ode [ 2282.379821][T16918] device hsr_slave_1 entered promiscuous mode [ 2282.419131][T16918] debugfs: Directory 'hsr0' with parent '/' already present! [ 2282.693005][T16919] device hsr_slave_0 entered promiscuous mode [ 2282.759708][T16919] device hsr_slave_1 entered promiscuous mode [ 2282.809046][T16919] debugfs: Directory 'hsr0' with parent '/' already present! [ 2282.818749][T16917] team0: Port device team_slave_0 added [ 2282.963416][T16917] team0: Port device team_slave_1 added [ 2283.061788][T16924] chnl_net:caif_netlink_parms(): no params data found [ 2283.111518][T16913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2283.252955][T16917] device hsr_slave_0 entered promiscuous mode [ 2283.319697][T16917] device hsr_slave_1 entered promiscuous mode [ 2283.359011][T16917] debugfs: Directory 'hsr0' with parent '/' already present! [ 2283.370122][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2283.377987][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2283.403711][T16913] 8021q: adding VLAN 0 to HW filter on device team0 [ 2283.530039][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2283.549607][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2283.558151][ T8893] bridge0: port 1(bridge_slave_0) entered blocking state [ 2283.565271][ T8893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2283.665343][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2283.676296][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2283.685990][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2283.696034][T10564] bridge0: port 2(bridge_slave_1) entered blocking state [ 2283.703151][T10564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2283.717099][T16924] bridge0: port 1(bridge_slave_0) entered blocking state [ 2283.729946][T16924] bridge0: port 1(bridge_slave_0) entered disabled state [ 2283.738424][T16924] device bridge_slave_0 entered promiscuous mode [ 2283.822506][T16918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2283.831211][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2283.842216][T16924] bridge0: port 2(bridge_slave_1) entered blocking state [ 2283.849923][T16924] bridge0: port 2(bridge_slave_1) entered disabled state [ 2283.863280][T16924] device bridge_slave_1 entered promiscuous mode [ 2283.932890][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2283.941582][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2283.951212][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2283.966383][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2283.976933][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2284.003984][T16918] 8021q: adding VLAN 0 to HW filter on device team0 [ 2284.021930][T16919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2284.080028][T16927] chnl_net:caif_netlink_parms(): no params data found [ 2284.101942][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2284.133269][T16924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2284.217577][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2284.227050][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2284.236305][T11481] bridge0: port 1(bridge_slave_0) entered blocking state [ 2284.243437][T11481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2284.253603][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2284.263058][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2284.272551][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2284.281895][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2284.298293][T16924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2284.342762][T16913] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2284.355514][T16913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2284.366922][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2284.376140][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2284.385896][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2284.397336][ T8893] bridge0: port 2(bridge_slave_1) entered blocking state [ 2284.404468][ T8893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2284.414383][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2284.422846][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2284.432208][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2284.441951][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2284.524469][T16919] 8021q: adding VLAN 0 to HW filter on device team0 [ 2284.562117][T16924] team0: Port device team_slave_0 added [ 2284.577230][T16927] bridge0: port 1(bridge_slave_0) entered blocking state [ 2284.586283][T16927] bridge0: port 1(bridge_slave_0) entered disabled state [ 2284.595354][T16927] device bridge_slave_0 entered promiscuous mode [ 2284.605496][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2284.615533][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2284.687072][T16924] team0: Port device team_slave_1 added [ 2284.694424][T16927] bridge0: port 2(bridge_slave_1) entered blocking state [ 2284.702315][T16927] bridge0: port 2(bridge_slave_1) entered disabled state [ 2284.711301][T16927] device bridge_slave_1 entered promiscuous mode [ 2284.728642][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2284.750571][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2284.760395][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2284.770586][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2284.779790][T11481] bridge0: port 1(bridge_slave_0) entered blocking state [ 2284.786857][T11481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2284.795540][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2284.805247][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2284.814591][T11481] bridge0: port 2(bridge_slave_1) entered blocking state [ 2284.821733][T11481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2284.880929][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2284.899759][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2284.908071][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2284.917864][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2284.926958][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2284.939671][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2284.948299][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2285.082026][T16924] device hsr_slave_0 entered promiscuous mode [ 2285.119665][T16924] device hsr_slave_1 entered promiscuous mode [ 2285.159240][T16924] debugfs: Directory 'hsr0' with parent '/' already present! [ 2285.173086][T16927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2285.187751][T16913] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2285.214020][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2285.296785][T16927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2285.318098][T16917] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2285.330714][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2285.349614][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2285.358208][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2285.368324][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2285.397375][T16918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2285.450952][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2285.461208][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2285.470239][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2285.501192][T16927] team0: Port device team_slave_0 added [ 