last executing test programs: 49m27.821013104s ago: executing program 32 (id=11389): rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 49m21.836346443s ago: executing program 33 (id=11586): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00), 0x0, 0x0) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmmsg(r2, &(0x7f0000003800)=[{{&(0x7f0000000380)=@pppoe={0x18, 0x0, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 'veth0_to_bridge\x00'}}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003940)="475247c0", 0x4}], 0x1}}], 0x1, 0x8000000) 49m16.98043691s ago: executing program 34 (id=11726): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x11, 0x0, 0x0) 49m14.854119433s ago: executing program 35 (id=11797): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00), 0x0, 0x4) mlockall(0x7) 49m10.339710255s ago: executing program 8 (id=11989): rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='net_prio.prioidx\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) inotify_init() 49m10.312949547s ago: executing program 8 (id=11990): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10) r3 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0x0, 0xa8aaaafffeaaaa1e}, 0x8000}, 0x1c) 49m10.312469858s ago: executing program 8 (id=11991): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='net_prio.prioidx\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x2}}}, 0x108) 49m10.302407739s ago: executing program 8 (id=11992): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x89901) move_mount(r2, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 49m10.29133944s ago: executing program 8 (id=11993): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) 49m10.218701537s ago: executing program 8 (id=11995): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4) 49m10.218470907s ago: executing program 36 (id=11995): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4) 49m8.205924679s ago: executing program 2 (id=12083): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x4}, 0x8) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000002c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4004800) 49m8.152114444s ago: executing program 2 (id=12086): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) 49m8.134564746s ago: executing program 2 (id=12088): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d7, 0x5}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) 49m8.101909439s ago: executing program 2 (id=12090): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x89901) move_mount(r2, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 49m8.065321253s ago: executing program 2 (id=12092): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00), 0x0, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000004c0)={0x9, {{0xa, 0x4e24, 0x10001, @loopback, 0x2}}, 0x1}, 0x90) 49m7.965925823s ago: executing program 2 (id=12095): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x4}, 0x8) 49m7.901523159s ago: executing program 37 (id=12095): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x4}, 0x8) 49m6.322304378s ago: executing program 7 (id=12145): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$peeksig(0x4209, r2, 0x0, 0x0) 49m6.242082675s ago: executing program 7 (id=12146): syz_clone(0x48411, 0x0, 0x0, 0x0, 0x0, 0x0) 49m6.235704266s ago: executing program 7 (id=12148): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x4}, @fd, @fda={0x66646185, 0x0, 0x0, 0x26}}, &(0x7f0000000000)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 49m6.19620024s ago: executing program 7 (id=12150): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x89901) move_mount(r2, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 49m6.129382317s ago: executing program 7 (id=12154): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) timer_create(0x3, 0x0, &(0x7f00000000c0)) 49m6.004475599s ago: executing program 7 (id=12157): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x9, 0x0, 0x0) 49m5.980483102s ago: executing program 38 (id=12157): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x9, 0x0, 0x0) 49m2.997653931s ago: executing program 3 (id=12269): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x41720, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x1) 49m2.90549416s ago: executing program 3 (id=12276): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0xa) 49m2.859160274s ago: executing program 3 (id=12279): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e22, 0x2, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1a}}, 0x6}, 0x1c) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) 49m2.846062136s ago: executing program 3 (id=12281): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, 0x0, 0x0, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x89901) move_mount(r2, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 49m2.817918019s ago: executing program 3 (id=12283): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) 49m2.681134842s ago: executing program 3 (id=12288): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) timer_create(0x3, 0x0, &(0x7f00000000c0)) 49m2.619544249s ago: executing program 39 (id=12288): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) timer_create(0x3, 0x0, &(0x7f00000000c0)) 48m58.857480285s ago: executing program 9 (id=12466): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdir(&(0x7f0000000040)='./file0\x00', 0x6c) mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c) 48m58.841614917s ago: executing program 9 (id=12467): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 48m58.81097949s ago: executing program 9 (id=12468): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x4}, 0x8) sendmmsg$inet6(r1, &(0x7f00000002c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4004800) 48m58.773933604s ago: executing program 9 (id=12469): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x89901) move_mount(r2, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 48m58.756699646s ago: executing program 9 (id=12470): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0xa) 48m58.648629806s ago: executing program 9 (id=12471): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)={0x0, 0x0, 0x815, 0x13, 0xfffffffd, 0x4}) 48m58.644904886s ago: executing program 40 (id=12471): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)={0x0, 0x0, 0x815, 0x13, 0xfffffffd, 0x4}) 7.260485967s ago: executing program 6 (id=98644): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, 0x0, 0x0, 0x4) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) 5.479919485s ago: executing program 6 (id=98653): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 4.288141083s ago: executing program 6 (id=98663): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, 0x0, 0x0, 0x4) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) 3.741049308s ago: executing program 4 (id=98670): rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) dup2(r4, r5) 3.660588816s ago: executing program 4 (id=98671): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x1001]}, 0x8, 0x800) readv(r2, &(0x7f0000000180)=[{&(0x7f00000002c0)=""/235, 0xeb}], 0x1) 3.565551135s ago: executing program 4 (id=98675): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) rt_sigtimedwait(&(0x7f0000000040), 0x0, 0x0, 0x8) 3.565039395s ago: executing program 1 (id=98676): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, 0x0, 0x0, 0x4) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r2, 0x0, 0x200002e6) fcntl$setpipe(r2, 0x407, 0x7000000) 3.531713668s ago: executing program 1 (id=98677): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000100)={[0xfffffffffffffffc]}, 0x8) 3.531116509s ago: executing program 1 (id=98678): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) pread64(r0, 0x0, 0x0, 0xd37) 3.530826989s ago: executing program 1 (id=98679): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00), 0x0, 0x4) r2 = syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x8000) ioctl$EVIOCGABS3F(r2, 0x8018457f, 0x0) 3.022599699s ago: executing program 6 (id=98682): rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x7, 0xfe, 0xe1, 0xc, 0x6, 0xd9, 0x40, 0x41, 0xfb, 0x5e, 0xc, 0x0, 0x8, 0x40, 0x1, 0x5}}) 2.656537156s ago: executing program 4 (id=98684): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) 2.457735196s ago: executing program 0 (id=98688): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x8442, 0x50, 0x4}, 0x18) 2.428239789s ago: executing program 0 (id=98689): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000100)={[0xfffffffffffffffc]}, 0x8) 2.383855603s ago: executing program 0 (id=98690): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc00"/28], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) 2.383199903s ago: executing program 0 (id=98691): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 2.316826059s ago: executing program 0 (id=98692): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14"], 0x18, 0x81}, 0x4c800) 2.31661988s ago: executing program 4 (id=98693): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10) sendmmsg$inet(r2, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) 2.188886482s ago: executing program 4 (id=98695): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) 2.048722227s ago: executing program 6 (id=98699): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r2, 0x1, 0x22, &(0x7f0000000100)=0xfffffffc, 0x4) 1.357607335s ago: executing program 6 (id=98706): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) dup2(r4, r5) 1.244320006s ago: executing program 5 (id=98708): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r2, 0x0, 0x17, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r2, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10) recvmmsg(r2, &(0x7f000000e280), 0x58a, 0x42, 0x0) 659.784845ms ago: executing program 5 (id=98709): r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) 631.378487ms ago: executing program 1 (id=98680): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x40000034, 0x0, 0x8}]}) 498.556901ms ago: executing program 5 (id=98710): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441efde570d66400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x800001]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, 0x0, 0x0, 0x4) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4}, 0xe) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, 0x0, 0x0) 498.042241ms ago: executing program 5 (id=98711): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000540), 0x10) sendmsg$can_bcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="05000000"], 0x38}, 0x2}, 0x0) 497.683781ms ago: executing program 0 (id=98712): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x60, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @private=0xa010101}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x60}}, 0x0) 113.843369ms ago: executing program 5 (id=98713): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket(0x2, 0x1, 0x0) listen(r2, 0x0) shutdown(r2, 0x1) 321.8µs ago: executing program 5 (id=98714): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000000, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000fd41fd01020400003900120002002800000219002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0) 0s ago: executing program 1 (id=98715): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/locks\x00', 0x0, 0x0) pread64(r2, &(0x7f00000024c0)=""/209, 0xd1, 0x8) kernel console output (not intermixed with test programs): [T13925] shmem_getpage_gfp+0x8e8/0x2110 [ 3311.949852][T13925] ? shmem_xattr_handler_get+0x41/0x50 [ 3311.955303][T13925] shmem_write_begin+0xce/0x1b0 [ 3311.960152][T13925] generic_perform_write+0x2be/0x510 [ 3311.965428][T13925] ? atime_needs_update+0x5b0/0x5b0 [ 3311.970608][T13925] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3311.976388][T13925] ? file_remove_privs+0x580/0x580 [ 3311.981473][T13925] ? __kasan_check_write+0x14/0x20 [ 3311.986556][T13925] ? down_write+0xac/0x110 [ 3311.990946][T13925] __generic_file_write_iter+0x24b/0x480 [ 3311.996552][T13925] ? generic_write_checks+0x3d4/0x480 [ 3312.001897][T13925] generic_file_write_iter+0xa9/0x1d0 [ 3312.007240][T13925] vfs_write+0x725/0xd60 [ 3312.011458][T13925] ? __kasan_slab_free+0x11/0x20 [ 3312.016368][T13925] ? kernel_write+0x3c0/0x3c0 [ 3312.021109][T13925] ? mutex_trylock+0xa0/0xa0 [ 3312.025680][T13925] ? __fget_files+0x2c4/0x320 [ 3312.030337][T13925] ? __fdget_pos+0x2d2/0x380 [ 3312.034898][T13925] ? ksys_write+0x71/0x240 [ 3312.039371][T13925] ksys_write+0x140/0x240 [ 3312.043674][T13925] ? __ia32_sys_read+0x90/0x90 [ 3312.048413][T13925] ? __kasan_check_read+0x11/0x20 [ 3312.053408][T13925] __x64_sys_write+0x7b/0x90 [ 3312.058041][T13925] do_syscall_64+0x31/0x40 [ 3312.062450][T13925] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3312.068331][T13925] RIP: 0033:0x7fde365bc6c9 [ 3312.072725][T13925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3312.092400][T13925] RSP: 002b:00007fde35024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3312.100787][T13925] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3312.108739][T13925] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000004 [ 3312.116684][T13925] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3312.124627][T13925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3312.132582][T13925] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3312.147952][T13925] memory: usage 307200kB, limit 307200kB, failcnt 52486 [ 3312.159076][T13925] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3312.188274][T13925] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3312.205182][T13925] Memory cgroup stats for /syz6: [ 3312.205298][T13925] anon 118784 [ 3312.205298][T13925] file 313319424 [ 3312.205298][T13925] kernel_stack 0 [ 3312.205298][T13925] percpu 0 [ 3312.205298][T13925] sock 0 [ 3312.205298][T13925] shmem 246140928 [ 3312.205298][T13925] file_mapped 0 [ 3312.205298][T13925] file_dirty 0 [ 3312.205298][T13925] file_writeback 0 [ 3312.205298][T13925] anon_thp 0 [ 3312.205298][T13925] inactive_anon 247255040 [ 3312.205298][T13925] active_anon 270336 [ 3312.205298][T13925] inactive_file 20480 [ 3312.205298][T13925] active_file 69632 [ 3312.205298][T13925] unevictable 67227648 [ 3312.205298][T13925] slab_reclaimable 0 [ 3312.205298][T13925] slab_unreclaimable 0 [ 3312.205298][T13925] slab 0 [ 3312.205298][T13925] workingset_refault_anon 0 [ 3312.205298][T13925] workingset_refault_file 11649 [ 3312.205298][T13925] workingset_activate_anon 0 [ 3312.205298][T13925] workingset_activate_file 2937 [ 3312.205298][T13925] workingset_restore_anon 0 [ 3312.205298][T13925] workingset_restore_file 2607 [ 3312.302313][T13925] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98514,pid=13924,uid=0 [ 3312.328500][T13925] Memory cgroup out of memory: Killed process 13924 (syz.6.98514) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3312.358626][ T27] oom_reaper: reaped process 13924 (syz.6.98514), now anon-rss:0kB, file-rss:21128kB, shmem-rss:0kB [ 3312.369583][T13968] syz.0.98532 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3312.380676][T13968] CPU: 1 PID: 13968 Comm: syz.0.98532 Tainted: G W syzkaller #0 [ 3312.389618][T13968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3312.399655][T13968] Call Trace: [ 3312.402924][T13968] __dump_stack+0x21/0x24 [ 3312.407226][T13968] dump_stack_lvl+0x169/0x1d8 [ 3312.411874][T13968] ? show_regs_print_info+0x18/0x18 [ 3312.417044][T13968] ? ___ratelimit+0x3d1/0x560 [ 3312.421692][T13968] ? __kasan_check_write+0x14/0x20 [ 3312.426780][T13968] ? _raw_spin_lock+0x8e/0xe0 [ 3312.431430][T13968] dump_stack+0x15/0x1c [ 3312.435560][T13968] dump_header+0xdd/0x650 [ 3312.439860][T13968] oom_kill_process+0x1fa/0x2c0 [ 3312.444680][T13968] out_of_memory+0x94a/0xd70 [ 3312.449246][T13968] ? unregister_oom_notifier+0x20/0x20 [ 3312.454679][T13968] ? mutex_lock_killable+0xd3/0xe0 [ 3312.459767][T13968] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3312.466239][T13968] mem_cgroup_out_of_memory+0x260/0x310 [ 3312.471759][T13968] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3312.477276][T13968] ? _raw_spin_lock+0x8e/0xe0 [ 3312.481923][T13968] ? _raw_spin_trylock_bh+0x130/0x130 [ 3312.487266][T13968] ? _raw_spin_unlock+0x4d/0x70 [ 3312.492087][T13968] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3312.497602][T13968] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3312.502772][T13968] try_charge+0xf61/0x14e0 [ 3312.507163][T13968] ? __memcg_kmem_charge+0x140/0x140 [ 3312.512421][T13968] ? percpu_counter_add_batch+0x13c/0x160 [ 3312.518112][T13968] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3312.523629][T13968] __mem_cgroup_charge+0x14c/0x6d0 [ 3312.528717][T13968] shmem_add_to_page_cache+0x55e/0xe10 [ 3312.534148][T13968] ? shmem_alloc_page+0x300/0x300 [ 3312.539144][T13968] ? _raw_spin_lock_irqsave+0x110/0x110 [ 3312.544663][T13968] ? find_lock_entry+0x4b/0x200 [ 3312.549486][T13968] ? lru_cache_add+0x164/0x380 [ 3312.554342][T13968] ? shmem_getpage_gfp+0x8f3/0x2110 [ 3312.559517][T13968] shmem_getpage_gfp+0x8e8/0x2110 [ 3312.564520][T13968] shmem_write_begin+0xce/0x1b0 [ 3312.569349][T13968] generic_perform_write+0x2be/0x510 [ 3312.574614][T13968] ? atime_needs_update+0x5b0/0x5b0 [ 3312.579787][T13968] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3312.585565][T13968] ? file_remove_privs+0x580/0x580 [ 3312.590654][T13968] ? __kasan_check_write+0x14/0x20 [ 3312.595740][T13968] ? down_write+0xac/0x110 [ 3312.600129][T13968] __generic_file_write_iter+0x24b/0x480 [ 3312.605735][T13968] ? generic_write_checks+0x3d4/0x480 [ 3312.611077][T13968] generic_file_write_iter+0xa9/0x1d0 [ 3312.616420][T13968] __kernel_write+0x55a/0x910 [ 3312.621067][T13968] ? vfs_read+0xa10/0xa10 [ 3312.625368][T13968] ? populate_vma_page_range+0xf0/0xf0 [ 3312.630797][T13968] ? cgroup_freezing+0x86/0xb0 [ 3312.635530][T13968] ? freezing_slow_path+0x10a/0x150 [ 3312.640702][T13968] dump_emit+0x240/0x360 [ 3312.644919][T13968] ? wait_for_dump_helpers+0x390/0x390 [ 3312.650348][T13968] ? freezing_slow_path+0x10a/0x150 [ 3312.655517][T13968] dump_user_range+0x6a/0x1a0 [ 3312.660165][T13968] elf_core_dump+0x278a/0x2bc0 [ 3312.664902][T13968] ? load_elf_binary+0x2890/0x2890 [ 3312.669991][T13968] ? kvmalloc_node+0x88/0x130 [ 3312.674645][T13968] ? _raw_spin_unlock+0x4d/0x70 [ 3312.679469][T13968] ? cgroup_freezing+0x86/0xb0 [ 3312.684201][T13968] ? freezing_slow_path+0x10a/0x150 [ 3312.689367][T13968] do_coredump+0x1ac9/0x27f0 [ 3312.693933][T13968] ? simple_acl_create+0x1c0/0x1c0 [ 3312.699016][T13968] ? debug_smp_processor_id+0x17/0x20 [ 3312.704359][T13968] ? kmem_cache_free+0x100/0x2d0 [ 3312.709268][T13968] ? ____kasan_slab_free+0x130/0x160 [ 3312.714525][T13968] ? get_signal+0xb98/0x12e0 [ 3312.719088][T13968] ? kmem_cache_free+0x100/0x2d0 [ 3312.723998][T13968] get_signal+0xf23/0x12e0 [ 3312.728388][T13968] ? asm_exc_invalid_op+0xa/0x20 [ 3312.733295][T13968] arch_do_signal_or_restart+0xbf/0x10f0 [ 3312.738898][T13968] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 3312.744677][T13968] ? force_sig_info_to_task+0x26d/0x2e0 [ 3312.750279][T13968] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 