.941394][T26098] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:14 executing program 2: r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_ifreq(r0, 0x89b1, &(0x7f0000000040)={'ip6gre0\x00', @ifru_addrs=@qipcrtr}) 21:15:14 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/25, 0x19, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2482.102329][T26106] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2482.290676][T26106] device bond149 entered promiscuous mode [ 2482.309287][T26106] device bond149 left promiscuous mode 21:15:14 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:14 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f0000000340)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @dev}}) [ 2482.765545][T26105] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2482.778279][T26105] CPU: 1 PID: 26105 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2482.790050][T26105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2482.800220][T26105] Call Trace: [ 2482.803592][T26105] [ 2482.806603][T26105] dump_stack_lvl+0x200/0x28c [ 2482.811468][T26105] dump_stack+0x29/0x2c [ 2482.815777][T26105] dump_header+0x1e5/0xae0 [ 2482.820404][T26105] oom_kill_process+0x3a7/0xba0 [ 2482.825451][T26105] out_of_memory+0x111c/0x1570 [ 2482.830396][T26105] ? slab_debugfs_show+0xa40/0xaa0 [ 2482.835705][T26105] mem_cgroup_out_of_memory+0x46b/0x590 [ 2482.841483][T26105] mem_cgroup_oom+0xa3d/0xd30 [ 2482.846345][T26105] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2482.851556][T26105] try_charge_memcg+0x18b0/0x2110 [ 2482.856778][T26105] ? kmsan_get_metadata+0x33/0x220 [ 2482.862129][T26105] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2482.868147][T26105] charge_memcg+0x1a9/0x6b0 [ 2482.872856][T26105] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2482.878608][T26105] __mem_cgroup_charge+0xb9/0x2e0 [ 2482.883846][T26105] wp_page_copy+0x719/0x4310 [ 2482.888624][T26105] ? kmsan_get_metadata+0x33/0x220 [ 2482.893933][T26105] ? kmsan_get_metadata+0x33/0x220 [ 2482.899240][T26105] ? preempt_count_sub+0xfc/0x340 [ 2482.904446][T26105] do_wp_page+0xc81/0x29c0 [ 2482.909048][T26105] handle_mm_fault+0x43e1/0x47a0 [ 2482.914146][T26105] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2482.920407][T26105] do_user_addr_fault+0x11f5/0x1e50 [ 2482.925847][T26105] exc_page_fault+0x60/0x140 [ 2482.930750][T26105] ? asm_exc_page_fault+0x8/0x30 [ 2482.935874][T26105] asm_exc_page_fault+0x1e/0x30 [ 2482.940888][T26105] RIP: 0023:0xf6e1f418 [ 2482.945094][T26105] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2482.965125][T26105] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2482.971336][T26105] RAX: 00000000f6f50000 RBX: 000000009faa3909 RCX: 0000000000001909 [ 2482.979443][T26105] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 000000008c7d6408 [ 2482.987538][T26105] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2482.995624][T26105] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2483.003719][T26105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2483.012107][T26105] [ 2483.015964][T26105] memory: usage 307200kB, limit 307200kB, failcnt 12622 [ 2483.023170][T26105] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2483.030656][T26105] Memory cgroup stats for /syz1: [ 2483.031464][T26105] anon 131072 [ 2483.031464][T26105] file 313262080 [ 2483.031464][T26105] kernel 1179648 [ 2483.031464][T26105] kernel_stack 32768 [ 2483.031464][T26105] pagetables 69632 [ 2483.031464][T26105] percpu 0 [ 2483.031464][T26105] sock 0 [ 2483.031464][T26105] vmalloc 0 [ 2483.031464][T26105] shmem 313262080 [ 2483.031464][T26105] file_mapped 40960 [ 2483.031464][T26105] file_dirty 0 [ 2483.031464][T26105] file_writeback 0 [ 2483.031464][T26105] swapcached 0 [ 2483.031464][T26105] anon_thp 0 [ 2483.031464][T26105] file_thp 0 [ 2483.031464][T26105] shmem_thp 0 [ 2483.031464][T26105] inactive_anon 311894016 [ 2483.031464][T26105] active_anon 1486848 [ 2483.031464][T26105] inactive_file 0 [ 2483.031464][T26105] active_file 0 [ 2483.031464][T26105] unevictable 0 [ 2483.031464][T26105] slab_reclaimable 787624 [ 2483.031464][T26105] slab_unreclaimable 272160 [ 2483.031464][T26105] slab 1059784 [ 2483.031464][T26105] workingset_refault_anon 0 [ 2483.031464][T26105] workingset_refault_file 0 [ 2483.127789][T26105] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26105,uid=0 [ 2483.143943][T26105] Memory cgroup out of memory: Killed process 26105 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000000d67) syz_open_procfs(0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_exit\x00', r5}, 0x10) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r7, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) ioctl$BTRFS_IOC_START_SYNC(r6, 0x80089418, &(0x7f0000004a00)=0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000400)={"b8d4ce5914c1d0057efc0706a6cfddd9", r8, 0x0, {0x8, 0x8000}, {0x7ff, 0xd0fd}, 0x0, [0x4, 0xfff, 0x9, 0x0, 0xffffffffffff8000, 0x1f, 0x400, 0x8, 0x8, 0x1, 0x0, 0x8, 0x7, 0x0, 0x3, 0x9]}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000fc0)={0x0, 0x0, 0x0}, 0x40000) ftruncate(0xffffffffffffffff, 0x800) 21:15:15 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000740)={'ip6gre0\x00', 0x0}) 21:15:15 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e2c, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) [ 2483.476987][T26115] loop4: detected capacity change from 0 to 253983 [ 2483.561013][T26115] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2483.569381][T26115] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2483.589306][T26115] F2FS-fs (loop4): invalid crc_offset: 0 [ 2483.660313][T26115] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2483.667232][T26115] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:16 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/27, 0x1b, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:16 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00') read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2020) preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000100)=""/223, 0xdf}], 0x1, 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) [ 2483.795186][T26122] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2483.896743][T26124] device bond150 entered promiscuous mode [ 2483.969942][T26124] device bond150 left promiscuous mode 21:15:16 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:16 executing program 2: r0 = socket$nl_audit(0x10, 0x3, 0x9) connect(r0, &(0x7f0000000000)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80) [ 2484.423294][T26125] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2484.433913][T26125] CPU: 0 PID: 26125 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2484.445643][T26125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2484.455818][T26125] Call Trace: [ 2484.459178][T26125] [ 2484.462187][T26125] dump_stack_lvl+0x200/0x28c [ 2484.467048][T26125] dump_stack+0x29/0x2c [ 2484.471354][T26125] dump_header+0x1e5/0xae0 [ 2484.475973][T26125] oom_kill_process+0x3a7/0xba0 [ 2484.481026][T26125] out_of_memory+0x111c/0x1570 [ 2484.485966][T26125] ? slab_debugfs_show+0xa40/0xaa0 [ 2484.491296][T26125] mem_cgroup_out_of_memory+0x46b/0x590 [ 2484.497069][T26125] mem_cgroup_oom+0xa3d/0xd30 [ 2484.501933][T26125] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2484.507145][T26125] try_charge_memcg+0x18b0/0x2110 [ 2484.512366][T26125] ? kmsan_get_metadata+0x33/0x220 [ 2484.517722][T26125] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2484.523735][T26125] charge_memcg+0x1a9/0x6b0 [ 2484.528441][T26125] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2484.534193][T26125] __mem_cgroup_charge+0xb9/0x2e0 [ 2484.539430][T26125] wp_page_copy+0x719/0x4310 [ 2484.544239][T26125] ? kmsan_get_metadata+0x33/0x220 [ 2484.549544][T26125] ? kmsan_get_metadata+0x33/0x220 [ 2484.554854][T26125] ? preempt_count_sub+0xfc/0x340 [ 2484.560142][T26125] do_wp_page+0xc81/0x29c0 [ 2484.564748][T26125] handle_mm_fault+0x43e1/0x47a0 [ 2484.569845][T26125] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2484.575120][T26125] ? kmsan_get_metadata+0x33/0x220 [ 2484.580493][T26125] do_user_addr_fault+0x11f5/0x1e50 [ 2484.585909][T26125] exc_page_fault+0x60/0x140 [ 2484.590680][T26125] ? asm_exc_page_fault+0x8/0x30 [ 2484.595770][T26125] asm_exc_page_fault+0x1e/0x30 [ 2484.600790][T26125] RIP: 0023:0xf6e1f418 [ 2484.604980][T26125] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2484.624741][T26125] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2484.630965][T26125] RAX: 00000000f6f50000 RBX: 00000000d6a1c95d RCX: 000000000000095d [ 2484.639078][T26125] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000081740309 [ 2484.647355][T26125] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2484.655451][T26125] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2484.663535][T26125] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2484.671664][T26125] [ 2484.678243][T26125] memory: usage 307200kB, limit 307200kB, failcnt 12677 [ 2484.685793][T26125] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2484.692864][T26125] Memory cgroup stats for /syz1: [ 2484.694180][T26125] anon 131072 [ 2484.694180][T26125] file 313262080 [ 2484.694180][T26125] kernel 1179648 [ 2484.694180][T26125] kernel_stack 32768 [ 2484.694180][T26125] pagetables 69632 [ 2484.694180][T26125] percpu 0 [ 2484.694180][T26125] sock 0 [ 2484.694180][T26125] vmalloc 0 [ 2484.694180][T26125] shmem 313262080 [ 2484.694180][T26125] file_mapped 40960 [ 2484.694180][T26125] file_dirty 0 [ 2484.694180][T26125] file_writeback 0 [ 2484.694180][T26125] swapcached 0 [ 2484.694180][T26125] anon_thp 0 [ 2484.694180][T26125] file_thp 0 [ 2484.694180][T26125] shmem_thp 0 [ 2484.694180][T26125] inactive_anon 311885824 [ 2484.694180][T26125] active_anon 1486848 [ 2484.694180][T26125] inactive_file 0 [ 2484.694180][T26125] active_file 0 [ 2484.694180][T26125] unevictable 0 [ 2484.694180][T26125] slab_reclaimable 786584 [ 2484.694180][T26125] slab_unreclaimable 271896 [ 2484.694180][T26125] slab 1058480 [ 2484.694180][T26125] workingset_refault_anon 0 [ 2484.694180][T26125] workingset_refault_file 0 [ 2484.790416][T26125] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26125,uid=0 [ 2484.806510][T26125] Memory cgroup out of memory: Killed process 26125 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:17 executing program 1: r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_ifreq(r0, 0x8913, &(0x7f0000000040)={'team_slave_1\x00', @ifru_mtu}) [ 2485.160661][T26136] loop4: detected capacity change from 0 to 253983 21:15:17 executing program 5: r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_ifreq(r0, 0x8943, &(0x7f0000000040)={'team_slave_1\x00', @ifru_mtu}) [ 2485.308217][T26136] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2485.316355][T26136] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2485.414207][T26136] F2FS-fs (loop4): invalid crc_offset: 0 [ 2485.496945][T26136] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2485.503897][T26136] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 2485.645691][T26142] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:17 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/27, 0x1b, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:18 executing program 2: rt_sigtimedwait(&(0x7f00000001c0), 0x0, &(0x7f0000000240), 0x8) [ 2485.814693][T26145] device bond151 entered promiscuous mode [ 2485.916643][T26145] device bond151 left promiscuous mode 21:15:18 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:18 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KDGKBMETA(r0, 0x5415, 0x0) [ 2486.721279][T26153] loop4: detected capacity change from 0 to 253983 21:15:19 executing program 2: socket(0x2c00, 0x0, 0x0) [ 2486.879047][T26153] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2486.887311][T26153] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:15:19 executing program 3: r0 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "ed37e986cb4fb9bdf67866b8f79c9c02973f89879917f11baf96e77c3f463f07d09a68664f7995872adea587197c91f18372bfc3f596b6dce729e7c45f567315"}, 0x48, 0xfffffffffffffffb) keyctl$unlink(0x9, 0x0, r0) [ 2486.990536][T26153] F2FS-fs (loop4): invalid crc_offset: 0 [ 2487.068148][T26153] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2487.076655][T26153] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 2487.107613][T26159] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2487.159960][T26146] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2487.172745][T26146] CPU: 1 PID: 26146 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2487.184580][T26146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2487.194804][T26146] Call Trace: [ 2487.198180][T26146] [ 2487.201205][T26146] dump_stack_lvl+0x200/0x28c [ 2487.206213][T26146] dump_stack+0x29/0x2c [ 2487.210556][T26146] dump_header+0x1e5/0xae0 [ 2487.215196][T26146] oom_kill_process+0x3a7/0xba0 [ 2487.220252][T26146] out_of_memory+0x111c/0x1570 [ 2487.225202][T26146] ? slab_debugfs_show+0xa40/0xaa0 [ 2487.230518][T26146] mem_cgroup_out_of_memory+0x46b/0x590 [ 2487.236294][T26146] mem_cgroup_oom+0xa3d/0xd30 [ 2487.241173][T26146] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2487.246383][T26146] try_charge_memcg+0x18b0/0x2110 [ 2487.251765][T26146] ? __rcu_read_unlock+0x85/0xf0 [ 2487.256876][T26146] obj_cgroup_charge_pages+0x352/0x760 [ 2487.262555][T26146] __memcg_kmem_charge_page+0x5b2/0x910 [ 2487.268328][T26146] __alloc_pages+0x82e/0x1040 [ 2487.273240][T26146] alloc_pages+0x98c/0xca0 [ 2487.277828][T26146] ? do_anonymous_page+0xfbf/0x28e0 [ 2487.283232][T26146] pte_alloc_one+0x6b/0x280 [ 2487.287920][T26146] ? kmsan_get_metadata+0x33/0x220 [ 2487.293234][T26146] __pte_alloc+0x81/0x5b0 [ 2487.297732][T26146] ? handle_mm_fault+0x1782/0x47a0 [ 2487.303021][T26146] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2487.309204][T26146] do_anonymous_page+0x9d9/0x28e0 [ 2487.314405][T26146] ? __stack_depot_save+0x21/0x4b0 [ 2487.319750][T26146] handle_mm_fault+0x37b6/0x47a0 [ 2487.324856][T26146] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2487.331009][T26146] do_user_addr_fault+0x11f5/0x1e50 [ 2487.336423][T26146] exc_page_fault+0x60/0x140 [ 2487.341200][T26146] ? asm_exc_page_fault+0x8/0x30 [ 2487.346296][T26146] asm_exc_page_fault+0x1e/0x30 [ 2487.351304][T26146] RIP: 0023:0xf6e548f6 [ 2487.355487][T26146] Code: 03 76 37 f7 c6 03 00 00 00 74 16 a4 49 f7 c6 03 00 00 00 74 0c a4 49 f7 c6 03 00 00 00 74 02 a4 49 50 89 c8 c1 e9 02 83 e0 03 a5 89 c1 f3 a4 58 89 c7 89 d6 8b 44 24 04 c3 d1 e9 73 01 a4 d1 [ 2487.375253][T26146] RSP: 002b:00000000ffacc118 EFLAGS: 00010246 [ 2487.381562][T26146] RAX: 0000000000000000 RBX: 00000000f6f36000 RCX: 0000000000000004 [ 2487.389645][T26146] RDX: 0000000000000000 RSI: 00000000f6f60080 RDI: 0000000020000040 [ 2487.397741][T26146] RBP: 00000000f6f60068 R08: 0000000000000000 R09: 0000000000000000 [ 2487.405835][T26146] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2487.413924][T26146] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2487.422040][T26146] [ 2487.428546][T26146] memory: usage 307200kB, limit 307200kB, failcnt 12727 [ 2487.435889][T26146] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2487.443002][T26146] Memory cgroup stats for /syz1: [ 2487.444424][T26146] anon 147456 [ 2487.444424][T26146] file 313262080 [ 2487.444424][T26146] kernel 1163264 [ 2487.444424][T26146] kernel_stack 32768 [ 2487.444424][T26146] pagetables 65536 [ 2487.444424][T26146] percpu 0 [ 2487.444424][T26146] sock 0 [ 2487.444424][T26146] vmalloc 0 [ 2487.444424][T26146] shmem 313262080 [ 2487.444424][T26146] file_mapped 40960 [ 2487.444424][T26146] file_dirty 0 [ 2487.444424][T26146] file_writeback 0 [ 2487.444424][T26146] swapcached 0 [ 2487.444424][T26146] anon_thp 0 [ 2487.444424][T26146] file_thp 0 [ 2487.444424][T26146] shmem_thp 0 [ 2487.444424][T26146] inactive_anon 311922688 [ 2487.444424][T26146] active_anon 1486848 [ 2487.444424][T26146] inactive_file 0 [ 2487.444424][T26146] active_file 0 [ 2487.444424][T26146] unevictable 0 [ 2487.444424][T26146] slab_reclaimable 787624 [ 2487.444424][T26146] slab_unreclaimable 261120 [ 2487.444424][T26146] slab 1048744 [ 2487.444424][T26146] workingset_refault_anon 0 [ 2487.444424][T26146] workingset_refault_file 0 [ 2487.540698][T26146] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26146,uid=0 21:15:19 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)='\x00'/27, 0x1b, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2487.556902][T26146] Memory cgroup out of memory: Killed process 26146 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2487.635959][T26161] device bond152 entered promiscuous mode [ 2487.650997][T26161] device bond152 left promiscuous mode 21:15:20 executing program 5: r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_ifreq(r0, 0x89b1, &(0x7f0000000040)={'team_slave_1\x00', @ifru_mtu}) 21:15:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KDGKBMETA(r0, 0x540d, 0x0) 21:15:20 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', 0x0}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:20 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KDGKBMETA(r0, 0x5416, 0x0) 21:15:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r0, &(0x7f0000004d40)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="d4", 0x1}], 0x1, &(0x7f00000014c0)=[{0x110, 0x0, 0x0, "588f59a6b9ff1e46cf6b7453815a9450e3d5f1de014adb0cbf672069b70178029194571ee81ab7390c68d866b426d4d0385788a196800b7d21ed5d9470a425979aa72f197ab26b2f6d8efde0bfb73ad239002ef6d251508e3a7f927fd9c426c9c5d3c13864e6d5b678025b81d15e660fda85a55ebcdd05fff93ee94c2f5edb7ea021ff5a9f2f0582d0fcc9663795d2f6ae247f42109ebf227a95f67298de62cac8ff99ea1b6c7f51a5d4a4e65c0e015fc4b24e823c3014cd0b78766f2d9531a78d64c37805d4a97c7b213e960d143541b6e7b53221dec005a53a7f7fa1eb7477d6418c47fe05b309df29551500e235b21b8bcaeecc4f19366c"}, {0x1010, 0x0, 0x0, "6c41642ef7a06b51ecb6cf5bc957f89cb1cda8c0f241df677d98a78f62f7cc073afd4fb98e5d021d2e4cb6dbb951935cdbe118adc2724d70db45437fd7cacb07fc166e1ff4c0d8d6b45c8c8ec9df477588aab544038d8dccd9a87c817e66724044da6bc18a8e2f8587fb0db242fe51ebfbda86bff5a170295dbb1fda8e6af8c4c6c36dc2938f1a9c53c287619bc8e987a8d3580376e2d02854791aa1ec029e66bfbca24a5c6c176ae5641424085f5f8426a79fb04a7423b1d319a2a14c75742e2d9d987af6d7919f566dbe401cd5e05c6c38865fbe050179e84ea1e77519d9af3df8c58619a8b056ffcbb83e07a5cae8af63780833bab06446c4f59bdd370060657e887607e776d7a81da603f6978d4ae4711c9384132669f7bb01a6c32014bff05398a6f94e661336a397ce10b8f7bd0b81c4caf0fc9971326ee2dd38df75bde4168c2acf8fd33b0aae71558a5f3686d12d9bbf5c110e9e2b7fad85e75939ee2e87c9fb136f02e14e343dcc64545751428eb57780f2ae983d89731043d6556fd31591bfcb5d7ad7de8390ef13e6f3995b47cfebe381edaf0df8e81ffc43f702015a3e887004dfb1e70cb4eddbed319539110d3184dcff9744a98bddeadc2098e80d7d55294dcfa4833180b27bd21ad2eb0aa3977334c0ddceb4493de13dd53bfc9c3e092fbbcf68b07d20979699991bbfdbb7e800ae9f23eedd2d8206063fb5041be2c9ad075e97c054c6555f9085829c959355817f5ee6053e4e4e915b5a064fb91a980ea552bd760cf0425caad547e0cf139e4c34cee5b422170ea552443fbb1134cea91a51ae7214a494f8c4a9648a342fc297a962baf34453c47e997fa3c7355b925fc862fa54fada77dcdff5ebbbd747bc3df3d67f79f5c3a0c3315c924e924844d5830fdde4f4652d61d7323050ecc2543118cd551d210267b9deedefafca67c3acbb57a10c9986b1fe44b980adb79f4215fed1b959638e33534e2d756fa4d298bfb4628793515bcddb3cc81b726ecc72f79a772c60a20c0e1d7496e19559cc36268ed114a05615e505cbc57d0e55a0b4eb00e323e2cb1f0d9a350059d86126145518188487020236e2668a655ca3cc2d3dd0b931b063f512cad3beb31f350f892d131fb453c37f6a2372b8c73ed618d99e0f1f3b0b18f4655b365a133fa6552d46fd8acdb16d601eb46f3bf4a2331968885a7e987368af82ccf8240fe312aa36aa0d800bd89a484a5b0ce36414e4c8dfa686315ab655a09e97f19ee63e547e410ba3060d2210c4d458bbef6714135d39406ef5424bc6d19e0dd7951746dd1791e30553d8048e768dc7f064be1d4a89c3d5ba598220b91e6e0a3832e80777b3b3b117df1fee9630f288ab9f7004241b538a6d4d9f1107619fa331ab9b31042e97d0717255b0f0911ff5100df2296545b0b8143dde0d89751128fdcec7d84ddd11b9cbb1ca3096b8fbfacbca3a6ae593abf055af5d2e12e0ed1303ff7273daf8f57a0d753c63301671e5e5a5aabec3cc83bdeef1ee689c0161a8f9aeb4647ddf48946d78d0b92caf8afff55119eff68f56dbe52078abdff06725f3243f0f84fdc770e7f13fec39be0f12527ac1a476682cb608f3854a26e9daa6b612331d2f7dd685f943a867a698fd496d387fb552f2ca76d989bb2f3a1f69279dfbab7949e10653921d6857f05bc962b73b1f4b759fae3b46c0471d5753f52647932cf378dde88b38b5ae7dfb30fb4e0023edbf4f33f0a688965915b136f424e43dee034c68f0d79a4b31937634c377d662fc87f35860af9ec78f77b2584bfee200bdbc9029f16b0fb54977943a7355e17d7b7e778ff30f8a850a2ebeca0c4928413ade3d7e525f52dc43af89e0bc29db1f71e13f4def90f13ad5de703f33e67cc63b038bfaf3118e0391447e81062c6d76bc0a0431cb4877915a9bd93949c0004e297b150ae56ef36aa87bad15d2ceaf5981e2dcb13b982918a1a2e24b88e2d1069af6b4ff963fd6bc4649c9910c4d5e7e510935081be6a4344fc05b0cf433a38077250b7f39c700a73b289059d4d962919dde92b16a60d22a90d1067228c287c61f31f6ac49bbbb5198e266a2af020aaba810bb58836ebd936b031e99c8ecede662423e913e94ac95b96ada868fb0144c51016085a95fccdc97f86514419b0ceda8d99f853c660376cb1eee3f1f3b62a01d084554feabc592d503960245ac88c985f3312a400aeeaa73a15fb152b7e898455ffa9008c0acf1ed4a112983edd57750750fd71d610247eac6708f3444f36eefa0483bb2074e6d101ab990aa03fa344e0ae715ea96f942c2f154d433148b3ab80f0ec0fb3a1e5198bb5b9a29d5cd22cc5cdad12c480d657bd2b854316d887bc45dc337bd8430c425e34a2b3906fb13e2cee97e9c885e75ed7b6fe60ce985bd6f6eb4615a1fe879521a18f77fc7fea1a122dc592151521117c98f16847a3d496b959a236352ae419bbfcb404865143ec9d88d91dd7cb265fa129c1ce235246c9cb5350807181e67c5f48944ad2dabbfc59ae366d93b7c353387542e77f9d72b391e794dc082264a932371e36666cf8e9395e52ee036607310d034915146d07589d42622d0c8a148bf25d854d637f4d69b91c8eb68a20bde85647ed4a0594fd1ff44ce7087bb2992be9d1ebb8d1644b02a80c939a7c2bc97e5a4552de68c8176b3c599da24751b047081bb601d5b55c519f58e611f4d176100229b17c404f43e040ba9ca621d83e344ec11ec3aad34c37e5058b6484c88c209a3655157a77cb81de6ffb4c6141ab810c6b5b9a60c37af3885799ad04e8991f40030ebc62f2180837dd417f14a6af3b4f91518f85580d83f1f953062390ef58a6550d88da7e46548ffe1a87882b10126561e904f85b69c92a7346ed007bf5990554e5d1d10bf499d574b4dc7ac660c063af97df1febff65d30cbc3087cd4bf2cf9c621e67112789f4eee699d9dc9cb772e6afc7e3e2c32b8c76665b77d5e5bb29aab6804ea8345d8fc17714a357fa2d7ea79c06fad47f8ab9ec90ad68a32f4b0acdd3df7f0b661b970d4c8e46c55929a7ba79bda6e560669e5f0dae5131f8fa5d0320e1706f49b2413869621cc3f04ac114c1f05997b44b413e3c72b64646ea9b47b45302e1b2464c68c0abe97b998ddc3330f5552dccbc205fcea4bc056dca9659be9ce3147efbe474574d4ee9f224c509b59c19352eddc5e4f0060ffb0e6c56d4e468681d04535025752b593fe34d8d59089de89bbc634317d7e31d6f89f7d953d2b79d542250b47088f8db9801174a94dcd251cb1606b7ab16d9f19be7dd695507ef72e472a8bf7532e15b7bd6f7ef73a0e87faafdb502ce0cce64f02c4de134b4c32a3abc8e8edd06d7dd5e5234f3cde5996b0a948e0bc63f1adc76ab2292c19f1b947d8801624eb8a8dfdd4c518229044a4c77f4af79f9eb4ff45df6563cf0df8e1aae4e0db9008c0a3865cdfb47e2409450cdd902dedffee392dabc4692be6ed78546a7a8883836a8254f7230bc770095c75df46a42e0033cd7a2e9e3d33f11a9cd6c88f915ce0206066c4c75d65c6b84423f760e54ca965c1eb50a044e8675f5db5d256f98528b11ee3e2f4d2d75988f4ba444f968eb9a09f3d5508d73e26e7315b41d9ac33e643924c8f0866334fe337b0847bab84e1d8de174a7512a49413fc469c35de3f91a3b8090d7277ecae49d47806874a2128b66824ac48d5cfd0c8b66b60f7db31d5594e9851281bfca49bd1e83f3d6f1c5ba1753d2f75799d9afc6955f947a02c092b9d14d471ec23a90aef793d36b0e2e7f30761bc01bfde4376b5b73f1e99e6083b52c9115694cdcb8b370edd9ca841f6bf3e01e10e7a60e629f3c852b58c445e4923b8d083afe3eb569ac04c1618528d5af4b449a8cfe80567fa13d798b778f7e59f220dc91ae4cecb88f2dd32758136c5347ff56a979074ddbe39bf1c746be3ca3201f0fcb190076df8d9fa876adc4c541683528ca84d1c8ab60fdea9162298773758d633cb0b4e7b3a0d2703dea91e3104e828396e011c1d157fa043c3f0f9b5c77d3997c5adfd55a74e3479932d3ff2a368efd3e0c53334caa5be3c8aa173de496658851d6559ae517131942958af07304737cfbe58271d70140e4b8578ace95af64ea31ec66abf181bb665c15299a8455b91ab073da1a13937a3c92e0410fdabc4d03bf9f9edcb716593904b7ab2ef8b558def6adf1afd2ee2d7c58a78af73952325314a58b97cd99d113272f0350c118e6bfaafc8d4a59d7340633a03dd1b57c97a62cb5f2caa2f795dcf37562df62a7f87719827ddaf756cd3b8c37d42d94c905faae8bc99b9ea9cc9ec09735a1df8ddc55927987d80c16353830aee46cfa90da65d5319577900955683d8165665f265f71366bc25ea51029cb85fbfc97e98c8af869f34ba61410cdf868f6c56bba0171e7e802d0c5b0b79a42effbcdf5dd6865cc1aa394e27ee0ff455ca4441131b9f6f30c3434d8a09924bdec80f9c4253bf509d020e3b5fcef48fb9cf66508a01a46c6148b3da6706b55094a453f651b252cd0997b586761940bfedea56ba7921570da60ac9c1a336d15d6ec221d30187dd7ea9ec0e7aece66e2047e2e51924b0c4999ecee55423d2d3e4b15f7b1bd320e5ff581d59d3c41edaa9f14522f7e47c14ca39400fd6e2616e98f7b53f917fbf3cd61c3e64b314be53097bf9b93c81da2e9fd90acfe58d823c52563168bd7ed6c860753d13ef18400e796cd698483b84f2b575465981528cd72e0efccffcf688002f11f83487aedd2f35113a9684fefe8e3247171312799a002954f2733688bc9114d00e879a043506000e0b4c10f6e02812050fc7c40537cdb80b7863bb786cf2d23a3b11bf879730962a87e741a02a7cf9be9f1f2b51df6f3752aac81c18083b3c310e460881b53b2ee4c2e44699baa126adcfcbe9511bd87d498f5e3403e07add2a0b63771215686686c672280348beac3c01142cea00f4b9a5bf8ecf741bff68b86539a56d3e8839a604f824602eb2900695bffa0dfcc2a3d7f55620a2a94d50c3322eda4748f4ffe471672f1dd44d2b41fb5962e2f6951893f3a92cd1a4005fea32c44bbf2a936fc4466774ce0c41c2103d11b98c8b8172b370b4b3a004ff5580d57303b0cceaa6656429c526750f71c839d5e4fd1bb0e7f88f7d70d08f5e381b03b1cdfc1563ec32c74c902f6682eb3c688c085c67888a0bfc521bba038786661e6641c49b8e519121cec9aede630539f761fc118a34e9f6e95165d968da0399f259806c5ebff5c7be0083bd3026b9bc5f1aa114fb5a692da0a2421c201762d0e71ef2d860102d488ed07150a34faaa06e58ee81a561462e9663b47bc3985caf4a3d73fbdf90ad890b1018d0198760b06b40a0ab228f1ddef9fa4ad6b3fcbb27bb1c35144dbbb08e2dafcf41fab7f35a8df4d21018a562c1054469b6fa52f6174f7645485116dcfb790dcedd963d9e2ecf86e71e930e45ce3f613a94b30b9ae06911d6d8673472b8d668992fb4cf38958fab55641f64e15ca5f5a985624c2cb02dede9a351242ce1b1cbfe4aff2e3742eae93e503967ba1d9a84ca67f7c7f7285057a5486be1f560a4458da0acb9fcccc0a0b8cd9cc99c4d601dc451ae0d75fe6e7f10da40bf46248c6e4f64679b221aad05d21a6c8713e73bf5893f4e44f6c844fa1fd61afc68747ab1982345321c7198ac232aa6191ba5ab4949dd427589e6b22ddf85b23b8bce15d703def8bc56fbce768e526a16e357522728210b55b96ff774"}, {0xee8, 0x0, 0x0, "51eccb053fec62b2afbcd7e1febe0507e8787f2b29332e47b174a68ff72b7c61453c0abc9c894881e9ddfff5046774f426a6ccb449c764c168474411309f631ed29b0b0b670ff60b437d04936bc46af29d591e4952c3d4137dd28e8d28098fcfe0386ab81f8ade9da34b5e186a0636a869e3a92b00850e52d6a9bad7343a0ae430cade94661557e592a0013ad13fc35085b8422f007625443a611fd6afd4537d2b8a27b8d5a1fc3fdfc29fb625cc7a01e77e59b9da34cc24f0c239815e544c57875fa40765c6956b9caacb993bd8d971bfb8f7aa3c7475f8274048af8148ae3e6aba9c32751f7bb06cb9fb5649544ee2ed1260dea158d6e45847c512198a9888bdb0507f1482055cb31cdaaa91a9e57dce611a1393105db355fe66785057ac86ac49bfadc28ce7aa0a49d155da349f7740d6e994c7aca2199b713db06144082016b6c3aaae43123b7464026bcc4dd5776c8d4b993917de3806fa705f2060967a0b43bce04e962d8a0dd0c8a6dc9e4ed820f71565312d58bb34e1e98ce8f1ee543c7829776b62bfa306e1439a414610e24c643c966bceae879a61d897ca7c95286fe9999ed4f61faba7868dcf039cbef6ce4fb60869a0a0473e0dfae1a10f0bca3b4e3877535fff331cb8b962d2b6f995c2685505abaa54361856a79759db91a70d8855440a5a38c7a635b6471d0058887e2a00c0bfe36fdf1807db16034e27684f7425481997e116339d3d8d5614a96fa3b919c5f9c51b29a1e6394c433ecc1023e77cbfbfdd593af5cb884d2a7d373239e8d58dc3998fc6a2c7a0cc2450c3f2e257b941e6efd5c325f02baca7d6065f076829a46deed718b34e0e8e5f71bb266438928b859cca8ef4dddb6f1e25677ef38a6fe5137ddedeffb45fc0d259ff94142bb3b1ef7aaf429833d6eef45ce515fb082d733fd02327ea4af37439a564e27e5770a4a562daf1049ef4445c346f33818e33eb62a9099d7d3614b6d8926c9e2e3808d693483e43939c2664e8d8b874aee47a39fc62b2d5dcd690ed9cdc9b2a5fa0fdbb1a0390e6d61a9179d71d2c165f4fb755ba309f7328c50b651b717d8313a6e2d562bc224ea2b7be01e27d500ee7a92e007de5bcd2d86c1f9be2a36b31cf48c17f8c8f31b7d36d8074251caf8bc81a91b93334d5807b3e7b0995d9bca1ecd51a4aad3f4afc7f9e1dea217233b00443355b99bcd42e0aeb034436405fc41058e73e27724b8b348ef8a03744ee89877e4b259be34f208d5b562bc6cbac13c7b2383172fb27e928d00a39f572d0406afec07b5e92944ab4d6e43832fd7dfccbbfb3dbb7520b988cedb6c0c10e1dd170c9f1aabb849be0eb75fe15a4f2af7a763d6e82828f33176d46dcf154276a8c96439d3904ec0472247c290e55d62cf4ecd85ce59bbb06b9b72070d134adbfe78f9c37698ac98b2a48afb25bf56c459b00f8ee8c4bdadb46fab6950e01d9674bd3caaf4c760203605c9c996010ed488c5d1f20825f7c18d98a91cef152dc392e99254e6d2ae0c6490e7a04da50b7c4bc141d5f9b136cfc7bb531859909ed623acbed95d92d1d1f62035bb4203848db82252a8b4ff37bd207cc48785959e0b0027e2a1ee103429bed726ddb3bde04551270033e0b02f41d44ec16a880a9fdfee5fc9c40fccb02c1c9b1c89d2e8ab964b397243fa66b3356ba3bdf838b0e395c8564f56320ca8e6abfe79b7b15317c3481090254774685138fbec7e41d3b0b70a304e52382ff616e33cbcc06ae4a54bb7fb84af58cb4b42e9ca6fb6b1e6b3aeb28fd194b9cb6bfe3f003ab94aa76998f3d3eff40dccb64bb8fc93cf40e90659fc72a34e451355577597c0e6c6ea16d789683dba14295b44696fd83018238c862f770d8581de41252f5af1a7f6bceed0698cf97e06970bac79c649ff3dbf77cce230ccc731accb3e02441c196a00a877175e1aec2f7954f6cc11ac25c979e8957c22c532a0834af4daa74ebe35afdc4117f4b3fa9aa7035fa6f5af2e201588e901e2d02bc7140d874998367203d59659eebba16e7ee3b15fe4167cfb2bea1bd6969f6cd7fd9633f6261a53e24bacb6dfe6ddd4c338a93151a9e4ee03cb35a2005bbff5528ef5a95a5a1eb14f3aae8e71f38563c17957d264b9603d506fc201b94267d79c6531e49fee3738a349e1be837b7e7b0f502eec25870deba6b55b9936aff0730a9fc616645a705c752990040df160598b667e1696ce49f59ffc1950bfa0eda2015a52f99276b132691565965bc4fcfcdbef4d9eacb091520ebb3188dd4953406006b32fbe40f4c16fae9483d18ce1cfb58bff4a7f9dadbd7cf987971d2444090fb39fa99b0c85eb4226c85e715b5e24cd589844d88d83c43dd363736f2aba499add48b367f08ea5fcc32b81c4aa43b8c9ed0de3c542aca08002a2bbca06ad850f0140b5b78029d1cf0eb077c408f93811c725536472ea91d987d9b7c707c97fc2d37cc2f028c0c2a1b1ab7af3276bf3e602be477da92b793949da8e6cc1bd59638e2983ff0fc5fa10491b585ce2b4bbd1f318775033ac2f71542d7786d9bac4bd1bf9159813f0c5acf9cd2ee1574025ba7ef8175f6036ee9e48da471e3e4fb281ab5c9509c38b1a6074a15518bb358cfadca5a5e36cd667e44fd91448dba681b6974b3bcdbceb5aacb624ca8cb139575e3cbd0ed8bad4c40248b4fe8044202014c8e146c0176e948457105f1075620e1d390ed4130ad4b5f365a35e7de868d3b6aba9bd64238f2bbaeab233dcfc14285021e8e52d3e3a7de3bc4af86405671afa66a83be6195eb61a90ab19c3181199a488664771c93c4f9b38e745f3f6ce2bd8a5022a2e1bb1a8d789542adfbbbbc40a79e6cc79e5c7eef2b74a848cd60787cafa00358115df9d7d1ee0247d18732bc8574f7968158cb115fa54f1feec4f8ca978371e9d6a978e7b1e1b0d5e54be8dfd564d4abf8d01f480d2abdd7aa15c92a4b01852716e1176294cd74c4aa392012be98dc14e6a00db8a22865a978092c1f23cc135941a9579a1d60e5c8fb756a5e1d58360b2dba89200084f5b7a8d2433e714432159491759ed925cc2efe0adbb9692ef88151a0cfe909db7dff00e1773587022914ac44d4ddb58fc0f236ae544b2f43a466e05859de6ec739f7d304c743f1351a726120faa2c88301c7555c52c96e9b127d993c6dbbf9237c83e1711114d3432014407a47e66638768a1422b9b8470f9dab7a1dfef7c3afcc3458a054691532d5ebcf88bb4b22e390f3ec09ec164c8edc5783db66fa01fcaaa2b1a9d722d190cf70981e74bbfd67228fae8246153decbab8187fc611654c5d20527c471616a293d73704fa3b63c5daf04d69532a562f795fbacd74acff3cb441e080d059f557d7cc104541124958ae33d5c3c74c50aa41179304a06cddf4d85364a8c03b1dafb1b84a391459bdd2720b2cab2eeb2ef3b92818037b592b7e97b012fa32f66e327e95b90347d7341f2c08b259b12400e1605fe212c318da47d44dac9fc9bebfe300803595022540bb70040b6879ab0fc122a620ae601e2e176b060a585d9e58830813f38385b22cff1584d90153e4a4c18451c18cd97d419c205411a15e2372e2e6e0e36dd8ada3e6ed9bf69b265788a385a9cf7667f60fd16ad14a5eb99380d04c3ded6f3d0f05b298dc24cb4420a93508ec035d18284a72c661fc9140d165608f9b74330c3fa7a7f959dc0ebdeeb483693134b6f425af0b0da750c5e502ca5a888abcb3a5459b028385c8123d55cdeced5824dc57a1b798779cf8ce8e5ecfc29418c00ceb524e8ecabd9f4d8795a0f25aa9886a8122837aa91d20f6d679ecb31bcf0930660f27a04342ea330cf18e4b466536c7bbeaff99c8a411df78d4f1133aa10939ade078c010d0c317fde616f5ee2d3abeb602a9367218d64fa7ebef41d6b737954c3a44fa466910e511c6cd500559b4c36d8e8da9fe15665137dae6ced6309695698f0d028e560265ec8e661749c7393d4b4775dcdec09fbede178ca216e7c9c9192f7a1199bf2d9c28272f934de67a5a2b363281367a4e35e01863ca4948664a447e61c0fcda84b64987e0030b0ab8732acfef73dc52fa3078d2218a6f39baef01160940fffab13ddc3291a7b10c6623ada64246a5352fa0350ee69d5d867699975409d928261f3ee3cb4b897bad97871d509fabae1c3ae7639e3833c992ae83a5e4e75d6bf78673202ca96613d59d7edd664cdbe123c2ba8d0148661757aa77d90542adcd9e68d82bc97f332acea5aaa68bd55114747883531b95c8ae39674e1773d41c419ec3043ad6dea96aefbbb2ef78b9dcaa596343dc80f94ce5be5dfb9aa1adbab2b16f177537bc462eb84259ae44d7e2503bf6cc23ab7166977f5d3b628c02e5e0ea291969eed9ae4836952ae84746e518a3178b3b80ab37a6416aff0d57354705107ba21a85dae71b0bd440c8861b81150e7be2d9bc6ac7e4ef779120ceb6dd0fd2ee20880075a7333eb021e611e8731149586ad15c02dee49f7ba332b359db22c90174c1df44ee8960e48ec1e1c7cf3b25b75f10492bda25f0e0a4c6c5f899058a2af7d61821a165fe48a3a955f0f505bbbd6c76eb8632f0cf8942c47869d060aa3500105bee36be3c330219919eba4ac56cf637fa8c134beada91fcf4199f0fb3c20019f30df07237a4e8719bee7e396195997e2789fa79742021c21619fc1e948c70356bcb40b11b8618e69a3a765fc390e7ec674af7e837f2f03a2705e7b21352f3b33aa16094d23d133e0cc275feb739d104592faf6680cce2652c428d4f2989295208d1b0915a05d78d9a01345d6b61b27d0153b017b2a13ed0d688a9d81873687040d3b38e1d2cc3d995aa949eaf90cd3814a28c8efc07c950612281333fe5809201ef50c45ff9a7da6534905571ffe18d24a98d37f0ab280d22a1c3aac0db01e6f04d37e4de630b73b638d4ebffbba3c9f7a291db20ed4abab395efefb6f9999e0792383e57f237e906be0e06904b6a0ef7f84cbc35d5ca57226ac7e06a0450c1828407c1e371f8e29ca0c8bc499a259e5126d78221ba49cd58f85975c0d4b5c6288d9dcf17f2fd880ef1fb20e14f1a727dd1e3975c935f1e28480715c79cbcb16b9a75c58ee1987b1078195c2b96a50e49034f99fb20558713290314c2bc74a7e303999f2132bc5a1e09ece6b36c65a94b54b76fee56a0783b55b3e6cc83d7e9394781695a0b4f83a8b8d8e4cee49713e2a76b33eb598f4fdb7b8b7fc7c8fabb11c3ebc32427ef1197463a254bca20013d3996922e5e07ff10ac3aa1d0131a66670cc5990c3074ae29a4b7d125a3b5be50b832265c7083d92a9348a6d92043a33f9fd6cf8b41d45ba227a7394821cbf6"}], 0x2008}}], 0x1, 0x0) 21:15:20 executing program 5: r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_ifreq(r0, 0x80108907, 0x0) [ 2488.581604][T26171] loop4: detected capacity change from 0 to 253983 [ 2488.643718][T26172] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2488.651499][T26171] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2488.661176][T26171] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2488.692858][T26171] F2FS-fs (loop4): invalid crc_offset: 0 [ 2488.797051][T26171] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2488.803739][T26171] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:21 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2488.843832][T26172] device bond153 entered promiscuous mode [ 2488.867612][T26172] device bond153 left promiscuous mode 21:15:21 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', 0x0}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:21 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01070000000000000000020000000c000180080001001aca"], 0x20}}, 0x0) [ 2489.401092][T26173] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2489.411859][T26173] CPU: 0 PID: 26173 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2489.423607][T26173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2489.433778][T26173] Call Trace: [ 2489.437165][T26173] [ 2489.440200][T26173] dump_stack_lvl+0x200/0x28c [ 2489.445077][T26173] dump_stack+0x29/0x2c [ 2489.449426][T26173] dump_header+0x1e5/0xae0 [ 2489.454082][T26173] oom_kill_process+0x3a7/0xba0 [ 2489.459176][T26173] out_of_memory+0x111c/0x1570 [ 2489.464136][T26173] ? slab_debugfs_show+0xa40/0xaa0 [ 2489.469486][T26173] mem_cgroup_out_of_memory+0x46b/0x590 [ 2489.475306][T26173] mem_cgroup_oom+0xa3d/0xd30 [ 2489.480304][T26173] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2489.485547][T26173] try_charge_memcg+0x18b0/0x2110 [ 2489.490803][T26173] ? kmsan_get_metadata+0x33/0x220 [ 2489.496182][T26173] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2489.502216][T26173] charge_memcg+0x1a9/0x6b0 [ 2489.506920][T26173] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2489.512671][T26173] __mem_cgroup_charge+0xb9/0x2e0 [ 2489.517900][T26173] wp_page_copy+0x719/0x4310 [ 2489.522676][T26173] ? kmsan_get_metadata+0x33/0x220 [ 2489.528014][T26173] ? kmsan_get_metadata+0x33/0x220 [ 2489.533329][T26173] ? preempt_count_sub+0xfc/0x340 [ 2489.538539][T26173] do_wp_page+0xc81/0x29c0 [ 2489.543239][T26173] handle_mm_fault+0x43e1/0x47a0 [ 2489.548341][T26173] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2489.554497][T26173] do_user_addr_fault+0x11f5/0x1e50 [ 2489.559911][T26173] exc_page_fault+0x60/0x140 [ 2489.564680][T26173] ? asm_exc_page_fault+0x8/0x30 [ 2489.569780][T26173] asm_exc_page_fault+0x1e/0x30 [ 2489.574783][T26173] RIP: 0023:0xf6e1f418 [ 2489.579052][T26173] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2489.598826][T26173] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2489.605036][T26173] RAX: 00000000f6f50000 RBX: 000000009a28aa56 RCX: 0000000000000a56 [ 2489.613140][T26173] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826d0d29 [ 2489.621239][T26173] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2489.629327][T26173] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2489.637412][T26173] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2489.645537][T26173] [ 2489.652348][T26173] memory: usage 307200kB, limit 307200kB, failcnt 12786 [ 2489.659417][T26173] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2489.667207][T26173] Memory cgroup stats for /syz1: [ 2489.668782][T26173] anon 126976 [ 2489.668782][T26173] file 313262080 [ 2489.668782][T26173] kernel 1171456 [ 2489.668782][T26173] kernel_stack 32768 [ 2489.668782][T26173] pagetables 69632 [ 2489.668782][T26173] percpu 0 [ 2489.668782][T26173] sock 0 [ 2489.668782][T26173] vmalloc 0 [ 2489.668782][T26173] shmem 313262080 [ 2489.668782][T26173] file_mapped 40960 [ 2489.668782][T26173] file_dirty 0 [ 2489.668782][T26173] file_writeback 0 [ 2489.668782][T26173] swapcached 0 [ 2489.668782][T26173] anon_thp 0 [ 2489.668782][T26173] file_thp 0 [ 2489.668782][T26173] shmem_thp 0 [ 2489.668782][T26173] inactive_anon 311902208 [ 2489.668782][T26173] active_anon 1486848 [ 2489.668782][T26173] inactive_file 0 [ 2489.668782][T26173] active_file 0 [ 2489.668782][T26173] unevictable 0 [ 2489.668782][T26173] slab_reclaimable 787440 [ 2489.668782][T26173] slab_unreclaimable 264672 21:15:22 executing program 5: unshare(0x6c060000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000100), 0x8) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040), 0x4) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "8bf85d2edd34bb4328cd11644b"}]}]}, 0x50}}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x48, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "8bf85d2edd34bb4328cd11644b"}]}]}, 0x48}}, 0x0) splice(r2, &(0x7f00000001c0)=0x6, r6, &(0x7f0000000200)=0x7fffffff, 0xb8, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000080)=0xabe8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x24000004, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000140)="1004551d49f4f9fe41256e5ec688857bd3c8df6fe4d3c679299dd1701ef33a019b6d8590da6a9032d9047624fe563592843481a9c998b010416060ab0040f192c4b31c06bb", 0x45, 0x20000000, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @loopback, 0x7f}, 0x1c) [ 2489.668782][T26173] slab 1052112 [ 2489.668782][T26173] workingset_refault_anon 0 [ 2489.668782][T26173] workingset_refault_file 0 [ 2489.765002][T26173] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26173,uid=0 [ 2489.781068][T26173] Memory cgroup out of memory: Killed process 26173 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:22 executing program 3: r0 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) 21:15:22 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@typedef]}, {0x0, [0x0, 0x0, 0x0, 0x0]}}, &(0x7f0000000500)=""/4096, 0x1000000, 0x1000, 0x1}, 0x20) [ 2490.114335][T26190] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2490.120027][T26191] loop4: detected capacity change from 0 to 253983 [ 2490.187467][T26191] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2490.195737][T26191] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:15:22 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8980, 0x0) [ 2490.235775][T26194] device bond154 entered promiscuous mode [ 2490.291366][T26191] F2FS-fs (loop4): invalid crc_offset: 0 [ 2490.298857][T26194] device bond154 left promiscuous mode [ 2490.344962][T26191] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2490.353070][T26191] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:22 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', 0x0}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:22 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:23 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x0, [{0x3}]}]}}, &(0x7f00000002c0)=""/225, 0x32, 0xe1, 0x1}, 0x20) 21:15:23 executing program 3: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x81}}, {[{}]}}}]}}]}}, 0x0) 21:15:23 executing program 2: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{}], {{0x9, 0x5, 0x82, 0x2, 0x0, 0x0, 0x0, 0x1}}}}}]}}]}}, 0x0) [ 2491.216119][T26206] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2491.228773][T26206] CPU: 1 PID: 26206 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2491.240537][T26206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2491.250744][T26206] Call Trace: [ 2491.254117][T26206] [ 2491.257110][T26206] dump_stack_lvl+0x200/0x28c [ 2491.261991][T26206] dump_stack+0x29/0x2c [ 2491.266292][T26206] dump_header+0x1e5/0xae0 [ 2491.270898][T26206] oom_kill_process+0x3a7/0xba0 [ 2491.275941][T26206] out_of_memory+0x111c/0x1570 [ 2491.280902][T26206] ? slab_debugfs_show+0xa40/0xaa0 [ 2491.286173][T26206] mem_cgroup_out_of_memory+0x46b/0x590 [ 2491.291979][T26206] mem_cgroup_oom+0xa3d/0xd30 [ 2491.296861][T26206] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2491.302079][T26206] try_charge_memcg+0x18b0/0x2110 [ 2491.307396][T26206] ? __rcu_read_unlock+0x85/0xf0 [ 2491.312515][T26206] obj_cgroup_charge_pages+0x352/0x760 [ 2491.318224][T26206] __memcg_kmem_charge_page+0x5b2/0x910 [ 2491.324023][T26206] __alloc_pages+0x82e/0x1040 [ 2491.328964][T26206] alloc_pages+0x98c/0xca0 [ 2491.333569][T26206] ? do_anonymous_page+0xfbf/0x28e0 [ 2491.338997][T26206] pte_alloc_one+0x6b/0x280 [ 2491.343684][T26206] ? kmsan_get_metadata+0x33/0x220 [ 2491.349017][T26206] __pte_alloc+0x81/0x5b0 [ 2491.353514][T26206] ? handle_mm_fault+0x1782/0x47a0 [ 2491.358831][T26206] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2491.364864][T26206] do_anonymous_page+0x9d9/0x28e0 [ 2491.370091][T26206] ? __stack_depot_save+0x21/0x4b0 [ 2491.375452][T26206] handle_mm_fault+0x37b6/0x47a0 [ 2491.380668][T26206] do_user_addr_fault+0x11f5/0x1e50 [ 2491.386114][T26206] exc_page_fault+0x60/0x140 [ 2491.390911][T26206] asm_exc_page_fault+0x1e/0x30 [ 2491.395938][T26206] RIP: 0010:copy_user_enhanced_fast_string+0xa/0x40 [ 2491.402775][T26206] Code: ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 8d 0c ca 89 ca eb 20 0f 01 cb 83 fa 40 72 38 89 d1 a4 31 c0 0f 01 ca c3 89 ca eb 0a 66 2e 0f 1f 84 00 00 00 00 00 [ 2491.422569][T26206] RSP: 0018:ffff88815b557ba0 EFLAGS: 00050206 [ 2491.428805][T26206] RAX: ffffffff863c4b4a RBX: ffff88815a9d4cc0 RCX: 0000000000600040 [ 2491.436926][T26206] RDX: 0000000001000000 RSI: 0000000020a00000 RDI: ffffc900147fffc0 [ 2491.445042][T26206] RBP: ffff88815b557c10 R08: ffffffff863c4aef R09: ffff88815ad57540 [ 2491.453157][T26206] R10: ffff88815b5574a8 R11: 0000000000000000 R12: 0000000001000000 [ 2491.461271][T26206] R13: 0000000000000000 R14: ffff88815b557ba8 R15: ffffc90013e00000 [ 2491.469400][T26206] ? _copy_from_user+0x11f/0x310 [ 2491.474572][T26206] ? _copy_from_user+0x17a/0x310 [ 2491.479748][T26206] ? _copy_from_user+0x1b4/0x310 [ 2491.484911][T26206] btf_new_fd+0x7e2/0x1b10 [ 2491.489547][T26206] bpf_btf_load+0x17e/0x1d0 [ 2491.494292][T26206] __sys_bpf+0xbff/0x10b0 [ 2491.498896][T26206] __ia32_sys_bpf+0xe5/0x130 [ 2491.503720][T26206] __do_fast_syscall_32+0x95/0xf0 [ 2491.508955][T26206] do_fast_syscall_32+0x33/0x70 [ 2491.514002][T26206] do_SYSENTER_32+0x1b/0x20 [ 2491.518687][T26206] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 2491.525222][T26206] RIP: 0023:0xf7fb7549 [ 2491.529420][T26206] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 [ 2491.549204][T26206] RSP: 002b:00000000f7fb25cc EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 2491.557814][T26206] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 00000000200000c0 [ 2491.565945][T26206] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000 [ 2491.574278][T26206] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2491.582400][T26206] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2491.590512][T26206] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2491.598650][T26206] [ 2491.604758][T26206] memory: usage 307200kB, limit 307200kB, failcnt 12823 [ 2491.613347][T26206] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2491.620449][T26206] Memory cgroup stats for /syz1: [ 2491.621984][T26206] anon 114688 [ 2491.621984][T26206] file 313262080 [ 2491.621984][T26206] kernel 1196032 [ 2491.621984][T26206] kernel_stack 32768 [ 2491.621984][T26206] pagetables 86016 [ 2491.621984][T26206] percpu 0 [ 2491.621984][T26206] sock 0 [ 2491.621984][T26206] vmalloc 0 [ 2491.621984][T26206] shmem 313262080 [ 2491.621984][T26206] file_mapped 40960 [ 2491.621984][T26206] file_dirty 0 [ 2491.621984][T26206] file_writeback 0 [ 2491.621984][T26206] swapcached 0 [ 2491.621984][T26206] anon_thp 0 [ 2491.621984][T26206] file_thp 0 [ 2491.621984][T26206] shmem_thp 0 [ 2491.621984][T26206] inactive_anon 311873536 [ 2491.621984][T26206] active_anon 1486848 [ 2491.621984][T26206] inactive_file 0 [ 2491.621984][T26206] active_file 0 [ 2491.621984][T26206] unevictable 0 [ 2491.621984][T26206] slab_reclaimable 786584 [ 2491.621984][T26206] slab_unreclaimable 271896 [ 2491.621984][T26206] slab 1058480 [ 2491.621984][T26206] workingset_refault_anon 0 [ 2491.621984][T26206] workingset_refault_file 0 [ 2491.718405][T26206] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26203,uid=0 [ 2491.734574][T26206] Memory cgroup out of memory: Killed process 26203 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2492.184093][T26210] loop4: detected capacity change from 0 to 253983 [ 2492.233381][T26209] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2492.305887][T26210] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2492.315112][T26210] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2492.369642][T26210] F2FS-fs (loop4): invalid crc_offset: 0 [ 2492.459555][T26214] device bond155 entered promiscuous mode [ 2492.528530][T26210] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2492.535711][T26210] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 2492.567406][T26214] device bond155 left promiscuous mode 21:15:24 executing program 1: syz_open_dev$vcsn(0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0xb05, 0x19b6, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x1, 0x0, 0x0, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x0, 0x3}}]}}}]}}]}}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) 21:15:24 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={0x0, 0x37fe0}}, 0x0) 21:15:24 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x0, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:25 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2492.782132][T25740] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 2492.903141][T15623] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 2493.052860][T25740] usb 4-1: Using ep0 maxpacket: 8 [ 2493.163532][T15623] usb 3-1: Using ep0 maxpacket: 8 [ 2493.182983][T25740] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2493.194272][T25740] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2493.204367][T25740] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2493.214343][T25740] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 2493.227157][T25740] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 2493.363779][T15623] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2493.375301][T15623] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2493.385420][T15623] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2493.395452][T15623] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 2493.405523][T15623] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 21:15:25 executing program 5: ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000000)={0x9, 0x0, 0x0, 0x5, 0x0, "7541236aab30885460528a798287866883d36c"}) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0xb05, 0x19b6, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x9, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x12}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x1, 0x0, 0x1f}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) [ 2493.582872][T25740] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2493.592428][T25740] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2493.600617][T25740] usb 4-1: Product: syz [ 2493.605321][T25740] usb 4-1: Manufacturer: syz [ 2493.610074][T25740] usb 4-1: SerialNumber: syz [ 2493.726340][T26227] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2493.855346][T15623] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2493.864696][T15623] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2493.873105][T15623] usb 3-1: Product: syz [ 2493.877424][T15623] usb 3-1: Manufacturer: syz [ 2493.882276][T26232] loop4: detected capacity change from 0 to 253983 [ 2493.882296][T15623] usb 3-1: SerialNumber: syz [ 2493.895556][T25740] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 2493.974637][T15623] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 2493.982511][T26227] device bond156 entered promiscuous mode [ 2494.029189][T26232] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2494.040263][T26232] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2494.069590][T26227] device bond156 left promiscuous mode [ 2494.098103][T25740] usb 4-1: USB disconnect, device number 109 [ 2494.150266][T26232] F2FS-fs (loop4): invalid crc_offset: 0 [ 2494.200994][T15156] usb 3-1: USB disconnect, device number 73 [ 2494.287354][T26232] F2FS-fs (loop4): SIT is corrupted node# 0 vs 7 [ 2494.294344][T26232] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) 21:15:26 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x0, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:26 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:26 executing program 3: syz_usb_connect$hid(0x0, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0xb05, 0x19b6, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}, {{}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff}}]}}}]}}]}}, 0x0) 21:15:27 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2494.778155][T26224] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2494.790707][T26224] CPU: 0 PID: 26224 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2494.802440][T26224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2494.812806][T26224] Call Trace: [ 2494.816186][T26224] [ 2494.819219][T26224] dump_stack_lvl+0x200/0x28c [ 2494.824122][T26224] dump_stack+0x29/0x2c [ 2494.828487][T26224] dump_header+0x1e5/0xae0 [ 2494.832360][T15156] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 2494.833139][T26224] oom_kill_process+0x3a7/0xba0 [ 2494.845626][T26224] out_of_memory+0x111c/0x1570 [ 2494.850605][T26224] ? slab_debugfs_show+0xa40/0xaa0 [ 2494.856048][T26224] mem_cgroup_out_of_memory+0x46b/0x590 [ 2494.861858][T26224] mem_cgroup_oom+0xa3d/0xd30 [ 2494.866787][T26224] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2494.872066][T26224] try_charge_memcg+0x18b0/0x2110 [ 2494.877486][T26224] ? __rcu_read_unlock+0x85/0xf0 [ 2494.882625][T26224] obj_cgroup_charge_pages+0x352/0x760 [ 2494.888338][T26224] __memcg_kmem_charge_page+0x5b2/0x910 [ 2494.894134][T26224] __alloc_pages+0x82e/0x1040 [ 2494.899078][T26224] alloc_pages+0x98c/0xca0 [ 2494.903699][T26224] ? do_anonymous_page+0xfbf/0x28e0 [ 2494.909121][T26224] pte_alloc_one+0x6b/0x280 [ 2494.913836][T26224] ? kmsan_get_metadata+0x33/0x220 [ 2494.919158][T26224] __pte_alloc+0x81/0x5b0 [ 2494.923665][T26224] ? handle_mm_fault+0x1782/0x47a0 [ 2494.928975][T26224] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2494.935016][T26224] do_anonymous_page+0x9d9/0x28e0 [ 2494.940252][T26224] ? __stack_depot_save+0x21/0x4b0 [ 2494.945632][T26224] handle_mm_fault+0x37b6/0x47a0 [ 2494.950765][T26224] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2494.956955][T26224] do_user_addr_fault+0x11f5/0x1e50 [ 2494.962400][T26224] exc_page_fault+0x60/0x140 [ 2494.967204][T26224] ? asm_exc_page_fault+0x8/0x30 [ 2494.972324][T26224] asm_exc_page_fault+0x1e/0x30 [ 2494.977353][T26224] RIP: 0023:0xf6e1a7a8 [ 2494.981564][T26224] Code: e6 f6 c1 20 0f 45 f0 31 c0 d3 e3 f6 c1 20 0f 45 d8 89 d8 31 d0 21 f0 31 d0 0f b7 c0 e9 0d fc ff ff 8b 74 24 1c 0f b6 44 24 20 <88> 06 e9 ba f9 ff ff ff 74 24 04 ff 74 24 04 8b 74 24 20 8d 86 d1 [ 2495.001355][T26224] RSP: 002b:00000000ffacc0a0 EFLAGS: 00010246 [ 2495.007598][T26224] RAX: 0000000000000012 RBX: 0000000000000000 RCX: 0000000000000000 [ 2495.015710][T26224] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2495.023829][T26224] RBP: 00000000f6f60068 R08: 0000000000000000 R09: 0000000000000000 [ 2495.031952][T26224] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2495.040149][T26224] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2495.048307][T26224] [ 2495.055446][T26224] memory: usage 307200kB, limit 307200kB, failcnt 12882 [ 2495.066300][T26224] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2495.072094][T15156] usb 6-1: Using ep0 maxpacket: 8 [ 2495.073753][T26224] Memory cgroup stats for /syz1: [ 2495.079932][T26224] anon 151552 [ 2495.079932][T26224] file 313262080 [ 2495.079932][T26224] kernel 1159168 [ 2495.079932][T26224] kernel_stack 32768 [ 2495.079932][T26224] pagetables 65536 [ 2495.079932][T26224] percpu 0 [ 2495.079932][T26224] sock 0 [ 2495.079932][T26224] vmalloc 0 [ 2495.079932][T26224] shmem 313262080 [ 2495.079932][T26224] file_mapped 40960 [ 2495.079932][T26224] file_dirty 0 [ 2495.079932][T26224] file_writeback 0 [ 2495.079932][T26224] swapcached 0 [ 2495.079932][T26224] anon_thp 0 [ 2495.079932][T26224] file_thp 0 [ 2495.079932][T26224] shmem_thp 0 [ 2495.079932][T26224] inactive_anon 311926784 [ 2495.079932][T26224] active_anon 1486848 [ 2495.079932][T26224] inactive_file 0 [ 2495.079932][T26224] active_file 0 [ 2495.079932][T26224] unevictable 0 [ 2495.079932][T26224] slab_reclaimable 786584 [ 2495.079932][T26224] slab_unreclaimable 260856 [ 2495.079932][T26224] slab 1047440 [ 2495.079932][T26224] workingset_refault_anon 0 [ 2495.079932][T26224] workingset_refault_file 0 [ 2495.176687][T26224] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26224,uid=0 [ 2495.192837][T26224] Memory cgroup out of memory: Killed process 26224 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2495.192916][T15156] usb 6-1: config 1 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2495.193053][T15156] usb 6-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2495.234480][T15156] usb 6-1: config 1 interface 0 has no altsetting 0 21:15:27 executing program 1: syz_mount_image$hpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f00000002c0)={[], [{@obj_role={'obj_role', 0x3d, '/dev/snd/midiC#D#\x00'}}]}) [ 2495.443218][T15156] usb 6-1: New USB device found, idVendor=0b05, idProduct=19b6, bcdDevice= 0.40 [ 2495.452893][T15156] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2495.461155][T15156] usb 6-1: Product: syz [ 2495.465639][T15156] usb 6-1: Manufacturer: syz [ 2495.470400][T15156] usb 6-1: SerialNumber: syz [ 2495.658301][T26239] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2495.897415][T26242] device bond157 entered promiscuous mode [ 2495.910901][T15156] usbhid 6-1:1.0: can't add hid device: -71 [ 2495.917610][T15156] usbhid: probe of 6-1:1.0 failed with error -71 [ 2495.940386][T15156] usb 6-1: USB disconnect, device number 71 [ 2496.010153][T26244] loop4: detected capacity change from 0 to 253983 [ 2496.042964][T26242] device bond157 left promiscuous mode [ 2496.120639][T26244] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2496.128830][T26244] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2496.283830][T26244] F2FS-fs (loop4): invalid