2285.518563][T16919] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2285.547793][T16919] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2285.616541][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2285.640406][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2285.651456][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2285.660183][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2285.677631][T16917] 8021q: adding VLAN 0 to HW filter on device team0 [ 2285.688510][T16927] team0: Port device team_slave_1 added 04:54:00 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3f}, 0x0, 0x0, 0xffffffffffffffff, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000003800)=[{&(0x7f00000018c0)}], 0x1}, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(r1, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r0, 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) [ 2285.773650][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2285.790473][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2285.809875][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2285.941122][T16918] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2285.978560][T16919] 8021q: adding VLAN 0 to HW filter on device batadv0 04:54:01 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3f}, 0x0, 0x0, 0xffffffffffffffff, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000003800)=[{&(0x7f00000018c0)}], 0x1}, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(r1, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r0, 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) [ 2286.008728][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2286.039659][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2286.063642][T10564] bridge0: port 1(bridge_slave_0) entered blocking state [ 2286.070783][T10564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2286.105073][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2286.114280][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2286.123437][T10564] bridge0: port 2(bridge_slave_1) entered blocking state [ 2286.131024][T10564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2286.140436][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2286.150321][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2286.160287][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2286.170468][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 04:54:01 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3f}, 0x0, 0x0, 0xffffffffffffffff, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000003800)=[{&(0x7f00000018c0)}], 0x1}, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(r1, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() r2 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r0, 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) [ 2286.281855][T16927] device hsr_slave_0 entered promiscuous mode [ 2286.319545][T16927] device hsr_slave_1 entered promiscuous mode [ 2286.379046][T16927] debugfs: Directory 'hsr0' with parent '/' already present! [ 2286.462243][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2286.470826][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2286.489443][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2286.520056][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2286.529997][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2286.539221][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 04:54:01 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2286.619285][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2286.647795][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2286.695370][T16917] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2286.816801][T16924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2286.835383][T16958] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2286.838087][T16964] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2286.905628][T16965] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2287.025615][T16968] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2287.040577][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2287.052319][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2287.089750][T16917] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2287.090062][T16968] CPU: 0 PID: 16968 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2287.104461][T16968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2287.104471][T16968] Call Trace: [ 2287.117805][T16968] dump_stack+0x172/0x1f0 [ 2287.122152][T16968] dump_header+0x10b/0x82d [ 2287.126583][T16968] oom_kill_process.cold+0x10/0x15 [ 2287.131707][T16968] out_of_memory+0x334/0x1340 [ 2287.136400][T16968] ? __sched_text_start+0x8/0x8 [ 2287.141273][T16968] ? oom_killer_disable+0x280/0x280 [ 2287.146494][T16968] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2287.152311][T16968] ? memcg_stat_show+0xc40/0xc40 [ 2287.157253][T16968] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2287.163064][T16968] ? cgroup_file_notify+0x140/0x1b0 [ 2287.168278][T16968] memory_max_write+0x262/0x3a0 [ 2287.173145][T16968] ? mem_cgroup_write+0x370/0x370 [ 2287.178225][T16968] ? lock_acquire+0x190/0x410 [ 2287.182912][T16968] ? kernfs_fop_write+0x227/0x480 [ 2287.188038][T16968] cgroup_file_write+0x241/0x790 [ 2287.192982][T16968] ? mem_cgroup_write+0x370/0x370 [ 2287.198017][T16968] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2287.203662][T16968] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2287.209298][T16968] kernfs_fop_write+0x2b8/0x480 [ 2287.214155][T16968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2287.220494][T16968] __vfs_write+0x8a/0x110 [ 2287.224827][T16968] ? kernfs_fop_open+0xd80/0xd80 [ 2287.229768][T16968] vfs_write+0x268/0x5d0 [ 2287.234021][T16968] ksys_write+0x14f/0x290 [ 2287.238356][T16968] ? __ia32_sys_read+0xb0/0xb0 [ 2287.243127][T16968] ? do_syscall_64+0x26/0x760 [ 2287.247804][T16968] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2287.253861][T16968] ? do_syscall_64+0x26/0x760 [ 2287.258533][T16968] __x64_sys_write+0x73/0xb0 [ 2287.263110][T16968] do_syscall_64+0xfa/0x760 [ 2287.267612][T16968] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2287.273504][T16968] RIP: 0033:0x459a59 [ 2287.277379][T16968] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2287.296976][T16968] RSP: 002b:00007f3f81ee1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2287.305384][T16968] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2287.313350][T16968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2287.321770][T16968] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2287.329722][T16968] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f81ee26d4 [ 2287.337676][T16968] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2287.385687][T16968] memory: usage 3108kB, limit 0kB, failcnt 739 [ 2287.392078][T16968] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2287.399048][T16968] Memory cgroup stats for /syz2: [ 2287.399151][T16968] anon 2134016 [ 2287.399151][T16968] file 12288 [ 2287.399151][T16968] kernel_stack 65536 [ 2287.399151][T16968] slab 516096 [ 2287.399151][T16968] sock 0 [ 2287.399151][T16968] shmem 0 [ 2287.399151][T16968] file_mapped 0 [ 2287.399151][T16968] file_dirty 0 [ 2287.399151][T16968] file_writeback 0 [ 2287.399151][T16968] anon_thp 2097152 [ 2287.399151][T16968] inactive_anon 0 [ 2287.399151][T16968] active_anon 2134016 [ 2287.399151][T16968] inactive_file 0 [ 2287.399151][T16968] active_file 0 [ 2287.399151][T16968] unevictable 0 [ 2287.399151][T16968] slab_reclaimable 135168 [ 2287.399151][T16968] slab_unreclaimable 380928 [ 2287.399151][T16968] pgfault 14685 [ 2287.399151][T16968] pgmajfault 0 [ 2287.399151][T16968] workingset_refault 0 [ 