3312.755883][T13968] ? force_sig_fault_to_task+0x110/0x110 [ 3312.761496][T13968] ? do_trap+0x117/0x2f0 [ 3312.765708][T13968] ? asm_exc_invalid_op+0xa/0x20 [ 3312.770621][T13968] exit_to_user_mode_loop+0xa2/0xe0 [ 3312.775792][T13968] exit_to_user_mode_prepare+0x76/0xa0 [ 3312.781221][T13968] irqentry_exit_to_user_mode+0x9/0x10 [ 3312.786654][T13968] irqentry_exit+0x12/0x60 [ 3312.791050][T13968] exc_invalid_op+0x3e/0x50 [ 3312.795527][T13968] asm_exc_invalid_op+0x12/0x20 [ 3312.800349][T13968] RIP: 0033:0x200000000000 [ 3312.804742][T13968] Code: Unable to access opcode bytes at RIP 0x1fffffffffd6. [ 3312.812077][T13968] RSP: 002b:00007f061018da78 EFLAGS: 00010246 [ 3312.818116][T13968] RAX: 0000000000000000 RBX: 00007f061197cfa0 RCX: 00007f06117266c9 [ 3312.826059][T13968] RDX: 00007f061018da80 RSI: 00007f061018dbb0 RDI: 000000000000000d [ 3312.834006][T13968] RBP: 00007f06117a8f91 R08: 0000000000000000 R09: 0000000000000000 [ 3312.841958][T13968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3312.849904][T13968] R13: 00007f061197d038 R14: 00007f061197cfa0 R15: 00007ffe46890ac8 [ 3312.930601][T13968] memory: usage 307200kB, limit 307200kB, failcnt 294487 [ 3312.948256][T13968] memory+swap: usage 330344kB, limit 9007199254740988kB, failcnt 0 [ 3312.957185][T13968] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3312.964367][T13968] Memory cgroup stats for /syz0: [ 3312.964701][T13968] anon 319488 [ 3312.964701][T13968] file 314130432 [ 3312.964701][T13968] kernel_stack 0 [ 3312.964701][T13968] percpu 0 [ 3312.964701][T13968] sock 0 [ 3312.964701][T13968] shmem 314130432 [ 3312.964701][T13968] file_mapped 135168 [ 3312.964701][T13968] file_dirty 0 [ 3312.964701][T13968] file_writeback 0 [ 3312.964701][T13968] anon_thp 0 [ 3312.964701][T13968] inactive_anon 314269696 [ 3312.964701][T13968] active_anon 135168 [ 3312.964701][T13968] inactive_file 200704 [ 3312.964701][T13968] active_file 143360 [ 3312.964701][T13968] unevictable 0 [ 3312.964701][T13968] slab_reclaimable 0 [ 3312.964701][T13968] slab_unreclaimable 0 [ 3312.964701][T13968] slab 0 [ 3312.964701][T13968] workingset_refault_anon 0 [ 3312.964701][T13968] workingset_refault_file 725340 [ 3312.964701][T13968] workingset_activate_anon 0 [ 3312.964701][T13968] workingset_activate_file 56727 [ 3312.964701][T13968] workingset_restore_anon 0 [ 3312.964701][T13968] workingset_restore_file 9669 [ 3313.110068][T13968] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.98532,pid=13965,uid=0 [ 3313.125359][T13968] Memory cgroup out of memory: Killed process 13965 (syz.0.98532) total-vm:93812kB, anon-rss:1324kB, file-rss:47628kB, shmem-rss:4kB, UID:0 pgtables:180kB oom_score_adj:1000 [ 3313.149325][ T27] oom_reaper: reaped process 13965 (syz.0.98532), now anon-rss:0kB, file-rss:46472kB, shmem-rss:4kB [ 3313.160984][T13985] syz.6.98540 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3313.188280][T13997] tipc: Enabling of bearer rejected, failed to enable media [ 3313.191652][T13985] CPU: 0 PID: 13985 Comm: syz.6.98540 Tainted: G W syzkaller #0 [ 3313.205462][T13985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3313.215504][T13985] Call Trace: [ 3313.218790][T13985] __dump_stack+0x21/0x24 [ 3313.223112][T13985] dump_stack_lvl+0x169/0x1d8 [ 3313.227956][T13985] ? show_regs_print_info+0x18/0x18 [ 3313.233139][T13985] ? ___ratelimit+0x3d1/0x560 [ 3313.237803][T13985] ? __kasan_check_write+0x14/0x20 [ 3313.242906][T13985] ? _raw_spin_lock+0x8e/0xe0 [ 3313.247571][T13985] dump_stack+0x15/0x1c [ 3313.251715][T13985] dump_header+0xdd/0x650 [ 3313.256033][T13985] oom_kill_process+0x1fa/0x2c0 [ 3313.260875][T13985] out_of_memory+0x94a/0xd70 [ 3313.265454][T13985] ? unregister_oom_notifier+0x20/0x20 [ 3313.270901][T13985] ? mutex_lock_killable+0xd3/0xe0 [ 3313.275999][T13985] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3313.282496][T13985] mem_cgroup_out_of_memory+0x260/0x310 [ 3313.288041][T13985] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3313.293584][T13985] ? _raw_spin_lock+0x8e/0xe0 [ 3313.298259][T13985] ? _raw_spin_trylock_bh+0x130/0x130 [ 3313.303626][T13985] ? _raw_spin_unlock+0x4d/0x70 [ 3313.308467][T13985] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3313.314002][T13985] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3313.319183][T13985] try_charge+0xf61/0x14e0 [ 3313.323596][T13985] ? __memcg_kmem_charge+0x140/0x140 [ 3313.328885][T13985] ? percpu_counter_add_batch+0x13c/0x160 [ 3313.334603][T13985] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3313.340143][T13985] __mem_cgroup_charge+0x14c/0x6d0 [ 3313.345253][T13985] shmem_add_to_page_cache+0x55e/0xe10 [ 3313.350706][T13985] ? shmem_alloc_page+0x300/0x300 [ 3313.355735][T13985] ? _raw_spin_lock+0x8e/0xe0 [ 3313.360407][T13985] ? find_lock_entry+0x4b/0x200 [ 3313.365244][T13985] shmem_getpage_gfp+0x8e8/0x2110 [ 3313.370253][T13985] ? shmem_xattr_handler_get+0x41/0x50 [ 3313.375687][T13985] shmem_write_begin+0xce/0x1b0 [ 3313.380510][T13985] generic_perform_write+0x2be/0x510 [ 3313.385769][T13985] ? atime_needs_update+0x5b0/0x5b0 [ 3313.390941][T13985] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3313.396717][T13985] ? file_remove_privs+0x580/0x580 [ 3313.401806][T13985] ? __kasan_check_write+0x14/0x20 [ 3313.406892][T13985] ? down_write+0xac/0x110 [ 3313.411283][T13985] __generic_file_write_iter+0x24b/0x480 [ 3313.416885][T13985] ? generic_write_checks+0x3d4/0x480 [ 3313.422228][T13985] generic_file_write_iter+0xa9/0x1d0 [ 3313.427573][T13985] vfs_write+0x725/0xd60 [ 3313.431787][T13985] ? __kasan_slab_free+0x11/0x20 [ 3313.436695][T13985] ? kernel_write+0x3c0/0x3c0 [ 3313.441343][T13985] ? mutex_trylock+0xa0/0xa0 [ 3313.445903][T13985] ? __fget_files+0x2c4/0x320 [ 3313.450556][T13985] ? __fdget_pos+0x2d2/0x380 [ 3313.455125][T13985] ? ksys_write+0x71/0x240 [ 3313.459513][T13985] ksys_write+0x140/0x240 [ 3313.463815][T13985] ? __ia32_sys_read+0x90/0x90 [ 3313.468549][T13985] ? __kasan_check_read+0x11/0x20 [ 3313.473546][T13985] __x64_sys_write+0x7b/0x90 [ 3313.478108][T13985] do_syscall_64+0x31/0x40 [ 3313.482497][T13985] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3313.488361][T13985] RIP: 0033:0x7fde365bc6c9 [ 3313.492753][T13985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3313.512339][T13985] RSP: 002b:00007fde35024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3313.520738][T13985] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3313.528688][T13985] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000004 [ 3313.536646][T13985] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3313.544596][T13985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3313.552542][T13985] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3313.748309][T13985] memory: usage 307200kB, limit 307200kB, failcnt 52544 [ 3313.755569][T13985] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3313.771022][T13985] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3313.778151][T13985] Memory cgroup stats for /syz6: [ 3313.778459][T13985] anon 118784 [ 3313.778459][T13985] file 313319424 [ 3313.778459][T13985] kernel_stack 0 [ 3313.778459][T13985] percpu 0 [ 3313.778459][T13985] sock 0 [ 3313.778459][T13985] shmem 246140928 [ 3313.778459][T13985] file_mapped 0 [ 3313.778459][T13985] file_dirty 0 [ 3313.778459][T13985] file_writeback 0 [ 3313.778459][T13985] anon_thp 0 [ 3313.778459][T13985] inactive_anon 247255040 [ 3313.778459][T13985] active_anon 270336 [ 3313.778459][T13985] inactive_file 20480 [ 3313.778459][T13985] active_file 69632 [ 3313.778459][T13985] unevictable 67227648 [ 3313.778459][T13985] slab_reclaimable 0 [ 3313.778459][T13985] slab_unreclaimable 0 [ 3313.778459][T13985] slab 0 [ 3313.778459][T13985] workingset_refault_anon 0 [ 3313.778459][T13985] workingset_refault_file 11649 [ 3313.778459][T13985] workingset_activate_anon 0 [ 3313.778459][T13985] workingset_activate_file 2937 [ 3313.778459][T13985] workingset_restore_anon 0 [ 3313.778459][T13985] workingset_restore_file 2607 [ 3313.874013][T13985] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98540,pid=13984,uid=0 [ 3313.913345][T13985] Memory cgroup out of memory: Killed process 13984 (syz.6.98540) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3313.939526][ T27] oom_reaper: reaped process 13984 (syz.6.98540), now anon-rss:0kB, file-rss:21128kB, shmem-rss:0kB [ 3313.958633][T13974] syz.4.98536 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3313.968808][T13974] CPU: 1 PID: 13974 Comm: syz.4.98536 Tainted: G W syzkaller #0 [ 3313.977734][T13974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3313.987778][T13974] Call Trace: [ 3313.991062][T13974] __dump_stack+0x21/0x24 [ 3313.995379][T13974] dump_stack_lvl+0x169/0x1d8 [ 3314.000045][T13974] ? show_regs_print_info+0x18/0x18 [ 3314.005225][T13974] ? ___ratelimit+0x3d1/0x560 [ 3314.009890][T13974] ? __kasan_check_write+0x14/0x20 [ 3314.014992][T13974] ? _raw_spin_lock+0x8e/0xe0 [ 3314.019654][T13974] dump_stack+0x15/0x1c [ 3314.023794][T13974] dump_header+0xdd/0x650 [ 3314.028114][T13974] oom_kill_process+0x1fa/0x2c0 [ 3314.033219][T13974] out_of_memory+0x94a/0xd70 [ 3314.037804][T13974] ? unregister_oom_notifier+0x20/0x20 [ 3314.043256][T13974] ? mutex_lock_killable+0xd3/0xe0 [ 3314.048376][T13974] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3314.054873][T13974] mem_cgroup_out_of_memory+0x260/0x310 [ 3314.060406][T13974] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3314.065931][T13974] ? _raw_spin_lock+0x8e/0xe0 [ 3314.070597][T13974] ? _raw_spin_trylock_bh+0x130/0x130 [ 3314.075952][T13974] ? _raw_spin_unlock+0x4d/0x70 [ 3314.080776][T13974] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3314.086290][T13974] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3314.091460][T13974] try_charge+0xf61/0x14e0 [ 3314.095847][T13974] ? __memcg_kmem_charge+0x140/0x140 [ 3314.101105][T13974] ? percpu_counter_add_batch+0x13c/0x160 [ 3314.106794][T13974] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3314.112311][T13974] __mem_cgroup_charge+0x14c/0x6d0 [ 3314.117393][T13974] shmem_add_to_page_cache+0x55e/0xe10 [ 3314.122823][T13974] ? shmem_alloc_page+0x300/0x300 [ 3314.127819][T13974] ? _raw_spin_lock_irqsave+0x110/0x110 [ 3314.133337][T13974] ? find_lock_entry+0x4b/0x200 [ 3314.138158][T13974] ? lru_cache_add+0x164/0x380 [ 3314.142903][T13974] ? shmem_getpage_gfp+0x8f3/0x2110 [ 3314.148071][T13974] shmem_getpage_gfp+0x8e8/0x2110 [ 3314.153070][T13974] shmem_write_begin+0xce/0x1b0 [ 3314.157912][T13974] generic_perform_write+0x2be/0x510 [ 3314.163169][T13974] ? atime_needs_update+0x5b0/0x5b0 [ 3314.168342][T13974] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3314.174121][T13974] ? file_remove_privs+0x580/0x580 [ 3314.179205][T13974] ? __kasan_check_write+0x14/0x20 [ 3314.184292][T13974] ? down_write+0xac/0x110 [ 3314.188679][T13974] __generic_file_write_iter+0x24b/0x480 [ 3314.194284][T13974] ? generic_write_checks+0x3d4/0x480 [ 3314.199630][T13974] generic_file_write_iter+0xa9/0x1d0 [ 3314.204975][T13974] __kernel_write+0x55a/0x910 [ 3314.209623][T13974] ? vfs_read+0xa10/0xa10 [ 3314.213925][T13974] ? populate_vma_page_range+0xf0/0xf0 [ 3314.219355][T13974] ? cgroup_freezing+0x86/0xb0 [ 3314.224090][T13974] ? freezing_slow_path+0x10a/0x150 [ 3314.229259][T13974] dump_emit+0x240/0x360 [ 3314.233477][T13974] ? wait_for_dump_helpers+0x390/0x390 [ 3314.238908][T13974] dump_user_range+0x6a/0x1a0 [ 3314.243563][T13974] elf_core_dump+0x278a/0x2bc0 [ 3314.248298][T13974] ? load_elf_binary+0x2890/0x2890 [ 3314.253384][T13974] ? kvmalloc_node+0x88/0x130 [ 3314.258046][T13974] ? _raw_spin_unlock+0x4d/0x70 [ 3314.262868][T13974] ? cgroup_freezing+0x86/0xb0 [ 3314.267601][T13974] ? freezing_slow_path+0x10a/0x150 [ 3314.272774][T13974] do_coredump+0x1ac9/0x27f0 [ 3314.277338][T13974] ? simple_acl_create+0x1c0/0x1c0 [ 3314.282428][T13974] ? debug_smp_processor_id+0x17/0x20 [ 3314.287771][T13974] ? kmem_cache_free+0x100/0x2d0 [ 3314.292683][T13974] ? ____kasan_slab_free+0x130/0x160 [ 3314.297940][T13974] ? get_signal+0xb98/0x12e0 [ 3314.302501][T13974] ? kmem_cache_free+0x100/0x2d0 [ 3314.307409][T13974] get_signal+0xf23/0x12e0 [ 3314.311803][T13974] ? asm_exc_invalid_op+0xa/0x20 [ 3314.316712][T13974] arch_do_signal_or_restart+0xbf/0x10f0 [ 3314.322322][T13974] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 3314.328100][T13974] ? force_sig_info_to_task+0x26d/0x2e0 [ 3314.333621][T13974] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 3314.339227][T13974] ? force_sig_fault_to_task+0x110/0x110 [ 3314.344832][T13974] ? do_trap+0x117/0x2f0 [ 3314.349047][T13974] ? asm_exc_invalid_op+0xa/0x20 [ 3314.353966][T13974] exit_to_user_mode_loop+0xa2/0xe0 [ 3314.359134][T13974] exit_to_user_mode_prepare+0x76/0xa0 [ 3314.364568][T13974] irqentry_exit_to_user_mode+0x9/0x10 [ 3314.369998][T13974] irqentry_exit+0x12/0x60 [ 3314.374387][T13974] exc_invalid_op+0x3e/0x50 [ 3314.378865][T13974] asm_exc_invalid_op+0x12/0x20 [ 3314.383689][T13974] RIP: 0033:0x200000000000 [ 3314.388079][T13974] Code: Unable to access opcode bytes at RIP 0x1fffffffffd6. [ 3314.395440][T13974] RSP: 002b:00007f491cf34a78 EFLAGS: 00010246 [ 3314.401479][T13974] RAX: 0000000000000000 RBX: 00007f491e723fa0 RCX: 00007f491e4cd6c9 [ 3314.409438][T13974] RDX: 00007f491cf34a80 RSI: 00007f491cf34bb0 RDI: 000000000000000d [ 3314.417381][T13974] RBP: 00007f491e54ff91 R08: 0000000000000000 R09: 0000000000000000 [ 3314.425324][T13974] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 3314.433268][T13974] R13: 00007f491e724038 R14: 00007f491e723fa0 R15: 00007ffcae0a36f8 [ 3314.455754][T13974] memory: usage 307200kB, limit 307200kB, failcnt 235822 [ 3314.463406][T13974] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 3314.471732][T13974] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3314.478718][T13974] Memory cgroup stats for /syz4: [ 3314.478837][T13974] anon 376832 [ 3314.478837][T13974] file 313995264 [ 3314.478837][T13974] kernel_stack 0 [ 3314.478837][T13974] percpu 0 [ 3314.478837][T13974] sock 0 [ 3314.478837][T13974] shmem 313995264 [ 3314.478837][T13974] file_mapped 135168 [ 3314.478837][T13974] file_dirty 135168 [ 3314.478837][T13974] file_writeback 0 [ 3314.478837][T13974] anon_thp 0 [ 3314.478837][T13974] inactive_anon 314339328 [ 3314.478837][T13974] active_anon 0 [ 3314.478837][T13974] inactive_file 196608 [ 3314.478837][T13974] active_file 180224 [ 3314.478837][T13974] unevictable 0 [ 3314.478837][T13974] slab_reclaimable 0 [ 3314.478837][T13974] slab_unreclaimable 0 [ 3314.478837][T13974] slab 0 [ 3314.478837][T13974] workingset_refault_anon 0 [ 3314.478837][T13974] workingset_refault_file 613668 [ 3314.478837][T13974] workingset_activate_anon 0 [ 3314.478837][T13974] workingset_activate_file 15378 [ 3314.478837][T13974] workingset_restore_anon 0 [ 3314.478837][T13974] workingset_restore_file 5907 [ 3314.576446][T13974] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.98536,pid=13973,uid=0 [ 3314.599301][T13974] Memory cgroup out of memory: Killed process 13973 (syz.4.98536) total-vm:93812kB, anon-rss:1320kB, file-rss:54368kB, shmem-rss:4kB, UID:0 pgtables:204kB oom_score_adj:1000 [ 3314.617748][ T27] oom_reaper: reaped process 13973 (syz.4.98536), now anon-rss:0kB, file-rss:53572kB, shmem-rss:4kB [ 3314.628628][T14054] syz.6.98571 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3314.646912][T14054] CPU: 1 PID: 14054 Comm: syz.6.98571 Tainted: G W syzkaller #0 [ 3314.655842][T14054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3314.665873][T14054] Call Trace: [ 3314.669153][T14054] __dump_stack+0x21/0x24 [ 3314.673460][T14054] dump_stack_lvl+0x169/0x1d8 [ 3314.678111][T14054] ? show_regs_print_info+0x18/0x18 [ 3314.683282][T14054] ? ___ratelimit+0x3d1/0x560 [ 3314.687936][T14054] ? __kasan_check_write+0x14/0x20 [ 3314.693024][T14054] ? _raw_spin_lock+0x8e/0xe0 [ 3314.697676][T14054] dump_stack+0x15/0x1c [ 3314.701805][T14054] dump_header+0xdd/0x650 [ 3314.706108][T14054] oom_kill_process+0x1fa/0x2c0 [ 3314.710929][T14054] out_of_memory+0x94a/0xd70 [ 3314.715493][T14054] ? unregister_oom_notifier+0x20/0x20 [ 3314.720922][T14054] ? mutex_lock_killable+0xd3/0xe0 [ 3314.726005][T14054] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3314.732497][T14054] mem_cgroup_out_of_memory+0x260/0x310 [ 3314.738016][T14054] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3314.743539][T14054] ? _raw_spin_lock+0x8e/0xe0 [ 3314.748191][T14054] ? _raw_spin_trylock_bh+0x130/0x130 [ 3314.753540][T14054] ? _raw_spin_unlock+0x4d/0x70 [ 3314.758363][T14054] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3314.763886][T14054] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3314.769058][T14054] try_charge+0xf61/0x14e0 [ 3314.773450][T14054] ? __memcg_kmem_charge+0x140/0x140 [ 3314.778709][T14054] ? percpu_counter_add_batch+0x13c/0x160 [ 3314.784405][T14054] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3314.789924][T14054] __mem_cgroup_charge+0x14c/0x6d0 [ 3314.795012][T14054] shmem_add_to_page_cache+0x55e/0xe10 [ 3314.800444][T14054] ? shmem_alloc_page+0x300/0x300 [ 3314.805443][T14054] ? _raw_spin_lock+0x8e/0xe0 [ 3314.810094][T14054] ? find_lock_entry+0x4b/0x200 [ 3314.814922][T14054] shmem_getpage_gfp+0x8e8/0x2110 [ 3314.819921][T14054] ? shmem_xattr_handler_get+0x41/0x50 [ 3314.825354][T14054] shmem_write_begin+0xce/0x1b0 [ 3314.830179][T14054] generic_perform_write+0x2be/0x510 [ 3314.835439][T14054] ? atime_needs_update+0x5b0/0x5b0 [ 3314.840615][T14054] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3314.846397][T14054] ? file_remove_privs+0x580/0x580 [ 3314.851481][T14054] ? __kasan_check_write+0x14/0x20 [ 3314.856564][T14054] ? down_write+0xac/0x110 [ 3314.860953][T14054] __generic_file_write_iter+0x24b/0x480 [ 3314.866558][T14054] ? generic_write_checks+0x3d4/0x480 [ 3314.871905][T14054] generic_file_write_iter+0xa9/0x1d0 [ 3314.877250][T14054] vfs_write+0x725/0xd60 [ 3314.881466][T14054] ? __kasan_slab_free+0x11/0x20 [ 3314.886375][T14054] ? kernel_write+0x3c0/0x3c0 [ 3314.891025][T14054] ? mutex_trylock+0xa0/0xa0 [ 3314.895597][T14054] ? __fget_files+0x2c4/0x320 [ 3314.900245][T14054] ? __fdget_pos+0x2d2/0x380 [ 3314.904807][T14054] ? ksys_write+0x71/0x240 [ 3314.909202][T14054] ksys_write+0x140/0x240 [ 3314.913506][T14054] ? __ia32_sys_read+0x90/0x90 [ 3314.918245][T14054] ? __kasan_check_read+0x11/0x20 [ 3314.923240][T14054] __x64_sys_write+0x7b/0x90 [ 3314.927802][T14054] do_syscall_64+0x31/0x40 [ 3314.932196][T14054] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3314.938062][T14054] RIP: 0033:0x7fde365bc6c9 [ 3314.942454][T14054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3314.962032][T14054] RSP: 002b:00007fde35024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3314.970420][T14054] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3314.978364][T14054] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 000000000000000b [ 3314.986313][T14054] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3314.994260][T14054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3315.002206][T14054] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3315.023446][T14054] memory: usage 307200kB, limit 307200kB, failcnt 52644 [ 