crc value 21:15:28 executing program 5: sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, 0x0, 0x0) 21:15:28 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x0, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2496.356353][T26244] F2FS-fs (loop4): invalid crc_offset: 0 [ 2496.362785][T26244] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:28 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2496.522767][T25740] usb 4-1: new high-speed USB device number 110 using dummy_hcd 21:15:28 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2496.792691][T25740] usb 4-1: Using ep0 maxpacket: 8 [ 2496.932845][T25740] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 2496.987932][T26248] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2496.998742][T26248] CPU: 1 PID: 26248 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2497.010576][T26248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2497.020769][T26248] Call Trace: [ 2497.024144][T26248] [ 2497.027161][T26248] dump_stack_lvl+0x200/0x28c [ 2497.032061][T26248] dump_stack+0x29/0x2c [ 2497.036374][T26248] dump_header+0x1e5/0xae0 [ 2497.040998][T26248] oom_kill_process+0x3a7/0xba0 [ 2497.046055][T26248] out_of_memory+0x111c/0x1570 [ 2497.051001][T26248] ? slab_debugfs_show+0xa40/0xaa0 [ 2497.056345][T26248] mem_cgroup_out_of_memory+0x46b/0x590 [ 2497.062139][T26248] mem_cgroup_oom+0xa3d/0xd30 [ 2497.067044][T26248] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2497.072261][T26248] try_charge_memcg+0x18b0/0x2110 [ 2497.077495][T26248] ? kmsan_get_metadata+0x33/0x220 [ 2497.082851][T26248] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2497.088861][T26248] charge_memcg+0x1a9/0x6b0 [ 2497.093722][T26248] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2497.099474][T26248] __mem_cgroup_charge+0xb9/0x2e0 [ 2497.104716][T26248] wp_page_copy+0x719/0x4310 [ 2497.109538][T26248] ? kmsan_get_metadata+0x33/0x220 [ 2497.114859][T26248] ? kmsan_get_metadata+0x33/0x220 [ 2497.120179][T26248] ? preempt_count_sub+0xfc/0x340 [ 2497.125480][T26248] do_wp_page+0xc81/0x29c0 [ 2497.130132][T26248] handle_mm_fault+0x43e1/0x47a0 [ 2497.135325][T26248] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2497.140557][T26248] ? kmsan_get_metadata+0x33/0x220 [ 2497.146112][T26248] do_user_addr_fault+0x11f5/0x1e50 [ 2497.151526][T26248] exc_page_fault+0x60/0x140 [ 2497.156306][T26248] ? asm_exc_page_fault+0x8/0x30 [ 2497.161399][T26248] asm_exc_page_fault+0x1e/0x30 [ 2497.166402][T26248] RIP: 0023:0xf6e1f418 [ 2497.170590][T26248] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2497.190535][T26248] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2497.196766][T26248] RAX: 00000000f6f50000 RBX: 000000006cf07a0e RCX: 0000000000001a0e [ 2497.204886][T26248] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000081630cf7 [ 2497.212978][T26248] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2497.221069][T26248] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2497.229158][T26248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2497.237289][T26248] [ 2497.240611][T26248] memory: usage 307200kB, limit 307200kB, failcnt 12941 [ 2497.247790][T26248] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2497.255005][T26248] Memory cgroup stats for /syz1: [ 2497.256366][T26248] anon 131072 [ 2497.256366][T26248] file 313262080 [ 2497.256366][T26248] kernel 1179648 [ 2497.256366][T26248] kernel_stack 32768 [ 2497.256366][T26248] pagetables 69632 [ 2497.256366][T26248] percpu 0 [ 2497.256366][T26248] sock 0 [ 2497.256366][T26248] vmalloc 0 [ 2497.256366][T26248] shmem 313262080 [ 2497.256366][T26248] file_mapped 40960 [ 2497.256366][T26248] file_dirty 0 [ 2497.256366][T26248] file_writeback 0 [ 2497.256366][T26248] swapcached 0 [ 2497.256366][T26248] anon_thp 0 [ 2497.256366][T26248] file_thp 0 [ 2497.256366][T26248] shmem_thp 0 [ 2497.256366][T26248] inactive_anon 311902208 [ 2497.256366][T26248] active_anon 1486848 [ 2497.256366][T26248] inactive_file 0 [ 2497.256366][T26248] active_file 0 [ 2497.256366][T26248] unevictable 0 [ 2497.256366][T26248] slab_reclaimable 786584 [ 2497.256366][T26248] slab_unreclaimable 271896 [ 2497.256366][T26248] slab 1058480 [ 2497.256366][T26248] workingset_refault_anon 0 [ 2497.256366][T26248] workingset_refault_file 0 [ 2497.352606][T26248] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26248,uid=0 [ 2497.368979][T26248] Memory cgroup out of memory: Killed process 26248 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 [ 2497.419703][T25740] usb 4-1: New USB device found, idVendor=0b05, idProduct=19b6, bcdDevice= 0.40 [ 2497.429175][T25740] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2497.437603][T25740] usb 4-1: Product: syz [ 2497.442900][T25740] usb 4-1: Manufacturer: syz [ 2497.447680][T25740] usb 4-1: SerialNumber: syz 21:15:29 executing program 1: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x4, &(0x7f0000000300)=@framed={{}, [@generic={0x3}]}, &(0x7f0000000340)='syzkaller\x00', 0x2, 0x87, &(0x7f0000000400)=""/135, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 2497.540464][T25740] usbhid 4-1:1.0: couldn't find an input interrupt endpoint 21:15:29 executing program 5: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x238000, 0x0) [ 2497.627828][T26254] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:30 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2497.746173][T25740] usb 4-1: USB disconnect, device number 110 [ 2497.756845][T26254] device bond158 entered promiscuous mode [ 2497.843064][T26254] device bond158 left promiscuous mode 21:15:30 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2498.069698][T26259] loop4: detected capacity change from 0 to 253983 [ 2498.173438][T26259] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2498.181956][T26259] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2498.233350][T26259] F2FS-fs (loop4): invalid crc value [ 2498.300942][T26259] F2FS-fs (loop4): invalid crc_offset: 0 [ 2498.307668][T26259] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:30 executing program 3: capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x4}) 21:15:30 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:30 executing program 5: syz_mount_image$qnx6(0x0, 0x0, 0x0, 0x2, &(0x7f00000015c0)=[{0x0}, {&(0x7f00000004c0)="1d19f91045774e198c7e5642764a56d948199e07c5b5951b03e20db7e7b7269ccbe29ffe396301b62b69528bc99e59f82cbe38e53f4df20bf8aaa8788608f5b9e3d3631d9484e765ab5de883fe65ff5cf63c5546b754bde17d1412186c38194508ee7fda09cc02f99a6634957a311634a2c84a47cbc60a296dbfbaf412b4940d49ecf6f01696f7eb997a0bd8b37e40ad5f15d49d3b1ee32a3523f5a6126d5d5070f82143c1b7414073b30640a5ceb6a43497283fac20a0f8bd8e5a0dcb91ee5b0a16222e148e3adfa2d174ebbdaee96962a28ea4e74534571846e3ba709e88ee0e98322bf322e6b8fc8bb305876d409fecb4a50f20de28c1e04766d1c633f54fdc233021f7d4878134bdab8ef223b0bb0b6ba97f23411083e7648a803b2a5e6566c1737b2cbc8e99dcd68f46f1b18b487fb891bb389130d6b127d917b8551828d0337277ef9b1553b9d8e470687a0a4dd798e62e73f9a80a395b12322bdc05a8e903c8e3220bd6f716064e027067a850f6030d8d97d6277f7ed762b899913e6a6f7d6012a4fd9d6f8e4f18e15d6c2b6c4d2ea81f9f551217b2f37f54fe7f7503c224f86dff078393ec1f1a1d01d1ecbb8bf0db9eedc6d568c2ea82481d7acc268142d90f8a6fc61c64a99301a8291738b13c9636b1326de7e7346179408baa969b251724fce45879cd32ebd8917320bbb5e9165e8ae7d5b0e6efe5c933dd0a661ed05e0384971225400d0571150df8f4b7e74bbe9c1af151b88129f4208849298d9b46e084dbd9ba1e23d7afb0d220df06551aa8798d73aef32f1a06d3802af8d03368b350a14df1d63619ec93d9d34abd766d39838d0f8793ee571c6b6e4d2866d0a82ba5c11334888f9d897d82b54ec2870a8e98b826dada24be36ba97037432960246f0998d53e9d1632b57f38a6b28a863a05f9709961a36c79fea53260e3fb14b3da487bbbd759b777db9fddc6c3f176aafc2bce801a8fe3887551a17f4aa0bcae46befbf70cef780fc7933ae6fefcb8aa4d6949933dc1f9ea5b63c366124a82caccda91d0761f20c15f780390aac6fc25242e00e8d9dc3d9fe46efc491b3d62cd715cb274863ed308b98e9823efe470f0b24258fcfb49b1ad1030368030bd916604dd7fa94232c6ce6a20af2abcc1b3f2d26b932f10001de474d39c02f7838800ecb60457039a734a273142017ac7542889279622d393d07df208828b06eee98640d0a0f44453e7d4a3f1c2a59931050cc6db645fa98130fd9b3dbe71c0f3503374a275202b16a6aafe845df832dc4513ad8216f3e7ac2e91b80701c5a9f9b1f523b74eac26effa72f1af5a0fea725e0be364c91f41987cda359bea6c56f07fa8dbb98b4ff08f601a9eefe6a0df8b79962bb936f3e4830b0198eb89d1eec50dd2ea174032783f501fb11e1a9848fccc7cb02dfc0cffae0460a946c83fb2ea4dcc15ac574fbadb8e0dad033aa50828f751a9eea34ea33e6354d0564100381d7579a7aea42f479479cc3fa1a3b1a3fa110c892babee1c884a5ac724da08dd0e33f3c117f330024ecda70ba6ef476188e960af5a1102c601f7067807e7a3ee80b78c71fa49ea33a3eaf1ded197de098baad357efe5cc7c56e339ed38946b7f4daf1d5a74671641e6fc2c0abd3baed712ade7dc4bed54631cb713e30123eb0b69577a2db2513467594af7cf454bad9d00cd4a3df4bfc7eb1c61c139e671d07ce4f5186804a801a84b6104a250f0d684d7a969345e1738f23c62dbb40f2729da3fafe89fb48e65810ab5c070c1824c6c650f13dc5ab0a1e5e4a94eb4e38f0e835db0a6c53bd9d366b715e000870d9c21298549e7e43c71cfae63f36f4e728555b4c73e0095d5b02e1b4e3af80b4d300cf0b7b2d2e131e1e1317ec5200317b60c36c4ddd71afc120d3d4999c2dab574dfc9336821d200dd1c4fdeb215f7e00a84d4565abd61dea731990ab085102bd7985f7169cedaf74523e5510b221561c88b9ae1afa0c78927ff33254d6a8c53412d33407178ed9387265fcb60ff96b023326f238aadd0a2e0fed666ee552512aea25f91d091b3e534c837d74d0051d0428c86870e1adef9041bc2e115b2fc8c0b1181f1cbe3cc544192d9490c3250d2c1c9e50b1e1ba97e424f98d76150020759f61f534d6ab6a87601bf9c6dd772872c361e6a22cb2b06e781d067aaee1ef36970e169a40b8e4b2b6bd3814b8bfae3648ca0d250f373242cf13fb902e345ff5200cf4ae2f74799ca33391cd71671ed2c051ad391da1323ba1141513fe33a9b50b2d8b384fbd327fbc011ade2e09b0a786f2d9559048911cbb89a5d7bc550acf8237c25f04960a071e5a4eddb16d62053e50dd9291872fa3ed9ada180acd5c705c2aca77acb5cb5a5a0498dfc723495205f513701997c2da5d5e406c717eeee11bc1bcfd2e4bed368e2f5eceee63cd8f12f69ec03daebae18d8b339a61e983fd9ce3759deee00ab656aff0cde4e5757fb58b09f4c305ae296388f0543b97e0fb9d477dce769f8fdd16f06acca7283fd02c35d99810fcbfb1fcf5cb76bb31320243cf35898278ae2f1f3e39191816fef605e75f9c1a8a39ff366dce833ac8cc1783c361a06bf1abc2659540b7d020a7fc991b0b7eaa785ad2ac4f9099da898be4981042eaffc8ab509aeca80162362492ebe637f78b0d5a68eb2e5f1ae69ee373b91e4778d3d40fae16a1c9dbcca47d5f2aceaba36962f10de9d23dfe5e654062d549cc0ac0a5a54eb705862d183c48bc33c977a8e95c76eb2d2f9e350c737b964f992b958e39a4939e5a4a62cbf07e962f612768d34c36614f1eda6720f12047150a0d3baeec230d20e39be6bbb7060cb74bfd6faa67738aa98804c675aa198752e99221839d3d208f5f3fff4ea7991321908027ab80cd9ecb7c5f4f1ff85229f62552e3b34e4f0b347a699b7bd8355bcaab3f17367108f0eb4e4f9548e0d7af0e24031ed9e0cf522dcbfd92a947f4e9b5d475425a03d5d0bbf30c55b8f196475e8f50e22a15ffbbeda6166d1103fb4e457eb26f9db036246ea06757e2516dbba0028078b070bf1026244218d995d42c3ec74456b00616dec11232f7102b999e6b1f7ddb17e2fe95407b9fae667c3700b48283e9acf3e04762cd198461c1f254e9be01c7651bdc33ec480ecc3fbc1a018929eebcdd1f555f1d433206b7d5bf00cdf1c12bfede5454bb9efc8bd482f65e97f29c9ec3dd9010a7fbfba6b31828633681c2aa2475c1ce8f4267cce9bffc1f7c655aabb845789a7fd0ccb17e3c89b5d5dd8daf7398b65cce2a4b4db2ed87642095e68f916e30dd976814ca84ffd5d13e40492ef741275ea0db1b347abd5f8c3a1818c723870a33db1d1f38298a42923032a2ece1eae0ebc026c0b37df7c1c27c382760dee9c6fcb0b91cd19f44063f1d7a0735e84cdf5662a7b97f6de04872a2ff9e9b03e970f67ef5a77de0a5ac58ef9f67b0485bc87b7401c90218b82833ba779d275372b5abe5d0147a38f260d010f76d83b257447b340bce7cbb8553de3a21b68dd4c084c7614c62f56a2330d420d0a1c190eccd6c01e61ffeab3534eacf79952a8df0eb3d26f89c5af115e5cca863fd5d43692c48162e2813e3fcd55c2cae", 0xa01, 0x7ff}], 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$pvfs2(0x0, 0x0, 0x0, 0x3, &(0x7f0000003300)=[{&(0x7f0000001ec0)="6b369804fa194968e32a224a3dbe48c7fcbbae001423cd3aa7d377a75b88e30aab38ab47c45340bf19d22de68aab362ab368fdac5d5fa9ea5479c9cfc2465e3269056890e90ae6eb6c43438746298441a6c48051b565a63f40c1bce35437c69bdb140972db9659b6d9fe8c7c6c66eac2d6e7d00229bacccfda3692eb1f527f827e2651feae94838347c8539d5f2f338c9f9ac24e0709972edf03cc90ee77fcb5e745fd720ba77e395c99a97eed5dcc48acdcb304593adf7f620b9275af21791a6debee905370b1aa61ff265dea9f0a28df92f40f6b2e5d474e250e5ce831dac69b8c17382d2811462ed2e82ed29dfb046771b171e3dc8548bf11b49ebd5dff13cf2fdd054933d8dd146e469dc3bddbe612da4eef8711a7b1c907d9106e8202d5fcebd69ca221514c67777d34bb16ea362b616e4ed49ca534ab9fc12b3def7b4d4672fbf163b495f87684cff4566b76e999fadaca58e7c89755b5df2d4e9839740fe8f40d5292cc29ec69a7233c3888eaf58668048862250a16450893526390e00b7d1b504423847d591f50c4bcb661dad60b36531cec17833a0e8b63801d97db953434ad46babf9f70e420e975ffe38f725c93a13e468f6f2baf0654635a4e2f372e47a9af2c3cd88a892bacb2e41ed1826e8933076910a31ed62a2a6f0cbba8a1dfaf7f0dc874cfcaad05fce7bf8da168064900ddba1a18e50da37ccd2ce81fc2990c1b00ff400cc2f2423834e433f004f00044254f0ab823432f724f28460117946da8c0a8f8445372a13da8d33824ad03377a9fb6ea1e68ac464277060b5cedac265ad3689ed327537a68339311a1d7daa0473711ef14fb27a4d70ea620e12031ffd4e3a150acc178ff1cec975f3530bde8083020cd73fc631103ac1f423422a0ce2c58c8223edd442b933e888e4449092978afee0ed8f623ef130b1ae8cbe03f9c205e02d883c77e96d28d045e3ea01686ea13ecf900612dc775213b9bbea47ccf6f3898fd696db82b73ba4d1c2416073170647bfb170e1c744afe31679df7d46c37c88bec576b72748959a3995b43642eb789a4f754d3973df374e37575e7667954a75bf376b28f8b90da997494fb769d6656e07fa3185568f159adfea0dbf38054b4d7f96cb849a11a125a5125930ca3d8d61def476a62cf8a6f829ad4b0c43c65a2b0fd18f050db18e0730b72cd9f1d0a3658b05de4dbf138c532a6e1d1b4e0ea7a0fee048342c56895e98d33bc6e2186e68b5319b49b896e9fee6c5b20075a8b2a826d34eb7a98cd1996566d9591efa3c9fefdcddd9e6f6982b9d5d4b645fa8c2d45e7845dc617467f810481c5ba0af407269a2e39a6ace46bc6796e269423d97cdf16e66a095003ada92591450c8157d15da214ae764c7dd64b2e27a132587694e8f954375ee13000600c3ea82e288823df0e2766f7d5f4a7f17f2f907811747148446838f381b3f35773e7d27b07b79b37cb1f26b9e3eeea28c8acc3431f4d9293b90a2c43011ad6787f810f652687bec47b1842e2731126ce03f205438cb0a14bedbaf56f5fb74afd2302dafac5191fbdc8e22594cda845c893ce0cdaba1e09776573502713251cf922abd1d2f8063985c81147b3b41491dbeba5c72917e12edecfa78c55d93142d812195e5881f94214a1d5e131bc10d424f24319bcebc20b67d224205807a2fc945badaf568c319d1c59e3ac029e26ec9f6324b3c48eee9657d25ba638c3987ccafbaa2c0f9c54f94a53134a7b0cfd23f0de48321339da1ff39c8058da098a05648f7730cbab0865a2c1f0782772ec4be82bec7d454e868bfc63d5a5fcca62f906301f45166225616b49a5950068a2ef8e161764a1ea405098a039d8512c9e3c074ddfb3f5b483c98daac726a08e004c3d1577557b9cef13aa1ce68ab66ccdb4c029465633fa1555999fc0513363d39bbf720a68534e6d7513347b71b125a741ba5c8e44aa4011ff891a7dc8b9186cd31b9afe9e5227addd33f1805be8cdc76fe2017eb16b02edfe1e263a095be048b3dcacc3de9abd24aa3f2c9225bc4a9d84df97c0e237c6221bbcc5b7001290ccd5a3752d628f4107408c20dc25716a33107ad21f93d44a7579ea7087f72fa76386e8251cb1879bc7d6667e3e8ee2482593795d73d921b602d81dc17a1ec8448c44db3946bd2a57d84d4c271eb7906df16e4f6af0a7873955ac252a9c7c51e13529737556b368efdf047851b3afe603164c141f5b23e6f9bc9df3ad4eaf24cf03e96b2eef120c6b486cc2e2e22607d18e60587bbea57d04c0cf22d282de60ab14bf33efbabf68a86c5e9a01d8b4d2e6562b0ea74585700beaa440335a3455a00fd00a661fd264f7d3a4b99347c1c9d3efe4539ca963c5dae572584b3463cefaf39672d406c23d1ca439ecd81baa69122a46d6df86bda4b4dce173215226f2658f6517aea49a9d56d099802f16de1338adc6f74e47ff5b957a8d089e6890da86fc0ffb1f9a49aab579544991fcddd061e93b990284743281dddb773c60704bf31c4a86bd7730c5e3c269aa41e2d2256b4020a088e89d495cf5f4a730d42155b65a90d1731db53675d0ad7f81d1d540e95dff241da16650bce929588b9b2ebbe327062a5d516f5cc018af3a730528b8afd56879e35fbabd14d1eb2db35b0998f41c778b45f903f30390bd32f7777fa8c3a51aef5334d0218d09d7a74096d91d75d5e541250be770b05b8344790bac61f4dd161eea1a1586e7c1614f80bae84fca202dfacaf12500b4ed8f8f3fd6ebd09cafb4bfb92b39bd52723dd8ac2a4e0d3cade9b9e048d90c1129f015ee93034b9aa649c1a6f24edbae565ab4fef7cff6800cc860f6ed99260873ae7e89f9515da2f6de117ad0054b98b3977a839b58bd1914c5e75ce11f31562b1d0809611cbae878fce1479faff6e7fe7e2f6142f463f240e496cdeb77de519c82158455468c89c6d463f007f1ffabefba1d0678007ca370452541ce2902179350a897197e77e177a1649e3772265e983671b491ce6c44f3b1a1bfa08a1295611e134c6aeb778a626ce27cec813d49b0b5e7cf74c960deec188f46079dbf019281285aef7ddc33c1ea059d48f1e02c4e4e309329307b64dd48450dfd2680cf53844431a7c2bade2a79a9b8706f29c1840f62121d3796e45be3a3797893e129b00c3fb161fc356467bb91fe66b8e5f6b56a237023e8a45b6bb1afe1795646ae520feefcbfc1a3e6645f640a5ab2730c7bccf9b2ecc84b513868b3173c0e21f0d1a070952d046ae85feaa46e1a85d30e389e3e5a305481494d8faa85e13d06c7817fad453f552d10b83833ddcd460d58dfa5207d1430cc8899c2f3fd39b2a679ff384c1ae3486266de0948aab500aae0f30b8c08076472942bfd5edccefc56e8c843785387b739ad65933a895ceae6078a094ee76dbfa2d11b34e0ff3123f60df63036b8a5b4b3bdde113531ac585aa82aea0cc489aa600439eb48560ca5b1f9dc88c135bce1df51cd572ba5c7ba3a52ba81379f3b40b6d755b6bea2bb6372b97eb707da91c6fa3bff4a36d84a9921eb00584cd68a7e720a49a8e19ce6d6694079fae32f1c84dc8172899ccaf6ff3e0710a190a8e40f8bc3135f2a552f5a67619c0a0bd09ebc64fa05f821df51f960932eaa4c9ae43a4018d119cbec472696fdfe4e8dd25e7cee28930f369dd4bdeb5d21367da41536d539d9192f2077f34e80065d2e1ace71d2c267aa3cc403854a5a1079bbe772a162762bc66629c9e657d5fdfb15ed25c14cea910d44fe8bc5e45566f7a5ba48eaa97a92fb6025013a3b838aa08da42df94969a67e24e7f131cee6c81437afb9225823030352035aaf70eef9d3822642018cd8a59e8a7fc932044a2f4d3c53032826d2026e16cb30da509c70cdcda18ab2ca19433733ab23f8ac236f65867ca3f2a5e7548e903d75099ab36c29b33c5367b133f54e46298ec602b88fa98d0c5f98e9bacab79699f077cf928b54d3386a9eedb63cbc179ac4591ceb70fe1c290734a1bfdda8719a73332211a06d5cad97199fa8d4631731a52c1c4c6722beb0bb02d759da43f1aff41a6c3e6c0f323d66b81c3a983d2389d3eb00c94c00101be21ac20a2b1bc178d224761bfa800fe9ecdd89c161d03480ae9df58f743c554542a70b9a7a3c93263b928c65d4133de50f75fb61b2c5d92e6b0f931b28aa1ea1d4f982e22b997c5e9a97aacd1e142e1bf81b88372d4cae0704059063f985db898ab596b8d5037a587b1f1acc8ea7a1c30a3dd68b663df873b516e1dba5beb43b612d84e54d233765ce1a06a254a61e2c3057b083f989c03d96d0b2c59e79ed3ce6b46ceb1f3da552cf40bfde4051df49ee3ee9b611f55d5e542aca8913c3f30e782175436dfb5fd3fd37139aa278d8aef00270a0091480bb34941e236aec43e62c0924e851b5fffe080f6d96474a52db35988449e2770de8af32227ce0fdb8174cf27c3099c29352e43a4c9cd458d0aed84615c7024dfa137233b8a4c6471bf3232df55bdb2cbd7ca6459af4dd010fb4c130d09fa9b0d968e327efae9c52b8521be5afd47be1e65121ba8f9a7857c5ec13a7bce98c675e7fe4e4f2bb47dafca1bc5a91b4fd937577ee5bdb8d5e0e73014bd79f27c51a02051e5f7581c43461eaaeb3b76887c762f9adf19a6c7b3262e134aa962a64720b28979c00ceb68b55d84e897ab3864b8d1bec06beac9820a0303e738c1189a9bc6f85d38bee2c7da5e3721411ec2528c18d38a5c63a57e1647ec1433bb87aa1a682cbaa5b820029f47ca095eac52f9952f6c5ce488b4c1d28964edd3c193797de8ec40ac7fd40d557b2731e524e017911fd607ec5aed0b43522b53aa8b9ecb15d58ac0026bc9af082d8e37905f27074e76e479545581122f5b20cc3d5c9bef35e63a9c39201169bb2cab7998aabe39a60ce8250665cbdcf901e0b382047119e6bba3c2184dc9a8973a707d5b2e8054ee030a45a00ed3b57c3e87e461cf38531132415e3eb4fcab454b5a857711a6359413e98aac5499402197160aa156a2e61f5ce08410cc31799d437dbb78dc1c4e1d1a5c0416a1fe3e5a64df3d6c0a7ff355392207c69b73174aa2be5d42b62150302388fa09f1a95ce41af2049a078291d9b76a41a806bf80c1cc6ab452988dcb206749dd24daf291f5525d35018e34eefd7e8c77894e6053a5a0f4abac95c56ddeaadce83e9074e1f1f46f15dd564445fd865282a08d871c4c3ae442b7d16b44c845b8fbf9bc935729f72da54190e07f1301b0266b8af45540921bb31ab267ebef166721659da4c6977e7623be36d22f0820f01a5cc475975e6dd108769b90aa5f14ff588be58356b384bed1c9db535ff6252645cfec634564ae61574a1f71f42adba6aafd7c851d96815e678f71bca3dc125658759629c4c5435560f7e914c15b2178898db", 0xf02, 0xff}, {0x0}, {&(0x7f0000003200)="fa", 0x1, 0x7fffffffffffffff}], 0x0, 0x0) 21:15:30 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2498.707880][T26260] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2498.719261][T26260] CPU: 1 PID: 26260 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2498.731013][T26260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2498.741197][T26260] Call Trace: [ 2498.744672][T26260] [ 2498.747830][T26260] dump_stack_lvl+0x200/0x28c [ 2498.752704][T26260] dump_stack+0x29/0x2c [ 2498.757056][T26260] dump_header+0x1e5/0xae0 [ 2498.761632][T26260] oom_kill_process+0x3a7/0xba0 [ 2498.766699][T26260] out_of_memory+0x111c/0x1570 [ 2498.771675][T26260] ? slab_debugfs_show+0xa40/0xaa0 [ 2498.776966][T26260] mem_cgroup_out_of_memory+0x46b/0x590 [ 2498.782772][T26260] mem_cgroup_oom+0xa3d/0xd30 [ 2498.787653][T26260] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2498.792821][T26260] try_charge_memcg+0x18b0/0x2110 [ 2498.797992][T26260] ? kmsan_get_metadata+0x33/0x220 [ 2498.803279][T26260] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2498.809303][T26260] charge_memcg+0x1a9/0x6b0 [ 2498.813945][T26260] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2498.819707][T26260] __mem_cgroup_charge+0xb9/0x2e0 [ 2498.824883][T26260] wp_page_copy+0x719/0x4310 [ 2498.829673][T26260] ? kmsan_get_metadata+0x33/0x220 [ 2498.835007][T26260] ? kmsan_get_metadata+0x33/0x220 [ 2498.840323][T26260] ? preempt_count_sub+0xfc/0x340 [ 2498.845472][T26260] do_wp_page+0xc81/0x29c0 [ 2498.850040][T26260] handle_mm_fault+0x43e1/0x47a0 [ 2498.855154][T26260] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2498.861325][T26260] do_user_addr_fault+0x11f5/0x1e50 [ 2498.866750][T26260] exc_page_fault+0x60/0x140 [ 2498.871620][T26260] ? asm_exc_page_fault+0x8/0x30 [ 2498.876762][T26260] asm_exc_page_fault+0x1e/0x30 [ 2498.881795][T26260] RIP: 0023:0xf6e1f418 [ 2498.886020][T26260] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2498.905747][T26260] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2498.911987][T26260] RAX: 00000000f6f50000 RBX: 000000006f9299b2 RCX: 00000000000019b2 [ 2498.920075][T26260] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863c4b4a [ 2498.928208][T26260] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2498.936340][T26260] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2498.944576][T26260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2498.952672][T26260] [ 2498.957930][T26260] memory: usage 307200kB, limit 307200kB, failcnt 12980 [ 2498.966338][T26260] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2498.973582][T26260] Memory cgroup stats for /syz1: [ 2498.975309][T26260] anon 131072 [ 2498.975309][T26260] file 313262080 [ 2498.975309][T26260] kernel 1179648 [ 2498.975309][T26260] kernel_stack 32768 [ 2498.975309][T26260] pagetables 69632 [ 2498.975309][T26260] percpu 0 [ 2498.975309][T26260] sock 0 [ 2498.975309][T26260] vmalloc 0 [ 2498.975309][T26260] shmem 313262080 [ 2498.975309][T26260] file_mapped 40960 [ 2498.975309][T26260] file_dirty 0 [ 2498.975309][T26260] file_writeback 0 [ 2498.975309][T26260] swapcached 0 [ 2498.975309][T26260] anon_thp 0 [ 2498.975309][T26260] file_thp 0 [ 2498.975309][T26260] shmem_thp 0 [ 2498.975309][T26260] inactive_anon 311906304 [ 2498.975309][T26260] active_anon 1486848 [ 2498.975309][T26260] inactive_file 0 [ 2498.975309][T26260] active_file 0 [ 2498.975309][T26260] unevictable 0 [ 2498.975309][T26260] slab_reclaimable 786584 [ 2498.975309][T26260] slab_unreclaimable 271896 [ 2498.975309][T26260] slab 1058480 [ 2498.975309][T26260] workingset_refault_anon 0 [ 2498.975309][T26260] workingset_refault_file 0 [ 2499.071643][T26260] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26260,uid=0 [ 2499.087862][T26260] Memory cgroup out of memory: Killed process 26260 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:31 executing program 1: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x5, &(0x7f0000000200)=[{&(0x7f0000000280)="200000008e00000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000000040)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000010500)="7f000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x1002, 0x2000}, {&(0x7f0000000080)="ed49000010001000daf4655fdbf4655fdbf0655f000000000000040080", 0x1d, 0x4400}], 0x0, &(0x7f00000000c0)=ANY=[]) openat(r0, &(0x7f0000004400)='./bus\x00', 0x6a142, 0x0) [ 2499.247978][T26267] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2499.358369][T26269] device bond159 entered promiscuous mode [ 2499.394010][T26269] device bond159 left promiscuous mode 21:15:31 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:31 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r3, @ANYBLOB="01edff000000000004003b1c210008000300", @ANYRES32=r2, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'gretap0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r5, r4, 0x0, 0x10000a006) [ 2499.718848][T26275] loop5: detected capacity change from 0 to 9 [ 2499.840446][T26278] loop4: detected capacity change from 0 to 253983 21:15:32 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) [ 2499.950959][T26278] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2499.959187][T26278] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2499.988670][T26278] F2FS-fs (loop4): invalid crc value [ 2499.995526][T26278] F2FS-fs (loop4): invalid crc_offset: 0 21:15:32 executing program 5: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$dsp(r0, &(0x7f0000000080)=""/224, 0xe0) [ 2500.002329][T26278] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:32 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {0x0, 0x0, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2500.364173][T26282] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2500.447575][T26284] device bond160 entered promiscuous mode [ 2500.506739][T26280] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2500.517468][T26280] CPU: 0 PID: 26280 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2500.529206][T26280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2500.539409][T26280] Call Trace: [ 2500.542805][T26280] [ 2500.545831][T26280] dump_stack_lvl+0x200/0x28c [ 2500.550717][T26280] dump_stack+0x29/0x2c [ 2500.555058][T26280] dump_header+0x1e5/0xae0 [ 2500.559715][T26280] oom_kill_process+0x3a7/0xba0 [ 2500.564801][T26280] out_of_memory+0x111c/0x1570 [ 2500.569778][T26280] ? slab_debugfs_show+0xa40/0xaa0 [ 2500.575123][T26280] mem_cgroup_out_of_memory+0x46b/0x590 [ 2500.580936][T26280] mem_cgroup_oom+0xa3d/0xd30 [ 2500.585835][T26280] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2500.591152][T26280] try_charge_memcg+0x18b0/0x2110 [ 2500.596539][T26280] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2500.602592][T26280] charge_memcg+0x1a9/0x6b0 [ 2500.607313][T26280] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2500.613070][T26280] __mem_cgroup_charge+0xb9/0x2e0 [ 2500.618314][T26280] shmem_add_to_page_cache+0xbbf/0x2ba0 [ 2500.624133][T26280] shmem_getpage_gfp+0x26d1/0x6a80 [ 2500.629568][T26280] shmem_write_begin+0x1f2/0x3d0 [ 2500.634731][T26280] ? shmem_writepage+0x1f00/0x1f00 [ 2500.640055][T26280] generic_perform_write+0x493/0xc40 [ 2500.645569][T26280] ? kmsan_get_metadata+0x33/0x220 [ 2500.650912][T26280] __generic_file_write_iter+0x3f1/0x9f0 [ 2500.656852][T26280] generic_file_write_iter+0x173/0x440 [ 2500.662512][T26280] ? __generic_file_write_iter+0x9f0/0x9f0 [ 2500.668503][T26280] vfs_write+0x10ab/0x1d40 [ 2500.673175][T26280] ksys_pwrite64+0x2c5/0x390 [ 2500.677989][T26280] __ia32_sys_ia32_pwrite64+0x15c/0x1b0 [ 2500.683763][T26280] __do_fast_syscall_32+0x95/0xf0 [ 2500.688978][T26280] do_fast_syscall_32+0x33/0x70 [ 2500.694005][T26280] do_SYSENTER_32+0x1b/0x20 [ 2500.698689][T26280] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 2500.705210][T26280] RIP: 0023:0xf7fb7549 [ 2500.709406][T26280] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 [ 2500.729181][T26280] RSP: 002b:00000000f7fb23c0 EFLAGS: 00000282 ORIG_RAX: 00000000000000b5 [ 2500.737758][T26280] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 2500.745860][T26280] RDX: 0000000000000020 RSI: 0000000000001000 RDI: 0000000000000000 [ 2500.753949][T26280] RBP: 00000000f6f36000 R08: 0000000000000000 R09: 0000000000000000 [ 2500.762075][T26280] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2500.770176][T26280] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2500.778323][T26280] [ 2500.785828][T26280] memory: usage 307200kB, limit 307200kB, failcnt 13061 [ 2500.793431][T26280] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2500.800442][T26280] Memory cgroup stats for /syz1: [ 2500.801252][T26280] anon 126976 [ 2500.801252][T26280] file 313266176 [ 2500.801252][T26280] kernel 1179648 [ 2500.801252][T26280] kernel_stack 32768 [ 2500.801252][T26280] pagetables 69632 [ 2500.801252][T26280] percpu 0 [ 2500.801252][T26280] sock 0 [ 2500.801252][T26280] vmalloc 0 [ 2500.801252][T26280] shmem 313266176 [ 2500.801252][T26280] file_mapped 40960 [ 2500.801252][T26280] file_dirty 0 [ 2500.801252][T26280] file_writeback 0 [ 2500.801252][T26280] swapcached 0 [ 2500.801252][T26280] anon_thp 0 [ 2500.801252][T26280] file_thp 0 [ 2500.801252][T26280] shmem_thp 0 [ 2500.801252][T26280] inactive_anon 311906304 [ 2500.801252][T26280] active_anon 1486848 [ 2500.801252][T26280] inactive_file 0 [ 2500.801252][T26280] active_file 0 [ 2500.801252][T26280] unevictable 0 [ 2500.801252][T26280] slab_reclaimable 786784 [ 2500.801252][T26280] slab_unreclaimable 272952 [ 2500.801252][T26280] slab 1059736 [ 2500.801252][T26280] workingset_refault_anon 0 [ 2500.801252][T26280] workingset_refault_file 0 [ 2500.816163][T26284] device bond160 left promiscuous mode [ 2500.897724][T26280] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26276,uid=0 [ 2500.919344][T26280] Memory cgroup out of memory: Killed process 26276 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 [ 2501.096965][ T24] audit: type=1804 audit(1655241333.340:35422): pid=26286 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1267165603/syzkaller.bP5aGh/1471/cgroup.controllers" dev="sda1" ino=1165 res=1 errno=0 21:15:33 executing program 3: syz_mount_image$qnx6(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f00000015c0), 0x0, &(0x7f00000016c0)) 21:15:33 executing program 1: syz_mount_image$qnx6(0x0, 0x0, 0x0, 0x1, &(0x7f00000015c0)=[{&(0x7f00000004c0)="1d19f91045774e198c7e5642764a56d948199e07c5b5951b03e20db7e7b7269ccbe29ffe396301b62b69528bc99e59f82cbe38e53f4df20bf8aaa8788608f5b9e3d3631d9484e765ab5de883fe65ff5cf63c5546b754bde17d1412186c38194508ee7fda09cc02f99a6634957a311634a2c84a47cbc60a296dbfbaf412b4940d49ecf6f01696f7eb997a0bd8b37e40ad5f15d49d3b1ee32a3523f5a6126d5d5070f82143c1b7414073b30640a5ceb6a43497283fac20a0f8bd8e5a0dcb91ee5b0a16222e148e3adfa2d174ebbdaee96962a28ea4e74534571846e3ba709e88ee0e98322bf322e6b8fc8bb305876d409fecb4a50f20de28c1e04766d1c633f54fdc233021f7d4878134bdab8ef223b0bb0b6ba97f23411083e7648a803b2a5e6566c1737b2cbc8e99dcd68f46f1b18b487fb891bb389130d6b127d917b8551828d0337277ef9b1553b9d8e470687a0a4dd798e62e73f9a80a395b12322bdc05a8e903c8e3220bd6f716064e027067a850f6030d8d97d6277f7ed762b899913e6a6f7d6012a4fd9d6f8e4f18e15d6c2b6c4d2ea81f9f551217b2f37f54fe7f7503c224f86dff078393ec1f1a1d01d1ecbb8bf0db9eedc6d568c2ea82481d7acc268142d90f8a6fc61c64a99301a8291738b13c9636b1326de7e7346179408baa969b251724fce45879cd32ebd8917320bbb5e9165e8ae7d5b0e6efe5c933dd0a661ed05e0384971225400d0571150df8f4b7e74bbe9c1af151b88129f4208849298d9b46e084dbd9ba1e23d7afb0d220df06551aa8798d73aef32f1a06d3802af8d03368b350a14df1d63619ec93d9d34abd766d39838d0f8793ee571c6b6e4d2866d0a82ba5c11334888f9d897d82b54ec2870a8e98b826dada24be36ba97037432960246f0998d53e9d1632b57f38a6b28a863a05f9709961a36c79fea53260e3fb14b3da487bbbd759b777db9fddc6c3f176aafc2bce801a8fe3887551a17f4aa0bcae46befbf70cef780fc7933ae6fefcb8aa4d6949933dc1f9ea5b63c366124a82caccda91d0761f20c15f780390aac6fc25242e00e8d9dc3d9fe46efc491b3d62cd715cb274863ed308b98e9823efe470f0b24258fcfb49b1ad1030368030bd916604dd7fa94232c6ce6a20af2abcc1b3f2d26b932f10001de474d39c02f7838800ecb60457039a734a273142017ac7542889279622d393d07df208828b06eee98640d0a0f44453e7d4a3f1c2a59931050cc6db645fa98130fd9b3dbe71c0f3503374a275202b16a6aafe845df832dc4513ad8216f3e7ac2e91b80701c5a9f9b1f523b74eac26effa72f1af5a0fea725e0be364c91f41987cda359bea6c56f07fa8dbb98b4ff08f601a9eefe6a0df8b79962bb936f3e4830b0198eb89d1eec50dd2ea174032783f501fb11e1a9848fccc7cb02dfc0cffae0460a946c83fb2ea4dcc15ac574fbadb8e0dad033aa50828f751a9eea34ea33e6354d0564100381d7579a7aea42f479479cc3fa1a3b1a3fa110c892babee1c884a5ac724da08dd0e33f3c117f330024ecda70ba6ef476188e960af5a1102c601f7067807e7a3ee80b78c71fa49ea33a3eaf1ded197de098baad357efe5cc7c56e339ed38946b7f4daf1d5a74671641e6fc2c0abd3baed712ade7dc4bed54631cb713e30123eb0b69577a2db2513467594af7cf454bad9d00cd4a3df4bfc7eb1c61c139e671d07ce4f5186804a801a84b6104a250f0d684d7a969345e1738f23c62dbb40f2729da3fafe89fb48e65810ab5c070c1824c6c650f13dc5ab0a1e5e4a94eb4e38f0e835db0a6c53bd9d366b715e000870d9c21298549e7e43c71cfae63f36f4e728555b4c73e0095d5b02e1b4e3af80b4d300cf0b7b2d2e131e1e1317ec5200317b60c36c4ddd71afc120d3d4999c2dab574dfc9336821d200dd1c4fdeb215f7e00a84d4565abd61dea731990ab085102bd7985f7169cedaf74523e5510b221561c88b9ae1afa0c78927ff33254d6a8c53412d33407178ed9387265fcb60ff96b023326f238aadd0a2e0fed666ee552512aea25f91d091b3e534c837d74d0051d0428c86870e1adef9041bc2e115b2fc8c0b1181f1cbe3cc544192d9490c3250d2c1c9e50b1e1ba97e424f98d76150020759f61f534d6ab6a87601bf9c6dd772872c361e6a22cb2b06e781d067aaee1ef36970e169a40b8e4b2b6bd3814b8bfae3648ca0d250f373242cf13fb902e345ff5200cf4ae2f74799ca33391cd71671ed2c051ad391da1323ba1141513fe33a9b50b2d8b384fbd327fbc011ade2e09b0a786f2d9559048911cbb89a5d7bc550acf8237c25f04960a071e5a4eddb16d62053e50dd9291872fa3ed9ada180acd5c705c2aca77acb5cb5a5a0498dfc723495205f513701997c2da5d5e406c717eeee11bc1bcfd2e4bed368e2f5eceee63cd8f12f69ec03daebae18d8b339a61e983fd9ce3759deee00ab656aff0cde4e5757fb58b09f4c305ae296388f0543b97e0fb9d477dce769f8fdd16f06acca7283fd02c35d99810fcbfb1fcf5cb76bb31320243cf35898278ae2f1f3e39191816fef605e75f9c1a8a39ff366dce833ac8cc1783c361a06bf1abc2659540b7d020a7fc991b0b7eaa785ad2ac4f9099da898be4981042eaffc8ab509aeca80162362492ebe637f78b0d5a68eb2e5f1ae69ee373b91e4778d3d40fae16a1c9dbcca47d5f2aceaba36962f10de9d23dfe5e654062d549cc0ac0a5a54eb705862d183c48bc33c977a8e95c76eb2d2f9e350c737b964f992b958e39a4939e5a4a62cbf07e962f612768d34c36614f1eda6720f12047150a0d3baeec230d20e39be6bbb7060cb74bfd6faa67738aa98804c675aa198752e99221839d3d208f5f3fff4ea7991321908027ab80cd9ecb7c5f4f1ff85229f62552e3b34e4f0b347a699b7bd8355bcaab3f17367108f0eb4e4f9548e0d7af0e24031ed9e0cf522dcbfd92a947f4e9b5d475425a03d5d0bbf30c55b8f196475e8f50e22a15ffbbeda6166d1103fb4e457eb26f9db036246ea06757e2516dbba0028078b070bf1026244218d995d42c3ec74456b00616dec11232f7102b999e6b1f7ddb17e2fe95407b9fae667c3700b48283e9acf3e04762cd198461c1f254e9be01c7651bdc33ec480ecc3fbc1a018929eebcdd1f555f1d433206b7d5bf00cdf1c12bfede5454bb9efc8bd482f65e97f29c9ec3dd9010a7fbfba6b31828633681c2aa2475c1ce8f4267cce9bffc1f7c655aabb845789a7fd0ccb17e3c89b5d5dd8daf7398b65cce2a4b4db2ed87642095e68f916e30dd976814ca84ffd5d13e40492ef741275ea0db1b347abd5f8c3a1818c723870a33db1d1f38298a42923032a2ece1eae0ebc026c0b37df7c1c27c382760dee9c6fcb0b91cd19f44063f1d7a0735e84cdf5662a7b97f6de04872a2ff9e9b03e970f67ef5a77de0a5ac58ef9f67b0485bc87b7401c90218b82833ba779d275372b5abe5d0147a38f260d010f76d83b257447b340bce7cbb8553de3a21b68dd4c084c7614c62f56a2330d420d0a1c190eccd6c01e61ffeab3534eacf79952a8df0eb3d26f89c5af115e5cca863fd5d43692c48162e2813e3fcd55c2cae", 0xa01, 0x7ff}], 0x0, 0x0) syz_mount_image$pvfs2(0x0, 0x0, 0x0, 0x2, &(0x7f0000003300)=[{&(0x7f0000001ec0)="6b369804fa194968e32a224a3dbe48c7fcbbae001423cd3aa7d377a75b88e30aab38ab47c45340bf19d22de68aab362ab368fdac5d5fa9ea5479c9cfc2465e3269056890e90ae6eb6c43438746298441a6c48051b565a63f40c1bce35437c69bdb140972db9659b6d9fe8c7c6c66eac2d6e7d00229bacccfda3692eb1f527f827e2651feae94838347c8539d5f2f338c9f9ac24e0709972edf03cc90ee77fcb5e745fd720ba77e395c99a97eed5dcc48acdcb304593adf7f620b9275af21791a6debee905370b1aa61ff265dea9f0a28df92f40f6b2e5d474e250e5ce831dac69b8c17382d2811462ed2e82ed29dfb046771b171e3dc8548bf11b49ebd5dff13cf2fdd054933d8dd146e469dc3bddbe612da4eef8711a7b1c907d9106e8202d5fcebd69ca221514c67777d34bb16ea362b616e4ed49ca534ab9fc12b3def7b4d4672fbf163b495f87684cff4566b76e999fadaca58e7c89755b5df2d4e9839740fe8f40d5292cc29ec69a7233c3888eaf58668048862250a16450893526390e00b7d1b504423847d591f50c4bcb661dad60b36531cec17833a0e8b63801d97db953434ad46babf9f70e420e975ffe38f725c93a13e468f6f2baf0654635a4e2f372e47a9af2c3cd88a892bacb2e41ed1826e8933076910a31ed62a2a6f0cbba8a1dfaf7f0dc874cfcaad05fce7bf8da168064900ddba1a18e50da37ccd2ce81fc2990c1b00ff400cc2f2423834e433f004f00044254f0ab823432f724f28460117946da8c0a8f8445372a13da8d33824ad03377a9fb6ea1e68ac464277060b5cedac265ad3689ed327537a68339311a1d7daa0473711ef14fb27a4d70ea620e12031ffd4e3a150acc178ff1cec975f3530bde8083020cd73fc631103ac1f423422a0ce2c58c8223edd442b933e888e4449092978afee0ed8f623ef130b1ae8cbe03f9c205e02d883c77e96d28d045e3ea01686ea13ecf900612dc775213b9bbea47ccf6f3898fd696db82b73ba4d1c2416073170647bfb170e1c744afe31679df7d46c37c88bec576b72748959a3995b43642eb789a4f754d3973df374e37575e7667954a75bf376b28f8b90da997494fb769d6656e07fa3185568f159adfea0dbf38054b4d7f96cb849a11a125a5125930ca3d8d61def476a62cf8a6f829ad4b0c43c65a2b0fd18f050db18e0730b72cd9f1d0a3658b05de4dbf138c532a6e1d1b4e0ea7a0fee048342c56895e98d33bc6e2186e68b5319b49b896e9fee6c5b20075a8b2a826d34eb7a98cd1996566d9591efa3c9fefdcddd9e6f6982b9d5d4b645fa8c2d45e7845dc617467f810481c5ba0af407269a2e39a6ace46bc6796e269423d97cdf16e66a095003ada92591450c8157d15da214ae764c7dd64b2e27a132587694e8f954375ee13000600c3ea82e288823df0e2766f7d5f4a7f17f2f907811747148446838f381b3f35773e7d27b07b79b37cb1f26b9e3eeea28c8acc3431f4d9293b90a2c43011ad6787f810f652687bec47b1842e2731126ce03f205438cb0a14bedbaf56f5fb74afd2302dafac5191fbdc8e22594cda845c893ce0cdaba1e09776573502713251cf922abd1d2f8063985c81147b3b41491dbeba5c72917e12edecfa78c55d93142d812195e5881f94214a1d5e131bc10d424f24319bcebc20b67d224205807a2fc945badaf568c319d1c59e3ac029e26ec9f6324b3c48eee9657d25ba638c3987ccafbaa2c0f9c54f94a53134a7b0cfd23f0de48321339da1ff39c8058da098a05648f7730cbab0865a2c1f0782772ec4be82bec7d454e868bfc63d5a5fcca62f906301f45166225616b49a5950068a2ef8e161764a1ea405098a039d8512c9e3c074ddfb3f5b483c98daac726a08e004c3d1577557b9cef13aa1ce68ab66ccdb4c029465633fa1555999fc0513363d39bbf720a68534e6d7513347b71b125a741ba5c8e44aa4011ff891a7dc8b9186cd31b9afe9e5227addd33f1805be8cdc76fe2017eb16b02edfe1e263a095be048b3dcacc3de9abd24aa3f2c9225bc4a9d84df97c0e237c6221bbcc5b7001290ccd5a3752d628f4107408c20dc25716a33107ad21f93d44a7579ea7087f72fa76386e8251cb1879bc7d6667e3e8ee2482593795d73d921b602d81dc17a1ec8448c44db3946bd2a57d84d4c271eb7906df16e4f6af0a7873955ac252a9c7c51e13529737556b368efdf047851b3afe603164c141f5b23e6f9bc9df3ad4eaf24cf03e96b2eef120c6b486cc2e2e22607d18e60587bbea57d04c0cf22d282de60ab14bf33efbabf68a86c5e9a01d8b4d2e6562b0ea74585700beaa440335a3455a00fd00a661fd264f7d3a4b99347c1c9d3efe4539ca963c5dae572584b3463cefaf39672d406c23d1ca439ecd81baa69122a46d6df86bda4b4dce173215226f2658f6517aea49a9d56d099802f16de1338adc6f74e47ff5b957a8d089e6890da86fc0ffb1f9a49aab579544991fcddd061e93b990284743281dddb773c60704bf31c4a86bd7730c5e3c269aa41e2d2256b4020a088e89d495cf5f4a730d42155b65a90d1731db53675d0ad7f81d1d540e95dff241da16650bce929588b9b2ebbe327062a5d516f5cc018af3a730528b8afd56879e35fbabd14d1eb2db35b0998f41c778b45f903f30390bd32f7777fa8c3a51aef5334d0218d09d7a74096d91d75d5e541250be770b05b8344790bac61f4dd161eea1a1586e7c1614f80bae84fca202dfacaf12500b4ed8f8f3fd6ebd09cafb4bfb92b39bd52723dd8ac2a4e0d3cade9b9e048d90c1129f015ee93034b9aa649c1a6f24edbae565ab4fef7cff6800cc860f6ed99260873ae7e89f9515da2f6de117ad0054b98b3977a839b58bd1914c5e75ce11f31562b1d0809611cbae878fce1479faff6e7fe7e2f6142f463f240e496cdeb77de519c82158455468c89c6d463f007f1ffabefba1d0678007ca370452541ce2902179350a897197e77e177a1649e3772265e983671b491ce6c44f3b1a1bfa08a1295611e134c6aeb778a626ce27cec813d49b0b5e7cf74c960deec188f46079dbf019281285aef7ddc33c1ea059d48f1e02c4e4e309329307b64dd48450dfd2680cf53844431a7c2bade2a79a9b8706f29c1840f62121d3796e45be3a3797893e129b00c3fb161fc356467bb91fe66b8e5f6b56a237023e8a45b6bb1afe1795646ae520feefcbfc1a3e6645f640a5ab2730c7bccf9b2ecc84b513868b3173c0e21f0d1a070952d046ae85feaa46e1a85d30e389e3e5a305481494d8faa85e13d06c7817fad453f552d10b83833ddcd460d58dfa5207d1430cc8899c2f3fd39b2a679ff384c1ae3486266de0948aab500aae0f30b8c08076472942bfd5edccefc56e8c843785387b739ad65933a895ceae6078a094ee76dbfa2d11b34e0ff3123f60df63036b8a5b4b3bdde113531ac585aa82aea0cc489aa600439eb48560ca5b1f9dc88c135bce1df51cd572ba5c7ba3a52ba81379f3b40b6d755b6bea2bb6372b97eb707da91c6fa3bff4a36d84a9921eb00584cd68a7e720a49a8e19ce6d6694079fae32f1c84dc8172899ccaf6ff3e0710a190a8e40f8bc3135f2a552f5a67619c0a0bd09ebc64fa05f821df51f960932eaa4c9ae43a4018d119cbec472696fdfe4e8dd25e7cee28930f369dd4bdeb5d21367da41536d539d9192f2077f34e80065d2e1ace71d2c267aa3cc403854a5a1079bbe772a162762bc66629c9e657d5fdfb15ed25c14cea910d44fe8bc5e45566f7a5ba48eaa97a92fb6025013a3b838aa08da42df94969a67e24e7f131cee6c81437afb9225823030352035aaf70eef9d3822642018cd8a59e8a7fc932044a2f4d3c53032826d2026e16cb30da509c70cdcda18ab2ca19433733ab23f8ac236f65867ca3f2a5e7548e903d75099ab36c29b33c5367b133f54e46298ec602b88fa98d0c5f98e9bacab79699f077cf928b54d3386a9eedb63cbc179ac4591ceb70fe1c290734a1bfdda8719a73332211a06d5cad97199fa8d4631731a52c1c4c6722beb0bb02d759da43f1aff41a6c3e6c0f323d66b81c3a983d2389d3eb00c94c00101be21ac20a2b1bc178d224761bfa800fe9ecdd89c161d03480ae9df58f743c554542a70b9a7a3c93263b928c65d4133de50f75fb61b2c5d92e6b0f931b28aa1ea1d4f982e22b997c5e9a97aacd1e142e1bf81b88372d4cae0704059063f985db898ab596b8d5037a587b1f1acc8ea7a1c30a3dd68b663df873b516e1dba5beb43b612d84e54d233765ce1a06a254a61e2c3057b083f989c03d96d0b2c59e79ed3ce6b46ceb1f3da552cf40bfde4051df49ee3ee9b611f55d5e542aca8913c3f30e782175436dfb5fd3fd37139aa278d8aef00270a0091480bb34941e236aec43e62c0924e851b5fffe080f6d96474a52db35988449e2770de8af32227ce0fdb8174cf27c3099c29352e43a4c9cd458d0aed84615c7024dfa137233b8a4c6471bf3232df55bdb2cbd7ca6459af4dd010fb4c130d09fa9b0d968e327efae9c52b8521be5afd47be1e65121ba8f9a7857c5ec13a7bce98c675e7fe4e4f2bb47dafca1bc5a91b4fd937577ee5bdb8d5e0e73014bd79f27c51a02051e5f7581c43461eaaeb3b76887c762f9adf19a6c7b3262e134aa962a64720b28979c00ceb68b55d84e897ab3864b8d1bec06beac9820a0303e738c1189a9bc6f85d38bee2c7da5e3721411ec2528c18d38a5c63a57e1647ec1433bb87aa1a682cbaa5b820029f47ca095eac52f9952f6c5ce488b4c1d28964edd3c193797de8ec40ac7fd40d557b2731e524e017911fd607ec5aed0b43522b53aa8b9ecb15d58ac0026bc9af082d8e37905f27074e76e479545581122f5b20cc3d5c9bef35e63a9c39201169bb2cab7998aabe39a60ce8250665cbdcf901e0b382047119e6bba3c2184dc9a8973a707d5b2e8054ee030a45a00ed3b57c3e87e461cf38531132415e3eb4fcab454b5a857711a6359413e98aac5499402197160aa156a2e61f5ce08410cc31799d437dbb78dc1c4e1d1a5c0416a1fe3e5a64df3d6c0a7ff355392207c69b73174aa2be5d42b62150302388fa09f1a95ce41af2049a078291d9b76a41a806bf80c1cc6ab452988dcb206749dd24daf291f5525d35018e34eefd7e8c77894e6053a5a0f4abac95c56ddeaadce83e9074e1f1f46f15dd564445fd865282a08d871c4c3ae442b7d16b44c845b8fbf9bc935729f72da54190e07f1301b0266b8af45540921bb31ab267ebef166721659da4c6977e7623be36d22f0820f01a5cc475975e6dd108769b90aa5f14ff588be58356b384bed1c9db535ff6252645cfec634564ae61574a1f71f42adba6aafd7c851d96815e678f71bca3dc125658759629c4c5435560f7e914c15b2178898db", 0xf02, 0xff}, {&(0x7f0000003200)="fa", 0x1, 0x7fffffffffffffff}], 0x0, 0x0) 21:15:33 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2501.389726][T26291] loop4: detected capacity change from 0 to 253983 21:15:33 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) [ 2501.447925][T26291] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2501.456266][T26291] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2501.480811][T26291] F2FS-fs (loop4): invalid crc value 21:15:33 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {0x0, 0x0, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2501.524882][T26291] F2FS-fs (loop4): invalid crc_offset: 0 [ 2501.530988][T26291] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2502.098552][T26297] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:34 executing program 5: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r0, 0x800) lseek(r0, 0x200, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0) sendfile(r0, r1, 0x0, 0x1dd00) socket$inet6(0xa, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) [ 2502.273160][T26299] device bond161 entered promiscuous mode [ 2502.335587][T26300] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 2502.351687][T26300] qnx6: wrong signature (magic) in superblock #1. [ 2502.359188][T26300] qnx6: unable to read the first superblock [ 2502.393616][T26299] device bond161 left promiscuous mode 21:15:34 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) 21:15:34 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) [ 2502.511100][T26303] loop4: detected capacity change from 0 to 253983 21:15:34 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x0, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2502.600997][T26303] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2502.609331][T26303] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2502.640101][T26303] F2FS-fs (loop4): invalid crc value [ 2502.664139][T26303] F2FS-fs (loop4): invalid crc_offset: 0 [ 2502.670118][T26303] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:35 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {0x0, 0x0, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2502.940265][T26295] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2502.952736][T26295] CPU: 1 PID: 26295 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2502.964525][T26295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2502.974723][T26295] Call Trace: [ 2502.978109][T26295] [ 2502.981566][T26295] dump_stack_lvl+0x200/0x28c [ 2502.986463][T26295] dump_stack+0x29/0x2c [ 2502.990814][T26295] dump_header+0x1e5/0xae0 [ 2502.995485][T26295] oom_kill_process+0x3a7/0xba0 [ 2503.000678][T26295] out_of_memory+0x111c/0x1570 [ 2503.006013][T26295] ? slab_debugfs_show+0xa40/0xaa0 [ 2503.011370][T26295] mem_cgroup_out_of_memory+0x46b/0x590 [ 2503.017171][T26295] mem_cgroup_oom+0xa3d/0xd30 [ 2503.022187][T26295] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2503.027436][T26295] try_charge_memcg+0x18b0/0x2110 [ 2503.032695][T26295] ? kmsan_get_metadata+0x33/0x220 [ 2503.038087][T26295] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2503.044142][T26295] charge_memcg+0x1a9/0x6b0 [ 2503.048867][T26295] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2503.054649][T26295] __mem_cgroup_charge+0xb9/0x2e0 [ 2503.059916][T26295] do_anonymous_page+0xcb7/0x28e0 [ 2503.065142][T26295] ? __stack_depot_save+0x21/0x4b0 [ 2503.070511][T26295] handle_mm_fault+0x37b6/0x47a0 [ 2503.075739][T26295] do_user_addr_fault+0x11f5/0x1e50 [ 2503.081169][T26295] exc_page_fault+0x60/0x140 [ 2503.085903][T26295] ? asm_exc_page_fault+0x8/0x30 [ 2503.091034][T26295] asm_exc_page_fault+0x1e/0x30 [ 2503.096116][T26295] RIP: 0023:0xf6e1a65b [ 2503.100339][T26295] Code: d0 74 1f 89 d0 83 f0 01 09 c8 0f 85 c5 fe ff ff 8b 44 24 20 c7 44 24 24 00 00 00 00 0f c8 89 44 24 20 8b 44 24 1c 8b 74 24 20 <89> 30 e9 07 fb ff ff 0f b6 4c 24 10 8b 5c 24 28 89 cf c1 ef 05 83 [ 2503.120156][T26295] RSP: 002b:00000000ffacc0a0 EFLAGS: 00010246 [ 2503.126339][T26295] RAX: 0000000020003300 RBX: 0000000000000000 RCX: 0000000000000000 [ 2503.134398][T26295] RDX: 0000000000000000 RSI: 0000000020001ec0 RDI: 0000000000000000 [ 2503.142907][T26295] RBP: 00000000f6f60b68 R08: 0000000000000000 R09: 0000000000000000 [ 2503.150973][T26295] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2503.159208][T26295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2503.167336][T26295] [ 2503.173106][T26295] memory: usage 307200kB, limit 307200kB, failcnt 13137 [ 2503.180179][T26295] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2503.188306][T26295] Memory cgroup stats for /syz1: [ 2503.189733][T26295] anon 122880 [ 2503.189733][T26295] file 313270272 [ 2503.189733][T26295] kernel 1167360 [ 2503.189733][T26295] kernel_stack 32768 [ 2503.189733][T26295] pagetables 69632 [ 2503.189733][T26295] percpu 0 [ 2503.189733][T26295] sock 0 [ 2503.189733][T26295] vmalloc 0 [ 2503.189733][T26295] shmem 313270272 [ 2503.189733][T26295] file_mapped 40960 [ 2503.189733][T26295] file_dirty 0 [ 2503.189733][T26295] file_writeback 0 [ 2503.189733][T26295] swapcached 0 [ 2503.189733][T26295] anon_thp 0 [ 2503.189733][T26295] file_thp 0 [ 2503.189733][T26295] shmem_thp 0 [ 2503.189733][T26295] inactive_anon 311906304 [ 2503.189733][T26295] active_anon 1486848 [ 2503.189733][T26295] inactive_file 0 [ 2503.189733][T26295] active_file 0 [ 2503.189733][T26295] unevictable 0 [ 2503.189733][T26295] slab_reclaimable 787376 [ 2503.189733][T26295] slab_unreclaimable 263400 [ 2503.189733][T26295] slab 1050776 [ 2503.189733][T26295] workingset_refault_anon 0 [ 2503.189733][T26295] workingset_refault_file 0 [ 2503.286662][T26295] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26295,uid=0 [ 2503.302674][T26295] Memory cgroup out of memory: Killed process 26295 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:35 executing program 1: syz_clone(0x9a06100, 0x0, 0x0, 0x0, 0x0, 0x0) [ 2503.398639][ T24] audit: type=1800 audit(1655241335.640:35423): pid=26308 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=1157 res=0 errno=0 [ 2503.441437][ T24] audit: type=1804 audit(1655241335.680:35424): pid=26306 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir123737106/syzkaller.5C307s/1729/bus" dev="sda1" ino=1157 res=1 errno=0 [ 2503.483581][ T24] audit: type=1804 audit(1655241335.720:35425): pid=26306 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir123737106/syzkaller.5C307s/1729/bus" dev="sda1" ino=1157 res=1 errno=0 21:15:35 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r0}}, 0x18) 21:15:36 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/partitions\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000000d67) 21:15:36 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) [ 2503.988270][T26315] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2504.069940][T26318] device bond162 entered promiscuous mode [ 2504.106233][T26318] device bond162 left promiscuous mode [ 2504.197660][T26320] loop4: detected capacity change from 0 to 253983 21:15:36 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x0, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2504.329469][T26320] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2504.337911][T26320] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2504.363875][T26320] F2FS-fs (loop4): invalid crc value [ 2504.371312][T26320] F2FS-fs (loop4): invalid crc_offset: 0 [ 2504.377432][T26320] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:36 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00), 0x0, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:36 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r0}}, 0x18) 21:15:37 executing program 5: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x10, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(0x0, 0x0, 0x0) capset(0x0, 0x0) capset(&(0x7f0000000080)={0x20080522}, 0x0) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x1}]) 21:15:37 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) [ 2504.960334][T26324] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2504.971127][T26324] CPU: 1 PID: 26324 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2504.982882][T26324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2504.993073][T26324] Call Trace: [ 2504.996457][T26324] [ 2504.999491][T26324] dump_stack_lvl+0x200/0x28c [ 2505.004377][T26324] dump_stack+0x29/0x2c [ 2505.008760][T26324] dump_header+0x1e5/0xae0 [ 2505.013435][T26324] oom_kill_process+0x3a7/0xba0 [ 2505.018456][T26324] out_of_memory+0x111c/0x1570 [ 2505.023408][T26324] ? slab_debugfs_show+0xa40/0xaa0 [ 2505.028765][T26324] mem_cgroup_out_of_memory+0x46b/0x590 [ 2505.034610][T26324] mem_cgroup_oom+0xa3d/0xd30 [ 2505.039612][T26324] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2505.044788][T26324] try_charge_memcg+0x18b0/0x2110 [ 2505.050042][T26324] ? __rcu_read_unlock+0x85/0xf0 [ 2505.055202][T26324] obj_cgroup_charge_pages+0x352/0x760 [ 2505.060845][T26324] obj_cgroup_charge+0x28d/0x430 [ 2505.066047][T26324] kmem_cache_alloc+0x2c1/0x1170 [ 2505.071174][T26324] ? prepare_creds+0x6a/0xc00 [ 2505.076067][T26324] ? kmsan_get_metadata+0x33/0x220 [ 2505.081339][T26324] prepare_creds+0x6a/0xc00 [ 2505.085970][T26324] ? kmsan_get_metadata+0x33/0x220 [ 2505.091305][T26324] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2505.097362][T26324] copy_creds+0x1a2/0xf20 [ 2505.101936][T26324] copy_process+0xf4c/0x68e0 [ 2505.106725][T26324] ? kernel_clone+0x84/0x1110 [ 2505.111610][T26324] kernel_clone+0x4c4/0x1110 [ 2505.116476][T26324] ? __stack_depot_save+0x21/0x4b0 [ 2505.121794][T26324] ? kmsan_get_metadata+0x33/0x220 [ 2505.127164][T26324] ? kmsan_get_shadow_origin_ptr+0xe1/0xf0 [ 2505.133136][T26324] __ia32_compat_sys_ia32_clone+0x29a/0x410 [ 2505.139270][T26324] __do_fast_syscall_32+0x95/0xf0 [ 2505.144529][T26324] do_fast_syscall_32+0x33/0x70 [ 2505.149591][T26324] do_SYSENTER_32+0x1b/0x20 [ 2505.154227][T26324] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 2505.160776][T26324] RIP: 0023:0xf7fb7549 [ 2505.165001][T26324] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 [ 2505.184806][T26324] RSP: 002b:00000000f7fb257c EFLAGS: 00000206 ORIG_RAX: 0000000000000078 [ 2505.193421][T26324] RAX: ffffffffffffffda RBX: 0000000009a06000 RCX: 0000000000000000 [ 2505.201665][T26324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2505.209785][T26324] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2505.217921][T26324] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2505.226038][T26324] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2505.234192][T26324] [ 2505.239661][T26324] memory: usage 307200kB, limit 307200kB, failcnt 13176 [ 2505.247560][T26324] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2505.254732][T26324] Memory cgroup stats for /syz1: [ 2505.256207][T26324] anon 110592 [ 2505.256207][T26324] file 313262080 [ 2505.256207][T26324] kernel 1200128 [ 2505.256207][T26324] kernel_stack 49152 [ 2505.256207][T26324] pagetables 65536 [ 2505.256207][T26324] percpu 0 [ 2505.256207][T26324] sock 0 [ 2505.256207][T26324] vmalloc 0 [ 2505.256207][T26324] shmem 313262080 [ 2505.256207][T26324] file_mapped 40960 [ 2505.256207][T26324] file_dirty 0 [ 2505.256207][T26324] file_writeback 0 [ 2505.256207][T26324] swapcached 0 [ 2505.256207][T26324] anon_thp 0 [ 2505.256207][T26324] file_thp 0 [ 2505.256207][T26324] shmem_thp 0 [ 2505.256207][T26324] inactive_anon 311885824 [ 2505.256207][T26324] active_anon 1486848 [ 2505.256207][T26324] inactive_file 0 [ 2505.256207][T26324] active_file 0 [ 2505.256207][T26324] unevictable 0 [ 2505.256207][T26324] slab_reclaimable 786584 [ 2505.256207][T26324] slab_unreclaimable 280120 [ 2505.256207][T26324] slab 1066704 [ 2505.256207][T26324] workingset_refault_anon 0 [ 2505.256207][T26324] workingset_refault_file 0 [ 2505.352766][T26324] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26319,uid=0 [ 2505.368918][T26324] Memory cgroup out of memory: Killed process 26319 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:15:37 executing program 1: syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x14d141) [ 2505.467096][T26329] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2505.538714][T26329] device bond163 entered promiscuous mode [ 2505.558774][T26329] device bond163 left promiscuous mode 21:15:37 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x0, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2505.806682][T26334] loop4: detected capacity change from 0 to 253983 21:15:38 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r0}}, 0x18) [ 2506.025120][T26334] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2506.033231][T26334] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2506.101393][T26334] F2FS-fs (loop4): invalid crc value [ 2506.153002][T26334] F2FS-fs (loop4): invalid crc_offset: 0 [ 2506.159128][T26334] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:38 executing program 5: syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$dsp(r0, &(0x7f0000000080)=""/224, 0xe0) 21:15:38 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) 21:15:38 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00), 0x0, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2506.618187][T26344] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2506.676423][T26338] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2506.687175][T26338] CPU: 1 PID: 26338 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2506.698931][T26338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2506.709128][T26338] Call Trace: [ 2506.712507][T26338] [ 2506.715492][T26338] dump_stack_lvl+0x200/0x28c [ 2506.720331][T26338] dump_stack+0x29/0x2c [ 2506.724603][T26338] dump_header+0x1e5/0xae0 [ 