2287.399151][T16968] workingset_activate 0 [ 2287.399151][T16968] workingset_nodereclaim 0 [ 2287.399151][T16968] pgrefill 0 [ 2287.399151][T16968] pgscan 0 [ 2287.399151][T16968] pgsteal 0 [ 2287.399151][T16968] pgactivate 0 [ 2287.518217][T16924] 8021q: adding VLAN 0 to HW filter on device team0 [ 2287.532373][T16968] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16962,uid=0 [ 2287.569537][T16927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2287.584167][T16968] Memory cgroup out of memory: Killed process 16962 (syz-executor.2) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2287.602359][T16972] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2287.604060][ T1054] oom_reaper: reaped process 16962 (syz-executor.2), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2287.613351][T16972] CPU: 0 PID: 16972 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2287.632170][T16972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2287.642224][T16972] Call Trace: [ 2287.645524][T16972] dump_stack+0x172/0x1f0 [ 2287.646705][T16976] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2287.649867][T16972] dump_header+0x10b/0x82d [ 2287.649887][T16972] oom_kill_process.cold+0x10/0x15 [ 2287.649905][T16972] out_of_memory+0x334/0x1340 [ 2287.649923][T16972] ? cgroup_file_notify+0x140/0x1b0 [ 2287.649942][T16972] ? oom_killer_disable+0x280/0x280 [ 2287.692709][T16972] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2287.698370][T16972] ? memcg_stat_show+0xc40/0xc40 [ 2287.703333][T16972] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2287.709151][T16972] ? cgroup_file_notify+0x140/0x1b0 [ 2287.714464][T16972] memory_max_write+0x262/0x3a0 [ 2287.719355][T16972] ? mem_cgroup_write+0x370/0x370 [ 2287.724387][T16972] ? lock_acquire+0x190/0x410 [ 2287.729071][T16972] ? kernfs_fop_write+0x227/0x480 [ 2287.734104][T16972] cgroup_file_write+0x241/0x790 [ 2287.739030][T16972] ? mem_cgroup_write+0x370/0x370 [ 2287.744061][T16972] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2287.749699][T16972] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2287.755328][T16972] kernfs_fop_write+0x2b8/0x480 [ 2287.760193][T16972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2287.766420][T16972] __vfs_write+0x8a/0x110 [ 2287.770733][T16972] ? kernfs_fop_open+0xd80/0xd80 [ 2287.775653][T16972] vfs_write+0x268/0x5d0 [ 2287.779892][T16972] ksys_write+0x14f/0x290 [ 2287.784204][T16972] ? __ia32_sys_read+0xb0/0xb0 [ 2287.788948][T16972] ? do_syscall_64+0x26/0x760 [ 2287.793610][T16972] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2287.799666][T16972] ? do_syscall_64+0x26/0x760 [ 2287.804326][T16972] __x64_sys_write+0x73/0xb0 [ 2287.808902][T16972] do_syscall_64+0xfa/0x760 [ 2287.813667][T16972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2287.819542][T16972] RIP: 0033:0x459a59 [ 2287.823422][T16972] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2287.843005][T16972] RSP: 002b:00007f7e502bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2287.851407][T16972] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2287.859382][T16972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2287.867338][T16972] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2287.875732][T16972] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7e502bb6d4 04:54:02 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(0x0, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2287.883686][T16972] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2287.932736][T16972] memory: usage 8872kB, limit 0kB, failcnt 1466 [ 2287.940232][T16972] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2287.951805][T16972] Memory cgroup stats for /syz3: [ 2287.951913][T16972] anon 2203648 [ 2287.951913][T16972] file 0 [ 2287.951913][T16972] kernel_stack 0 [ 2287.951913][T16972] slab 6365184 [ 2287.951913][T16972] sock 0 [ 2287.951913][T16972] shmem 0 [ 2287.951913][T16972] file_mapped 0 [ 2287.951913][T16972] file_dirty 0 [ 2287.951913][T16972] file_writeback 0 [ 2287.951913][T16972] anon_thp 2097152 [ 2287.951913][T16972] inactive_anon 0 [ 2287.951913][T16972] active_anon 2203648 [ 2287.951913][T16972] inactive_file 0 [ 2287.951913][T16972] active_file 0 [ 2287.951913][T16972] unevictable 0 [ 2287.951913][T16972] slab_reclaimable 5136384 [ 2287.951913][T16972] slab_unreclaimable 1228800 [ 2287.951913][T16972] pgfault 12804 [ 2287.951913][T16972] pgmajfault 0 [ 2287.951913][T16972] workingset_refault 0 [ 2287.951913][T16972] workingset_activate 0 [ 2287.951913][T16972] workingset_nodereclaim 0 [ 2287.951913][T16972] pgrefill 496 [ 2287.951913][T16972] pgscan 4606 [ 2287.951913][T16972] pgsteal 4107 [ 2287.951913][T16972] pgactivate 462 [ 2287.958010][T16972] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=16959,uid=0 [ 2288.080072][T16972] Memory cgroup out of memory: Killed process 16972 (syz-executor.3) total-vm:72712kB, anon-rss:2188kB, file-rss:35880kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2288.113942][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2288.122460][ T1054] oom_reaper: reaped process 16972 (syz-executor.3), now anon-rss:0kB, file-rss:34920kB, shmem-rss:0kB [ 2288.123540][T16913] syz-executor.1 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2288.142317][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2288.169781][ T8893] bridge0: port 1(bridge_slave_0) entered blocking state [ 2288.176052][T16913] CPU: 0 PID: 16913 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2288.176875][ T8893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2288.184724][T16913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2288.184730][T16913] Call Trace: [ 2288.184748][T16913] dump_stack+0x172/0x1f0 [ 2288.184767][T16913] dump_header+0x10b/0x82d [ 2288.184779][T16913] ? oom_kill_process+0x94/0x3f0 [ 2288.184805][T16913] oom_kill_process.cold+0x10/0x15 [ 2288.219387][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2288.224021][T16913] out_of_memory+0x334/0x1340 [ 2288.237159][T16913] ? lock_downgrade+0x920/0x920 [ 2288.242013][T16913] ? oom_killer_disable+0x280/0x280 [ 2288.247225][T16913] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2288.249777][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2288.253122][T16913] ? memcg_stat_show+0xc40/0xc40 [ 2288.266830][T16913] ? do_raw_spin_unlock+0x57/0x270 [ 2288.269368][ T8893] bridge0: port 2(bridge_slave_1) entered blocking state [ 2288.272207][T16913] ? _raw_spin_unlock+0x2d/0x50 [ 2288.279289][ T8893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2288.284044][T16913] try_charge+0xf4b/0x1440 [ 2288.295637][T16913] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2288.301185][T16913] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2288.304787][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2288.306733][T16913] ? cache_grow_begin+0x122/0xd20 [ 2288.315810][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2288.319617][T16913] ? find_held_lock+0x35/0x130 [ 2288.319634][T16913] ? cache_grow_begin+0x122/0xd20 [ 2288.319655][T16913] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2288.319666][T16913] ? lock_downgrade+0x920/0x920 [ 2288.319684][T16913] ? memcg_kmem_put_cache+0x50/0x50 [ 2288.328922][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2288.332396][T16913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2288.340973][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2288.343541][T16913] ? __kasan_check_read+0x11/0x20 [ 2288.349705][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2288.353653][T16913] cache_grow_begin+0x629/0xd20 [ 