3315.032705][T14054] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3315.047272][T14054] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3315.060761][T14054] Memory cgroup stats for /syz6: [ 3315.060878][T14054] anon 118784 [ 3315.060878][T14054] file 313319424 [ 3315.060878][T14054] kernel_stack 0 [ 3315.060878][T14054] percpu 0 [ 3315.060878][T14054] sock 0 [ 3315.060878][T14054] shmem 246140928 [ 3315.060878][T14054] file_mapped 0 [ 3315.060878][T14054] file_dirty 0 [ 3315.060878][T14054] file_writeback 0 [ 3315.060878][T14054] anon_thp 0 [ 3315.060878][T14054] inactive_anon 247255040 [ 3315.060878][T14054] active_anon 270336 [ 3315.060878][T14054] inactive_file 20480 [ 3315.060878][T14054] active_file 69632 [ 3315.060878][T14054] unevictable 67227648 [ 3315.060878][T14054] slab_reclaimable 0 [ 3315.060878][T14054] slab_unreclaimable 0 [ 3315.060878][T14054] slab 0 [ 3315.060878][T14054] workingset_refault_anon 0 [ 3315.060878][T14054] workingset_refault_file 11649 [ 3315.060878][T14054] workingset_activate_anon 0 [ 3315.060878][T14054] workingset_activate_file 2937 [ 3315.060878][T14054] workingset_restore_anon 0 [ 3315.060878][T14054] workingset_restore_file 2607 [ 3315.280609][T14054] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98571,pid=14048,uid=0 [ 3315.310691][T14054] Memory cgroup out of memory: Killed process 14048 (syz.6.98571) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3315.347299][ T27] oom_reaper: reaped process 14048 (syz.6.98571), now anon-rss:0kB, file-rss:20740kB, shmem-rss:0kB [ 3315.401338][T14100] syz.6.98596 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3315.430673][T14100] CPU: 1 PID: 14100 Comm: syz.6.98596 Tainted: G W syzkaller #0 [ 3315.439629][T14100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3315.449680][T14100] Call Trace: [ 3315.452974][T14100] __dump_stack+0x21/0x24 [ 3315.457306][T14100] dump_stack_lvl+0x169/0x1d8 [ 3315.461986][T14100] ? show_regs_print_info+0x18/0x18 [ 3315.467184][T14100] ? ___ratelimit+0x3d1/0x560 [ 3315.471859][T14100] ? __kasan_check_write+0x14/0x20 [ 3315.476965][T14100] ? _raw_spin_lock+0x8e/0xe0 [ 3315.481678][T14100] dump_stack+0x15/0x1c [ 3315.485831][T14100] dump_header+0xdd/0x650 [ 3315.490154][T14100] oom_kill_process+0x1fa/0x2c0 [ 3315.495002][T14100] out_of_memory+0x94a/0xd70 [ 3315.499583][T14100] ? unregister_oom_notifier+0x20/0x20 [ 3315.505030][T14100] ? mutex_lock_killable+0x8c/0xe0 [ 3315.510128][T14100] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3315.516708][T14100] mem_cgroup_out_of_memory+0x260/0x310 [ 3315.522249][T14100] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3315.527788][T14100] ? _raw_spin_lock+0x8e/0xe0 [ 3315.532455][T14100] ? _raw_spin_trylock_bh+0x130/0x130 [ 3315.537822][T14100] ? _raw_spin_unlock+0x4d/0x70 [ 3315.542667][T14100] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3315.548205][T14100] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3315.553399][T14100] try_charge+0xf61/0x14e0 [ 3315.557813][T14100] ? __memcg_kmem_charge+0x140/0x140 [ 3315.563096][T14100] ? percpu_counter_add_batch+0x13c/0x160 [ 3315.568815][T14100] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3315.574355][T14100] __mem_cgroup_charge+0x14c/0x6d0 [ 3315.579465][T14100] shmem_add_to_page_cache+0x55e/0xe10 [ 3315.584931][T14100] ? shmem_alloc_page+0x300/0x300 [ 3315.589950][T14100] ? _raw_spin_lock+0x8e/0xe0 [ 3315.594620][T14100] ? find_lock_entry+0x4b/0x200 [ 3315.599467][T14100] shmem_getpage_gfp+0x8e8/0x2110 [ 3315.604501][T14100] ? shmem_xattr_handler_get+0x41/0x50 [ 3315.609957][T14100] shmem_write_begin+0xce/0x1b0 [ 3315.614802][T14100] generic_perform_write+0x2be/0x510 [ 3315.620083][T14100] ? atime_needs_update+0x5b0/0x5b0 [ 3315.625282][T14100] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3315.631087][T14100] ? file_remove_privs+0x580/0x580 [ 3315.636202][T14100] ? __kasan_check_write+0x14/0x20 [ 3315.641312][T14100] ? down_write+0xac/0x110 [ 3315.645729][T14100] __generic_file_write_iter+0x24b/0x480 [ 3315.651403][T14100] ? generic_write_checks+0x3d4/0x480 [ 3315.656768][T14100] generic_file_write_iter+0xa9/0x1d0 [ 3315.662133][T14100] vfs_write+0x725/0xd60 [ 3315.666382][T14100] ? __kasan_slab_free+0x11/0x20 [ 3315.671317][T14100] ? kernel_write+0x3c0/0x3c0 [ 3315.675997][T14100] ? mutex_trylock+0xa0/0xa0 [ 3315.680582][T14100] ? __fget_files+0x2c4/0x320 [ 3315.685255][T14100] ? __fdget_pos+0x2d2/0x380 [ 3315.689838][T14100] ? ksys_write+0x71/0x240 [ 3315.694246][T14100] ksys_write+0x140/0x240 [ 3315.698572][T14100] ? __ia32_sys_read+0x90/0x90 [ 3315.703334][T14100] ? __kasan_check_read+0x11/0x20 [ 3315.708352][T14100] __x64_sys_write+0x7b/0x90 [ 3315.712943][T14100] do_syscall_64+0x31/0x40 [ 3315.717360][T14100] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3315.723245][T14100] RIP: 0033:0x7fde365bc6c9 [ 3315.727654][T14100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3315.747254][T14100] RSP: 002b:00007fde35024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3315.755667][T14100] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3315.763638][T14100] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000004 [ 3315.771608][T14100] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3315.779574][T14100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3315.787541][T14100] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3315.803649][T14100] memory: usage 307200kB, limit 307200kB, failcnt 52692 [ 3315.810668][T14100] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3315.830683][T14100] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3315.837862][T14100] Memory cgroup stats for /syz6: [ 3315.837981][T14100] anon 118784 [ 3315.837981][T14100] file 313319424 [ 3315.837981][T14100] kernel_stack 0 [ 3315.837981][T14100] percpu 0 [ 3315.837981][T14100] sock 0 [ 3315.837981][T14100] shmem 246140928 [ 3315.837981][T14100] file_mapped 0 [ 3315.837981][T14100] file_dirty 0 [ 3315.837981][T14100] file_writeback 0 [ 3315.837981][T14100] anon_thp 0 [ 3315.837981][T14100] inactive_anon 247255040 [ 3315.837981][T14100] active_anon 270336 [ 3315.837981][T14100] inactive_file 20480 [ 3315.837981][T14100] active_file 69632 [ 3315.837981][T14100] unevictable 67227648 [ 3315.837981][T14100] slab_reclaimable 0 [ 3315.837981][T14100] slab_unreclaimable 0 [ 3315.837981][T14100] slab 0 [ 3315.837981][T14100] workingset_refault_anon 0 [ 3315.837981][T14100] workingset_refault_file 11649 [ 3315.837981][T14100] workingset_activate_anon 0 [ 3315.837981][T14100] workingset_activate_file 2937 [ 3315.837981][T14100] workingset_restore_anon 0 [ 3315.837981][T14100] workingset_restore_file 2607 [ 3315.940109][T14100] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98596,pid=14099,uid=0 [ 3315.955505][T14100] Memory cgroup out of memory: Killed process 14099 (syz.6.98596) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3316.000190][ T27] oom_reaper: reaped process 14099 (syz.6.98596), now anon-rss:0kB, file-rss:21128kB, shmem-rss:0kB [ 3316.043083][T14126] syz.6.98609 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3316.070603][T14126] CPU: 1 PID: 14126 Comm: syz.6.98609 Tainted: G W syzkaller #0 [ 3316.079556][T14126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3316.089598][T14126] Call Trace: [ 3316.092869][T14126] __dump_stack+0x21/0x24 [ 3316.097173][T14126] dump_stack_lvl+0x169/0x1d8 [ 3316.101823][T14126] ? show_regs_print_info+0x18/0x18 [ 3316.106996][T14126] ? ___ratelimit+0x3d1/0x560 [ 3316.111650][T14126] ? __kasan_check_write+0x14/0x20 [ 3316.116738][T14126] ? _raw_spin_lock+0x8e/0xe0 [ 3316.121390][T14126] dump_stack+0x15/0x1c [ 3316.125531][T14126] dump_header+0xdd/0x650 [ 3316.129839][T14126] oom_kill_process+0x1fa/0x2c0 [ 3316.134665][T14126] out_of_memory+0x94a/0xd70 [ 3316.139230][T14126] ? unregister_oom_notifier+0x20/0x20 [ 3316.144664][T14126] ? mutex_lock_killable+0x8c/0xe0 [ 3316.149760][T14126] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3316.156236][T14126] mem_cgroup_out_of_memory+0x260/0x310 [ 3316.161754][T14126] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3316.167270][T14126] ? _raw_spin_lock+0x8e/0xe0 [ 3316.171919][T14126] ? _raw_spin_trylock_bh+0x130/0x130 [ 3316.177263][T14126] ? _raw_spin_unlock+0x4d/0x70 [ 3316.182091][T14126] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3316.187608][T14126] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3316.192780][T14126] try_charge+0xf61/0x14e0 [ 3316.197173][T14126] ? __memcg_kmem_charge+0x140/0x140 [ 3316.202439][T14126] ? percpu_counter_add_batch+0x13c/0x160 [ 3316.208131][T14126] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3316.213649][T14126] __mem_cgroup_charge+0x14c/0x6d0 [ 3316.218740][T14126] shmem_add_to_page_cache+0x55e/0xe10 [ 3316.224171][T14126] ? shmem_alloc_page+0x300/0x300 [ 3316.229168][T14126] ? _raw_spin_lock+0x8e/0xe0 [ 3316.233820][T14126] ? find_lock_entry+0x4b/0x200 [ 3316.238643][T14126] shmem_getpage_gfp+0x8e8/0x2110 [ 3316.243643][T14126] ? shmem_xattr_handler_get+0x41/0x50 [ 3316.249080][T14126] shmem_write_begin+0xce/0x1b0 [ 3316.253906][T14126] generic_perform_write+0x2be/0x510 [ 3316.259162][T14126] ? atime_needs_update+0x5b0/0x5b0 [ 3316.264335][T14126] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3316.270123][T14126] ? file_remove_privs+0x580/0x580 [ 3316.275205][T14126] ? __kasan_check_write+0x14/0x20 [ 3316.280296][T14126] ? down_write+0xac/0x110 [ 3316.284695][T14126] __generic_file_write_iter+0x24b/0x480 [ 3316.290300][T14126] ? generic_write_checks+0x3d4/0x480 [ 3316.295646][T14126] generic_file_write_iter+0xa9/0x1d0 [ 3316.300993][T14126] vfs_write+0x725/0xd60 [ 3316.305211][T14126] ? __kasan_slab_free+0x11/0x20 [ 3316.310119][T14126] ? kernel_write+0x3c0/0x3c0 [ 3316.314771][T14126] ? mutex_trylock+0xa0/0xa0 [ 3316.319335][T14126] ? __fget_files+0x2c4/0x320 [ 3316.323984][T14126] ? __fdget_pos+0x2d2/0x380 [ 3316.328545][T14126] ? ksys_write+0x71/0x240 [ 3316.332933][T14126] ksys_write+0x140/0x240 [ 3316.337233][T14126] ? __ia32_sys_read+0x90/0x90 [ 3316.341974][T14126] ? __kasan_check_read+0x11/0x20 [ 3316.346972][T14126] __x64_sys_write+0x7b/0x90 [ 3316.351538][T14126] do_syscall_64+0x31/0x40 [ 3316.355930][T14126] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3316.361794][T14126] RIP: 0033:0x7fde365bc6c9 [ 3316.366212][T14126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3316.385793][T14126] RSP: 002b:00007fde35024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3316.394180][T14126] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3316.402123][T14126] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000004 [ 3316.410068][T14126] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3316.418013][T14126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3316.425958][T14126] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3316.559298][T14146] netlink: 36 bytes leftover after parsing attributes in process `syz.0.98617'. [ 3316.588693][T14146] netlink: 12 bytes leftover after parsing attributes in process `syz.0.98617'. [ 3316.608910][T14146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98617'. [ 3316.624986][T14126] memory: usage 307200kB, limit 307200kB, failcnt 52787 [ 3316.629122][T14146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98617'. [ 3316.662434][T14126] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3316.693452][T14126] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3316.719970][T14126] Memory cgroup stats for /syz6: [ 3316.720088][T14126] anon 0 [ 3316.720088][T14126] file 313319424 [ 3316.720088][T14126] kernel_stack 0 [ 3316.720088][T14126] percpu 0 [ 3316.720088][T14126] sock 0 [ 3316.720088][T14126] shmem 246140928 [ 3316.720088][T14126] file_mapped 0 [ 3316.720088][T14126] file_dirty 0 [ 3316.720088][T14126] file_writeback 0 [ 3316.720088][T14126] anon_thp 0 [ 3316.720088][T14126] inactive_anon 247119872 [ 3316.720088][T14126] active_anon 270336 [ 3316.720088][T14126] inactive_file 20480 [ 3316.720088][T14126] active_file 69632 [ 3316.720088][T14126] unevictable 67227648 [ 3316.720088][T14126] slab_reclaimable 0 [ 3316.720088][T14126] slab_unreclaimable 0 [ 3316.720088][T14126] slab 0 [ 3316.720088][T14126] workingset_refault_anon 0 [ 3316.720088][T14126] workingset_refault_file 11649 [ 3316.720088][T14126] workingset_activate_anon 0 [ 3316.720088][T14126] workingset_activate_file 2937 [ 3316.720088][T14126] workingset_restore_anon 0 [ 3316.720088][T14126] workingset_restore_file 2607 [ 3316.849291][T14164] kvm [14163]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x9d00 [ 3316.859149][T14164] kvm [14163]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x9d00 [ 3316.944449][T14126] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98609,pid=14125,uid=0 [ 3316.960717][T14126] Memory cgroup out of memory: Killed process 14125 (syz.6.98609) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3316.979492][ T27] oom_reaper: reaped process 14125 (syz.6.98609), now anon-rss:0kB, file-rss:20740kB, shmem-rss:0kB [ 3316.991317][T14121] syz.4.98607 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3317.015256][T14121] CPU: 0 PID: 14121 Comm: syz.4.98607 Tainted: G W syzkaller #0 [ 3317.024214][T14121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3317.034345][T14121] Call Trace: [ 3317.037654][T14121] __dump_stack+0x21/0x24 [ 3317.041982][T14121] dump_stack_lvl+0x169/0x1d8 [ 3317.046659][T14121] ? show_regs_print_info+0x18/0x18 [ 3317.051858][T14121] ? ___ratelimit+0x3d1/0x560 [ 3317.056530][T14121] ? _raw_spin_lock+0x8e/0xe0 [ 3317.061374][T14121] dump_stack+0x15/0x1c [ 3317.065524][T14121] dump_header+0xdd/0x650 [ 3317.069844][T14121] oom_kill_process+0x1fa/0x2c0 [ 3317.074692][T14121] out_of_memory+0x94a/0xd70 [ 3317.079289][T14121] ? unregister_oom_notifier+0x20/0x20 [ 3317.084746][T14121] ? mutex_lock_killable+0xd3/0xe0 [ 3317.089854][T14121] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3317.096447][T14121] mem_cgroup_out_of_memory+0x260/0x310 [ 3317.101995][T14121] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3317.107546][T14121] ? _raw_spin_lock+0x8e/0xe0 [ 3317.112228][T14121] ? _raw_spin_trylock_bh+0x130/0x130 [ 3317.117602][T14121] ? _raw_spin_unlock+0x4d/0x70 [ 3317.122460][T14121] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3317.128004][T14121] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3317.133224][T14121] try_charge+0xf61/0x14e0 [ 3317.137645][T14121] ? __memcg_kmem_charge+0x140/0x140 [ 3317.142931][T14121] ? percpu_counter_add_batch+0x13c/0x160 [ 3317.148653][T14121] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3317.154198][T14121] __mem_cgroup_charge+0x14c/0x6d0 [ 3317.159312][T14121] shmem_add_to_page_cache+0x55e/0xe10 [ 3317.164765][T14121] ? shmem_alloc_page+0x300/0x300 [ 3317.169773][T14121] ? _raw_spin_lock_irqsave+0x110/0x110 [ 3317.175312][T14121] ? find_lock_entry+0x4b/0x200 [ 3317.180162][T14121] ? lru_cache_add+0x164/0x380 [ 3317.184921][T14121] ? shmem_getpage_gfp+0x8f3/0x2110 [ 3317.190111][T14121] shmem_getpage_gfp+0x8e8/0x2110 [ 3317.195131][T14121] shmem_write_begin+0xce/0x1b0 [ 3317.199976][T14121] generic_perform_write+0x2be/0x510 [ 3317.205248][T14121] ? preempt_count_add+0x90/0x1b0 [ 3317.210261][T14121] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3317.216070][T14121] ? file_remove_privs+0x580/0x580 [ 3317.221171][T14121] ? __kasan_check_write+0x14/0x20 [ 3317.226269][T14121] ? down_write+0xac/0x110 [ 3317.230686][T14121] __generic_file_write_iter+0x24b/0x480 [ 3317.236309][T14121] ? generic_write_checks+0x3d4/0x480 [ 3317.241671][T14121] generic_file_write_iter+0xa9/0x1d0 [ 3317.247049][T14121] __kernel_write+0x55a/0x910 [ 3317.251714][T14121] ? vfs_read+0xa10/0xa10 [ 3317.256031][T14121] ? populate_vma_page_range+0xf0/0xf0 [ 3317.261479][T14121] ? cgroup_freezing+0x86/0xb0 [ 3317.266243][T14121] ? freezing_slow_path+0x10a/0x150 [ 3317.271429][T14121] dump_emit+0x240/0x360 [ 3317.275664][T14121] ? wait_for_dump_helpers+0x390/0x390 [ 3317.281111][T14121] dump_user_range+0x6a/0x1a0 [ 3317.285775][T14121] elf_core_dump+0x278a/0x2bc0 [ 3317.290526][T14121] ? load_elf_binary+0x2890/0x2890 [ 3317.295629][T14121] ? kvmalloc_node+0x88/0x130 [ 3317.300307][T14121] ? _raw_spin_unlock+0x4d/0x70 [ 3317.305324][T14121] ? cgroup_freezing+0x86/0xb0 [ 3317.310101][T14121] ? freezing_slow_path+0x10a/0x150 [ 3317.315283][T14121] do_coredump+0x1ac9/0x27f0 [ 3317.319858][T14121] ? simple_acl_create+0x1c0/0x1c0 [ 3317.324949][T14121] ? debug_smp_processor_id+0x17/0x20 [ 3317.330296][T14121] ? kmem_cache_free+0x100/0x2d0 [ 3317.335203][T14121] ? ____kasan_slab_free+0x130/0x160 [ 3317.340463][T14121] ? get_signal+0xb98/0x12e0 [ 3317.345025][T14121] ? kmem_cache_free+0x100/0x2d0 [ 3317.349935][T14121] get_signal+0xf23/0x12e0 [ 3317.354415][T14121] ? asm_exc_invalid_op+0xa/0x20 [ 3317.359326][T14121] arch_do_signal_or_restart+0xbf/0x10f0 [ 3317.364933][T14121] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 3317.370711][T14121] ? force_sig_info_to_task+0x26d/0x2e0 [ 3317.376227][T14121] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 3317.381828][T14121] ? force_sig_fault_to_task+0x110/0x110 [ 3317.387433][T14121] ? do_trap+0x117/0x2f0 [ 3317.391649][T14121] ? asm_exc_invalid_op+0xa/0x20 [ 3317.396564][T14121] exit_to_user_mode_loop+0xa2/0xe0 [ 3317.401732][T14121] exit_to_user_mode_prepare+0x76/0xa0 [ 3317.407161][T14121] irqentry_exit_to_user_mode+0x9/0x10 [ 3317.412592][T14121] irqentry_exit+0x12/0x60 [ 3317.416978][T14121] exc_invalid_op+0x3e/0x50 [ 3317.421451][T14121] asm_exc_invalid_op+0x12/0x20 [ 3317.426360][T14121] RIP: 0033:0x200000000000 [ 3317.430751][T14121] Code: Unable to access opcode bytes at RIP 0x1fffffffffd6. [ 3317.438099][T14121] RSP: 002b:00007f491cf34a78 EFLAGS: 00010246 [ 3317.444137][T14121] RAX: 0000000000000000 RBX: 00007f491e723fa0 RCX: 00007f491e4cd6c9 [ 3317.452081][T14121] RDX: 00007f491cf34a80 RSI: 00007f491cf34bb0 RDI: 000000000000000d [ 3317.460029][T14121] RBP: 00007f491e54ff91 R08: 0000000000000000 R09: 0000000000000000 [ 3317.467972][T14121] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 3317.475917][T14121] R13: 00007f491e724038 R14: 00007f491e723fa0 R15: 00007ffcae0a36f8 [ 3317.484171][T14121] memory: usage 307200kB, limit 307200kB, failcnt 236544 [ 3317.494068][T14121] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 3317.503641][T14121] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3317.530610][T14121] Memory cgroup stats for /syz4: [ 3317.530767][T14121] anon 241664 [ 3317.530767][T14121] file 314130432 [ 3317.530767][T14121] kernel_stack 0 [ 3317.530767][T14121] percpu 0 [ 3317.530767][T14121] sock 0 [ 3317.530767][T14121] shmem 314265600 [ 3317.530767][T14121] file_mapped 135168 [ 3317.530767][T14121] file_dirty 135168 [ 3317.530767][T14121] file_writeback 0 [ 3317.530767][T14121] anon_thp 0 [ 3317.530767][T14121] inactive_anon 314339328 [ 3317.530767][T14121] active_anon 0 [ 3317.530767][T14121] inactive_file 196608 [ 3317.530767][T14121] active_file 180224 [ 3317.530767][T14121] unevictable 0 [ 3317.530767][T14121] slab_reclaimable 0 [ 3317.530767][T14121] slab_unreclaimable 0 [ 3317.530767][T14121] slab 0 [ 3317.530767][T14121] workingset_refault_anon 0 [ 3317.530767][T14121] workingset_refault_file 