2506.729287][T26338] oom_kill_process+0x3a7/0xba0 [ 2506.734298][T26338] out_of_memory+0x111c/0x1570 [ 2506.739348][T26338] ? slab_debugfs_show+0xa40/0xaa0 [ 2506.744717][T26338] mem_cgroup_out_of_memory+0x46b/0x590 [ 2506.750522][T26338] mem_cgroup_oom+0xa3d/0xd30 [ 2506.755417][T26338] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2506.760745][T26338] try_charge_memcg+0x18b0/0x2110 [ 2506.766081][T26338] ? kmsan_get_metadata+0x33/0x220 [ 2506.771373][T26338] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2506.777331][T26338] charge_memcg+0x1a9/0x6b0 [ 2506.782062][T26338] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2506.787839][T26338] __mem_cgroup_charge+0xb9/0x2e0 [ 2506.793070][T26338] wp_page_copy+0x719/0x4310 [ 2506.797868][T26338] ? kmsan_get_metadata+0x33/0x220 [ 2506.803190][T26338] ? kmsan_get_metadata+0x33/0x220 [ 2506.808520][T26338] ? preempt_count_sub+0xfc/0x340 [ 2506.813723][T26338] do_wp_page+0xc81/0x29c0 [ 2506.818371][T26338] handle_mm_fault+0x43e1/0x47a0 [ 2506.823458][T26338] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2506.828673][T26338] ? kmsan_get_metadata+0x33/0x220 [ 2506.834015][T26338] do_user_addr_fault+0x11f5/0x1e50 [ 2506.839390][T26338] exc_page_fault+0x60/0x140 [ 2506.844185][T26338] ? asm_exc_page_fault+0x8/0x30 [ 2506.849403][T26338] asm_exc_page_fault+0x1e/0x30 [ 2506.854427][T26338] RIP: 0023:0xf6e1f418 [ 2506.858633][T26338] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2506.878462][T26338] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2506.884644][T26338] RAX: 00000000f6f50000 RBX: 00000000f3161b9c RCX: 0000000000001b9c [ 2506.892765][T26338] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826cc9a5 [ 2506.901021][T26338] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2506.909141][T26338] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2506.917260][T26338] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2506.925373][T26338] [ 2506.928768][T26338] memory: usage 307200kB, limit 307200kB, failcnt 13248 [ 2506.935967][T26338] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2506.943059][T26338] Memory cgroup stats for /syz1: [ 2506.944179][T26344] device bond164 entered promiscuous mode [ 2506.944373][T26338] anon 131072 [ 2506.944373][T26338] file 313262080 [ 2506.944373][T26338] kernel 1179648 [ 2506.944373][T26338] kernel_stack 32768 [ 2506.944373][T26338] pagetables 69632 [ 2506.944373][T26338] percpu 0 [ 2506.944373][T26338] sock 0 [ 2506.944373][T26338] vmalloc 0 [ 2506.944373][T26338] shmem 313262080 [ 2506.944373][T26338] file_mapped 40960 [ 2506.944373][T26338] file_dirty 0 [ 2506.944373][T26338] file_writeback 0 [ 2506.944373][T26338] swapcached 0 [ 2506.944373][T26338] anon_thp 0 [ 2506.944373][T26338] file_thp 0 [ 2506.944373][T26338] shmem_thp 0 [ 2506.944373][T26338] inactive_anon 311894016 [ 2506.944373][T26338] active_anon 1486848 [ 2506.944373][T26338] inactive_file 0 [ 2506.944373][T26338] active_file 0 [ 2506.944373][T26338] unevictable 0 [ 2506.944373][T26338] slab_reclaimable 786584 [ 2506.944373][T26338] slab_unreclaimable 271896 [ 2506.944373][T26338] slab 1058480 [ 2506.944373][T26338] workingset_refault_anon 0 [ 2506.944373][T26338] workingset_refault_file 0 [ 2507.046321][T26338] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26338,uid=0 [ 2507.062485][T26338] Memory cgroup out of memory: Killed process 26338 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:39 executing program 1: r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r1, &(0x7f0000000080)=""/232, 0xe8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000040)={0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x80045300, &(0x7f0000000180)) tkill(r0, 0x7) [ 2507.103712][T26344] device bond164 left promiscuous mode 21:15:39 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x0, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:39 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) 21:15:40 executing program 3: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) [ 2507.874380][T26356] loop4: detected capacity change from 0 to 253983 [ 2507.945841][T26356] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2507.954132][T26356] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2507.983798][T26356] F2FS-fs (loop4): invalid crc value [ 2507.999602][T26356] F2FS-fs (loop4): invalid crc_offset: 0 [ 2508.006516][T26356] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2508.059809][T26357] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:40 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2508.289881][T26357] device bond165 entered promiscuous mode 21:15:40 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00), 0x0, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2508.350715][T26357] device bond165 left promiscuous mode 21:15:40 executing program 5: r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, 0x0) [ 2508.570424][T26352] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2508.584740][T26352] CPU: 1 PID: 26352 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2508.596504][T26352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2508.606699][T26352] Call Trace: [ 2508.610078][T26352] [ 2508.613098][T26352] dump_stack_lvl+0x200/0x28c [ 2508.617982][T26352] dump_stack+0x29/0x2c [ 2508.622318][T26352] dump_header+0x1e5/0xae0 [ 2508.626967][T26352] oom_kill_process+0x3a7/0xba0 [ 2508.632051][T26352] out_of_memory+0x111c/0x1570 [ 2508.637017][T26352] ? slab_debugfs_show+0xa40/0xaa0 [ 2508.642359][T26352] mem_cgroup_out_of_memory+0x46b/0x590 [ 2508.648149][T26352] mem_cgroup_oom+0xa3d/0xd30 [ 2508.653031][T26352] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2508.658260][T26352] try_charge_memcg+0x18b0/0x2110 [ 2508.663604][T26352] ? __rcu_read_unlock+0x85/0xf0 21:15:40 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x0, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2508.668735][T26352] obj_cgroup_charge_pages+0x352/0x760 [ 2508.674454][T26352] __memcg_kmem_charge_page+0x5b2/0x910 [ 2508.680260][T26352] __alloc_pages+0x82e/0x1040 [ 2508.685213][T26352] alloc_pages+0x98c/0xca0 [ 2508.689822][T26352] ? do_anonymous_page+0xfbf/0x28e0 [ 2508.695245][T26352] pte_alloc_one+0x6b/0x280 [ 2508.699955][T26352] ? kmsan_get_metadata+0x33/0x220 [ 2508.705294][T26352] __pte_alloc+0x81/0x5b0 [ 2508.709789][T26352] ? handle_mm_fault+0x1782/0x47a0 [ 2508.715259][T26352] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2508.721403][T26352] do_anonymous_page+0x9d9/0x28e0 [ 2508.726642][T26352] ? __stack_depot_save+0x21/0x4b0 [ 2508.732009][T26352] handle_mm_fault+0x37b6/0x47a0 [ 2508.737111][T26352] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2508.742320][T26352] ? kmsan_get_metadata+0x33/0x220 [ 2508.747721][T26352] do_user_addr_fault+0x11f5/0x1e50 [ 2508.753122][T26352] exc_page_fault+0x60/0x140 [ 2508.757835][T26352] ? asm_exc_page_fault+0x8/0x30 [ 2508.762878][T26352] asm_exc_page_fault+0x1e/0x30 [ 2508.768002][T26352] RIP: 0023:0xf6e548f6 [ 2508.772139][T26352] Code: 03 76 37 f7 c6 03 00 00 00 74 16 a4 49 f7 c6 03 00 00 00 74 0c a4 49 f7 c6 03 00 00 00 74 02 a4 49 50 89 c8 c1 e9 02 83 e0 03 a5 89 c1 f3 a4 58 89 c7 89 d6 8b 44 24 04 c3 d1 e9 73 01 a4 d1 [ 2508.791868][T26352] RSP: 002b:00000000ffacc118 EFLAGS: 00010202 [ 2508.798113][T26352] RAX: 0000000000000001 RBX: 00000000f6f36000 RCX: 0000000000000003 [ 2508.806222][T26352] RDX: 0000000000000000 RSI: 00000000f6f60038 RDI: 0000000020000000 [ 2508.814330][T26352] RBP: 00000000f6f60020 R08: 0000000000000000 R09: 0000000000000000 [ 2508.822443][T26352] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2508.830546][T26352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2508.838644][T26352] [ 2508.844674][T26352] memory: usage 307200kB, limit 307200kB, failcnt 13296 [ 2508.851747][T26352] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2508.859138][T26352] Memory cgroup stats for /syz1: [ 2508.860587][T26352] anon 135168 [ 2508.860587][T26352] file 313262080 [ 2508.860587][T26352] kernel 1175552 [ 2508.860587][T26352] kernel_stack 32768 [ 2508.860587][T26352] pagetables 65536 [ 2508.860587][T26352] percpu 0 [ 2508.860587][T26352] sock 0 [ 2508.860587][T26352] vmalloc 0 [ 2508.860587][T26352] shmem 313262080 [ 2508.860587][T26352] file_mapped 40960 [ 2508.860587][T26352] file_dirty 0 [ 2508.860587][T26352] file_writeback 0 [ 2508.860587][T26352] swapcached 0 [ 2508.860587][T26352] anon_thp 0 [ 2508.860587][T26352] file_thp 0 [ 2508.860587][T26352] shmem_thp 0 [ 2508.860587][T26352] inactive_anon 311910400 [ 2508.860587][T26352] active_anon 1486848 [ 2508.860587][T26352] inactive_file 0 [ 2508.860587][T26352] active_file 0 [ 2508.860587][T26352] unevictable 0 [ 2508.860587][T26352] slab_reclaimable 786584 [ 2508.860587][T26352] slab_unreclaimable 271728 [ 2508.860587][T26352] slab 1058312 [ 2508.860587][T26352] workingset_refault_anon 0 [ 2508.860587][T26352] workingset_refault_file 0 [ 2508.957157][T26352] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26352,uid=0 [ 2508.973448][T26352] Memory cgroup out of memory: Killed process 26352 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:15:41 executing program 1: r0 = socket(0x2b, 0x1, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x8902, &(0x7f0000000080)) 21:15:41 executing program 3: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) 21:15:41 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2509.637506][T26371] loop4: detected capacity change from 0 to 253983 [ 2509.711194][T26371] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2509.719574][T26371] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2509.730763][T26373] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2509.807242][T26371] F2FS-fs (loop4): invalid crc value [ 2509.844593][T26373] device bond166 entered promiscuous mode [ 2509.859486][T26371] F2FS-fs (loop4): invalid crc_offset: 0 [ 2509.865654][T26371] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2509.880798][T26373] device bond166 left promiscuous mode 21:15:42 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)='\x00'/16, 0x10, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:42 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x0, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:42 executing program 3: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) 21:15:42 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x7800}}) [ 2510.411589][T26369] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 2510.425970][T26369] CPU: 1 PID: 26369 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2510.437720][T26369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2510.447902][T26369] Call Trace: [ 2510.451266][T26369] [ 2510.454284][T26369] dump_stack_lvl+0x200/0x28c [ 2510.459152][T26369] dump_stack+0x29/0x2c [ 2510.463466][T26369] dump_header+0x1e5/0xae0 [ 2510.468089][T26369] oom_kill_process+0x3a7/0xba0 [ 2510.473149][T26369] out_of_memory+0x111c/0x1570 [ 2510.478097][T26369] ? slab_debugfs_show+0xa40/0xaa0 [ 2510.483419][T26369] mem_cgroup_out_of_memory+0x46b/0x590 [ 2510.489207][T26369] mem_cgroup_oom+0xa3d/0xd30 [ 2510.494086][T26369] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2510.499313][T26369] try_charge_memcg+0x18b0/0x2110 [ 2510.504608][T26369] ? __rcu_read_unlock+0x85/0xf0 [ 2510.509709][T26369] obj_cgroup_charge_pages+0x352/0x760 [ 2510.515391][T26369] __memcg_kmem_charge_page+0x5b2/0x910 [ 2510.521162][T26369] __alloc_pages+0x82e/0x1040 [ 2510.526111][T26369] dup_task_struct+0x310/0xaf0 [ 2510.531081][T26369] ? kmsan_get_metadata+0x33/0x220 [ 2510.536413][T26369] copy_process+0xb32/0x68e0 [ 2510.541271][T26369] ? kmsan_get_metadata+0x33/0x220 [ 2510.546570][T26369] ? kernel_clone+0x84/0x1110 [ 2510.551481][T26369] kernel_clone+0x4c4/0x1110 [ 2510.556229][T26369] ? __stack_depot_save+0x21/0x4b0 [ 2510.561531][T26369] ? kmsan_get_metadata+0x33/0x220 [ 2510.566834][T26369] ? kmsan_get_shadow_origin_ptr+0xe0/0xf0 [ 2510.572854][T26369] __ia32_compat_sys_ia32_clone+0x29a/0x410 [ 2510.579002][T26369] do_int80_syscall_32+0x4d/0xa0 [ 2510.584114][T26369] ? asm_exc_page_fault+0x8/0x30 [ 2510.589244][T26369] entry_INT80_compat+0x71/0x76 [ 2510.594262][T26369] RIP: 0023:0xf6e5a3a4 [ 2510.598443][T26369] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00 [ 2510.618208][T26369] RSP: 002b:00000000ffacc000 EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 2510.626806][T26369] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f917a4 [ 2510.634908][T26369] RDX: 00000000f7f91ba8 RSI: 00000000ffacc04c RDI: 00000000f7f91ba8 [ 2510.643004][T26369] RBP: 00000000f6f36000 R08: 0000000000000000 R09: 0000000000000000 [ 2510.651108][T26369] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 21:15:42 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2510.659201][T26369] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2510.667431][T26369] [ 2510.672001][T26369] memory: usage 307196kB, limit 307200kB, failcnt 13346 [ 2510.679106][T26369] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2510.686214][T26369] Memory cgroup stats for /syz1: [ 2510.687742][T26369] anon 114688 [ 2510.687742][T26369] file 313262080 [ 2510.687742][T26369] kernel 1191936 [ 2510.687742][T26369] kernel_stack 32768 [ 2510.687742][T26369] pagetables 65536 [ 2510.687742][T26369] percpu 0 [ 2510.687742][T26369] sock 0 [ 2510.687742][T26369] vmalloc 0 [ 2510.687742][T26369] shmem 313262080 [ 2510.687742][T26369] file_mapped 40960 [ 2510.687742][T26369] file_dirty 0 [ 2510.687742][T26369] file_writeback 0 [ 2510.687742][T26369] swapcached 0 [ 2510.687742][T26369] anon_thp 0 [ 2510.687742][T26369] file_thp 0 [ 2510.687742][T26369] shmem_thp 0 [ 2510.687742][T26369] inactive_anon 311889920 [ 2510.687742][T26369] active_anon 1486848 [ 2510.687742][T26369] inactive_file 0 [ 2510.687742][T26369] active_file 0 [ 2510.687742][T26369] unevictable 0 [ 2510.687742][T26369] slab_reclaimable 788464 [ 2510.687742][T26369] slab_unreclaimable 284952 [ 2510.687742][T26369] slab 1073416 [ 2510.687742][T26369] workingset_refault_anon 0 [ 2510.687742][T26369] workingset_refault_file 0 [ 2510.784048][T26369] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26369,uid=0 [ 2510.800197][T26369] Memory cgroup out of memory: Killed process 26369 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:15:43 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="ce", 0x1010c, 0x0, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 2511.008385][T26384] loop4: detected capacity change from 0 to 253983 [ 2511.093495][T26384] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2511.101405][T26384] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2511.135079][T26384] F2FS-fs (loop4): invalid crc value [ 2511.194120][T26384] F2FS-fs (loop4): invalid crc_offset: 0 [ 2511.200154][T26384] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:43 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)='\x00'/16, 0x10, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2511.385002][T26387] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:43 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) [ 2511.595794][T26392] device bond167 entered promiscuous mode [ 2511.625952][T26392] device bond167 left promiscuous mode 21:15:43 executing program 5: syz_mount_image$hpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f00000002c0)) 21:15:44 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x0, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:44 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2512.052935][T26395] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2512.065141][T26395] CPU: 1 PID: 26395 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2512.076906][T26395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2512.087103][T26395] Call Trace: [ 2512.090481][T26395] [ 2512.093509][T26395] dump_stack_lvl+0x200/0x28c [ 2512.098412][T26395] dump_stack+0x29/0x2c [ 2512.102768][T26395] dump_header+0x1e5/0xae0 [ 2512.107406][T26395] oom_kill_process+0x3a7/0xba0 [ 2512.112649][T26395] out_of_memory+0x111c/0x1570 [ 2512.117601][T26395] ? slab_debugfs_show+0xa40/0xaa0 [ 2512.122947][T26395] mem_cgroup_out_of_memory+0x46b/0x590 [ 2512.128761][T26395] mem_cgroup_oom+0xa3d/0xd30 [ 2512.133658][T26395] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2512.138891][T26395] try_charge_memcg+0x18b0/0x2110 [ 2512.144109][T26395] ? kmsan_get_metadata+0x33/0x220 [ 2512.149432][T26395] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2512.155474][T26395] charge_memcg+0x1a9/0x6b0 [ 2512.160195][T26395] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2512.165975][T26395] __mem_cgroup_charge+0xb9/0x2e0 [ 2512.171230][T26395] wp_page_copy+0x719/0x4310 [ 2512.175966][T26395] ? kmsan_get_metadata+0x33/0x220 [ 2512.181298][T26395] ? update_misfit_status+0x30/0xcd0 [ 2512.186802][T26395] ? kmsan_get_metadata+0x33/0x220 [ 2512.192152][T26395] ? preempt_count_sub+0xfc/0x340 [ 2512.197345][T26395] do_wp_page+0xc81/0x29c0 [ 2512.201911][T26395] handle_mm_fault+0x43e1/0x47a0 [ 2512.206995][T26395] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2512.213066][T26395] do_user_addr_fault+0x11f5/0x1e50 [ 2512.218401][T26395] exc_page_fault+0x60/0x140 [ 2512.223123][T26395] ? asm_exc_page_fault+0x8/0x30 [ 2512.228237][T26395] asm_exc_page_fault+0x1e/0x30 [ 2512.233245][T26395] RIP: 0023:0xf6e1f418 [ 2512.237384][T26395] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2512.257104][T26395] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2512.263340][T26395] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2512.271450][T26395] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2512.279569][T26395] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2512.287691][T26395] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2512.295797][T26395] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2512.303998][T26395] [ 2512.309801][T26395] memory: usage 307200kB, limit 307200kB, failcnt 13410 [ 2512.317335][T26395] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2512.324455][T26395] Memory cgroup stats for /syz1: [ 2512.325810][T26395] anon 131072 [ 2512.325810][T26395] file 313262080 [ 2512.325810][T26395] kernel 1179648 [ 2512.325810][T26395] kernel_stack 32768 [ 2512.325810][T26395] pagetables 65536 [ 2512.325810][T26395] percpu 0 [ 2512.325810][T26395] sock 0 [ 2512.325810][T26395] vmalloc 0 [ 2512.325810][T26395] shmem 313262080 [ 2512.325810][T26395] file_mapped 40960 [ 2512.325810][T26395] file_dirty 0 [ 2512.325810][T26395] file_writeback 0 [ 2512.325810][T26395] swapcached 0 [ 2512.325810][T26395] anon_thp 0 [ 2512.325810][T26395] file_thp 0 [ 2512.325810][T26395] shmem_thp 0 [ 2512.325810][T26395] inactive_anon 311885824 [ 2512.325810][T26395] active_anon 1486848 [ 2512.325810][T26395] inactive_file 0 [ 2512.325810][T26395] active_file 0 [ 2512.325810][T26395] unevictable 0 [ 2512.325810][T26395] slab_reclaimable 787624 [ 2512.325810][T26395] slab_unreclaimable 273600 [ 2512.325810][T26395] slab 1061224 [ 2512.325810][T26395] workingset_refault_anon 0 [ 2512.325810][T26395] workingset_refault_file 0 [ 2512.421959][T26395] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26395,uid=0 [ 2512.438226][T26395] Memory cgroup out of memory: Killed process 26395 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2512.615640][T26400] loop4: detected capacity change from 0 to 253983 21:15:44 executing program 1: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r0, 0x0, 0x23, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@dev, @dev}, 0x10) [ 2512.732802][T26400] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2512.740714][T26400] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:15:45 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) [ 2512.846353][T26400] F2FS-fs (loop4): invalid crc value [ 2512.875834][T26400] F2FS-fs (loop4): invalid crc_offset: 0 [ 2512.888901][T26400] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2513.097184][T26405] hpfs: Bad magic ... probably not HPFS [ 2513.112388][T26406] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:45 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)='\x00'/16, 0x10, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:45 executing program 5: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x9, 0x4, &(0x7f00000002c0)=@framed={{}, [@generic={0x55}]}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 21:15:45 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2513.301006][T26409] device bond168 entered promiscuous mode [ 2513.327795][T26409] device bond168 left promiscuous mode 21:15:45 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x0, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:45 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) 21:15:46 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) [ 2514.059165][T26418] loop4: detected capacity change from 0 to 253983 21:15:46 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000001e80)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c, 0x0}}], 0x1, 0x0) [ 2514.177211][T26418] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2514.185595][T26418] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2514.293143][T26418] F2FS-fs (loop4): invalid crc value [ 2514.310146][T26418] F2FS-fs (loop4): invalid crc_offset: 0 [ 2514.318054][T26418] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2514.378069][T26411] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2514.388978][T26411] CPU: 1 PID: 26411 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2514.400724][T26411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2514.411267][T26411] Call Trace: [ 2514.414646][T26411] [ 2514.417672][T26411] dump_stack_lvl+0x200/0x28c [ 2514.422559][T26411] dump_stack+0x29/0x2c [ 2514.427078][T26411] dump_header+0x1e5/0xae0 [ 2514.431742][T26411] oom_kill_process+0x3a7/0xba0 [ 2514.436795][T26411] out_of_memory+0x111c/0x1570 [ 2514.441784][T26411] ? slab_debugfs_show+0xa40/0xaa0 [ 2514.447132][T26411] mem_cgroup_out_of_memory+0x46b/0x590 [ 2514.452973][T26411] mem_cgroup_oom+0xa3d/0xd30 [ 2514.457914][T26411] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2514.463143][T26411] try_charge_memcg+0x18b0/0x2110 [ 2514.468369][T26411] ? kmsan_get_metadata+0x33/0x220 [ 2514.473757][T26411] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2514.479813][T26411] charge_memcg+0x1a9/0x6b0 [ 2514.484499][T26411] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2514.490281][T26411] __mem_cgroup_charge+0xb9/0x2e0 [ 2514.495586][T26411] wp_page_copy+0x719/0x4310 [ 2514.500383][T26411] ? kmsan_get_metadata+0x33/0x220 [ 2514.505815][T26411] ? kmsan_get_metadata+0x33/0x220 [ 2514.511301][T26411] ? preempt_count_sub+0xfc/0x340 [ 2514.516525][T26411] do_wp_page+0xc81/0x29c0 [ 2514.521162][T26411] handle_mm_fault+0x43e1/0x47a0 [ 2514.526319][T26411] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2514.532538][T26411] do_user_addr_fault+0x11f5/0x1e50 [ 2514.537996][T26411] exc_page_fault+0x60/0x140 [ 2514.542847][T26411] ? asm_exc_page_fault+0x8/0x30 [ 2514.547987][T26411] asm_exc_page_fault+0x1e/0x30 [ 2514.552999][T26411] RIP: 0023:0xf6e1f418 [ 2514.557170][T26411] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2514.577205][T26411] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2514.583382][T26411] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2514.591494][T26411] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2514.599556][T26411] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2514.607673][T26411] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2514.615787][T26411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2514.623939][T26411] [ 2514.627257][T26411] memory: usage 307200kB, limit 307200kB, failcnt 13472 [ 2514.634446][T26411] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2514.641411][T26411] Memory cgroup stats for /syz1: [ 2514.642333][T26411] anon 135168 [ 2514.642333][T26411] file 313262080 [ 2514.642333][T26411] kernel 1175552 [ 2514.642333][T26411] kernel_stack 32768 [ 2514.642333][T26411] pagetables 65536 [ 2514.642333][T26411] percpu 0 [ 2514.642333][T26411] sock 0 [ 2514.642333][T26411] vmalloc 0 [ 2514.642333][T26411] shmem 313262080 [ 2514.642333][T26411] file_mapped 40960 [ 2514.642333][T26411] file_dirty 0 [ 2514.642333][T26411] file_writeback 0 [ 2514.642333][T26411] swapcached 0 [ 2514.642333][T26411] anon_thp 0 [ 2514.642333][T26411] file_thp 0 [ 2514.642333][T26411] shmem_thp 0 [ 2514.642333][T26411] inactive_anon 311910400 [ 2514.642333][T26411] active_anon 1486848 [ 2514.642333][T26411] inactive_file 0 [ 2514.642333][T26411] active_file 0 [ 2514.642333][T26411] unevictable 0 [ 2514.642333][T26411] slab_reclaimable 787624 [ 2514.642333][T26411] slab_unreclaimable 273024 [ 2514.642333][T26411] slab 1060648 [ 2514.642333][T26411] workingset_refault_anon 0 [ 2514.642333][T26411] workingset_refault_file 0 [ 2514.738592][T26411] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26411,uid=0 [ 2514.754853][T26411] Memory cgroup out of memory: Killed process 26411 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2514.855813][T26423] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:47 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)='\x00'/24, 0x18, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:47 executing program 1: r0 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000100)={'bond0\x00', {0x2, 0x0, @broadcast}}) [ 2514.959347][T26423] device bond169 entered promiscuous mode [ 2514.977936][T26423] device bond169 left promiscuous mode 21:15:47 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) 21:15:47 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x0, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:47 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) 21:15:47 executing program 5: socketpair(0x2, 0x2, 0x3, &(0x7f0000000000)) 21:15:48 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) [ 2515.828472][T26437] loop4: detected capacity change from 0 to 253983 [ 2515.863495][T26436] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2515.962094][T26436] device bond170 entered promiscuous mode [ 2515.975738][T26436] device bond170 left promiscuous mode [ 2515.996108][T26437] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2516.004410][T26437] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2516.017161][T26437] F2FS-fs (loop4): invalid crc value [ 2516.048857][T26437] F2FS-fs (loop4): invalid crc_offset: 0 [ 2516.058141][T26437] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:48 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)='\x00'/24, 0x18, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:48 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) 21:15:48 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2516.409337][T26434] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2516.420129][T26434] CPU: 1 PID: 26434 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2516.431885][T26434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2516.442072][T26434] Call Trace: [ 2516.445424][T26434] [ 2516.448444][T26434] dump_stack_lvl+0x200/0x28c [ 2516.453334][T26434] dump_stack+0x29/0x2c [ 2516.457649][T26434] dump_header+0x1e5/0xae0 [ 2516.462239][T26434] oom_kill_process+0x3a7/0xba0 [ 2516.467309][T26434] out_of_memory+0x111c/0x1570 [ 2516.472283][T26434] ? slab_debugfs_show+0xa40/0xaa0 [ 2516.477615][T26434] mem_cgroup_out_of_memory+0x46b/0x590 [ 2516.483437][T26434] mem_cgroup_oom+0xa3d/0xd30 [ 2516.488348][T26434] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2516.493691][T26434] try_charge_memcg+0x18b0/0x2110 [ 2516.498950][T26434] ? kmsan_get_metadata+0x33/0x220 [ 2516.504321][T26434] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2516.510284][T26434] charge_memcg+0x1a9/0x6b0 [ 2516.514990][T26434] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2516.520669][T26434] __mem_cgroup_charge+0xb9/0x2e0 [ 2516.525847][T26434] wp_page_copy+0x719/0x4310 [ 2516.530642][T26434] ? kmsan_get_metadata+0x33/0x220 [ 2516.536004][T26434] ? kmsan_get_metadata+0x33/0x220 [ 2516.541333][T26434] ? preempt_count_sub+0xfc/0x340 [ 2516.546482][T26434] do_wp_page+0xc81/0x29c0 [ 2516.551029][T26434] handle_mm_fault+0x43e1/0x47a0 [ 2516.556368][T26434] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2516.562517][T26434] do_user_addr_fault+0x11f5/0x1e50 [ 2516.567898][T26434] exc_page_fault+0x60/0x140 [ 2516.572707][T26434] ? asm_exc_page_fault+0x8/0x30 [ 2516.577825][T26434] asm_exc_page_fault+0x1e/0x30 [ 2516.582842][T26434] RIP: 0023:0xf6e1f418 [ 2516.586984][T26434] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2516.606762][T26434] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2516.612932][T26434] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2516.621043][T26434] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2516.629111][T26434] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2516.637317][T26434] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2516.645426][T26434] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2516.653521][T26434] [ 2516.656794][T26434] memory: usage 307200kB, limit 307200kB, failcnt 13512 [ 2516.663979][T26434] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2516.670942][T26434] Memory cgroup stats for /syz1: [ 2516.671735][T26434] anon 135168 [ 2516.671735][T26434] file 313262080 [ 2516.671735][T26434] kernel 1175552 [ 2516.671735][T26434] kernel_stack 32768 [ 2516.671735][T26434] pagetables 65536 [ 2516.671735][T26434] percpu 0 [ 2516.671735][T26434] sock 0 [ 2516.671735][T26434] vmalloc 0 [ 2516.671735][T26434] shmem 313262080 [ 2516.671735][T26434] file_mapped 40960 [ 2516.671735][T26434] file_dirty 0 [ 2516.671735][T26434] file_writeback 0 [ 2516.671735][T26434] swapcached 0 [ 2516.671735][T26434] anon_thp 0 [ 2516.671735][T26434] file_thp 0 [ 2516.671735][T26434] shmem_thp 0 [ 2516.671735][T26434] inactive_anon 311894016 [ 2516.671735][T26434] active_anon 1486848 [ 2516.671735][T26434] inactive_file 0 [ 2516.671735][T26434] active_file 0 [ 2516.671735][T26434] unevictable 0 [ 2516.671735][T26434] slab_reclaimable 787624 [ 2516.671735][T26434] slab_unreclaimable 273024 [ 2516.671735][T26434] slab 1060648 21:15:49 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)) [ 2516.671735][T26434] workingset_refault_anon 0 [ 2516.671735][T26434] workingset_refault_file 0 [ 2516.768292][T26434] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26434,uid=0 [ 2516.784331][T26434] Memory cgroup out of memory: Killed process 26434 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:15:49 executing program 5: r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r1, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x7, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x32}, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) 21:15:49 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) [ 2517.419506][T26452] loop4: detected capacity change from 0 to 253983 [ 2517.430575][T26453] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:49 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) [ 2517.530503][T26452] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2517.538598][T26452] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2517.560073][T26456] device bond171 entered promiscuous mode [ 2517.570861][T26452] F2FS-fs (loop4): invalid crc value [ 2517.612475][T26452] F2FS-fs (loop4): invalid crc_offset: 0 [ 2517.618466][T26452] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2517.659888][T26456] device bond171 left promiscuous mode 21:15:50 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)='\x00'/24, 0x18, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:50 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:50 executing program 5: r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r1, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x7, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x32}, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) [ 2518.037617][T26451] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2518.049046][T26451] CPU: 0 PID: 26451 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2518.060841][T26451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2518.071045][T26451] Call Trace: [ 2518.074427][T26451] [ 2518.077478][T26451] dump_stack_lvl+0x200/0x28c [ 2518.082449][T26451] dump_stack+0x29/0x2c [ 2518.086768][T26451] dump_header+0x1e5/0xae0 [ 2518.091427][T26451] oom_kill_process+0x3a7/0xba0 [ 2518.096772][T26451] out_of_memory+0x111c/0x1570 [ 2518.101734][T26451] ? slab_debugfs_show+0xa40/0xaa0 [ 2518.107090][T26451] mem_cgroup_out_of_memory+0x46b/0x590 [ 2518.112941][T26451] mem_cgroup_oom+0xa3d/0xd30 [ 2518.117848][T26451] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2518.123113][T26451] try_charge_memcg+0x18b0/0x2110 [ 2518.128404][T26451] ? kmsan_get_metadata+0x33/0x220 [ 2518.133770][T26451] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2518.139810][T26451] charge_memcg+0x1a9/0x6b0 [ 2518.144524][T26451] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2518.150309][T26451] __mem_cgroup_charge+0xb9/0x2e0 [ 2518.155572][T26451] wp_page_copy+0x719/0x4310 [ 2518.160499][T26451] ? kmsan_get_metadata+0x33/0x220 [ 2518.165847][T26451] ? kmsan_get_metadata+0x33/0x220 [ 2518.171171][T26451] ? preempt_count_sub+0xfc/0x340 [ 2518.176407][T26451] do_wp_page+0xc81/0x29c0 [ 2518.181033][T26451] handle_mm_fault+0x43e1/0x47a0 [ 2518.186142][T26451] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2518.192309][T26451] do_user_addr_fault+0x11f5/0x1e50 [ 2518.197722][T26451] exc_page_fault+0x60/0x140 [ 2518.202504][T26451] ? asm_exc_page_fault+0x8/0x30 [ 2518.207601][T26451] asm_exc_page_fault+0x1e/0x30 [ 2518.212957][T26451] RIP: 0023:0xf6e1f418 [ 2518.217139][T26451] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2518.236904][T26451] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2518.243233][T26451] RAX: 00000000f6f50000 RBX: 000000004afa5404 RCX: 0000000000001404 [ 2518.251346][T26451] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826ce43b [ 2518.259449][T26451] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2518.267542][T26451] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2518.275628][T26451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2518.283757][T26451] [ 2518.287039][T26451] memory: usage 307200kB, limit 307200kB, failcnt 13549 [ 2518.294179][T26451] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2518.301140][T26451] Memory cgroup stats for /syz1: [ 2518.302605][T26451] anon 131072 [ 2518.302605][T26451] file 313262080 [ 2518.302605][T26451] kernel 1179648 [ 2518.302605][T26451] kernel_stack 32768 [ 2518.302605][T26451] pagetables 69632 [ 2518.302605][T26451] percpu 0 [ 2518.302605][T26451] sock 0 [ 2518.302605][T26451] vmalloc 0 [ 2518.302605][T26451] shmem 313262080 [ 2518.302605][T26451] file_mapped 40960 [ 2518.302605][T26451] file_dirty 0 [ 2518.302605][T26451] file_writeback 0 [ 2518.302605][T26451] swapcached 0 [ 2518.302605][T26451] anon_thp 0 [ 2518.302605][T26451] file_thp 0 [ 2518.302605][T26451] shmem_thp 0 [ 2518.302605][T26451] inactive_anon 311906304 [ 2518.302605][T26451] active_anon 1486848 [ 2518.302605][T26451] inactive_file 0 [ 2518.302605][T26451] active_file 0 [ 2518.302605][T26451] unevictable 0 [ 2518.302605][T26451] slab_reclaimable 786584 [ 2518.302605][T26451] slab_unreclaimable 272160 [ 2518.302605][T26451] slab 1058744 [ 2518.302605][T26451] workingset_refault_anon 0 [ 2518.302605][T26451] workingset_refault_file 0 [ 2518.398950][T26451] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26451,uid=0 [ 2518.415015][T26451] Memory cgroup out of memory: Killed process 26451 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:50 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) 21:15:50 executing program 1: select(0x40, &(0x7f0000000000)={0x5}, 0x0, 0x0, &(0x7f0000000180)={0x0, 0xea60}) [ 2518.776976][T26466] loop4: detected capacity change from 0 to 253983 [ 2518.859674][T26466] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2518.867855][T26466] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2518.891719][T26466] F2FS-fs (loop4): invalid crc value [ 2518.899241][T26466] F2FS-fs (loop4): invalid crc_offset: 0 21:15:51 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) 21:15:51 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)='\x00'/28, 0x1c, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2518.905513][T26466] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2519.068701][T26470] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:51 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) [ 2519.461249][T26470] device bond172 entered promiscuous mode [ 2519.517273][T26470] device bond172 left promiscuous mode 21:15:52 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) 21:15:52 executing program 5: r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r1, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x7, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x32}, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) 21:15:52 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2519.797378][T26481] loop4: detected capacity change from 0 to 253983 [ 2519.979589][T26481] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2519.988126][T26481] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2520.006291][T26481] F2FS-fs (loop4): invalid crc value [ 2520.020098][T26481] F2FS-fs (loop4): invalid crc_offset: 0 [ 2520.026358][T26481] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2520.055075][T26475] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2520.065830][T26475] CPU: 1 PID: 26475 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2520.077568][T26475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2520.087744][T26475] Call Trace: [ 2520.091107][T26475] [ 2520.094116][T26475] dump_stack_lvl+0x200/0x28c [ 2520.099008][T26475] dump_stack+0x29/0x2c [ 2520.103353][T26475] dump_header+0x1e5/0xae0 [ 2520.108013][T26475] oom_kill_process+0x3a7/0xba0 [ 2520.113077][T26475] out_of_memory+0x111c/0x1570 [ 2520.118035][T26475] ? slab_debugfs_show+0xa40/0xaa0 [ 2520.123384][T26475] mem_cgroup_out_of_memory+0x46b/0x590 [ 2520.129198][T26475] mem_cgroup_oom+0xa3d/0xd30 [ 2520.134089][T26475] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2520.139330][T26475] try_charge_memcg+0x18b0/0x2110 [ 2520.144570][T26475] ? kmsan_get_metadata+0x33/0x220 [ 2520.149945][T26475] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2520.155993][T26475] charge_memcg+0x1a9/0x6b0 [ 2520.160711][T26475] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2520.166657][T26475] __mem_cgroup_charge+0xb9/0x2e0 [ 2520.172005][T26475] wp_page_copy+0x719/0x4310 [ 2520.176792][T26475] ? kmsan_get_metadata+0x33/0x220 [ 2520.182115][T26475] ? kmsan_get_metadata+0x33/0x220 [ 2520.187516][T26475] ? preempt_count_sub+0xfc/0x340 [ 2520.192727][T26475] do_wp_page+0xc81/0x29c0 [ 2520.197330][T26475] handle_mm_fault+0x43e1/0x47a0 [ 2520.202426][T26475] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2520.208583][T26475] do_user_addr_fault+0x11f5/0x1e50 [ 2520.213999][T26475] exc_page_fault+0x60/0x140 [ 2520.218767][T26475] ? asm_exc_page_fault+0x8/0x30 [ 2520.223859][T26475] asm_exc_page_fault+0x1e/0x30 [ 2520.228870][T26475] RIP: 0023:0xf6e1f418 [ 2520.233086][T26475] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2520.252880][T26475] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2520.259099][T26475] RAX: 00000000f6f50000 RBX: 00000000a316e129 RCX: 0000000000000129 [ 2520.267206][T26475] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000081630a80 [ 2520.275316][T26475] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2520.283404][T26475] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2520.291486][T26475] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2520.299603][T26475] [ 2520.305439][T26475] memory: usage 307200kB, limit 307200kB, failcnt 13604 [ 2520.313324][T26475] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2520.320312][T26475] Memory cgroup stats for /syz1: [ 2520.321748][T26475] anon 131072 [ 2520.321748][T26475] file 313262080 [ 2520.321748][T26475] kernel 1179648 [ 2520.321748][T26475] kernel_stack 32768 [ 2520.321748][T26475] pagetables 69632 [ 2520.321748][T26475] percpu 0 [ 2520.321748][T26475] sock 0 [ 2520.321748][T26475] vmalloc 0 [ 2520.321748][T26475] shmem 313262080 [ 2520.321748][T26475] file_mapped 40960 [ 2520.321748][T26475] file_dirty 0 [ 2520.321748][T26475] file_writeback 0 [ 2520.321748][T26475] swapcached 0 [ 2520.321748][T26475] anon_thp 0 [ 2520.321748][T26475] file_thp 0 [ 2520.321748][T26475] shmem_thp 0 [ 2520.321748][T26475] inactive_anon 311906304 [ 2520.321748][T26475] active_anon 1486848 [ 2520.321748][T26475] inactive_file 0 [ 2520.321748][T26475] active_file 0 [ 2520.321748][T26475] unevictable 0 [ 2520.321748][T26475] slab_reclaimable 786584 [ 2520.321748][T26475] slab_unreclaimable 271896 [ 2520.321748][T26475] slab 1058480 [ 2520.321748][T26475] workingset_refault_anon 0 [ 2520.321748][T26475] workingset_refault_file 0 [ 2520.418475][T26475] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26475,uid=0 [ 2520.434670][T26475] Memory cgroup out of memory: Killed process 26475 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:52 executing program 1: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r0, 0x800) lseek(r0, 0x200, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0) sendfile(r0, r1, 0x0, 0x1dd00) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) 21:15:52 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) 21:15:53 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)='\x00'/28, 0x1c, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:53 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2521.330614][T26491] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:53 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) 21:15:53 executing program 5: r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r1, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x7, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x32}, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) [ 2521.468203][T26493] device bond173 entered promiscuous mode [ 2521.514051][T26493] device bond173 left promiscuous mode [ 2521.568826][T26498] loop4: detected capacity change from 0 to 253983 21:15:53 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2521.713301][T26498] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2521.721410][T26498] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2521.748016][T26498] F2FS-fs (loop4): invalid crc value [ 2521.814430][T26498] F2FS-fs (loop4): invalid crc_offset: 0 [ 2521.820423][T26498] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:54 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)='\x00'/28, 0x1c, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:54 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2521.964213][T26494] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 2521.976690][T26494] CPU: 0 PID: 26494 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2521.988437][T26494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2521.998634][T26494] Call Trace: [ 2522.002033][T26494] [ 2522.006046][T26494] dump_stack_lvl+0x200/0x28c [ 2522.010941][T26494] dump_stack+0x29/0x2c [ 2522.015275][T26494] dump_header+0x1e5/0xae0 [ 2522.019912][T26494] oom_kill_process+0x3a7/0xba0 [ 2522.025081][T26494] out_of_memory+0x111c/0x1570 [ 2522.030059][T26494] ? slab_debugfs_show+0xa40/0xaa0 [ 2522.035333][T26494] mem_cgroup_out_of_memory+0x46b/0x590 [ 2522.041123][T26494] mem_cgroup_oom+0xa3d/0xd30 [ 2522.045937][T26494] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2522.051157][T26494] try_charge_memcg+0x18b0/0x2110 [ 2522.056401][T26494] ? __rcu_read_unlock+0x85/0xf0 [ 2522.061486][T26494] obj_cgroup_charge_pages+0x352/0x760 [ 2522.067098][T26494] __memcg_kmem_charge_page+0x5b2/0x910 [ 2522.072812][T26494] __alloc_pages+0x82e/0x1040 [ 2522.077732][T26494] dup_task_struct+0x310/0xaf0 [ 2522.082630][T26494] ? kmsan_get_metadata+0x33/0x220 [ 2522.087971][T26494] copy_process+0xb32/0x68e0 [ 2522.092698][T26494] ? kernel_clone+0x84/0x1110 [ 2522.097639][T26494] kernel_clone+0x4c4/0x1110 [ 2522.102415][T26494] ? __stack_depot_save+0x21/0x4b0 [ 2522.107761][T26494] ? kmsan_get_metadata+0x33/0x220 [ 2522.113128][T26494] ? kmsan_get_shadow_origin_ptr+0xe0/0xf0 [ 2522.119184][T26494] __ia32_compat_sys_ia32_clone+0x29a/0x410 [ 2522.125276][T26494] do_int80_syscall_32+0x4d/0xa0 [ 2522.130396][T26494] ? asm_exc_page_fault+0x8/0x30 [ 2522.135504][T26494] entry_INT80_compat+0x71/0x76 [ 2522.140525][T26494] RIP: 0023:0xf6e5a3a4 [ 2522.144952][T26494] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00 [ 2522.164826][T26494] RSP: 002b:00000000ffacc000 EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 2522.173431][T26494] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f917a4 [ 2522.181603][T26494] RDX: 00000000f7f91ba8 RSI: 00000000ffacc04c RDI: 00000000f7f91ba8 [ 2522.189648][T26494] RBP: 00000000f6f36000 R08: 0000000000000000 R09: 0000000000000000 [ 2522.197707][T26494] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 2522.205806][T26494] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2522.213905][T26494] [ 2522.220598][T26494] memory: usage 307200kB, limit 307200kB, failcnt 13656 [ 2522.229237][T26494] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2522.236414][T26494] Memory cgroup stats for /syz1: [ 2522.237884][T26494] anon 118784 [ 2522.237884][T26494] file 313262080 [ 2522.237884][T26494] kernel 1191936 [ 2522.237884][T26494] kernel_stack 32768 [ 2522.237884][T26494] pagetables 69632 [ 2522.237884][T26494] percpu 0 [ 2522.237884][T26494] sock 0 [ 2522.237884][T26494] vmalloc 0 [ 2522.237884][T26494] shmem 313262080 [ 2522.237884][T26494] file_mapped 40960 [ 2522.237884][T26494] file_dirty 0 [ 2522.237884][T26494] file_writeback 0 [ 2522.237884][T26494] swapcached 0 [ 2522.237884][T26494] anon_thp 0 [ 2522.237884][T26494] file_thp 0 [ 2522.237884][T26494] shmem_thp 0 [ 2522.237884][T26494] inactive_anon 311894016 [ 2522.237884][T26494] active_anon 1486848 [ 2522.237884][T26494] inactive_file 0 [ 2522.237884][T26494] active_file 0 [ 2522.237884][T26494] unevictable 0 [ 2522.237884][T26494] slab_reclaimable 787992 [ 2522.237884][T26494] slab_unreclaimable 281136 [ 2522.237884][T26494] slab 1069128 [ 2522.237884][T26494] workingset_refault_anon 0 [ 2522.237884][T26494] workingset_refault_file 0 [ 2522.334787][T26494] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26494,uid=0 [ 2522.350853][T26494] Memory cgroup out of memory: Killed process 26494 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:15:54 executing program 1: r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001b80)={0x6, 0x0, 0x0, &(0x7f0000001940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe6, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180), ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x46, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000001c0), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) r1 = bpf$ITER_CREATE(0x21, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000125bd7000fddbdf25010600010002000000080003000100000044000180080003008d1e010114000400fe8000000000000000000100000000aa1400047727779aff83100a00fe8000000000000000000000000000bb08000300e000000206080003000800"/111], 0x74}, 0x1, 0x0, 0x0, 0x400d0}, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x8, 0x6, 0x20, @vifc_lcl_addr=@empty, @multicast1}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) setsockopt$MRT_ADD_MFC(r2, 0x0, 0x7, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@ipv6_getnetconf={0x2c, 0x52, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x4}, @NETCONFA_IFINDEX={0x8, 0x1, r5}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x40c0) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000080)={0x0, 0x1, 0x2, 0x7, @vifc_lcl_ifindex=r5, @multicast2}, 0x10) 21:15:54 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) [ 2522.935112][T26510] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:55 executing program 5: socket$igmp(0x2, 0x3, 0x2) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) [ 2523.070146][T26514] loop4: detected capacity change from 0 to 253983 [ 2523.095949][T26508] device bond174 entered promiscuous mode [ 2523.111015][T26508] device bond174 left promiscuous mode [ 2523.169881][T26514] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2523.178446][T26514] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2523.203658][T26514] F2FS-fs (loop4): invalid crc value 21:15:55 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2523.252670][T26514] F2FS-fs (loop4): invalid crc_offset: 0 [ 2523.258760][T26514] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:55 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) 21:15:55 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7", 0x1e, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:55 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) [ 2524.249197][T26517] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2524.259998][T26517] CPU: 1 PID: 26517 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2524.262461][T26529] loop4: detected capacity change from 0 to 253983 [ 2524.271929][T26517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2524.272007][T26517] Call Trace: [ 2524.272049][T26517] [ 2524.294978][T26517] dump_stack_lvl+0x200/0x28c [ 2524.299878][T26517] dump_stack+0x29/0x2c [ 2524.304235][T26517] dump_header+0x1e5/0xae0 [ 2524.308890][T26517] oom_kill_process+0x3a7/0xba0 [ 2524.313973][T26517] out_of_memory+0x111c/0x1570 [ 2524.318951][T26517] ? slab_debugfs_show+0xa40/0xaa0 [ 2524.324289][T26517] mem_cgroup_out_of_memory+0x46b/0x590 [ 2524.330115][T26517] mem_cgroup_oom+0xa3d/0xd30 [ 2524.335026][T26517] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2524.340285][T26517] try_charge_memcg+0x18b0/0x2110 [ 2524.345559][T26517] ? __this_cpu_preempt_check+0x13/0x20 [ 2524.351544][T26517] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2524.357580][T26517] charge_memcg+0x1a9/0x6b0 [ 2524.362309][T26517] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2524.368086][T26517] __mem_cgroup_charge+0xb9/0x2e0 [ 2524.373355][T26517] wp_page_copy+0x719/0x4310 [ 2524.378159][T26517] ? kmsan_get_metadata+0x33/0x220 [ 2524.383492][T26517] ? kmsan_get_metadata+0x33/0x220 [ 2524.388830][T26517] ? preempt_count_sub+0xfc/0x340 [ 2524.394061][T26517] do_wp_page+0xc81/0x29c0 [ 2524.398702][T26517] handle_mm_fault+0x43e1/0x47a0 [ 2524.403836][T26517] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2524.410028][T26517] do_user_addr_fault+0x11f5/0x1e50 [ 2524.415474][T26517] exc_page_fault+0x60/0x140 [ 2524.420267][T26517] ? asm_exc_page_fault+0x8/0x30 [ 2524.425473][T26517] asm_exc_page_fault+0x1e/0x30 [ 2524.430491][T26517] RIP: 0023:0xf6e1f418 [ 2524.434702][T26517] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2524.454492][T26517] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2524.460730][T26517] RAX: 00000000f6f50000 RBX: 000000006f9299b2 RCX: 00000000000019b2 [ 2524.468940][T26517] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863c4b4a [ 2524.477053][T26517] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2524.485169][T26517] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2524.493283][T26517] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2524.501420][T26517] [ 2524.507184][T26517] memory: usage 307200kB, limit 307200kB, failcnt 13714 [ 2524.507704][T26527] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2524.514944][T26517] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2524.531170][T26517] Memory cgroup stats for /syz1: [ 2524.532910][T26517] anon 131072 [ 2524.532910][T26517] file 313262080 [ 2524.532910][T26517] kernel 1163264 [ 2524.532910][T26517] kernel_stack 32768 [ 2524.532910][T26517] pagetables 69632 [ 2524.532910][T26517] percpu 0 [ 2524.532910][T26517] sock 0 [ 2524.532910][T26517] vmalloc 0 [ 2524.532910][T26517] shmem 313262080 [ 2524.532910][T26517] file_mapped 40960 [ 2524.532910][T26517] file_dirty 0 [ 2524.532910][T26517] file_writeback 0 [ 2524.532910][T26517] swapcached 0 [ 2524.532910][T26517] anon_thp 0 [ 2524.532910][T26517] file_thp 0 [ 2524.532910][T26517] shmem_thp 0 [ 2524.532910][T26517] inactive_anon 311906304 [ 2524.532910][T26517] active_anon 1486848 [ 2524.532910][T26517] inactive_file 0 [ 2524.532910][T26517] active_file 0 [ 2524.532910][T26517] unevictable 0 [ 2524.532910][T26517] slab_reclaimable 786584 [ 2524.532910][T26517] slab_unreclaimable 261248 [ 2524.532910][T26517] slab 1047832 [ 2524.532910][T26517] workingset_refault_anon 0 [ 2524.532910][T26517] workingset_refault_file 0 [ 2524.629274][T26517] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26517,uid=0 21:15:56 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) [ 2524.645382][T26517] Memory cgroup out of memory: Killed process 26517 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 [ 2524.696212][T26529] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2524.704508][T26529] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2524.716717][T26529] F2FS-fs (loop4): invalid crc value [ 2524.739632][T26529] F2FS-fs (loop4): invalid crc_offset: 0 21:15:57 executing program 1: r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="e00000005304"], 0xe0}}, 0x0) [ 2524.745772][T26529] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:57 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7", 0x1e, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:15:57 executing program 5: socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) [ 2524.876506][T26528] device bond175 entered promiscuous mode [ 2524.901070][T26528] device bond175 left promiscuous mode 21:15:57 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:57 executing program 3: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) 21:15:57 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) 21:15:57 executing program 5: socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) [ 2525.783289][T26542] loop4: detected capacity change from 0 to 253983 [ 2525.800108][T26541] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2525.906775][T26542] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2525.914864][T26542] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2525.954526][T26546] device bond176 entered promiscuous mode [ 2525.967228][T26546] device bond176 left promiscuous mode [ 2525.998337][T26542] F2FS-fs (loop4): invalid crc value 21:15:58 executing program 3: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) [ 2526.030424][T26542] F2FS-fs (loop4): invalid crc_offset: 0 [ 2526.036768][T26542] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:15:58 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x0, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:58 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7", 0x1e, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2526.294121][T26534] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2526.305231][T26534] CPU: 1 PID: 26534 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2526.316975][T26534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2526.327255][T26534] Call Trace: [ 2526.330682][T26534] [ 2526.333710][T26534] dump_stack_lvl+0x200/0x28c [ 2526.338601][T26534] dump_stack+0x29/0x2c [ 2526.342952][T26534] dump_header+0x1e5/0xae0 [ 2526.347589][T26534] oom_kill_process+0x3a7/0xba0 [ 2526.352646][T26534] out_of_memory+0x111c/0x1570 [ 2526.357587][T26534] ? slab_debugfs_show+0xa40/0xaa0 [ 2526.362934][T26534] mem_cgroup_out_of_memory+0x46b/0x590 [ 2526.368716][T26534] mem_cgroup_oom+0xa3d/0xd30 [ 2526.373584][T26534] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2526.378794][T26534] try_charge_memcg+0x18b0/0x2110 [ 2526.384020][T26534] ? kmsan_get_metadata+0x33/0x220 [ 2526.389381][T26534] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2526.395387][T26534] charge_memcg+0x1a9/0x6b0 [ 2526.400070][T26534] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2526.405824][T26534] __mem_cgroup_charge+0xb9/0x2e0 [ 2526.411062][T26534] wp_page_copy+0x719/0x4310 [ 2526.415837][T26534] ? kmsan_get_metadata+0x33/0x220 [ 2526.421147][T26534] ? kmsan_get_metadata+0x33/0x220 [ 2526.426456][T26534] ? preempt_count_sub+0xfc/0x340 [ 2526.431659][T26534] do_wp_page+0xc81/0x29c0 [ 2526.436264][T26534] handle_mm_fault+0x43e1/0x47a0 [ 2526.441361][T26534] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2526.447511][T26534] do_user_addr_fault+0x11f5/0x1e50 [ 2526.452935][T26534] exc_page_fault+0x60/0x140 [ 2526.457707][T26534] ? asm_exc_page_fault+0x8/0x30 [ 2526.462798][T26534] asm_exc_page_fault+0x1e/0x30 [ 2526.467972][T26534] RIP: 0023:0xf6e1f418 [ 2526.472150][T26534] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2526.491918][T26534] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2526.498123][T26534] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2526.506218][T26534] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2526.514304][T26534] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2526.522385][T26534] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2526.530462][T26534] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2526.538592][T26534] [ 2526.544407][T26534] memory: usage 307200kB, limit 307200kB, failcnt 13761 [ 2526.551493][T26534] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2526.559117][T26534] Memory cgroup stats for /syz1: [ 2526.560452][T26534] anon 135168 [ 2526.560452][T26534] file 313262080 [ 2526.560452][T26534] kernel 1175552 [ 2526.560452][T26534] kernel_stack 32768 [ 2526.560452][T26534] pagetables 65536 [ 2526.560452][T26534] percpu 0 [ 2526.560452][T26534] sock 0 [ 2526.560452][T26534] vmalloc 0 [ 2526.560452][T26534] shmem 313262080 [ 2526.560452][T26534] file_mapped 40960 [ 2526.560452][T26534] file_dirty 0 [ 2526.560452][T26534] file_writeback 0 [ 2526.560452][T26534] swapcached 0 [ 2526.560452][T26534] anon_thp 0 [ 2526.560452][T26534] file_thp 0 [ 2526.560452][T26534] shmem_thp 0 [ 2526.560452][T26534] inactive_anon 311910400 [ 2526.560452][T26534] active_anon 1486848 [ 2526.560452][T26534] inactive_file 0 [ 2526.560452][T26534] active_file 0 [ 2526.560452][T26534] unevictable 0 [ 2526.560452][T26534] slab_reclaimable 787624 [ 2526.560452][T26534] slab_unreclaimable 271992 [ 2526.560452][T26534] slab 1059616 [ 2526.560452][T26534] workingset_refault_anon 0 [ 2526.560452][T26534] workingset_refault_file 0 [ 2526.657260][T26534] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26534,uid=0 [ 2526.673435][T26534] Memory cgroup out of memory: Killed process 26534 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:15:59 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) 21:15:59 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1, r0}}, 0x18) 21:15:59 executing program 5: socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) [ 2527.232730][T26553] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:15:59 executing program 3: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) [ 2527.358852][T26553] device bond177 entered promiscuous mode [ 2527.399317][T26553] device bond177 left promiscuous mode [ 2527.513275][T26560] loop4: detected capacity change from 0 to 253983 21:15:59 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x0, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:15:59 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, 0x0, 0x0) [ 2527.681259][T26560] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2527.689573][T26560] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2527.702269][T26560] F2FS-fs (loop4): invalid crc value [ 2527.749079][T26560] F2FS-fs (loop4): invalid crc_offset: 0 [ 2527.755378][T26560] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:00 executing program 5: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) 21:16:00 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5", 0x1f, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2528.084401][T26559] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2528.095283][T26559] CPU: 1 PID: 26559 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2528.107226][T26559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2528.117428][T26559] Call Trace: [ 2528.120820][T26559] [ 2528.123852][T26559] dump_stack_lvl+0x200/0x28c [ 2528.128696][T26559] dump_stack+0x29/0x2c [ 2528.133033][T26559] dump_header+0x1e5/0xae0 [ 2528.137619][T26559] oom_kill_process+0x3a7/0xba0 [ 2528.142679][T26559] out_of_memory+0x111c/0x1570 [ 2528.147568][T26559] ? slab_debugfs_show+0xa40/0xaa0 [ 2528.152833][T26559] mem_cgroup_out_of_memory+0x46b/0x590 [ 2528.158638][T26559] mem_cgroup_oom+0xa3d/0xd30 [ 2528.163528][T26559] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2528.168747][T26559] try_charge_memcg+0x18b0/0x2110 [ 2528.173948][T26559] ? kmsan_get_metadata+0x33/0x220 [ 2528.179321][T26559] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2528.185346][T26559] charge_memcg+0x1a9/0x6b0 [ 2528.189975][T26559] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2528.195660][T26559] __mem_cgroup_charge+0xb9/0x2e0 [ 2528.201014][T26559] wp_page_copy+0x719/0x4310 [ 2528.205841][T26559] ? kmsan_get_metadata+0x33/0x220 [ 2528.211172][T26559] ? kmsan_get_metadata+0x33/0x220 [ 2528.216501][T26559] ? preempt_count_sub+0xfc/0x340 [ 2528.221727][T26559] do_wp_page+0xc81/0x29c0 [ 2528.226350][T26559] handle_mm_fault+0x43e1/0x47a0 [ 2528.231403][T26559] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2528.237504][T26559] do_user_addr_fault+0x11f5/0x1e50 [ 2528.242928][T26559] exc_page_fault+0x60/0x140 [ 2528.247674][T26559] ? asm_exc_page_fault+0x8/0x30 [ 2528.252797][T26559] asm_exc_page_fault+0x1e/0x30 [ 2528.257824][T26559] RIP: 0023:0xf6e1f418 [ 2528.262019][T26559] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2528.281848][T26559] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2528.288029][T26559] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2528.296082][T26559] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2528.304145][T26559] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2528.312259][T26559] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2528.320306][T26559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2528.328397][T26559] [ 2528.333896][T26559] memory: usage 307200kB, limit 307200kB, failcnt 13819 [ 2528.343192][T26559] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2528.350511][T26559] Memory cgroup stats for /syz1: [ 2528.351300][T26559] anon 135168 [ 2528.351300][T26559] file 313262080 [ 2528.351300][T26559] kernel 1175552 [ 2528.351300][T26559] kernel_stack 32768 [ 2528.351300][T26559] pagetables 65536 [ 2528.351300][T26559] percpu 0 [ 2528.351300][T26559] sock 0 [ 2528.351300][T26559] vmalloc 0 [ 2528.351300][T26559] shmem 313262080 [ 2528.351300][T26559] file_mapped 40960 [ 2528.351300][T26559] file_dirty 0 [ 2528.351300][T26559] file_writeback 0 [ 2528.351300][T26559] swapcached 0 [ 2528.351300][T26559] anon_thp 0 [ 2528.351300][T26559] file_thp 0 [ 2528.351300][T26559] shmem_thp 0 [ 2528.351300][T26559] inactive_anon 311910400 [ 2528.351300][T26559] active_anon 1486848 [ 2528.351300][T26559] inactive_file 0 [ 2528.351300][T26559] active_file 0 [ 2528.351300][T26559] unevictable 0 [ 2528.351300][T26559] slab_reclaimable 787624 [ 2528.351300][T26559] slab_unreclaimable 273152 [ 2528.351300][T26559] slab 1060776 [ 2528.351300][T26559] workingset_refault_anon 0 [ 2528.351300][T26559] workingset_refault_file 0 [ 2528.447574][T26559] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26559,uid=0 [ 2528.463754][T26559] Memory cgroup out of memory: Killed process 26559 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:00 executing program 1: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$tcp_mem(r0, &(0x7f0000000240), 0x48) 21:16:00 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) [ 2528.746946][T26569] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:01 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, 0x0, 0x0) [ 2528.831062][T26569] device bond178 entered promiscuous mode [ 2528.858104][T26569] device bond178 left promiscuous mode 21:16:01 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x0, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:01 executing program 5: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) [ 2529.251700][T26578] loop4: detected capacity change from 0 to 253983 [ 2529.325408][T26578] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2529.334069][T26578] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2529.351158][T26578] F2FS-fs (loop4): invalid crc value [ 2529.372813][T26578] F2FS-fs (loop4): invalid crc_offset: 0 [ 2529.378652][T26578] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:01 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5", 0x1f, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:01 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) [ 2529.589767][T26577] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2529.600778][T26577] CPU: 1 PID: 26577 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2529.612522][T26577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2529.622734][T26577] Call Trace: [ 2529.626119][T26577] [ 2529.629136][T26577] dump_stack_lvl+0x200/0x28c [ 2529.633950][T26577] dump_stack+0x29/0x2c [ 2529.638224][T26577] dump_header+0x1e5/0xae0 [ 2529.642881][T26577] oom_kill_process+0x3a7/0xba0 [ 2529.647987][T26577] out_of_memory+0x111c/0x1570 [ 2529.652957][T26577] ? slab_debugfs_show+0xa40/0xaa0 [ 2529.658300][T26577] mem_cgroup_out_of_memory+0x46b/0x590 [ 2529.664101][T26577] mem_cgroup_oom+0xa3d/0xd30 [ 2529.668998][T26577] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2529.674168][T26577] try_charge_memcg+0x18b0/0x2110 [ 2529.679428][T26577] ? kmsan_get_metadata+0x33/0x220 [ 2529.684790][T26577] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2529.690743][T26577] charge_memcg+0x1a9/0x6b0 [ 2529.695554][T26577] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2529.701265][T26577] __mem_cgroup_charge+0xb9/0x2e0 [ 2529.706534][T26577] wp_page_copy+0x719/0x4310 [ 2529.711337][T26577] ? kmsan_get_metadata+0x33/0x220 [ 2529.716668][T26577] ? kmsan_get_metadata+0x33/0x220 [ 2529.722078][T26577] ? preempt_count_sub+0xfc/0x340 [ 2529.727308][T26577] do_wp_page+0xc81/0x29c0 [ 2529.731906][T26577] handle_mm_fault+0x43e1/0x47a0 [ 2529.736955][T26577] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2529.743020][T26577] do_user_addr_fault+0x11f5/0x1e50 [ 2529.748355][T26577] exc_page_fault+0x60/0x140 [ 2529.753070][T26577] ? asm_exc_page_fault+0x8/0x30 [ 2529.758189][T26577] asm_exc_page_fault+0x1e/0x30 [ 2529.763345][T26577] RIP: 0023:0xf6e1f418 [ 2529.767558][T26577] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2529.787274][T26577] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2529.793448][T26577] RAX: 00000000f6f50000 RBX: 000000004afa5404 RCX: 0000000000001404 [ 2529.801515][T26577] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826ce43b [ 2529.809571][T26577] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2529.817694][T26577] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2529.825800][T26577] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2529.833866][T26577] [ 2529.839102][T26577] memory: usage 307200kB, limit 307200kB, failcnt 13871 [ 2529.846852][T26577] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2529.853988][T26577] Memory cgroup stats for /syz1: [ 2529.855255][T26577] anon 131072 [ 2529.855255][T26577] file 313262080 [ 2529.855255][T26577] kernel 1179648 [ 2529.855255][T26577] kernel_stack 32768 [ 2529.855255][T26577] pagetables 69632 [ 2529.855255][T26577] percpu 0 [ 2529.855255][T26577] sock 0 [ 2529.855255][T26577] vmalloc 0 [ 2529.855255][T26577] shmem 313262080 [ 2529.855255][T26577] file_mapped 40960 [ 2529.855255][T26577] file_dirty 0 [ 2529.855255][T26577] file_writeback 0 [ 2529.855255][T26577] swapcached 0 [ 2529.855255][T26577] anon_thp 0 [ 2529.855255][T26577] file_thp 0 [ 2529.855255][T26577] shmem_thp 0 [ 2529.855255][T26577] inactive_anon 311906304 [ 2529.855255][T26577] active_anon 1486848 [ 2529.855255][T26577] inactive_file 0 [ 2529.855255][T26577] active_file 0 [ 2529.855255][T26577] unevictable 0 [ 2529.855255][T26577] slab_reclaimable 788440 [ 2529.855255][T26577] slab_unreclaimable 272160 [ 2529.855255][T26577] slab 1060600 [ 2529.855255][T26577] workingset_refault_anon 0 [ 2529.855255][T26577] workingset_refault_file 0 [ 2529.951323][T26577] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26577,uid=0 [ 2529.967351][T26577] Memory cgroup out of memory: Killed process 26577 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:02 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@bridge_setlink={0x20, 0x13, 0x1}, 0x20}}, 0x0) 21:16:02 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, 0x0, 0x0) [ 2530.312690][T26585] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2530.384258][T26585] device bond179 entered promiscuous mode [ 2530.399253][T26585] device bond179 left promiscuous mode 21:16:02 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x0, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:02 executing program 5: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) 21:16:03 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) [ 2530.850802][T26594] loop4: detected capacity change from 0 to 253983 [ 2530.919665][T26594] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2530.927791][T26594] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2530.939958][T26594] F2FS-fs (loop4): invalid crc value [ 2530.955032][T26594] F2FS-fs (loop4): invalid crc_offset: 0 [ 2530.961032][T26594] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:03 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5", 0x1f, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:03 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {0x0, r1, r0}}, 0x18) 21:16:03 executing program 5: socket$igmp(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) [ 2531.419852][T26601] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:03 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) [ 2531.575144][T26592] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2531.586107][T26601] device bond180 entered promiscuous mode [ 2531.592581][T26592] CPU: 1 PID: 26592 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2531.604321][T26592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2531.614499][T26592] Call Trace: [ 2531.617883][T26592] [ 2531.620907][T26592] dump_stack_lvl+0x200/0x28c [ 2531.625804][T26592] dump_stack+0x29/0x2c [ 2531.630151][T26592] dump_header+0x1e5/0xae0 [ 2531.634859][T26592] oom_kill_process+0x3a7/0xba0 [ 2531.639902][T26592] out_of_memory+0x111c/0x1570 [ 2531.644818][T26592] ? slab_debugfs_show+0xa40/0xaa0 [ 2531.650174][T26592] mem_cgroup_out_of_memory+0x46b/0x590 [ 2531.656005][T26592] mem_cgroup_oom+0xa3d/0xd30 [ 2531.660924][T26592] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2531.666164][T26592] try_charge_memcg+0x18b0/0x2110 [ 2531.671351][T26592] ? kmsan_get_metadata+0x33/0x220 [ 2531.676668][T26592] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2531.682646][T26592] charge_memcg+0x1a9/0x6b0 [ 2531.687287][T26592] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2531.693002][T26592] __mem_cgroup_charge+0xb9/0x2e0 [ 2531.698187][T26592] wp_page_copy+0x719/0x4310 [ 2531.702920][T26592] ? kmsan_get_metadata+0x33/0x220 [ 2531.708260][T26592] ? kmsan_get_metadata+0x33/0x220 [ 2531.713615][T26592] ? preempt_count_sub+0xfc/0x340 [ 2531.718827][T26592] do_wp_page+0xc81/0x29c0 [ 2531.723455][T26592] handle_mm_fault+0x43e1/0x47a0 [ 2531.728581][T26592] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2531.734745][T26592] do_user_addr_fault+0x11f5/0x1e50 [ 2531.740088][T26592] exc_page_fault+0x60/0x140 [ 2531.744809][T26592] ? asm_exc_page_fault+0x8/0x30 [ 2531.749928][T26592] asm_exc_page_fault+0x1e/0x30 [ 2531.754951][T26592] RIP: 0023:0xf6e1f418 [ 2531.759147][T26592] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2531.778937][T26592] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2531.785166][T26592] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2531.793410][T26592] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2531.801500][T26592] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2531.809561][T26592] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2531.817674][T26592] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2531.825816][T26592] [ 2531.829243][T26592] memory: usage 307200kB, limit 307200kB, failcnt 13933 [ 2531.836456][T26592] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2531.843558][T26592] Memory cgroup stats for /syz1: [ 2531.844867][T26592] anon 135168 [ 2531.844867][T26592] file 313262080 [ 2531.844867][T26592] kernel 1175552 [ 2531.844867][T26592] kernel_stack 32768 [ 2531.844867][T26592] pagetables 65536 [ 2531.844867][T26592] percpu 0 [ 2531.844867][T26592] sock 0 [ 2531.844867][T26592] vmalloc 0 [ 2531.844867][T26592] shmem 313262080 [ 2531.844867][T26592] file_mapped 40960 [ 2531.844867][T26592] file_dirty 0 [ 2531.844867][T26592] file_writeback 0 [ 2531.844867][T26592] swapcached 0 [ 2531.844867][T26592] anon_thp 0 [ 2531.844867][T26592] file_thp 0 [ 2531.844867][T26592] shmem_thp 0 [ 2531.844867][T26592] inactive_anon 311910400 [ 2531.844867][T26592] active_anon 1486848 [ 2531.844867][T26592] inactive_file 0 [ 2531.844867][T26592] active_file 0 [ 2531.844867][T26592] unevictable 0 [ 2531.844867][T26592] slab_reclaimable 785768 [ 2531.844867][T26592] slab_unreclaimable 271992 [ 2531.844867][T26592] slab 1057760 [ 2531.844867][T26592] workingset_refault_anon 0 [ 2531.844867][T26592] workingset_refault_file 0 [ 2531.941097][T26592] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26592,uid=0 [ 2531.957133][T26592] Memory cgroup out of memory: Killed process 26592 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2531.975478][T26601] device bond180 left promiscuous mode 21:16:04 executing program 1: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10d, 0x4, 0x0, 0x7) 21:16:04 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x0, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:04 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {0x0, r1, r0}}, 0x18) [ 2532.308896][T26608] loop4: detected capacity change from 0 to 253983 [ 2532.384727][T26608] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2532.393528][T26608] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2532.410361][T26608] F2FS-fs (loop4): invalid crc value [ 2532.445727][T26608] F2FS-fs (loop4): invalid crc_offset: 0 [ 2532.452197][T26608] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:04 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:05 executing program 5: socket$igmp(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) 21:16:05 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) [ 2533.018534][T26616] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2533.106198][T26619] device bond181 entered promiscuous mode 21:16:05 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {0x0, r1, r0}}, 0x18) [ 2533.158468][T26612] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2533.169238][T26612] CPU: 1 PID: 26612 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2533.180985][T26612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2533.191181][T26612] Call Trace: [ 2533.194639][T26612] [ 2533.197664][T26612] dump_stack_lvl+0x200/0x28c [ 2533.202535][T26612] dump_stack+0x29/0x2c [ 2533.206875][T26612] dump_header+0x1e5/0xae0 [ 2533.211526][T26612] oom_kill_process+0x3a7/0xba0 [ 2533.216624][T26612] out_of_memory+0x111c/0x1570 [ 2533.221607][T26612] ? slab_debugfs_show+0xa40/0xaa0 [ 2533.226957][T26612] mem_cgroup_out_of_memory+0x46b/0x590 [ 2533.232774][T26612] mem_cgroup_oom+0xa3d/0xd30 [ 2533.237670][T26612] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2533.242830][T26612] try_charge_memcg+0x18b0/0x2110 [ 2533.248010][T26612] ? kmsan_get_metadata+0x33/0x220 [ 2533.253367][T26612] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2533.259405][T26612] charge_memcg+0x1a9/0x6b0 [ 2533.264122][T26612] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2533.269831][T26612] __mem_cgroup_charge+0xb9/0x2e0 [ 2533.275102][T26612] wp_page_copy+0x719/0x4310 [ 2533.275273][T26612] ? kmsan_get_metadata+0x33/0x220 [ 2533.285080][T26612] ? kmsan_get_metadata+0x33/0x220 [ 2533.290413][T26612] ? preempt_count_sub+0xfc/0x340 [ 2533.295634][T26612] do_wp_page+0xc81/0x29c0 [ 2533.300243][T26612] handle_mm_fault+0x43e1/0x47a0 [ 2533.305374][T26612] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2533.310528][T26612] ? kmsan_get_metadata+0x33/0x220 [ 2533.316022][T26612] do_user_addr_fault+0x11f5/0x1e50 [ 2533.321414][T26612] exc_page_fault+0x60/0x140 [ 2533.326168][T26612] ? asm_exc_page_fault+0x8/0x30 [ 2533.331280][T26612] asm_exc_page_fault+0x1e/0x30 [ 2533.336298][T26612] RIP: 0023:0xf6e1f418 [ 2533.340500][T26612] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2533.360293][T26612] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2533.366520][T26612] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2533.374584][T26612] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2533.382703][T26612] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2533.390809][T26612] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2533.398911][T26612] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2533.406981][T26612] [ 2533.410309][T26612] memory: usage 307200kB, limit 307200kB, failcnt 13986 [ 2533.417509][T26612] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2533.420590][T26619] device bond181 left promiscuous mode [ 2533.424586][T26612] Memory cgroup stats for /syz1: [ 2533.425978][T26612] anon 135168 [ 2533.425978][T26612] file 313262080 [ 2533.425978][T26612] kernel 1175552 [ 2533.425978][T26612] kernel_stack 32768 [ 2533.425978][T26612] pagetables 65536 [ 2533.425978][T26612] percpu 0 [ 2533.425978][T26612] sock 0 [ 2533.425978][T26612] vmalloc 0 [ 2533.425978][T26612] shmem 313262080 [ 2533.425978][T26612] file_mapped 40960 [ 2533.425978][T26612] file_dirty 0 [ 2533.425978][T26612] file_writeback 0 [ 2533.425978][T26612] swapcached 0 [ 2533.425978][T26612] anon_thp 0 [ 2533.425978][T26612] file_thp 0 [ 2533.425978][T26612] shmem_thp 0 [ 2533.425978][T26612] inactive_anon 311877632 [ 2533.425978][T26612] active_anon 1486848 [ 2533.425978][T26612] inactive_file 0 [ 2533.425978][T26612] active_file 0 [ 2533.425978][T26612] unevictable 0 [ 2533.425978][T26612] slab_reclaimable 785768 [ 2533.425978][T26612] slab_unreclaimable 271992 [ 2533.425978][T26612] slab 1057760 [ 2533.425978][T26612] workingset_refault_anon 0 [ 2533.425978][T26612] workingset_refault_file 0 [ 2533.526220][T26612] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26612,uid=0 [ 2533.542335][T26612] Memory cgroup out of memory: Killed process 26612 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:06 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) 21:16:06 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x0, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2533.951024][T26624] loop4: detected capacity change from 0 to 253983 21:16:06 executing program 5: socket$igmp(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x5, 0x0, @vifc_lcl_ifindex, @private}, 0x10) [ 2534.042583][T26624] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2534.050599][T26624] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2534.094358][T26624] F2FS-fs (loop4): invalid crc value [ 2534.101032][T26624] F2FS-fs (loop4): invalid crc_offset: 0 [ 2534.107352][T26624] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:06 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:06 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) 21:16:06 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) [ 2534.599880][T26632] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2534.701623][T26632] device bond182 entered promiscuous mode [ 2534.786181][T26632] device bond182 left promiscuous mode 21:16:07 executing program 5: socket$igmp(0x2, 0x3, 0x2) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, 0x0, 0x0) 21:16:07 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2535.062243][T26640] loop4: detected capacity change from 0 to 253983 21:16:07 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) [ 2535.113548][T26630] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2535.124727][T26630] CPU: 1 PID: 26630 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2535.136475][T26630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2535.146799][T26630] Call Trace: [ 2535.150181][T26630] [ 2535.153214][T26630] dump_stack_lvl+0x200/0x28c [ 2535.158098][T26630] dump_stack+0x29/0x2c [ 2535.162437][T26630] dump_header+0x1e5/0xae0 [ 2535.167096][T26630] oom_kill_process+0x3a7/0xba0 [ 2535.172184][T26630] out_of_memory+0x111c/0x1570 [ 2535.177158][T26630] ? slab_debugfs_show+0xa40/0xaa0 [ 2535.182501][T26630] mem_cgroup_out_of_memory+0x46b/0x590 [ 2535.188318][T26630] mem_cgroup_oom+0xa3d/0xd30 [ 2535.193208][T26630] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2535.198474][T26630] try_charge_memcg+0x18b0/0x2110 [ 2535.203744][T26630] ? kmsan_get_metadata+0x33/0x220 [ 2535.209133][T26630] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2535.215172][T26630] charge_memcg+0x1a9/0x6b0 [ 2535.219881][T26630] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2535.225660][T26630] __mem_cgroup_charge+0xb9/0x2e0 [ 2535.230903][T26630] wp_page_copy+0x719/0x4310 [ 2535.235686][T26630] ? kmsan_get_metadata+0x33/0x220 [ 2535.241017][T26630] ? kmsan_get_metadata+0x33/0x220 [ 2535.246348][T26630] ? preempt_count_sub+0xfc/0x340 [ 2535.251573][T26630] do_wp_page+0xc81/0x29c0 [ 2535.256207][T26630] handle_mm_fault+0x43e1/0x47a0 [ 2535.261329][T26630] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2535.267507][T26630] do_user_addr_fault+0x11f5/0x1e50 [ 2535.272942][T26630] exc_page_fault+0x60/0x140 [ 2535.277741][T26630] ? asm_exc_page_fault+0x8/0x30 [ 2535.282861][T26630] asm_exc_page_fault+0x1e/0x30 [ 2535.287887][T26630] RIP: 0023:0xf6e1f418 [ 2535.292090][T26630] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2535.311891][T26630] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2535.318131][T26630] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2535.326256][T26630] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2535.334381][T26630] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2535.342492][T26630] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2535.350614][T26630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2535.358764][T26630] [ 2535.362083][T26630] memory: usage 307200kB, limit 307200kB, failcnt 14032 [ 2535.369142][T26630] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2535.376251][T26630] Memory cgroup stats for /syz1: [ 2535.377523][T26630] anon 135168 [ 2535.377523][T26630] file 313262080 [ 2535.377523][T26630] kernel 1175552 [ 2535.377523][T26630] kernel_stack 32768 [ 2535.377523][T26630] pagetables 65536 [ 2535.377523][T26630] percpu 0 [ 2535.377523][T26630] sock 0 [ 2535.377523][T26630] vmalloc 0 [ 2535.377523][T26630] shmem 313262080 [ 2535.377523][T26630] file_mapped 40960 [ 2535.377523][T26630] file_dirty 0 [ 2535.377523][T26630] file_writeback 0 [ 2535.377523][T26630] swapcached 0 [ 2535.377523][T26630] anon_thp 0 [ 2535.377523][T26630] file_thp 0 [ 2535.377523][T26630] shmem_thp 0 [ 2535.377523][T26630] inactive_anon 311910400 [ 2535.377523][T26630] active_anon 1486848 [ 2535.377523][T26630] inactive_file 0 [ 2535.377523][T26630] active_file 0 [ 2535.377523][T26630] unevictable 0 [ 2535.377523][T26630] slab_reclaimable 785768 [ 2535.377523][T26630] slab_unreclaimable 273600 [ 2535.377523][T26630] slab 1059368 [ 2535.377523][T26630] workingset_refault_anon 0 [ 2535.377523][T26630] workingset_refault_file 0 [ 2535.473821][T26630] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26630,uid=0 [ 2535.489888][T26630] Memory cgroup out of memory: Killed process 26630 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2535.527796][T26640] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2535.535803][T26640] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2535.578880][T26640] F2FS-fs (loop4): invalid crc value 21:16:07 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x20, r1, 0x1, 0x0, 0x0, {}, [{{0x5}, {0x4}}]}, 0x20}}, 0x0) [ 2535.600292][T26640] F2FS-fs (loop4): invalid crc_offset: 0 [ 2535.606424][T26640] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:08 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:08 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) 21:16:08 executing program 5: socket$igmp(0x2, 0x3, 0x2) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, 0x0, 0x0) [ 2536.177477][T26646] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2536.272255][T26646] device bond183 entered promiscuous mode [ 2536.292909][T26646] device bond183 left promiscuous mode 21:16:08 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) 21:16:08 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:08 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, r0}}, 0x18) [ 2536.655310][T26656] loop4: detected capacity change from 0 to 253983 [ 2536.707688][T26650] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2536.718603][T26650] CPU: 1 PID: 26650 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2536.730350][T26650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2536.740538][T26650] Call Trace: [ 2536.743915][T26650] [ 2536.746949][T26650] dump_stack_lvl+0x200/0x28c [ 2536.751921][T26650] dump_stack+0x29/0x2c [ 2536.756255][T26650] dump_header+0x1e5/0xae0 [ 2536.760896][T26650] oom_kill_process+0x3a7/0xba0 [ 2536.765981][T26650] out_of_memory+0x111c/0x1570 [ 2536.770958][T26650] ? slab_debugfs_show+0xa40/0xaa0 [ 2536.776292][T26650] mem_cgroup_out_of_memory+0x46b/0x590 [ 2536.782099][T26650] mem_cgroup_oom+0xa3d/0xd30 [ 2536.786990][T26650] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2536.792214][T26650] try_charge_memcg+0x18b0/0x2110 [ 2536.797639][T26650] ? kmsan_get_metadata+0x33/0x220 [ 2536.803028][T26650] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2536.809066][T26650] charge_memcg+0x1a9/0x6b0 [ 2536.813781][T26650] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2536.819548][T26650] __mem_cgroup_charge+0xb9/0x2e0 [ 2536.824809][T26650] wp_page_copy+0x719/0x4310 [ 2536.829615][T26650] ? kmsan_get_metadata+0x33/0x220 [ 2536.834961][T26650] ? kmsan_get_metadata+0x33/0x220 [ 2536.840293][T26650] ? preempt_count_sub+0xfc/0x340 [ 2536.845510][T26650] do_wp_page+0xc81/0x29c0 [ 2536.850139][T26650] handle_mm_fault+0x43e1/0x47a0 [ 2536.855359][T26650] do_user_addr_fault+0x11f5/0x1e50 [ 2536.860790][T26650] exc_page_fault+0x60/0x140 [ 2536.865579][T26650] ? asm_exc_page_fault+0x8/0x30 [ 2536.870699][T26650] asm_exc_page_fault+0x1e/0x30 [ 2536.875727][T26650] RIP: 0023:0xf6e1f418 [ 2536.879933][T26650] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2536.899766][T26650] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2536.905937][T26650] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2536.914040][T26650] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2536.922096][T26650] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2536.930204][T26650] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2536.938309][T26650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2536.946409][T26650] [ 2536.951916][T26650] memory: usage 307200kB, limit 307200kB, failcnt 14085 [ 2536.958984][T26650] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2536.971395][T26650] Memory cgroup stats for /syz1: [ 2536.972962][T26650] anon 135168 [ 2536.972962][T26650] file 313262080 [ 2536.972962][T26650] kernel 1175552 [ 2536.972962][T26650] kernel_stack 32768 [ 2536.972962][T26650] pagetables 65536 [ 2536.972962][T26650] percpu 0 [ 2536.972962][T26650] sock 0 [ 2536.972962][T26650] vmalloc 0 [ 2536.972962][T26650] shmem 313262080 [ 2536.972962][T26650] file_mapped 40960 [ 2536.972962][T26650] file_dirty 0 [ 2536.972962][T26650] file_writeback 0 [ 2536.972962][T26650] swapcached 0 [ 2536.972962][T26650] anon_thp 0 [ 2536.972962][T26650] file_thp 0 [ 2536.972962][T26650] shmem_thp 0 [ 2536.972962][T26650] inactive_anon 311889920 [ 2536.972962][T26650] active_anon 1486848 [ 2536.972962][T26650] inactive_file 0 [ 2536.972962][T26650] active_file 0 [ 2536.972962][T26650] unevictable 0 [ 2536.972962][T26650] slab_reclaimable 787624 [ 2536.972962][T26650] slab_unreclaimable 271992 [ 2536.972962][T26650] slab 1059616 [ 2536.972962][T26650] workingset_refault_anon 0 [ 2536.972962][T26650] workingset_refault_file 0 [ 2537.069384][T26650] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26650,uid=0 [ 2537.085514][T26650] Memory cgroup out of memory: Killed process 26650 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:09 executing program 1: r0 = syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x20000001f5, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="6873717307000000911d675f001000000100000001000c00e0000200040000001a01000000000000f501000000000000a401000000000000dd01000000000000810000000000000015010000000000006c01000000000000920100000000000078da2baeacca4eccc9492d2aa61da3980e768c324619a38ca1c64070013443f414920078da636278cbc8c0c0c83051363d1ec840012940cc8424cf8c2627c5c2c0c0ccf01f2e0fe43280cc500362fd92dc02fde2ca2addccdcc4f4d4f4d43c13434b737333634b23fdb4cc9c540308c988643a13d46410ad09c4ec40cc8924cf8a643b179a4b612eaf6381d0c8fad880fc04a8bc8632aa3e905dff81800189469879006e063b540c14022140ff7100690062dd2825450078da63648000662056006226061686b4cc9c5403070646a0208463c80255c508a5991838c0127ac9f939297540614698b6794006cc0cc36b0cac708e1132c7180038d711c70e0078da4b60800045280d00071800825c010000000000001c0078da636080803a28ad00a51da0f43c287d0d4a4b3142680041df026e740100000000000008805cf90100535f01009a010000000000001d0078da63606063a8482c29293264636080b21860624670312300b5bc09ab108000000000000000000200000024000000ac010000000000000100000000000000cb01", 0x1ef}], 0x0, &(0x7f0000000140)=ANY=[]) statx(r0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x0, &(0x7f0000000340)) [ 2537.168289][T26656] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2537.176317][T26656] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2537.229202][T26656] F2FS-fs (loop4): invalid crc value [ 2537.241065][T26656] F2FS-fs (loop4): invalid crc_offset: 0 [ 2537.247243][T26656] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:09 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:09 executing program 5: socket$igmp(0x2, 0x3, 0x2) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, 0x0, 0x0) 21:16:09 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r2}}, 0x30) [ 2537.667839][T26663] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2537.738224][T26663] device bond184 entered promiscuous mode [ 2537.776303][T26663] device bond184 left promiscuous mode 21:16:10 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1}}, 0x18) 21:16:10 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:10 executing program 5: socket$igmp(0x2, 0x3, 0x2) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_ifindex, @private}, 0x10) [ 2538.354889][T26674] loop4: detected capacity change from 0 to 253983 [ 2538.450942][T26667] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2538.461616][T26667] CPU: 1 PID: 26667 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2538.473415][T26667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2538.483606][T26667] Call Trace: [ 2538.486992][T26667] [ 2538.490018][T26667] dump_stack_lvl+0x200/0x28c [ 2538.494900][T26667] dump_stack+0x29/0x2c [ 2538.499256][T26667] dump_header+0x1e5/0xae0 [ 2538.503911][T26667] oom_kill_process+0x3a7/0xba0 [ 2538.508999][T26667] out_of_memory+0x111c/0x1570 [ 2538.513984][T26667] ? slab_debugfs_show+0xa40/0xaa0 [ 2538.519325][T26667] mem_cgroup_out_of_memory+0x46b/0x590 [ 2538.525118][T26667] mem_cgroup_oom+0xa3d/0xd30 [ 2538.530002][T26667] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2538.535238][T26667] try_charge_memcg+0x18b0/0x2110 [ 2538.540675][T26667] ? kmsan_get_metadata+0x33/0x220 [ 2538.546071][T26667] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2538.552122][T26667] charge_memcg+0x1a9/0x6b0 [ 2538.556818][T26667] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2538.562569][T26667] __mem_cgroup_charge+0xb9/0x2e0 [ 2538.567817][T26667] wp_page_copy+0x719/0x4310 [ 2538.572591][T26667] ? kmsan_get_metadata+0x33/0x220 [ 2538.577907][T26667] ? kmsan_get_metadata+0x33/0x220 [ 2538.583218][T26667] ? preempt_count_sub+0xfc/0x340 [ 2538.588426][T26667] do_wp_page+0xc81/0x29c0 [ 2538.593040][T26667] handle_mm_fault+0x43e1/0x47a0 [ 2538.598141][T26667] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2538.604325][T26667] do_user_addr_fault+0x11f5/0x1e50 [ 2538.609741][T26667] exc_page_fault+0x60/0x140 [ 2538.614513][T26667] ? asm_exc_page_fault+0x8/0x30 [ 2538.619612][T26667] asm_exc_page_fault+0x1e/0x30 [ 2538.624615][T26667] RIP: 0023:0xf6e1f418 [ 2538.628801][T26667] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2538.648564][T26667] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2538.654788][T26667] RAX: 00000000f6f50000 RBX: 00000000afe1bc14 RCX: 0000000000001c14 [ 2538.662906][T26667] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000816309ac [ 2538.670993][T26667] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2538.679076][T26667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2538.687160][T26667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2538.695277][T26667] 21:16:10 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) [ 2538.700920][T26667] memory: usage 307200kB, limit 307200kB, failcnt 14139 [ 2538.708265][T26667] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2538.715377][T26667] Memory cgroup stats for /syz1: [ 2538.716871][T26667] anon 131072 [ 2538.716871][T26667] file 313262080 [ 2538.716871][T26667] kernel 1179648 [ 2538.716871][T26667] kernel_stack 32768 [ 2538.716871][T26667] pagetables 69632 [ 2538.716871][T26667] percpu 0 [ 2538.716871][T26667] sock 0 [ 2538.716871][T26667] vmalloc 0 [ 2538.716871][T26667] shmem 313262080 [ 2538.716871][T26667] file_mapped 40960 [ 2538.716871][T26667] file_dirty 0 [ 2538.716871][T26667] file_writeback 0 [ 2538.716871][T26667] swapcached 0 [ 2538.716871][T26667] anon_thp 0 [ 2538.716871][T26667] file_thp 0 [ 2538.716871][T26667] shmem_thp 0 [ 2538.716871][T26667] inactive_anon 311906304 [ 2538.716871][T26667] active_anon 1486848 [ 2538.716871][T26667] inactive_file 0 [ 2538.716871][T26667] active_file 0 [ 2538.716871][T26667] unevictable 0 [ 2538.716871][T26667] slab_reclaimable 786584 [ 2538.716871][T26667] slab_unreclaimable 271896 [ 2538.716871][T26667] slab 1058480 [ 2538.716871][T26667] workingset_refault_anon 0 [ 2538.716871][T26667] workingset_refault_file 0 [ 2538.813170][T26667] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26667,uid=0 [ 2538.829293][T26667] Memory cgroup out of memory: Killed process 26667 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 [ 2538.877464][T26674] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2538.885637][T26674] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2538.900264][T26674] F2FS-fs (loop4): invalid crc_offset: 0 [ 2538.936298][T26674] F2FS-fs (loop4): invalid crc_offset: 0 [ 2538.942659][T26674] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:11 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:11 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1}}, 0x18) 21:16:11 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000540), 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000780)={{}, {0x1}}) [ 2539.210153][T26678] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2539.287629][T26680] device bond185 entered promiscuous mode [ 2539.314971][T26680] device bond185 left promiscuous mode 21:16:11 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:11 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) 21:16:11 executing program 5: socket$igmp(0x2, 0x3, 0x2) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_ifindex, @private}, 0x10) 21:16:12 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r1}}, 0x18) [ 2539.983598][T26690] loop4: detected capacity change from 0 to 253983 [ 2540.063579][T26690] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2540.071639][T26690] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2540.209092][T26690] F2FS-fs (loop4): invalid crc_offset: 0 [ 2540.237850][T26686] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2540.253250][T26686] CPU: 1 PID: 26686 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2540.265007][T26686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2540.275377][T26686] Call Trace: [ 2540.278839][T26686] [ 2540.281890][T26686] dump_stack_lvl+0x200/0x28c [ 2540.286782][T26686] dump_stack+0x29/0x2c [ 2540.291115][T26686] dump_header+0x1e5/0xae0 [ 2540.295773][T26686] oom_kill_process+0x3a7/0xba0 [ 2540.300856][T26686] out_of_memory+0x111c/0x1570 [ 2540.305833][T26686] ? slab_debugfs_show+0xa40/0xaa0 [ 2540.311215][T26686] mem_cgroup_out_of_memory+0x46b/0x590 [ 2540.317008][T26686] mem_cgroup_oom+0xa3d/0xd30 [ 2540.321911][T26686] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2540.327143][T26686] try_charge_memcg+0x18b0/0x2110 [ 2540.332389][T26686] ? kmsan_get_metadata+0x33/0x220 [ 2540.337767][T26686] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2540.343820][T26686] charge_memcg+0x1a9/0x6b0 [ 2540.348527][T26686] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2540.354301][T26686] __mem_cgroup_charge+0xb9/0x2e0 [ 2540.359549][T26686] wp_page_copy+0x719/0x4310 [ 2540.364341][T26686] ? kmsan_get_metadata+0x33/0x220 [ 2540.369667][T26686] ? update_misfit_status+0x30/0xcd0 [ 2540.375168][T26686] ? kmsan_get_metadata+0x33/0x220 [ 2540.380500][T26686] ? preempt_count_sub+0xfc/0x340 [ 2540.385729][T26686] do_wp_page+0xc81/0x29c0 [ 2540.390393][T26686] handle_mm_fault+0x43e1/0x47a0 [ 2540.395525][T26686] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2540.401828][T26686] do_user_addr_fault+0x11f5/0x1e50 [ 2540.407287][T26686] exc_page_fault+0x60/0x140 [ 2540.412094][T26686] ? asm_exc_page_fault+0x8/0x30 [ 2540.417214][T26686] asm_exc_page_fault+0x1e/0x30 [ 2540.419802][T26690] F2FS-fs (loop4): invalid crc_offset: 0 [ 2540.422241][T26686] RIP: 0023:0xf6e1f418 [ 2540.422337][T26686] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2540.422456][T26686] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2540.422560][T26686] RAX: 00000000f6f50000 RBX: 000000004afa5404 RCX: 0000000000001404 [ 2540.422646][T26686] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826ce43b [ 2540.422731][T26686] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2540.431562][T26690] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2540.432480][T26686] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2540.432562][T26686] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2540.432669][T26686] [ 2540.432892][T26686] memory: usage 307200kB, limit 307200kB, failcnt 14184 [ 2540.432964][T26686] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2540.433032][T26686] Memory cgroup stats for /syz1: [ 2540.524493][T26686] anon 131072 [ 2540.524493][T26686] file 313262080 [ 2540.524493][T26686] kernel 1179648 [ 2540.524493][T26686] kernel_stack 32768 [ 2540.524493][T26686] pagetables 69632 [ 2540.524493][T26686] percpu 0 [ 2540.524493][T26686] sock 0 [ 2540.524493][T26686] vmalloc 0 [ 2540.524493][T26686] shmem 313262080 [ 2540.524493][T26686] file_mapped 40960 [ 2540.524493][T26686] file_dirty 0 [ 2540.524493][T26686] file_writeback 0 [ 2540.524493][T26686] swapcached 0 [ 2540.524493][T26686] anon_thp 0 [ 2540.524493][T26686] file_thp 0 [ 2540.524493][T26686] shmem_thp 0 [ 2540.524493][T26686] inactive_anon 311906304 [ 2540.524493][T26686] active_anon 1486848 [ 2540.524493][T26686] inactive_file 0 [ 2540.524493][T26686] active_file 0 [ 2540.524493][T26686] unevictable 0 [ 2540.524493][T26686] slab_reclaimable 786584 [ 2540.524493][T26686] slab_unreclaimable 272160 [ 2540.524493][T26686] slab 1058744 [ 2540.524493][T26686] workingset_refault_anon 0 [ 2540.524493][T26686] workingset_refault_file 0 [ 2540.620791][T26686] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26686,uid=0 [ 2540.636909][T26686] Memory cgroup out of memory: Killed process 26686 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:13 executing program 1: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000013c0)) [ 2540.862864][T26696] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:13 executing program 5: socket$igmp(0x2, 0x3, 0x2) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_ifindex, @private}, 0x10) 21:16:13 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:13 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r1}}, 0x30) [ 2540.941627][T26696] bond186 (uninitialized): Released all slaves 21:16:13 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:13 executing program 2: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000001180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001140)={&(0x7f00000000c0)={0xec4, 0x13, 0xa05, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0xe75, 0x1, "bb909a6ad8abc5adafd18b9f7a211ad4e4e98ad5f53365d8444be2c4a2b4969f6f6722a56624285388dde03c433a4c84f793158c7a8698967629df92ba0ff94b97a8ad30055dae5fc5b72bb2df0acb741049b76f5c7791d13881c82b2f0a7b3ebddd9db213925ce6f98b7d277bbb31848174f272edea1d38b86d2f957688368de9f6aa67a9a1068b4b5e53839fb5c16d1f8475f0af9246f0eb3545016d8bd075f158ea0c6b1deccd6aa7b384244e5f6a40e2572ecad93b414612a1307a29e3a88078cfe0f7f54602d61ea017b80e10cd0cbb7bcbc635d4c343a3aae95bd56ec6179f0e0a91362f8258766044f06101519052a52c33f360cf1269101eb889f7916de085a9d60e976c056653fb9bbb6befd3a5909ed8868a482cf54c7fcce0d82c9d1d3e5cb5c83f0ee1e2a497b1fcf59ecc3bf57c74bfa71a0bebcd7fe05b6ca994f5753f1ff483e4a9071c6fcc97b7b9dc327f9194470a8e1c1f15d2dc048caa2de1676ecdcf79c3864f2b3c31850034f42810f1c11049ea67209261f97ff0ad5fcf07ebf223f5127d60c1fbe06ee11513e8534c80b6bc05916a09ccdf5ebe3003e095c0a94dc52b1d733d6611be5d101830bcb660a89e82c554ae3ee2db2a5dd5a75ebef4429bbc8dbaced1d2ed38c01313987ff6e5d314710b8ced0474be6b203013de23c313abbe64256357632aa062dfd103d0c98b4bc905b359d77d3369c5e67e4b88bb72bc5332d851ce3300c843374a82394b3cba494781dbafb9cea417c230b3c6bc8b0a2e6f2e2bd3153bd41929893eccc55b2fab96140e957ec72787c743e4e9596f693fb8e696d9e6e3a36be096d5804e5d18ed887b637e4bfa7249769c573c59f4b960a8bf90f3f7d87094b8b75da232a7be0e6913cef1c8256f9b16ce7616e964d1c8485dd59c4504e840755b82718aba6c3c5df37b0bdaba79bdc01958aa2f1582bdbc1ce9d7abd3ce79ba50f1373b1efdade59f6c718cfd1bedb5e3d049bd8f980e427b29fa1360acd2c81a4ba8117b5329bd50445a097b22b6be7a4121fd711f72c58e2ca2c6e2ddf09521c2716ab4ffe0036593ef28d81cf84ceb3d20bd96f5f27c89d7a737e7734b1d144924c3fdb9cff462537ab1dc804113174178804d12d8e95f3aeac087da5f938df7e89b7fcfaed9598a0141dc537328341a74fb48b3a50cda047096cf577a2df477d74a2882d250d79e1fd1775183f0896de417bb627e4083161fea3acd18da1575ddc6a220afac288b70cb23758dd2146c25e14189a0b301c4cae667f1ab91924236bd046fbc95c73d3109ee98deb5b57b76f46f647359cdbf13c29397ab3d51ada0b4bd32a1d38ff8ed635501b0e1291dc0b1fea54dd922d0f172c0f143fea7a4e092a7f7b8a0a474a8ebc1c07cdab30c6f9e24f9b4ebb831b33c1e8e0b0a0afbf8de0302897c916d8b61f6e6be8555cb103696d2731d6976514c38f14db5034ce6be3f5b49a1bb6bb3d295bd1baadb088cbf808a749dc63440b372ef93d9930e274b94bf1e65d763afa82ba70b7271b0bbfc463e33d43db0ed2be13e32452b05e4004611b95965b282a300953df9787c334a067cb4aba1a5d21f9abb88ce73c3b920d204aa001c33d0ed8e528f498ddc3269d1d090ddd7fba0aca03d9f1710e0328110ec1fb4c19643910eeeb9ef757c9ca6264427a32ca12315ad5a79758b35cad30d5cecefbc4c0b0e35dd0e48958e06946e1ddb606382efc6d3e9b9673ecc5068700d0f60a7139817e15c071274bd8e4564703f157640baadd30135d75c25962a0a6057a867c30b6eb5dc4e2463b52a0e60c0bfa56568195f306fa10e768c062f3443b71289db024e6826a631864d0975564e9ec5cab67f137e688635f5831a0813a947c5e2203dbbd629ad0d1bb50b986a0784ac927a2991851b3c2d35e21b70fc264198672cd9c648da8b1e834bc27af5398e43310cea6a174cb352439c403004d57016fe1b57ae9fdbcf9f0fec440633abee093a06f358c7eee51c407677b23880aaea67d83d7cff1465d43285db7b35b6f8fab9322c13e9881cad664dc6c428f994fe414c729b66314b03e26f4c85368b9c6f06db3745db4eb723be7355a8b51ec903ebd44e133b61bcced464ae91f111c0102571faff098ded9a54ab7a93b421050653a849a945b2b7ea53d31a058e7eb924687a869f056119a0d1036ae74002944e9e52cb6e60e050ca2c373e05d4811cdae27b4dc33fac244dd666e0b16d0fef433a73a140d4fa42394265213e01c89500f6965c5c49e133b80813930e9af383151a1ddc1f7743a091f84519b1426f43ab0fb87912b795908e6a6a0a02d63fda4aafe4de7f2832f68e5acf5cc0ba7873364a3fcfc99e33b562ad3637d8c65110c66ce9af1fffd36156cdfc72bdf06b54e79a55041fbb325a91d91686218cee0f5eac3cd62ca82782942a9998cc40dca436a3146b0c57eeffbec69c901e8ae08bb9a2d7c9c6976b9745fff0dc267946fba1ff8c81ee51db78cdae07e6be7d11c682a7680309eec27c6316f051a1d7dcc432a876bdf603be2843201da727617a6d76717388bc7c13a9af2ed898d9051c63f8d18e199f581a488f977c9fae12e4e2c3ee7b922f2047be980b65ac4421ac256583f52075420ad29e5fd88f2c9e5971fcc4020411389805966e3321f4cf5999e97e337d0c8e1852171efe744ef4fa81cd861207e1385ec716dc73e061507505a4002ef85de8ae68ec1274d8706a023e565788faa5f24b40d018b9cfa2e04bfda341957b343b3b009639e96c6ee43104bc14741b4cf94651dddc9c917c5b1b31406a96a6ed795b79c5316ac99ca2b1f3a352fac30be8268e0eaa0aa2c3c979eac6c0962f90b47c88d8bb77a215a7243063793c088103b6afab528a821b75760b7fb5d37bed920a70e3b0dcb5799a6cda067e1b1223274ec10bb26ca3ddb3feea7452a8b9640a3337672383804ef7ce1f4fcc1fa1550114e81df3450e91bfd3f50735e87b9cbc0de2124386f8606626b3780ecd9e6628faf5257179de1eaa587dd9764aa109725239d69ad81b62f663a8373c4aa2ddeddfe37e4e5c0349cf11d46449d4d5468e5cac9d7dbc254d7140b84018a26ecc572ae8aa5134b3da38ff0234ecb3e44487250449e4abc86996646018c11db5f378dcccf8db529aaede28dd13748e86d3e28ad5bb48e69e68bb3565e1254916ce206fead4958e2b841516e83de221c4623e9e893c45e2e36915d93f56af6fb52e6415d356d42e359281fb0bcbb97d5bc3b35d4789c1d8ac0f0a84d4b7bb8b002414149f9a7d48a9f6563fa27e1bea286912270c88a7428a2ebe3fb88d4b1b6e50d0a178365800aafa95f36f1fdb4e0ef2307ae19625da048ca285559c7039f26a5f3970f8039527d03c2a595befcbc4a124503d154318a0409818cfee4cff061d1d1c0168af33b2207e595b79c555e9faf7356f7bfbee0b162db2d4c2e0dc03f58e4cf5b702290046f996a53c353817b1d62ac84782e0605133a9fcc637f0c51cdd8cbc727c059f97c32f4ddf4b3e29440ccaf3ebf74fa08fa960f564257b70be31a9a0b12f2848efddc1da650f1ea6fe7d885bfc486dfe9586536c3fc6dcc7b6ae7f6fa1f51485c3b4137d80ec2aa3f06a64ab0c3f409d19c485b7203fd4c9550a043a24255355072a3cc53f4e627979808dd9d10547e44ca749e2f479dff51190a136b793490653a7a80578237bac22cd587934aefa15511ec657e95ce4cf11a9e0253420a7f57902ad050b70ec268474cf1d20d5b90ec23c1731d77602efecefe65bef81e6f5543f838c219705631051548425ec2f81aaee9ea9289967aaeb0fdf5363c0097fcbe923b90aab5c78c003705e393dfb8a676dad0fb40ad39e3fabcb4f39c061fe0aaab1837210d8fa386f1663574b976796fb6b678929ee1b1624ef494248fb9870a07dc53f38fbc2fe1add461e6d5476b92f9501f2087eeafe286532ac31fb473795888859f2aa214edcb2c9534cbd7e1b28152b3e9da11d1ccc375d865ed9ef7b41a2992caec6a8ace0dfc0830bc4bb103c8f1dea88653099e96a616e5f30cbf9628f87c5153e4134af19dd7b9a76b31b2de7ffb4e7d9aa1038a0ae4d62e38d964d2a911066b7a7826ef16ae70dcdb700fed765c19671103b9814699a697faf6401de964cc19f6b0213fc6f02320b14b493f710d83d055633b2ca8bdc25972a179e5ebd8477a75ada65f076783dc59622503fbf2a439dc6d7fa736962ce65ccc692c608ff7fce74c38fe8e1925161a29723799fd07217f61754707f128afeb8e5f057e42cde13e8134c936b45305311c6237540a61b3cf1514a109449476e9a7050d5d1362a1f2fc128f1acb58d914d7ae0914fbf4ab7c7fedb99254659ec55414b75f4777cc7e629e6c02254d6ff6998db3706bfa81f84d9558090f0ac53b498d216f52c082e64ad214467aadc5dc5514dcfcf4da2ddf4efb31fbad2901f3a672eaa67ebdf8bca1475e3acee8efffd521c054bd1e5300db187a915903a62d4e13cc316b4230feb91c971e56fe14dcb57aee4d30f2bb7b0fba34ab4024c385fbc5c986f3353e928238c2bfe39d73ae849ddf547196846b903bb8b249720323e98d0564a2f166a213ba617943f1bdd2708dec39d7f016fbb64aaead8627947b5e11aaf9b37d5d528486cd8966b420ca8a783997f7e9388fef7f29ff62b4fb01efbe9dc80eb0293fcf4c1a949d245d1d5071d5f89db09c95fda8d772a6c168c9cf82c64045f9844f036153ff070dec18250adb2fe1e6597dd0a1930026a506f700a16a1773fba6b1d9fb69c9ffe45220ce32dd308fdabf32c8c1253f198a624945bdad528c1f8c32cd1a17d7207900f3b627c59e8058dfca7964bd26a0bc87e7a3ff4b632fa978ddced91472d2154f573107159ad9e1954a8d4fb2be0449fac472ee735a9e84d6ceb5f1580c54e79ff538da35b4d560cfefa60c43b79601d64d136736f06aed110c928f525723264d7323c703517e1a026a6b94f10b2febecb4229e774105f1e6d71cf6119ed0a6e8efc48d82a88d83c2c09da12f7b5bb026d234605411df625ed6364e8691833f1e5d26f3aa806c489c86af7682b0c1837119867ce265e09aa7e8deec26e0a7cceb824bf71cb3476778e5c44a794527a6e96a672a792dfdd314dab299d847532bd613593805647927babbc68af4be6e66de0935cb9ff09331ddab5547ebf08"}]}, 0xec4}}, 0x0) 21:16:14 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, 0x0, 0x0) [ 2541.864306][T26710] loop4: detected capacity change from 0 to 253983 [ 2541.908336][T26711] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2541.943209][T26711] bond186 (uninitialized): Released all slaves [ 2541.947818][T26710] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2541.957653][T26710] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2541.985027][T26710] F2FS-fs (loop4): invalid crc_offset: 0 [ 2541.991649][T26710] F2FS-fs (loop4): invalid crc_offset: 0 [ 2541.997729][T26710] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:14 executing program 5: socketpair(0x11, 0x3, 0x0, &(0x7f0000000700)) 21:16:14 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f00000000c0)={{0x0, 0x5}, 'port1\x00'}) 21:16:14 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:14 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {0x0, 0x0, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2542.171597][T26701] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 2542.184987][T26701] CPU: 1 PID: 26701 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2542.196731][T26701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2542.206938][T26701] Call Trace: [ 2542.210283][T26701] [ 2542.213302][T26701] dump_stack_lvl+0x200/0x28c [ 2542.218103][T26701] dump_stack+0x29/0x2c [ 2542.222371][T26701] dump_header+0x1e5/0xae0 [ 2542.226946][T26701] oom_kill_process+0x3a7/0xba0 [ 2542.232020][T26701] out_of_memory+0x111c/0x1570 [ 2542.236908][T26701] ? slab_debugfs_show+0xa40/0xaa0 [ 2542.242166][T26701] mem_cgroup_out_of_memory+0x46b/0x590 [ 2542.247984][T26701] mem_cgroup_oom+0xa3d/0xd30 [ 2542.252889][T26701] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2542.259169][T26701] try_charge_memcg+0x18b0/0x2110 [ 2542.264388][T26701] ? __rcu_read_unlock+0x85/0xf0 [ 2542.269452][T26701] obj_cgroup_charge_pages+0x352/0x760 [ 2542.275150][T26701] __memcg_kmem_charge_page+0x5b2/0x910 [ 2542.280856][T26701] __alloc_pages+0x82e/0x1040 [ 2542.285695][T26701] dup_task_struct+0x310/0xaf0 [ 2542.290570][T26701] ? kmsan_get_metadata+0x33/0x220 [ 2542.295831][T26701] copy_process+0xb32/0x68e0 [ 2542.300617][T26701] ? kmsan_get_metadata+0x33/0x220 [ 2542.305924][T26701] ? kernel_clone+0x84/0x1110 [ 2542.310751][T26701] kernel_clone+0x4c4/0x1110 [ 2542.315440][T26701] ? __stack_depot_save+0x21/0x4b0 [ 2542.320680][T26701] ? kmsan_get_metadata+0x33/0x220 [ 2542.325993][T26701] ? kmsan_get_shadow_origin_ptr+0xe0/0xf0 [ 2542.331941][T26701] __ia32_compat_sys_ia32_clone+0x29a/0x410 [ 2542.337995][T26701] do_int80_syscall_32+0x4d/0xa0 [ 2542.343051][T26701] ? asm_exc_page_fault+0x8/0x30 [ 2542.348162][T26701] entry_INT80_compat+0x71/0x76 [ 2542.353186][T26701] RIP: 0023:0xf6e5a3a4 [ 2542.357338][T26701] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00 [ 2542.377063][T26701] RSP: 002b:00000000ffacc000 EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 2542.385591][T26701] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f917a4 [ 2542.394175][T26701] RDX: 00000000f7f91ba8 RSI: 00000000ffacc04c RDI: 00000000f7f91ba8 [ 2542.402294][T26701] RBP: 00000000f6f36000 R08: 0000000000000000 R09: 0000000000000000 [ 2542.410402][T26701] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 2542.418500][T26701] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2542.426564][T26701] [ 2542.429810][T26701] memory: usage 307192kB, limit 307200kB, failcnt 14233 [ 2542.437038][T26701] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2542.444132][T26701] Memory cgroup stats for /syz1: [ 2542.445517][T26701] anon 114688 [ 2542.445517][T26701] file 