2288.362703][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2288.367768][T16913] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 2288.376958][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2288.380548][T16913] ? mempolicy_slab_node+0x139/0x390 [ 2288.380567][T16913] fallback_alloc+0x1fd/0x2d0 [ 2288.380587][T16913] ____cache_alloc_node+0x1bc/0x1d0 [ 2288.380601][T16913] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2288.380622][T16913] kmem_cache_alloc+0x1ef/0x710 [ 2288.389612][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2288.393524][T16913] ? lock_downgrade+0x920/0x920 [ 2288.403635][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2288.407094][T16913] ? rwlock_bug.part.0+0x90/0x90 [ 2288.416115][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2288.420167][T16913] ? ratelimit_state_init+0xb0/0xb0 [ 2288.420182][T16913] ext4_alloc_inode+0x1f/0x640 [ 2288.420195][T16913] ? ratelimit_state_init+0xb0/0xb0 [ 2288.420208][T16913] alloc_inode+0x68/0x1e0 [ 2288.420226][T16913] iget_locked+0x1a6/0x4b0 [ 2288.433063][T16924] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2288.436305][T16913] __ext4_iget+0x265/0x3e20 [ 2288.443779][T16924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2288.448862][T16913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2288.448887][T16913] ? ext4_get_projid+0x190/0x190 [ 2288.448901][T16913] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2288.448920][T16913] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2288.473498][T16924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2288.478252][T16913] ? d_alloc_parallel+0xa78/0x1c30 [ 2288.488176][T16913] ext4_lookup+0x3b1/0x7a0 [ 2288.559194][T16913] ? ext4_cross_rename+0x1430/0x1430 [ 2288.564510][T16913] ? __lock_acquire+0x16f2/0x4a00 [ 2288.570047][T16913] ? __kasan_check_read+0x11/0x20 [ 2288.575057][T16913] ? lockdep_init_map+0x1be/0x6d0 [ 2288.580069][T16913] __lookup_slow+0x279/0x500 [ 2288.584647][T16913] ? vfs_unlink+0x620/0x620 [ 2288.589164][T16913] lookup_slow+0x58/0x80 [ 2288.593386][T16913] path_mountpoint+0x5d2/0x1e60 [ 2288.598240][T16913] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2288.603762][T16913] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2288.609721][T16913] ? path_openat+0x46d0/0x46d0 [ 2288.614468][T16913] filename_mountpoint+0x18e/0x390 [ 2288.619573][T16913] ? filename_parentat.isra.0+0x410/0x410 [ 2288.625283][T16913] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2288.631432][T16913] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2288.637650][T16913] ? __phys_addr_symbol+0x30/0x70 [ 2288.642662][T16913] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2288.648361][T16913] ? __check_object_size+0x3d/0x437 [ 2288.653547][T16913] ? strncpy_from_user+0x2b4/0x400 [ 2288.658640][T16913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2288.664945][T16913] ? getname_flags+0x277/0x5b0 [ 2288.669690][T16913] user_path_mountpoint_at+0x3a/0x50 [ 2288.675057][T16913] ksys_umount+0x164/0xf00 [ 2288.679475][T16913] ? down_read_non_owner+0x490/0x490 [ 2288.684745][T16913] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2288.690974][T16913] ? __detach_mounts+0x2a0/0x2a0 [ 2288.695889][T16913] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2288.701325][T16913] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2288.706847][T16913] ? do_syscall_64+0x26/0x760 [ 2288.711520][T16913] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2288.717576][T16913] ? do_syscall_64+0x26/0x760 [ 2288.722234][T16913] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2288.727517][T16913] __x64_sys_umount+0x54/0x80 [ 2288.732188][T16913] do_syscall_64+0xfa/0x760 [ 2288.736684][T16913] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2288.742556][T16913] RIP: 0033:0x45c487 [ 2288.746485][T16913] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2288.766080][T16913] RSP: 002b:00007fff8c7856d8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2288.774475][T16913] RAX: ffffffffffffffda RBX: 000000000022e796 RCX: 000000000045c487 [ 2288.782434][T16913] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007fff8c785780 [ 2288.790393][T16913] RBP: 000000000000000c R08: 0000000000000000 R09: 000000000000000e [ 2288.798342][T16913] R10: 000000000000000a R11: 0000000000000202 R12: 00007fff8c786810 [ 2288.806292][T16913] R13: 0000000001cc4940 R14: 0000000000000000 R15: 00007fff8c786810 [ 2288.826381][T16927] 8021q: adding VLAN 0 to HW filter on device team0 [ 2288.839913][T16913] memory: usage 27888kB, limit 0kB, failcnt 74 [ 2288.846117][T16913] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2288.855956][T16913] Memory cgroup stats for /syz1: [ 2288.856064][T16913] anon 241664 [ 2288.856064][T16913] file 4096 [ 2288.856064][T16913] kernel_stack 65536 [ 2288.856064][T16913] slab 28393472 [ 2288.856064][T16913] sock 0 [ 2288.856064][T16913] shmem 0 [ 2288.856064][T16913] file_mapped 0 [ 2288.856064][T16913] file_dirty 0 [ 2288.856064][T16913] file_writeback 0 [ 2288.856064][T16913] anon_thp 0 [ 2288.856064][T16913] inactive_anon 0 [ 2288.856064][T16913] active_anon 77824 [ 2288.856064][T16913] inactive_file 135168 [ 2288.856064][T16913] active_file 0 [ 2288.856064][T16913] unevictable 0 [ 2288.856064][T16913] slab_reclaimable 27709440 [ 2288.856064][T16913] slab_unreclaimable 684032 [ 2288.856064][T16913] pgfault 37389 [ 2288.856064][T16913] pgmajfault 0 [ 2288.856064][T16913] workingset_refault 0 [ 2288.856064][T16913] workingset_activate 0 [ 2288.856064][T16913] workingset_nodereclaim 0 [ 2288.856064][T16913] pgrefill 135 [ 2288.856064][T16913] pgscan 133 [ 2288.856064][T16913] pgsteal 0 [ 2288.856064][T16913] pgactivate 99 [ 2288.859349][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2288.861125][T16913] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16913,uid=0 [ 2288.977563][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2288.993660][T16983] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2289.006922][T16913] Memory cgroup out of memory: Killed process 16913 (syz-executor.1) total-vm:72444kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2289.015109][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2289.032603][T16918] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2289.038244][ T1054] oom_reaper: reaped process 16913 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2289.047948][T16918] CPU: 0 PID: 16918 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2289.066531][T16918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2289.069829][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2289.076601][T16918] Call Trace: [ 2289.087581][T16918] dump_stack+0x172/0x1f0 [ 2289.091918][T16918] dump_header+0x10b/0x82d [ 2289.096329][T16918] ? oom_kill_process+0x94/0x3f0 [ 2289.099876][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2289.101270][T16918] oom_kill_process.cold+0x10/0x15 [ 2289.114417][T16918] out_of_memory+0x334/0x1340 [ 2289.119092][T16918] ? lock_downgrade+0x920/0x920 [ 2289.119772][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2289.123941][T16918] ? oom_killer_disable+0x280/0x280 [ 2289.137104][T16918] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2289.142735][T16918] ? memcg_stat_show+0xc40/0xc40 [ 2289.147673][T16918] ? do_raw_spin_unlock+0x57/0x270 [ 2289.149350][T10564] bridge0: port 1(bridge_slave_0) entered blocking state [ 2289.152782][T16918] ? _raw_spin_unlock+0x2d/0x50 [ 2289.159868][T10564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2289.164632][T16918] try_charge+0xf4b/0x1440 [ 