615681 [ 3317.530767][T14121] workingset_activate_anon 0 [ 3317.530767][T14121] workingset_activate_file 15378 [ 3317.530767][T14121] workingset_restore_anon 0 [ 3317.530767][T14121] workingset_restore_file 5907 [ 3317.625858][T14121] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.98607,pid=14119,uid=0 [ 3317.650954][T14121] Memory cgroup out of memory: Killed process 14119 (syz.4.98607) total-vm:93812kB, anon-rss:1324kB, file-rss:54300kB, shmem-rss:4kB, UID:0 pgtables:204kB oom_score_adj:1000 [ 3317.680143][ T27] oom_reaper: reaped process 14119 (syz.4.98607), now anon-rss:0kB, file-rss:53236kB, shmem-rss:4kB [ 3317.691335][T14171] syz.6.98628 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3317.701834][T14171] CPU: 1 PID: 14171 Comm: syz.6.98628 Tainted: G W syzkaller #0 [ 3317.710766][T14171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3317.720815][T14171] Call Trace: [ 3317.724102][T14171] __dump_stack+0x21/0x24 [ 3317.728427][T14171] dump_stack_lvl+0x169/0x1d8 [ 3317.733093][T14171] ? show_regs_print_info+0x18/0x18 [ 3317.738277][T14171] ? ___ratelimit+0x3d1/0x560 [ 3317.742946][T14171] ? __kasan_check_write+0x14/0x20 [ 3317.748166][T14171] ? _raw_spin_lock+0x8e/0xe0 [ 3317.752823][T14171] dump_stack+0x15/0x1c [ 3317.756953][T14171] dump_header+0xdd/0x650 [ 3317.761260][T14171] oom_kill_process+0x1fa/0x2c0 [ 3317.766084][T14171] out_of_memory+0x94a/0xd70 [ 3317.770648][T14171] ? unregister_oom_notifier+0x20/0x20 [ 3317.776087][T14171] ? mutex_lock_killable+0xd3/0xe0 [ 3317.781206][T14171] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3317.787855][T14171] mem_cgroup_out_of_memory+0x260/0x310 [ 3317.793376][T14171] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3317.798892][T14171] ? _raw_spin_lock+0x8e/0xe0 [ 3317.803541][T14171] ? _raw_spin_trylock_bh+0x130/0x130 [ 3317.808885][T14171] ? _raw_spin_unlock+0x4d/0x70 [ 3317.813708][T14171] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3317.819227][T14171] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3317.824400][T14171] try_charge+0xf61/0x14e0 [ 3317.828793][T14171] ? __memcg_kmem_charge+0x140/0x140 [ 3317.834051][T14171] ? percpu_counter_add_batch+0x13c/0x160 [ 3317.839744][T14171] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3317.845269][T14171] __mem_cgroup_charge+0x14c/0x6d0 [ 3317.850356][T14171] shmem_add_to_page_cache+0x55e/0xe10 [ 3317.855796][T14171] ? shmem_alloc_page+0x300/0x300 [ 3317.860796][T14171] ? _raw_spin_lock+0x8e/0xe0 [ 3317.865449][T14171] ? find_lock_entry+0x4b/0x200 [ 3317.870273][T14171] shmem_getpage_gfp+0x8e8/0x2110 [ 3317.875278][T14171] ? shmem_xattr_handler_get+0x41/0x50 [ 3317.880710][T14171] shmem_write_begin+0xce/0x1b0 [ 3317.885534][T14171] generic_perform_write+0x2be/0x510 [ 3317.890800][T14171] ? atime_needs_update+0x5b0/0x5b0 [ 3317.895983][T14171] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3317.901763][T14171] ? file_remove_privs+0x580/0x580 [ 3317.906849][T14171] ? __kasan_check_write+0x14/0x20 [ 3317.911936][T14171] ? down_write+0xac/0x110 [ 3317.916329][T14171] __generic_file_write_iter+0x24b/0x480 [ 3317.921935][T14171] ? generic_write_checks+0x3d4/0x480 [ 3317.927285][T14171] generic_file_write_iter+0xa9/0x1d0 [ 3317.932634][T14171] vfs_write+0x725/0xd60 [ 3317.936852][T14171] ? __kasan_slab_free+0x11/0x20 [ 3317.941764][T14171] ? kernel_write+0x3c0/0x3c0 [ 3317.946417][T14171] ? mutex_trylock+0xa0/0xa0 [ 3317.950977][T14171] ? __fget_files+0x2c4/0x320 [ 3317.955624][T14171] ? __fdget_pos+0x2d2/0x380 [ 3317.960187][T14171] ? ksys_write+0x71/0x240 [ 3317.964583][T14171] ksys_write+0x140/0x240 [ 3317.968887][T14171] ? __ia32_sys_read+0x90/0x90 [ 3317.973624][T14171] ? __kasan_check_read+0x11/0x20 [ 3317.978620][T14171] __x64_sys_write+0x7b/0x90 [ 3317.983190][T14171] do_syscall_64+0x31/0x40 [ 3317.987581][T14171] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3317.993448][T14171] RIP: 0033:0x7fde365bc6c9 [ 3317.997839][T14171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3318.017422][T14171] RSP: 002b:00007fde35024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3318.025809][T14171] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3318.033756][T14171] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000004 [ 3318.041701][T14171] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3318.049651][T14171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3318.057608][T14171] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3318.071255][T14171] memory: usage 307200kB, limit 307200kB, failcnt 52831 [ 3318.078291][T14171] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3318.089488][T14171] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3318.096689][T14171] Memory cgroup stats for /syz6: [ 3318.096808][T14171] anon 0 [ 3318.096808][T14171] file 313319424 [ 3318.096808][T14171] kernel_stack 0 [ 3318.096808][T14171] percpu 0 [ 3318.096808][T14171] sock 0 [ 3318.096808][T14171] shmem 246140928 [ 3318.096808][T14171] file_mapped 0 [ 3318.096808][T14171] file_dirty 0 [ 3318.096808][T14171] file_writeback 0 [ 3318.096808][T14171] anon_thp 0 [ 3318.096808][T14171] inactive_anon 247119872 [ 3318.096808][T14171] active_anon 270336 [ 3318.096808][T14171] inactive_file 20480 [ 3318.096808][T14171] active_file 69632 [ 3318.096808][T14171] unevictable 67227648 [ 3318.096808][T14171] slab_reclaimable 0 [ 3318.096808][T14171] slab_unreclaimable 0 [ 3318.096808][T14171] slab 0 [ 3318.096808][T14171] workingset_refault_anon 0 [ 3318.096808][T14171] workingset_refault_file 11649 [ 3318.096808][T14171] workingset_activate_anon 0 [ 3318.096808][T14171] workingset_activate_file 2937 [ 3318.096808][T14171] workingset_restore_anon 0 [ 3318.096808][T14171] workingset_restore_file 2607 [ 3318.191096][T14171] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98628,pid=14170,uid=0 [ 3318.206300][T14171] Memory cgroup out of memory: Killed process 14170 (syz.6.98628) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3318.237810][ T27] oom_reaper: reaped process 14170 (syz.6.98628), now anon-rss:0kB, file-rss:20740kB, shmem-rss:0kB [ 3318.248842][T14160] syz.0.98621 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3318.264359][T14160] CPU: 1 PID: 14160 Comm: syz.0.98621 Tainted: G W syzkaller #0 [ 3318.273301][T14160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3318.283331][T14160] Call Trace: [ 3318.286599][T14160] __dump_stack+0x21/0x24 [ 3318.290901][T14160] dump_stack_lvl+0x169/0x1d8 [ 3318.295551][T14160] ? show_regs_print_info+0x18/0x18 [ 3318.300721][T14160] ? ___ratelimit+0x3d1/0x560 [ 3318.305372][T14160] ? __kasan_check_write+0x14/0x20 [ 3318.310454][T14160] ? _raw_spin_lock+0x8e/0xe0 [ 3318.315105][T14160] dump_stack+0x15/0x1c [ 3318.319231][T14160] dump_header+0xdd/0x650 [ 3318.323536][T14160] oom_kill_process+0x1fa/0x2c0 [ 3318.328358][T14160] out_of_memory+0x94a/0xd70 [ 3318.332921][T14160] ? unregister_oom_notifier+0x20/0x20 [ 3318.338351][T14160] ? mutex_lock_killable+0xd3/0xe0 [ 3318.343435][T14160] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3318.349909][T14160] mem_cgroup_out_of_memory+0x260/0x310 [ 3318.355429][T14160] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3318.360948][T14160] ? _raw_spin_lock+0x8e/0xe0 [ 3318.365598][T14160] ? _raw_spin_trylock_bh+0x130/0x130 [ 3318.370941][T14160] ? _raw_spin_unlock+0x4d/0x70 [ 3318.375764][T14160] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3318.381282][T14160] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3318.386452][T14160] try_charge+0xf61/0x14e0 [ 3318.390847][T14160] ? __memcg_kmem_charge+0x140/0x140 [ 3318.396104][T14160] ? percpu_counter_add_batch+0x13c/0x160 [ 3318.401798][T14160] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3318.407315][T14160] __mem_cgroup_charge+0x14c/0x6d0 [ 3318.412401][T14160] shmem_add_to_page_cache+0x55e/0xe10 [ 3318.417833][T14160] ? shmem_alloc_page+0x300/0x300 [ 3318.422832][T14160] ? _raw_spin_lock_irqsave+0x110/0x110 [ 3318.428352][T14160] ? find_lock_entry+0x4b/0x200 [ 3318.433181][T14160] ? lru_cache_add+0x164/0x380 [ 3318.437915][T14160] ? shmem_getpage_gfp+0x8f3/0x2110 [ 3318.443098][T14160] shmem_getpage_gfp+0x8e8/0x2110 [ 3318.448095][T14160] shmem_write_begin+0xce/0x1b0 [ 3318.452919][T14160] generic_perform_write+0x2be/0x510 [ 3318.458181][T14160] ? atime_needs_update+0x5b0/0x5b0 [ 3318.463354][T14160] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3318.469161][T14160] ? file_remove_privs+0x580/0x580 [ 3318.474245][T14160] ? __kasan_check_write+0x14/0x20 [ 3318.479353][T14160] ? down_write+0xac/0x110 [ 3318.483742][T14160] __generic_file_write_iter+0x24b/0x480 [ 3318.489348][T14160] ? generic_write_checks+0x3d4/0x480 [ 3318.494698][T14160] generic_file_write_iter+0xa9/0x1d0 [ 3318.500041][T14160] __kernel_write+0x55a/0x910 [ 3318.504832][T14160] ? vfs_read+0xa10/0xa10 [ 3318.509154][T14160] ? populate_vma_page_range+0xf0/0xf0 [ 3318.514595][T14160] ? cgroup_freezing+0x86/0xb0 [ 3318.519333][T14160] ? freezing_slow_path+0x10a/0x150 [ 3318.524508][T14160] dump_emit+0x240/0x360 [ 3318.528729][T14160] ? wait_for_dump_helpers+0x390/0x390 [ 3318.534161][T14160] ? dump_user_range+0x61/0x1a0 [ 3318.538992][T14160] ? dump_user_range+0xbd/0x1a0 [ 3318.543816][T14160] dump_user_range+0x6a/0x1a0 [ 3318.548468][T14160] elf_core_dump+0x278a/0x2bc0 [ 3318.553205][T14160] ? load_elf_binary+0x2890/0x2890 [ 3318.558293][T14160] ? kvmalloc_node+0x88/0x130 [ 3318.562949][T14160] ? _raw_spin_unlock+0x4d/0x70 [ 3318.567803][T14160] ? cgroup_freezing+0x86/0xb0 [ 3318.572571][T14160] ? freezing_slow_path+0x10a/0x150 [ 3318.577757][T14160] do_coredump+0x1ac9/0x27f0 [ 3318.582339][T14160] ? simple_acl_create+0x1c0/0x1c0 [ 3318.587428][T14160] ? debug_smp_processor_id+0x17/0x20 [ 3318.592777][T14160] ? kmem_cache_free+0x100/0x2d0 [ 3318.597690][T14160] ? ____kasan_slab_free+0x130/0x160 [ 3318.602954][T14160] ? get_signal+0xb98/0x12e0 [ 3318.607518][T14160] ? kmem_cache_free+0x100/0x2d0 [ 3318.612432][T14160] get_signal+0xf23/0x12e0 [ 3318.616826][T14160] ? asm_exc_invalid_op+0xa/0x20 [ 3318.621745][T14160] arch_do_signal_or_restart+0xbf/0x10f0 [ 3318.627353][T14160] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 3318.633160][T14160] ? force_sig_info_to_task+0x26d/0x2e0 [ 3318.638765][T14160] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 3318.644371][T14160] ? force_sig_fault_to_task+0x110/0x110 [ 3318.649978][T14160] ? do_trap+0x117/0x2f0 [ 3318.654212][T14160] ? asm_exc_invalid_op+0xa/0x20 [ 3318.659140][T14160] exit_to_user_mode_loop+0xa2/0xe0 [ 3318.664326][T14160] exit_to_user_mode_prepare+0x76/0xa0 [ 3318.669769][T14160] irqentry_exit_to_user_mode+0x9/0x10 [ 3318.675202][T14160] irqentry_exit+0x12/0x60 [ 3318.679594][T14160] exc_invalid_op+0x3e/0x50 [ 3318.684073][T14160] asm_exc_invalid_op+0x12/0x20 [ 3318.688895][T14160] RIP: 0033:0x200000000000 [ 3318.693296][T14160] Code: Unable to access opcode bytes at RIP 0x1fffffffffd6. [ 3318.700636][T14160] RSP: 002b:00007f061018da78 EFLAGS: 00010246 [ 3318.706677][T14160] RAX: 0000000000000000 RBX: 00007f061197cfa0 RCX: 00007f06117266c9 [ 3318.714629][T14160] RDX: 00007f061018da80 RSI: 00007f061018dbb0 RDI: 000000000000000d [ 3318.722578][T14160] RBP: 00007f06117a8f91 R08: 0000000000000000 R09: 0000000000000000 [ 3318.730523][T14160] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 3318.738472][T14160] R13: 00007f061197d038 R14: 00007f061197cfa0 R15: 00007ffe46890ac8 [ 3318.758395][T14160] memory: usage 307200kB, limit 307200kB, failcnt 294524 [ 3318.766732][T14160] memory+swap: usage 330344kB, limit 9007199254740988kB, failcnt 0 [ 3318.774814][T14160] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3318.781735][T14160] Memory cgroup stats for /syz0: [ 3318.781867][T14160] anon 319488 [ 3318.781867][T14160] file 313995264 [ 3318.781867][T14160] kernel_stack 0 [ 3318.781867][T14160] percpu 0 [ 3318.781867][T14160] sock 0 [ 3318.781867][T14160] shmem 314130432 [ 3318.781867][T14160] file_mapped 135168 [ 3318.781867][T14160] file_dirty 0 [ 3318.781867][T14160] file_writeback 0 [ 3318.781867][T14160] anon_thp 0 [ 3318.781867][T14160] inactive_anon 314404864 [ 3318.781867][T14160] active_anon 135168 [ 3318.781867][T14160] inactive_file 200704 [ 3318.781867][T14160] active_file 143360 [ 3318.781867][T14160] unevictable 0 [ 3318.781867][T14160] slab_reclaimable 0 [ 3318.781867][T14160] slab_unreclaimable 0 [ 3318.781867][T14160] slab 0 [ 3318.781867][T14160] workingset_refault_anon 0 [ 3318.781867][T14160] workingset_refault_file 725340 [ 3318.781867][T14160] workingset_activate_anon 0 [ 3318.781867][T14160] workingset_activate_file 56727 [ 3318.781867][T14160] workingset_restore_anon 0 [ 3318.781867][T14160] workingset_restore_file 9669 [ 3318.875906][ T2161] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 3318.883943][T14160] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.98621,pid=14157,uid=0 [ 3318.903164][T14160] Memory cgroup out of memory: Killed process 14157 (syz.0.98621) total-vm:93812kB, anon-rss:1324kB, file-rss:47436kB, shmem-rss:4kB, UID:0 pgtables:180kB oom_score_adj:1000 [ 3318.921109][ T27] oom_reaper: reaped process 14157 (syz.0.98621), now anon-rss:0kB, file-rss:46280kB, shmem-rss:4kB [ 3318.932229][T14208] syz.6.98644 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3318.942782][T14208] CPU: 1 PID: 14208 Comm: syz.6.98644 Tainted: G W syzkaller #0 [ 3318.951721][T14208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3318.961770][T14208] Call Trace: [ 3318.965056][T14208] __dump_stack+0x21/0x24 [ 3318.969377][T14208] dump_stack_lvl+0x169/0x1d8 [ 3318.974045][T14208] ? show_regs_print_info+0x18/0x18 [ 3318.979234][T14208] ? ___ratelimit+0x3d1/0x560 [ 3318.983900][T14208] ? __kasan_check_write+0x14/0x20 [ 3318.988998][T14208] ? _raw_spin_lock+0x8e/0xe0 [ 3318.993665][T14208] dump_stack+0x15/0x1c [ 3318.997811][T14208] dump_header+0xdd/0x650 [ 3319.002137][T14208] oom_kill_process+0x1fa/0x2c0 [ 3319.006979][T14208] out_of_memory+0x94a/0xd70 [ 3319.011562][T14208] ? unregister_oom_notifier+0x20/0x20 [ 3319.017005][T14208] ? mutex_lock_killable+0xd3/0xe0 [ 3319.022092][T14208] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3319.028568][T14208] mem_cgroup_out_of_memory+0x260/0x310 [ 3319.034085][T14208] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3319.039603][T14208] ? _raw_spin_lock+0x8e/0xe0 [ 3319.044252][T14208] ? _raw_spin_trylock_bh+0x130/0x130 [ 3319.049596][T14208] ? _raw_spin_unlock+0x4d/0x70 [ 3319.054418][T14208] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3319.059936][T14208] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3319.065108][T14208] try_charge+0xf61/0x14e0 [ 3319.069500][T14208] ? __memcg_kmem_charge+0x140/0x140 [ 3319.074756][T14208] ? __alloc_pages_nodemask+0x268/0x5f0 [ 3319.080277][T14208] ? __kasan_check_write+0x14/0x20 [ 3319.085360][T14208] ? anon_vma_interval_tree_insert+0x363/0x380 [ 3319.091488][T14208] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3319.097005][T14208] __mem_cgroup_charge+0x14c/0x6d0 [ 3319.102090][T14208] handle_pte_fault+0x175c/0x3750 [ 3319.107086][T14208] handle_mm_fault+0xf3f/0x16a0 [ 3319.111909][T14208] ? can_reuse_spf_vma+0xe0/0xe0 [ 3319.116818][T14208] ? split_pad_vma+0x69/0x240 [ 3319.121471][T14208] ? __kasan_check_write+0x14/0x20 [ 3319.126552][T14208] ? down_read_trylock+0x100/0x150 [ 3319.131635][T14208] ? __kasan_check_write+0x14/0x20 [ 3319.136716][T14208] ? can_reuse_spf_vma+0xc8/0xe0 [ 3319.141628][T14208] do_user_addr_fault+0x5a2/0xc80 [ 3319.146640][T14208] ? do_kern_addr_fault+0x80/0x80 [ 3319.151646][T14208] ? debug_smp_processor_id+0x17/0x20 [ 3319.157000][T14208] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 3319.163043][T14208] exc_page_fault+0x5a/0xc0 [ 3319.167523][T14208] ? asm_exc_page_fault+0x8/0x30 [ 3319.172434][T14208] asm_exc_page_fault+0x1e/0x30 [ 3319.177259][T14208] RIP: 0033:0x7fde36573fe6 [ 3319.181648][T14208] Code: 8d 3c 30 4c 89 de 4c 89 54 24 38 e8 b4 87 04 00 4c 8b 54 24 38 85 c0 0f 85 57 01 00 00 48 8b 44 24 28 48 89 df 4c 89 54 24 38 <4c> 89 93 98 06 00 00 48 89 83 90 06 00 00 48 8d 83 10 03 00 00 4c [ 3319.201313][T14208] RSP: 002b:00007ffc08cd1b90 EFLAGS: 00010246 [ 3319.207352][T14208] RAX: 00007fde34fe3000 RBX: 00007fde350036c0 RCX: 00007fde365bc787 [ 3319.215299][T14208] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007fde350036c0 [ 3319.223243][T14208] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 3319.231190][T14208] R10: 0000000000021000 R11: 0000000000000206 R12: 00007ffc08cd1ce0 [ 3319.239138][T14208] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 3319.289722][T14208] memory: usage 307200kB, limit 307200kB, failcnt 52889 [ 3319.296978][T14208] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3319.305305][T14208] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3319.320285][T14208] Memory cgroup stats for /syz6: [ 3319.320731][T14208] anon 118784 [ 3319.320731][T14208] file 313319424 [ 3319.320731][T14208] kernel_stack 0 [ 3319.320731][T14208] percpu 0 [ 3319.320731][T14208] sock 0 [ 3319.320731][T14208] shmem 246140928 [ 3319.320731][T14208] file_mapped 0 [ 3319.320731][T14208] file_dirty 0 [ 3319.320731][T14208] file_writeback 0 [ 3319.320731][T14208] anon_thp 0 [ 3319.320731][T14208] inactive_anon 247119872 [ 3319.320731][T14208] active_anon 270336 [ 3319.320731][T14208] inactive_file 20480 [ 3319.320731][T14208] active_file 69632 [ 3319.320731][T14208] unevictable 67227648 [ 3319.320731][T14208] slab_reclaimable 0 [ 3319.320731][T14208] slab_unreclaimable 0 [ 3319.320731][T14208] slab 0 [ 3319.320731][T14208] workingset_refault_anon 0 [ 3319.320731][T14208] workingset_refault_file 11649 [ 3319.320731][T14208] workingset_activate_anon 0 [ 3319.320731][T14208] workingset_activate_file 2937 [ 3319.320731][T14208] workingset_restore_anon 0 [ 3319.320731][T14208] workingset_restore_file 2607 [ 3319.416629][T14208] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98644,pid=14208,uid=0 [ 3319.439308][T14208] Memory cgroup out of memory: Killed process 14208 (syz.6.98644) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3319.456893][ T2161] usb 2-1: Using ep0 maxpacket: 32 [ 3319.469085][ T27] oom_reaper: reaped process 14208 (syz.6.98644), now anon-rss:0kB, file-rss:21128kB, shmem-rss:0kB [ 3319.480067][T14217] syz.0.98647 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3319.491015][T14217] CPU: 0 PID: 14217 Comm: syz.0.98647 Tainted: G W syzkaller #0 [ 3319.499957][T14217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3319.510012][T14217] Call Trace: [ 3319.513418][T14217] __dump_stack+0x21/0x24 [ 3319.517759][T14217] dump_stack_lvl+0x169/0x1d8 [ 3319.522442][T14217] ? show_regs_print_info+0x18/0x18 [ 3319.527644][T14217] ? ___ratelimit+0x3d1/0x560 [ 3319.532325][T14217] ? __kasan_check_write+0x14/0x20 [ 3319.537438][T14217] ? _raw_spin_lock+0x8e/0xe0 [ 3319.542116][T14217] dump_stack+0x15/0x1c [ 3319.546272][T14217] dump_header+0xdd/0x650 [ 3319.550601][T14217] oom_kill_process+0x1fa/0x2c0 [ 3319.555451][T14217] out_of_memory+0x94a/0xd70 [ 3319.560045][T14217] ? unregister_oom_notifier+0x20/0x20 [ 3319.565502][T14217] ? mutex_lock_killable+0xd3/0xe0 [ 