313262080 [ 2542.445517][T26701] kernel 1187840 [ 2542.445517][T26701] kernel_stack 32768 [ 2542.445517][T26701] pagetables 65536 [ 2542.445517][T26701] percpu 0 [ 2542.445517][T26701] sock 0 [ 2542.445517][T26701] vmalloc 0 [ 2542.445517][T26701] shmem 313262080 [ 2542.445517][T26701] file_mapped 40960 [ 2542.445517][T26701] file_dirty 0 [ 2542.445517][T26701] file_writeback 0 [ 2542.445517][T26701] swapcached 0 [ 2542.445517][T26701] anon_thp 0 [ 2542.445517][T26701] file_thp 0 [ 2542.445517][T26701] shmem_thp 0 [ 2542.445517][T26701] inactive_anon 311889920 [ 2542.445517][T26701] active_anon 1486848 [ 2542.445517][T26701] inactive_file 0 [ 2542.445517][T26701] active_file 0 [ 2542.445517][T26701] unevictable 0 [ 2542.445517][T26701] slab_reclaimable 786584 [ 2542.445517][T26701] slab_unreclaimable 280704 [ 2542.445517][T26701] slab 1067288 [ 2542.445517][T26701] workingset_refault_anon 0 [ 2542.445517][T26701] workingset_refault_file 0 [ 2542.516924][ T1194] ieee802154 phy0 wpan0: encryption failed: -22 [ 2542.541707][T26701] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg= [ 2542.548308][ T1194] ieee802154 phy1 wpan1: encryption failed: -22 [ 2542.548356][T26701] /syz1,task=syz-executor.1,pid=26701,uid=0 [ 2542.572949][T26701] Memory cgroup out of memory: Killed process 26701 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:14 executing program 1: request_key(&(0x7f0000001280)='keyring\x00', &(0x7f00000012c0)={'syz', 0x1}, &(0x7f0000001300)='\x06\x00\bx\x00', 0x0) 21:16:15 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, 0x0, 0x0) 21:16:15 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000540), 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000840)={0x0, 0x0, 0x0, 'queue1\x00'}) [ 2543.297093][T26723] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2543.325172][T26723] bond186 (uninitialized): Released all slaves 21:16:15 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xffffffff}]}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, 0x0) [ 2543.419351][T26727] loop4: detected capacity change from 0 to 253983 21:16:15 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2543.504440][T26727] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2543.512744][T26727] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2543.541570][T26727] F2FS-fs (loop4): invalid crc_offset: 0 [ 2543.581088][T26727] F2FS-fs (loop4): invalid crc_offset: 0 [ 2543.588039][T26727] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:16 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {0x0, 0x0, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:16 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, 0x0, 0x0) [ 2543.953896][T26726] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2543.964672][T26726] CPU: 0 PID: 26726 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2543.976411][T26726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2543.986601][T26726] Call Trace: [ 2543.989983][T26726] [ 2543.993006][T26726] dump_stack_lvl+0x200/0x28c [ 2543.997884][T26726] dump_stack+0x29/0x2c [ 2544.002208][T26726] dump_header+0x1e5/0xae0 [ 2544.006861][T26726] oom_kill_process+0x3a7/0xba0 [ 2544.011941][T26726] out_of_memory+0x111c/0x1570 [ 2544.016910][T26726] ? slab_debugfs_show+0xa40/0xaa0 [ 2544.022222][T26726] mem_cgroup_out_of_memory+0x46b/0x590 [ 2544.028003][T26726] mem_cgroup_oom+0xa3d/0xd30 [ 2544.032872][T26726] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2544.038091][T26726] try_charge_memcg+0x18b0/0x2110 [ 2544.043336][T26726] ? kmsan_get_metadata+0x33/0x220 [ 2544.048695][T26726] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2544.054706][T26726] charge_memcg+0x1a9/0x6b0 [ 2544.059397][T26726] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2544.065153][T26726] __mem_cgroup_charge+0xb9/0x2e0 [ 2544.070391][T26726] wp_page_copy+0x719/0x4310 [ 2544.075161][T26726] ? kmsan_get_metadata+0x33/0x220 [ 2544.080467][T26726] ? kmsan_get_metadata+0x33/0x220 [ 2544.086214][T26726] ? preempt_count_sub+0xfc/0x340 [ 2544.091419][T26726] do_wp_page+0xc81/0x29c0 [ 2544.096019][T26726] handle_mm_fault+0x43e1/0x47a0 [ 2544.101119][T26726] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2544.106311][T26726] ? kmsan_get_metadata+0x33/0x220 [ 2544.111690][T26726] do_user_addr_fault+0x11f5/0x1e50 [ 2544.117110][T26726] exc_page_fault+0x60/0x140 [ 2544.121894][T26726] ? asm_exc_page_fault+0x8/0x30 [ 2544.126996][T26726] asm_exc_page_fault+0x1e/0x30 [ 2544.132090][T26726] RIP: 0023:0xf6e1f418 [ 2544.136274][T26726] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2544.156037][T26726] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2544.162242][T26726] RAX: 00000000f6f50000 RBX: 000000006fd13416 RCX: 0000000000001416 [ 2544.170333][T26726] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000867fe6ee [ 2544.178424][T26726] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2544.186507][T26726] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2544.194590][T26726] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2544.202792][T26726] [ 2544.209365][T26726] memory: usage 307200kB, limit 307200kB, failcnt 14296 [ 2544.219547][T26726] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2544.226952][T26726] Memory cgroup stats for /syz1: [ 2544.228481][T26726] anon 131072 [ 2544.228481][T26726] file 313262080 [ 2544.228481][T26726] kernel 1179648 [ 2544.228481][T26726] kernel_stack 32768 [ 2544.228481][T26726] pagetables 69632 [ 2544.228481][T26726] percpu 0 [ 2544.228481][T26726] sock 0 [ 2544.228481][T26726] vmalloc 0 [ 2544.228481][T26726] shmem 313262080 [ 2544.228481][T26726] file_mapped 40960 [ 2544.228481][T26726] file_dirty 0 [ 2544.228481][T26726] file_writeback 0 [ 2544.228481][T26726] swapcached 0 [ 2544.228481][T26726] anon_thp 0 [ 2544.228481][T26726] file_thp 0 [ 2544.228481][T26726] shmem_thp 0 [ 2544.228481][T26726] inactive_anon 311906304 [ 2544.228481][T26726] active_anon 1486848 [ 2544.228481][T26726] inactive_file 0 [ 2544.228481][T26726] active_file 0 [ 2544.228481][T26726] unevictable 0 [ 2544.228481][T26726] slab_reclaimable 786584 [ 2544.228481][T26726] slab_unreclaimable 271896 [ 2544.228481][T26726] slab 1058480 [ 2544.228481][T26726] workingset_refault_anon 0 [ 2544.228481][T26726] workingset_refault_file 0 [ 2544.324773][T26726] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26726,uid=0 21:16:16 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x4d}, {0x6}]}) [ 2544.340860][T26726] Memory cgroup out of memory: Killed process 26726 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:16 executing program 1: socketpair(0xf, 0x0, 0x0, &(0x7f0000000700)) [ 2544.592249][T26735] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2544.608729][T26735] bond186 (uninitialized): Released all slaves [ 2544.621311][ T24] audit: type=1326 audit(1655241376.860:35426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=26733 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ffa549 code=0xffff0000 21:16:17 executing program 2: syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)) 21:16:17 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:17 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) [ 2545.112518][T26744] loop4: detected capacity change from 0 to 253983 [ 2545.166982][ T24] audit: type=1326 audit(1655241377.410:35427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=26742 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f6b549 code=0x0 [ 2545.206290][T26744] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2545.214619][T26744] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2545.246750][T26744] F2FS-fs (loop4): invalid crc_offset: 0 21:16:17 executing program 5: syz_mount_image$tmpfs(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000001e40)=@v1={0x0, @aes128, 0x0, @desc1}) open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) [ 2545.265953][T26744] F2FS-fs (loop4): invalid crc_offset: 0 [ 2545.272385][T26744] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:17 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {0x0, 0x0, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:17 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x0, 0x0, 0x0, "b87ff732cca54cd62c6902ad2bb41fb68a803b169ef6209d2933aeef198f942758d80601f9d2d72ae8e03a530957f6f1fad729b4e894a4b545a02525ec7de4ac6fbbb0658e4e47c428439e5a12777cc7"}, 0xd8) [ 2545.668055][T26751] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2545.708627][T26751] bond186 (uninitialized): Released all slaves [ 2545.747135][T26743] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 21:16:18 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2545.759298][T26743] CPU: 1 PID: 26743 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2545.771055][T26743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2545.781253][T26743] Call Trace: [ 2545.784723][T26743] [ 2545.787760][T26743] dump_stack_lvl+0x200/0x28c [ 2545.792646][T26743] dump_stack+0x29/0x2c [ 2545.796999][T26743] dump_header+0x1e5/0xae0 [ 2545.801652][T26743] oom_kill_process+0x3a7/0xba0 [ 2545.806747][T26743] out_of_memory+0x111c/0x1570 [ 2545.811639][T26743] ? slab_debugfs_show+0xa40/0xaa0 [ 2545.816923][T26743] mem_cgroup_out_of_memory+0x46b/0x590 [ 2545.822729][T26743] mem_cgroup_oom+0xa3d/0xd30 [ 2545.827613][T26743] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2545.832839][T26743] try_charge_memcg+0x18b0/0x2110 [ 2545.838081][T26743] ? kmsan_get_metadata+0x33/0x220 [ 2545.843448][T26743] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2545.849405][T26743] charge_memcg+0x1a9/0x6b0 [ 2545.854142][T26743] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2545.859930][T26743] __mem_cgroup_charge+0xb9/0x2e0 [ 2545.865211][T26743] wp_page_copy+0x719/0x4310 [ 2545.870019][T26743] ? kmsan_get_metadata+0x33/0x220 [ 2545.875366][T26743] ? kmsan_get_metadata+0x33/0x220 [ 2545.880700][T26743] ? preempt_count_sub+0xfc/0x340 [ 2545.885853][T26743] do_wp_page+0xc81/0x29c0 [ 2545.890429][T26743] handle_mm_fault+0x43e1/0x47a0 [ 2545.895564][T26743] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2545.901886][T26743] do_user_addr_fault+0x11f5/0x1e50 [ 2545.907342][T26743] exc_page_fault+0x60/0x140 [ 2545.912115][T26743] ? asm_exc_page_fault+0x8/0x30 [ 2545.919409][T26743] asm_exc_page_fault+0x1e/0x30 [ 2545.924443][T26743] RIP: 0023:0xf6e1f418 [ 2545.928581][T26743] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2545.948295][T26743] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2545.954545][T26743] RAX: 00000000f6f50000 RBX: 00000000f95166e2 RCX: 00000000000006e2 [ 2545.962704][T26743] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863aa550 [ 2545.970822][T26743] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2545.978935][T26743] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2545.987025][T26743] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2545.995160][T26743] [ 2546.000797][T26743] memory: usage 307200kB, limit 307200kB, failcnt 14350 [ 2546.008781][T26743] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2546.015961][T26743] Memory cgroup stats for /syz1: [ 2546.017361][T26743] anon 131072 [ 2546.017361][T26743] file 313262080 [ 2546.017361][T26743] kernel 1179648 [ 2546.017361][T26743] kernel_stack 32768 [ 2546.017361][T26743] pagetables 69632 [ 2546.017361][T26743] percpu 0 [ 2546.017361][T26743] sock 0 [ 2546.017361][T26743] vmalloc 0 [ 2546.017361][T26743] shmem 313262080 [ 2546.017361][T26743] file_mapped 40960 [ 2546.017361][T26743] file_dirty 0 [ 2546.017361][T26743] file_writeback 0 [ 2546.017361][T26743] swapcached 0 [ 2546.017361][T26743] anon_thp 0 [ 2546.017361][T26743] file_thp 0 [ 2546.017361][T26743] shmem_thp 0 [ 2546.017361][T26743] inactive_anon 311906304 [ 2546.017361][T26743] active_anon 1486848 [ 2546.017361][T26743] inactive_file 0 [ 2546.017361][T26743] active_file 0 [ 2546.017361][T26743] unevictable 0 [ 2546.017361][T26743] slab_reclaimable 786584 [ 2546.017361][T26743] slab_unreclaimable 271896 [ 2546.017361][T26743] slab 1058480 [ 2546.017361][T26743] workingset_refault_anon 0 [ 2546.017361][T26743] workingset_refault_file 0 [ 2546.113840][T26743] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26743,uid=0 [ 2546.130104][T26743] Memory cgroup out of memory: Killed process 26743 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:18 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x14}, 0x14}}, 0x0) 21:16:18 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) [ 2546.513846][T26757] syz-executor.5 (pid 26757) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 2546.558760][T26758] loop4: detected capacity change from 0 to 253983 21:16:18 executing program 5: syz_mount_image$tmpfs(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000001e40)=@v1={0x0, @aes128, 0x0, @desc1}) open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) [ 2546.623145][T26758] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2546.631050][T26758] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2546.680783][T26758] F2FS-fs (loop4): invalid crc_offset: 0 [ 2546.695870][T26758] F2FS-fs (loop4): invalid crc_offset: 0 [ 2546.702157][T26758] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:19 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00), 0x0, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2547.006247][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 2547.011667][T26764] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2547.015907][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload 21:16:19 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x15}, {0x6}]}) [ 2547.064528][T26764] bond186 (uninitialized): Released all slaves 21:16:19 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:19 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) [ 2547.110254][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 2547.309066][T26765] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2547.319822][T26765] CPU: 1 PID: 26765 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2547.331552][T26765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2547.341734][T26765] Call Trace: [ 2547.345090][T26765] [ 2547.348084][T26765] dump_stack_lvl+0x200/0x28c [ 2547.352917][T26765] dump_stack+0x29/0x2c [ 2547.357182][T26765] dump_header+0x1e5/0xae0 [ 2547.361732][T26765] oom_kill_process+0x3a7/0xba0 [ 2547.366761][T26765] out_of_memory+0x111c/0x1570 [ 2547.371660][T26765] ? slab_debugfs_show+0xa40/0xaa0 [ 2547.376958][T26765] mem_cgroup_out_of_memory+0x46b/0x590 [ 2547.382761][T26765] mem_cgroup_oom+0xa3d/0xd30 [ 2547.387606][T26765] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2547.392862][T26765] try_charge_memcg+0x18b0/0x2110 [ 2547.398091][T26765] ? kmsan_get_metadata+0x33/0x220 [ 2547.403393][T26765] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2547.409467][T26765] charge_memcg+0x1a9/0x6b0 [ 2547.414146][T26765] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2547.419829][T26765] __mem_cgroup_charge+0xb9/0x2e0 [ 2547.425019][T26765] wp_page_copy+0x719/0x4310 [ 2547.429812][T26765] ? kmsan_get_metadata+0x33/0x220 [ 2547.435136][T26765] ? kmsan_get_metadata+0x33/0x220 [ 2547.440388][T26765] ? preempt_count_sub+0xfc/0x340 [ 2547.445595][T26765] do_wp_page+0xc81/0x29c0 [ 2547.450171][T26765] handle_mm_fault+0x43e1/0x47a0 [ 2547.455287][T26765] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2547.461356][T26765] do_user_addr_fault+0x11f5/0x1e50 [ 2547.466709][T26765] exc_page_fault+0x60/0x140 [ 2547.471427][T26765] ? asm_exc_page_fault+0x8/0x30 [ 2547.476473][T26765] asm_exc_page_fault+0x1e/0x30 [ 2547.481507][T26765] RIP: 0023:0xf6e1f418 [ 2547.485727][T26765] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2547.505458][T26765] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2547.511718][T26765] RAX: 00000000f6f50000 RBX: 00000000f3161b9c RCX: 0000000000001b9c [ 2547.519794][T26765] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826cc9a5 [ 2547.527858][T26765] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2547.535961][T26765] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2547.544063][T26765] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2547.552143][T26765] [ 2547.557490][T26765] memory: usage 307200kB, limit 307200kB, failcnt 14403 [ 2547.565412][T26765] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2547.572557][T26765] Memory cgroup stats for /syz1: [ 2547.573739][T26765] anon 131072 [ 2547.573739][T26765] file 313262080 [ 2547.573739][T26765] kernel 1179648 [ 2547.573739][T26765] kernel_stack 32768 [ 2547.573739][T26765] pagetables 65536 [ 2547.573739][T26765] percpu 0 [ 2547.573739][T26765] sock 0 [ 2547.573739][T26765] vmalloc 0 [ 2547.573739][T26765] shmem 313262080 [ 2547.573739][T26765] file_mapped 40960 [ 2547.573739][T26765] file_dirty 0 [ 2547.573739][T26765] file_writeback 0 [ 2547.573739][T26765] swapcached 0 [ 2547.573739][T26765] anon_thp 0 [ 2547.573739][T26765] file_thp 0 [ 2547.573739][T26765] shmem_thp 0 [ 2547.573739][T26765] inactive_anon 311869440 [ 2547.573739][T26765] active_anon 1486848 [ 2547.573739][T26765] inactive_file 0 [ 2547.573739][T26765] active_file 0 [ 2547.573739][T26765] unevictable 0 [ 2547.573739][T26765] slab_reclaimable 789480 [ 2547.573739][T26765] slab_unreclaimable 272072 [ 2547.573739][T26765] slab 1061552 [ 2547.573739][T26765] workingset_refault_anon 0 [ 2547.573739][T26765] workingset_refault_file 0 [ 2547.676095][T26765] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26765,uid=0 [ 2547.692265][T26765] Memory cgroup out of memory: Killed process 26765 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:20 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg(r0, &(0x7f0000002280)=[{{&(0x7f0000000080)=@in6={0xa, 0x4e23, 0x0, @loopback}, 0x80, 0x0, 0x0, &(0x7f0000002480)=ANY=[], 0xf}}, {{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0}}], 0x2, 0x0) 21:16:20 executing program 5: syz_mount_image$tmpfs(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000001e40)=@v1={0x0, @aes128, 0x0, @desc1}) open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) [ 2548.187017][T26776] loop4: detected capacity change from 0 to 253983 [ 2548.254278][T26776] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2548.262524][T26776] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2548.286076][T26776] F2FS-fs (loop4): invalid crc_offset: 0 [ 2548.292618][T26777] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2548.297247][T26776] F2FS-fs (loop4): invalid crc_offset: 0 [ 2548.311266][T26776] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2548.335606][ T24] audit: type=1326 audit(1655241380.580:35428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=26774 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ffa549 code=0x0 21:16:20 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00), 0x0, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2548.429559][T26777] bond186 (uninitialized): Released all slaves [ 2548.459982][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 2548.469708][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload 21:16:20 executing program 2: add_key$fscrypt_provisioning(&(0x7f0000000700), 0x0, 0x0, 0x0, 0xfffffffffffffffa) [ 2548.499356][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload 21:16:20 executing program 3: mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80, 0x0) 21:16:20 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2548.870097][T26782] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2548.880852][T26782] CPU: 1 PID: 26782 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2548.892560][T26782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2548.902717][T26782] Call Trace: [ 2548.906098][T26782] [ 2548.909097][T26782] dump_stack_lvl+0x200/0x28c [ 2548.913911][T26782] dump_stack+0x29/0x2c [ 2548.918168][T26782] dump_header+0x1e5/0xae0 [ 2548.922753][T26782] oom_kill_process+0x3a7/0xba0 [ 2548.927894][T26782] out_of_memory+0x111c/0x1570 [ 2548.932789][T26782] ? slab_debugfs_show+0xa40/0xaa0 [ 2548.938141][T26782] mem_cgroup_out_of_memory+0x46b/0x590 [ 2548.944117][T26782] mem_cgroup_oom+0xa3d/0xd30 [ 2548.948993][T26782] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2548.954239][T26782] try_charge_memcg+0x18b0/0x2110 [ 2548.959495][T26782] ? kmsan_get_metadata+0x33/0x220 [ 2548.964778][T26782] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2548.970798][T26782] charge_memcg+0x1a9/0x6b0 [ 2548.975479][T26782] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2548.981158][T26782] __mem_cgroup_charge+0xb9/0x2e0 [ 2548.986342][T26782] wp_page_copy+0x719/0x4310 [ 2548.991136][T26782] ? kmsan_get_metadata+0x33/0x220 [ 2548.996471][T26782] ? kmsan_get_metadata+0x33/0x220 [ 2549.001798][T26782] ? preempt_count_sub+0xfc/0x340 [ 2549.012014][T26782] do_wp_page+0xc81/0x29c0 [ 2549.016628][T26782] handle_mm_fault+0x43e1/0x47a0 [ 2549.021674][T26782] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2549.027862][T26782] do_user_addr_fault+0x11f5/0x1e50 [ 2549.033299][T26782] exc_page_fault+0x60/0x140 [ 2549.038094][T26782] ? asm_exc_page_fault+0x8/0x30 [ 2549.043202][T26782] asm_exc_page_fault+0x1e/0x30 [ 2549.048330][T26782] RIP: 0023:0xf6e1f418 [ 2549.052519][T26782] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2549.072408][T26782] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2549.078713][T26782] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2549.086770][T26782] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2549.094976][T26782] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2549.103114][T26782] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2549.111219][T26782] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2549.119377][T26782] [ 2549.124615][T26782] memory: usage 307200kB, limit 307200kB, failcnt 14463 [ 2549.133398][T26782] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2549.140366][T26782] Memory cgroup stats for /syz1: [ 2549.142133][T26782] anon 135168 [ 2549.142133][T26782] file 313262080 [ 2549.142133][T26782] kernel 1175552 [ 2549.142133][T26782] kernel_stack 32768 [ 2549.142133][T26782] pagetables 65536 [ 2549.142133][T26782] percpu 0 [ 2549.142133][T26782] sock 0 [ 2549.142133][T26782] vmalloc 0 [ 2549.142133][T26782] shmem 313262080 [ 2549.142133][T26782] file_mapped 40960 [ 2549.142133][T26782] file_dirty 0 [ 2549.142133][T26782] file_writeback 0 [ 2549.142133][T26782] swapcached 0 [ 2549.142133][T26782] anon_thp 0 [ 2549.142133][T26782] file_thp 0 [ 2549.142133][T26782] shmem_thp 0 [ 2549.142133][T26782] inactive_anon 311869440 [ 2549.142133][T26782] active_anon 1486848 [ 2549.142133][T26782] inactive_file 0 [ 2549.142133][T26782] active_file 0 [ 2549.142133][T26782] unevictable 0 [ 2549.142133][T26782] slab_reclaimable 785768 [ 2549.142133][T26782] slab_unreclaimable 273344 [ 2549.142133][T26782] slab 1059112 [ 2549.142133][T26782] workingset_refault_anon 0 [ 2549.142133][T26782] workingset_refault_file 0 [ 2549.238209][T26782] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26782,uid=0 [ 2549.254294][T26782] Memory cgroup out of memory: Killed process 26782 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:21 executing program 1: syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = getegid() syz_mount_image$fuse(0x0, &(0x7f0000002400)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) fchownat(r0, &(0x7f0000000080)='./file0\x00', 0x0, r1, 0x0) 21:16:21 executing program 2: pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RGETLOCK(r0, 0x0, 0x0) 21:16:21 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000014c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000, 0x0) 21:16:22 executing program 5: syz_mount_image$tmpfs(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000001e40)=@v1={0x0, @aes128, 0x0, @desc1}) open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) [ 2549.838757][T26793] loop4: detected capacity change from 0 to 253983 [ 2549.895110][T26793] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2549.903736][T26793] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2549.910770][T26794] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2549.943199][T26793] F2FS-fs (loop4): invalid crc_offset: 0 [ 2549.956377][T26793] F2FS-fs (loop4): invalid crc_offset: 0 [ 2549.962559][T26793] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2549.980510][T26794] bond186 (uninitialized): Released all slaves 21:16:22 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:22 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00), 0x0, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2550.055520][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 2550.065251][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 2550.078749][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload 21:16:22 executing program 2: fchmodat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x8) [ 2550.712320][T26797] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=2, oom_score_adj=1000 [ 2550.722932][T26797] CPU: 1 PID: 26797 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2550.734671][T26797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2550.744852][T26797] Call Trace: [ 2550.748213][T26797] [ 2550.751224][T26797] dump_stack_lvl+0x200/0x28c [ 2550.756107][T26797] dump_stack+0x29/0x2c [ 2550.760418][T26797] dump_header+0x1e5/0xae0 [ 2550.765042][T26797] oom_kill_process+0x3a7/0xba0 [ 2550.770101][T26797] out_of_memory+0x111c/0x1570 [ 2550.775048][T26797] ? slab_debugfs_show+0xa40/0xaa0 [ 2550.780373][T26797] mem_cgroup_out_of_memory+0x46b/0x590 [ 2550.786153][T26797] mem_cgroup_oom+0xa3d/0xd30 [ 2550.791022][T26797] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2550.796239][T26797] try_charge_memcg+0x18b0/0x2110 [ 2550.801532][T26797] ? __rcu_read_unlock+0x85/0xf0 [ 2550.806633][T26797] obj_cgroup_charge_pages+0x352/0x760 [ 2550.812333][T26797] obj_cgroup_charge+0x28d/0x430 [ 2550.817489][T26797] kmem_cache_alloc_node+0x2c6/0x12b0 [ 2550.823022][T26797] ? copy_process+0xa2/0x68e0 [ 2550.827852][T26797] ? dup_task_struct+0x127/0xaf0 [ 2550.832999][T26797] dup_task_struct+0x127/0xaf0 [ 2550.838038][T26797] ? kmsan_get_metadata+0x33/0x220 [ 2550.843340][T26797] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2550.849349][T26797] copy_process+0xb32/0x68e0 [ 2550.854104][T26797] ? kernel_clone+0x84/0x1110 [ 2550.859016][T26797] kernel_clone+0x4c4/0x1110 [ 2550.863764][T26797] ? __stack_depot_save+0x21/0x4b0 [ 2550.869117][T26797] ? kmsan_get_metadata+0x33/0x220 [ 2550.874423][T26797] ? kmsan_get_shadow_origin_ptr+0xe0/0xf0 [ 2550.880460][T26797] __ia32_compat_sys_ia32_clone+0x29a/0x410 [ 2550.886603][T26797] do_int80_syscall_32+0x4d/0xa0 [ 2550.891721][T26797] ? asm_exc_page_fault+0x8/0x30 [ 2550.896823][T26797] entry_INT80_compat+0x71/0x76 [ 2550.901849][T26797] RIP: 0023:0xf6e5a3a4 [ 2550.906070][T26797] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00 [ 2550.925838][T26797] RSP: 002b:00000000ffacc000 EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 2550.934424][T26797] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f917a4 [ 2550.942524][T26797] RDX: 00000000f7f91ba8 RSI: 00000000ffacc04c RDI: 00000000f7f91ba8 [ 2550.950614][T26797] RBP: 00000000f6f36000 R08: 0000000000000000 R09: 0000000000000000 [ 2550.958698][T26797] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 2550.966789][T26797] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2550.974907][T26797] [ 2550.984571][T26797] memory: usage 307196kB, limit 307200kB, failcnt 14519 [ 2550.991644][T26797] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2550.999989][T26797] Memory cgroup stats for /syz1: [ 2551.001330][T26797] anon 122880 [ 2551.001330][T26797] file 313262080 [ 2551.001330][T26797] kernel 1183744 [ 2551.001330][T26797] kernel_stack 32768 [ 2551.001330][T26797] pagetables 69632 [ 2551.001330][T26797] percpu 0 [ 2551.001330][T26797] sock 0 [ 2551.001330][T26797] vmalloc 0 [ 2551.001330][T26797] shmem 313262080 [ 2551.001330][T26797] file_mapped 40960 [ 2551.001330][T26797] file_dirty 0 [ 2551.001330][T26797] file_writeback 0 [ 2551.001330][T26797] swapcached 0 [ 2551.001330][T26797] anon_thp 0 [ 2551.001330][T26797] file_thp 0 [ 2551.001330][T26797] shmem_thp 0 [ 2551.001330][T26797] inactive_anon 311898112 [ 2551.001330][T26797] active_anon 1486848 [ 2551.001330][T26797] inactive_file 0 [ 2551.001330][T26797] active_file 0 [ 2551.001330][T26797] unevictable 0 [ 2551.001330][T26797] slab_reclaimable 785936 [ 2551.001330][T26797] slab_unreclaimable 272480 [ 2551.001330][T26797] slab 1058416 [ 2551.001330][T26797] workingset_refault_anon 0 [ 2551.001330][T26797] workingset_refault_file 0 [ 2551.097741][T26797] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26797,uid=0 [ 2551.113838][T26797] Memory cgroup out of memory: Killed process 26797 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 [ 2551.267804][T26807] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:23 executing program 1: open$dir(&(0x7f0000000dc0)='.\x00', 0x280001, 0x0) [ 2551.307966][T26807] bond186 (uninitialized): Released all slaves 21:16:23 executing program 5: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f00000000c0)=""/219, 0xdb) 21:16:23 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:23 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) futimesat(r0, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x77359400}}) [ 2551.564776][T26812] loop4: detected capacity change from 0 to 253983 [ 2551.596638][ T3498] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 2551.634388][T26812] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2551.642527][T26812] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:16:23 executing program 2: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2000, 0x40, &(0x7f00000000c0)) [ 2551.708315][T26812] F2FS-fs (loop4): invalid crc_offset: 0 [ 2551.719123][T26812] F2FS-fs (loop4): invalid crc_offset: 0 [ 2551.725533][T26812] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:24 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600"/83, 0x53, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:24 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:24 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000021c0)='io\x00') write$FUSE_STATFS(r0, 0x0, 0x0) 21:16:24 executing program 5: open$dir(&(0x7f0000000100)='./file0\x00', 0x101043, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x1) 21:16:24 executing program 2: open$dir(&(0x7f0000000100)='./file0\x00', 0x101043, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1, 0x20ff02028b167fcd) [ 2552.624940][T26817] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2552.635853][T26817] CPU: 1 PID: 26817 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2552.647525][T26817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2552.657702][T26817] Call Trace: [ 2552.661066][T26817] [ 2552.664053][T26817] dump_stack_lvl+0x200/0x28c [ 2552.668936][T26817] dump_stack+0x29/0x2c [ 2552.673267][T26817] dump_header+0x1e5/0xae0 [ 2552.677863][T26817] oom_kill_process+0x3a7/0xba0 [ 2552.682931][T26817] out_of_memory+0x111c/0x1570 [ 2552.687810][T26817] ? slab_debugfs_show+0xa40/0xaa0 [ 2552.693066][T26817] mem_cgroup_out_of_memory+0x46b/0x590 [ 2552.698863][T26817] mem_cgroup_oom+0xa3d/0xd30 [ 2552.703736][T26817] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2552.708967][T26817] try_charge_memcg+0x18b0/0x2110 [ 2552.714209][T26817] ? kmsan_get_metadata+0x33/0x220 [ 2552.719575][T26817] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2552.725524][T26817] charge_memcg+0x1a9/0x6b0 [ 2552.730228][T26817] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2552.735919][T26817] __mem_cgroup_charge+0xb9/0x2e0 [ 2552.741180][T26817] wp_page_copy+0x719/0x4310 [ 2552.745971][T26817] ? kmsan_get_metadata+0x33/0x220 [ 2552.751291][T26817] ? update_misfit_status+0x30/0xcd0 [ 2552.756782][T26817] ? kmsan_get_metadata+0x33/0x220 [ 2552.762118][T26817] ? preempt_count_sub+0xfc/0x340 [ 2552.767335][T26817] do_wp_page+0xc81/0x29c0 [ 2552.771965][T26817] handle_mm_fault+0x43e1/0x47a0 [ 2552.777081][T26817] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2552.783249][T26817] do_user_addr_fault+0x11f5/0x1e50 [ 2552.788752][T26817] exc_page_fault+0x60/0x140 [ 2552.793541][T26817] ? asm_exc_page_fault+0x8/0x30 [ 2552.798661][T26817] asm_exc_page_fault+0x1e/0x30 [ 2552.803678][T26817] RIP: 0023:0xf6e1f418 [ 2552.807876][T26817] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2552.827670][T26817] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2552.833914][T26817] RAX: 00000000f6f50000 RBX: 00000000d024d892 RCX: 0000000000001892 [ 2552.842029][T26817] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826ce43b [ 2552.850132][T26817] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2552.858231][T26817] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2552.866322][T26817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2552.874461][T26817] [ 2552.882470][T26817] memory: usage 307200kB, limit 307200kB, failcnt 14584 [ 2552.889540][T26817] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2552.897666][T26817] Memory cgroup stats for /syz1: [ 2552.899103][T26817] anon 126976 [ 2552.899103][T26817] file 313262080 [ 2552.899103][T26817] kernel 1183744 [ 2552.899103][T26817] kernel_stack 32768 [ 2552.899103][T26817] pagetables 69632 [ 2552.899103][T26817] percpu 0 [ 2552.899103][T26817] sock 0 [ 2552.899103][T26817] vmalloc 0 [ 2552.899103][T26817] shmem 313262080 [ 2552.899103][T26817] file_mapped 40960 [ 2552.899103][T26817] file_dirty 0 [ 2552.899103][T26817] file_writeback 0 [ 2552.899103][T26817] swapcached 0 [ 2552.899103][T26817] anon_thp 0 [ 2552.899103][T26817] file_thp 0 [ 2552.899103][T26817] shmem_thp 0 [ 2552.899103][T26817] inactive_anon 311894016 [ 2552.899103][T26817] active_anon 1486848 [ 2552.899103][T26817] inactive_file 0 [ 2552.899103][T26817] active_file 0 [ 2552.899103][T26817] unevictable 0 [ 2552.899103][T26817] slab_reclaimable 786584 [ 2552.899103][T26817] slab_unreclaimable 272160 [ 2552.899103][T26817] slab 1058744 [ 2552.899103][T26817] workingset_refault_anon 0 [ 2552.899103][T26817] workingset_refault_file 0 [ 2552.995400][T26817] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26817,uid=0 [ 2553.011581][T26817] Memory cgroup out of memory: Killed process 26817 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:25 executing program 1: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r0) [ 2553.170529][T26826] loop4: detected capacity change from 0 to 253983 [ 2553.247081][T26826] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2553.255347][T26826] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2553.314004][T26826] F2FS-fs (loop4): invalid crc_offset: 0 [ 2553.338514][T26826] F2FS-fs (loop4): invalid crc_offset: 0 [ 2553.344681][T26826] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:25 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:25 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) statx(r0, &(0x7f0000000040)='./file0\x00', 0x1000, 0x40, &(0x7f0000000940)) 21:16:25 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600"/83, 0x53, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:25 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) recvfrom(r0, &(0x7f0000000040)=""/40, 0x28, 0x0, 0x0, 0x0) 21:16:26 executing program 2: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) mknodat$null(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x103) linkat(r0, &(0x7f00000006c0)='./file0\x00', r0, &(0x7f0000000700)='./file0\x00', 0x0) 21:16:26 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:26 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100, 0x80, &(0x7f00000000c0)) [ 2554.519966][T26835] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 2554.532863][T26835] CPU: 1 PID: 26835 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2554.544613][T26835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2554.554815][T26835] Call Trace: [ 2554.558189][T26835] [ 2554.561221][T26835] dump_stack_lvl+0x200/0x28c [ 2554.566236][T26835] dump_stack+0x29/0x2c [ 2554.570506][T26835] dump_header+0x1e5/0xae0 [ 2554.575083][T26835] oom_kill_process+0x3a7/0xba0 [ 2554.580162][T26835] out_of_memory+0x111c/0x1570 [ 2554.585064][T26835] ? slab_debugfs_show+0xa40/0xaa0 [ 2554.590362][T26835] mem_cgroup_out_of_memory+0x46b/0x590 [ 2554.596173][T26835] mem_cgroup_oom+0xa3d/0xd30 [ 2554.601066][T26835] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2554.606302][T26835] try_charge_memcg+0x18b0/0x2110 [ 2554.611622][T26835] ? __rcu_read_unlock+0x85/0xf0 [ 2554.616729][T26835] obj_cgroup_charge_pages+0x352/0x760 [ 2554.622333][T26835] __memcg_kmem_charge_page+0x5b2/0x910 [ 2554.628049][T26835] __alloc_pages+0x82e/0x1040 [ 2554.632974][T26835] dup_task_struct+0x310/0xaf0 [ 2554.637859][T26835] ? kmsan_get_metadata+0x33/0x220 [ 2554.643202][T26835] copy_process+0xb32/0x68e0 [ 2554.647967][T26835] ? kmsan_get_metadata+0x33/0x220 [ 2554.653294][T26835] ? kernel_clone+0x84/0x1110 [ 2554.658223][T26835] kernel_clone+0x4c4/0x1110 [ 2554.662986][T26835] ? __stack_depot_save+0x21/0x4b0 [ 2554.668289][T26835] ? kmsan_get_metadata+0x33/0x220 [ 2554.673618][T26835] ? kmsan_get_shadow_origin_ptr+0xe0/0xf0 [ 2554.679652][T26835] __ia32_compat_sys_ia32_clone+0x29a/0x410 [ 2554.685730][T26835] do_int80_syscall_32+0x4d/0xa0 [ 2554.690858][T26835] ? asm_exc_page_fault+0x8/0x30 [ 2554.695977][T26835] entry_INT80_compat+0x71/0x76 [ 2554.701015][T26835] RIP: 0023:0xf6e5a3a4 [ 2554.705215][T26835] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00 [ 2554.725016][T26835] RSP: 002b:00000000ffacc000 EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 2554.733566][T26835] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f917a4 [ 2554.741692][T26835] RDX: 00000000f7f91ba8 RSI: 00000000ffacc04c RDI: 00000000f7f91ba8 [ 2554.749822][T26835] RBP: 00000000f6f36000 R08: 0000000000000000 R09: 0000000000000000 [ 2554.757933][T26835] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 2554.766040][T26835] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2554.774187][T26835] [ 2554.779418][T26835] memory: usage 307200kB, limit 307200kB, failcnt 14641 [ 2554.793844][T26835] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2554.800885][T26835] Memory cgroup stats for /syz1: [ 2554.802558][T26835] anon 122880 [ 2554.802558][T26835] file 313262080 [ 2554.802558][T26835] kernel 1187840 [ 2554.802558][T26835] kernel_stack 32768 [ 2554.802558][T26835] pagetables 69632 [ 2554.802558][T26835] percpu 0 [ 2554.802558][T26835] sock 0 [ 2554.802558][T26835] vmalloc 0 [ 2554.802558][T26835] shmem 313262080 [ 2554.802558][T26835] file_mapped 40960 [ 2554.802558][T26835] file_dirty 0 [ 2554.802558][T26835] file_writeback 0 [ 2554.802558][T26835] swapcached 0 [ 2554.802558][T26835] anon_thp 0 [ 2554.802558][T26835] file_thp 0 [ 2554.802558][T26835] shmem_thp 0 [ 2554.802558][T26835] inactive_anon 311898112 [ 2554.802558][T26835] active_anon 1486848 [ 2554.802558][T26835] inactive_file 0 [ 2554.802558][T26835] active_file 0 [ 2554.802558][T26835] unevictable 0 [ 2554.802558][T26835] slab_reclaimable 787792 [ 2554.802558][T26835] slab_unreclaimable 280872 [ 2554.802558][T26835] slab 1068664 [ 2554.802558][T26835] workingset_refault_anon 0 [ 2554.802558][T26835] workingset_refault_file 0 [ 2554.898719][T26835] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26835,uid=0 [ 2554.914904][T26835] Memory cgroup out of memory: Killed process 26835 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:27 executing program 1: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0) [ 2554.991619][T26844] loop4: detected capacity change from 0 to 253983 21:16:27 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg$sock(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x40) [ 2555.081700][T26844] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2555.090483][T26844] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:16:27 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600"/83, 0x53, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2555.138054][T26844] F2FS-fs (loop4): invalid crc_offset: 0 [ 2555.151130][T26844] F2FS-fs (loop4): invalid crc_offset: 0 [ 2555.158090][T26844] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:27 executing program 2: open$dir(&(0x7f0000000dc0)='.\x00', 0x0, 0x10) 21:16:27 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:28 executing program 3: mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) 21:16:28 executing program 5: open$dir(&(0x7f0000000100)='./file0\x00', 0x101143, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82, 0x0) [ 2556.069596][T26858] loop4: detected capacity change from 0 to 253983 [ 2556.125386][T26858] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2556.133900][T26858] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2556.164135][T26858] F2FS-fs (loop4): invalid crc_offset: 0 [ 2556.172474][T26858] F2FS-fs (loop4): invalid crc_offset: 0 [ 2556.178708][T26858] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:28 executing program 2: syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) r1 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) unlinkat(r1, &(0x7f0000000140)='./file0\x00', 0x0) 21:16:28 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff050000000000000000", 0x7d, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:28 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2556.619011][T26852] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 2556.632186][T26852] CPU: 0 PID: 26852 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2556.643932][T26852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2556.654126][T26852] Call Trace: [ 2556.657510][T26852] [ 2556.660538][T26852] dump_stack_lvl+0x200/0x28c [ 2556.665547][T26852] dump_stack+0x29/0x2c [ 2556.669898][T26852] dump_header+0x1e5/0xae0 [ 2556.674555][T26852] oom_kill_process+0x3a7/0xba0 [ 2556.679672][T26852] out_of_memory+0x111c/0x1570 [ 2556.684655][T26852] ? slab_debugfs_show+0xa40/0xaa0 [ 2556.690005][T26852] mem_cgroup_out_of_memory+0x46b/0x590 [ 2556.695816][T26852] mem_cgroup_oom+0xa3d/0xd30 [ 2556.700717][T26852] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2556.705952][T26852] try_charge_memcg+0x18b0/0x2110 [ 2556.711271][T26852] ? __rcu_read_unlock+0x85/0xf0 [ 2556.716394][T26852] obj_cgroup_charge_pages+0x352/0x760 [ 2556.722102][T26852] __memcg_kmem_charge_page+0x5b2/0x910 [ 2556.727903][T26852] __alloc_pages+0x82e/0x1040 [ 2556.732849][T26852] dup_task_struct+0x310/0xaf0 [ 2556.737805][T26852] ? kmsan_get_metadata+0x33/0x220 [ 2556.743144][T26852] copy_process+0xb32/0x68e0 [ 2556.747918][T26852] ? kernel_clone+0x84/0x1110 [ 2556.752851][T26852] kernel_clone+0x4c4/0x1110 [ 2556.757624][T26852] ? __stack_depot_save+0x21/0x4b0 [ 2556.762951][T26852] ? kmsan_get_metadata+0x33/0x220 [ 2556.768267][T26852] ? kmsan_get_shadow_origin_ptr+0xe0/0xf0 [ 2556.774316][T26852] __ia32_compat_sys_ia32_clone+0x29a/0x410 [ 2556.780480][T26852] do_int80_syscall_32+0x4d/0xa0 [ 2556.785621][T26852] ? asm_exc_page_fault+0x8/0x30 [ 2556.790750][T26852] entry_INT80_compat+0x71/0x76 [ 2556.795779][T26852] RIP: 0023:0xf6e5a3a4 [ 2556.799977][T26852] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00 [ 2556.819765][T26852] RSP: 002b:00000000ffacc000 EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 2556.828362][T26852] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f917a4 [ 2556.836488][T26852] RDX: 00000000f7f91ba8 RSI: 00000000ffacc04c RDI: 00000000f7f91ba8 [ 2556.844610][T26852] RBP: 00000000f6f36000 R08: 0000000000000000 R09: 0000000000000000 [ 2556.852722][T26852] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 2556.860829][T26852] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2556.868962][T26852] [ 2556.872229][T26852] memory: usage 307200kB, limit 307200kB, failcnt 14701 [ 2556.879283][T26852] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2556.886348][T26852] Memory cgroup stats for /syz1: [ 2556.887776][T26852] anon 122880 [ 2556.887776][T26852] file 313262080 [ 2556.887776][T26852] kernel 1187840 [ 2556.887776][T26852] kernel_stack 32768 [ 2556.887776][T26852] pagetables 69632 [ 2556.887776][T26852] percpu 0 [ 2556.887776][T26852] sock 0 [ 2556.887776][T26852] vmalloc 0 [ 2556.887776][T26852] shmem 313262080 [ 2556.887776][T26852] file_mapped 40960 [ 2556.887776][T26852] file_dirty 0 [ 2556.887776][T26852] file_writeback 0 [ 2556.887776][T26852] swapcached 0 [ 2556.887776][T26852] anon_thp 0 [ 2556.887776][T26852] file_thp 0 [ 2556.887776][T26852] shmem_thp 0 [ 2556.887776][T26852] inactive_anon 311898112 [ 2556.887776][T26852] active_anon 1486848 [ 2556.887776][T26852] inactive_file 0 [ 2556.887776][T26852] active_file 0 [ 2556.887776][T26852] unevictable 0 [ 2556.887776][T26852] slab_reclaimable 787792 [ 2556.887776][T26852] slab_unreclaimable 280872 [ 2556.887776][T26852] slab 1068664 [ 2556.887776][T26852] workingset_refault_anon 0 [ 2556.887776][T26852] workingset_refault_file 0 [ 2556.984081][T26852] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26852,uid=0 [ 2557.000160][T26852] Memory cgroup out of memory: Killed process 26852 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:29 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='stat\x00') write$FUSE_ATTR(r0, 0x0, 0x0) 21:16:29 executing program 5: open$dir(&(0x7f0000000100)='./file0\x00', 0x101143, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82, 0x0) [ 2557.125018][ T24] audit: type=1804 audit(1655241389.360:35429): pid=26866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir123737106/syzkaller.5C307s/1770/file0" dev="sda1" ino=1168 res=1 errno=0 21:16:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000180), 0x4) [ 2557.418983][T26873] loop4: detected capacity change from 0 to 253983 21:16:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8932, &(0x7f0000000000)={'vlan0\x00', @ifru_names='vlan0\x00'}) [ 2557.510286][T26873] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2557.518549][T26873] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:16:29 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2557.552454][T26873] F2FS-fs (loop4): invalid crc_offset: 0 [ 2557.585272][T26873] F2FS-fs (loop4): invalid crc_offset: 0 [ 2557.591289][T26873] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:29 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff050000000000000000", 0x7d, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:30 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000080), 0x4) 21:16:30 executing program 5: open$dir(&(0x7f0000000100)='./file0\x00', 0x101143, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82, 0x0) 21:16:30 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:30 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet(0x2, 0xa, 0x0) sendmmsg$unix(r0, &(0x7f00000003c0)=[{{&(0x7f0000000100)=@abs, 0x6e, 0x0, 0x0, &(0x7f0000000580)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}}], 0x12, 0x0) [ 2558.425906][T26877] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2558.436609][T26877] CPU: 1 PID: 26877 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2558.448353][T26877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2558.458542][T26877] Call Trace: [ 2558.461919][T26877] [ 2558.464937][T26877] dump_stack_lvl+0x200/0x28c [ 2558.469816][T26877] dump_stack+0x29/0x2c [ 2558.474159][T26877] dump_header+0x1e5/0xae0 [ 2558.478750][T26877] oom_kill_process+0x3a7/0xba0 [ 2558.483782][T26877] out_of_memory+0x111c/0x1570 [ 2558.488715][T26877] ? slab_debugfs_show+0xa40/0xaa0 [ 2558.494062][T26877] mem_cgroup_out_of_memory+0x46b/0x590 [ 2558.499874][T26877] mem_cgroup_oom+0xa3d/0xd30 [ 2558.504770][T26877] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2558.509997][T26877] try_charge_memcg+0x18b0/0x2110 [ 2558.515172][T26877] ? kmsan_get_metadata+0x33/0x220 [ 2558.520474][T26877] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2558.526431][T26877] charge_memcg+0x1a9/0x6b0 [ 2558.531069][T26877] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2558.536865][T26877] __mem_cgroup_charge+0xb9/0x2e0 [ 2558.542052][T26877] wp_page_copy+0x719/0x4310 [ 2558.546857][T26877] ? kmsan_get_metadata+0x33/0x220 [ 2558.552233][T26877] ? kmsan_get_metadata+0x33/0x220 [ 2558.557583][T26877] ? preempt_count_sub+0xfc/0x340 [ 2558.562816][T26877] do_wp_page+0xc81/0x29c0 [ 2558.567451][T26877] handle_mm_fault+0x43e1/0x47a0 [ 2558.572501][T26877] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2558.578618][T26877] do_user_addr_fault+0x11f5/0x1e50 [ 2558.583982][T26877] exc_page_fault+0x60/0x140 [ 2558.588704][T26877] ? asm_exc_page_fault+0x8/0x30 [ 2558.593832][T26877] asm_exc_page_fault+0x1e/0x30 [ 2558.598867][T26877] RIP: 0023:0xf6e1f418 [ 2558.603092][T26877] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2558.622881][T26877] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2558.629051][T26877] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2558.637116][T26877] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2558.645196][T26877] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2558.653313][T26877] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2558.661420][T26877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2558.669558][T26877] [ 2558.675191][T26877] memory: usage 307200kB, limit 307200kB, failcnt 14752 [ 2558.683046][T26877] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2558.690033][T26877] Memory cgroup stats for /syz1: [ 2558.691500][T26877] anon 131072 [ 2558.691500][T26877] file 313262080 [ 2558.691500][T26877] kernel 1179648 [ 2558.691500][T26877] kernel_stack 32768 [ 2558.691500][T26877] pagetables 65536 [ 2558.691500][T26877] percpu 0 [ 2558.691500][T26877] sock 0 [ 2558.691500][T26877] vmalloc 0 [ 2558.691500][T26877] shmem 313262080 [ 2558.691500][T26877] file_mapped 40960 [ 2558.691500][T26877] file_dirty 0 [ 2558.691500][T26877] file_writeback 0 [ 2558.691500][T26877] swapcached 0 [ 2558.691500][T26877] anon_thp 0 [ 2558.691500][T26877] file_thp 0 [ 2558.691500][T26877] shmem_thp 0 [ 2558.691500][T26877] inactive_anon 311906304 [ 2558.691500][T26877] active_anon 1486848 [ 2558.691500][T26877] inactive_file 0 [ 2558.691500][T26877] active_file 0 [ 2558.691500][T26877] unevictable 0 [ 2558.691500][T26877] slab_reclaimable 787624 [ 2558.691500][T26877] slab_unreclaimable 274432 [ 2558.691500][T26877] slab 1062056 [ 2558.691500][T26877] workingset_refault_anon 0 [ 2558.691500][T26877] workingset_refault_file 0 [ 2558.787798][T26877] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26877,uid=0 [ 2558.803864][T26877] Memory cgroup out of memory: Killed process 26877 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2558.862694][T26886] loop4: detected capacity change from 0 to 253983 [ 2558.927172][T26886] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2558.935368][T26886] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2558.965977][T26886] F2FS-fs (loop4): invalid crc_offset: 0 [ 2558.982670][T26886] F2FS-fs (loop4): invalid crc_offset: 0 [ 2558.988505][T26886] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:31 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x12, 0x0, &(0x7f00000002c0)) 21:16:31 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff050000000000000000", 0x7d, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:31 executing program 3: syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @random="2af994fd4fe2", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @multicast2}, {0x0, 0x0, 0x8}}}}}, 0x0) 21:16:31 executing program 5: open$dir(&(0x7f0000000100)='./file0\x00', 0x101143, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82, 0x0) [ 2559.364072][ T24] audit: type=1804 audit(1655241391.610:35430): pid=26889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir123737106/syzkaller.5C307s/1772/file0" dev="sda1" ino=1168 res=1 errno=0 21:16:31 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:31 executing program 2: syz_emit_ethernet(0x92, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @gre={{0x10, 0x4, 0x0, 0x0, 0x84, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast, {[@rr={0x7, 0xf, 0x0, [@remote, @loopback, @local]}, @timestamp_prespec={0x44, 0x1c, 0x0, 0x3, 0x0, [{@remote}, {@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}}}}}}, 0x0) [ 2560.021620][T26900] loop4: detected capacity change from 0 to 253983 21:16:32 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x6, 0x6c9, 0x0, 0x0) [ 2560.172191][T26900] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2560.180129][T26900] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2560.358946][T26896] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2560.369832][T26896] CPU: 1 PID: 26896 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2560.381575][T26896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2560.391774][T26896] Call Trace: [ 2560.395146][T26896] [ 2560.398171][T26896] dump_stack_lvl+0x200/0x28c [ 2560.403059][T26896] dump_stack+0x29/0x2c [ 2560.407401][T26896] dump_header+0x1e5/0xae0 [ 2560.412058][T26896] oom_kill_process+0x3a7/0xba0 [ 2560.414026][T26900] F2FS-fs (loop4): invalid crc_offset: 0 [ 2560.417140][T26896] out_of_memory+0x111c/0x1570 [ 2560.417324][T26896] ? slab_debugfs_show+0xa40/0xaa0 [ 2560.433030][T26896] mem_cgroup_out_of_memory+0x46b/0x590 [ 2560.438843][T26896] mem_cgroup_oom+0xa3d/0xd30 [ 2560.443754][T26896] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2560.449029][T26896] try_charge_memcg+0x18b0/0x2110 [ 2560.454282][T26896] ? kmsan_get_metadata+0x33/0x220 [ 2560.459672][T26896] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2560.465732][T26896] charge_memcg+0x1a9/0x6b0 [ 2560.467784][T26900] F2FS-fs (loop4): invalid crc_offset: 0 [ 2560.470447][T26896] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2560.470641][T26896] __mem_cgroup_charge+0xb9/0x2e0 [ 2560.470833][T26896] wp_page_copy+0x719/0x4310 [ 2560.477079][T26900] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2560.482086][T26896] ? kmsan_get_metadata+0x33/0x220 [ 2560.482270][T26896] ? kmsan_get_metadata+0x33/0x220 [ 2560.509075][T26896] ? preempt_count_sub+0xfc/0x340 [ 2560.514313][T26896] do_wp_page+0xc81/0x29c0 [ 2560.518950][T26896] handle_mm_fault+0x43e1/0x47a0 [ 2560.524084][T26896] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2560.530263][T26896] do_user_addr_fault+0x11f5/0x1e50 [ 2560.535701][T26896] exc_page_fault+0x60/0x140 [ 2560.540510][T26896] ? asm_exc_page_fault+0x8/0x30 [ 2560.545644][T26896] asm_exc_page_fault+0x1e/0x30 [ 2560.550680][T26896] RIP: 0023:0xf6e1f418 [ 2560.554890][T26896] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2560.574685][T26896] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2560.580922][T26896] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2560.589036][T26896] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2560.597155][T26896] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2560.605271][T26896] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2560.613554][T26896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2560.621804][T26896] [ 2560.627534][T26896] memory: usage 307200kB, limit 307200kB, failcnt 14831 [ 2560.635328][T26896] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2560.642469][T26896] Memory cgroup stats for /syz1: [ 2560.643800][T26896] anon 131072 [ 2560.643800][T26896] file 313262080 [ 2560.643800][T26896] kernel 1179648 [ 2560.643800][T26896] kernel_stack 32768 [ 2560.643800][T26896] pagetables 65536 [ 2560.643800][T26896] percpu 0 [ 2560.643800][T26896] sock 0 [ 2560.643800][T26896] vmalloc 0 [ 2560.643800][T26896] shmem 313262080 [ 2560.643800][T26896] file_mapped 40960 [ 2560.643800][T26896] file_dirty 0 [ 2560.643800][T26896] file_writeback 0 [ 2560.643800][T26896] swapcached 0 [ 2560.643800][T26896] anon_thp 0 [ 2560.643800][T26896] file_thp 0 [ 2560.643800][T26896] shmem_thp 0 [ 2560.643800][T26896] inactive_anon 311906304 [ 2560.643800][T26896] active_anon 1486848 [ 2560.643800][T26896] inactive_file 0 [ 2560.643800][T26896] active_file 0 [ 2560.643800][T26896] unevictable 0 [ 2560.643800][T26896] slab_reclaimable 787624 [ 2560.643800][T26896] slab_unreclaimable 273344 [ 2560.643800][T26896] slab 1060968 [ 