2289.176900][T16918] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2289.182449][T16918] ? percpu_ref_tryget_live+0x111/0x290 [ 2289.188002][T16918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2289.194245][T16918] ? __kasan_check_read+0x11/0x20 [ 2289.199264][T16918] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2289.199283][T16918] mem_cgroup_try_charge+0x136/0x590 [ 2289.199304][T16918] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2289.199322][T16918] wp_page_copy+0x407/0x1860 [ 2289.208038][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2289.210113][T16918] ? find_held_lock+0x35/0x130 [ 2289.210130][T16918] ? do_wp_page+0x53b/0x15c0 [ 2289.210148][T16918] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2289.242823][T16918] ? lock_downgrade+0x920/0x920 [ 2289.247684][T16918] ? swp_swapcount+0x540/0x540 [ 2289.252455][T16918] ? __kasan_check_read+0x11/0x20 [ 2289.257478][T16918] ? do_raw_spin_unlock+0x57/0x270 [ 2289.262586][T16918] do_wp_page+0x543/0x15c0 [ 2289.266982][T16918] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2289.272362][T16918] __handle_mm_fault+0x23ec/0x4040 [ 2289.277456][T16918] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2289.283073][T16918] ? handle_mm_fault+0x292/0xaa0 [ 2289.287995][T16918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2289.294222][T16918] ? __kasan_check_read+0x11/0x20 [ 2289.299254][T16918] handle_mm_fault+0x3b7/0xaa0 [ 2289.304015][T16918] __do_page_fault+0x536/0xdd0 [ 2289.308785][T16918] do_page_fault+0x38/0x590 [ 2289.313283][T16918] page_fault+0x39/0x40 [ 2289.317414][T16918] RIP: 0033:0x430b36 [ 2289.321288][T16918] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2289.340892][T16918] RSP: 002b:00007ffec26d3690 EFLAGS: 00010206 [ 2289.346955][T16918] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2289.354924][T16918] RDX: 0000000001a0e930 RSI: 0000000001a16970 RDI: 0000000000000003 [ 2289.362890][T16918] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001a0d940 [ 2289.370866][T16918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2289.378822][T16918] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 04:54:04 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x0, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:04 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:04 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2289.434144][T16918] memory: usage 728kB, limit 0kB, failcnt 755 [ 2289.447091][T16918] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2289.454383][T16918] Memory cgroup stats for /syz2: [ 2289.454486][T16918] anon 40960 [ 2289.454486][T16918] file 12288 [ 2289.454486][T16918] kernel_stack 65536 [ 2289.454486][T16918] slab 516096 [ 2289.454486][T16918] sock 0 [ 2289.454486][T16918] shmem 0 [ 2289.454486][T16918] file_mapped 0 [ 2289.454486][T16918] file_dirty 0 [ 2289.454486][T16918] file_writeback 0 [ 2289.454486][T16918] anon_thp 0 [ 2289.454486][T16918] inactive_anon 0 [ 2289.454486][T16918] active_anon 40960 [ 2289.454486][T16918] inactive_file 0 [ 2289.454486][T16918] active_file 0 [ 2289.454486][T16918] unevictable 0 [ 2289.454486][T16918] slab_reclaimable 135168 [ 2289.454486][T16918] slab_unreclaimable 380928 [ 2289.454486][T16918] pgfault 14685 [ 2289.454486][T16918] pgmajfault 0 [ 2289.454486][T16918] workingset_refault 0 [ 2289.454486][T16918] workingset_activate 0 04:54:04 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x0, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2289.454486][T16918] workingset_nodereclaim 0 [ 2289.454486][T16918] pgrefill 0 [ 2289.454486][T16918] pgscan 0 [ 2289.454486][T16918] pgsteal 0 [ 2289.454486][T16918] pgactivate 0 [ 2289.552237][T16918] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16918,uid=0 [ 2289.570876][T16918] Memory cgroup out of memory: Killed process 16918 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2289.590119][T16919] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2289.590588][ T1054] oom_reaper: reaped process 16918 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2289.600311][T16919] CPU: 0 PID: 16919 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2289.620445][T16919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2289.630606][T16919] Call Trace: [ 2289.633921][T16919] dump_stack+0x172/0x1f0 [ 2289.638258][T16919] dump_header+0x10b/0x82d [ 2289.642681][T16919] ? oom_kill_process+0x94/0x3f0 [ 2289.647624][T16919] oom_kill_process.cold+0x10/0x15 [ 2289.652742][T16919] out_of_memory+0x334/0x1340 [ 2289.657521][T16919] ? lock_downgrade+0x920/0x920 [ 2289.662554][T16919] ? oom_killer_disable+0x280/0x280 [ 2289.667768][T16919] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2289.673660][T16919] ? memcg_stat_show+0xc40/0xc40 [ 2289.678624][T16919] ? do_raw_spin_unlock+0x57/0x270 [ 2289.684888][T16919] ? _raw_spin_unlock+0x2d/0x50 [ 2289.689930][T16919] try_charge+0xf4b/0x1440 [ 2289.694390][T16919] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2289.700023][T16919] ? percpu_ref_tryget_live+0x111/0x290 [ 2289.705931][T16919] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2289.712352][T16919] ? __kasan_check_read+0x11/0x20 [ 2289.717472][T16919] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2289.717496][T16919] mem_cgroup_try_charge+0x136/0x590 [ 2289.728305][T16919] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2289.728328][T16919] wp_page_copy+0x407/0x1860 [ 2289.738534][T16919] ? find_held_lock+0x35/0x130 [ 2289.738549][T16919] ? do_wp_page+0x53b/0x15c0 [ 2289.738566][T16919] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2289.747895][T16919] ? lock_downgrade+0x920/0x920 [ 2289.747912][T16919] ? swp_swapcount+0x540/0x540 [ 2289.747928][T16919] ? __kasan_check_read+0x11/0x20 [ 2289.760072][T16919] ? do_raw_spin_unlock+0x57/0x270 [ 2289.760091][T16919] do_wp_page+0x543/0x15c0 [ 2289.760110][T16919] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2289.760132][T16919] __handle_mm_fault+0x23ec/0x4040 [ 2289.760152][T16919] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2289.769951][T16919] ? handle_mm_fault+0x292/0xaa0 [ 2289.769979][T16919] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2289.769994][T16919] ? __kasan_check_read+0x11/0x20 [ 2289.770016][T16919] handle_mm_fault+0x3b7/0xaa0 [ 2289.785269][T16919] __do_page_fault+0x536/0xdd0 [ 2289.785293][T16919] do_page_fault+0x38/0x590 [ 2289.795920][T16919] page_fault+0x39/0x40 [ 2289.795932][T16919] RIP: 0033:0x430b36 [ 2289.795949][T16919] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2289.807081][T16919] RSP: 002b:00007ffeb759f5a0 EFLAGS: 00010206 [ 2289.807093][T16919] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2289.807101][T16919] RDX: 0000000000f2e930 RSI: 0000000000f36970 RDI: 0000000000000003 [ 2289.807109][T16919] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000f2d940 [ 2289.807122][T16919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2289.816875][T16919] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2289.830329][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2289.839690][T16919] memory: usage 6564kB, limit 0kB, failcnt 1474 [ 2289.868115][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2289.890252][T11159] bridge0: port 2(bridge_slave_1) entered blocking state [ 2289.919635][T11159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2289.935890][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2289.951939][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2289.961769][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2289.972150][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2289.989031][T16919] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2289.989254][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2289.997100][T16919] Memory