3319.570611][T14217] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3319.577113][T14217] mem_cgroup_out_of_memory+0x260/0x310 [ 3319.580677][ T2161] usb 2-1: config 0 has an invalid interface number: 196 but max is 0 [ 3319.582656][T14217] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3319.596449][T14217] ? _raw_spin_lock+0x8e/0xe0 [ 3319.601131][T14217] ? _raw_spin_trylock_bh+0x130/0x130 [ 3319.606510][T14217] ? _raw_spin_unlock+0x4d/0x70 [ 3319.610633][ T2161] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3319.611354][T14217] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3319.611372][T14217] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3319.622060][ T2161] usb 2-1: config 0 has no interface number 0 [ 3319.626935][T14217] try_charge+0xf61/0x14e0 [ 3319.642442][ T2161] usb 2-1: config 0 interface 196 altsetting 1 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 3319.642540][T14217] ? __memcg_kmem_charge+0x140/0x140 [ 3319.658704][T14217] ? percpu_counter_add_batch+0x13c/0x160 [ 3319.664422][T14217] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3319.669967][T14217] __mem_cgroup_charge+0x14c/0x6d0 [ 3319.670620][ T2161] usb 2-1: config 0 interface 196 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 3319.675074][T14217] shmem_add_to_page_cache+0x55e/0xe10 [ 3319.675094][T14217] ? shmem_alloc_page+0x300/0x300 [ 3319.698439][T14217] ? _raw_spin_lock_irqsave+0x110/0x110 [ 3319.703984][T14217] ? find_lock_entry+0x4b/0x200 [ 3319.708308][ T2161] usb 2-1: config 0 interface 196 has no altsetting 0 [ 3319.708827][T14217] ? lru_cache_add+0x164/0x380 [ 3319.720298][T14217] ? shmem_getpage_gfp+0x8f3/0x2110 [ 3319.725491][T14217] shmem_getpage_gfp+0x8e8/0x2110 [ 3319.730511][T14217] shmem_write_begin+0xce/0x1b0 [ 3319.735358][T14217] generic_perform_write+0x2be/0x510 [ 3319.740637][T14217] ? atime_needs_update+0x5b0/0x5b0 [ 3319.745832][T14217] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3319.751643][T14217] ? file_remove_privs+0x580/0x580 [ 3319.756755][T14217] ? __kasan_check_write+0x14/0x20 [ 3319.761857][T14217] ? down_write+0xac/0x110 [ 3319.766259][T14217] __generic_file_write_iter+0x24b/0x480 [ 3319.771864][T14217] ? generic_write_checks+0x3d4/0x480 [ 3319.777209][T14217] generic_file_write_iter+0xa9/0x1d0 [ 3319.782554][T14217] __kernel_write+0x55a/0x910 [ 3319.787202][T14217] ? vfs_read+0xa10/0xa10 [ 3319.791504][T14217] ? populate_vma_page_range+0xf0/0xf0 [ 3319.796935][T14217] ? cgroup_freezing+0x86/0xb0 [ 3319.801672][T14217] ? freezing_slow_path+0x10a/0x150 [ 3319.806842][T14217] dump_emit+0x240/0x360 [ 3319.811060][T14217] ? wait_for_dump_helpers+0x390/0x390 [ 3319.816487][T14217] ? freezing_slow_path+0x10a/0x150 [ 3319.821657][T14217] dump_user_range+0x6a/0x1a0 [ 3319.826307][T14217] elf_core_dump+0x278a/0x2bc0 [ 3319.831043][T14217] ? load_elf_binary+0x2890/0x2890 [ 3319.836129][T14217] ? kvmalloc_node+0x88/0x130 [ 3319.840782][T14217] ? _raw_spin_unlock+0x4d/0x70 [ 3319.845605][T14217] ? cgroup_freezing+0x86/0xb0 [ 3319.850340][T14217] ? freezing_slow_path+0x10a/0x150 [ 3319.855511][T14217] do_coredump+0x1ac9/0x27f0 [ 3319.860077][T14217] ? simple_acl_create+0x1c0/0x1c0 [ 3319.865160][T14217] ? debug_smp_processor_id+0x17/0x20 [ 3319.870505][T14217] ? kmem_cache_free+0x100/0x2d0 [ 3319.875414][T14217] ? ____kasan_slab_free+0x130/0x160 [ 3319.880672][T14217] ? get_signal+0xb98/0x12e0 [ 3319.885239][T14217] ? kmem_cache_free+0x100/0x2d0 [ 3319.890151][T14217] get_signal+0xf23/0x12e0 [ 3319.894542][T14217] ? asm_exc_invalid_op+0xa/0x20 [ 3319.899450][T14217] arch_do_signal_or_restart+0xbf/0x10f0 [ 3319.905054][T14217] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 3319.910833][T14217] ? force_sig_info_to_task+0x26d/0x2e0 [ 3319.916351][T14217] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 3319.921955][T14217] ? force_sig_fault_to_task+0x110/0x110 [ 3319.927558][T14217] ? do_trap+0x117/0x2f0 [ 3319.931772][T14217] ? asm_exc_invalid_op+0xa/0x20 [ 3319.936683][T14217] exit_to_user_mode_loop+0xa2/0xe0 [ 3319.941855][T14217] exit_to_user_mode_prepare+0x76/0xa0 [ 3319.947286][T14217] irqentry_exit_to_user_mode+0x9/0x10 [ 3319.952717][T14217] irqentry_exit+0x12/0x60 [ 3319.957105][T14217] exc_invalid_op+0x3e/0x50 [ 3319.961583][T14217] asm_exc_invalid_op+0x12/0x20 [ 3319.966411][T14217] RIP: 0033:0x200000000000 [ 3319.970805][T14217] Code: Unable to access opcode bytes at RIP 0x1fffffffffd6. [ 3319.978143][T14217] RSP: 002b:00007f061018da78 EFLAGS: 00010246 [ 3319.984187][T14217] RAX: 0000000000000000 RBX: 00007f061197cfa0 RCX: 00007f06117266c9 [ 3319.992137][T14217] RDX: 00007f061018da80 RSI: 00007f061018dbb0 RDI: 000000000000000d [ 3320.000082][T14217] RBP: 00007f06117a8f91 R08: 0000000000000000 R09: 0000000000000000 [ 3320.008043][T14217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3320.015989][T14217] R13: 00007f061197d038 R14: 00007f061197cfa0 R15: 00007ffe46890ac8 [ 3320.024271][T14217] memory: usage 307200kB, limit 307200kB, failcnt 294561 [ 3320.031631][T14217] memory+swap: usage 330344kB, limit 9007199254740988kB, failcnt 0 [ 3320.039834][T14217] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.052747][T14217] Memory cgroup stats for /syz0: [ 3320.052872][T14217] anon 184320 [ 3320.052872][T14217] file 314130432 [ 3320.052872][T14217] kernel_stack 0 [ 3320.052872][T14217] percpu 0 [ 3320.052872][T14217] sock 0 [ 3320.052872][T14217] shmem 314130432 [ 3320.052872][T14217] file_mapped 135168 [ 3320.052872][T14217] file_dirty 0 [ 3320.052872][T14217] file_writeback 0 [ 3320.052872][T14217] anon_thp 0 [ 3320.052872][T14217] inactive_anon 314404864 [ 3320.052872][T14217] active_anon 135168 [ 3320.052872][T14217] inactive_file 200704 [ 3320.052872][T14217] active_file 143360 [ 3320.052872][T14217] unevictable 0 [ 3320.052872][T14217] slab_reclaimable 0 [ 3320.052872][T14217] slab_unreclaimable 0 [ 3320.052872][T14217] slab 0 [ 3320.052872][T14217] workingset_refault_anon 0 [ 3320.052872][T14217] workingset_refault_file 725340 [ 3320.052872][T14217] workingset_activate_anon 0 [ 3320.052872][T14217] workingset_activate_file 56727 [ 3320.052872][T14217] workingset_restore_anon 0 [ 3320.052872][T14217] workingset_restore_file 9669 [ 3320.155420][T14217] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.98647,pid=14215,uid=0 [ 3320.170753][T14217] Memory cgroup out of memory: Killed process 14215 (syz.0.98647) total-vm:93812kB, anon-rss:1324kB, file-rss:47436kB, shmem-rss:4kB, UID:0 pgtables:180kB oom_score_adj:1000 [ 3320.188805][ T27] oom_reaper: reaped process 14215 (syz.0.98647), now anon-rss:0kB, file-rss:46280kB, shmem-rss:4kB [ 3320.199799][T14228] syz.6.98653 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3320.210079][T14228] CPU: 1 PID: 14228 Comm: syz.6.98653 Tainted: G W syzkaller #0 [ 3320.219012][T14228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3320.229070][T14228] Call Trace: [ 3320.232359][T14228] __dump_stack+0x21/0x24 [ 3320.236681][T14228] dump_stack_lvl+0x169/0x1d8 [ 3320.241353][T14228] ? show_regs_print_info+0x18/0x18 [ 3320.246545][T14228] ? ___ratelimit+0x3d1/0x560 [ 3320.251220][T14228] ? __kasan_check_write+0x14/0x20 [ 3320.256324][T14228] ? _raw_spin_lock+0x8e/0xe0 [ 3320.260991][T14228] dump_stack+0x15/0x1c [ 3320.265131][T14228] dump_header+0xdd/0x650 [ 3320.269451][T14228] oom_kill_process+0x1fa/0x2c0 [ 3320.274300][T14228] out_of_memory+0x94a/0xd70 [ 3320.278880][T14228] ? unregister_oom_notifier+0x20/0x20 [ 3320.284325][T14228] ? mutex_lock_killable+0xd3/0xe0 [ 3320.289427][T14228] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3320.295922][T14228] mem_cgroup_out_of_memory+0x260/0x310 [ 3320.301462][T14228] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3320.306993][T14228] ? _raw_spin_lock+0x8e/0xe0 [ 3320.311659][T14228] ? _raw_spin_trylock_bh+0x130/0x130 [ 3320.317021][T14228] ? _raw_spin_unlock+0x4d/0x70 [ 3320.321859][T14228] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3320.327392][T14228] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3320.332574][T14228] try_charge+0xf61/0x14e0 [ 3320.336980][T14228] ? __memcg_kmem_charge+0x140/0x140 [ 3320.342256][T14228] ? __alloc_pages_nodemask+0x268/0x5f0 [ 3320.347789][T14228] ? __kasan_check_write+0x14/0x20 [ 3320.352892][T14228] ? anon_vma_interval_tree_insert+0x363/0x380 [ 3320.359051][T14228] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3320.364592][T14228] __mem_cgroup_charge+0x14c/0x6d0 [ 3320.369694][T14228] handle_pte_fault+0x175c/0x3750 [ 3320.374712][T14228] handle_mm_fault+0xf3f/0x16a0 [ 3320.379553][T14228] ? can_reuse_spf_vma+0xe0/0xe0 [ 3320.384473][T14228] ? split_pad_vma+0x69/0x240 [ 3320.389133][T14228] ? __kasan_check_write+0x14/0x20 [ 3320.394227][T14228] ? down_read_trylock+0x100/0x150 [ 3320.399334][T14228] ? __kasan_check_write+0x14/0x20 [ 3320.404433][T14228] ? can_reuse_spf_vma+0xc8/0xe0 [ 3320.409364][T14228] do_user_addr_fault+0x5a2/0xc80 [ 3320.414374][T14228] ? do_kern_addr_fault+0x80/0x80 [ 3320.419383][T14228] ? debug_smp_processor_id+0x17/0x20 [ 3320.424871][T14228] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 3320.430932][T14228] exc_page_fault+0x5a/0xc0 [ 3320.435432][T14228] ? asm_exc_page_fault+0x8/0x30 [ 3320.440371][T14228] asm_exc_page_fault+0x1e/0x30 [ 3320.445211][T14228] RIP: 0033:0x7fde36573fe6 [ 3320.449616][T14228] Code: 8d 3c 30 4c 89 de 4c 89 54 24 38 e8 b4 87 04 00 4c 8b 54 24 38 85 c0 0f 85 57 01 00 00 48 8b 44 24 28 48 89 df 4c 89 54 24 38 <4c> 89 93 98 06 00 00 48 89 83 90 06 00 00 48 8d 83 10 03 00 00 4c [ 3320.469217][T14228] RSP: 002b:00007ffc08cd1b90 EFLAGS: 00010246 [ 3320.475281][T14228] RAX: 00007fde34fe3000 RBX: 00007fde350036c0 RCX: 00007fde365bc787 [ 3320.483247][T14228] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007fde350036c0 [ 3320.491349][T14228] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 3320.499316][T14228] R10: 0000000000021000 R11: 0000000000000206 R12: 00007ffc08cd1ce0 [ 3320.507279][T14228] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 3320.517450][ T2161] usb 2-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 3320.532886][ T2161] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3320.541419][ T2161] usb 2-1: Product: syz [ 3320.545773][ T2161] usb 2-1: Manufacturer: syz [ 3320.550363][ T2161] usb 2-1: SerialNumber: syz [ 3320.556245][T14228] memory: usage 307200kB, limit 307200kB, failcnt 52947 [ 3320.563538][ T2161] usb 2-1: config 0 descriptor?? [ 3320.571114][T14228] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3320.579237][T14228] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.586418][T14228] Memory cgroup stats for /syz6: [ 3320.586538][T14228] anon 118784 [ 3320.586538][T14228] file 313319424 [ 3320.586538][T14228] kernel_stack 0 [ 3320.586538][T14228] percpu 0 [ 3320.586538][T14228] sock 0 [ 3320.586538][T14228] shmem 246140928 [ 3320.586538][T14228] file_mapped 0 [ 3320.586538][T14228] file_dirty 0 [ 3320.586538][T14228] file_writeback 0 [ 3320.586538][T14228] anon_thp 0 [ 3320.586538][T14228] inactive_anon 247255040 [ 3320.586538][T14228] active_anon 270336 [ 3320.586538][T14228] inactive_file 20480 [ 3320.586538][T14228] active_file 69632 [ 3320.586538][T14228] unevictable 67227648 [ 3320.586538][T14228] slab_reclaimable 0 [ 3320.586538][T14228] slab_unreclaimable 0 [ 3320.586538][T14228] slab 0 [ 3320.586538][T14228] workingset_refault_anon 0 [ 3320.586538][T14228] workingset_refault_file 11649 [ 3320.586538][T14228] workingset_activate_anon 0 [ 3320.586538][T14228] workingset_activate_file 2937 [ 3320.586538][T14228] workingset_restore_anon 0 [ 3320.586538][T14228] workingset_restore_file 2607 [ 3320.686466][T14228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98653,pid=14228,uid=0 [ 3320.702098][T14228] Memory cgroup out of memory: Killed process 14228 (syz.6.98653) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3320.734848][T14227] syz.4.98652 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3320.736983][ T27] oom_reaper: reaped process 14228 (syz.6.98653), now anon-rss:0kB, file-rss:20740kB, shmem-rss:0kB [ 3320.744974][T14227] CPU: 1 PID: 14227 Comm: syz.4.98652 Tainted: G W syzkaller #0 [ 3320.764430][T14227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3320.774483][T14227] Call Trace: [ 3320.777783][T14227] __dump_stack+0x21/0x24 [ 3320.782109][T14227] dump_stack_lvl+0x169/0x1d8 [ 3320.786782][T14227] ? show_regs_print_info+0x18/0x18 [ 3320.791971][T14227] ? ___ratelimit+0x3d1/0x560 [ 3320.796640][T14227] ? __kasan_check_write+0x14/0x20 [ 3320.801751][T14227] ? _raw_spin_lock+0x8e/0xe0 [ 3320.806430][T14227] dump_stack+0x15/0x1c [ 3320.810586][T14227] dump_header+0xdd/0x650 [ 3320.814911][T14227] oom_kill_process+0x1fa/0x2c0 [ 3320.819756][T14227] out_of_memory+0x94a/0xd70 [ 3320.824342][T14227] ? unregister_oom_notifier+0x20/0x20 [ 3320.829797][T14227] ? mutex_lock_killable+0xd3/0xe0 [ 3320.834902][T14227] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3320.841407][T14227] mem_cgroup_out_of_memory+0x260/0x310 [ 3320.846950][T14227] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3320.852489][T14227] ? _raw_spin_lock+0x8e/0xe0 [ 3320.857166][T14227] ? _raw_spin_trylock_bh+0x130/0x130 [ 3320.862534][T14227] ? _raw_spin_unlock+0x4d/0x70 [ 3320.867385][T14227] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3320.872924][T14227] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3320.878131][T14227] try_charge+0xf61/0x14e0 [ 3320.882547][T14227] ? __memcg_kmem_charge+0x140/0x140 [ 3320.887827][T14227] ? percpu_counter_add_batch+0x13c/0x160 [ 3320.893543][T14227] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3320.899083][T14227] __mem_cgroup_charge+0x14c/0x6d0 [ 3320.904191][T14227] shmem_add_to_page_cache+0x55e/0xe10 [ 3320.909654][T14227] ? shmem_alloc_page+0x300/0x300 [ 3320.914682][T14227] ? _raw_spin_lock_irqsave+0x110/0x110 [ 3320.920228][T14227] ? find_lock_entry+0x4b/0x200 [ 3320.925072][T14227] ? lru_cache_add+0x164/0x380 [ 3320.929829][T14227] ? shmem_getpage_gfp+0x8f3/0x2110 [ 3320.935027][T14227] shmem_getpage_gfp+0x8e8/0x2110 [ 3320.940055][T14227] shmem_write_begin+0xce/0x1b0 [ 3320.944897][T14227] generic_perform_write+0x2be/0x510 [ 3320.950176][T14227] ? atime_needs_update+0x5b0/0x5b0 [ 3320.955386][T14227] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3320.961192][T14227] ? file_remove_privs+0x580/0x580 [ 3320.966295][T14227] ? __kasan_check_write+0x14/0x20 [ 3320.971403][T14227] ? down_write+0xac/0x110 [ 3320.975820][T14227] __generic_file_write_iter+0x24b/0x480 [ 3320.981447][T14227] ? generic_write_checks+0x3d4/0x480 [ 3320.986810][T14227] generic_file_write_iter+0xa9/0x1d0 [ 3320.992172][T14227] __kernel_write+0x55a/0x910 [ 3320.996845][T14227] ? vfs_read+0xa10/0xa10 [ 3321.001172][T14227] ? populate_vma_page_range+0xf0/0xf0 [ 3321.006623][T14227] ? cgroup_freezing+0x86/0xb0 [ 3321.011383][T14227] ? freezing_slow_path+0x10a/0x150 [ 3321.016579][T14227] dump_emit+0x240/0x360 [ 3321.020819][T14227] ? wait_for_dump_helpers+0x390/0x390 [ 3321.026276][T14227] dump_user_range+0x6a/0x1a0 [ 3321.030947][T14227] elf_core_dump+0x278a/0x2bc0 [ 3321.035706][T14227] ? load_elf_binary+0x2890/0x2890 [ 3321.040815][T14227] ? kvmalloc_node+0x88/0x130 [ 3321.045494][T14227] ? _raw_spin_unlock+0x4d/0x70 [ 3321.050342][T14227] ? cgroup_freezing+0x86/0xb0 [ 3321.055106][T14227] ? freezing_slow_path+0x10a/0x150 [ 3321.060306][T14227] do_coredump+0x1ac9/0x27f0 [ 3321.064898][T14227] ? simple_acl_create+0x1c0/0x1c0 [ 3321.070002][T14227] ? debug_smp_processor_id+0x17/0x20 [ 3321.075377][T14227] ? kmem_cache_free+0x100/0x2d0 [ 3321.080310][T14227] ? ____kasan_slab_free+0x130/0x160 [ 3321.085599][T14227] ? get_signal+0xb98/0x12e0 [ 3321.090185][T14227] ? kmem_cache_free+0x100/0x2d0 [ 3321.095113][T14227] get_signal+0xf23/0x12e0 [ 3321.099528][T14227] ? asm_exc_invalid_op+0xa/0x20 [ 3321.104451][T14227] arch_do_signal_or_restart+0xbf/0x10f0 [ 3321.110063][T14227] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 3321.115843][T14227] ? force_sig_info_to_task+0x26d/0x2e0 [ 3321.121366][T14227] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 3321.126970][T14227] ? force_sig_fault_to_task+0x110/0x110 [ 3321.132572][T14227] ? do_trap+0x117/0x2f0 [ 3321.136788][T14227] ? asm_exc_invalid_op+0xa/0x20 [ 3321.141698][T14227] exit_to_user_mode_loop+0xa2/0xe0 [ 3321.146869][T14227] exit_to_user_mode_prepare+0x76/0xa0 [ 3321.152304][T14227] irqentry_exit_to_user_mode+0x9/0x10 [ 3321.157737][T14227] irqentry_exit+0x12/0x60 [ 3321.162131][T14227] exc_invalid_op+0x3e/0x50 [ 3321.166607][T14227] asm_exc_invalid_op+0x12/0x20 [ 3321.171434][T14227] RIP: 0033:0x200000000000 [ 3321.175827][T14227] Code: Unable to access opcode bytes at RIP 0x1fffffffffd6. [ 3321.183166][T14227] RSP: 002b:00007f491cf34a78 EFLAGS: 00010246 [ 3321.189216][T14227] RAX: 0000000000000000 RBX: 00007f491e723fa0 RCX: 00007f491e4cd6c9 [ 3321.197164][T14227] RDX: 00007f491cf34a80 RSI: 00007f491cf34bb0 RDI: 000000000000000d [ 3321.205109][T14227] RBP: 00007f491e54ff91 R08: 0000000000000000 R09: 0000000000000000 [ 3321.213053][T14227] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000000 [ 3321.221004][T14227] R13: 00007f491e724038 R14: 00007f491e723fa0 R15: 00007ffcae0a36f8 [ 3321.232533][T14227] memory: usage 307200kB, limit 307200kB, failcnt 237253 [ 3321.239568][T14227] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 3321.250914][ T2161] ipheth 2-1:0.196: Unable to find endpoints [ 3321.253526][T14227] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3321.265009][T14227] Memory cgroup stats for /syz4: [ 3321.265138][T14227] anon 376832 [ 3321.265138][T14227] file 314130432 [ 3321.265138][T14227] kernel_stack 0 [ 3321.265138][T14227] percpu 0 [ 3321.265138][T14227] sock 0 [ 3321.265138][T14227] shmem 313995264 [ 3321.265138][T14227] file_mapped 135168 [ 3321.265138][T14227] file_dirty 135168 [ 3321.265138][T14227] file_writeback 0 [ 3321.265138][T14227] anon_thp 0 [ 3321.265138][T14227] inactive_anon 314339328 [ 3321.265138][T14227] active_anon 0 [ 3321.265138][T14227] inactive_file 196608 [ 3321.265138][T14227] active_file 180224 [ 3321.265138][T14227] unevictable 0 [ 3321.265138][T14227] slab_reclaimable 0 [ 3321.265138][T14227] slab_unreclaimable 0 [ 3321.265138][T14227] slab 0 [ 3321.265138][T14227] workingset_refault_anon 0 [ 3321.265138][T14227] workingset_refault_file 617694 [ 3321.265138][T14227] workingset_activate_anon 0 [ 3321.265138][T14227] workingset_activate_file 15378 [ 3321.265138][T14227] workingset_restore_anon 0 [ 3321.265138][T14227] workingset_restore_file 5907 [ 3321.272701][ T2161] usb 2-1: USB disconnect, device number 76 [ 3321.365347][T14227] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.98652,pid=14226,uid=0 [ 3321.380635][T14227] Memory cgroup out of memory: Killed process 14226 (syz.4.98652) total-vm:93812kB, anon-rss:1320kB, file-rss:54300kB, shmem-rss:4kB, UID:0 pgtables:204kB oom_score_adj:1000 [ 3321.401355][ T27] oom_reaper: reaped process 14226 (syz.4.98652), now anon-rss:0kB, file-rss:53572kB, shmem-rss:4kB [ 3321.412187][T14251] syz.6.98663 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3321.422136][T14251] CPU: 0 PID: 14251 Comm: syz.6.98663 Tainted: G W syzkaller #0 [ 3321.431064][T14251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3321.441129][T14251] Call