2560.643800][T26896] workingset_refault_anon 0 [ 2560.643800][T26896] workingset_refault_file 0 [ 2560.740187][T26896] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26896,uid=0 [ 2560.756290][T26896] Memory cgroup out of memory: Killed process 26896 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2560.795697][ T24] audit: type=1804 audit(1655241393.040:35431): pid=26905 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir123737106/syzkaller.5C307s/1773/file0" dev="sda1" ino=1180 res=1 errno=0 21:16:33 executing program 1: r0 = socket(0xa, 0x3, 0x101) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, 0x0, 0x0) 21:16:33 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c501000006000000010000000700", 0x92, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:33 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x80108906, 0x0) 21:16:33 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:33 executing program 5: r0 = socket(0x11, 0x3, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1000}, 0x4) 21:16:33 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @local}}) 21:16:34 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x42, 0x0, &(0x7f00000002c0)) [ 2561.796117][T26919] loop4: detected capacity change from 0 to 253983 [ 2561.895248][T26919] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2561.903417][T26919] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:16:34 executing program 2: r0 = socket(0x11, 0x3, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0x11, 0x0, 0x0) 21:16:34 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2562.012963][T26919] F2FS-fs (loop4): invalid crc_offset: 0 [ 2562.057576][T26919] F2FS-fs (loop4): invalid crc_offset: 0 [ 2562.063994][T26919] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:34 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c501000006000000010000000700", 0x92, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2562.171568][T26911] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2562.182726][T26911] CPU: 0 PID: 26911 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2562.194469][T26911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2562.204659][T26911] Call Trace: [ 2562.208029][T26911] [ 2562.211049][T26911] dump_stack_lvl+0x200/0x28c [ 2562.215945][T26911] dump_stack+0x29/0x2c [ 2562.220296][T26911] dump_header+0x1e5/0xae0 [ 2562.224945][T26911] oom_kill_process+0x3a7/0xba0 [ 2562.230017][T26911] out_of_memory+0x111c/0x1570 [ 2562.234977][T26911] ? slab_debugfs_show+0xa40/0xaa0 [ 2562.240296][T26911] mem_cgroup_out_of_memory+0x46b/0x590 [ 2562.246101][T26911] mem_cgroup_oom+0xa3d/0xd30 [ 2562.250995][T26911] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2562.256234][T26911] try_charge_memcg+0x18b0/0x2110 [ 2562.261486][T26911] ? kmsan_get_metadata+0x33/0x220 [ 2562.266872][T26911] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2562.272906][T26911] charge_memcg+0x1a9/0x6b0 [ 2562.277614][T26911] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2562.283387][T26911] __mem_cgroup_charge+0xb9/0x2e0 [ 2562.288638][T26911] wp_page_copy+0x719/0x4310 [ 2562.293432][T26911] ? kmsan_get_metadata+0x33/0x220 [ 2562.298772][T26911] ? kmsan_get_metadata+0x33/0x220 [ 2562.304110][T26911] ? preempt_count_sub+0xfc/0x340 [ 2562.309331][T26911] do_wp_page+0xc81/0x29c0 [ 2562.313946][T26911] handle_mm_fault+0x43e1/0x47a0 [ 2562.319048][T26911] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2562.325204][T26911] do_user_addr_fault+0x11f5/0x1e50 [ 2562.330620][T26911] exc_page_fault+0x60/0x140 [ 2562.335398][T26911] ? asm_exc_page_fault+0x8/0x30 [ 2562.340489][T26911] asm_exc_page_fault+0x1e/0x30 [ 2562.345521][T26911] RIP: 0023:0xf6e1f418 [ 2562.349708][T26911] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2562.369476][T26911] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2562.375816][T26911] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2562.383927][T26911] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2562.392033][T26911] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2562.400135][T26911] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2562.408225][T26911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2562.416353][T26911] [ 2562.419634][T26911] memory: usage 307200kB, limit 307200kB, failcnt 14873 [ 2562.426801][T26911] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2562.433910][T26911] Memory cgroup stats for /syz1: [ 2562.435529][T26911] anon 135168 [ 2562.435529][T26911] file 313262080 [ 2562.435529][T26911] kernel 1175552 [ 2562.435529][T26911] kernel_stack 32768 [ 2562.435529][T26911] pagetables 65536 [ 2562.435529][T26911] percpu 0 [ 2562.435529][T26911] sock 0 [ 2562.435529][T26911] vmalloc 0 [ 2562.435529][T26911] shmem 313262080 [ 2562.435529][T26911] file_mapped 40960 [ 2562.435529][T26911] file_dirty 0 [ 2562.435529][T26911] file_writeback 0 [ 2562.435529][T26911] swapcached 0 [ 2562.435529][T26911] anon_thp 0 [ 2562.435529][T26911] file_thp 0 [ 2562.435529][T26911] shmem_thp 0 [ 2562.435529][T26911] inactive_anon 311910400 [ 2562.435529][T26911] active_anon 1486848 [ 2562.435529][T26911] inactive_file 0 [ 2562.435529][T26911] active_file 0 [ 2562.435529][T26911] unevictable 0 [ 2562.435529][T26911] slab_reclaimable 787624 [ 2562.435529][T26911] slab_unreclaimable 273216 [ 2562.435529][T26911] slab 1060840 21:16:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0xa, 0x0, &(0x7f0000000500)) [ 2562.435529][T26911] workingset_refault_anon 0 [ 2562.435529][T26911] workingset_refault_file 0 [ 2562.531990][T26911] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26911,uid=0 [ 2562.548149][T26911] Memory cgroup out of memory: Killed process 26911 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:34 executing program 1: r0 = epoll_create(0x9) r1 = socket$alg(0x26, 0x5, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)) 21:16:35 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0xa, &(0x7f0000000480)=""/93, &(0x7f0000000500)=0x5d) 21:16:35 executing program 5: syz_emit_ethernet(0x3e, &(0x7f0000001180)={@link_local, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "13c025", 0x8, 0x3c, 0x0, @private2, @mcast2, {[], "91858795b5ce8640"}}}}}, 0x0) 21:16:35 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2563.181710][T26931] loop4: detected capacity change from 0 to 253983 [ 2563.224337][T26931] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2563.232717][T26931] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2563.313211][T26931] F2FS-fs (loop4): invalid crc_offset: 0 [ 2563.341656][T26931] F2FS-fs (loop4): invalid crc_offset: 0 [ 2563.347819][T26931] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:35 executing program 3: syz_emit_ethernet(0x56, &(0x7f0000000140)={@random="472c92a909cc", @empty, @val={@void}, {@ipv4={0x800, @tipc={{0x6, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @private=0xa010101, {[@noop]}}, @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb}}}}}}}}}}, 0x0) 21:16:35 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c501000006000000010000000700", 0x92, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:36 executing program 5: r0 = socket(0x11, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x8911, &(0x7f0000000480)={'ip6gre0\x00', 0x0}) 21:16:36 executing program 2: r0 = socket(0x11, 0x3, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4) [ 2563.920574][T26933] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2563.931546][T26933] CPU: 1 PID: 26933 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2563.943299][T26933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2563.953487][T26933] Call Trace: [ 2563.956854][T26933] [ 2563.959864][T26933] dump_stack_lvl+0x200/0x28c [ 2563.964748][T26933] dump_stack+0x29/0x2c [ 2563.969073][T26933] dump_header+0x1e5/0xae0 [ 2563.973706][T26933] oom_kill_process+0x3a7/0xba0 [ 2563.978762][T26933] out_of_memory+0x111c/0x1570 [ 2563.983716][T26933] ? slab_debugfs_show+0xa40/0xaa0 [ 2563.989039][T26933] mem_cgroup_out_of_memory+0x46b/0x590 [ 2563.994820][T26933] mem_cgroup_oom+0xa3d/0xd30 [ 2563.999688][T26933] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2564.004899][T26933] try_charge_memcg+0x18b0/0x2110 [ 2564.010129][T26933] ? kmsan_get_metadata+0x33/0x220 [ 2564.015488][T26933] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2564.021499][T26933] charge_memcg+0x1a9/0x6b0 [ 2564.026195][T26933] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2564.031946][T26933] __mem_cgroup_charge+0xb9/0x2e0 [ 2564.037184][T26933] wp_page_copy+0x719/0x4310 [ 2564.041954][T26933] ? kmsan_get_metadata+0x33/0x220 [ 2564.047272][T26933] ? kmsan_get_metadata+0x33/0x220 [ 2564.052580][T26933] ? preempt_count_sub+0xfc/0x340 [ 2564.057779][T26933] do_wp_page+0xc81/0x29c0 [ 2564.062381][T26933] handle_mm_fault+0x43e1/0x47a0 [ 2564.067496][T26933] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2564.073651][T26933] do_user_addr_fault+0x11f5/0x1e50 [ 2564.079063][T26933] exc_page_fault+0x60/0x140 [ 2564.083840][T26933] ? asm_exc_page_fault+0x8/0x30 [ 2564.088938][T26933] asm_exc_page_fault+0x1e/0x30 [ 2564.093938][T26933] RIP: 0023:0xf6e1f418 [ 2564.098117][T26933] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2564.117888][T26933] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2564.124097][T26933] RAX: 00000000f6f50000 RBX: 0000000045487478 RCX: 0000000000001478 [ 2564.132226][T26933] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863aa2ce [ 2564.140335][T26933] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2564.148433][T26933] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2564.156528][T26933] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2564.164656][T26933] [ 2564.170314][T26933] memory: usage 307200kB, limit 307200kB, failcnt 14920 [ 2564.177685][T26933] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2564.184783][T26933] Memory cgroup stats for /syz1: [ 2564.186236][T26933] anon 135168 [ 2564.186236][T26933] file 313262080 [ 2564.186236][T26933] kernel 1175552 [ 2564.186236][T26933] kernel_stack 32768 [ 2564.186236][T26933] pagetables 65536 [ 2564.186236][T26933] percpu 0 [ 2564.186236][T26933] sock 0 [ 2564.186236][T26933] vmalloc 0 [ 2564.186236][T26933] shmem 313262080 [ 2564.186236][T26933] file_mapped 40960 [ 2564.186236][T26933] file_dirty 0 [ 2564.186236][T26933] file_writeback 0 [ 2564.186236][T26933] swapcached 0 [ 2564.186236][T26933] anon_thp 0 [ 2564.186236][T26933] file_thp 0 [ 2564.186236][T26933] shmem_thp 0 [ 2564.186236][T26933] inactive_anon 311910400 [ 2564.186236][T26933] active_anon 1486848 [ 2564.186236][T26933] inactive_file 0 [ 2564.186236][T26933] active_file 0 [ 2564.186236][T26933] unevictable 0 [ 2564.186236][T26933] slab_reclaimable 786784 [ 2564.186236][T26933] slab_unreclaimable 271992 [ 2564.186236][T26933] slab 1058776 [ 2564.186236][T26933] workingset_refault_anon 0 [ 2564.186236][T26933] workingset_refault_file 0 [ 2564.282616][T26933] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26933,uid=0 [ 2564.298832][T26933] Memory cgroup out of memory: Killed process 26933 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:36 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:36 executing program 1: r0 = socket(0x11, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x8901, &(0x7f0000000480)={'ip6gre0\x00', 0x0}) 21:16:36 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000002c0)) sendmsg$nl_netfilter(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={0x14, 0x0, 0x2, 0x301}, 0x14}}, 0x0) [ 2564.672448][T26944] loop4: detected capacity change from 0 to 253983 [ 2564.719934][T26944] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2564.728621][T26944] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2564.765139][T26944] F2FS-fs (loop4): invalid crc_offset: 0 [ 2564.835100][T26944] F2FS-fs (loop4): invalid crc_offset: 0 [ 2564.841171][T26944] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:37 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a000000", 0x9c, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:37 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x1600bd74, &(0x7f0000000140)={'icmp6\x00'}, &(0x7f00000002c0)=0x1e) 21:16:37 executing program 5: r0 = socket(0x11, 0x3, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xc, 0x0, 0x0) [ 2565.250058][T26952] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:37 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:37 executing program 3: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @broadcast, @loopback=0xe0000001}, {0x0, 0x0, 0x8}}}}}, 0x0) [ 2565.649619][T26948] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2565.660573][T26948] CPU: 1 PID: 26948 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2565.672313][T26948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2565.682466][T26948] Call Trace: [ 2565.685795][T26948] [ 2565.688774][T26948] dump_stack_lvl+0x200/0x28c [ 2565.693576][T26948] dump_stack+0x29/0x2c [ 2565.697837][T26948] dump_header+0x1e5/0xae0 [ 2565.702402][T26948] oom_kill_process+0x3a7/0xba0 [ 2565.707424][T26948] out_of_memory+0x111c/0x1570 [ 2565.712379][T26948] ? slab_debugfs_show+0xa40/0xaa0 [ 2565.717712][T26948] mem_cgroup_out_of_memory+0x46b/0x590 [ 2565.723492][T26948] mem_cgroup_oom+0xa3d/0xd30 [ 2565.728384][T26948] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2565.733615][T26948] try_charge_memcg+0x18b0/0x2110 [ 2565.738872][T26948] ? kmsan_get_metadata+0x33/0x220 [ 2565.744249][T26948] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2565.750242][T26948] charge_memcg+0x1a9/0x6b0 [ 2565.754904][T26948] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2565.760659][T26948] __mem_cgroup_charge+0xb9/0x2e0 [ 2565.765899][T26948] wp_page_copy+0x719/0x4310 [ 2565.770681][T26948] ? kmsan_get_metadata+0x33/0x220 [ 2565.775927][T26948] ? kmsan_get_metadata+0x33/0x220 [ 2565.781166][T26948] ? preempt_count_sub+0xfc/0x340 [ 2565.786326][T26948] do_wp_page+0xc81/0x29c0 [ 2565.790876][T26948] handle_mm_fault+0x43e1/0x47a0 [ 2565.795944][T26948] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2565.802185][T26948] do_user_addr_fault+0x11f5/0x1e50 [ 2565.807639][T26948] exc_page_fault+0x60/0x140 [ 2565.812389][T26948] ? asm_exc_page_fault+0x8/0x30 [ 2565.817511][T26948] asm_exc_page_fault+0x1e/0x30 [ 2565.822532][T26948] RIP: 0023:0xf6e1f418 [ 2565.826727][T26948] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2565.846447][T26948] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2565.852703][T26948] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2565.860788][T26948] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2565.868927][T26948] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2565.877030][T26948] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2565.885143][T26948] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2565.893280][T26948] [ 2565.898676][T26948] memory: usage 307200kB, limit 307200kB, failcnt 14979 [ 2565.906145][T26948] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2565.913263][T26948] Memory cgroup stats for /syz1: [ 2565.914722][T26948] anon 135168 [ 2565.914722][T26948] file 313262080 [ 2565.914722][T26948] kernel 1175552 [ 2565.914722][T26948] kernel_stack 32768 [ 2565.914722][T26948] pagetables 65536 [ 2565.914722][T26948] percpu 0 [ 2565.914722][T26948] sock 0 [ 2565.914722][T26948] vmalloc 0 [ 2565.914722][T26948] shmem 313262080 [ 2565.914722][T26948] file_mapped 40960 [ 2565.914722][T26948] file_dirty 0 [ 2565.914722][T26948] file_writeback 0 [ 2565.914722][T26948] swapcached 0 [ 2565.914722][T26948] anon_thp 0 [ 2565.914722][T26948] file_thp 0 [ 2565.914722][T26948] shmem_thp 0 [ 2565.914722][T26948] inactive_anon 311877632 [ 2565.914722][T26948] active_anon 1486848 [ 2565.914722][T26948] inactive_file 0 [ 2565.914722][T26948] active_file 0 [ 2565.914722][T26948] unevictable 0 [ 2565.914722][T26948] slab_reclaimable 787624 [ 2565.914722][T26948] slab_unreclaimable 271992 [ 2565.914722][T26948] slab 1059616 [ 2565.914722][T26948] workingset_refault_anon 0 [ 2565.914722][T26948] workingset_refault_file 0 [ 2566.010886][T26948] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26948,uid=0 [ 2566.026988][T26948] Memory cgroup out of memory: Killed process 26948 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:38 executing program 1: syz_emit_ethernet(0x56, &(0x7f0000001500)={@dev, @empty, @void, {@ipv4={0x800, @icmp={{0x10, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback, {[@timestamp_addr={0x44, 0x2c, 0x0, 0x1, 0x0, [{@private}, {@loopback}, {@multicast1}, {@empty}, {@multicast2}]}]}}, @info_reply}}}}, 0x0) [ 2566.114522][T26956] loop4: detected capacity change from 0 to 253983 [ 2566.204093][T26956] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2566.212233][T26956] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2566.237425][T26956] F2FS-fs (loop4): invalid crc_offset: 0 [ 2566.271347][T26956] F2FS-fs (loop4): invalid crc_offset: 0 [ 2566.277384][T26956] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:38 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a000000", 0x9c, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:38 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0x10, 0x0, 0x2, 0x201}, 0x14}}, 0x0) 21:16:38 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x6, 0x0, &(0x7f00000000c0)) [ 2566.630005][T26963] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:38 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0x5, &(0x7f0000000480)={@in, 0x0, 0x0, 0x0, 0x0, "bb96196fb8ee7651d3eaf966f1bc2c8303a86c97f1c8b3c6aeeef7c3c8e6a992df1a6dfdf7593723ba77b3f7bc43ec9d6d782771fffe4570951ebc9da855381556a29a36fbf6212ce036505077483f1a"}, 0xd8) [ 2567.427512][T26974] loop4: detected capacity change from 0 to 253983 21:16:39 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f0000000080)={0x0, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast2}}}, 0x108) 21:16:39 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0x6c9, &(0x7f0000000480)={@in, 0x0, 0x0, 0x0, 0x0, "bb96196fb8ee7651d3eaf966f1bc2c8303a86c97f1c8b3c6aeeef7c3c8e6a992df1a6dfdf7593723ba77b3f7bc43ec9d6d782771fffe4570951ebc9da855381556a29a36fbf6212ce036505077483f1a"}, 0xd8) [ 2567.573245][T26974] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2567.581157][T26974] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2567.605421][T26975] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2567.623398][T26974] F2FS-fs (loop4): invalid crc_offset: 0 [ 2567.630347][T26974] F2FS-fs (loop4): invalid crc_offset: 0 [ 2567.636542][T26974] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:40 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x8, 0x0, &(0x7f00000002c0)) 21:16:40 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a000000", 0x9c, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:40 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2567.809896][T26965] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2567.821454][T26965] CPU: 0 PID: 26965 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2567.833206][T26965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2567.843390][T26965] Call Trace: [ 2567.846761][T26965] [ 2567.849780][T26965] dump_stack_lvl+0x200/0x28c [ 2567.854666][T26965] dump_stack+0x29/0x2c [ 2567.859005][T26965] dump_header+0x1e5/0xae0 [ 2567.863654][T26965] oom_kill_process+0x3a7/0xba0 [ 2567.868744][T26965] out_of_memory+0x111c/0x1570 [ 2567.873715][T26965] ? slab_debugfs_show+0xa40/0xaa0 [ 2567.879043][T26965] mem_cgroup_out_of_memory+0x46b/0x590 [ 2567.884840][T26965] mem_cgroup_oom+0xa3d/0xd30 [ 2567.889721][T26965] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2567.894939][T26965] try_charge_memcg+0x18b0/0x2110 [ 2567.900181][T26965] ? kmsan_get_metadata+0x33/0x220 [ 2567.905551][T26965] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2567.911591][T26965] charge_memcg+0x1a9/0x6b0 [ 2567.916303][T26965] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2567.922067][T26965] __mem_cgroup_charge+0xb9/0x2e0 [ 2567.927325][T26965] wp_page_copy+0x719/0x4310 [ 2567.932122][T26965] ? kmsan_get_metadata+0x33/0x220 [ 2567.937461][T26965] ? kmsan_get_metadata+0x33/0x220 [ 2567.942804][T26965] ? preempt_count_sub+0xfc/0x340 [ 2567.948027][T26965] do_wp_page+0xc81/0x29c0 [ 2567.952660][T26965] handle_mm_fault+0x43e1/0x47a0 [ 2567.957796][T26965] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2567.963979][T26965] do_user_addr_fault+0x11f5/0x1e50 [ 2567.969419][T26965] exc_page_fault+0x60/0x140 [ 2567.974214][T26965] ? asm_exc_page_fault+0x8/0x30 [ 2567.979324][T26965] asm_exc_page_fault+0x1e/0x30 [ 2567.984336][T26965] RIP: 0023:0xf6e1f418 [ 2567.988531][T26965] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2568.008398][T26965] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2568.014613][T26965] RAX: 00000000f6f50000 RBX: 0000000057611627 RCX: 0000000000001627 [ 2568.022887][T26965] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826dbad8 [ 2568.030980][T26965] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2568.039072][T26965] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 2568.047171][T26965] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2568.055288][T26965] [ 2568.062300][T26965] memory: usage 307200kB, limit 307200kB, failcnt 15045 [ 2568.069751][T26965] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2568.076850][T26965] Memory cgroup stats for /syz1: [ 2568.078453][T26965] anon 131072 [ 2568.078453][T26965] file 313262080 [ 2568.078453][T26965] kernel 1179648 [ 2568.078453][T26965] kernel_stack 32768 [ 2568.078453][T26965] pagetables 69632 [ 2568.078453][T26965] percpu 0 [ 2568.078453][T26965] sock 0 [ 2568.078453][T26965] vmalloc 0 [ 2568.078453][T26965] shmem 313262080 [ 2568.078453][T26965] file_mapped 40960 [ 2568.078453][T26965] file_dirty 0 [ 2568.078453][T26965] file_writeback 0 [ 2568.078453][T26965] swapcached 0 [ 2568.078453][T26965] anon_thp 0 [ 2568.078453][T26965] file_thp 0 [ 2568.078453][T26965] shmem_thp 0 [ 2568.078453][T26965] inactive_anon 311906304 [ 2568.078453][T26965] active_anon 1486848 [ 2568.078453][T26965] inactive_file 0 [ 2568.078453][T26965] active_file 0 [ 2568.078453][T26965] unevictable 0 [ 2568.078453][T26965] slab_reclaimable 786584 [ 2568.078453][T26965] slab_unreclaimable 271896 [ 2568.078453][T26965] slab 1058480 [ 2568.078453][T26965] workingset_refault_anon 0 [ 2568.078453][T26965] workingset_refault_file 0 [ 2568.175027][T26965] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26965,uid=0 [ 2568.191099][T26965] Memory cgroup out of memory: Killed process 26965 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x5421, &(0x7f00000000c0)={'ip6gre0\x00', 0x0}) 21:16:40 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) getsockopt$sock_cred(r0, 0x1, 0x2, 0x0, &(0x7f0000000040)) 21:16:40 executing program 5: syz_emit_ethernet(0x19a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603c459c0164290020010000000000000000000000000000fe800000000000000000000000000021"], 0x0) 21:16:41 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) dup2(r0, r1) [ 2568.774609][T26985] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:41 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2568.893956][T26987] loop4: detected capacity change from 0 to 253983 [ 2569.003113][T26987] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2569.011030][T26987] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2569.057751][T26987] F2FS-fs (loop4): invalid crc_offset: 0 [ 2569.067663][T26987] F2FS-fs (loop4): invalid crc_offset: 0 [ 2569.074206][T26987] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:41 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040", 0xa1, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:41 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x103, &(0x7f00000000c0), &(0x7f0000000180)=0x8) 21:16:41 executing program 5: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect(r0, &(0x7f0000000040)=@in={0x10, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000100), &(0x7f0000000200)=0x98) [ 2569.578463][T26988] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2569.588960][T26988] CPU: 0 PID: 26988 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2569.600704][T26988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2569.610901][T26988] Call Trace: [ 2569.614285][T26988] [ 2569.617317][T26988] dump_stack_lvl+0x200/0x28c [ 2569.622202][T26988] dump_stack+0x29/0x2c [ 2569.626543][T26988] dump_header+0x1e5/0xae0 [ 2569.631214][T26988] oom_kill_process+0x3a7/0xba0 [ 2569.636299][T26988] out_of_memory+0x111c/0x1570 [ 2569.641258][T26988] ? slab_debugfs_show+0xa40/0xaa0 [ 2569.646592][T26988] mem_cgroup_out_of_memory+0x46b/0x590 [ 2569.652389][T26988] mem_cgroup_oom+0xa3d/0xd30 [ 2569.657286][T26988] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2569.662518][T26988] try_charge_memcg+0x18b0/0x2110 [ 2569.667761][T26988] ? kmsan_get_metadata+0x33/0x220 [ 2569.673144][T26988] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2569.679199][T26988] charge_memcg+0x1a9/0x6b0 [ 2569.683909][T26988] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2569.689671][T26988] __mem_cgroup_charge+0xb9/0x2e0 [ 2569.694926][T26988] wp_page_copy+0x719/0x4310 [ 2569.699723][T26988] ? kmsan_get_metadata+0x33/0x220 [ 2569.705051][T26988] ? kmsan_get_metadata+0x33/0x220 [ 2569.710394][T26988] ? preempt_count_sub+0xfc/0x340 [ 2569.715614][T26988] do_wp_page+0xc81/0x29c0 [ 2569.720245][T26988] handle_mm_fault+0x43e1/0x47a0 [ 2569.725373][T26988] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2569.730580][T26988] ? kmsan_get_metadata+0x33/0x220 [ 2569.735981][T26988] do_user_addr_fault+0x11f5/0x1e50 [ 2569.741418][T26988] exc_page_fault+0x60/0x140 [ 2569.746205][T26988] ? asm_exc_page_fault+0x8/0x30 [ 2569.751314][T26988] asm_exc_page_fault+0x1e/0x30 [ 2569.756369][T26988] RIP: 0023:0xf6e1f418 [ 2569.760573][T26988] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2569.780367][T26988] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2569.786590][T26988] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2569.794688][T26988] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2569.802781][T26988] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2569.810874][T26988] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2569.818962][T26988] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2569.827089][T26988] [ 2569.834731][T26988] memory: usage 307200kB, limit 307200kB, failcnt 15092 [ 2569.842626][T26988] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2569.849609][T26988] Memory cgroup stats for /syz1: [ 2569.851050][T26988] anon 131072 [ 2569.851050][T26988] file 313262080 [ 2569.851050][T26988] kernel 1179648 [ 2569.851050][T26988] kernel_stack 32768 [ 2569.851050][T26988] pagetables 65536 [ 2569.851050][T26988] percpu 0 [ 2569.851050][T26988] sock 0 [ 2569.851050][T26988] vmalloc 0 [ 2569.851050][T26988] shmem 313262080 [ 2569.851050][T26988] file_mapped 40960 [ 2569.851050][T26988] file_dirty 0 [ 2569.851050][T26988] file_writeback 0 [ 2569.851050][T26988] swapcached 0 [ 2569.851050][T26988] anon_thp 0 [ 2569.851050][T26988] file_thp 0 [ 2569.851050][T26988] shmem_thp 0 [ 2569.851050][T26988] inactive_anon 311906304 [ 2569.851050][T26988] active_anon 1486848 [ 2569.851050][T26988] inactive_file 0 [ 2569.851050][T26988] active_file 0 [ 2569.851050][T26988] unevictable 0 [ 2569.851050][T26988] slab_reclaimable 787624 [ 2569.851050][T26988] slab_unreclaimable 273344 [ 2569.851050][T26988] slab 1060968 [ 2569.851050][T26988] workingset_refault_anon 0 [ 2569.851050][T26988] workingset_refault_file 0 [ 2569.947266][T26988] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26988,uid=0 [ 2569.963437][T26988] Memory cgroup out of memory: Killed process 26988 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2570.069540][T27000] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2570.213237][T27004] loop4: detected capacity change from 0 to 253983 21:16:42 executing program 1: getresgid(&(0x7f0000000f40), 0x0, 0x0) 21:16:42 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:42 executing program 5: r0 = socket(0x1, 0x5, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) connect(r1, &(0x7f0000000040)=@in={0x10, 0x2}, 0x10) dup2(r1, r0) r2 = socket$inet6_sctp(0x1c, 0x1, 0x84) r3 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r3, &(0x7f0000000400)={0x1c, 0x1c, 0x3}, 0x1c) r4 = dup2(r3, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x105, &(0x7f0000000240)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x29, &(0x7f0000000000)={r5}, 0x8) [ 2570.405867][T27004] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2570.414040][T27004] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:16:42 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000240)='U', 0x1}], 0x1}, 0x0) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1}, 0x14) 21:16:42 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f00000022c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002080)=[@cred, @cred], 0xd0}, 0x0) [ 2570.466274][T27004] F2FS-fs (loop4): invalid crc_offset: 0 [ 2570.479771][T27004] F2FS-fs (loop4): invalid crc_offset: 0 [ 2570.486297][T27004] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:42 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040", 0xa1, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2571.032549][T27010] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:43 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:43 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0x40, &(0x7f0000000180)='cubic\x00', 0x4) 21:16:43 executing program 2: pipe2(&(0x7f0000000180)={0xffffffffffffffff}, 0x0) setsockopt$sock_timeval(r0, 0xffff, 0x0, 0x0, 0x0) [ 2571.519975][T27022] loop4: detected capacity change from 0 to 253983 21:16:43 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000000)={0x0, @in, 0x5}, 0x98) [ 2571.613425][T27022] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2571.621451][T27022] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2571.702472][T27022] F2FS-fs (loop4): invalid crc_offset: 0 [ 2571.746392][T27022] F2FS-fs (loop4): invalid crc_offset: 0 [ 2571.752615][T27022] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:44 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040", 0xa1, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2571.842935][T23080] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 2571.994065][T27013] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2572.004778][T27013] CPU: 1 PID: 27013 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2572.016516][T27013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2572.026708][T27013] Call Trace: [ 2572.030097][T27013] [ 2572.033135][T27013] dump_stack_lvl+0x200/0x28c [ 2572.038019][T27013] dump_stack+0x29/0x2c [ 2572.042366][T27013] dump_header+0x1e5/0xae0 [ 2572.047015][T27013] oom_kill_process+0x3a7/0xba0 [ 2572.052106][T27013] out_of_memory+0x111c/0x1570 [ 2572.057074][T27013] ? slab_debugfs_show+0xa40/0xaa0 [ 2572.062425][T27013] mem_cgroup_out_of_memory+0x46b/0x590 [ 2572.068233][T27013] mem_cgroup_oom+0xa3d/0xd30 [ 2572.073131][T27013] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2572.078356][T27013] try_charge_memcg+0x18b0/0x2110 [ 2572.083600][T27013] ? kmsan_get_metadata+0x33/0x220 [ 2572.088999][T27013] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2572.095050][T27013] charge_memcg+0x1a9/0x6b0 [ 2572.099773][T27013] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2572.105532][T27013] __mem_cgroup_charge+0xb9/0x2e0 [ 2572.110731][T27013] wp_page_copy+0x719/0x4310 [ 2572.115458][T27013] ? kmsan_get_metadata+0x33/0x220 [ 2572.120793][T27013] ? kmsan_get_metadata+0x33/0x220 [ 2572.126111][T27013] ? preempt_count_sub+0xfc/0x340 [ 2572.131337][T27013] do_wp_page+0xc81/0x29c0 [ 2572.135907][T27013] handle_mm_fault+0x43e1/0x47a0 [ 2572.141023][T27013] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2572.147118][T27013] do_user_addr_fault+0x11f5/0x1e50 [ 2572.152545][T27013] exc_page_fault+0x60/0x140 [ 2572.157342][T27013] ? asm_exc_page_fault+0x8/0x30 [ 2572.162482][T27013] asm_exc_page_fault+0x1e/0x30 [ 2572.162615][T27013] RIP: 0023:0xf6e1f418 [ 2572.171635][T27013] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2572.191427][T27013] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2572.197663][T27013] RAX: 00000000f6f50000 RBX: 00000000b105dc01 RCX: 0000000000001c01 [ 2572.205717][T27013] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000081be2ce2 [ 2572.213784][T27013] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2572.221908][T27013] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2572.230013][T27013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2572.238150][T27013] [ 2572.243738][T27013] memory: usage 307200kB, limit 307200kB, failcnt 15139 [ 2572.251605][T27013] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2572.258899][T27013] Memory cgroup stats for /syz1: [ 2572.260445][T27013] anon 131072 [ 2572.260445][T27013] file 313262080 [ 2572.260445][T27013] kernel 1163264 [ 2572.260445][T27013] kernel_stack 32768 [ 2572.260445][T27013] pagetables 69632 [ 2572.260445][T27013] percpu 0 [ 2572.260445][T27013] sock 0 [ 2572.260445][T27013] vmalloc 0 [ 2572.260445][T27013] shmem 313262080 [ 2572.260445][T27013] file_mapped 40960 [ 2572.260445][T27013] file_dirty 0 [ 2572.260445][T27013] file_writeback 0 [ 2572.260445][T27013] swapcached 0 [ 2572.260445][T27013] anon_thp 0 [ 2572.260445][T27013] file_thp 0 [ 2572.260445][T27013] shmem_thp 0 [ 2572.260445][T27013] inactive_anon 311906304 [ 2572.260445][T27013] active_anon 1486848 [ 2572.260445][T27013] inactive_file 0 [ 2572.260445][T27013] active_file 0 [ 2572.260445][T27013] unevictable 0 [ 2572.260445][T27013] slab_reclaimable 786584 [ 2572.260445][T27013] slab_unreclaimable 261248 21:16:44 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, &(0x7f0000000080)=[{&(0x7f00000000c0)='A', 0xfffffe4d}], 0x1, &(0x7f0000000440)=[{0x10}, {0x10}], 0x20}, 0x0) [ 2572.260445][T27013] slab 1047832 [ 2572.260445][T27013] workingset_refault_anon 0 [ 2572.260445][T27013] workingset_refault_file 0 [ 2572.356842][T27013] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27013,uid=0 [ 2572.372814][T27013] Memory cgroup out of memory: Killed process 27013 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 [ 2572.429561][T27026] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:44 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:44 executing program 3: sendmsg$unix(0xffffffffffffffff, &(0x7f00000022c0)={&(0x7f0000000000)=@abs={0x8}, 0x8, 0x0}, 0x0) 21:16:45 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in6={0x1c, 0x1c, 0x2}, 0x1c) 21:16:45 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000000)={0x0, @in, 0x5, 0x0, 0x12}, 0x98) [ 2573.084158][T27036] loop4: detected capacity change from 0 to 253983 [ 2573.148200][T27036] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2573.156472][T27036] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2573.170200][T27036] F2FS-fs (loop4): invalid crc_offset: 0 [ 2573.177521][T27036] F2FS-fs (loop4): invalid crc_offset: 0 [ 2573.183870][T27036] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:45 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000", 0xa4, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2573.266414][T27037] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:45 executing program 3: r0 = socket(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x900, &(0x7f0000000400), 0x8) 21:16:45 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:45 executing program 2: socketpair(0x1, 0x3, 0x8f, 0x0) [ 2573.733794][T27033] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2573.744575][T27033] CPU: 1 PID: 27033 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2573.756313][T27033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2573.766577][T27033] Call Trace: [ 2573.769920][T27033] [ 2573.772900][T27033] dump_stack_lvl+0x200/0x28c [ 2573.777722][T27033] dump_stack+0x29/0x2c [ 2573.781984][T27033] dump_header+0x1e5/0xae0 [ 2573.786553][T27033] oom_kill_process+0x3a7/0xba0 [ 2573.791579][T27033] out_of_memory+0x111c/0x1570 [ 2573.796555][T27033] ? slab_debugfs_show+0xa40/0xaa0 [ 2573.801901][T27033] mem_cgroup_out_of_memory+0x46b/0x590 [ 2573.807706][T27033] mem_cgroup_oom+0xa3d/0xd30 [ 2573.812600][T27033] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2573.817839][T27033] try_charge_memcg+0x18b0/0x2110 [ 2573.823081][T27033] ? kmsan_get_metadata+0x33/0x220 [ 2573.828358][T27033] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2573.834307][T27033] charge_memcg+0x1a9/0x6b0 [ 2573.838939][T27033] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2573.844710][T27033] __mem_cgroup_charge+0xb9/0x2e0 [ 2573.849873][T27033] wp_page_copy+0x719/0x4310 [ 2573.854599][T27033] ? kmsan_get_metadata+0x33/0x220 [ 2573.859942][T27033] ? kmsan_get_metadata+0x33/0x220 [ 2573.865275][T27033] ? preempt_count_sub+0xfc/0x340 [ 2573.870509][T27033] do_wp_page+0xc81/0x29c0 [ 2573.875056][T27033] handle_mm_fault+0x43e1/0x47a0 [ 2573.880176][T27033] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2573.885392][T27033] ? kmsan_get_metadata+0x33/0x220 [ 2573.890763][T27033] do_user_addr_fault+0x11f5/0x1e50 [ 2573.896132][T27033] exc_page_fault+0x60/0x140 [ 2573.900934][T27033] ? asm_exc_page_fault+0x8/0x30 [ 2573.906054][T27033] asm_exc_page_fault+0x1e/0x30 [ 2573.911083][T27033] RIP: 0023:0xf6e1f418 [ 2573.915283][T27033] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2573.935067][T27033] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2573.941253][T27033] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2573.949300][T27033] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2573.957400][T27033] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2573.965499][T27033] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2573.973630][T27033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2573.981796][T27033] [ 2573.991580][T27033] memory: usage 307200kB, limit 307200kB, failcnt 15178 [ 2574.000625][T27033] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2574.007789][T27033] Memory cgroup stats for /syz1: [ 2574.009274][T27033] anon 131072 [ 2574.009274][T27033] file 313262080 [ 2574.009274][T27033] kernel 1179648 [ 2574.009274][T27033] kernel_stack 32768 [ 2574.009274][T27033] pagetables 65536 [ 2574.009274][T27033] percpu 0 [ 2574.009274][T27033] sock 0 [ 2574.009274][T27033] vmalloc 0 [ 2574.009274][T27033] shmem 313262080 [ 2574.009274][T27033] file_mapped 40960 [ 2574.009274][T27033] file_dirty 0 [ 2574.009274][T27033] file_writeback 0 [ 2574.009274][T27033] swapcached 0 [ 2574.009274][T27033] anon_thp 0 [ 2574.009274][T27033] file_thp 0 [ 2574.009274][T27033] shmem_thp 0 [ 2574.009274][T27033] inactive_anon 311906304 [ 2574.009274][T27033] active_anon 1486848 [ 2574.009274][T27033] inactive_file 0 [ 2574.009274][T27033] active_file 0 [ 2574.009274][T27033] unevictable 0 [ 2574.009274][T27033] slab_reclaimable 787624 [ 2574.009274][T27033] slab_unreclaimable 273408 [ 2574.009274][T27033] slab 1061032 [ 2574.009274][T27033] workingset_refault_anon 0 [ 2574.009274][T27033] workingset_refault_file 0 [ 2574.105749][T27033] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27033,uid=0 [ 2574.121755][T27033] Memory cgroup out of memory: Killed process 27033 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:46 executing program 5: r0 = socket(0x1c, 0x1, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = dup2(r1, r0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x10, &(0x7f0000000080), &(0x7f0000000100)=0x4) 21:16:46 executing program 1: r0 = socket(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x9, &(0x7f0000000040), &(0x7f00000000c0)=0x4) 21:16:46 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000000040), &(0x7f0000000140)=0x3) [ 2574.527225][T27050] loop4: detected capacity change from 0 to 253983 [ 2574.614117][T27050] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2574.622193][T27050] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2574.654257][T27050] F2FS-fs (loop4): invalid crc_offset: 0 [ 2574.668659][T27050] F2FS-fs (loop4): invalid crc_offset: 0 [ 2574.674942][T27050] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2574.720922][T27052] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:47 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000", 0xa4, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:47 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c00010062"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:47 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) recvmsg(r0, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe2c}, 0x80) 21:16:47 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r0) 21:16:47 executing program 3: r0 = socket(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000000), &(0x7f0000000100)=0x98) [ 2575.635368][T27056] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2575.646392][T27056] CPU: 1 PID: 27056 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2575.658150][T27056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2575.668352][T27056] Call Trace: [ 2575.671728][T27056] [ 2575.674724][T27056] dump_stack_lvl+0x200/0x28c [ 2575.679670][T27056] dump_stack+0x29/0x2c [ 2575.684012][T27056] dump_header+0x1e5/0xae0 [ 2575.688627][T27056] oom_kill_process+0x3a7/0xba0 [ 2575.693690][T27056] out_of_memory+0x111c/0x1570 [ 2575.698632][T27056] ? slab_debugfs_show+0xa40/0xaa0 [ 2575.703976][T27056] mem_cgroup_out_of_memory+0x46b/0x590 [ 2575.709775][T27056] mem_cgroup_oom+0xa3d/0xd30 [ 2575.714658][T27056] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2575.719875][T27056] try_charge_memcg+0x18b0/0x2110 [ 2575.725117][T27056] ? kmsan_get_metadata+0x33/0x220 [ 2575.730483][T27056] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2575.736466][T27056] charge_memcg+0x1a9/0x6b0 [ 2575.741184][T27056] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2575.746972][T27056] __mem_cgroup_charge+0xb9/0x2e0 [ 2575.752198][T27056] wp_page_copy+0x719/0x4310 [ 2575.756997][T27056] ? kmsan_get_metadata+0x33/0x220 [ 2575.762341][T27056] ? kmsan_get_metadata+0x33/0x220 [ 2575.767686][T27056] ? preempt_count_sub+0xfc/0x340 [ 2575.772895][T27056] do_wp_page+0xc81/0x29c0 [ 2575.777435][T27056] handle_mm_fault+0x43e1/0x47a0 [ 2575.782540][T27056] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2575.788656][T27056] do_user_addr_fault+0x11f5/0x1e50 [ 2575.794126][T27056] exc_page_fault+0x60/0x140 [ 2575.798921][T27056] ? asm_exc_page_fault+0x8/0x30 [ 2575.803973][T27056] asm_exc_page_fault+0x1e/0x30 [ 2575.809007][T27056] RIP: 0023:0xf6e1f418 [ 2575.813203][T27056] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2575.833028][T27056] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2575.839271][T27056] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2575.847757][T27056] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2575.855888][T27056] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2575.863997][T27056] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2575.872101][T27056] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2575.880245][T27056] [ 2575.883691][T27056] memory: usage 307200kB, limit 307200kB, failcnt 15246 [ 2575.890758][T27056] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2575.897874][T27056] Memory cgroup stats for /syz1: [ 2575.899447][T27056] anon 131072 [ 2575.899447][T27056] file 313262080 [ 2575.899447][T27056] kernel 1179648 [ 2575.899447][T27056] kernel_stack 32768 [ 2575.899447][T27056] pagetables 65536 [ 2575.899447][T27056] percpu 0 [ 2575.899447][T27056] sock 0 [ 2575.899447][T27056] vmalloc 0 [ 2575.899447][T27056] shmem 313262080 [ 2575.899447][T27056] file_mapped 40960 [ 2575.899447][T27056] file_dirty 0 [ 2575.899447][T27056] file_writeback 0 [ 2575.899447][T27056] swapcached 0 [ 2575.899447][T27056] anon_thp 0 [ 2575.899447][T27056] file_thp 0 [ 2575.899447][T27056] shmem_thp 0 [ 2575.899447][T27056] inactive_anon 311902208 [ 2575.899447][T27056] active_anon 1486848 [ 2575.899447][T27056] inactive_file 0 [ 2575.899447][T27056] active_file 0 [ 2575.899447][T27056] unevictable 0 [ 2575.899447][T27056] slab_reclaimable 787624 [ 2575.899447][T27056] slab_unreclaimable 273408 [ 2575.899447][T27056] slab 1061032 [ 2575.899447][T27056] workingset_refault_anon 0 [ 2575.899447][T27056] workingset_refault_file 0 [ 2575.995739][T27056] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27056,uid=0 [ 2576.011967][T27056] Memory cgroup out of memory: Killed process 27056 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:48 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000400)={0x1c, 0x1c, 0x3}, 0x1c) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = dup2(r1, r1) r3 = dup2(r0, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x19, &(0x7f0000000080), &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x2, &(0x7f0000000100), 0x14) [ 2576.087460][T27066] loop4: detected capacity change from 0 to 253983 [ 2576.185137][T27066] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2576.193406][T27066] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2576.213788][T27066] F2FS-fs (loop4): invalid crc_offset: 0 [ 2576.228798][T27066] F2FS-fs (loop4): invalid crc_offset: 0 [ 2576.231700][T27067] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2576.234953][T27066] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:48 executing program 2: r0 = socket(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000100), 0x10) 21:16:48 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000", 0xa4, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:48 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c00010062"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:49 executing program 3: syz_clone(0x80807300, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0) 21:16:49 executing program 5: syz_clone(0x40000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), 0x0) 21:16:49 executing program 2: r0 = socket(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000100), 0x10) [ 2577.166615][T27084] loop4: detected capacity change from 0 to 253983 [ 2577.280646][T27084] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2577.290338][T27084] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2577.318696][T27084] F2FS-fs (loop4): invalid crc_offset: 0 [ 2577.328959][T27084] F2FS-fs (loop4): invalid crc_offset: 0 [ 2577.335305][T27084] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2577.437028][T27086] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:49 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc", 0xa5, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2577.600313][T27078] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 2577.613340][T27078] CPU: 1 PID: 27078 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2577.625112][T27078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2577.635312][T27078] Call Trace: [ 2577.638698][T27078] [ 2577.641731][T27078] dump_stack_lvl+0x200/0x28c [ 2577.646633][T27078] dump_stack+0x29/0x2c [ 2577.651001][T27078] dump_header+0x1e5/0xae0 [ 2577.655673][T27078] oom_kill_process+0x3a7/0xba0 [ 2577.660762][T27078] out_of_memory+0x111c/0x1570 [ 2577.665745][T27078] ? slab_debugfs_show+0xa40/0xaa0 [ 2577.671087][T27078] mem_cgroup_out_of_memory+0x46b/0x590 [ 2577.676978][T27078] mem_cgroup_oom+0xa3d/0xd30 [ 2577.681881][T27078] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2577.687119][T27078] try_charge_memcg+0x18b0/0x2110 [ 2577.692445][T27078] ? __rcu_read_unlock+0x85/0xf0 [ 2577.697562][T27078] obj_cgroup_charge_pages+0x352/0x760 [ 2577.703261][T27078] __memcg_kmem_charge_page+0x5b2/0x910 [ 2577.709057][T27078] __alloc_pages+0x82e/0x1040 [ 2577.714002][T27078] dup_task_struct+0x310/0xaf0 [ 2577.718989][T27078] ? kmsan_get_metadata+0x33/0x220 [ 2577.724333][T27078] copy_process+0xb32/0x68e0 [ 2577.729191][T27078] ? kmsan_get_metadata+0x33/0x220 [ 2577.734514][T27078] ? kernel_clone+0x84/0x1110 [ 2577.739451][T27078] kernel_clone+0x4c4/0x1110 [ 2577.744225][T27078] ? __stack_depot_save+0x21/0x4b0 [ 2577.749566][T27078] ? kmsan_get_metadata+0x33/0x220 [ 2577.754981][T27078] ? kmsan_get_shadow_origin_ptr+0xe0/0xf0 [ 2577.761040][T27078] __ia32_compat_sys_ia32_clone+0x29a/0x410 [ 2577.767220][T27078] do_int80_syscall_32+0x4d/0xa0 [ 2577.772364][T27078] ? asm_exc_page_fault+0x8/0x30 [ 2577.777487][T27078] entry_INT80_compat+0x71/0x76 [ 2577.782521][T27078] RIP: 0023:0xf6e5a3a4 21:16:50 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c00010062"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2577.786726][T27078] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00 [ 2577.806525][T27078] RSP: 002b:00000000ffacc000 EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 2577.815137][T27078] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f917a4 [ 2577.823258][T27078] RDX: 00000000f7f91ba8 RSI: 00000000ffacc04c RDI: 00000000f7f91ba8 [ 2577.831459][T27078] RBP: 00000000f6f36000 R08: 0000000000000000 R09: 0000000000000000 [ 2577.839569][T27078] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 2577.847677][T27078] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2577.855822][T27078] [ 2577.861502][T27078] memory: usage 307196kB, limit 307200kB, failcnt 15296 [ 2577.869452][T27078] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2577.876607][T27078] Memory cgroup stats for /syz1: [ 2577.878119][T27078] anon 118784 [ 2577.878119][T27078] file 313262080 [ 2577.878119][T27078] kernel 1187840 [ 2577.878119][T27078] kernel_stack 32768 [ 2577.878119][T27078] pagetables 69632 [ 2577.878119][T27078] percpu 0 [ 2577.878119][T27078] sock 0 [ 2577.878119][T27078] vmalloc 0 [ 2577.878119][T27078] shmem 313262080 [ 2577.878119][T27078] file_mapped 40960 [ 2577.878119][T27078] file_dirty 0 [ 2577.878119][T27078] file_writeback 0 [ 2577.878119][T27078] swapcached 0 [ 2577.878119][T27078] anon_thp 0 [ 2577.878119][T27078] file_thp 0 [ 2577.878119][T27078] shmem_thp 0 [ 2577.878119][T27078] inactive_anon 311894016 [ 2577.878119][T27078] active_anon 1486848 [ 2577.878119][T27078] inactive_file 0 [ 2577.878119][T27078] active_file 0 [ 2577.878119][T27078] unevictable 0 [ 2577.878119][T27078] slab_reclaimable 786584 [ 2577.878119][T27078] slab_unreclaimable 280872 [ 2577.878119][T27078] slab 1067456 [ 2577.878119][T27078] workingset_refault_anon 0 [ 2577.878119][T27078] workingset_refault_file 0 [ 2577.974560][T27078] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27078,uid=0 [ 2577.990721][T27078] Memory cgroup out of memory: Killed process 27078 (syz-executor.1) total-vm:54416kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:50 executing program 1: syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @empty, @val, {@ipv6}}, 0x0) 21:16:50 executing program 5: mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) 21:16:50 executing program 3: mprotect(&(0x7f00009b8000/0x1000)=nil, 0x1000, 0x0) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) mlock(&(0x7f00009b9000/0x2000)=nil, 0x2000) mlock(&(0x7f00009b9000/0x1000)=nil, 0x1000) 21:16:50 executing program 2: r0 = socket(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000100), 0x10) [ 2578.948711][T27102] loop4: detected capacity change from 0 to 253983 [ 2578.982514][T27103] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2579.088376][T27102] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2579.096569][T27102] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock 21:16:51 executing program 5: mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) munlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0) [ 2579.298950][T27102] F2FS-fs (loop4): invalid crc value [ 2579.321058][T27102] F2FS-fs (loop4): invalid crc_offset: 0 [ 2579.328260][T27102] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:51 executing program 3: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x1002040, &(0x7f0000001340)) 21:16:51 executing program 2: r0 = socket(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000100), 0x10) 21:16:51 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:51 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc", 0xa5, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2579.784216][T27100] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2579.794900][T27100] CPU: 1 PID: 27100 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2579.806630][T27100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2579.816814][T27100] Call Trace: [ 2579.820192][T27100] [ 2579.823212][T27100] dump_stack_lvl+0x200/0x28c [ 2579.828097][T27100] dump_stack+0x29/0x2c [ 2579.832415][T27100] dump_header+0x1e5/0xae0 [ 2579.837055][T27100] oom_kill_process+0x3a7/0xba0 [ 2579.842130][T27100] out_of_memory+0x111c/0x1570 [ 2579.847083][T27100] ? slab_debugfs_show+0xa40/0xaa0 [ 2579.852401][T27100] mem_cgroup_out_of_memory+0x46b/0x590 [ 2579.858206][T27100] mem_cgroup_oom+0xa3d/0xd30 [ 2579.863192][T27100] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2579.868427][T27100] try_charge_memcg+0x18b0/0x2110 [ 2579.873670][T27100] ? kmsan_get_metadata+0x33/0x220 [ 2579.879042][T27100] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2579.885064][T27100] charge_memcg+0x1a9/0x6b0 [ 2579.889771][T27100] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2579.895539][T27100] __mem_cgroup_charge+0xb9/0x2e0 [ 2579.900803][T27100] wp_page_copy+0x719/0x4310 [ 2579.905589][T27100] ? kmsan_get_metadata+0x33/0x220 [ 2579.910926][T27100] ? kmsan_get_metadata+0x33/0x220 [ 2579.916245][T27100] ? preempt_count_sub+0xfc/0x340 [ 2579.921464][T27100] do_wp_page+0xc81/0x29c0 [ 2579.926092][T27100] handle_mm_fault+0x43e1/0x47a0 [ 2579.931204][T27100] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2579.936405][T27100] ? kmsan_get_metadata+0x33/0x220 [ 2579.941804][T27100] do_user_addr_fault+0x11f5/0x1e50 [ 2579.947249][T27100] exc_page_fault+0x60/0x140 [ 2579.952384][T27100] ? asm_exc_page_fault+0x8/0x30 [ 2579.957492][T27100] asm_exc_page_fault+0x1e/0x30 [ 2579.962517][T27100] RIP: 0023:0xf6e1f418 [ 2579.966707][T27100] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2579.986496][T27100] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2579.992750][T27100] RAX: 00000000f6f50000 RBX: 0000000057611627 RCX: 0000000000001627 [ 2580.000858][T27100] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826dbad8 [ 2580.008969][T27100] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2580.017078][T27100] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2580.025358][T27100] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2580.033503][T27100] [ 2580.039136][T27100] memory: usage 307200kB, limit 307200kB, failcnt 15358 [ 2580.046866][T27100] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2580.054005][T27100] Memory cgroup stats for /syz1: [ 2580.055393][T27100] anon 131072 [ 2580.055393][T27100] file 313262080 [ 2580.055393][T27100] kernel 1179648 [ 2580.055393][T27100] kernel_stack 32768 [ 2580.055393][T27100] pagetables 69632 [ 2580.055393][T27100] percpu 0 [ 2580.055393][T27100] sock 0 [ 2580.055393][T27100] vmalloc 0 [ 2580.055393][T27100] shmem 313262080 [ 2580.055393][T27100] file_mapped 40960 [ 2580.055393][T27100] file_dirty 0 [ 2580.055393][T27100] file_writeback 0 [ 2580.055393][T27100] swapcached 0 [ 2580.055393][T27100] anon_thp 0 [ 2580.055393][T27100] file_thp 0 [ 2580.055393][T27100] shmem_thp 0 [ 2580.055393][T27100] inactive_anon 311898112 [ 2580.055393][T27100] active_anon 1486848 [ 2580.055393][T27100] inactive_file 0 [ 2580.055393][T27100] active_file 0 [ 2580.055393][T27100] unevictable 0 [ 2580.055393][T27100] slab_reclaimable 786584 [ 2580.055393][T27100] slab_unreclaimable 271896 [ 2580.055393][T27100] slab 1058480 [ 2580.055393][T27100] workingset_refault_anon 0 [ 2580.055393][T27100] workingset_refault_file 0 [ 2580.151691][T27100] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27100,uid=0 [ 2580.167999][T27100] Memory cgroup out of memory: Killed process 27100 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:52 executing program 1: prctl$PR_SET_NAME(0x16, 0x0) 21:16:52 executing program 5: bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@map, 