cgroup stats for /syz3: [ 2290.002191][T16919] anon 53248 [ 2290.002191][T16919] file 0 [ 2290.002191][T16919] kernel_stack 0 [ 2290.002191][T16919] slab 6094848 [ 2290.002191][T16919] sock 0 [ 2290.002191][T16919] shmem 0 [ 2290.002191][T16919] file_mapped 0 [ 2290.002191][T16919] file_dirty 0 [ 2290.002191][T16919] file_writeback 0 [ 2290.002191][T16919] anon_thp 0 [ 2290.002191][T16919] inactive_anon 0 [ 2290.002191][T16919] active_anon 53248 [ 2290.002191][T16919] inactive_file 0 [ 2290.002191][T16919] active_file 0 [ 2290.002191][T16919] unevictable 0 [ 2290.002191][T16919] slab_reclaimable 4866048 [ 2290.002191][T16919] slab_unreclaimable 1228800 [ 2290.002191][T16919] pgfault 12804 [ 2290.002191][T16919] pgmajfault 0 [ 2290.002191][T16919] workingset_refault 0 [ 2290.002191][T16919] workingset_activate 0 [ 2290.002191][T16919] workingset_nodereclaim 0 [ 2290.002191][T16919] pgrefill 496 [ 2290.002191][T16919] pgscan 4606 [ 2290.002191][T16919] pgsteal 4107 [ 2290.002191][T16919] pgactivate 462 [ 2290.019286][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2290.106641][T16919] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=16919,uid=0 [ 2290.120253][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2290.133451][T16919] Memory cgroup out of memory: Killed process 16919 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2290.160143][ T1054] oom_reaper: reaped process 16919 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2290.171616][T16917] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2290.193385][T16917] CPU: 1 PID: 16917 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2290.202101][T16917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2290.212163][T16917] Call Trace: [ 2290.215456][T16917] dump_stack+0x172/0x1f0 [ 2290.219790][T16917] dump_header+0x10b/0x82d [ 2290.224224][T16917] ? oom_kill_process+0x94/0x3f0 [ 2290.229167][T16917] oom_kill_process.cold+0x10/0x15 [ 2290.234276][T16917] out_of_memory+0x334/0x1340 [ 2290.238954][T16917] ? lock_downgrade+0x920/0x920 [ 2290.244327][T16917] ? oom_killer_disable+0x280/0x280 [ 2290.249540][T16917] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2290.255096][T16917] ? memcg_stat_show+0xc40/0xc40 [ 2290.260041][T16917] ? do_raw_spin_unlock+0x57/0x270 [ 2290.266463][T16917] ? _raw_spin_unlock+0x2d/0x50 [ 2290.271317][T16917] try_charge+0xf4b/0x1440 [ 2290.275740][T16917] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2290.281284][T16917] ? percpu_ref_tryget_live+0x111/0x290 [ 2290.286827][T16917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2290.293069][T16917] ? __kasan_check_read+0x11/0x20 [ 2290.298094][T16917] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2290.303644][T16917] mem_cgroup_try_charge+0x136/0x590 [ 2290.308943][T16917] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2290.314577][T16917] __handle_mm_fault+0x1f0d/0x4040 [ 2290.319694][T16917] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2290.325241][T16917] ? handle_mm_fault+0x292/0xaa0 [ 2290.330195][T16917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2290.336436][T16917] ? __kasan_check_read+0x11/0x20 [ 2290.341466][T16917] handle_mm_fault+0x3b7/0xaa0 [ 2290.346242][T16917] __do_page_fault+0x536/0xdd0 [ 2290.351040][T16917] do_page_fault+0x38/0x590 [ 2290.355567][T16917] page_fault+0x39/0x40 [ 2290.359725][T16917] RIP: 0033:0x403522 [ 2290.363617][T16917] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2290.383222][T16917] RSP: 002b:00007ffc51c31f60 EFLAGS: 00010246 [ 2290.389287][T16917] RAX: 0000000000000000 RBX: 000000000022eca0 RCX: 0000000000413660 [ 2290.397428][T16917] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc51c33090 [ 2290.405397][T16917] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001374940 [ 2290.413369][T16917] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc51c33090 [ 2290.422121][T16917] R13: 00007ffc51c33080 R14: 0000000000000000 R15: 00007ffc51c33090 [ 2290.433556][T16917] memory: usage 736kB, limit 0kB, failcnt 640 [ 2290.442098][T16917] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2290.450400][T16917] Memory cgroup stats for /syz5: [ 2290.450497][T16917] anon 65536 [ 2290.450497][T16917] file 36864 [ 2290.450497][T16917] kernel_stack 65536 [ 2290.450497][T16917] slab 544768 [ 2290.450497][T16917] sock 0 [ 2290.450497][T16917] shmem 0 [ 2290.450497][T16917] file_mapped 0 [ 2290.450497][T16917] file_dirty 0 [ 2290.450497][T16917] file_writeback 0 [ 2290.450497][T16917] anon_thp 0 [ 2290.450497][T16917] inactive_anon 0 [ 2290.450497][T16917] active_anon 0 [ 2290.450497][T16917] inactive_file 0 [ 2290.450497][T16917] active_file 0 [ 2290.450497][T16917] unevictable 0 [ 2290.450497][T16917] slab_reclaimable 135168 [ 2290.450497][T16917] slab_unreclaimable 409600 [ 2290.450497][T16917] pgfault 8151 [ 2290.450497][T16917] pgmajfault 0 [ 2290.450497][T16917] workingset_refault 0 [ 2290.450497][T16917] workingset_activate 0 [ 2290.450497][T16917] workingset_nodereclaim 0 [ 2290.450497][T16917] pgrefill 200 [ 2290.450497][T16917] pgscan 362 [ 2290.450497][T16917] pgsteal 146 [ 2290.450497][T16917] pgactivate 198 [ 2290.546045][T16917] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16917,uid=0 [ 2290.563329][T16917] Memory cgroup out of memory: Killed process 16917 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2290.581358][T16990] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2290.581871][ T1054] oom_reaper: reaped process 16917 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2290.591857][T16990] CPU: 1 PID: 16990 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2290.610605][T16990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2290.620750][T16990] Call Trace: [ 2290.624044][T16990] dump_stack+0x172/0x1f0 [ 2290.628377][T16990] dump_header+0x10b/0x82d [ 2290.632795][T16990] oom_kill_process.cold+0x10/0x15 [ 2290.637904][T16990] out_of_memory+0x334/0x1340 [ 2290.642583][T16990] ? cgroup_file_notify+0x140/0x1b0 [ 2290.647779][T16990] ? oom_killer_disable+0x280/0x280 [ 2290.652989][T16990] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2290.658531][T16990] ? memcg_stat_show+0xc40/0xc40 [ 2290.663475][T16990] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2290.669280][T16990] ? cgroup_file_notify+0x140/0x1b0 [ 2290.674483][T16990] memory_max_write+0x262/0x3a0 [ 2290.679337][T16990] ? mem_cgroup_write+0x370/0x370 [ 2290.684367][T16990] ? lock_acquire+0x190/0x410 [ 2290.689043][T16990] ? kernfs_fop_write+0x227/0x480 [ 2290.694085][T16990] cgroup_file_write+0x241/0x790 [ 2290.699025][T16990] ? mem_cgroup_write+0x370/0x370 [ 2290.704050][T16990] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2290.709686][T16990] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2290.715315][T16990] kernfs_fop_write+0x2b8/0x480 [ 2290.720166][T16990] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2290.726418][T16990] __vfs_write+0x8a/0x110 [ 2290.730748][T16990] ? kernfs_fop_open+0xd80/0xd80 [ 2290.735685][T16990] vfs_write+0x268/0x5d0 [ 2290.739930][T16990] ksys_write+0x14f/0x290 [ 2290.744346][T16990] ? __ia32_sys_read+0xb0/0xb0 [ 2290.749225][T16990] ? do_syscall_64+0x26/0x760 [ 2290.753985][T16990] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2290.760308][T16990] ? do_syscall_64+0x26/0x760 [ 2290.765002][T16990] __x64_sys_write+0x73/0xb0 [ 2290.769902][T16990] do_syscall_64+0xfa/0x760 [ 2290.774416][T16990] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2290.780311][T16990] RIP: 