Trace: [ 3321.444456][T14251] __dump_stack+0x21/0x24 [ 3321.448787][T14251] dump_stack_lvl+0x169/0x1d8 [ 3321.453464][T14251] ? show_regs_print_info+0x18/0x18 [ 3321.458659][T14251] ? ___ratelimit+0x3d1/0x560 [ 3321.463336][T14251] ? __kasan_check_write+0x14/0x20 [ 3321.468448][T14251] ? _raw_spin_lock+0x8e/0xe0 [ 3321.473127][T14251] dump_stack+0x15/0x1c [ 3321.477281][T14251] dump_header+0xdd/0x650 [ 3321.481606][T14251] oom_kill_process+0x1fa/0x2c0 [ 3321.486453][T14251] out_of_memory+0x94a/0xd70 [ 3321.491040][T14251] ? unregister_oom_notifier+0x20/0x20 [ 3321.496496][T14251] ? mutex_lock_killable+0xd3/0xe0 [ 3321.501611][T14251] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3321.508121][T14251] mem_cgroup_out_of_memory+0x260/0x310 [ 3321.513666][T14251] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3321.519209][T14251] ? _raw_spin_lock+0x8e/0xe0 [ 3321.523887][T14251] ? _raw_spin_trylock_bh+0x130/0x130 [ 3321.529252][T14251] ? _raw_spin_unlock+0x4d/0x70 [ 3321.534104][T14251] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3321.539644][T14251] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3321.544838][T14251] try_charge+0xf61/0x14e0 [ 3321.549253][T14251] ? __memcg_kmem_charge+0x140/0x140 [ 3321.554536][T14251] ? percpu_counter_add_batch+0x13c/0x160 [ 3321.560254][T14251] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3321.565793][T14251] __mem_cgroup_charge+0x14c/0x6d0 [ 3321.570900][T14251] shmem_add_to_page_cache+0x55e/0xe10 [ 3321.576355][T14251] ? shmem_alloc_page+0x300/0x300 [ 3321.581370][T14251] ? _raw_spin_lock+0x8e/0xe0 [ 3321.586037][T14251] ? find_lock_entry+0x4b/0x200 [ 3321.590892][T14251] shmem_getpage_gfp+0x8e8/0x2110 [ 3321.595928][T14251] ? shmem_xattr_handler_get+0x41/0x50 [ 3321.601392][T14251] shmem_write_begin+0xce/0x1b0 [ 3321.606238][T14251] generic_perform_write+0x2be/0x510 [ 3321.611519][T14251] ? atime_needs_update+0x5b0/0x5b0 [ 3321.616715][T14251] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3321.622515][T14251] ? file_remove_privs+0x580/0x580 [ 3321.627626][T14251] ? __kasan_check_write+0x14/0x20 [ 3321.632731][T14251] ? down_write+0xac/0x110 [ 3321.637145][T14251] __generic_file_write_iter+0x24b/0x480 [ 3321.642773][T14251] ? generic_write_checks+0x3d4/0x480 [ 3321.648142][T14251] generic_file_write_iter+0xa9/0x1d0 [ 3321.653503][T14251] vfs_write+0x725/0xd60 [ 3321.657734][T14251] ? __kasan_slab_free+0x11/0x20 [ 3321.662664][T14251] ? kernel_write+0x3c0/0x3c0 [ 3321.667333][T14251] ? mutex_trylock+0xa0/0xa0 [ 3321.671914][T14251] ? __fget_files+0x2c4/0x320 [ 3321.676583][T14251] ? __fdget_pos+0x2d2/0x380 [ 3321.681165][T14251] ? ksys_write+0x71/0x240 [ 3321.685574][T14251] ksys_write+0x140/0x240 [ 3321.689899][T14251] ? __ia32_sys_read+0x90/0x90 [ 3321.694649][T14251] ? __kasan_check_read+0x11/0x20 [ 3321.699658][T14251] __x64_sys_write+0x7b/0x90 [ 3321.704241][T14251] do_syscall_64+0x31/0x40 [ 3321.708656][T14251] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3321.714541][T14251] RIP: 0033:0x7fde365bc6c9 [ 3321.718951][T14251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3321.738591][T14251] RSP: 002b:00007fde35024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3321.747096][T14251] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3321.755062][T14251] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000004 [ 3321.763033][T14251] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3321.770998][T14251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3321.778965][T14251] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3321.790564][T14251] memory: usage 307200kB, limit 307200kB, failcnt 53010 [ 3321.797743][T14251] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3321.805839][T14251] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3321.813024][T14251] Memory cgroup stats for /syz6: [ 3321.813198][T14251] anon 118784 [ 3321.813198][T14251] file 313319424 [ 3321.813198][T14251] kernel_stack 0 [ 3321.813198][T14251] percpu 0 [ 3321.813198][T14251] sock 0 [ 3321.813198][T14251] shmem 246140928 [ 3321.813198][T14251] file_mapped 0 [ 3321.813198][T14251] file_dirty 0 [ 3321.813198][T14251] file_writeback 0 [ 3321.813198][T14251] anon_thp 0 [ 3321.813198][T14251] inactive_anon 247255040 [ 3321.813198][T14251] active_anon 270336 [ 3321.813198][T14251] inactive_file 20480 [ 3321.813198][T14251] active_file 69632 [ 3321.813198][T14251] unevictable 67227648 [ 3321.813198][T14251] slab_reclaimable 0 [ 3321.813198][T14251] slab_unreclaimable 0 [ 3321.813198][T14251] slab 0 [ 3321.813198][T14251] workingset_refault_anon 0 [ 3321.813198][T14251] workingset_refault_file 11649 [ 3321.813198][T14251] workingset_activate_anon 0 [ 3321.813198][T14251] workingset_activate_file 2937 [ 3321.813198][T14251] workingset_restore_anon 0 [ 3321.813198][T14251] workingset_restore_file 2607 [ 3321.921882][T14251] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98663,pid=14250,uid=0 [ 3321.950696][T14251] Memory cgroup out of memory: Killed process 14250 (syz.6.98663) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3321.995476][ T27] oom_reaper: reaped process 14250 (syz.6.98663), now anon-rss:0kB, file-rss:21128kB, shmem-rss:0kB [ 3322.006471][T14245] syz.0.98661 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3322.022026][T14245] CPU: 1 PID: 14245 Comm: syz.0.98661 Tainted: G W syzkaller #0 [ 3322.030979][T14245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3322.041028][T14245] Call Trace: [ 3322.044326][T14245] __dump_stack+0x21/0x24 [ 3322.048653][T14245] dump_stack_lvl+0x169/0x1d8 [ 3322.053324][T14245] ? show_regs_print_info+0x18/0x18 [ 3322.058512][T14245] ? ___ratelimit+0x3d1/0x560 [ 3322.063182][T14245] ? _raw_spin_lock+0x8e/0xe0 [ 3322.067848][T14245] dump_stack+0x15/0x1c [ 3322.071990][T14245] dump_header+0xdd/0x650 [ 3322.076318][T14245] oom_kill_process+0x1fa/0x2c0 [ 3322.081165][T14245] out_of_memory+0x94a/0xd70 [ 3322.085752][T14245] ? unregister_oom_notifier+0x20/0x20 [ 3322.091206][T14245] ? mutex_lock_killable+0xd3/0xe0 [ 3322.096315][T14245] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3322.102818][T14245] mem_cgroup_out_of_memory+0x260/0x310 [ 3322.108373][T14245] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3322.113915][T14245] ? _raw_spin_lock+0x8e/0xe0 [ 3322.118591][T14245] ? _raw_spin_trylock_bh+0x130/0x130 [ 3322.123957][T14245] ? _raw_spin_unlock+0x4d/0x70 [ 3322.128800][T14245] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3322.134341][T14245] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3322.139533][T14245] try_charge+0xf61/0x14e0 [ 3322.143943][T14245] ? __memcg_kmem_charge+0x140/0x140 [ 3322.149219][T14245] ? percpu_counter_add_batch+0x13c/0x160 [ 3322.154941][T14245] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3322.160477][T14245] __mem_cgroup_charge+0x14c/0x6d0 [ 3322.165581][T14245] shmem_add_to_page_cache+0x55e/0xe10 [ 3322.171032][T14245] ? shmem_alloc_page+0x300/0x300 [ 3322.176050][T14245] ? _raw_spin_lock_irqsave+0x110/0x110 [ 3322.181589][T14245] ? find_lock_entry+0x4b/0x200 [ 3322.186432][T14245] ? lru_cache_add+0x164/0x380 [ 3322.191206][T14245] ? shmem_getpage_gfp+0x8f3/0x2110 [ 3322.196397][T14245] shmem_getpage_gfp+0x8e8/0x2110 [ 3322.201421][T14245] shmem_write_begin+0xce/0x1b0 [ 3322.206265][T14245] generic_perform_write+0x2be/0x510 [ 3322.211550][T14245] ? atime_needs_update+0x5b0/0x5b0 [ 3322.216742][T14245] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3322.222550][T14245] ? file_remove_privs+0x580/0x580 [ 3322.227652][T14245] ? __kasan_check_write+0x14/0x20 [ 3322.232756][T14245] ? down_write+0xac/0x110 [ 3322.237162][T14245] __generic_file_write_iter+0x24b/0x480 [ 3322.242789][T14245] ? generic_write_checks+0x3d4/0x480 [ 3322.248152][T14245] generic_file_write_iter+0xa9/0x1d0 [ 3322.253514][T14245] __kernel_write+0x55a/0x910 [ 3322.258184][T14245] ? vfs_read+0xa10/0xa10 [ 3322.262508][T14245] ? populate_vma_page_range+0xf0/0xf0 [ 3322.267956][T14245] ? cgroup_freezing+0x86/0xb0 [ 3322.272712][T14245] ? freezing_slow_path+0x10a/0x150 [ 3322.277903][T14245] dump_emit+0x240/0x360 [ 3322.282142][T14245] ? wait_for_dump_helpers+0x390/0x390 [ 3322.287592][T14245] ? freezing_slow_path+0x10a/0x150 [ 3322.292785][T14245] dump_user_range+0x6a/0x1a0 [ 3322.297456][T14245] elf_core_dump+0x278a/0x2bc0 [ 3322.302214][T14245] ? load_elf_binary+0x2890/0x2890 [ 3322.307325][T14245] ? kvmalloc_node+0x88/0x130 [ 3322.311997][T14245] ? _raw_spin_unlock+0x4d/0x70 [ 3322.316840][T14245] ? cgroup_freezing+0x86/0xb0 [ 3322.321590][T14245] ? freezing_slow_path+0x10a/0x150 [ 3322.326781][T14245] do_coredump+0x1ac9/0x27f0 [ 3322.331367][T14245] ? simple_acl_create+0x1c0/0x1c0 [ 3322.336469][T14245] ? debug_smp_processor_id+0x17/0x20 [ 3322.341834][T14245] ? kmem_cache_free+0x100/0x2d0 [ 3322.346764][T14245] ? ____kasan_slab_free+0x130/0x160 [ 3322.352054][T14245] ? get_signal+0xb98/0x12e0 [ 3322.356641][T14245] ? kmem_cache_free+0x100/0x2d0 [ 3322.361578][T14245] get_signal+0xf23/0x12e0 [ 3322.365996][T14245] ? asm_exc_invalid_op+0xa/0x20 [ 3322.370932][T14245] arch_do_signal_or_restart+0xbf/0x10f0 [ 3322.376567][T14245] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 3322.382381][T14245] ? force_sig_info_to_task+0x26d/0x2e0 [ 3322.387929][T14245] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 3322.393566][T14245] ? force_sig_fault_to_task+0x110/0x110 [ 3322.399197][T14245] ? do_trap+0x117/0x2f0 [ 3322.403438][T14245] ? asm_exc_invalid_op+0xa/0x20 [ 3322.408376][T14245] exit_to_user_mode_loop+0xa2/0xe0 [ 3322.413661][T14245] exit_to_user_mode_prepare+0x76/0xa0 [ 3322.419123][T14245] irqentry_exit_to_user_mode+0x9/0x10 [ 3322.424582][T14245] irqentry_exit+0x12/0x60 [ 3322.429036][T14245] exc_invalid_op+0x3e/0x50 [ 3322.433535][T14245] asm_exc_invalid_op+0x12/0x20 [ 3322.438363][T14245] RIP: 0033:0x200000000000 [ 3322.442755][T14245] Code: Unable to access opcode bytes at RIP 0x1fffffffffd6. [ 3322.450093][T14245] RSP: 002b:00007f061018da78 EFLAGS: 00010246 [ 3322.456134][T14245] RAX: 0000000000000000 RBX: 00007f061197cfa0 RCX: 00007f06117266c9 [ 3322.464097][T14245] RDX: 00007f061018da80 RSI: 00007f061018dbb0 RDI: 000000000000000d [ 3322.472127][T14245] RBP: 00007f06117a8f91 R08: 0000000000000000 R09: 0000000000000000 [ 3322.480072][T14245] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 3322.488017][T14245] R13: 00007f061197d038 R14: 00007f061197cfa0 R15: 00007ffe46890ac8 [ 3322.515284][T14287] bridge0: port 1(bridge_slave_0) entered blocking state [ 3322.525378][T14245] memory: usage 307200kB, limit 307200kB, failcnt 294634 [ 3322.532595][T14245] memory+swap: usage 330344kB, limit 9007199254740988kB, failcnt 0 [ 3322.540528][T14245] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3322.540666][T14287] bridge0: port 1(bridge_slave_0) entered disabled state [ 3322.547920][T14287] device bridge_slave_0 entered promiscuous mode [ 3322.554771][T14245] Memory cgroup stats for /syz0: [ 3322.561081][T14245] anon 184320 [ 3322.561081][T14245] file 314130432 [ 3322.561081][T14245] kernel_stack 0 [ 3322.561081][T14245] percpu 0 [ 3322.561081][T14245] sock 0 [ 3322.561081][T14245] shmem 314130432 [ 3322.561081][T14245] file_mapped 135168 [ 3322.561081][T14245] file_dirty 0 [ 3322.561081][T14245] file_writeback 0 [ 3322.561081][T14245] anon_thp 0 [ 3322.561081][T14245] inactive_anon 314404864 [ 3322.561081][T14245] active_anon 135168 [ 3322.561081][T14245] inactive_file 200704 [ 3322.561081][T14245] active_file 143360 [ 3322.561081][T14245] unevictable 0 [ 3322.561081][T14245] slab_reclaimable 0 [ 3322.561081][T14245] slab_unreclaimable 0 [ 3322.561081][T14245] slab 0 [ 3322.561081][T14245] workingset_refault_anon 0 [ 3322.561081][T14245] workingset_refault_file 725340 [ 3322.561081][T14245] workingset_activate_anon 0 [ 3322.561081][T14245] workingset_activate_file 56727 [ 3322.561081][T14245] workingset_restore_anon 0 [ 3322.561081][T14245] workingset_restore_file 9669 [ 3322.591410][T14287] bridge0: port 2(bridge_slave_1) entered blocking state [ 3322.662820][T14287] bridge0: port 2(bridge_slave_1) entered disabled state [ 3322.670367][T14287] device bridge_slave_1 entered promiscuous mode [ 3322.710642][T14245] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.98661,pid=14244,uid=0 [ 3322.733920][T14287] bridge0: port 2(bridge_slave_1) entered blocking state [ 3322.740980][T14287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3322.748243][T14287] bridge0: port 1(bridge_slave_0) entered blocking state [ 3322.755284][T14287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3322.762864][T14245] Memory cgroup out of memory: Killed process 14244 (syz.0.98661) total-vm:93812kB, anon-rss:1324kB, file-rss:47436kB, shmem-rss:4kB, UID:0 pgtables:180kB oom_score_adj:1000 [ 3322.781500][ T27] oom_reaper: reaped process 14244 (syz.0.98661), now anon-rss:0kB, file-rss:46280kB, shmem-rss:4kB [ 3322.792399][T14290] syz.6.98682 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3322.815441][T14290] CPU: 0 PID: 14290 Comm: syz.6.98682 Tainted: G W syzkaller #0 [ 3322.824391][T14290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3322.834438][T14290] Call Trace: [ 3322.837726][T14290] __dump_stack+0x21/0x24 [ 3322.842049][T14290] dump_stack_lvl+0x169/0x1d8 [ 3322.846718][T14290] ? show_regs_print_info+0x18/0x18 [ 3322.851906][T14290] ? ___ratelimit+0x3d1/0x560 [ 3322.856575][T14290] ? __kasan_check_write+0x14/0x20 [ 3322.861679][T14290] ? _raw_spin_lock+0x8e/0xe0 [ 3322.866351][T14290] dump_stack+0x15/0x1c [ 3322.870499][T14290] dump_header+0xdd/0x650 [ 3322.874822][T14290] oom_kill_process+0x1fa/0x2c0 [ 3322.879663][T14290] out_of_memory+0x94a/0xd70 [ 3322.884246][T14290] ? unregister_oom_notifier+0x20/0x20 [ 3322.889697][T14290] ? mutex_lock_killable+0xd3/0xe0 [ 3322.894800][T14290] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3322.901295][T14290] mem_cgroup_out_of_memory+0x260/0x310 [ 3322.906833][T14290] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3322.912367][T14290] ? _raw_spin_lock+0x8e/0xe0 [ 3322.917042][T14290] ? _raw_spin_trylock_bh+0x130/0x130 [ 3322.922414][T14290] ? _raw_spin_unlock+0x4d/0x70 [ 3322.927256][T14290] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3322.932797][T14290] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3322.938013][T14290] try_charge+0xf61/0x14e0 [ 3322.942431][T14290] ? __memcg_kmem_charge+0x140/0x140 [ 3322.947714][T14290] ? percpu_counter_add_batch+0x13c/0x160 [ 3322.953425][T14290] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3322.958970][T14290] __mem_cgroup_charge+0x14c/0x6d0 [ 3322.964090][T14290] shmem_add_to_page_cache+0x55e/0xe10 [ 3322.969546][T14290] ? shmem_alloc_page+0x300/0x300 [ 3322.974570][T14290] ? _raw_spin_lock+0x8e/0xe0 [ 3322.979242][T14290] ? find_lock_entry+0x4b/0x200 [ 3322.984090][T14290] shmem_getpage_gfp+0x8e8/0x2110 [ 3322.989112][T14290] ? shmem_xattr_handler_get+0x41/0x50 [ 3322.994566][T14290] shmem_write_begin+0xce/0x1b0 [ 3322.999408][T14290] generic_perform_write+0x2be/0x510 [ 3323.004689][T14290] ? atime_needs_update+0x5b0/0x5b0 [ 3323.009884][T14290] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3323.015683][T14290] ? file_remove_privs+0x580/0x580 [ 3323.020782][T14290] ? __kasan_check_write+0x14/0x20 [ 3323.025884][T14290] ? down_write+0xac/0x110 [ 3323.030296][T14290] __generic_file_write_iter+0x24b/0x480 [ 3323.035926][T14290] ? generic_write_checks+0x3d4/0x480 [ 3323.041301][T14290] generic_file_write_iter+0xa9/0x1d0 [ 3323.046669][T14290] vfs_write+0x725/0xd60 [ 3323.050905][T14290] ? __kasan_slab_free+0x11/0x20 [ 3323.055842][T14290] ? kernel_write+0x3c0/0x3c0 [ 3323.060518][T14290] ? mutex_trylock+0xa0/0xa0 [ 3323.065104][T14290] ? __fget_files+0x2c4/0x320 [ 3323.069774][T14290] ? __fdget_pos+0x2d2/0x380 [ 3323.074357][T14290] ? ksys_write+0x71/0x240 [ 3323.078756][T14290] ksys_write+0x140/0x240 [ 3323.083076][T14290] ? __ia32_sys_read+0x90/0x90 [ 3323.087836][T14290] ? __kasan_check_read+0x11/0x20 [ 3323.092861][T14290] __x64_sys_write+0x7b/0x90 [ 3323.097445][T14290] do_syscall_64+0x31/0x40 [ 3323.101856][T14290] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3323.107737][T14290] RIP: 0033:0x7fde365bc6c9 [ 3323.112147][T14290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3323.131746][T14290] RSP: 002b:00007fde35024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3323.140159][T14290] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3323.148122][T14290] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000004 [ 3323.156088][T14290] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3323.164053][T14290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3323.172019][T14290] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3323.185317][T14290] memory: usage 307200kB, limit 307200kB, failcnt 53087 [ 3323.192363][T14290] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3323.200258][T14290] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3323.207339][T14290] Memory cgroup stats for /syz6: [ 3323.207451][T14290] anon 253952 [ 3323.207451][T14290] file 313319424 [ 3323.207451][T14290] kernel_stack 0 [ 3323.207451][T14290] percpu 0 [ 3323.207451][T14290] sock 0 [ 3323.207451][T14290] shmem 246140928 [ 3323.207451][T14290] file_mapped 0 [ 3323.207451][T14290] file_dirty 0 [ 3323.207451][T14290] file_writeback 0 [ 3323.207451][T14290] anon_thp 0 [ 3323.207451][T14290] inactive_anon 247255040 [ 3323.207451][T14290] active_anon 270336 [ 3323.207451][T14290] inactive_file 20480 [ 3323.207451][T14290] active_file 69632 [ 3323.207451][T14290] unevictable 67227648 [ 3323.207451][T14290] slab_reclaimable 0 [ 3323.207451][T14290] slab_unreclaimable 0 [ 3323.207451][T14290] slab 0 [ 3323.207451][T14290] workingset_refault_anon 0 [ 3323.207451][T14290] workingset_refault_file 11649 [ 3323.207451][T14290] workingset_activate_anon 0 [ 3323.207451][T14290] workingset_activate_file 2937 [ 3323.207451][T14290] workingset_restore_anon 0 [ 3323.207451][T14290] workingset_restore_file 2607 [ 3323.301788][T20480] bridge0: port 1(bridge_slave_0) entered disabled state [ 3323.307751][T14290] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98682,pid=14285,uid=0 [ 3323.333909][T14290] Memory cgroup out of memory: Killed process 14285 (syz.6.98682) total-vm:93944kB, anon-rss:1280kB, file-rss:21812kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3323.371033][T20480] bridge0: port 2(bridge_slave_1) entered disabled state [ 3323.407906][ T27] oom_reaper: reaped process 14285 (syz.6.98682), now anon-rss:0kB, file-rss:21128kB, shmem-rss:0kB [ 3323.433004][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3323.442985][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3323.459706][T14328] syz.6.98699 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3323.482924][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3323.490610][T14328] CPU: 0 PID: 14328 Comm: syz.6.98699 Tainted: G W syzkaller #0 [ 3323.496720][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3323.500267][T14328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3323.509039][T14812] bridge0: port 1(bridge_slave_0) entered blocking state [ 3323.518263][T14328] Call Trace: [ 3323.518283][T14328] __dump_stack+0x21/0x24 [ 3323.518300][T14328] dump_stack_lvl+0x169/0x1d8 [ 3323.525331][T14812] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3323.528567][T14328] ? show_regs_print_info+0x18/0x18 [ 3323.533819][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3323.537509][T14328] ? ___ratelimit+0x3d1/0x560 [ 3323.545489][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3323.549847][T14328] ? __kasan_check_write+0x14/0x20 [ 3323.558317][T14812] bridge0: port 2(bridge_slave_1) entered blocking state [ 3323.562525][T14328] ? _raw_spin_lock+0x8e/0xe0 [ 3323.562543][T14328] dump_stack+0x15/0x1c [ 3323.570501][T14812] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3323.575562][T14328] dump_header+0xdd/0x650 [ 3323.575573][T14328] oom_kill_process+0x1fa/0x2c0 [ 3323.575588][T14328] out_of_memory+0x94a/0xd70 [ 3323.612237][T14328] ? unregister_oom_notifier+0x20/0x20 [ 3323.617690][T14328] ? mutex_lock_killable+0x8c/0xe0 [ 3323.622795][T14328] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3323.629291][T14328] mem_cgroup_out_of_memory+0x260/0x310 [ 3323.634835][T14328] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3323.640373][T14328] ? _raw_spin_lock+0x8e/0xe0 [ 3323.645050][T14328] ? _raw_spin_trylock_bh+0x130/0x130 [ 3323.650415][T14328] ? _raw_spin_unlock+0x4d/0x70 [ 3323.655261][T14328] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3323.660797][T14328] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3323.665990][T14328] try_charge+0xf61/0x14e0 [ 3323.670403][T14328] ? __memcg_kmem_charge+0x140/0x140 [ 3323.675683][T14328] ? percpu_counter_add_batch+0x13c/0x160 [ 3323.681399][T14328] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3323.686941][T14328] __mem_cgroup_charge+0x14c/0x6d0 [ 3323.692046][T14328] shmem_add_to_page_cache+0x55e/0xe10 [ 3323.697506][T14328] ? shmem_alloc_page+0x300/0x300 [ 3323.702526][T14328] ? _raw_spin_lock+0x8e/0xe0 [ 3323.707199][T14328] ? find_lock_entry+0x4b/0x200 [ 3323.712045][T14328] shmem_getpage_gfp+0x8e8/0x2110 [ 3323.717063][T14328] ? shmem_xattr_handler_get+0x41/0x50 [ 3323.722516][T14328] shmem_write_begin+0xce/0x1b0 [ 3323.727359][T14328] generic_perform_write+0x2be/0x510 [ 3323.732641][T14328] ? atime_needs_update+0x5b0/0x5b0 [ 3323.737834][T14328] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3323.743633][T14328] ? file_remove_privs+0x580/0x580 [ 3323.744220][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3323.748734][T14328] ? __kasan_check_write+0x14/0x20 [ 3323.748745][T14328] ? down_write+0xac/0x110 [ 3323.748764][T14328] __generic_file_write_iter+0x24b/0x480 [ 3323.767052][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3323.771630][T14328] ? generic_write_checks+0x3d4/0x480 [ 3323.771644][T14328] generic_file_write_iter+0xa9/0x1d0 [ 3323.771653][T14328] vfs_write+0x725/0xd60 [ 3323.771670][T14328] ? __kasan_slab_free+0x11/0x20 [ 3323.799201][T14328] ? kernel_write+0x3c0/0x3c0 [ 3323.800606][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3323.803872][T14328] ? mutex_trylock+0xa0/0xa0 [ 3323.816214][T14328] ? __fget_files+0x2c4/0x320 [ 3323.820887][T14328] ? __fdget_pos+0x2d2/0x380 [ 3323.821416][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3323.825463][T14328] ? ksys_write+0x71/0x240 [ 3323.825472][T14328] ksys_write+0x140/0x240 [ 3323.825482][T14328] ? __ia32_sys_read+0x90/0x90 [ 3323.825499][T14328] ? __kasan_check_read+0x11/0x20 [ 3323.848249][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 3323.851632][T14328] __x64_sys_write+0x7b/0x90 [ 3323.851643][T14328] do_syscall_64+0x31/0x40 [ 3323.851656][T14328] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3323.851664][T14328] RIP: 0033:0x7fde365bc6c9 [ 3323.851676][T14328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3323.851682][T14328] RSP: 002b:00007fde35024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3323.851693][T14328] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3323.851700][T14328] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000004 [ 3323.851706][T14328] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3323.851711][T14328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3323.851718][T14328] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3323.865702][T14328] memory: usage 307200kB, limit 307200kB, failcnt 53171 [ 3323.904405][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 3323.909665][T14328] memory+swap: usage 396172kB, limit 9007199254740988kB, failcnt 0 [ 3323.939095][T14287] device veth0_vlan entered promiscuous mode [ 3323.943752][T14328] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3323.957442][T14287] device veth1_macvtap entered promiscuous mode [ 3323.990590][T14328] Memory cgroup stats for /syz6: [ 3323.990687][T14328] anon 253952 [ 3323.990687][T14328] file 313319424 [ 3323.990687][T14328] kernel_stack 0 [ 3323.990687][T14328] percpu 0 [ 3323.990687][T14328] sock 0 [ 3323.990687][T14328] shmem 246140928 [ 3323.990687][T14328] file_mapped 0 [ 3323.990687][T14328] file_dirty 0 [ 3323.990687][T14328] file_writeback 0 [ 3323.990687][T14328] anon_thp 0 [ 3323.990687][T14328] inactive_anon 247255040 [ 3323.990687][T14328] active_anon 270336 [ 3323.990687][T14328] inactive_file 20480 [ 3323.990687][T14328] active_file 69632 [ 3323.990687][T14328] unevictable 67227648 [ 3323.990687][T14328] slab_reclaimable 0 [ 3323.990687][T14328] slab_unreclaimable 0 [ 3323.990687][T14328] slab 0 [ 3323.990687][T14328] workingset_refault_anon 0 [ 3323.990687][T14328] workingset_refault_file 11649 [ 3323.990687][T14328] workingset_activate_anon 0 [ 3323.990687][T14328] workingset_activate_file 2937 [ 3323.990687][T14328] workingset_restore_anon 0 [ 3323.990687][T14328] workingset_restore_file 2607 [ 3324.085002][T14328] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98699,pid=14327,uid=0 [ 3324.100468][T14328] Memory cgroup out of memory: Killed process 14327 (syz.6.98699) total-vm:93944kB, anon-rss:1284kB, file-rss:21872kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3324.123701][ T27] oom_reaper: reaped process 14327 (syz.6.98699), now anon-rss:0kB, file-rss:21192kB, shmem-rss:0kB [ 3324.131555][T14314] syz.0.98692 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3324.144609][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 3324.156496][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 3324.164200][T14314] CPU: 0 PID: 14314 Comm: syz.0.98692 Tainted: G W syzkaller #0 [ 3324.173131][T14314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3324.177634][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 3324.183176][T14314] Call Trace: [ 3324.183196][T14314] __dump_stack+0x21/0x24 [ 3324.183206][T14314] dump_stack_lvl+0x169/0x1d8 [ 3324.183218][T14314] ? show_regs_print_info+0x18/0x18 [ 3324.183227][T14314] ? ___ratelimit+0x3d1/0x560 [ 3324.183238][T14314] ? __kasan_check_write+0x14/0x20 [ 3324.183256][T14314] ? _raw_spin_lock+0x8e/0xe0 [ 3324.191909][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 3324.194396][T14314] dump_stack+0x15/0x1c [ 3324.198907][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 3324.203332][T14314] dump_header+0xdd/0x650 [ 3324.203343][T14314] oom_kill_process+0x1fa/0x2c0 [ 3324.203351][T14314] out_of_memory+0x94a/0xd70 [ 3324.203362][T14314] ? unregister_oom_notifier+0x20/0x20 [ 3324.203371][T14314] ? mutex_lock_killable+0xd3/0xe0 [ 3324.203381][T14314] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3324.203393][T14314] mem_cgroup_out_of_memory+0x260/0x310 [ 3324.203402][T14314] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3324.203411][T14314] ? _raw_spin_lock+0x8e/0xe0 [ 3324.203420][T14314] ? _raw_spin_trylock_bh+0x130/0x130 [ 3324.203429][T14314] ? _raw_spin_unlock+0x4d/0x70 [ 3324.203437][T14314] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3324.203446][T14314] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3324.203455][T14314] try_charge+0xf61/0x14e0 [ 3324.203466][T14314] ? __memcg_kmem_charge+0x140/0x140 [ 3324.203484][T14314] ? percpu_counter_add_batch+0x13c/0x160 [ 3324.325025][T14314] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3324.330573][T14314] __mem_cgroup_charge+0x14c/0x6d0 [ 3324.335687][T14314] shmem_add_to_page_cache+0x55e/0xe10 [ 3324.341148][T14314] ? shmem_alloc_page+0x300/0x300 [ 3324.346173][T14314] ? _raw_spin_lock_irqsave+0x110/0x110 [ 3324.351722][T14314] ? find_lock_entry+0x4b/0x200 [ 3324.356572][T14314] ? lru_cache_add+0x164/0x380 [ 3324.361332][T14314] ? shmem_getpage_gfp+0x8f3/0x2110 [ 3324.366527][T14314] shmem_getpage_gfp+0x8e8/0x2110 [ 3324.371553][T14314] shmem_write_begin+0xce/0x1b0 [ 3324.376412][T14314] generic_perform_write+0x2be/0x510 [ 3324.381690][T14314] ? atime_needs_update+0x5b0/0x5b0 [ 3324.386881][T14314] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3324.392668][T14314] ? file_remove_privs+0x580/0x580 [ 3324.397753][T14314] ? __kasan_check_write+0x14/0x20 [ 3324.402836][T14314] ? down_write+0xac/0x110 [ 3324.407229][T14314] __generic_file_write_iter+0x24b/0x480 [ 3324.412835][T14314] ? generic_write_checks+0x3d4/0x480 [ 3324.418181][T14314] generic_file_write_iter+0xa9/0x1d0 [ 3324.423523][T14314] __kernel_write+0x55a/0x910 [ 3324.428173][T14314] ? vfs_read+0xa10/0xa10 [ 3324.432474][T14314] ? populate_vma_page_range+0xf0/0xf0 [ 3324.437911][T14314] ? cgroup_freezing+0x86/0xb0 [ 3324.442651][T14314] ? freezing_slow_path+0x10a/0x150 [ 3324.447856][T14314] dump_emit+0x240/0x360 [ 3324.452074][T14314] ? wait_for_dump_helpers+0x390/0x390 [ 3324.457504][T14314] ? dump_user_range+0x13b/0x1a0 [ 3324.462413][T14314] dump_user_range+0x6a/0x1a0 [ 3324.467065][T14314] elf_core_dump+0x278a/0x2bc0 [ 3324.471801][T14314] ? load_elf_binary+0x2890/0x2890 [ 3324.476896][T14314] ? kvmalloc_node+0x88/0x130 [ 3324.481553][T14314] ? _raw_spin_unlock+0x4d/0x70 [ 3324.486380][T14314] ? cgroup_freezing+0x86/0xb0 [ 3324.491117][T14314] ? freezing_slow_path+0x10a/0x150 [ 3324.496725][T14314] do_coredump+0x1ac9/0x27f0 [ 3324.501292][T14314] ? simple_acl_create+0x1c0/0x1c0 [ 3324.506376][T14314] ? debug_smp_processor_id+0x17/0x20 [ 3324.511730][T14314] ? kmem_cache_free+0x100/0x2d0 [ 3324.516647][T14314] ? ____kasan_slab_free+0x130/0x160 [ 3324.521910][T14314] ? get_signal+0xb98/0x12e0 [ 3324.526476][T14314] ? kmem_cache_free+0x100/0x2d0 [ 3324.531385][T14314] get_signal+0xf23/0x12e0 [ 3324.535786][T14314] ? asm_exc_invalid_op+0xa/0x20 [ 3324.540698][T14314] arch_do_signal_or_restart+0xbf/0x10f0 [ 3324.546304][T14314] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 3324.552085][T14314] ? force_sig_info_to_task+0x26d/0x2e0 [ 3324.557601][T14314] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 3324.563205][T14314] ? force_sig_fault_to_task+0x110/0x110 [ 3324.568811][T14314] ? do_trap+0x117/0x2f0 [ 3324.573026][T14314] ? asm_exc_invalid_op+0xa/0x20 [ 3324.577936][T14314] exit_to_user_mode_loop+0xa2/0xe0 [ 3324.583106][T14314] exit_to_user_mode_prepare+0x76/0xa0 [ 3324.588538][T14314] irqentry_exit_to_user_mode+0x9/0x10 [ 3324.593970][T14314] irqentry_exit+0x12/0x60 [ 3324.598355][T14314] exc_invalid_op+0x3e/0x50 [ 3324.602834][T14314] asm_exc_invalid_op+0x12/0x20 [ 3324.607660][T14314] RIP: 0033:0x200000000000 [ 3324.612051][T14314] Code: Unable to access opcode bytes at RIP 0x1fffffffffd6. [ 3324.619388][T14314] RSP: 002b:00007f061018da78 EFLAGS: 00010246 [ 3324.625426][T14314] RAX: 0000000000000000 RBX: 00007f061197cfa0 RCX: 00007f06117266c9 [ 3324.633371][T14314] RDX: 00007f061018da80 RSI: 00007f061018dbb0 RDI: 000000000000000d [ 3324.641316][T14314] RBP: 00007f06117a8f91 R08: 0000000000000000 R09: 0000000000000000 [ 3324.649261][T14314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3324.657206][T14314] R13: 00007f061197d038 R14: 00007f061197cfa0 R15: 00007ffe46890ac8 [ 3324.666463][T14314] memory: usage 307200kB, limit 307200kB, failcnt 294653 [ 3324.678815][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 3324.687294][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 3324.694809][T14314] memory+swap: usage 330344kB, limit 9007199254740988kB, failcnt 0 [ 3324.704447][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 3324.712842][T14314] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3324.720089][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 3324.728432][T14314] Memory cgroup stats for /syz0: [ 3324.728547][T14314] anon 184320 [ 3324.728547][T14314] file 314130432 [ 3324.728547][T14314] kernel_stack 0 [ 3324.728547][T14314] percpu 0 [ 3324.728547][T14314] sock 0 [ 3324.728547][T14314] shmem 314130432 [ 3324.728547][T14314] file_mapped 135168 [ 3324.728547][T14314] file_dirty 0 [ 3324.728547][T14314] file_writeback 0 [ 3324.728547][T14314] anon_thp 0 [ 3324.728547][T14314] inactive_anon 314540032 [ 3324.728547][T14314] active_anon 135168 [ 3324.728547][T14314] inactive_file 200704 [ 3324.728547][T14314] active_file 143360 [ 3324.728547][T14314] unevictable 0 [ 3324.728547][T14314] slab_reclaimable 0 [ 3324.728547][T14314] slab_unreclaimable 0 [ 3324.728547][T14314] slab 0 [ 3324.728547][T14314] workingset_refault_anon 0 [ 3324.728547][T14314] workingset_refault_file 725340 [ 3324.728547][T14314] workingset_activate_anon 0 [ 3324.728547][T14314] workingset_activate_file 56727 [ 3324.728547][T14314] workingset_restore_anon 0 [ 3324.728547][T14314] workingset_restore_file 9669 [ 3324.824403][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 3324.833029][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 3324.844179][T14314] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.98692,pid=14313,uid=0 [ 3324.859802][T14314] Memory cgroup out of memory: Killed process 14313 (syz.0.98692) total-vm:93812kB, anon-rss:1324kB, file-rss:47436kB, shmem-rss:4kB, UID:0 pgtables:180kB oom_score_adj:1000 [ 3324.891416][ T27] oom_reaper: reaped process 14313 (syz.0.98692), now anon-rss:0kB, file-rss:46280kB, shmem-rss:4kB [ 3324.902551][T14320] syz.4.98695 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3324.913725][T14320] CPU: 1 PID: 14320 Comm: syz.4.98695 Tainted: G W syzkaller #0 [ 3324.922663][T14320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3324.932711][T14320] Call Trace: [ 3324.935995][T14320] __dump_stack+0x21/0x24 [ 3324.940313][T14320] dump_stack_lvl+0x169/0x1d8 [ 3324.944983][T14320] ? show_regs_print_info+0x18/0x18 [ 3324.950168][T14320] ? ___ratelimit+0x3d1/0x560 [ 3324.954836][T14320] ? __kasan_check_write+0x14/0x20 [ 3324.959935][T14320] ? _raw_spin_lock+0x8e/0xe0 [ 3324.964606][T14320] dump_stack+0x15/0x1c [ 3324.968750][T14320] dump_header+0xdd/0x650 [ 3324.973073][T14320] oom_kill_process+0x1fa/0x2c0 [ 3324.977927][T14320] out_of_memory+0x94a/0xd70 [ 3324.982514][T14320] ? unregister_oom_notifier+0x20/0x20 [ 3324.987969][T14320] ? mutex_lock_killable+0xd3/0xe0 [ 3324.993079][T14320] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3324.999590][T14320] mem_cgroup_out_of_memory+0x260/0x310 [ 3325.005134][T14320] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3325.010674][T14320] ? _raw_spin_lock+0x8e/0xe0 [ 3325.015349][T14320] ? _raw_spin_trylock_bh+0x130/0x130 [ 3325.020722][T14320] ? _raw_spin_unlock+0x4d/0x70 [ 3325.025565][T14320] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3325.031108][T14320] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3325.036299][T14320] try_charge+0xf61/0x14e0 [ 3325.040712][T14320] ? __memcg_kmem_charge+0x140/0x140 [ 3325.045990][T14320] ? percpu_counter_add_batch+0x13c/0x160 [ 3325.051704][T14320] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3325.057241][T14320] __mem_cgroup_charge+0x14c/0x6d0 [ 3325.062351][T14320] shmem_add_to_page_cache+0x55e/0xe10 [ 3325.067808][T14320] ? shmem_alloc_page+0x300/0x300 [ 3325.072828][T14320] ? _raw_spin_lock_irqsave+0x110/0x110 [ 3325.078373][T14320] ? find_lock_entry+0x4b/0x200 [ 3325.083221][T14320] ? lru_cache_add+0x164/0x380 [ 3325.087980][T14320] ? shmem_getpage_gfp+0x8f3/0x2110 [ 3325.093180][T14320] shmem_getpage_gfp+0x8e8/0x2110 [ 3325.098209][T14320] shmem_write_begin+0xce/0x1b0 [ 3325.103062][T14320] generic_perform_write+0x2be/0x510 [ 3325.108356][T14320] ? atime_needs_update+0x5b0/0x5b0 [ 3325.113552][T14320] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3325.119354][T14320] ? file_remove_privs+0x580/0x580 [ 3325.124464][T14320] ? __kasan_check_write+0x14/0x20 [ 3325.129571][T14320] ? down_write+0xac/0x110 [ 3325.133986][T14320] __generic_file_write_iter+0x24b/0x480 [ 3325.139614][T14320] ? generic_write_checks+0x3d4/0x480 [ 3325.144982][T14320] generic_file_write_iter+0xa9/0x1d0 [ 3325.150348][T14320] __kernel_write+0x55a/0x910 [ 3325.155022][T14320] ? vfs_read+0xa10/0xa10 [ 3325.159349][T14320] ? populate_vma_page_range+0xf0/0xf0 [ 3325.164808][T14320] ? cgroup_freezing+0x86/0xb0 [ 3325.169568][T14320] ? freezing_slow_path+0x10a/0x150 [ 3325.174764][T14320] dump_emit+0x240/0x360 [ 3325.179006][T14320] ? wait_for_dump_helpers+0x390/0x390 [ 3325.184464][T14320] dump_user_range+0x6a/0x1a0 [ 3325.189124][T14320] elf_core_dump+0x278a/0x2bc0 [ 3325.193859][T14320] ? load_elf_binary+0x2890/0x2890 [ 3325.198960][T14320] ? kvmalloc_node+0x88/0x130 [ 3325.203628][T14320] ? _raw_spin_unlock+0x4d/0x70 [ 3325.208455][T14320] ? cgroup_freezing+0x86/0xb0 [ 3325.213192][T14320] ? freezing_slow_path+0x10a/0x150 [ 3325.218362][T14320] do_coredump+0x1ac9/0x27f0 [ 3325.222923][T14320] ? simple_acl_create+0x1c0/0x1c0 [ 3325.228007][T14320] ? debug_smp_processor_id+0x17/0x20 [ 3325.233346][T14320] ? kmem_cache_free+0x100/0x2d0 [ 3325.238256][T14320] ? ____kasan_slab_free+0x130/0x160 [ 3325.243516][T14320] ? get_signal+0xb98/0x12e0 [ 3325.248078][T14320] ? kmem_cache_free+0x100/0x2d0 [ 3325.252986][T14320] get_signal+0xf23/0x12e0 [ 3325.257374][T14320] ? asm_exc_invalid_op+0xa/0x20 [ 3325.262282][T14320] arch_do_signal_or_restart+0xbf/0x10f0 [ 3325.267885][T14320] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 3325.273662][T14320] ? force_sig_info_to_task+0x26d/0x2e0 [ 3325.279178][T14320] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 3325.284781][T14320] ? force_sig_fault_to_task+0x110/0x110 [ 3325.290510][T14320] ? do_trap+0x117/0x2f0 [ 3325.295162][T14320] ? asm_exc_invalid_op+0xa/0x20 [ 3325.300086][T14320] exit_to_user_mode_loop+0xa2/0xe0 [ 3325.305260][T14320] exit_to_user_mode_prepare+0x76/0xa0 [ 3325.310713][T14320] irqentry_exit_to_user_mode+0x9/0x10 [ 3325.316148][T14320] irqentry_exit+0x12/0x60 [ 3325.320540][T14320] exc_invalid_op+0x3e/0x50 [ 3325.325019][T14320] asm_exc_invalid_op+0x12/0x20 [ 3325.329841][T14320] RIP: 0033:0x200000000000 [ 3325.334230][T14320] Code: Unable to access opcode bytes at RIP 0x1fffffffffd6. [ 3325.341568][T14320] RSP: 002b:00007f491cf34a78 EFLAGS: 00010246 [ 3325.347607][T14320] RAX: 0000000000000000 RBX: 00007f491e723fa0 RCX: 00007f491e4cd6c9 [ 3325.355563][T14320] RDX: 00007f491cf34a80 RSI: 00007f491cf34bb0 RDI: 000000000000000d [ 3325.363516][T14320] RBP: 00007f491e54ff91 R08: 0000000000000000 R09: 0000000000000000 [ 3325.371466][T14320] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 3325.379414][T14320] R13: 00007f491e724038 R14: 00007f491e723fa0 R15: 00007ffcae0a36f8 [ 3325.388996][T14320] memory: usage 307200kB, limit 307200kB, failcnt 238018 [ 3325.396244][T14320] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 