0xffffffffffffffff, 0x9}, 0x10) 21:16:52 executing program 3: prctl$PR_SET_NAME(0x38, 0x0) [ 2580.677358][T27119] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2580.780577][T27122] device bond186 entered promiscuous mode 21:16:53 executing program 2: prctl$PR_SET_NAME(0x36, 0x0) [ 2580.865205][T27122] device bond186 left promiscuous mode [ 2580.931632][T27124] loop4: detected capacity change from 0 to 253983 [ 2581.009203][T27124] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2581.017601][T27124] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2581.029890][T27124] F2FS-fs (loop4): invalid crc value [ 2581.036686][T27124] F2FS-fs (loop4): invalid crc_offset: 0 [ 2581.042776][T27124] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:53 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:53 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc", 0xa5, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:53 executing program 5: syz_clone3(&(0x7f0000002540)={0x108280000, 0x0, 0x0, 0x0, {}, &(0x7f0000000180)=""/4096, 0x1000, 0x0, &(0x7f0000002500)=[0xffffffffffffffff], 0x1}, 0x58) [ 2581.729483][T27126] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2581.740379][T27126] CPU: 1 PID: 27126 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2581.752119][T27126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2581.762300][T27126] Call Trace: [ 2581.765676][T27126] [ 2581.768690][T27126] dump_stack_lvl+0x200/0x28c [ 2581.773576][T27126] dump_stack+0x29/0x2c [ 2581.777912][T27126] dump_header+0x1e5/0xae0 [ 2581.782558][T27126] oom_kill_process+0x3a7/0xba0 [ 2581.787649][T27126] out_of_memory+0x111c/0x1570 [ 2581.792608][T27126] ? slab_debugfs_show+0xa40/0xaa0 [ 2581.797930][T27126] mem_cgroup_out_of_memory+0x46b/0x590 [ 2581.803735][T27126] mem_cgroup_oom+0xa3d/0xd30 [ 2581.808635][T27126] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2581.813859][T27126] try_charge_memcg+0x18b0/0x2110 [ 2581.819101][T27126] ? kmsan_get_metadata+0x33/0x220 [ 2581.824479][T27126] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2581.830514][T27126] charge_memcg+0x1a9/0x6b0 [ 2581.835234][T27126] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2581.840998][T27126] __mem_cgroup_charge+0xb9/0x2e0 [ 2581.846249][T27126] wp_page_copy+0x719/0x4310 [ 2581.851033][T27126] ? kmsan_get_metadata+0x33/0x220 [ 2581.856350][T27126] ? kmsan_get_metadata+0x33/0x220 [ 2581.861667][T27126] ? preempt_count_sub+0xfc/0x340 [ 2581.866980][T27126] do_wp_page+0xc81/0x29c0 [ 2581.871603][T27126] handle_mm_fault+0x43e1/0x47a0 21:16:54 executing program 3: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001280)={0x3, 0x7, &(0x7f0000000000)=@framed={{}, [@initr0, @call={0x85, 0x0, 0x0, 0x61}, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 2581.876733][T27126] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2581.882912][T27126] do_user_addr_fault+0x11f5/0x1e50 [ 2581.888361][T27126] exc_page_fault+0x60/0x140 [ 2581.893163][T27126] ? asm_exc_page_fault+0x8/0x30 [ 2581.898279][T27126] asm_exc_page_fault+0x1e/0x30 [ 2581.903297][T27126] RIP: 0023:0xf6e1f418 [ 2581.907497][T27126] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2581.927291][T27126] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2581.933509][T27126] RAX: 00000000f6f50000 RBX: 0000000012d46ceb RCX: 0000000000000ceb [ 2581.941603][T27126] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085e32dc8 [ 2581.949697][T27126] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2581.957798][T27126] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2581.965886][T27126] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2581.974004][T27126] [ 2581.979469][T27126] memory: usage 307200kB, limit 307200kB, failcnt 15398 [ 2581.986825][T27126] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2581.993928][T27126] Memory cgroup stats for /syz1: [ 2581.995384][T27126] anon 135168 [ 2581.995384][T27126] file 313262080 [ 2581.995384][T27126] kernel 1175552 [ 2581.995384][T27126] kernel_stack 32768 [ 2581.995384][T27126] pagetables 65536 [ 2581.995384][T27126] percpu 0 [ 2581.995384][T27126] sock 0 [ 2581.995384][T27126] vmalloc 0 [ 2581.995384][T27126] shmem 313262080 [ 2581.995384][T27126] file_mapped 40960 [ 2581.995384][T27126] file_dirty 0 [ 2581.995384][T27126] file_writeback 0 [ 2581.995384][T27126] swapcached 0 [ 2581.995384][T27126] anon_thp 0 [ 2581.995384][T27126] file_thp 0 [ 2581.995384][T27126] shmem_thp 0 [ 2581.995384][T27126] inactive_anon 311910400 [ 2581.995384][T27126] active_anon 1486848 [ 2581.995384][T27126] inactive_file 0 [ 2581.995384][T27126] active_file 0 [ 2581.995384][T27126] unevictable 0 [ 2581.995384][T27126] slab_reclaimable 786584 [ 2581.995384][T27126] slab_unreclaimable 271728 [ 2581.995384][T27126] slab 1058312 [ 2581.995384][T27126] workingset_refault_anon 0 [ 2581.995384][T27126] workingset_refault_file 0 [ 2582.091660][T27126] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27126,uid=0 [ 2582.107931][T27126] Memory cgroup out of memory: Killed process 27126 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:54 executing program 2: syz_clone(0xc000000, 0x0, 0x0, 0x0, 0x0, 0x0) 21:16:54 executing program 1: r0 = socket$nl_audit(0x10, 0x3, 0x9) fallocate(r0, 0x0, 0x0, 0x3f) 21:16:54 executing program 5: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000069900a4c02000003000000f413c0013f000000181800"/52, @ANYRES32, @ANYBLOB="0000000000000000186800000b000000000000000300000085000000a600000095"], &(0x7f0000000540)='GPL\x00', 0x6, 0xa1, &(0x7f0000000580)=""/161, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 2582.564437][T27137] loop4: detected capacity change from 0 to 253983 [ 2582.603171][T27138] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2582.671663][T27137] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2582.679879][T27137] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2582.760041][T27137] F2FS-fs (loop4): invalid crc value [ 2582.775603][T27137] F2FS-fs (loop4): invalid crc_offset: 0 [ 2582.781604][T27137] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2582.805837][T27138] device bond187 entered promiscuous mode 21:16:55 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2582.832598][T27138] device bond187 left promiscuous mode 21:16:55 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) fallocate(r0, 0x0, 0x0, 0x0) 21:16:55 executing program 2: socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 2583.516219][T27143] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2583.526998][T27143] CPU: 0 PID: 27143 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2583.538732][T27143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2583.548919][T27143] Call Trace: [ 2583.552297][T27143] [ 2583.555322][T27143] dump_stack_lvl+0x200/0x28c [ 2583.560192][T27143] dump_stack+0x29/0x2c [ 2583.564514][T27143] dump_header+0x1e5/0xae0 [ 2583.569139][T27143] oom_kill_process+0x3a7/0xba0 [ 2583.574195][T27143] out_of_memory+0x111c/0x1570 [ 2583.579138][T27143] ? slab_debugfs_show+0xa40/0xaa0 [ 2583.584449][T27143] mem_cgroup_out_of_memory+0x46b/0x590 [ 2583.590222][T27143] mem_cgroup_oom+0xa3d/0xd30 [ 2583.595089][T27143] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2583.600303][T27143] try_charge_memcg+0x18b0/0x2110 [ 2583.605529][T27143] ? kmsan_get_metadata+0x33/0x220 [ 2583.610892][T27143] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2583.616898][T27143] charge_memcg+0x1a9/0x6b0 [ 2583.621585][T27143] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2583.627339][T27143] __mem_cgroup_charge+0xb9/0x2e0 [ 2583.632571][T27143] wp_page_copy+0x719/0x4310 [ 2583.637345][T27143] ? kmsan_get_metadata+0x33/0x220 [ 2583.642667][T27143] ? kmsan_get_metadata+0x33/0x220 [ 2583.647984][T27143] ? preempt_count_sub+0xfc/0x340 [ 2583.653185][T27143] do_wp_page+0xc81/0x29c0 [ 2583.657786][T27143] handle_mm_fault+0x43e1/0x47a0 [ 2583.662885][T27143] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2583.668069][T27143] ? kmsan_get_metadata+0x33/0x220 [ 2583.673440][T27143] do_user_addr_fault+0x11f5/0x1e50 [ 2583.678848][T27143] exc_page_fault+0x60/0x140 [ 2583.683625][T27143] ? asm_exc_page_fault+0x8/0x30 [ 2583.688728][T27143] asm_exc_page_fault+0x1e/0x30 [ 2583.693732][T27143] RIP: 0023:0xf6e1f418 [ 2583.697915][T27143] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2583.717680][T27143] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2583.723901][T27143] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2583.731991][T27143] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2583.740078][T27143] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2583.748164][T27143] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2583.756249][T27143] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2583.764368][T27143] [ 2583.770932][T27143] memory: usage 307200kB, limit 307200kB, failcnt 15440 [ 2583.778894][T27143] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2583.785956][T27143] Memory cgroup stats for /syz1: [ 2583.787446][T27143] anon 131072 [ 2583.787446][T27143] file 313262080 [ 2583.787446][T27143] kernel 1179648 [ 2583.787446][T27143] kernel_stack 32768 [ 2583.787446][T27143] pagetables 65536 [ 2583.787446][T27143] percpu 0 [ 2583.787446][T27143] sock 0 [ 2583.787446][T27143] vmalloc 0 [ 2583.787446][T27143] shmem 313262080 [ 2583.787446][T27143] file_mapped 40960 [ 2583.787446][T27143] file_dirty 0 [ 2583.787446][T27143] file_writeback 0 [ 2583.787446][T27143] swapcached 0 [ 2583.787446][T27143] anon_thp 0 [ 2583.787446][T27143] file_thp 0 [ 2583.787446][T27143] shmem_thp 0 [ 2583.787446][T27143] inactive_anon 311906304 [ 2583.787446][T27143] active_anon 1486848 [ 2583.787446][T27143] inactive_file 0 [ 2583.787446][T27143] active_file 0 [ 2583.787446][T27143] unevictable 0 [ 2583.787446][T27143] slab_reclaimable 787624 [ 2583.787446][T27143] slab_unreclaimable 271992 21:16:56 executing program 5: bpf$BPF_PROG_DETACH(0x14, &(0x7f0000000100)={@map, 0xffffffffffffffff, 0x22}, 0x10) [ 2583.787446][T27143] slab 1059616 [ 2583.787446][T27143] workingset_refault_anon 0 [ 2583.787446][T27143] workingset_refault_file 0 [ 2583.883628][T27143] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27143,uid=0 [ 2583.899725][T27143] Memory cgroup out of memory: Killed process 27143 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:16:56 executing program 1: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001280)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) [ 2584.089014][T27155] loop4: detected capacity change from 0 to 253983 [ 2584.192104][T27155] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2584.200028][T27155] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2584.240666][T27155] F2FS-fs (loop4): invalid crc_offset: 0 [ 2584.265635][T27155] F2FS-fs (loop4): invalid crc_offset: 0 [ 2584.271712][T27155] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:16:56 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2584.313154][T27156] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:56 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f0000000240)=""/30) 21:16:56 executing program 2: syz_io_uring_setup(0x919, &(0x7f00000000c0)={0x0, 0x0, 0x8}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180)) 21:16:56 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e6400"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:56 executing program 5: syz_mount_image$msdos(0x0, &(0x7f0000004c40)='./file0\x00', 0x0, 0x3, &(0x7f0000004ec0)=[{0x0}, {&(0x7f0000004dc0)="84eca8", 0x3}, {0x0, 0x0, 0x5}], 0x0, 0x0) 21:16:57 executing program 2: syz_mount_image$romfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x0, &(0x7f0000000500)) syz_mount_image$msdos(0x0, 0x0, 0x0, 0x1, &(0x7f0000004ec0)=[{0x0}], 0x0, 0x0) [ 2585.260231][T27172] loop4: detected capacity change from 0 to 253983 [ 2585.281410][T27173] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:16:57 executing program 3: io_setup(0xff, &(0x7f0000000000)=0x0) io_getevents(r0, 0x0, 0x0, 0x0, 0x0) [ 2585.356766][T27172] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2585.364839][T27172] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2585.413880][T27172] F2FS-fs (loop4): invalid crc_offset: 0 [ 2585.457011][T27172] F2FS-fs (loop4): invalid crc_offset: 0 [ 2585.460313][T27176] device bond189 entered promiscuous mode [ 2585.463420][T27172] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 2585.492303][T27176] device bond189 left promiscuous mode [ 2585.531587][T27164] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2585.542604][T27164] CPU: 1 PID: 27164 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2585.554356][T27164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2585.564551][T27164] Call Trace: [ 2585.567931][T27164] [ 2585.570956][T27164] dump_stack_lvl+0x200/0x28c [ 2585.575928][T27164] dump_stack+0x29/0x2c [ 2585.580256][T27164] dump_header+0x1e5/0xae0 [ 2585.584894][T27164] oom_kill_process+0x3a7/0xba0 [ 2585.589964][T27164] out_of_memory+0x111c/0x1570 [ 2585.594926][T27164] ? slab_debugfs_show+0xa40/0xaa0 [ 2585.600251][T27164] mem_cgroup_out_of_memory+0x46b/0x590 [ 2585.606052][T27164] mem_cgroup_oom+0xa3d/0xd30 [ 2585.610953][T27164] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2585.616188][T27164] try_charge_memcg+0x18b0/0x2110 [ 2585.621452][T27164] ? kmsan_get_metadata+0x33/0x220 [ 2585.626825][T27164] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2585.632865][T27164] charge_memcg+0x1a9/0x6b0 [ 2585.637574][T27164] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2585.643348][T27164] __mem_cgroup_charge+0xb9/0x2e0 [ 2585.648598][T27164] wp_page_copy+0x719/0x4310 [ 2585.653376][T27164] ? kmsan_get_metadata+0x33/0x220 [ 2585.658698][T27164] ? update_misfit_status+0x30/0xcd0 [ 2585.664184][T27164] ? kmsan_get_metadata+0x33/0x220 [ 2585.669515][T27164] ? preempt_count_sub+0xfc/0x340 [ 2585.674740][T27164] do_wp_page+0xc81/0x29c0 [ 2585.679520][T27164] handle_mm_fault+0x43e1/0x47a0 [ 2585.684684][T27164] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2585.690858][T27164] do_user_addr_fault+0x11f5/0x1e50 [ 2585.696310][T27164] exc_page_fault+0x60/0x140 [ 2585.701109][T27164] ? asm_exc_page_fault+0x8/0x30 [ 2585.706232][T27164] asm_exc_page_fault+0x1e/0x30 [ 2585.711251][T27164] RIP: 0023:0xf6e1f418 [ 2585.715405][T27164] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2585.735204][T27164] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2585.741455][T27164] RAX: 00000000f6f50000 RBX: 000000000d63f551 RCX: 0000000000001551 [ 2585.749569][T27164] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000081e06d1a [ 2585.757698][T27164] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2585.765805][T27164] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2585.773912][T27164] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2585.782052][T27164] [ 2585.785577][T27164] memory: usage 307200kB, limit 307200kB, failcnt 15490 [ 2585.792786][T27164] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2585.799758][T27164] Memory cgroup stats for /syz1: [ 2585.801022][T27164] anon 126976 [ 2585.801022][T27164] file 313262080 [ 2585.801022][T27164] kernel 1183744 [ 2585.801022][T27164] kernel_stack 32768 [ 2585.801022][T27164] pagetables 69632 [ 2585.801022][T27164] percpu 144 [ 2585.801022][T27164] sock 0 [ 2585.801022][T27164] vmalloc 4096 [ 2585.801022][T27164] shmem 313262080 [ 2585.801022][T27164] file_mapped 40960 [ 2585.801022][T27164] file_dirty 0 [ 2585.801022][T27164] file_writeback 0 [ 2585.801022][T27164] swapcached 0 [ 2585.801022][T27164] anon_thp 0 [ 2585.801022][T27164] file_thp 0 [ 2585.801022][T27164] shmem_thp 0 [ 2585.801022][T27164] inactive_anon 311902208 [ 2585.801022][T27164] active_anon 1486848 [ 2585.801022][T27164] inactive_file 0 [ 2585.801022][T27164] active_file 0 [ 2585.801022][T27164] unevictable 0 [ 2585.801022][T27164] slab_reclaimable 786784 [ 2585.801022][T27164] slab_unreclaimable 273192 [ 2585.801022][T27164] slab 1059976 [ 2585.801022][T27164] workingset_refault_anon 0 [ 2585.801022][T27164] workingset_refault_file 0 [ 2585.897821][T27164] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27164,uid=0 [ 2585.914043][T27164] Memory cgroup out of memory: Killed process 27164 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:16:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ifreq(r0, 0x89b0, &(0x7f0000000000)={'ip6gre0\x00', @ifru_settings={0x0, 0x7fff, @te1=0x0}}) 21:16:58 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e6400"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:16:58 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:16:58 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)=@abs, 0x6e) sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 21:16:58 executing program 2: r0 = socket(0x2b, 0x1, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x89a0, &(0x7f0000000080)) 21:16:59 executing program 3: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f00000000c0)={{0x3}}) [ 2586.750246][T27184] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2586.924820][T27186] device bond190 entered promiscuous mode [ 2586.977043][T27186] device bond190 left promiscuous mode [ 2587.129034][T27193] loop4: detected capacity change from 0 to 253983 21:16:59 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e6400"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2587.241338][T27181] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2587.252317][T27181] CPU: 1 PID: 27181 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2587.264062][T27181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2587.274261][T27181] Call Trace: [ 2587.277644][T27181] [ 2587.280680][T27181] dump_stack_lvl+0x200/0x28c [ 2587.285567][T27181] dump_stack+0x29/0x2c [ 2587.289919][T27181] dump_header+0x1e5/0xae0 [ 2587.294601][T27181] oom_kill_process+0x3a7/0xba0 [ 2587.299693][T27181] out_of_memory+0x111c/0x1570 [ 2587.304680][T27181] ? slab_debugfs_show+0xa40/0xaa0 [ 2587.310020][T27181] mem_cgroup_out_of_memory+0x46b/0x590 [ 2587.315857][T27181] mem_cgroup_oom+0xa3d/0xd30 [ 2587.320748][T27181] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2587.325969][T27181] try_charge_memcg+0x18b0/0x2110 [ 2587.331210][T27181] ? kmsan_get_metadata+0x33/0x220 [ 2587.336591][T27181] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2587.342632][T27181] charge_memcg+0x1a9/0x6b0 [ 2587.347335][T27181] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2587.353113][T27181] __mem_cgroup_charge+0xb9/0x2e0 [ 2587.358366][T27181] wp_page_copy+0x719/0x4310 [ 2587.363151][T27181] ? kmsan_get_metadata+0x33/0x220 [ 2587.368482][T27181] ? kmsan_get_metadata+0x33/0x220 [ 2587.373811][T27181] ? preempt_count_sub+0xfc/0x340 [ 2587.379024][T27181] do_wp_page+0xc81/0x29c0 [ 2587.383642][T27181] handle_mm_fault+0x43e1/0x47a0 21:16:59 executing program 5: recvmsg(0xffffffffffffff9c, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_RMID(r0, 0x0) [ 2587.388761][T27181] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2587.393969][T27181] ? kmsan_get_metadata+0x33/0x220 [ 2587.399325][T27181] do_user_addr_fault+0x11f5/0x1e50 [ 2587.404675][T27181] exc_page_fault+0x60/0x140 [ 2587.409402][T27181] ? asm_exc_page_fault+0x8/0x30 [ 2587.414642][T27181] asm_exc_page_fault+0x1e/0x30 [ 2587.419667][T27181] RIP: 0023:0xf6e1f418 [ 2587.423856][T27181] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2587.443644][T27181] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2587.449874][T27181] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2587.457957][T27181] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2587.466067][T27181] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2587.474176][T27181] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2587.482275][T27181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2587.490343][T27181] [ 2587.493653][T27181] memory: usage 307200kB, limit 307200kB, failcnt 15539 [ 2587.500702][T27181] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2587.507790][T27181] Memory cgroup stats for /syz1: [ 2587.509290][T27181] anon 135168 [ 2587.509290][T27181] file 313262080 [ 2587.509290][T27181] kernel 1175552 [ 2587.509290][T27181] kernel_stack 32768 [ 2587.509290][T27181] pagetables 65536 [ 2587.509290][T27181] percpu 0 [ 2587.509290][T27181] sock 0 [ 2587.509290][T27181] vmalloc 0 [ 2587.509290][T27181] shmem 313262080 [ 2587.509290][T27181] file_mapped 40960 [ 2587.509290][T27181] file_dirty 0 [ 2587.509290][T27181] file_writeback 0 [ 2587.509290][T27181] swapcached 0 [ 2587.509290][T27181] anon_thp 0 [ 2587.509290][T27181] file_thp 0 [ 2587.509290][T27181] shmem_thp 0 [ 2587.509290][T27181] inactive_anon 311910400 [ 2587.509290][T27181] active_anon 1486848 [ 2587.509290][T27181] inactive_file 0 [ 2587.509290][T27181] active_file 0 [ 2587.509290][T27181] unevictable 0 [ 2587.509290][T27181] slab_reclaimable 787624 [ 2587.509290][T27181] slab_unreclaimable 271992 [ 2587.509290][T27181] slab 1059616 [ 2587.509290][T27181] workingset_refault_anon 0 [ 2587.509290][T27181] workingset_refault_file 0 [ 2587.605599][T27181] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27181,uid=0 [ 2587.621746][T27181] Memory cgroup out of memory: Killed process 27181 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2587.687123][T27193] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2587.695661][T27193] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2587.716957][T27193] F2FS-fs (loop4): invalid crc_offset: 0 21:17:00 executing program 2: r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000000), 0x4) [ 2587.765176][T27193] F2FS-fs (loop4): invalid crc_offset: 0 [ 2587.771247][T27193] F2FS-fs (loop4): Failed to get valid F2FS checkpoint 21:17:00 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x1, &(0x7f00000006c0)=@raw=[@func], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 21:17:00 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:17:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000f00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="01"], 0x14}}, 0x0) [ 2588.358175][T27202] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 21:17:00 executing program 5: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001f80)='./cgroup/syz0\x00', 0x200002, 0x0) 21:17:00 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) [ 2588.460879][T27202] device bond191 entered promiscuous mode [ 2588.475553][T27202] device bond191 left promiscuous mode 21:17:00 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2588.838584][T27209] loop4: detected capacity change from 0 to 253983 [ 2588.918082][T27209] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2588.926200][T27209] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2588.929109][T27205] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2588.934793][T27209] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2588.934900][T27209] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 2588.964532][T27205] CPU: 0 PID: 27205 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2588.976290][T27205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2588.986473][T27205] Call Trace: [ 2588.989853][T27205] [ 2588.992889][T27205] dump_stack_lvl+0x200/0x28c [ 2588.997766][T27205] dump_stack+0x29/0x2c [ 2589.002091][T27205] dump_header+0x1e5/0xae0 [ 2589.006721][T27205] oom_kill_process+0x3a7/0xba0 [ 2589.011777][T27205] out_of_memory+0x111c/0x1570 [ 2589.016723][T27205] ? slab_debugfs_show+0xa40/0xaa0 [ 2589.022030][T27205] mem_cgroup_out_of_memory+0x46b/0x590 [ 2589.027824][T27205] mem_cgroup_oom+0xa3d/0xd30 [ 2589.032694][T27205] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2589.037906][T27205] try_charge_memcg+0x18b0/0x2110 [ 2589.043129][T27205] ? kmsan_get_metadata+0x33/0x220 [ 2589.048485][T27205] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2589.054503][T27205] charge_memcg+0x1a9/0x6b0 [ 2589.059200][T27205] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2589.064949][T27205] __mem_cgroup_charge+0xb9/0x2e0 [ 2589.070262][T27205] wp_page_copy+0x719/0x4310 [ 2589.075061][T27205] ? kmsan_get_metadata+0x33/0x220 [ 2589.080389][T27205] ? kmsan_get_metadata+0x33/0x220 [ 2589.085716][T27205] ? preempt_count_sub+0xfc/0x340 [ 2589.090936][T27205] do_wp_page+0xc81/0x29c0 [ 2589.095657][T27205] handle_mm_fault+0x43e1/0x47a0 [ 2589.100794][T27205] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2589.106967][T27205] do_user_addr_fault+0x11f5/0x1e50 [ 2589.112382][T27205] exc_page_fault+0x60/0x140 [ 2589.117167][T27205] ? asm_exc_page_fault+0x8/0x30 [ 2589.122263][T27205] asm_exc_page_fault+0x1e/0x30 [ 2589.127259][T27205] RIP: 0023:0xf6e1f418 [ 2589.131450][T27205] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2589.151213][T27205] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2589.157415][T27205] RAX: 00000000f6f50000 RBX: 000000006f9299b2 RCX: 00000000000019b2 [ 2589.165505][T27205] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863c4b4a [ 2589.173595][T27205] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2589.181681][T27205] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2589.189774][T27205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2589.197886][T27205] [ 2589.202103][T27205] memory: usage 307200kB, limit 307200kB, failcnt 15591 [ 2589.209167][T27205] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2589.216225][T27205] Memory cgroup stats for /syz1: [ 2589.217678][T27205] anon 131072 [ 2589.217678][T27205] file 313262080 [ 2589.217678][T27205] kernel 1179648 [ 2589.217678][T27205] kernel_stack 32768 [ 2589.217678][T27205] pagetables 69632 [ 2589.217678][T27205] percpu 0 [ 2589.217678][T27205] sock 0 [ 2589.217678][T27205] vmalloc 0 [ 2589.217678][T27205] shmem 313262080 [ 2589.217678][T27205] file_mapped 40960 [ 2589.217678][T27205] file_dirty 0 [ 2589.217678][T27205] file_writeback 0 [ 2589.217678][T27205] swapcached 0 [ 2589.217678][T27205] anon_thp 0 [ 2589.217678][T27205] file_thp 0 [ 2589.217678][T27205] shmem_thp 0 [ 2589.217678][T27205] inactive_anon 311906304 [ 2589.217678][T27205] active_anon 1486848 [ 2589.217678][T27205] inactive_file 0 [ 2589.217678][T27205] active_file 0 [ 2589.217678][T27205] unevictable 0 [ 2589.217678][T27205] slab_reclaimable 786584 [ 2589.217678][T27205] slab_unreclaimable 271896 [ 2589.217678][T27205] slab 1058480 [ 2589.217678][T27205] workingset_refault_anon 0 [ 2589.217678][T27205] workingset_refault_file 0 21:17:01 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2589.313901][T27205] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27205,uid=0 [ 2589.330058][T27205] Memory cgroup out of memory: Killed process 27205 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:17:01 executing program 1: socketpair(0x1d, 0x0, 0x400, &(0x7f0000000000)) 21:17:02 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x4}) 21:17:02 executing program 2: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x72, 0x19, 0xa9, 0x8, 0x471, 0x302, 0x355e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa8, 0x44, 0xed}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f00000001c0)={0x0, 0x0, 0x1, "87"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 21:17:02 executing program 5: socket$inet6_sctp(0xa, 0x235a3507cda976ee, 0x84) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x28c801, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000040)={0x0, 'bond0\x00', {0x2}, 0x5}) syz_genetlink_get_family_id$l2tp(&(0x7f0000000a00), r0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000080)={0x0, 'vlan1\x00', {}, 0x9}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7d81fc7f9cc20884ea2b03b635131542806861465d26550506f38594120603df99990c3a93ad52353927d90ca355a4282c0220fe00"/67, @ANYRES64=r1, @ANYBLOB="00012abd7000fcdbdf251c0000000e0001006e657400657673696d0000000f0002006e657464657673696d30000008000b00050000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0003000000080001007063690011000200303030303a30303a31302e300000000008000b00405a0000"], 0x88}, 0x1, 0x0, 0x0, 0x8041}, 0x40000) [ 2589.849145][T27220] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2589.868237][T27221] loop4: detected capacity change from 0 to 253983 21:17:02 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2589.927546][T27221] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2589.936819][T27221] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2589.945430][T27221] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2589.953426][T27221] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock 21:17:02 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2590.812932][ T8275] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 2590.813714][T27234] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 21:17:03 executing program 3: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000001380), 0x2, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f00000013c0)) 21:17:03 executing program 5: socket$inet6_sctp(0xa, 0x235a3507cda976ee, 0x84) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x28c801, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000040)={0x0, 'bond0\x00', {0x2}, 0x5}) syz_genetlink_get_family_id$l2tp(&(0x7f0000000a00), r0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000080)={0x0, 'vlan1\x00', {}, 0x9}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7d81fc7f9cc20884ea2b03b635131542806861465d26550506f38594120603df99990c3a93ad52353927d90ca355a4282c0220fe00"/67, @ANYRES64=r1, @ANYBLOB="00012abd7000fcdbdf251c0000000e0001006e657400657673696d0000000f0002006e657464657673696d30000008000b00050000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0003000000080001007063690011000200303030303a30303a31302e300000000008000b00405a0000"], 0x88}, 0x1, 0x0, 0x0, 0x8041}, 0x40000) [ 2590.859311][T27235] loop4: detected capacity change from 0 to 253983 [ 2590.949423][T27235] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2590.957456][T27235] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2590.966082][T27235] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2590.974099][T27235] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock 21:17:03 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2591.052455][ T8275] usb 3-1: Using ep0 maxpacket: 8 21:17:03 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{0x0, 0x0, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) [ 2591.173237][ T8275] usb 3-1: New USB device found, idVendor=0471, idProduct=0302, bcdDevice=35.5e [ 2591.182730][ T8275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2591.205169][ T8275] usb 3-1: config 0 descriptor?? [ 2591.215068][T27224] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2591.226061][T27224] CPU: 1 PID: 27224 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2591.237791][T27224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2591.247979][T27224] Call Trace: [ 2591.251351][T27224] [ 2591.254375][T27224] dump_stack_lvl+0x200/0x28c [ 2591.259257][T27224] dump_stack+0x29/0x2c [ 2591.263584][T27224] dump_header+0x1e5/0xae0 [ 2591.268227][T27224] oom_kill_process+0x3a7/0xba0 [ 2591.273299][T27224] out_of_memory+0x111c/0x1570 [ 2591.278269][T27224] ? slab_debugfs_show+0xa40/0xaa0 [ 2591.283607][T27224] mem_cgroup_out_of_memory+0x46b/0x590 [ 2591.289409][T27224] mem_cgroup_oom+0xa3d/0xd30 [ 2591.294293][T27224] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2591.299527][T27224] try_charge_memcg+0x18b0/0x2110 [ 2591.304765][T27224] ? kmsan_get_metadata+0x33/0x220 [ 2591.310131][T27224] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2591.316163][T27224] charge_memcg+0x1a9/0x6b0 [ 2591.320869][T27224] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2591.326631][T27224] __mem_cgroup_charge+0xb9/0x2e0 [ 2591.331906][T27224] wp_page_copy+0x719/0x4310 [ 2591.336696][T27224] ? kmsan_get_metadata+0x33/0x220 [ 2591.342041][T27224] ? kmsan_get_metadata+0x33/0x220 [ 2591.347369][T27224] ? preempt_count_sub+0xfc/0x340 [ 2591.352592][T27224] do_wp_page+0xc81/0x29c0 [ 2591.357197][T27224] handle_mm_fault+0x43e1/0x47a0 [ 2591.362323][T27224] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2591.368391][T27224] do_user_addr_fault+0x11f5/0x1e50 [ 2591.373729][T27224] exc_page_fault+0x60/0x140 [ 2591.378450][T27224] ? asm_exc_page_fault+0x8/0x30 [ 2591.383540][T27224] asm_exc_page_fault+0x1e/0x30 [ 2591.388560][T27224] RIP: 0023:0xf6e1f418 [ 2591.392755][T27224] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2591.412542][T27224] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2591.418774][T27224] RAX: 00000000f6f50000 RBX: 00000000f95166e2 RCX: 00000000000006e2 [ 2591.426880][T27224] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000863aa550 [ 2591.434937][T27224] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2591.443033][T27224] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2591.451131][T27224] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2591.459248][T27224] [ 2591.462528][T27224] memory: usage 307200kB, limit 307200kB, failcnt 15640 [ 2591.469581][T27224] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2591.476674][T27224] Memory cgroup stats for /syz1: [ 2591.478002][T27224] anon 131072 [ 2591.478002][T27224] file 313262080 [ 2591.478002][T27224] kernel 1163264 [ 2591.478002][T27224] kernel_stack 32768 [ 2591.478002][T27224] pagetables 69632 [ 2591.478002][T27224] percpu 0 [ 2591.478002][T27224] sock 0 [ 2591.478002][T27224] vmalloc 0 [ 2591.478002][T27224] shmem 313262080 [ 2591.478002][T27224] file_mapped 40960 [ 2591.478002][T27224] file_dirty 0 [ 2591.478002][T27224] file_writeback 0 [ 2591.478002][T27224] swapcached 0 [ 2591.478002][T27224] anon_thp 0 [ 2591.478002][T27224] file_thp 0 [ 2591.478002][T27224] shmem_thp 0 [ 2591.478002][T27224] inactive_anon 311906304 [ 2591.478002][T27224] active_anon 1486848 [ 2591.478002][T27224] inactive_file 0 [ 2591.478002][T27224] active_file 0 [ 2591.478002][T27224] unevictable 0 [ 2591.478002][T27224] slab_reclaimable 786584 [ 2591.478002][T27224] slab_unreclaimable 262344 [ 2591.478002][T27224] slab 1048928 [ 2591.478002][T27224] workingset_refault_anon 0 [ 2591.478002][T27224] workingset_refault_file 0 [ 2591.574412][T27224] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27224,uid=0 [ 2591.590440][T27224] Memory cgroup out of memory: Killed process 27224 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:17:03 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f0000000000)="84", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3a}, 0x1c) [ 2591.630309][ T8275] pwc: Philips PCA645VC USB webcam detected. 21:17:04 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000240)={"555acd231927418b03923b09587eb14f"}) [ 2592.038566][ T8275] pwc: recv_control_msg error -32 req 02 val 2b00 21:17:04 executing program 5: socket$inet6_sctp(0xa, 0x235a3507cda976ee, 0x84) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x28c801, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000040)={0x0, 'bond0\x00', {0x2}, 0x5}) syz_genetlink_get_family_id$l2tp(&(0x7f0000000a00), r0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000080)={0x0, 'vlan1\x00', {}, 0x9}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7d81fc7f9cc20884ea2b03b635131542806861465d26550506f38594120603df99990c3a93ad52353927d90ca355a4282c0220fe00"/67, @ANYRES64=r1, @ANYBLOB="00012abd7000fcdbdf251c0000000e0001006e657400657673696d0000000f0002006e657464657673696d30000008000b00050000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0003000000080001007063690011000200303030303a30303a31302e300000000008000b00405a0000"], 0x88}, 0x1, 0x0, 0x0, 0x8041}, 0x40000) [ 2592.082641][ T8275] pwc: recv_control_msg error -32 req 02 val 2700 [ 2592.126325][ T8275] pwc: recv_control_msg error -32 req 02 val 2c00 [ 2592.133274][T27243] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 21:17:04 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2592.203190][ T8275] pwc: recv_control_msg error -32 req 04 val 1000 [ 2592.243457][ T8275] pwc: recv_control_msg error -32 req 04 val 1300 [ 2592.283503][ T8275] pwc: recv_control_msg error -32 req 04 val 1400 [ 2592.325017][ T8275] pwc: recv_control_msg error -32 req 02 val 2000 [ 2592.372590][ T8275] pwc: recv_control_msg error -32 req 02 val 2100 [ 2592.412580][ T8275] pwc: recv_control_msg error -32 req 04 val 1500 [ 2592.438877][T27246] loop4: detected capacity change from 0 to 253983 [ 2592.453908][ T8275] pwc: recv_control_msg error -32 req 02 val 2500 [ 2592.544461][T27246] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2592.556077][T27246] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2592.564619][T27246] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2592.572605][T27246] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 2592.712571][ T8275] pwc: recv_control_msg error -71 req 02 val 2600 [ 2592.743198][ T8275] pwc: recv_control_msg error -71 req 02 val 2900 [ 2592.785635][ T8275] pwc: recv_control_msg error -71 req 02 val 2800 [ 2592.812322][ T8275] pwc: recv_control_msg error -71 req 04 val 1100 [ 2592.840174][ T8275] pwc: recv_control_msg error -71 req 04 val 1200 [ 2592.914166][ T8275] pwc: Registered as video71. [ 2592.921355][ T8275] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input106 [ 2592.960193][ T8275] usb 3-1: USB disconnect, device number 74 [ 2593.004343][T23080] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 2593.125114][T27253] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2593.223545][T27253] bond192 (uninitialized): Released all slaves 21:17:05 executing program 2: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000006540)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000002740)=@rc={0x1f, @none}, 0x80, 0x0}}], 0x2, 0x0) 21:17:05 executing program 3: syz_open_dev$audion(0x0, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) 21:17:05 executing program 5: socket$inet6_sctp(0xa, 0x235a3507cda976ee, 0x84) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x28c801, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000040)={0x0, 'bond0\x00', {0x2}, 0x5}) syz_genetlink_get_family_id$l2tp(&(0x7f0000000a00), r0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000080)={0x0, 'vlan1\x00', {}, 0x9}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7d81fc7f9cc20884ea2b03b635131542806861465d26550506f38594120603df99990c3a93ad52353927d90ca355a4282c0220fe00"/67, @ANYRES64=r1, @ANYBLOB="00012abd7000fcdbdf251c0000000e0001006e657400657673696d0000000f0002006e657464657673696d30000008000b00050000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0003000000080001007063690011000200303030303a30303a31302e300000000008000b00405a0000"], 0x88}, 0x1, 0x0, 0x0, 0x8041}, 0x40000) 21:17:05 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{0x0, 0x0, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:17:05 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2593.408063][T27245] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2593.419298][T27245] CPU: 1 PID: 27245 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2593.431032][T27245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2593.441202][T27245] Call Trace: [ 2593.444542][T27245] [ 2593.447565][T27245] dump_stack_lvl+0x200/0x28c [ 2593.452363][T27245] dump_stack+0x29/0x2c [ 2593.456634][T27245] dump_header+0x1e5/0xae0 [ 2593.461275][T27245] oom_kill_process+0x3a7/0xba0 [ 2593.466331][T27245] out_of_memory+0x111c/0x1570 [ 2593.471286][T27245] ? slab_debugfs_show+0xa40/0xaa0 [ 2593.476618][T27245] mem_cgroup_out_of_memory+0x46b/0x590 [ 2593.482407][T27245] mem_cgroup_oom+0xa3d/0xd30 [ 2593.487422][T27245] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2593.492580][T27245] try_charge_memcg+0x18b0/0x2110 [ 2593.497832][T27245] ? kmsan_get_metadata+0x33/0x220 [ 2593.503202][T27245] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2593.509145][T27245] charge_memcg+0x1a9/0x6b0 [ 2593.513799][T27245] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2593.519477][T27245] __mem_cgroup_charge+0xb9/0x2e0 [ 2593.524656][T27245] wp_page_copy+0x719/0x4310 [ 2593.529449][T27245] ? kmsan_get_metadata+0x33/0x220 [ 2593.534688][T27245] ? kmsan_get_metadata+0x33/0x220 [ 2593.539949][T27245] ? preempt_count_sub+0xfc/0x340 [ 2593.545087][T27245] do_wp_page+0xc81/0x29c0 [ 2593.549635][T27245] handle_mm_fault+0x43e1/0x47a0 [ 2593.554725][T27245] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2593.560795][T27245] do_user_addr_fault+0x11f5/0x1e50 [ 2593.566144][T27245] exc_page_fault+0x60/0x140 [ 2593.570955][T27245] ? asm_exc_page_fault+0x8/0x30 [ 2593.576071][T27245] asm_exc_page_fault+0x1e/0x30 [ 2593.581107][T27245] RIP: 0023:0xf6e1f418 [ 2593.585268][T27245] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2593.605048][T27245] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2593.611232][T27245] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2593.619280][T27245] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2593.627331][T27245] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2593.635424][T27245] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2593.643688][T27245] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2593.651807][T27245] [ 2593.655110][T27245] memory: usage 307200kB, limit 307200kB, failcnt 15683 [ 2593.662280][T27245] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2593.669242][T27245] Memory cgroup stats for /syz1: [ 2593.670578][T27245] anon 131072 [ 2593.670578][T27245] file 313262080 [ 2593.670578][T27245] kernel 1179648 [ 2593.670578][T27245] kernel_stack 32768 [ 2593.670578][T27245] pagetables 65536 [ 2593.670578][T27245] percpu 0 [ 2593.670578][T27245] sock 0 [ 2593.670578][T27245] vmalloc 0 [ 2593.670578][T27245] shmem 313262080 [ 2593.670578][T27245] file_mapped 40960 [ 2593.670578][T27245] file_dirty 0 [ 2593.670578][T27245] file_writeback 0 [ 2593.670578][T27245] swapcached 0 [ 2593.670578][T27245] anon_thp 0 [ 2593.670578][T27245] file_thp 0 [ 2593.670578][T27245] shmem_thp 0 [ 2593.670578][T27245] inactive_anon 311906304 [ 2593.670578][T27245] active_anon 1486848 [ 2593.670578][T27245] inactive_file 0 [ 2593.670578][T27245] active_file 0 [ 2593.670578][T27245] unevictable 0 [ 2593.670578][T27245] slab_reclaimable 787624 [ 2593.670578][T27245] slab_unreclaimable 273600 [ 2593.670578][T27245] slab 1061224 [ 2593.670578][T27245] workingset_refault_anon 0 [ 2593.670578][T27245] workingset_refault_file 0 [ 2593.766852][T27245] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27245,uid=0 [ 2593.783085][T27245] Memory cgroup out of memory: Killed process 27245 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:17:06 executing program 1: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000006540)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=[{0x1010, 0x0, 0x0, "26952a6d945d43062a86f704d51e9e6eab30f4fcbf807e55bd915967228e71bfc8703d8a4e0b5e82d1b21e444210267fd362a241ed72e46f99f332f8818f47bb42a0fe30288af31b9a5e58fc4b8ce1a1b777938011feaf9ebdbc69fd3327956d41a72c89a00aba1ca294760c1475b129391b6d8f202afd3e4fc70f077f9a048239aaf346fec6573a27f8cfc49ee399d8667f20af019eed94c4bb8ee0fa6185cc0b63c9c2e976e83a75c45dbcf5292d3d95d7f3ce052a57e56feff26269084c4098cc96082e43038bd2db01f5f10e1db74705eabca2ca6d3712864eaea81d761d38fa0c774b836b3a576b33253b3b8c234922aafb87dfd7cc1c1d2df27c8b18b8af7c573c26c4281ac65b73c4be8d5d488f93cde12785ac2e98f5093d6a7f37c6ad8fd8b412ea25d6a592e902daeecadb2d8d14f78d1a12fe5f7f692ecf04b00f7f8ac7c72e6b223c4721140343e6b5160ac10b9a87b5324982da6958ed5f569f7b9701b30d45a2942f4c6da89e6db422f135ebd7d18bbf710c71d5c6699a96a434778f493f2f30c5a9df4cddeaa787ae7eb84507e9ad7a4b540f4b7f96831f402103f537e7c336adde14b7a22b870753a36dbcebe0e227a54e0448f563a5b2728023ac382f7ad7de2089960659a0d9321e0c25aac46024858cebe0d75cc0b9a077f987c0b8d8c5056bc5aac39355330d35de00623551f9dfa3c19670b2b48c11880545ab6a8e08c89abfba252b0d4113e677f4a0e681d8439c284068909d6b373dabc196464b5a68653fea65f631c50ae0be8d321de4617816d79f0ffd75d1926b89d6c1078b4c77a7d091fc2dc1f26634ad49411300ca592bf6d983623a3fdcab342f9ff7cbbb5dd079df3e778ccd02cf7093c1338c9b5f2589b49036102d7c922ec039e22f0e91232bb518d790196907d6b97dbc239fcab9dbd7cd6d3263ca4e7ce96d91dcc814a9ac0c960b7725d7b8b58406359761f46a4712eacac0f548fbcff65cf59affca39c4115d6a15cfeb8eeeb2cc632cb926a6309016a05d2312dd125224701c9b4c7d5caf7ebbf699201f98a8885ea66c8ac1f9a6a52518213f70ffa1ead91d8c6ea4017e8b9ae0f222e87cd44bd6c27478b88c22232e784dd9df7d8022e4e90daa1f9d1d3276ad54b23c27686360b3836defb4ee92826d4efd04ec35d8b5891fb8e349fcdb4b89991bb515855da1df586894d5c30d874679a1e38cea70063b1b91b59fba9810bf82ce6f79155724a3f95352d9b749bdaf527a91a824a5ac596241f20f8b8e7f01eb5a0aa7254e54f52e6e108d5a851c87a098f3cf9de8e8de5fe6eccede1bb422486d8c5a167022c4264bef1205f9f56216a06eb968914cd82b9041d8efb1577fe3e67ee6a6c8e8b50c0b3b0f8b7af700ba03631e38f2fc94f26205f20e7bbd280ca1cb22193cd2eb67ef5cc8db4602db37ba2314cf904b95544a9f789cd12c2c6cc4ac2ceb81cd01c3da72ecf6e2304c52724595b403c6ada095014e937bc408ab6ce605274483086f9a9500757af3304dcbacc4e8203b25b9ef33997781e8b67a84dc054f6a2aaf68c37a7abaaf8fd79a2120fac0efeca9a8f2274efaef1bc9596019d72dd0f2de7fb8b9f6074b357cf7c07a300f5ca27f0b5e933c3fae7a82b933391eda418a0dd27818921e8803519456e3e0682ddaa06cd53ea28987470feed5463c10b0e8b3388bdcc6514055f4fff3a2bbfa0d3bde21f6c4ce517d86c364e610027b9c1de7375019f56826c185fc76143f2089f8f6473036f128620a1069c2da1c9bf5159b5fac3dddc07bad20f35b1eb48fab189bff109c695fe6bd27b2ef6fa71b0527ad89be92b162679121756794a389e11ccccbfd9f834a61f8ff38e161f86118307fd446c5916434d9e81b897e382998601e55ecf6457e31708c506d63544c46c7a8b07be9d93e9d9a09f5eb847df02888b61d0dc4f905548f81fa839ef54697b16021607f4972296768a239de99f911baff899e56d6297ef98a2e34e8e3946f0f26edfb1381cfc11bc980be206ff690cbaac6b6c2156d69119c6c4a6c693e0a0c320900aa02af11cec0b0d16130ad17ec0344ed2a975e6200d8c36e6cb8121fb1343174d07c170e2cd83ef58e35a727f680292a60a483e728acdf061d3a8e747e276457bd907644eaaaa95d91780484d375814b7a1cf8749ef58e7fb53424b2703ee6ee23a1625448d4c721a9d83967dd523dca968262bae67407f44e3b6b729728d7070c2bfe4161b3039bff9aea5eac23e1da39d30c215de589e6ab9874fc83c80db2b4d18b800da747738133e498db1bf34ff386ab6ac906cea21870ffbd2a4b9190fabbdc36a1e2f4401852f90c4452f522ae12c5373112d5883f05de7d1a29991f9fcb511cae4755daf8d003cf95c91520948a02b777954e5dc46fda203f346d41307dc4fd41acbe8d452d582ab3b424314fa5f1cada2721caa88e009ff66bbbfde332e393def8983e9e7b14b59fbd93c5b10f2a9290e60c771369773234c8f841bc7e2c8738bc03c3e685686815eafca3f94718bd54d87fef9aa229ec370b015e11cb5d4e699de8313aaf4260909135aabc741fe817acbbd8232475574f15a356c0fea8233fe2eb1c336ec46468de590ef9348d0852cb75ddb79b8f00f90bcf1eb7f94fb9425040a79b3b448d9783d9a91b13b749a7c096b61b9d390b4565d9850056ed3c8c3f6d6245a2511b89f6483114441cd436d9c356387a6b298b1999bbb412469e1f4c9c54c1699e3f9b6f158f641dfdc1a8ffb4b92f4516cb784644fffad3279dc16c81d2dbb49862d75d41323a36d1537f3b2f5c828bc40a8bd515a37ac2cf58337d61ff64a2a0bb9e7f0a11d40cb1dd1d0d2c802132eb24db8cb8a64680d1455b11a52ce70afa42dcfb7ebb572ae83e24a4066f2c2590759a1eeba7a5a959e67e05aae11f47b915f07bf92cf5702d5e262c0b55e94dcff394c1060527d4834cc156a24a0ecb4c6bd7783f03fb43e6d0d01fe90857c2e3438bcd35169f6f7978b3fc290755bc1f62767b57493ab06eedaed1cff6dcbfedb4cc7d72fc4b7e68001e6fe1408f5504175e83306f076311d4b19433bb9db114e84461fd555c13867e873a75c3f023d8174d6cf3d28fc033a384a93247ec36652207a922ca60f09e0a69ef7336ec14ddf2e66b953885a53ef1a38f0f9942da72c3ae68ee3bee166c7235747c48af7b97095d81f7c3b640f9006b0906a005421fbae4379fa9dd26295f2473e72450250281eef1ac4d31493749dba96e6a9cc12b39764a3caf381b2729ebe2324b9c854f432abf4f3b4d9674340ea0cf527020e7b080ac79dc5ed9040c56bf6aaad1fd026eb02887b71551661432cecdb6b485fd8034d0bafb8228cb1f8dd3e3d08ebf2af82d88712f5eb82dcd5033ebc3aa7ea9566e77d9691498ffd78a97020aa61e207d4501282f716a6780acd948056405ac542c01daf06eb08651b69cb1672a62157dc69d6ff68aea1cd949fd172d5e7f23d2231c8babccde7a76f4c451cd8330c4fca6e1533dde183a45ca00a68ed326202357bff1968f72e1ca3110f2543b93f6fbb9f79a037f0aeaa34cf9cab4c21ba52222f63cabd5fddf194c075dc809a482bb2afac604c6dbe7d15fd92d166967f07bc732f1a62059e6f8b55c7c491f35240396b77c77e5096fa6651b3fb4d76190db183f62cafd1cefa8b26f9f33f510dc852f8abd4ee90fb6221982408bddbd22defa69cfcd37e697c225d8fbb4c0aec8d97cb38b11256a67efc4934310f51e34c417193016d9b79eacd2fa140b0b639499d267a3cfd942f6250496edeb577512b53f4c074f04f4b728d64e2456d0b07084cc6b04d534558157719fa508290da5a14bfcb40f660362cfd573046de97de29a4d7a66c55b3acb2947c3bb2e8d71e4917a18de9fbb471858b5ac4036e4d83d7ea6872ff8f9a046935f65cc90064f7c3b5cb74df616068972ddc2bcbbd89b32f28f15c8cc6c09a163c27f4f4aff6fc68a654cc527f464e551c1d2101a2b4759d6e65d6b764b5e4a8a88c5f5be2491f8d36c85f36b8d527ca51be163ef306e6aed5c1002180af71d5ab1b810a57615cac1bdcf339b74126fda9500a791b1e03f10d0a7b600176f2f726b93439876ece73f23b862c42d4d9452d2f6dfe09645615e8366547dad4decad4ca24d842cf21314454b4401a8dd4e4ce56f40bee95ae3c2ddc7031ca06b08eaf7a404d8dbcd31a554866786fdff750e2b546f33c85406d329bc2c13c793d1b302c136aeec92d3511126e37a5d5a1256c049ce614cadef2a93a2484f0922c7c432fdb1a53b912c697f80789ea980f2fd3010cdf6f21ccd43d8ccadd7e032dfd36ff5ef1a3bfb6d560f1ac094aae67f9528144dd37ac36b6c6bb889a43f2eaab0516861e3404b6bb195d7f3fae92d287c9a7a1a31521a8cb2ca0688737578f5c99ee596260ad6918ce499bcd716ea116a620e811a49f8d1f4bc84d3fa765ce4ceb4c31711f8a15b0743c24ed659fd68e5cfe8dd62ce9aef7ef7a02f47ce9cf4fa6d11abb64126207a9de630529a9cf59e1decd542940877439e039a2e115fff67ce25fa1d7c0b39de2cac943b03382d2ec2f359c586a4a7ae58e0988df164ee39a26e646551fd191ded59d205cb6640a3ad17cc4212802ca6b9b5f6bdbd548016ecae3525d65e632f779af14c44c14b9e1356538256ac15f9d58456acf32ad7639dd519f70498bd183f8ddb14db4202b4467362d9971d96bad175e01ccf760fc759e342db445f55e685495744eb57875f5c929f45bc7dc91139c5d0ec9b30c188e1660b2081cf56e96917fc9f79ffebd28b5ba16ec13dc920a2ac6528e1b74dd4e9b25881891082364081abc85f5caea6a1c4dd425852774264ae389a34a487f0aac5a602f4c66d5c03ea0bbd9a4b410fdcd101db25ab147c8ba0ff3b4ab8f7a6572d914c585ec93412d29e0e40813a956875b6acfdbb1b0a85e2adacaa32aa99c2068bcfb26ee3cb66bba4c5da85b7c130824efaaab35c9d8441d77f53b7138c45fb9bf934269571f2feb79f9b0ca066852c6d1e80ba2140f67ab792b74dab4242182f2f4f88516a7f3d0a53ac683902b70d08e24b0b6ce6d46ca0a2a8acf605757c224f6c6b6fa7e1b4f03d77e2ccd01027448f89348ae888cd996166b31cb95d0e37dad6e8e74892b1637a6c8d2ef298ae5dfe3d4e122fb516efddd159d25ac87b76dc6a2e93d83a6341100f614c76e83785d344f57ceeeeca26ebf70a0cff0e02a81d8ec4040d1958a922c75d20226bc4f6f91d817838628c5d81368f14e0f572f80bb2b638f816477815255b2259b5d947db44295385b9e5cd156b254fee588086af4d59c25eccd4b806aa13187a819f68596aa2edda6b96037362cf7f25d2db388f21ca2dfa83b594721b485530781b3e3001ac6a34748c2cc8fe9a746f8c804ae929ba984eed8bb6bacae47b6d359cddb6d3f736aa4a18cafbb89ba2db711c725ae064285940a7716b09e850a41c42bf34d09812285cd872ae92f8f8b87f464d1beeec6301827a19dd22b1512f10b0908e87ece1bccce85e57a444f1cbc7b2a56196fa6752bc912bca20d40d18ce2b550efa00e9644d1a7f11871f28a5592a12ca339adb0237460e11427e696992ad47649a57d63dd2ea44455389e5018977e578c8736ae2505f2bd7802162a03c96e1b9487bd6dba57b7059cd732f0b0b0e5ad1ebc75f940764ae2c7119cbf0b235c3df02c49b270d056eedab3104c23f28a15d20d7fef0c477539dbe"}, {0xff8, 0x0, 0x0, "5e0a67968fcbe17c07139b6d493830dde4422c48a545c41e309a3761ec757e3d73c16b8f24b7c29d65efdea581705cd25dbf171c0d3c01ad9b1726c4231c74969fb83bf35b650a042613770dba325e7ee5ec64cdd5102d5a7c390dd12bcdf494473fdfe016d95661f9d73c0bc0de46a8d9d094f06c03e13bbe5d33d37616da8395f07ac17969a8cb193e58f7f353f039cd9eba9cfebe8264cfd0a775c55f38c677ca881e4d81a068ef3664b1d3817b7eb0e67522c7daa220f83f3cfd30537b2a1cb2724be8dc53103ee78c80ba19e9174391e19fc768b54e5e2d4fa5367d19d9f35a5351a406d2b57fb728364bcb5470873621bede9910607c22f9892cd284d4ceeedf6914742e5d00129916394c6ca486a6e6acbfe2519a62d42807929927895d6bf27aa168a390f2e9a1e17404f0ffdddc1bd63211912e336862407500952fae964f38e73a3785622f89420d784dedb1dde93da0c59a7e9153dc76a82ea1eaff2fd68d876e5e1ae532f4d8b5a73b2a3125f6b3d74c83a17ac4d3f5a762b9b7c44b2a7455955c21e230c83dbbc6baf7c654254b5a8c9205a38beceaefec0c6f7f1ab9a88862c004dfe9aeca27178e487707580f0b2f3e6c514e8d09f5c44c433055480c1d2e2d5fb1240a5cd13e6b495671c06c4cd241a12bbef8139fe3bf4342555b1539a26aed946c3f9223a0e6ac873bbfeda87a43a59fc4fc7bbf31cddee76cafea32497b60c0a7fa79ab8f73c06aafa828e5ea4fd4d9716c6689685878b2e077d2741f7658ff110099205e8adabf214bf43f3c8fb19660d74c1378c730277f3a3bae300256a6870520e4535c8c0366f48b6e2ef3d209530db455fc26abf8197478088142a1912cc126aed80b862d2c777bd34c8c8eb41d93e14e34e5afec9db51a6a9ae9e891586a546503351777db6837b15742f83909f5eb59305c59af014880b16490b9181a99a61c4e6bf25be3e78fb8b5bd3c3eecbada971bacd68857e86fe8619138448e594de73c6c2614c546b40fff6aecbce5f78073acc2013ad1333ad6f59d5ae083b5ec678f1c8ce1fcf15ad3bb073abd3be104f15c675d760f590d6f48e332db0475cffc3baf7dc55d8f76c5d46974a0fca52bcd26ba8f72ddfb910438fb8ebc66f2268073809b09947f3e3a296dd4864eb637163a387d351272f0fa11f10f68be97221868e84e66493e19d5be917f799f1132f369272a7be2d009009d8bf4e5a2694700c2a1ac51dfc5345a591ca575ba3353bfd66269f21fa619e376dc7f7856fe08e63e33c38b0773e72cfcc91d50f498df55fb33e3adc7144f72e8dda527c34b0264a71e0e37993ee8464be2220cf59141d5be386b2231716ffd16d0a26f33c47081d246ddfb7e0abfbb6c030bfd178300b0a1f331713f3a9b4a6c214d1c8522b3472da388565f1c8dc668fa41e6cc6da5d874fe9ca69ba47abc93c0e6236c05091b80a5de65cf1f653caeb53580690e6a94497fe0d30d69aca4f2331b98ab59766939701001324a486345da264db479910a3fb7c2f164aab8e1a5160141c5e1d9d7fde6bfb9f4001b6a3eb691d364395653e646d0bb16337062511f51277319bcc1672992d9230ab5f44f7265665108f3b0593a548dc9b13953d1b21bb6765354b24ab0218a3d13e655732773e04fa21180ad6e5b42c64321172e536fa456147d33b187364aa252837e66bae6f83577a1ff8b521728ac11476a88ec744ecd1b3f1ae14466979aac44bb8aa584bf031412a46681327ab199755aa5549464686ce904e5b86b0dda76ebf38d645a5611717ce4a487538a9ee0cdf15722135c7f738af344675a808e2a5d2f79d0fed2de469d25c7562d364d3e08c7cde6fac3dab6f6a6006f93a619c279ac0fdef000902ccc232c3aaae1356c203d00a0baaa02a1e12126cc98bfe3be7d74e9dfd43d23cad2353f5b5ccf130170644e7092954934369203630b2d4a8cf845ccc5c04ecc9fe6e37cf79c6fd5b40feeefde2ecb5878896730f543e90c08ec63c1a6386a6cad6a8eeac8e533fd2d0ef746828f317772bb7969fcd5a581df18dfa9adcc0eb68808e65bdb02181aab5221095b9f89617d7763a137a4f7eee06ca1862e612f8221db167c4a36853eb390bb980a1ddbbe0bfa51d8290d3aed98c67223c2a588fc47c1e437c966322229e9d4d0328c1da214d52303b3bfecc8872618d4792e08edc148482caf898cf2fe2874ff1c3f31974ec7706ba552ac410df974cad9e41247db66979a32e1d2e0b50ce6cd5cfa75224373f9c6b4900afdc233893741878718a87a5620c27334645e7b1134cf0340432ce553da1ec12bef783e1e1a83f1fba4b3c87f11e4371897f731ea79e85e6ba743081f538df8cfba1d1755c9162be345ea82c81ef3e7a893c5ea917ac2e7fe4b46856774aa81da3419984caed756f46bcec5a1c03ab7ebd9f2426afffad44027724a6f0fedb52523d09fa2936ec1f192552dd19ef5c46ea828343d53a2e4d782d7d425c69ed57499250803e30bea6d7dd08ca8bf346cd37d0eb0f5c59267fc9d7a7b726b6d130885a5a7508eb72ac294441361761adb6bfd10f1af0549c8fc242ddc298c9247243937bab21984dc4246aaf32ef29e1f0446b7679fc95f3d4c7e30df4c4f0640bb49cca9994b28b20ce69f281881193e2febcbb48aab4b9d07faa29bbebe7b43025fc28ef5e232a2e187e051adaa08540e69f73f0b051447ccb29a5ac9efa58a51da10a340c969e8ef977466345afe6e2d3cdb5a18f683c12e84260ba995b7b3ca67113ad3704f000ac81e7cc4c3d17a94dba47de6bd406d9f28a161c904cb670177d1380f30bf49a1df0e55c767ac5d8ada33be8f81c1391a691bbc5dc6e1ded177948bf6e38c0c5185ed65beeeabd1d2a1a71c4f86733d62df394af5a494d9eeb396ee59a292a11d85a660d64e6e862eb4d8c7b1ab2e408c3f0ca7b4981b12c94c69b278dd66784a1eff435874c31786d7c9f252bc37609a4d40fbcb58ffd80d9c0c298b616ee73a9440141715b63962e533a07acbd7465520bcc22bcc400607b712e48803da548ac842ebc76d4807350087368e122164392f4f51bd52fcb5951c636b09e5e9268ea71931f5fbd0786b07e7f7719cc4de0b330b6e2ce9eb096cf06f64925a7d0ad9d6fe7d2c6c08eb1729e2236ea373904337ae7157e284fd690c19c3976aaf3c1152f12072ae3ce4fff8a9bcb1f78e2bf0e4e82da954607b17a7f28887a6aca57e04ebe3da51ad897297612606b9cb8a57970a55da696f8506ec3af3cb27dc68a830a5da0a2f5c80b2e0f500ed5477d2c88fcf1670c40394aafe537b5a206d1fd2e26ddd45aa5d89baf181a7051ac23efb21f22509f64937b1abe0cdd65ea7a4de6ad9e8ba00c5d3551b4c01ef1dc96b85b40fb3808429bebe088d832f31f69adb99341d3946a7ac0318a9c1e9d1cbd778b7a46c7859b56c406cba3a4f13ee64aae3227d435b7200fc4c840234682335a5be866581fb3c8bc138b08042994fd0c5aa5b23ef46271af438a4f910ddf884057c72bd3ba7af0a4ad9b7d805a145551724895b1b5f379366604c25c8acb17beeacadba0f18398dbf0f9ce9851be07dc2644a1d88a7c38eb7f2020a7e0b67da29a5109579920478f183d1359755b9d6527613cf18abe40461aa6921b00c957b9149916edfd6975ef884180430ad9d18b2d7e5977d1c218e6eddbde3fc1c5a8889ed9ecba427882f014f7d778b922713c4e887b114b5c81cd958c83053499b098417b5cf8d4fd9b387eb0aa6a481bee6f02b15e501ee0b587397cf3e2e5e7283dae841e9b6545871f86dca219f504a16f578fbfde13b713b44095e0df7877389b2ebdeeed643347f9d09750f64a3505dc9e5d39d7b38359e71f4d82a4c1adfa5f1816d86ef2f4c2fd2061c2cfceb31834d4867392b84aee40bd21045ea27067f85667646ae1815ccafcacc550bb1d3402208dea3b6e090a494a6070d864af9ebb1cdd3760673b02f7e26579465fc1640b128233c01817e1ca1d3a640d90be5fd0d00e76ab29da84d117b6d018b5f48a7ce826a041d1bba9657a140cafcbfd88efc9a058eebdd98393560664589a8c1d98d75d1791c51b1fbc762768330561d7eaace3e621b833bce08134c93572fb1433a29f1bfffe9cf8c947cebf8fa1c548776c04185a90582b656c6122a5f9c7d446547c5879313de13637a15d03c618e4538e89d05f42b7323e724d7356b9e2b51f48cd499ee9b16899bea0a652c2d0ed512d8985422a5f6f3a7fe77085c43b4bb3e269fa6cd97db50477bc805fec7c2aa3af2b4df93e0f0ef50c60c5f58d88bb063a7e4b9a22119111934cd00be2ee778ffa96d5f9ff26b52dc452749a6d61bbf960cf1c2bd2e8ea567221f68725d801cbc23e55fe4b08cc8f658acabe11e60fd22975c02cae9300fae5da136ae3ddb37537b3d791d56a979a6f38ac6e5dc3c9bf347b88d36ae6b4f2c386be551f083eb7e9d0a4a0b20c9a27e99980dd9e92d70f4be9e570eff889d797235fd9fecaa428ccc98d0959748c711ad811ca59735065e5b57bfa2cb93f19414a90f47b924063204126aae1c43df63e0f1a0626374522ebf9ab2babc474c7caf552a7e06a7b068a95c61e9c84f9e75a590afe6eb14fe0127be9a432efd6a8b773da666cec68fa3801055fb2509d4be119d675548ddb82236ef961b051c35f9afd303e7cb623e9c4296bbfcd6a0b61a8f4331a40f8cb15dd347e997d491dd46b56f7363867b0d400493e1f20a5e60ab834f1c53a4e0cd64245c11e39395989b069d96d3e79ee56398dd0b1be0b6e0da7ab3ace7817efe3f311ff35aadfb3d20ad001111dfc7ee68c6bdbf00e7deea7684cdd0e168313414a2da0bcc8a3d6a7625d97118bee73b71dc2851f4b74d9918e674c15de79478c5f6d0b5eb502e9f6852777ddb7e2532a163ea429d3a04c952fb5933b80992b17b037d2fbb60170a42d96421f77fe21e216c22b536f68b5060c842ac593049e2d959685b4bb855e41a619e8bcc3b728abe43ad689fc6e554309ea29c43e4122bd66907a469d9396c4ed3e1d9c8e38e15a0c03be3c18e28035ad0e53ea2121c56cb70db855713603ca125f4705fb2e49e8af6276a8e8ec839dbbebdcbb61842ba33dfab6079ce5ba5db73894ee4154e1bbf1903f0f2d482e65ea866f56f5f98018d4852802c34f2cf14a77b71dacff97da7ad91bfe6c6ffd78347f7a7e72c9e5efa5a887bed8e8c450c96ec3f2e6284ee57fa01bfbc585333c322d1bb9078bb09d2cddff33b24c6fbf6ba1c22fe381fe7f40270ee0b95cad492f3195d591819187959f021f1088a3101bde0ab233bf4114f864e894f850396a3dae63d0b24efd7ddc0c330b4be9304c395c6e1990373d6ae712afef3938066919c7d43220241d1e615034f3333b77968daade95567eb452fe9d3b6c0acb89c4c4074443d3d36bcd53a72f6a008dba4b2affa634549c385ff27d2c44ea6b1d5e131d5db5c74b1e6c649906a998bf853b0186524997da7e53a4435a68682a219b778dbde97c2cd7151afaf1ef50e097b9632ab4dc1d19d344423034e56cdeb0d5e58d91f8067815750ef96299377a3468df2ba5b2e6239df638d3b7a854cee37c95cb23fe40e2fe812b40be55252f1ee3960b8a4a22f5d1fa2b0d8fad4f104a176a96604a37c365f1913f5ca9c07d2ea8293042a3c210682df3719f008cff200b5ce8ec213557009b32a921a138df079bb"}], 0x2008}}, {{&(0x7f0000002740)=@rc={0x1f, @none}, 0x80, 0x0}}], 0x2, 0x0) 21:17:06 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x62) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0xc400, 0x104) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0x101000002) 21:17:06 executing program 5: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0xdc09bb541b90b7fb, 0x0) [ 2594.565632][T27265] loop4: detected capacity change from 0 to 253983 21:17:06 executing program 2: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000319000/0x4000)=nil, 0x4000}) [ 2594.639230][T27267] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2594.653343][T27265] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2594.661255][T27265] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2594.670466][T27265] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2594.678551][T27265] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 2594.733261][T27267] bond192 (uninitialized): Released all slaves 21:17:07 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{0x0, 0x0, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:17:07 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000001ff0100000000", @ANYRES32, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2594.977974][T27264] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2594.988737][T27264] CPU: 1 PID: 27264 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2595.000477][T27264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2595.010668][T27264] Call Trace: [ 2595.014046][T27264] [ 2595.017073][T27264] dump_stack_lvl+0x200/0x28c [ 2595.021958][T27264] dump_stack+0x29/0x2c [ 2595.026281][T27264] dump_header+0x1e5/0xae0 [ 2595.030923][T27264] oom_kill_process+0x3a7/0xba0 [ 2595.035991][T27264] out_of_memory+0x111c/0x1570 [ 2595.040937][T27264] ? slab_debugfs_show+0xa40/0xaa0 [ 2595.046256][T27264] mem_cgroup_out_of_memory+0x46b/0x590 [ 2595.052039][T27264] mem_cgroup_oom+0xa3d/0xd30 [ 2595.056916][T27264] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2595.062129][T27264] try_charge_memcg+0x18b0/0x2110 [ 2595.067445][T27264] ? kmsan_get_metadata+0x33/0x220 [ 2595.072797][T27264] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2595.078804][T27264] charge_memcg+0x1a9/0x6b0 [ 2595.083492][T27264] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2595.089240][T27264] __mem_cgroup_charge+0xb9/0x2e0 [ 2595.094473][T27264] wp_page_copy+0x719/0x4310 [ 2595.099244][T27264] ? kmsan_get_metadata+0x33/0x220 [ 2595.104550][T27264] ? kmsan_get_metadata+0x33/0x220 [ 2595.109896][T27264] ? preempt_count_sub+0xfc/0x340 [ 2595.115131][T27264] do_wp_page+0xc81/0x29c0 [ 2595.119759][T27264] handle_mm_fault+0x43e1/0x47a0 [ 2595.124892][T27264] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2595.131082][T27264] do_user_addr_fault+0x11f5/0x1e50 [ 2595.136520][T27264] exc_page_fault+0x60/0x140 [ 2595.141303][T27264] ? asm_exc_page_fault+0x8/0x30 [ 2595.146406][T27264] asm_exc_page_fault+0x1e/0x30 [ 2595.151422][T27264] RIP: 0023:0xf6e1f418 [ 2595.155603][T27264] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2595.175372][T27264] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2595.181579][T27264] RAX: 00000000f6f50000 RBX: 00000000c9562e15 RCX: 0000000000000e15 [ 2595.189669][T27264] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000827e4f6c [ 2595.197758][T27264] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2595.205843][T27264] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2595.213924][T27264] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2595.222037][T27264] [ 2595.227417][T27264] memory: usage 307200kB, limit 307200kB, failcnt 15739 [ 2595.234777][T27264] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2595.241753][T27264] Memory cgroup stats for /syz1: [ 2595.243302][T27264] anon 126976 [ 2595.243302][T27264] file 313262080 [ 2595.243302][T27264] kernel 1183744 [ 2595.243302][T27264] kernel_stack 32768 [ 2595.243302][T27264] pagetables 69632 [ 2595.243302][T27264] percpu 0 [ 2595.243302][T27264] sock 0 [ 2595.243302][T27264] vmalloc 0 [ 2595.243302][T27264] shmem 313262080 [ 2595.243302][T27264] file_mapped 40960 [ 2595.243302][T27264] file_dirty 0 [ 2595.243302][T27264] file_writeback 0 [ 2595.243302][T27264] swapcached 0 [ 2595.243302][T27264] anon_thp 0 [ 2595.243302][T27264] file_thp 0 [ 2595.243302][T27264] shmem_thp 0 [ 2595.243302][T27264] inactive_anon 311902208 [ 2595.243302][T27264] active_anon 1486848 [ 2595.243302][T27264] inactive_file 0 [ 2595.243302][T27264] active_file 0 [ 2595.243302][T27264] unevictable 0 [ 2595.243302][T27264] slab_reclaimable 788664 [ 2595.243302][T27264] slab_unreclaimable 274488 [ 2595.243302][T27264] slab 1063152 [ 2595.243302][T27264] workingset_refault_anon 0 [ 2595.243302][T27264] workingset_refault_file 0 [ 2595.344538][T27264] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27264,uid=0 [ 2595.360677][T27264] Memory cgroup out of memory: Killed process 27264 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:17:07 executing program 1: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) close$fd_v4l2_buffer(r0) 21:17:07 executing program 5: keyctl$clear(0x7, 0xffffffffffffffff) r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000140)={0x0, "fb3c5102400ff20e7ef681cbc9b23f36c5c67fdf06afc084d153615d5af78eababdc87ac99ff953990661cdc8854c32e2d52d7187900"}, 0x48, 0xfffffffffffffffb) keyctl$clear(0x7, r0) 21:17:08 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000100)=0xab, 0x4) [ 2595.996125][T27279] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2596.037547][T27279] bond192 (uninitialized): Released all slaves [ 2596.048579][T27281] loop4: detected capacity change from 0 to 253983 21:17:08 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x62) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0xc400, 0x104) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0x101000002) [ 2596.166989][T27281] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2596.175216][T27281] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2596.183946][T27281] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2596.192032][T27281] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock 21:17:08 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:17:08 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700), 0x0, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:17:08 executing program 5: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000002040)={@loopback, @mcast1, @private1, 0x0, 0x5, 0xa2, 0x0, 0x0, 0x1710004}) [ 2596.828887][T27283] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2596.839693][T27283] CPU: 0 PID: 27283 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2596.851435][T27283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2596.861627][T27283] Call Trace: [ 2596.865000][T27283] [ 2596.868024][T27283] dump_stack_lvl+0x200/0x28c [ 2596.872904][T27283] dump_stack+0x29/0x2c [ 2596.877236][T27283] dump_header+0x1e5/0xae0 [ 2596.881888][T27283] oom_kill_process+0x3a7/0xba0 [ 2596.886965][T27283] out_of_memory+0x111c/0x1570 [ 2596.891928][T27283] ? slab_debugfs_show+0xa40/0xaa0 [ 2596.897261][T27283] mem_cgroup_out_of_memory+0x46b/0x590 [ 2596.903059][T27283] mem_cgroup_oom+0xa3d/0xd30 [ 2596.907963][T27283] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2596.913205][T27283] try_charge_memcg+0x18b0/0x2110 [ 2596.918447][T27283] ? kmsan_get_metadata+0x33/0x220 [ 2596.923822][T27283] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2596.929851][T27283] charge_memcg+0x1a9/0x6b0 [ 2596.934555][T27283] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2596.940329][T27283] __mem_cgroup_charge+0xb9/0x2e0 [ 2596.945587][T27283] wp_page_copy+0x719/0x4310 [ 2596.950375][T27283] ? kmsan_get_metadata+0x33/0x220 [ 2596.955707][T27283] ? kmsan_get_metadata+0x33/0x220 [ 2596.961042][T27283] ? preempt_count_sub+0xfc/0x340 [ 2596.966385][T27283] do_wp_page+0xc81/0x29c0 [ 2596.971021][T27283] handle_mm_fault+0x43e1/0x47a0 21:17:09 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x48) [ 2596.976151][T27283] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2596.982330][T27283] do_user_addr_fault+0x11f5/0x1e50 [ 2596.987763][T27283] exc_page_fault+0x60/0x140 [ 2596.992573][T27283] ? asm_exc_page_fault+0x8/0x30 [ 2596.997694][T27283] asm_exc_page_fault+0x1e/0x30 [ 2597.002718][T27283] RIP: 0023:0xf6e1f418 [ 2597.006917][T27283] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2597.026705][T27283] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2597.032935][T27283] RAX: 00000000f6f50000 RBX: 000000004afa5404 RCX: 0000000000001404 [ 2597.041043][T27283] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 00000000826ce43b [ 2597.049159][T27283] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2597.057278][T27283] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2597.065393][T27283] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2597.073527][T27283] [ 2597.081178][T27283] memory: usage 307200kB, limit 307200kB, failcnt 15788 [ 2597.089373][T27283] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2597.096474][T27283] Memory cgroup stats for /syz1: [ 2597.098036][T27283] anon 131072 [ 2597.098036][T27283] file 313262080 [ 2597.098036][T27283] kernel 1179648 [ 2597.098036][T27283] kernel_stack 32768 [ 2597.098036][T27283] pagetables 69632 [ 2597.098036][T27283] percpu 0 [ 2597.098036][T27283] sock 0 [ 2597.098036][T27283] vmalloc 0 [ 2597.098036][T27283] shmem 313262080 [ 2597.098036][T27283] file_mapped 40960 [ 2597.098036][T27283] file_dirty 0 [ 2597.098036][T27283] file_writeback 0 [ 2597.098036][T27283] swapcached 0 [ 2597.098036][T27283] anon_thp 0 [ 2597.098036][T27283] file_thp 0 [ 2597.098036][T27283] shmem_thp 0 [ 2597.098036][T27283] inactive_anon 311906304 [ 2597.098036][T27283] active_anon 1486848 [ 2597.098036][T27283] inactive_file 0 [ 2597.098036][T27283] active_file 0 [ 2597.098036][T27283] unevictable 0 [ 2597.098036][T27283] slab_reclaimable 786584 [ 2597.098036][T27283] slab_unreclaimable 272160 [ 2597.098036][T27283] slab 1058744 [ 2597.098036][T27283] workingset_refault_anon 0 [ 2597.098036][T27283] workingset_refault_file 0 [ 2597.194355][T27283] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27283,uid=0 [ 2597.210502][T27283] Memory cgroup out of memory: Killed process 27283 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 21:17:09 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:17:09 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000000)={0x0, 'sit0\x00'}) 21:17:09 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x62) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0xc400, 0x104) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0x101000002) 21:17:09 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f0000000000)="84", 0x1, 0x2000010, &(0x7f00000000c0)={0xa, 0x4e22, 0x6ce6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3a}, 0x1c) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, 0x0) [ 2597.610369][T27297] loop4: detected capacity change from 0 to 253983 21:17:10 executing program 2: keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0xfffffffffffffffe, 0x0) [ 2597.676797][T27297] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2597.684948][T27297] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2597.693692][T27297] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2597.701574][T27297] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock 21:17:10 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700), 0x0, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:17:10 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:17:10 executing program 2: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) close$fd_v4l2_buffer(r0) [ 2598.716677][T27312] loop4: detected capacity change from 0 to 253983 [ 2598.786888][T27312] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2598.798329][T27312] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2598.806897][T27312] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2598.814892][T27312] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock 21:17:11 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700), 0x0, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:17:11 executing program 3: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$cgroup_type(r0, 0x0, 0x0) [ 2598.987341][T27301] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2599.000117][T27301] CPU: 1 PID: 27301 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2599.011876][T27301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2599.022068][T27301] Call Trace: [ 2599.025445][T27301] [ 2599.028470][T27301] dump_stack_lvl+0x200/0x28c [ 2599.033357][T27301] dump_stack+0x29/0x2c 21:17:11 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2599.037701][T27301] dump_header+0x1e5/0xae0 [ 2599.042372][T27301] oom_kill_process+0x3a7/0xba0 [ 2599.047475][T27301] out_of_memory+0x111c/0x1570 [ 2599.052376][T27301] ? slab_debugfs_show+0xa40/0xaa0 [ 2599.057713][T27301] mem_cgroup_out_of_memory+0x46b/0x590 [ 2599.063501][T27301] mem_cgroup_oom+0xa3d/0xd30 [ 2599.068405][T27301] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2599.073757][T27301] try_charge_memcg+0x18b0/0x2110 [ 2599.079044][T27301] ? kmsan_get_metadata+0x33/0x220 [ 2599.084425][T27301] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2599.090477][T27301] charge_memcg+0x1a9/0x6b0 [ 2599.095114][T27301] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2599.100877][T27301] __mem_cgroup_charge+0xb9/0x2e0 [ 2599.106151][T27301] wp_page_copy+0x719/0x4310 [ 2599.110961][T27301] ? kmsan_get_metadata+0x33/0x220 [ 2599.116307][T27301] ? kmsan_get_metadata+0x33/0x220 [ 2599.121681][T27301] ? preempt_count_sub+0xfc/0x340 [ 2599.126914][T27301] do_wp_page+0xc81/0x29c0 [ 2599.131487][T27301] handle_mm_fault+0x43e1/0x47a0 [ 2599.136625][T27301] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2599.142817][T27301] do_user_addr_fault+0x11f5/0x1e50 [ 2599.148249][T27301] exc_page_fault+0x60/0x140 [ 2599.153052][T27301] ? asm_exc_page_fault+0x8/0x30 [ 2599.158203][T27301] asm_exc_page_fault+0x1e/0x30 [ 2599.163218][T27301] RIP: 0023:0xf6e1f418 [ 2599.167376][T27301] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2599.187099][T27301] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2599.193329][T27301] RAX: 00000000f6f50000 RBX: 0000000043a7fd52 RCX: 0000000000001d52 [ 2599.201401][T27301] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085de99d3 [ 2599.209653][T27301] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2599.217776][T27301] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2599.225877][T27301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2599.233958][T27301] [ 2599.240282][T27301] memory: usage 307200kB, limit 307200kB, failcnt 15831 [ 2599.247856][T27301] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2599.254982][T27301] Memory cgroup stats for /syz1: [ 2599.256380][T27301] anon 131072 [ 2599.256380][T27301] file 313262080 [ 2599.256380][T27301] kernel 1179648 [ 2599.256380][T27301] kernel_stack 32768 [ 2599.256380][T27301] pagetables 65536 [ 2599.256380][T27301] percpu 0 [ 2599.256380][T27301] sock 0 [ 2599.256380][T27301] vmalloc 0 21:17:11 executing program 5: clock_gettime(0x0, &(0x7f0000002f40)) [ 2599.256380][T27301] shmem 313262080 [ 2599.256380][T27301] file_mapped 40960 [ 2599.256380][T27301] file_dirty 0 [ 2599.256380][T27301] file_writeback 0 [ 2599.256380][T27301] swapcached 0 [ 2599.256380][T27301] anon_thp 0 [ 2599.256380][T27301] file_thp 0 [ 2599.256380][T27301] shmem_thp 0 [ 2599.256380][T27301] inactive_anon 311906304 [ 2599.256380][T27301] active_anon 1486848 [ 2599.256380][T27301] inactive_file 0 [ 2599.256380][T27301] active_file 0 [ 2599.256380][T27301] unevictable 0 [ 2599.256380][T27301] slab_reclaimable 787624 [ 2599.256380][T27301] slab_unreclaimable 273600 [ 2599.256380][T27301] slab 1061224 [ 2599.256380][T27301] workingset_refault_anon 0 [ 2599.256380][T27301] workingset_refault_file 0 [ 2599.352785][T27301] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27301,uid=0 [ 2599.369069][T27301] Memory cgroup out of memory: Killed process 27301 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:17:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="741610e6f7ad27a53a8bc2c8e23e8ba6", 0x10) sendmmsg(r1, &(0x7f0000008080)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001980)="e2ab2482c054e64c386b1f40ae60e2bb43d38793df46e7959cb808df6e5b5b21ce70ee08d844ca10d615949656579a4cdc24b70407a8ba4634cd85427cc48bd9813b1d5ad36fcec234f720365585373b8f49a38d74d083233c5236fdb67813eb5f9312b96261217bf687d45cc01dcf9b322642315666c28dbee3f8811844ea98b5b4c3912d59df2dc5fa4bff7dd9eb820fc785e8cbeeb980fdf96a0839643082130b06bc54eb90f88b0df118c3f48b60915b83cbef426f960358112f29f4c4c0f274b3ede8d440f39bf154fd637674d65af56dc73be1f2b2313d680b0b8b7ab83a74d6b02412a7a7d2785321b41e092a1acabf9310bc8a23d0a060e239ac066e544295559d8c28c062f96401fc83600a9a589437d676d06a4dcd7f5188c3eb3af94b296744fab02194cdca8221b9efa18bb2c6dd35c6cfabf7a3a6c75c042e1a5d95974c95174f44b4f822df1cef64bf11ec527ba96337ee8c86632f6506a2acd9df02a70a54a839c26e2423c883a9a1f0bcf2c89ea886f63ed87d3487ae83a5ca2a17a3c78bd371d3e876aace68b1fbbd81968d0c5a85da5b97450487bd47c6cec7e6ff7c35f84d7652574ec8817e41b64b3005b3ff7da53230545404ccef11776cddb89000bb9207bbf47cbf0291055a46f58836bc3658376643e5ef68d4cbc49e95bdf78cd00b10f4c072b4c42eff23452dc9b75e79013c7dc4ce7fc6c1a2b672b3995965eac21171912be67e25698cca89f11f70d0b92e209c8ebb055353290315ce4e1e0520eea152c550514e11d58e0382c474133270012d7b04304b3a5efe8a2d0c37b7129c31fb86e974a64bf9ac4197a34a9816a23b1f4f20fe9a466b356f12d090af6f59acc7129047c2e6806173e1eef2ea44f1ca4d937e24a57811dec5ca0c69b85d0bd26ed48c21fa60ca822e1f4c81d2083e582af36f5a423237dadb6afcda1cbad27bcd9b8abff9d61072555bcfff5834a0ac500ec6dc6cded4c9049267d47b742c068d1472d3682238ba9e331e538e7976ff3c0cc1aa9b46b91ed823e216e9fc528266c1bedaebe392498660abb10ccd057afdf9d7e447420b2a0282b54757050e2d9687c30a2653fe3a3ea2dcc9fbed1a23a1bb1fab3f18dd3fb872c660646baa831d00042fdbae4897cb50af41d0365d56ac5e50ca098986ac3f27946b1ce5aac423e2990d5b65051e919bea975b88b3fd133533efe3fa8d8f01df23cb0bfb0f063d1bd38109359fff6c4588a1fafd3dd9fe4fd57b81bc31a9c8b7dc9e137e11bb4d6f4d6ec6302ad8bbfb91dc15b000b29acbd8ba3b57f662cfc4379bc68700613846e2d31a531f895685cd33c8a94135aa32a12c6bd3b6121a5fb077391ba2c5d01991707d5c9bc791a33aeecaba4caa3a14c2f578324c", 0x3e1}], 0x1}}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000004180)=[{{0x0, 0x0, &(0x7f0000003a80)=[{&(0x7f0000001940)=""/8, 0x8}, {&(0x7f0000003980)=""/33, 0x21}, {&(0x7f00000039c0)=""/170, 0xaa}], 0x3}}], 0x1, 0x0, 0x0) 21:17:11 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001a00)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmsg$can_bcm(r1, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg$kcm(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000600)='o', 0x1}], 0x1}, 0x0) sendmsg$kcm(r1, &(0x7f0000001840)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000002500)={0x0, 0x0, 0x0}, 0x0) 21:17:12 executing program 3: r0 = socket(0x18, 0x0, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x50}}, 0x0) [ 2600.159110][T27324] loop4: detected capacity change from 0 to 253983 21:17:12 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001200)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496c030000003a431ca711fcd0cdfa1457c56175037958e271f60d25b7937f02c8695e5a31f41b24df41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7c455ce34e4d5b318e2ec0e0700897a74a00987f110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdc1edc852ffa5f33f14817ac61e4dd11183813477bf7e060e3670ef0e789f93781965f172d96704902cbe7bc04b82d2789cb132b8667c21476619f28d9961b63e1a9cf6c2a660a16e9e184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab359b4ee79000000000000009d7906e927dbfd47d8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed00b0000002cab554ad029a119ca3c972780870014601c3c09005aec84222fff0d7216fdb0d3a0ec4be3e563112f4b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bcffc2cc788bee1b47683db01a469398685211bbae0e7313bf4de2a41990f05ca3bdfc92c88c5b8dcdcc22ee17476d738992533ac2a9f5a699593f089537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d38467e8106af972b2a70b68078673f8b6e74ce23877a6b24db0e067345562942fa629fbef2461c96a08707671315c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6ad11e48455b588b90dfae158dbb150adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b400000000cc0000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859ac8e3c177031bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d76c1993e0746eb5d89e7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f201000000f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed97116ee0c1fa9185bc68477b8521cb0c69a2f75409000000000000001d695c0359b82cabac3cccadc1e1c19af4e23020abf5ff0433d660f264b7725ba59ec7c36600b78a343a0898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3b854b188c768c001496fa99ce5b5040be959091fa948cfa8e7194123e918914a71ad5a8521fb956d05000000719b55b3abb6bba3eb13a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7976d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bf8c2c418cef875fb49e2989177a1bcd1e30280bc686e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fccf363361dcdba10c1547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f64d895424360e0464f9d7ea425f2fa7aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e3797c3e88538f406b598307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e54b7fc96d6a706008ed3e14a0c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000000000000000000000000000005333c6099c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bed1fc105cddd77ab929b837d54aa17fa9f0484ee3bfe30b92dd493be66c2242f8184733b80ba28e824910844df3108d5bb2f89049c5f6d63956995747639964217aacfe548bc869098aa8e07041dbc9e2d4db3c5f79fd355222ec2a02bf7f2ccd6dd6d2d0908be79314221a5472f1318a9dfbec5a759579caf47f5e07327df60b718a3793262129b146b9040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc1758f6410c02889ce1589aa50363510c40243fc0927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f1cf035d1563f9650e1da02db50dc53c1d5d254d9033c5a45706bda78ab602000000000000000000000000000000000000000000fa80459bb5d3c2f325288c2cc2734810e7ef209f233ad097c30ba8c0fa545f8b304a1acfb009a7772df8d20ef2ee0d0380a2f2a8795172af094a2751c35f807949973491c5b22ad1e9d89d21d7f30e51f686b1e1fbc9b87e8d6e8c856179a6004debcc9a1ba6c909ec9293952e9ac5a8c31ac9550fccfb76d6e28f88fda08e68d7318d27b2bc5c29eebca3727b168ce336813c6cf83956f1ddc7851142143f1a9778436f068f8e2819f21c5b3a74605a2d7420a2db49f7afa89f0b2b02b13fea020a6f100edadbf1d3a861174e87122b76f5cb7928bd85a93f5b68f5f76e1a08c19972040011ae3f69c9a5e09a8c2a806749da91d43fbeb6a39b8674aabdf02b16791862e49f78133cf4797a0e9c57abc2cc7b6d090551edaecede0fa95f4589745e2e975663e1cae31ab91ac276e43e646c7e851ede792791fa30266a9db99bf085d02bc1677af127f8c98a69d2981b953c84e92fc6a94cdbf0adff901bbefc68a885182ee1d6df30f3365bbe5d712e6ac77362740a1799417a19d6d62443032e5f6c83c23292be45a18bcd8491247a7c8af6dbcf25c389b40e7ae274ff3bcf94a0c0627b7c0543a1e4a4b8155c07ee0c2bec840a8d3b7e05b31186d576790a29ca8b4a59bbf82f0854852f6124f7e940975febe546e6d775426165331537483d33057c6134a6e0dccbb59aae19b74962461ebd4384d65454c6c75ae7090aa18f26530093ee9d760b0f28c783506fb09606c60c3e496247f577b1d7c4de515fc1a9f385a485c41887be66574e2928c2573c7ff433653b02b851f28e323233e8b2a985813867b7f57ee8bbf51edff10389cee0979a2d54d1e34bb3a6a3b0090e5be5f1843603bf6b757d5c7ec8d2cea23ca3e4aa4cb56571e1d40b26d7b5245903d812aebe7993606320b60c25102dde5ca8d17bfa48f7046e3a81b757837102897232b5d0c97e2f80ed912ee119609b3c08bb53b57df111866134fff0e5abe1b15e43b751ed935d00000000f813825ee0e5988e5b293492984802ea962dc9d6a455347cbbee33e80f130c023272edfc92c20a0002923c2bd064c830e4d78348844911fec623a36ef69020a701c7b4a2911423c7b6fe2536550430084791d361d1faf38acd09092f9bd10bd6d88d35901b1e71011c746a0e896fe14a07f571683a4c37f2daea708c73e46723cca3d577c535b7da676c831a26db066c5aeba92d88409a9cb5ae1f02356c024bb0697f2c8412007a064c50ef1717debef58f159114083154aa2a90ca91bb6c8e584f207314492eb13935f147c0b57433db3779ac31cc91bc989e78872d9b0cd49bc883e5968dd74d2a9d4ad9e71115980a05e3495e1d280ff4b40227048c823112633a9f48d3f703b94c2a052d773723d8f5a54a0bede5bc8eed9f9a8dc7b0de31b9c18323497c79e6aa5f26293960365bfca7bf86b97ea96eecf09934be932b0514924a03b9695d29f233bb5b2979428710045477debdf1e25bc57f74df58fee8ae0f151b2c5dc8b1bb4d410173d4881c4be1149ca538e54f27215557df9f15561cc9fce1de705f5290273f00"/3026], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe, 0xf000, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bffffff00004000632977fbac141442e934a0a662079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) [ 2600.243232][T27324] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2600.251172][T27324] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2600.259861][T27324] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 2600.267937][T27324] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock 21:17:12 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) 21:17:12 executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xb, &(0x7f0000000200)=[{&(0x7f0000010700)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f00000002", 0x35, 0x1400}, {&(0x7f0000010e00)="d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010f00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x200fe0}, {&(0x7f0000011000)="00000000000000000000000000000000000000000000000000000006", 0x1c, 0x2011e0}, {&(0x7f0000011400)="000000000000000000000000000000000000000000160000000510ec", 0x1c, 0x201320}, {&(0x7f0000011500)="00000017000000020c60", 0xa, 0x201380}, {&(0x7f0000011b00)="0000000000000000000000000000000000000000000000000000000100000000d73cd47a0000000000100000000000000b000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff03000600000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff05000000000000000000000000000000c5010000060000000100000007000000070000000a0000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011c00)="0000000000000000000000000000000000000000000000000000000009f7a5bb", 0x20, 0x205fe0}, {&(0x7f0000013000)="0000000000000000000001000000010000000002000000010000000003000000013e", 0x22, 0xa00000}, {&(0x7f0000014500)="ed4100005cf90100535f010003000000001000000000000002", 0x19, 0x3e01000}, {&(0x7f0000014700)="00000000000000000300000003", 0xd, 0x3e01fe0}], 0x0, &(0x7f0000014b00)) 21:17:12 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001a00)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmsg$can_bcm(r1, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg$kcm(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000600)='o', 0x1}], 0x1}, 0x0) sendmsg$kcm(r1, &(0x7f0000001840)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000002500)={0x0, 0x0, 0x0}, 0x0) [ 2600.717311][T27320] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2600.728767][T27320] CPU: 0 PID: 27320 Comm: syz-executor.1 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2600.740504][T27320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2600.750688][T27320] Call Trace: [ 2600.754071][T27320] [ 2600.757115][T27320] dump_stack_lvl+0x200/0x28c [ 2600.762001][T27320] dump_stack+0x29/0x2c [ 2600.766340][T27320] dump_header+0x1e5/0xae0 [ 2600.770986][T27320] oom_kill_process+0x3a7/0xba0 [ 2600.776061][T27320] out_of_memory+0x111c/0x1570 [ 2600.781031][T27320] ? slab_debugfs_show+0xa40/0xaa0 [ 2600.786366][T27320] mem_cgroup_out_of_memory+0x46b/0x590 [ 2600.792171][T27320] mem_cgroup_oom+0xa3d/0xd30 [ 2600.797054][T27320] ? raw_spin_rq_unlock+0x3b/0xc0 [ 2600.802288][T27320] try_charge_memcg+0x18b0/0x2110 [ 2600.807536][T27320] ? kmsan_get_metadata+0x33/0x220 [ 2600.812922][T27320] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2600.818950][T27320] charge_memcg+0x1a9/0x6b0 [ 2600.823663][T27320] ? get_mem_cgroup_from_mm+0x39d/0x4d0 [ 2600.829430][T27320] __mem_cgroup_charge+0xb9/0x2e0 [ 2600.834684][T27320] wp_page_copy+0x719/0x4310 [ 2600.839473][T27320] ? kmsan_get_metadata+0x33/0x220 [ 2600.844791][T27320] ? kmsan_get_metadata+0x33/0x220 [ 2600.850129][T27320] ? preempt_count_sub+0xfc/0x340 [ 2600.855353][T27320] do_wp_page+0xc81/0x29c0 [ 2600.859976][T27320] handle_mm_fault+0x43e1/0x47a0 [ 2600.865098][T27320] ? restore_fpregs_from_fpstate+0x68/0x3a0 [ 2600.871289][T27320] do_user_addr_fault+0x11f5/0x1e50 [ 2600.876717][T27320] exc_page_fault+0x60/0x140 [ 2600.881493][T27320] ? asm_exc_page_fault+0x8/0x30 [ 2600.886585][T27320] asm_exc_page_fault+0x1e/0x30 [ 2600.891587][T27320] RIP: 0023:0xf6e1f418 [ 2600.895763][T27320] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00 [ 2600.915526][T27320] RSP: 002b:00000000ffacc040 EFLAGS: 00010246 [ 2600.921730][T27320] RAX: 00000000f6f50000 RBX: 00000000c24e17ad RCX: 00000000000017ad [ 2600.929840][T27320] RDX: 0000000000000000 RSI: 00000000f6f36000 RDI: 0000000085df144d [ 2600.937937][T27320] RBP: 00000000f6f50000 R08: 0000000000000000 R09: 0000000000000000 [ 2600.946070][T27320] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2600.954162][T27320] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2600.962285][T27320] [ 2600.965569][T27320] memory: usage 307200kB, limit 307200kB, failcnt 15877 [ 2600.972727][T27320] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2600.979697][T27320] Memory cgroup stats for /syz1: [ 2600.981323][T27320] anon 135168 [ 2600.981323][T27320] file 313262080 [ 2600.981323][T27320] kernel 1175552 [ 2600.981323][T27320] kernel_stack 32768 [ 2600.981323][T27320] pagetables 65536 [ 2600.981323][T27320] percpu 0 [ 2600.981323][T27320] sock 0 [ 2600.981323][T27320] vmalloc 0 [ 2600.981323][T27320] shmem 313262080 [ 2600.981323][T27320] file_mapped 40960 [ 2600.981323][T27320] file_dirty 0 [ 2600.981323][T27320] file_writeback 0 [ 2600.981323][T27320] swapcached 0 [ 2600.981323][T27320] anon_thp 0 [ 2600.981323][T27320] file_thp 0 [ 2600.981323][T27320] shmem_thp 0 [ 2600.981323][T27320] inactive_anon 311910400 [ 2600.981323][T27320] active_anon 1486848 [ 2600.981323][T27320] inactive_file 0 [ 2600.981323][T27320] active_file 0 [ 2600.981323][T27320] unevictable 0 [ 2600.981323][T27320] slab_reclaimable 787624 [ 2600.981323][T27320] slab_unreclaimable 271992 [ 2600.981323][T27320] slab 1059616 21:17:13 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="00000000002973989c00000000067a00", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000002d00)=@newtfilter={0x1c00, 0x2c, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xd}}, [@TCA_CHAIN={0x8, 0xb, 0x7}, @TCA_CHAIN={0x8, 0xb, 0xff}, @TCA_CHAIN={0x8, 0xb, 0x8}, @TCA_RATE={0x6, 0x5, {0x0, 0xf3}}, @TCA_CHAIN={0x8, 0xb, 0x3}, @TCA_RATE={0x6, 0x5, {0x1, 0x1}}, @filter_kind_options=@f_tcindex={{0xc}, {0x1b90, 0x2, [@TCA_TCINDEX_ACT={0x1584, 0x7, [@m_bpf={0xac, 0x19, 0x0, 0x0, {{0x8}, {0x40, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS={0x3c, 0x4, [{0xd7, 0xc8, 0x4, 0x1}, {0x6, 0x56, 0x8, 0x6}, {0x5, 0x8, 0xff, 0x9}, {0x0, 0x3, 0x6, 0x9}, {0x0, 0x7, 0x7f, 0xf592}, {0x33ca, 0xf8, 0x6, 0x5}, {0x8, 0x2, 0x89}]}]}, {0x48, 0x6, "6a9ea8da2c100a020dc21d87f576c0e8bbb25f336d34d311f657e4319651e1fa909ab868d1a2fecbbbbfa1214a2a97eb7a2c84f4342bb6ce0eaf40b2e64c535ecd3f27d0"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_police={0x11b0, 0x5, 0x0, 0x0, {{0xb}, {0x116c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RESULT={0x8, 0x5, 0x3ff}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RESULT={0x8, 0x5, 0xb3c}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3, 0x8, 0x1, 0x4, 0x8, 0x6, 0x2, 0x7ff, 0x6, 0xfa, 0x1, 0x1f, 0x80000000, 0x8, 0x3, 0x3, 0x0, 0xff, 0x5, 0x23d1, 0x8, 0x80, 0x96, 0x400, 0x3d7, 0x3, 0x6, 0x7fff, 0xfffffffc, 0x8001, 0x0, 0x400, 0x400, 0x3f, 0x3f, 0x3f, 0x2a26, 0xffff8000, 0x0, 0x8, 0xff, 0xffff, 0x5, 0x3, 0x80000000, 0x3ff, 0x3, 0x8, 0x3, 0x65, 0x843, 0x13c, 0xeb, 0x8, 0x1, 0x3, 0x6, 0x10001, 0x6, 0x5, 0x800, 0x6b5, 0xfffffffc, 0x6, 0x4a, 0x4, 0x932, 0x4, 0x8, 0x8, 0x4, 0x3, 0x0, 0x0, 0xffff1483, 0xfffffff7, 0x8, 0x101, 0x10001, 0x0, 0x4744, 0x6, 0xf16, 0x3d, 0x1, 0x6, 0x2262dbd4, 0x7, 0x8, 0x7f65, 0x1ff, 0x5, 0xfffffffe, 0xad, 0x7, 0x20, 0x6, 0xfffffffc, 0x80000000, 0x8, 0x4, 0x7f, 0x793b636e, 0x3, 0x101, 0x8, 0x800, 0x3, 0x3, 0x8a4, 0x80, 0xffffffff, 0x1, 0x2, 0x200, 0x3, 0xfd, 0x6, 0xfffffffe, 0xfffffffe, 0x1, 0x1, 0x10001, 0xffffffff, 0x800, 0xffff, 0x8, 0x101, 0x975, 0x3, 0x0, 0x8001, 0x10a, 0x80, 0x10000, 0x8, 0x9, 0x9, 0xfff, 0x1, 0x81, 0x9, 0x4ff, 0x400, 0x0, 0x7, 0x6, 0x0, 0x40, 0x9, 0x9, 0x6, 0x5, 0x1386, 0x10000, 0x5, 0xa36, 0x1000, 0x7, 0xc65, 0x1, 0x100, 0x0, 0x0, 0x80, 0x187d, 0x0, 0x1, 0x8, 0x3, 0x3ff, 0x3, 0x0, 0xfc1, 0x2, 0x2, 0x800, 0x0, 0xac7c, 0x6, 0x7, 0x2, 0x80000001, 0x3, 0x9, 0x6, 0x1f, 0x100, 0x6, 0x8, 0x7ff, 0xec2f, 0xffff, 0x8, 0x81, 0x9, 0x40, 0x7, 0x40, 0x2, 0x6, 0x9d, 0xd5, 0xffffffff, 0x3, 0x2, 0x3, 0xffff, 0x898, 0x3, 0x0, 0xffff, 0x8000, 0x9, 0x1000, 0xfff, 0x800, 0x0, 0x6, 0x0, 0x6, 0x0, 0x4f, 0xf97, 0x3, 0x3, 0x3, 0xf94, 0x7, 0x1, 0x0, 0x20, 0x3ff, 0x80, 0x7, 0xb360, 0x8193, 0x1, 0xffffffff, 0x1ff, 0x80000001, 0xed, 0x0, 0x8000, 0x4, 0x3, 0x857, 0x0, 0x800, 0x0, 0x6, 0x5, 0xe96e, 0x6184, 0x3, 0x6]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xb7, 0xffffffff, 0x89fe, 0xfffffff9, 0x9, 0x72f, 0x1, 0x7fff, 0x9, 0xfffffff8, 0x3a, 0x7, 0x200, 0x1, 0xe804, 0x6, 0x11, 0x3ff, 0xfe1, 0x1, 0x3, 0x0, 0x5, 0x9, 0x8001, 0x8001, 0x1, 0x7, 0xfffffff7, 0x9, 0xfd4a, 0x100, 0x3, 0x2d2, 0x1, 0x3, 0x4, 0x9367, 0x401, 0x5, 0x9, 0x9, 0x6, 0x210, 0x3f, 0x1, 0x0, 0x6, 0xa8, 0x5, 0x7, 0x10000, 0x3, 0x3, 0x8, 0x3, 0x1, 0x7, 0x20, 0x0, 0x4, 0x2f30, 0x4, 0x6, 0x2, 0x5, 0x1, 0xafca, 0x5, 0x5, 0x4, 0x1000, 0x80, 0x200, 0x9, 0x5, 0x7, 0xc06, 0x0, 0x20, 0x10000, 0xc753, 0x5, 0x7, 0x125af2e0, 0xf5c, 0xbc, 0xffffff7f, 0x7b, 0x8fb, 0x8f7, 0x8f, 0x8, 0x20, 0x7ff, 0x6, 0xb8, 0x19f0, 0x2a000000, 0x8000, 0x6, 0x2, 0x750, 0x2, 0x0, 0x9, 0x3, 0x0, 0x1ef6, 0x1fe0, 0xfffffffd, 0x3865efbd, 0x9, 0x0, 0x100, 0x9, 0x7ff, 0x4, 0x3, 0x0, 0x0, 0x9, 0x3, 0x1f, 0x7, 0x7, 0xa2, 0x3, 0x1000, 0x100, 0x4, 0x11aec8bf, 0x2, 0x8000, 0x4, 0x800, 0x0, 0xffff8001, 0xfffffe01, 0xfff, 0x2, 0x5, 0x9, 0x5, 0x9, 0x6, 0xfff, 0xa8, 0x5, 0x1ff, 0x1ff, 0x7ff, 0x5, 0x40, 0x4a, 0x6, 0x81, 0x0, 0x9, 0x5, 0x532, 0x2, 0x3ff, 0xe83, 0x0, 0xc94, 0x8fc, 0x4, 0x8, 0xfff, 0x5d883165, 0x8001, 0xffffffff, 0x2a2, 0x1ff, 0x1, 0xffffffff, 0x0, 0x20, 0x1f, 0x3341, 0x7ff, 0x1, 0x2, 0x62, 0x1ff, 0x200, 0x49, 0x3, 0x4, 0x8, 0x5, 0x4, 0x2, 0x7fff, 0x1, 0x2, 0x63, 0x1f, 0x10000, 0xfffffff7, 0x100, 0x2, 0x2, 0x20, 0xffff4bbd, 0x603, 0x1, 0x3, 0x90d, 0x3f, 0x4, 0x80000000, 0x2, 0x7ff, 0x1f, 0x6, 0x10001, 0x2, 0x7, 0x9, 0x2, 0x6, 0x0, 0x9, 0x8, 0x53b, 0x1ff, 0xf0, 0xffffffff, 0x7a, 0x85, 0x81, 0x400, 0x0, 0x9, 0x1000, 0xffffffff, 0x0, 0x3, 0x3, 0x8, 0x100, 0x15f, 0x5, 0xf, 0x8001, 0x3, 0x1, 0x20, 0x4410, 0x1, 0x278f, 0xffff, 0x1, 0x81]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x0, 0x6, 0x0, 0x9, {0x4, 0x2, 0x8000, 0x3, 0x7ff, 0x5}, {0x5, 0x2, 0x7, 0x80, 0xfffb, 0xfb}, 0xa2, 0x1, 0x8}}, @TCA_POLICE_RESULT={0x8, 0x5, 0xfffffe3e}, @TCA_POLICE_RESULT={0x8, 0x5, 0x8}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x4}], [@TCA_POLICE_RESULT={0x8, 0x5, 0xfffffff9}, @TCA_POLICE_RATE64={0xc, 0x8, 0xffffffff}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x5, 0x98, 0x401, 0x7c00, 0x0, 0x470, 0x3, 0x8, 0x4e, 0x86b, 0x2, 0x1000, 0x7ff, 0xfff, 0x5d1c943c, 0xfffffffd, 0x2, 0x3, 0xedf, 0x4, 0x5, 0x0, 0x53b, 0x1f, 0x80, 0xa1, 0x71, 0x5, 0x0, 0x7fffffff, 0x20, 0x9, 0x401, 0x7, 0x6, 0x1000, 0xfcd2, 0x3, 0x8, 0x9, 0x5, 0x7fff, 0x80000000, 0xfffff801, 0x1f, 0x9, 0x6c, 0x9, 0x80, 0x0, 0x101, 0x4, 0x5, 0xe692, 0x29, 0x2, 0x2, 0x7fff, 0x1, 0xfff, 0x80000000, 0x80000000, 0xffffffff, 0x5, 0x80000001, 0x8001, 0x9, 0x0, 0x6, 0x9, 0x9, 0x12c, 0x8, 0x1, 0x80, 0x7, 0x0, 0x3, 0x3, 0x81, 0x0, 0x40, 0x2, 0x7, 0x5, 0x4, 0x9, 0x1, 0xffff, 0x6, 0x0, 0x8, 0x0, 0x6, 0x0, 0x1, 0x0, 0x3, 0x10000, 0x1ff, 0x3ff, 0x8, 0x48c, 0x7fffffff, 0x100, 0x8, 0x0, 0xffffffff, 0x9, 0x7fffffff, 0xffff, 0x1000, 0x7, 0x80000001, 0x7, 0x7, 0xfe4, 0x9, 0x7ff, 0x1f, 0x5, 0x7, 0x8000, 0x40, 0x6, 0xfffffffb, 0xffc00000, 0xffffffe1, 0x3, 0x6, 0x39, 0x0, 0xb095, 0xc65a7700, 0xff, 0x7f, 0x3c66cd50, 0x224, 0x0, 0x2, 0x7, 0x4, 0x9, 0x1, 0x9, 0x0, 0x5, 0x7, 0xff, 0x5, 0x10001, 0x1f, 0x0, 0x3, 0xfff, 0x800, 0x1, 0x20, 0x80000000, 0x1, 0x4e08, 0x7, 0x401, 0x4, 0x3, 0x2d, 0x8001, 0x101, 0x361, 0x0, 0x0, 0x800, 0x1, 0x800, 0x0, 0x9, 0x0, 0x7bf7, 0xffff, 0x4, 0x60, 0x4d8, 0x1000, 0x1f, 0xfffffffd, 0xffffff12, 0x81a, 0x8, 0xfffffffa, 0x0, 0x3, 0x7f, 0x1aa, 0x6, 0x2, 0xfffffff8, 0xff, 0x2, 0x6, 0x8, 0x6, 0x6, 0x5, 0x100, 0x8, 0x1, 0x5, 0x4, 0x8, 0x1f, 0x8, 0x3, 0xfffffffb, 0x8dc, 0x4, 0x7c48, 0x5, 0x2, 0x9, 0x81e, 0x1, 0x9, 0x10001, 0x4, 0x3f, 0x80000000, 0x1, 0x1f, 0x4, 0x0, 0x101, 0xf6d, 0x5a7, 0x8, 0x6, 0x3, 0x571d, 0x5, 0x4, 0x9, 0x100, 0x8, 0xfff, 0x70e, 0xdd661699, 0xd31a, 0x2, 0x7fff, 0xffff, 0x0, 0x875f, 0x5, 0x0, 0x2, 0x1000, 0x2]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x3}, @TCA_POLICE_RATE64={0xc, 0x8, 0x101}, @TCA_POLICE_RATE64={0xc, 0x8, 0x3}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x20}, @TCA_POLICE_RATE64={0xc, 0x8, 0x3f}, @TCA_POLICE_RATE64={0xc, 0x8, 0x9}], [@TCA_POLICE_RESULT={0x8, 0x5, 0x5}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x8000}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x9}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xee9}], [@TCA_POLICE_RESULT={0x8, 0x5, 0x8}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x1f}, @TCA_POLICE_RATE64={0xc, 0x8, 0x4}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x4, 0x9, 0x9, 0x7, 0x7f, 0x9, 0x41e, 0x0, 0xbd41, 0x100, 0xfff, 0x1000, 0x5b54, 0x55d, 0x5, 0x4, 0x4, 0x80000001, 0x400, 0x4, 0x2, 0x1, 0x7, 0x1, 0x3f, 0x3, 0x7ff, 0x4, 0xfff, 0x92, 0xffff, 0x10000, 0x5, 0x4, 0x5334b97d, 0x6, 0x3f, 0x6, 0xde4, 0x3ff, 0x0, 0x2, 0x80, 0x0, 0x4, 0xbdc5, 0xfffffffd, 0x5, 0x9, 0x5, 0x7fff, 0x5, 0x9, 0xac31, 0x8, 0xd8, 0x3, 0x8, 0x3f, 0x8, 0x80000000, 0x101, 0x5, 0x821, 0x4f22, 0xfff, 0x80000000, 0x0, 0xd37, 0x7fffffff, 0x5, 0xffffffff, 0x89, 0x0, 0x401, 0x7f, 0x4, 0x1, 0x8001, 0xff, 0xe, 0x0, 0x800, 0x20, 0x1, 0x3, 0x1, 0x6, 0xfffffffb, 0x7, 0x6, 0x0, 0x4, 0x8, 0x80, 0x100, 0x9, 0x3, 0x7fff, 0x92cc, 0x5, 0x8, 0xdd9b, 0x8, 0xb4c0, 0x0, 0x1ff, 0x4, 0x1ff, 0x3f, 0x4, 0x5, 0x6, 0xb44, 0x8000, 0x7fff, 0x7, 0x1, 0x5, 0x8, 0x7, 0x0, 0x3, 0x0, 0x9, 0x5, 0x1, 0x4, 0x2, 0xff, 0x101, 0x7fffffff, 0x1f, 0x6, 0x80000000, 0x81, 0x1, 0x80000000, 0x3, 0x6, 0x7, 0x0, 0x8, 0x5, 0x0, 0x8, 0x7, 0x9, 0xfffffffe, 0xda, 0x0, 0x9, 0x200, 0x1ff, 0x0, 0xff, 0x9d38, 0x5, 0x7, 0xfffffffb, 0x5, 0xbc51, 0x0, 0x32255a66, 0x3, 0xfffffffe, 0x6, 0xffffffff, 0x104, 0x81, 0xa8a, 0x0, 0x1ff, 0x6, 0x5, 0x5, 0x1c00, 0x0, 0xffffffff, 0x4, 0x8001, 0xf2, 0xf2d8, 0x81, 0x401, 0x10cb, 0x735, 0x401, 0x59bc5e2f, 0xfffffb39, 0x715e8fb5, 0x1ff, 0x8, 0x7ff, 0x0, 0x3, 0x0, 0x8000, 0x358, 0x101, 0x200, 0x9, 0x5ef, 0x0, 0x4, 0x0, 0x6, 0x5, 0x8, 0x31, 0x1f, 0x1, 0xa7c, 0x7c7da415, 0x6, 0x0, 0x7ff, 0xd227, 0x101, 0x65c, 0x1, 0x0, 0x6, 0x0, 0x8, 0x8, 0x1, 0x3ff, 0x9, 0x80, 0x0, 0x7, 0x80, 0xc01, 0x100, 0x8, 0x6, 0xc7, 0x800, 0x8, 0x4, 0x10001, 0x80000000, 0x3, 0x4, 0x80, 0x6bab, 0x8, 0x80, 0x2, 0x6, 0x0, 0x8, 0x6ea, 0xd33c]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xff, 0x7, 0x2f, 0x8, 0x26, {0x5, 0x0, 0x2, 0x401, 0x6, 0x2}, {0xff, 0x0, 0x7fff, 0x9, 0x2, 0x9}, 0xf79, 0x4ddad18a, 0x7}}]]}, {0x1a, 0x6, "7e52da133f3baa267d3860b3160f65e0b8a49eef6957"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_connmark={0xf8, 0x4, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x1, 0x7, 0x1, 0xd6}, 0x1f}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2, 0x1, 0x4, 0x7b55f6e7, 0x7}, 0x7ff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x10001, 0x6, 0x2, 0x4, 0x2}, 0x20}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x1, 0x2, 0x5}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x800, 0x4, 0x20000000, 0x41, 0x2}, 0x167}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x6, 0x20000000, 0x3, 0x455}, 0x1f}}]}, {0x1d, 0x6, "3b5a96db3fb687370be1ee31e4bd471dd94f69b4fd23eb6bde"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ctinfo={0x11c, 0x1e, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0x2}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xed}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x81}, @TCA_CTINFO_ACT={0x18, 0x3, {0x40, 0x7f, 0xffffffffffffffff, 0x5, 0x20}}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x20}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x1}]}, {0xa5, 0x6, "1b006a0f66d6f0ed4430730365e9ed11aea4c01c22ad59429a117070f18bd6d9492c98c6a1cc7b79bfd95cfdb833e961e00c33f857dae732357d8de75f8e3053331febe9b0cec694a2e8bcc8bed69a2d2a49d08149d59f005d1728c6be97bb6e102bc296721840b1b9921461426e1447ac557cb6196ded2e80e758e305dc281962156d9f78ab26983e40b12b1d2bf5f657fb999e03191f226ded576776563135c4"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_csum={0x110, 0x7, 0x0, 0x0, {{0x9}, {0xe4, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x280, 0x15af, 0x0, 0x2, 0x3d}, 0x6f}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x5, 0x0, 0x0, 0x1}, 0x66}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xc2, 0x400, 0x10000000, 0x8}, 0x3b}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x49, 0x2}, 0x7d}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x40, 0x9, 0x2, 0x7, 0x3f}, 0x42}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x42, 0x3, 0x10000000, 0x628d, 0x2}, 0x4f}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x94, 0x0, 0x3, 0x1}, 0x37}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x80, 0x7, 0x0, 0x1, 0x3}, 0x4e}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_TCINDEX_ACT={0x1e4, 0x7, [@m_ife={0xac, 0x19, 0x0, 0x0, {{0x8}, {0x40, 0x2, 0x0, 0x1, [@TCA_IFE_METALST={0x28, 0x6, [@IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x8, 0x3, @val=0x1ff}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8, 0x1, @val=0xfff}, @IFE_META_PRIO={0x8, 0x3, @val=0x9}]}, @TCA_IFE_DMAC={0xa, 0x3, @random="a74a348be750"}, @TCA_IFE_TYPE={0x6, 0x5, 0x2}]}, {0x48, 0x6, "b6851172efeae35c92ebb353fb9d7dc7dccb93e8985a2fd774913055951fe3786ee242b1a840402fa2f9772b9bd4590434de7cfc21defdb9560ce25aa5b9d4d6651bbfd3"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_skbmod={0x134, 0x7, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa}]}, {0xfa, 0x6, "e0ca5fd3cc47d8eeba683f39313db40c1bd6f79cf9a3cbd1d79c5c5a525a88922ed257b039a28aeb42ce8682efe973aebeb0576f1d25360644e70f0571c72399391517712e3317bbb0298b47d9a08a6084bae8d9dbbd6e74d21d66121f5732426c9573a9a91f003683d39ae0c391d6e0c91780d0d69940b0884134d449fbfcc1febbf3f775eba79401466953b5f13ae8c96f46e0a7447895a917eaa5770d592884518e71cf98638562363fa892bcbbfead02b243c5a081585e475b547ea3e7493a5e98809dab72e215afbc2fc64194c77ed667f21237e923ebbe955937567522fb9e9c83ac8b7b2798d45f8ee2f8585b07a3b27a7769"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}]}, @TCA_TCINDEX_POLICE={0x41c, 0x6, [@TCA_POLICE_RATE={0x404, 0x2, [0x100, 0xcdf6, 0x0, 0x6, 0x80, 0xbb, 0x9, 0x0, 0x1000, 0x1, 0x8, 0x7fff, 0x6, 0x0, 0x80000001, 0xfffffab7, 0x57b, 0xfffffffe, 0x144, 0x1, 0x40, 0x2, 0x8, 0xef45f9f, 0x8, 0x0, 0x1, 0x101, 0x7, 0x20b5, 0xfffffbff, 0x60b, 0x6, 0x6, 0x367aa5b1, 0x3, 0x7, 0x7ff, 0x2, 0x6, 0xa0, 0xff, 0xcb, 0x8, 0x8, 0x22fb, 0xfffffffd, 0x10000, 0x8, 0x0, 0x8, 0x5, 0x3, 0x80000000, 0x0, 0x9, 0x9, 0x51, 0x3e, 0xf6, 0x1f, 0xe, 0x2b3, 0xfff, 0x10000, 0xe6, 0x8001, 0x80000000, 0x1000, 0x9, 0x200, 0x4, 0x0, 0x10001, 0x4, 0x0, 0xa000000, 0x8, 0x3, 0xd60, 0x9, 0x3, 0x5, 0x2, 0x20, 0x10001, 0x7fff, 0x245, 0x4, 0xfffffff9, 0x3, 0x1, 0x0, 0x2, 0x672, 0xabc8, 0x6e, 0x401, 0x9, 0x101, 0x7fffffff, 0x8000, 0xfffffffc, 0x37, 0x8, 0x3, 0x1000, 0x101, 0x0, 0x5, 0x1000, 0x400, 0x8000, 0xfffffffe, 0x6, 0x0, 0x1, 0x101, 0x1, 0x1000, 0x0, 0x4, 0x1ff, 0x1, 0xffffffff, 0xfffffff8, 0x7, 0x10001, 0x8, 0xfffffffd, 0x6, 0x935, 0xb8, 0x4, 0x9, 0x101, 0x1, 0x4, 0x1, 0x6, 0x630, 0x2, 0xdf, 0x9, 0xd, 0x2442, 0x7, 0xff, 0x6, 0x400, 0x5, 0x800, 0x2, 0x2400, 0x101, 0x0, 0x78, 0x1, 0x0, 0xffffffff, 0x5, 0x3, 0x3, 0xfffffff9, 0x6, 0x80000001, 0x3, 0x10000, 0x80]}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_PEAKRATE64={0xc}]}, @TCA_TCINDEX_HASH={0x8}]}}, @filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x1c00}}, 0x0) [ 2600.981323][T27320] workingset_refault_anon 0 [ 2600.981323][T27320] workingset_refault_file 0 [ 2601.077545][T27320] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27320,uid=0 [ 2601.093658][T27320] Memory cgroup out of memory: Killed process 27320 (syz-executor.1) total-vm:54284kB, anon-rss:332kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 21:17:13 executing program 1: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0xeaf, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x5, 0xf000}]}}]}, 0x40}}, 0x0) [ 2601.468122][T27336] loop4: detected capacity change from 0 to 253983 [ 2601.534365][T27337] ===================================================== [ 2601.541477][T27337] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x54f/0x3da0 [ 2601.548840][T27337] ip_tunnel_xmit+0x54f/0x3da0 [ 2601.553791][T27337] ipgre_xmit+0x1242/0x12b0 [ 2601.558442][T27337] xmit_one+0x2e3/0x830 [ 2601.562854][T27337] dev_hard_start_xmit+0x185/0x410 [ 2601.568017][T27337] __dev_queue_xmit+0x21f5/0x3470 [ 2601.573409][T27337] dev_queue_xmit+0x4f/0x60 [ 2601.577959][T27337] __bpf_redirect+0x1122/0x1a80 [ 2601.583132][T27337] bpf_clone_redirect+0x4a6/0x670 [ 2601.588338][T27337] ___bpf_prog_run+0x93a/0xb300 [ 2601.593477][T27337] __bpf_prog_run512+0x125/0x190 [ 2601.598473][T27337] bpf_test_run+0x787/0x1080 [ 2601.603293][T27337] bpf_prog_test_run_skb+0x1769/0x21c0 [ 2601.608798][T27337] bpf_prog_test_run+0x788/0x820 [ 2601.614014][T27337] __sys_bpf+0x9ca/0x10b0 [ 2601.618406][T27337] __ia32_sys_bpf+0xe5/0x130 [ 2601.623243][T27337] __do_fast_syscall_32+0x95/0xf0 [ 2601.628319][T27337] do_fast_syscall_32+0x33/0x70 [ 2601.633575][T27337] do_SYSENTER_32+0x1b/0x20 [ 2601.638126][T27337] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 2601.644692][T27337] [ 2601.647032][T27337] Uninit was created at: [ 2601.651351][T27337] __kmalloc_node_track_caller+0xdee/0x14e0 [ 2601.657504][T27337] pskb_expand_head+0x271/0x1fc0 [ 2601.662659][T27337] skb_ensure_writable+0x505/0x5b0 [ 2601.667822][T27337] bpf_clone_redirect+0x25e/0x670 [ 2601.673095][T27337] ___bpf_prog_run+0x93a/0xb300 [ 2601.678000][T27337] __bpf_prog_run512+0x125/0x190 [ 2601.683214][T27337] bpf_test_run+0x787/0x1080 [ 2601.687842][T27337] bpf_prog_test_run_skb+0x1769/0x21c0 [ 2601.693539][T27337] bpf_prog_test_run+0x788/0x820 [ 2601.698522][T27337] __sys_bpf+0x9ca/0x10b0 [ 2601.703091][T27337] __ia32_sys_bpf+0xe5/0x130 [ 2601.707741][T27337] __do_fast_syscall_32+0x95/0xf0 [ 2601.712988][T27337] do_fast_syscall_32+0x33/0x70 [ 2601.717887][T27337] do_SYSENTER_32+0x1b/0x20 [ 2601.722618][T27337] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 2601.729000][T27337] [ 2601.731338][T27337] CPU: 1 PID: 27337 Comm: syz-executor.5 Tainted: G W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2601.743125][T27337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2601.753372][T27337] ===================================================== [ 2601.760316][T27337] Disabling lock debugging due to kernel taint [ 2601.766676][T27337] Kernel panic - not syncing: kmsan.panic set ... [ 2601.773109][T27337] CPU: 1 PID: 27337 Comm: syz-executor.5 Tainted: G B W 5.18.0-syzkaller-16253-g2f3064574275 #0 [ 2601.784702][T27337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2601.794821][T27337] Call Trace: [ 2601.798135][T27337] [ 2601.801089][T27337] dump_stack_lvl+0x200/0x28c [ 2601.805835][T27337] dump_stack+0x29/0x2c [ 2601.810044][T27337] panic+0x502/0xc7a [ 2601.814037][T27337] ? add_taint+0x185/0x210 [ 2601.818532][T27337] ? console_unlock+0x1bb0/0x20e0 [ 2601.823690][T27337] kmsan_report+0x2cc/0x2d0 [ 2601.828257][T27337] ? kmsan_internal_chain_origin+0x103/0x120 21:17:14 executing program 0: set_mempolicy(0x2, &(0x7f0000000200)=0x401, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x8}]}}}]}, 0x40}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x80, 0x0, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffff80000001}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={0x0, 0x28, &(0x7f0000000540)={0x0, 0x24}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x13, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x10, 0x6, 0x1000}}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e640000"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x4a, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r5}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_SLAVE2={0x8, 0x2, r6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) [ 2601.834296][T27337] ? __msan_warning+0x92/0x110 [ 2601.839118][T27337] ? ip_tunnel_xmit+0x54f/0x3da0 [ 2601.844099][T27337] ? ipgre_xmit+0x1242/0x12b0 [ 2601.848849][T27337] ? xmit_one+0x2e3/0x830 [ 2601.853201][T27337] ? dev_hard_start_xmit+0x185/0x410 [ 2601.858530][T27337] ? __dev_queue_xmit+0x21f5/0x3470 [ 2601.863771][T27337] ? dev_queue_xmit+0x4f/0x60 [ 2601.868490][T27337] ? __bpf_redirect+0x1122/0x1a80 [ 2601.873582][T27337] ? bpf_clone_redirect+0x4a6/0x670 [ 2601.878842][T27337] ? ___bpf_prog_run+0x93a/0xb300 [ 2601.883938][T27337] ? __bpf_prog_run512+0x125/0x190 [ 2601.889104][T27337] ? bpf_test_run+0x787/0x1080 [ 2601.894010][T27337] ? bpf_prog_test_run_skb+0x1769/0x21c0 [ 2601.899706][T27337] ? bpf_prog_test_run+0x788/0x820 [ 2601.904864][T27337] ? __sys_bpf+0x9ca/0x10b0 [ 2601.909428][T27337] ? __ia32_sys_bpf+0xe5/0x130 [ 2601.914250][T27337] ? __do_fast_syscall_32+0x95/0xf0 [ 2601.919498][T27337] ? do_fast_syscall_32+0x33/0x70 [ 2601.924574][T27337] ? do_SYSENTER_32+0x1b/0x20 [ 2601.929297][T27337] ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 2601.935962][T27337] ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 2601.942506][T27337] ? ip_tunnel_xmit+0xd3/0x3da0 [ 2601.947404][T27337] ? filter_irq_stacks+0xb9/0x230 [ 2601.952500][T27337] ? __stack_depot_save+0x21/0x4b0 [ 2601.957677][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2601.962864][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2601.968033][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2601.973546][T27337] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2601.979515][T27337] __msan_warning+0x92/0x110 [ 2601.984168][T27337] ip_tunnel_xmit+0x54f/0x3da0 [ 2601.988984][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2601.994184][T27337] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2602.000064][T27337] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2602.005975][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2602.011144][T27337] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2602.017023][T27337] ipgre_xmit+0x1242/0x12b0 [ 2602.021588][T27337] ? ipgre_close+0x290/0x290 [ 2602.026232][T27337] xmit_one+0x2e3/0x830 [ 2602.030433][T27337] dev_hard_start_xmit+0x185/0x410 [ 2602.035590][T27337] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2602.041472][T27337] __dev_queue_xmit+0x21f5/0x3470 [ 2602.046538][T27337] ? kmsan_internal_memmove_metadata+0x96/0x350 [ 2602.052842][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2602.058001][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2602.063183][T27337] dev_queue_xmit+0x4f/0x60 [ 2602.067821][T27337] __bpf_redirect+0x1122/0x1a80 [ 2602.072746][T27337] bpf_clone_redirect+0x4a6/0x670 [ 2602.077844][T27337] ? do_SYSENTER_32+0x1b/0x20 [ 2602.082596][T27337] ___bpf_prog_run+0x93a/0xb300 [ 2602.087608][T27337] ? bpf_csum_level+0x7b0/0x7b0 [ 2602.092531][T27337] __bpf_prog_run512+0x125/0x190 [ 2602.097562][T27337] ? do_SYSENTER_32+0x1b/0x20 [ 2602.102384][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2602.107560][T27337] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2602.113429][T27337] ? should_fail+0x79/0x9c0 [ 2602.117971][T27337] ? bpf_test_run+0x178/0x1080 [ 2602.122778][T27337] ? filter_irq_stacks+0xb9/0x230 [ 2602.127860][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2602.133025][T27337] ? kmsan_get_metadata+0x33/0x220 [ 2602.138189][T27337] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 2602.144041][T27337] ? bpf_test_timer_continue+0x23a/0x7d0 [ 2602.149703][T27337] ? kmsan_get_metadata+0x4d/0x220 [ 2602.154870][T27337] ? __bpf_prog_run480+0x190/0x190 [ 2602.160035][T27337] bpf_test_run+0x787/0x1080 [ 2602.164679][T27337] ? eth_type_trans+0x45d/0x9c0 [ 2602.169662][T27337] bpf_prog_test_run_skb+0x1769/0x21c0 [ 2602.175197][T27337] ? __bpf_prog_test_run_raw_tp+0x3a0/0x3a0 [ 2602.181141][T27337] bpf_prog_test_run+0x788/0x820 [ 2602.186133][T27337] __sys_bpf+0x9ca/0x10b0 [ 2602.190558][T27337] __ia32_sys_bpf+0xe5/0x130 [ 2602.195181][T27337] __do_fast_syscall_32+0x95/0xf0 [ 2602.200254][T27337] do_fast_syscall_32+0x33/0x70 [ 2602.205155][T27337] do_SYSENTER_32+0x1b/0x20 [ 2602.209718][T27337] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 2602.216109][T27337] RIP: 0023:0xf7f6b549 [ 2602.220194][T27337] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 [ 2602.239828][T27337] RSP: 002b:00000000f7f665cc EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 2602.248278][T27337] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000080 [ 2602.256287][T27337] RDX: 000000000000002c RSI: 0000000000000000 RDI: 0000000000000000 [ 2602.264307][T27337] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2602.272318][T27337] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2602.280408][T27337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2602.288434][T27337] [ 2602.291789][T27337] Kernel Offset: disabled [ 2602.296147][T27337] Rebooting in 86400 seconds..