3325.406293][T14320] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3325.413316][T14320] Memory cgroup stats for /syz4: [ 3325.413433][T14320] anon 376832 [ 3325.413433][T14320] file 313995264 [ 3325.413433][T14320] kernel_stack 0 [ 3325.413433][T14320] percpu 0 [ 3325.413433][T14320] sock 0 [ 3325.413433][T14320] shmem 313995264 [ 3325.413433][T14320] file_mapped 135168 [ 3325.413433][T14320] file_dirty 135168 [ 3325.413433][T14320] file_writeback 0 [ 3325.413433][T14320] anon_thp 0 [ 3325.413433][T14320] inactive_anon 314339328 [ 3325.413433][T14320] active_anon 0 [ 3325.413433][T14320] inactive_file 163840 [ 3325.413433][T14320] active_file 180224 [ 3325.413433][T14320] unevictable 0 [ 3325.413433][T14320] slab_reclaimable 0 [ 3325.413433][T14320] slab_unreclaimable 0 [ 3325.413433][T14320] slab 0 [ 3325.413433][T14320] workingset_refault_anon 0 [ 3325.413433][T14320] workingset_refault_file 619740 [ 3325.413433][T14320] workingset_activate_anon 0 [ 3325.413433][T14320] workingset_activate_file 15378 [ 3325.413433][T14320] workingset_restore_anon 0 [ 3325.413433][T14320] workingset_restore_file 5907 [ 3325.512020][T14320] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.98695,pid=14319,uid=0 [ 3325.527201][T14362] ================================================================== [ 3325.528695][T14320] Memory cgroup out of memory: Killed process 14319 (syz.4.98695) total-vm:93812kB, anon-rss:1324kB, file-rss:54300kB, shmem-rss:4kB, UID:0 pgtables:204kB oom_score_adj:1000 [ 3325.535276][T14362] BUG: KASAN: use-after-free in lock_get_status+0x206/0x960 [ 3325.535287][T14362] Read of size 8 at addr ffff88811d3aac20 by task syz.1.98715/14362 [ 3325.535298][T14362] [ 3325.553580][ T27] oom_reaper: reaped process 14319 (syz.4.98695), now anon-rss:0kB, file-rss:53236kB, shmem-rss:4kB [ 3325.559737][T14362] CPU: 1 PID: 14362 Comm: syz.1.98715 Tainted: G W syzkaller #0 [ 3325.589633][T14362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3325.599679][T14362] Call Trace: [ 3325.602963][T14362] __dump_stack+0x21/0x24 [ 3325.607298][T14362] dump_stack_lvl+0x169/0x1d8 [ 3325.611979][T14362] ? show_regs_print_info+0x18/0x18 [ 3325.617176][T14362] ? thaw_kernel_threads+0x220/0x220 [ 3325.622451][T14362] ? rcu_sync_func+0x115/0x240 [ 3325.627209][T14362] print_address_description+0x7f/0x2c0 [ 3325.632744][T14362] ? lock_get_status+0x206/0x960 [ 3325.637668][T14362] kasan_report+0xe2/0x130 [ 3325.642074][T14362] ? lock_get_status+0x206/0x960 [ 3325.647000][T14362] __asan_report_load8_noabort+0x14/0x20 [ 3325.652638][T14362] lock_get_status+0x206/0x960 [ 3325.657398][T14362] locks_show+0x1f1/0x2f0 [ 3325.660965][T14341] syz.6.98706 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3325.661723][T14362] traverse+0x1d1/0x510 [ 3325.675723][T14362] seq_read_iter+0xc57/0xd30 [ 3325.680307][T14362] proc_reg_read_iter+0x1be/0x290 [ 3325.685316][T14362] vfs_read+0x874/0xa10 [ 3325.689457][T14362] ? kernel_read+0x70/0x70 [ 3325.693858][T14362] ? __fget_files+0x2c4/0x320 [ 3325.698514][T14362] ? __fdget+0x1a1/0x230 [ 3325.702735][T14362] ? __x64_sys_pread64+0xec/0x220 [ 3325.707735][T14362] __x64_sys_pread64+0x191/0x220 [ 3325.712662][T14362] ? ksys_pread64+0x1b0/0x1b0 [ 3325.717317][T14362] ? __kasan_check_read+0x11/0x20 [ 3325.722319][T14362] ? exit_to_user_mode_prepare+0x9a/0xa0 [ 3325.727930][T14362] do_syscall_64+0x31/0x40 [ 3325.732341][T14362] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3325.738217][T14362] RIP: 0033:0x7f8720e936c9 [ 3325.742614][T14362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3325.762199][T14362] RSP: 002b:00007f871f8fb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 3325.770590][T14362] RAX: ffffffffffffffda RBX: 00007f87210e9fa0 RCX: 00007f8720e936c9 [ 3325.778539][T14362] RDX: 00000000000000d1 RSI: 00002000000024c0 RDI: 0000000000000005 [ 3325.786502][T14362] RBP: 00007f8720f15f91 R08: 0000000000000000 R09: 0000000000000000 [ 3325.794816][T14362] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 3325.802788][T14362] R13: 00007f87210ea038 R14: 00007f87210e9fa0 R15: 00007ffd47f36398 [ 3325.810746][T14362] [ 3325.813070][T14362] Allocated by task 95: [ 3325.813181][T14341] CPU: 0 PID: 14341 Comm: syz.6.98706 Tainted: G W syzkaller #0 [ 3325.817213][T14362] __kasan_slab_alloc+0xbd/0xf0 [ 3325.826115][T14341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 3325.830942][T14362] slab_post_alloc_hook+0x5d/0x2f0 [ 3325.840956][T14341] Call Trace: [ 3325.846034][T14362] kmem_cache_alloc+0x165/0x2e0 [ 3325.846049][T14362] __alloc_file+0x28/0x320 [ 3325.849305][T14341] __dump_stack+0x21/0x24 [ 3325.854119][T14362] alloc_empty_file+0x97/0x180 [ 3325.858504][T14341] dump_stack_lvl+0x169/0x1d8 [ 3325.862800][T14362] path_openat+0xf2/0x3160 [ 3325.867529][T14341] ? show_regs_print_info+0x18/0x18 [ 3325.872193][T14362] do_filp_open+0x1b3/0x3e0 [ 3325.876577][T14341] ? ___ratelimit+0x3d1/0x560 [ 3325.881739][T14362] do_sys_openat2+0x14c/0x6d0 [ 3325.886209][T14341] ? __kasan_check_write+0x14/0x20 [ 3325.890848][T14362] __x64_sys_openat+0x136/0x160 [ 3325.895492][T14341] ? _raw_spin_lock+0x8e/0xe0 [ 3325.900565][T14362] do_syscall_64+0x31/0x40 [ 3325.905380][T14341] dump_stack+0x15/0x1c [ 3325.910035][T14362] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3325.914416][T14341] dump_header+0xdd/0x650 [ 3325.918530][T14362] [ 3325.924395][T14341] oom_kill_process+0x1fa/0x2c0 [ 3325.928687][T14362] Freed by task 12: [ 3325.930989][T14341] out_of_memory+0x94a/0xd70 [ 3325.935807][T14362] kasan_set_track+0x4a/0x70 [ 3325.939587][T14341] ? unregister_oom_notifier+0x20/0x20 [ 3325.944140][T14362] kasan_set_free_info+0x23/0x40 [ 3325.948697][T14341] ? mutex_lock_killable+0xd3/0xe0 [ 3325.954120][T14362] ____kasan_slab_free+0x125/0x160 [ 3325.959030][T14341] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 3325.964103][T14362] __kasan_slab_free+0x11/0x20 [ 3325.969182][T14341] mem_cgroup_out_of_memory+0x260/0x310 [ 3325.975646][T14362] slab_free_freelist_hook+0xc5/0x190 [ 3325.980378][T14341] ? mem_cgroup_oom_trylock+0x350/0x350 [ 3325.985888][T14362] kmem_cache_free+0x100/0x2d0 [ 3325.991221][T14341] ? _raw_spin_lock+0x8e/0xe0 [ 3325.996733][T14362] file_free_rcu+0x93/0xa0 [ 3326.001462][T14341] ? _raw_spin_trylock_bh+0x130/0x130 [ 3326.006108][T14362] rcu_do_batch+0x4df/0xa80 [ 3326.010489][T14341] ? _raw_spin_unlock+0x4d/0x70 [ 3326.015833][T14362] rcu_core+0x55f/0xd60 [ 3326.020302][T14341] ? mem_cgroup_oom_trylock+0x1fc/0x350 [ 3326.025132][T14362] rcu_core_si+0x9/0x10 [ 3326.029269][T14341] ? _raw_spin_unlock_irq+0x4e/0x70 [ 3326.034785][T14362] __do_softirq+0x255/0x563 [ 3326.038909][T14341] try_charge+0xf61/0x14e0 [ 3326.044060][T14362] [ 3326.048541][T14341] ? __memcg_kmem_charge+0x140/0x140 [ 3326.052914][T14362] Last potentially related work creation: [ 3326.055224][T14341] ? percpu_counter_add_batch+0x13c/0x160 [ 3326.060472][T14362] kasan_save_stack+0x3a/0x60 [ 3326.066157][T14341] ? get_mem_cgroup_from_mm+0x197/0x1b0 [ 3326.071841][T14362] __kasan_record_aux_stack+0xd2/0x100 [ 3326.076486][T14341] __mem_cgroup_charge+0x14c/0x6d0 [ 3326.081999][T14362] kasan_record_aux_stack_noalloc+0xb/0x10 [ 3326.087422][T14341] shmem_add_to_page_cache+0x55e/0xe10 [ 3326.092498][T14362] call_rcu+0x10e/0x1050 [ 3326.098276][T14341] ? shmem_alloc_page+0x300/0x300 [ 3326.103701][T14362] __fput+0x5ad/0x770 [ 3326.107913][T14341] ? _raw_spin_lock+0x8e/0xe0 [ 3326.112902][T14362] ____fput+0x15/0x20 [ 3326.116852][T14341] ? find_lock_entry+0x4b/0x200 [ 3326.121493][T14362] task_work_run+0x127/0x190 [ 3326.125441][T14341] shmem_getpage_gfp+0x8e8/0x2110 [ 3326.130258][T14362] exit_to_user_mode_loop+0xcb/0xe0 [ 3326.134814][T14341] ? shmem_xattr_handler_get+0x41/0x50 [ 3326.139804][T14362] exit_to_user_mode_prepare+0x76/0xa0 [ 3326.144977][T14341] shmem_write_begin+0xce/0x1b0 [ 3326.150404][T14362] syscall_exit_to_user_mode+0x1d/0x40 [ 3326.155847][T14341] generic_perform_write+0x2be/0x510 [ 3326.160660][T14362] do_syscall_64+0x3d/0x40 [ 3326.166086][T14341] ? atime_needs_update+0x5b0/0x5b0 [ 3326.171339][T14362] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3326.175726][T14341] ? grab_cache_page_write_begin+0xb0/0xb0 [ 3326.180880][T14362] [ 3326.186746][T14341] ? file_remove_privs+0x580/0x580 [ 3326.192510][T14362] Second to last potentially related work creation: [ 3326.194814][T14341] ? __kasan_check_write+0x14/0x20 [ 3326.199890][T14362] kasan_save_stack+0x3a/0x60 [ 3326.206443][T14341] ? down_write+0xac/0x110 [ 3326.211520][T14362] __kasan_record_aux_stack+0xd2/0x100 [ 3326.216165][T14341] __generic_file_write_iter+0x24b/0x480 [ 3326.220547][T14362] kasan_record_aux_stack+0xe/0x10 [ 3326.225975][T14341] ? generic_write_checks+0x3d4/0x480 [ 3326.231572][T14362] task_work_add+0x27/0x1e0 [ 3326.236656][T14341] generic_file_write_iter+0xa9/0x1d0 [ 3326.241994][T14362] fput_many+0xe7/0x1a0 [ 3326.246467][T14341] vfs_write+0x725/0xd60 [ 3326.251803][T14362] fput+0x1a/0x20 [ 3326.255930][T14341] ? __kasan_slab_free+0x11/0x20 [ 3326.260138][T14362] filp_close+0x105/0x150 [ 3326.263739][T14341] ? kernel_write+0x3c0/0x3c0 [ 3326.268644][T14362] __close_fd+0x35/0x50 [ 3326.272941][T14341] ? mutex_trylock+0xa0/0xa0 [ 3326.277581][T14362] __x64_sys_close+0x66/0xb0 [ 3326.281709][T14341] ? __fget_files+0x2c4/0x320 [ 3326.286262][T14362] do_syscall_64+0x31/0x40 [ 3326.290817][T14341] ? __fdget_pos+0x2d2/0x380 [ 3326.295981][T14362] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3326.300359][T14341] ? ksys_write+0x71/0x240 [ 3326.304908][T14362] [ 3326.310775][T14341] ksys_write+0x140/0x240 [ 3326.315157][T14362] The buggy address belongs to the object at ffff88811d3aac00 [ 3326.315157][T14362] which belongs to the cache filp of size 296 [ 3326.317455][T14341] ? __ia32_sys_read+0x90/0x90 [ 3326.321751][T14362] The buggy address is located 32 bytes inside of [ 3326.321751][T14362] 296-byte region [ffff88811d3aac00, ffff88811d3aad28) [ 3326.335162][T14341] ? __kasan_check_read+0x11/0x20 [ 3326.339885][T14362] The buggy address belongs to the page: [ 3326.353044][T14341] __x64_sys_write+0x7b/0x90 [ 3326.358040][T14362] page:ffffea000474ea80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d3aa [ 3326.363636][T14341] do_syscall_64+0x31/0x40 [ 3326.368190][T14362] head:ffffea000474ea80 order:1 compound_mapcount:0 [ 3326.378394][T14341] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3326.382892][T14362] flags: 0x4000000000010200(slab|head) [ 3326.389457][T14341] RIP: 0033:0x7fde365bc6c9 [ 3326.395326][T14362] raw: 4000000000010200 0000000000000000 0000001400000001 ffff88810018a000 [ 3326.400761][T14341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3326.405140][T14362] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000 [ 3326.413690][T14341] RSP: 002b:00007fde35024038 EFLAGS: 00000246 [ 3326.433262][T14362] page dumped because: kasan: bad access detected [ 3326.441942][T14341] ORIG_RAX: 0000000000000001 [ 3326.447991][T14362] page_owner tracks the page as allocated [ 3326.454379][T14341] RAX: ffffffffffffffda RBX: 00007fde36812fa0 RCX: 00007fde365bc6c9 [ 3326.459032][T14362] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 17657, ts 277325785314, free_ts 276679336349 [ 3326.464719][T14341] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000004 [ 3326.472669][T14362] prep_new_page+0x179/0x180 [ 3326.493370][T14341] RBP: 00007fde3663ef91 R08: 0000000000000000 R09: 0000000000000000 [ 3326.501406][T14362] get_page_from_freelist+0x2235/0x23d0 [ 3326.505956][T14341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3326.513900][T14362] __alloc_pages_nodemask+0x268/0x5f0 [ 3326.519408][T14341] R13: 00007fde36813038 R14: 00007fde36812fa0 R15: 00007ffc08cd1be8 [ 3326.527349][T14362] new_slab+0x84/0x3f0 [ 3326.544683][T14362] ___slab_alloc+0x2a6/0x450 [ 3326.549249][T14362] __slab_alloc+0x63/0xa0 [ 3326.553550][T14362] kmem_cache_alloc+0x1af/0x2e0 [ 3326.558372][T14362] __alloc_file+0x28/0x320 [ 3326.562761][T14362] alloc_empty_file+0x97/0x180 [ 3326.567500][T14362] alloc_file+0x59/0x540 [ 3326.571716][T14362] alloc_file_pseudo+0x17a/0x1f0 [ 3326.576630][T14362] sock_alloc_file+0xba/0x260 [ 3326.581277][T14362] __sys_socket+0x12b/0x190 [ 3326.585750][T14362] __x64_sys_socket+0x7a/0x90 [ 3326.590400][T14362] do_syscall_64+0x31/0x40 [ 3326.594796][T14362] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 3326.600660][T14362] page last free stack trace: [ 3326.605308][T14362] __free_pages_ok+0x7fc/0x820 [ 3326.610042][T14362] __free_pages+0xdd/0x380 [ 3326.614431][T14362] __free_slab+0xcf/0x190 [ 3326.618730][T14362] unfreeze_partials+0x15f/0x190 [ 3326.623637][T14362] put_cpu_partial+0xc1/0x180 [ 3326.628284][T14362] __slab_free+0x2c9/0x3a0 [ 3326.632679][T14362] ___cache_free+0x111/0x130 [ 3326.637238][T14362] qlink_free+0x50/0x90 [ 3326.641364][T14362] qlist_free_all+0x5f/0xb0 [ 3326.645837][T14362] kasan_quarantine_reduce+0x14a/0x160 [ 3326.651268][T14362] __kasan_slab_alloc+0x2f/0xf0 [ 3326.656089][T14362] slab_post_alloc_hook+0x5d/0x2f0 [ 3326.661170][T14362] kmem_cache_alloc+0x165/0x2e0 [ 3326.665998][T14362] getname_flags+0xb9/0x500 [ 3326.670471][T14362] getname+0x19/0x20 [ 3326.674339][T14362] do_sys_openat2+0xd9/0x6d0 [ 3326.678899][T14362] [ 3326.681197][T14362] Memory state around the buggy address: [ 3326.686802][T14362] ffff88811d3aab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3326.695102][T14362] ffff88811d3aab80: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 3326.703133][T14362] >ffff88811d3aac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3326.711161][T14362] ^ [ 3326.716241][T14362] ffff88811d3aac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3326.724272][T14362] ffff88811d3aad00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 3326.732299][T14362] ================================================================== [ 3326.740335][T14362] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 3326.749134][ T24] audit: type=1400 audit(3324.652:759): avc: denied { read } for pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 3326.778842][T14341] memory: usage 307184kB, limit 307200kB, failcnt 53255 [ 3326.801320][T14341] memory+swap: usage 396160kB, limit 9007199254740988kB, failcnt 0 [ 3326.809288][T14341] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3326.816420][ T24] audit: type=1400 audit(3324.652:760): avc: denied { search } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3326.837337][T14341] Memory cgroup stats for /syz6: [ 3326.837449][T14341] anon 118784 [ 3326.837449][T14341] file 313319424 [ 3326.837449][T14341] kernel_stack 0 [ 3326.837449][T14341] percpu 0 [ 3326.837449][T14341] sock 0 [ 3326.837449][T14341] shmem 246140928 [ 3326.837449][T14341] file_mapped 0 [ 3326.837449][T14341] file_dirty 0 [ 3326.837449][T14341] file_writeback 0 [ 3326.837449][T14341] anon_thp 0 [ 3326.837449][T14341] inactive_anon 247119872 [ 3326.837449][T14341] active_anon 270336 [ 3326.837449][T14341] inactive_file 20480 [ 3326.837449][T14341] active_file 69632 [ 3326.837449][T14341] unevictable 67227648 [ 3326.837449][T14341] slab_reclaimable 0 [ 3326.837449][T14341] slab_unreclaimable 0 [ 3326.837449][T14341] slab 0 [ 3326.837449][T14341] workingset_refault_anon 0 [ 3326.837449][T14341] workingset_refault_file 11649 [ 3326.837449][T14341] workingset_activate_anon 0 [ 3326.837449][T14341] workingset_activate_file 2937 [ 3326.837449][T14341] workingset_restore_anon 0 [ 3326.837449][T14341] workingset_restore_file 2607 [ 3326.932125][ T24] audit: type=1400 audit(3324.652:761): avc: denied { write } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3326.952935][ T24] audit: type=1400 audit(3324.652:762): avc: denied { add_name } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3326.973033][ T24] audit: type=1400 audit(3324.652:763): avc: denied { create } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3326.993050][ T24] audit: type=1400 audit(3324.652:764): avc: denied { append open } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3327.015431][T14341] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.98706,pid=14339,uid=0 [ 3327.030478][ T24] audit: type=1400 audit(3324.652:765): avc: denied { getattr } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3327.052486][T14341] Memory cgroup out of memory: Killed process 14341 (syz.6.98706) total-vm:93944kB, anon-rss:1316kB, file-rss:22260kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3327.069914][ T24] audit: type=1400 audit(3325.612:766): avc: denied { write } for pid=267 comm="syz-executor" path="pipe:[12985]" dev="pipefs" ino=12985 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 3327.094027][ T27] oom_reaper: reaped process 14341 (syz.6.98706), now anon-rss:0kB, file-rss:21128kB, shmem-rss:0kB [ 3327.321238][T20480] device bridge_slave_1 left promiscuous mode [ 3327.327401][T20480] bridge0: port 2(bridge_slave_1) entered disabled state [ 3327.335224][T20480] device bridge_slave_0 left promiscuous mode [ 3327.341499][T20480] bridge0: port 1(bridge_slave_0) entered disabled state [ 3327.349577][T20480] device veth1_macvtap left promiscuous mode [ 3327.355878][T20480] device veth0_vlan left promiscuous mode [ 3328.711765][T20480] device bridge_slave_1 left promiscuous mode [ 3328.717881][T20480] bridge0: port 2(bridge_slave_1) entered disabled state [ 3328.725317][T20480] device bridge_slave_0 left promiscuous mode [ 3328.731467][T20480] bridge0: port 1(bridge_slave_0) entered disabled state [ 3328.739069][T20480] device bridge_slave_1 left promiscuous mode [ 3328.745252][T20480] bridge0: port 2(bridge_slave_1) entered disabled state [ 3328.752672][T20480] device bridge_slave_0 left promiscuous mode [ 3328.758752][T20480] bridge0: port 1(bridge_slave_0) entered disabled state [ 3328.766503][T20480] device bridge_slave_1 left promiscuous mode [ 3328.772794][T20480] bridge0: port 2(bridge_slave_1) entered disabled state [ 3328.780104][T20480] device bridge_slave_0 left promiscuous mode [ 3328.786321][T20480] bridge0: port 1(bridge_slave_0) entered disabled state [ 3328.794125][T20480] device bridge_slave_1 left promiscuous mode [ 3328.800202][T20480] bridge0: port 2(bridge_slave_1) entered disabled state [ 3328.807693][T20480] device bridge_slave_0 left promiscuous mode [ 3328.813839][T20480] bridge0: port 1(bridge_slave_0) entered disabled state [ 3328.821653][T20480] device bridge_slave_1 left promiscuous mode [ 3328.827752][T20480] bridge0: port 2(bridge_slave_1) entered disabled state [ 3328.835371][T20480] device bridge_slave_0 left promiscuous mode [ 3328.841536][T20480] bridge0: port 1(bridge_slave_0) entered disabled state [ 3328.849707][T20480] device veth1_macvtap left promiscuous mode [ 3328.855749][T20480] device veth0_vlan left promiscuous mode [ 3328.861646][T20480] device veth1_macvtap left promiscuous mode [ 3328.867612][T20480] device veth0_vlan left promiscuous mode [ 3328.873523][T20480] device veth1_macvtap left promiscuous mode [ 3328.879500][T20480] device veth0_vlan left promiscuous mode [ 3328.885466][T20480] device veth1_macvtap left promiscuous mode [ 3328.891567][T20480] device veth0_vlan left promiscuous mode [ 3328.897388][T20480] device veth1_macvtap left promiscuous mode [ 3328.903569][T20480] device veth0_vlan left promiscuous mode