0033:0x459a59 [ 2290.784205][T16990] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2290.803816][T16990] RSP: 002b:00007f4c0ebf5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2290.812230][T16990] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2290.820559][T16990] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2290.828535][T16990] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2290.836507][T16990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c0ebf66d4 [ 2290.844485][T16990] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2290.865106][T16990] memory: usage 3192kB, limit 0kB, failcnt 815 [ 2290.871455][T16990] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2290.878365][T16990] Memory cgroup stats for /syz0: [ 2290.878475][T16990] anon 2265088 [ 2290.878475][T16990] file 0 [ 2290.878475][T16990] kernel_stack 65536 [ 2290.878475][T16990] slab 704512 [ 2290.878475][T16990] sock 0 [ 2290.878475][T16990] shmem 0 [ 2290.878475][T16990] file_mapped 0 [ 2290.878475][T16990] file_dirty 0 [ 2290.878475][T16990] file_writeback 0 [ 2290.878475][T16990] anon_thp 2097152 [ 2290.878475][T16990] inactive_anon 0 [ 2290.878475][T16990] active_anon 2191360 [ 2290.878475][T16990] inactive_file 135168 [ 2290.878475][T16990] active_file 0 [ 2290.878475][T16990] unevictable 0 [ 2290.878475][T16990] slab_reclaimable 135168 [ 2290.878475][T16990] slab_unreclaimable 569344 [ 2290.878475][T16990] pgfault 14619 [ 2290.878475][T16990] pgmajfault 0 [ 2290.878475][T16990] workingset_refault 0 [ 2290.878475][T16990] workingset_activate 0 [ 2290.878475][T16990] workingset_nodereclaim 0 [ 2290.878475][T16990] pgrefill 0 [ 2290.878475][T16990] pgscan 0 [ 2290.878475][T16990] pgsteal 0 [ 2290.878475][T16990] pgactivate 0 [ 2290.974220][T16990] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16988,uid=0 04:54:06 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0x0, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2290.996586][T16990] Memory cgroup out of memory: Killed process 16990 (syz-executor.0) total-vm:72708kB, anon-rss:2200kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2290.999266][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2291.039264][T16924] syz-executor.0 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2291.049961][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2291.051868][T16924] CPU: 1 PID: 16924 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2291.067285][T16924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2291.069810][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2291.077353][T16924] Call Trace: [ 2291.088513][T16924] dump_stack+0x172/0x1f0 [ 2291.093367][T16924] dump_header+0x10b/0x82d [ 2291.097969][T16924] ? oom_kill_process+0x94/0x3f0 [ 2291.102905][T16924] oom_kill_process.cold+0x10/0x15 [ 2291.108012][T16924] out_of_memory+0x334/0x1340 [ 2291.109892][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2291.112693][T16924] ? lock_downgrade+0x920/0x920 [ 2291.125421][T16924] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2291.131233][T16924] ? oom_killer_disable+0x280/0x280 [ 2291.136438][T16924] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2291.141981][T16924] ? memcg_stat_show+0xc40/0xc40 [ 2291.146920][T16924] ? do_raw_spin_unlock+0x57/0x270 [ 2291.152034][T16924] ? _raw_spin_unlock+0x2d/0x50 [ 2291.156883][T16924] try_charge+0xf4b/0x1440 [ 2291.161316][T16924] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2291.166944][T16924] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2291.172498][T16924] ? cache_grow_begin+0x122/0xd20 [ 2291.177520][T16924] ? find_held_lock+0x35/0x130 [ 2291.182382][T16924] ? cache_grow_begin+0x122/0xd20 [ 2291.187441][T16924] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2291.193165][T16924] ? lock_downgrade+0x920/0x920 [ 2291.198020][T16924] ? memcg_kmem_put_cache+0x50/0x50 [ 2291.204174][T16924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2291.210418][T16924] ? __kasan_check_read+0x11/0x20 [ 2291.215446][T16924] cache_grow_begin+0x629/0xd20 [ 2291.220296][T16924] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 2291.226012][T16924] ? mempolicy_slab_node+0x139/0x390 [ 2291.231302][T16924] fallback_alloc+0x1fd/0x2d0 [ 2291.235986][T16924] ____cache_alloc_node+0x1bc/0x1d0 [ 2291.241228][T16924] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2291.247479][T16924] kmem_cache_alloc+0x1ef/0x710 [ 2291.253376][T16924] ? lock_downgrade+0x920/0x920 [ 2291.258222][T16924] ? rwlock_bug.part.0+0x90/0x90 [ 2291.263169][T16924] ? ratelimit_state_init+0xb0/0xb0 [ 2291.268369][T16924] ext4_alloc_inode+0x1f/0x640 [ 2291.273136][T16924] ? ratelimit_state_init+0xb0/0xb0 [ 2291.278361][T16924] alloc_inode+0x68/0x1e0 [ 2291.282689][T16924] iget_locked+0x1a6/0x4b0 [ 2291.287113][T16924] __ext4_iget+0x265/0x3e20 [ 2291.291622][T16924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2291.297891][T16924] ? ext4_get_projid+0x190/0x190 [ 2291.302830][T16924] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2291.308375][T16924] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2291.314360][T16924] ? d_alloc_parallel+0xa78/0x1c30 [ 2291.319478][T16924] ext4_lookup+0x3b1/0x7a0 [ 2291.323895][T16924] ? ext4_cross_rename+0x1430/0x1430 [ 2291.329189][T16924] ? __lock_acquire+0x16f2/0x4a00 [ 2291.334218][T16924] ? __kasan_check_read+0x11/0x20 [ 2291.339263][T16924] ? lockdep_init_map+0x1be/0x6d0 [ 2291.344318][T16924] __lookup_slow+0x279/0x500 [ 2291.348911][T16924] ? vfs_unlink+0x620/0x620 [ 2291.353648][T16924] lookup_slow+0x58/0x80 [ 2291.357916][T16924] path_mountpoint+0x5d2/0x1e60 [ 2291.362764][T16924] ? __kasan_check_read+0x11/0x20 [ 2291.367784][T16924] ? __lock_acquire+0x16f2/0x4a00 [ 2291.372819][T16924] ? path_openat+0x46d0/0x46d0 [ 2291.377582][T16924] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2291.383215][T16924] ? find_held_lock+0x35/0x130 [ 2291.388009][T16924] filename_mountpoint+0x18e/0x390 [ 2291.393130][T16924] ? filename_parentat.isra.0+0x410/0x410 [ 2291.398869][T16924] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2291.405034][T16924] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2291.411288][T16924] ? __phys_addr_symbol+0x30/0x70 [ 2291.416307][T16924] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2291.422024][T16924] ? __check_object_size+0x3d/0x437 [ 2291.427230][T16924] ? strncpy_from_user+0x2b4/0x400 [ 2291.432342][T16924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2291.438583][T16924] ? getname_flags+0x277/0x5b0 [ 2291.443352][T16924] user_path_mountpoint_at+0x3a/0x50 [ 2291.448647][T16924] ksys_umount+0x164/0xf00 [ 2291.453061][T16924] ? down_read_non_owner+0x490/0x490 [ 2291.458345][T16924] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2291.464592][T16924] ? __detach_mounts+0x2a0/0x2a0 [ 2291.469537][T16924] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2291.475081][T16924] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2291.480712][T16924] ? do_syscall_64+0x26/0x760 [ 2291.485386][T16924] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2291.491453][T16924] ? do_syscall_64+0x26/0x760 [ 2291.496306][T16924] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2291.501683][T16924] __x64_sys_umount+0x54/0x80 [ 2291.506358][T16924] do_syscall_64+0xfa/0x760 [ 2291.511127][T16924] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2291.517034][T16924] RIP: 0033:0x45c487 [ 2291.520928][T16924] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2291.540533][T16924] RSP: 002b:00007fff8b6472a8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2291.548954][T16924] RAX: ffffffffffffffda RBX: 000000000022f482 RCX: 000000000045c487 [ 2291.556924][T16924] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007fff8b647350 [ 2291.565067][T16924] RBP: 0000000000000007 R08: 0000000000000000 R09: 000000000000000e [ 2291.573043][T16924] R10: 000000000000000a R11: 0000000000000202 R12: 00007fff8b6483e0 [ 2291.581016][T16924] R13: 000000000129c940 R14: 0000000000000000 R15: 00007fff8b6483e0 [ 2291.594088][T16924] memory: usage 872kB, limit 0kB, failcnt 827 [ 2291.603008][T16927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2291.613791][T16924] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2291.620804][T16924] Memory cgroup stats for /syz0: [ 2291.620898][T16924] anon 4096 [ 2291.620898][T16924] file 0 [ 2291.620898][T16924] kernel_stack 0 [ 2291.620898][T16924] slab 704512 [ 2291.620898][T16924] sock 0 [ 2291.620898][T16924] shmem 0 [ 2291.620898][T16924] file_mapped 0 [ 2291.620898][T16924] file_dirty 0 [ 2291.620898][T16924] file_writeback 0 [ 2291.620898][T16924] anon_thp 0 [ 2291.620898][T16924] inactive_anon 0 [ 2291.620898][T16924] active_anon 4096 [ 2291.620898][T16924] inactive_file 135168 [ 2291.620898][T16924] active_file 0 [ 2291.620898][T16924] unevictable 0 [ 2291.620898][T16924] slab_reclaimable 135168 [ 2291.620898][T16924] slab_unreclaimable 569344 [ 2291.620898][T16924] pgfault 14619 [ 2291.620898][T16924] pgmajfault 0 [ 2291.620898][T16924] workingset_refault 0 [ 2291.620898][T16924] workingset_activate 0 [ 2291.620898][T16924] workingset_nodereclaim 0 [ 2291.620898][T16924] pgrefill 0 [ 2291.620898][T16924] pgscan 0 [ 2291.620898][T16924] pgsteal 0 [ 2291.620898][T16924] pgactivate 0 [ 2291.620898][T16924] pgdeactivate 0 [ 2291.718680][T16924] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16924,uid=0 [ 2291.736063][T16924] Memory cgroup out of memory: Killed process 16924 (syz-executor.0) total-vm:72444kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2291.755175][ T1054] oom_reaper: reaped process 16924 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 04:54:07 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2292.998655][T16927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2293.238359][T16997] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2293.349930][T16997] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2293.363229][T16997] CPU: 0 PID: 16997 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2293.371234][T16997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2293.383910][T16997] Call Trace: [ 2293.387210][T16997] dump_stack+0x172/0x1f0 [ 2293.391550][T16997] dump_header+0x10b/0x82d [ 2293.395963][T16997] oom_kill_process.cold+0x10/0x15 [ 2293.401070][T16997] out_of_memory+0x334/0x1340 [ 2293.405740][T16997] ? __this_cpu_preempt_check+0x3a/0x210 [ 2293.411365][T16997] ? retint_kernel+0x2b/0x2b [ 2293.415945][T16997] ? oom_killer_disable+0x280/0x280 [ 2293.421287][T16997] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2293.427046][T16997] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2293.432575][T16997] ? memcg_stat_show+0xc40/0xc40 [ 2293.437500][T16997] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2293.443476][T16997] ? cgroup_file_notify+0x140/0x1b0 [ 2293.448669][T16997] memory_max_write+0x262/0x3a0 [ 2293.453518][T16997] ? mem_cgroup_write+0x370/0x370 [ 2293.458525][T16997] ? cgroup_file_write+0x86/0x790 [ 2293.463548][T16997] cgroup_file_write+0x241/0x790 [ 2293.468577][T16997] ? mem_cgroup_write+0x370/0x370 [ 2293.473607][T16997] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2293.479231][T16997] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2293.484895][T16997] kernfs_fop_write+0x2b8/0x480 [ 2293.489733][T16997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2293.495960][T16997] __vfs_write+0x8a/0x110 [ 2293.500459][T16997] ? kernfs_fop_open+0xd80/0xd80 [ 2293.505393][T16997] vfs_write+0x268/0x5d0 [ 2293.509620][T16997] ksys_write+0x14f/0x290 [ 2293.513946][T16997] ? __ia32_sys_read+0xb0/0xb0 [ 2293.518695][T16997] ? do_syscall_64+0x26/0x760 [ 2293.523369][T16997] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2293.529451][T16997] ? do_syscall_64+0x26/0x760 [ 2293.534116][T16997] __x64_sys_write+0x73/0xb0 [ 2293.538710][T16997] do_syscall_64+0xfa/0x760 [ 2293.543228][T16997] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2293.549103][T16997] RIP: 0033:0x459a59 [ 2293.552980][T16997] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2293.572566][T16997] RSP: 002b:00007f62a51dac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2293.581069][T16997] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2293.589202][T16997] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2293.597160][T16997] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2293.605144][T16997] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f62a51db6d4 [ 2293.613099][T16997] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2293.634403][T16997] memory: usage 3056kB, limit 0kB, failcnt 942 [ 2293.640772][T16997] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2293.647756][T16997] Memory cgroup stats for /syz4: [ 2293.648709][T16997] anon 2150400 [ 2293.648709][T16997] file 163840 [ 2293.648709][T16997] kernel_stack 0 [ 2293.648709][T16997] slab 692224 [ 2293.648709][T16997] sock 0 [ 2293.648709][T16997] shmem 0 [ 2293.648709][T16997] file_mapped 0 [ 2293.648709][T16997] file_dirty 135168 [ 2293.648709][T16997] file_writeback 0 [ 2293.648709][T16997] anon_thp 2097152 [ 2293.648709][T16997] inactive_anon 0 [ 2293.648709][T16997] active_anon 2150400 [ 2293.648709][T16997] inactive_file 135168 [ 2293.648709][T16997] active_file 0 [ 2293.648709][T16997] unevictable 0 [ 2293.648709][T16997] slab_reclaimable 270336 [ 2293.648709][T16997] slab_unreclaimable 421888 [ 2293.648709][T16997] pgfault 8844 [ 2293.648709][T16997] pgmajfault 0 [ 2293.648709][T16997] workingset_refault 0 [ 2293.648709][T16997] workingset_activate 0 [ 2293.648709][T16997] workingset_nodereclaim 0 [ 2293.648709][T16997] pgrefill 264 [ 2293.648709][T16997] pgscan 292 [ 2293.648709][T16997] pgsteal 59 [ 2293.648709][T16997] pgactivate 231 [ 2293.654796][T16997] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=16996,uid=0 [ 2293.767335][T16997] Memory cgroup out of memory: Killed process 16996 (syz-executor.4) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2293.791805][ T1054] oom_reaper: reaped process 16996 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 04:54:09 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 04:54:09 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:09 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:09 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:09 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x0, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:09 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0x0, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2294.038664][T16927] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2294.049345][T16927] CPU: 1 PID: 16927 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2294.057246][T16927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2294.067302][T16927] Call Trace: [ 2294.070605][T16927] dump_stack+0x172/0x1f0 [ 2294.074947][T16927] dump_header+0x10b/0x82d [ 2294.079365][T16927] ? oom_kill_process+0x94/0x3f0 [ 2294.084310][T16927] oom_kill_process.cold+0x10/0x15 [ 2294.089697][T16927] out_of_memory+0x334/0x1340 [ 2294.094371][T16927] ? lock_downgrade+0x920/0x920 [ 2294.099228][T16927] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2294.105646][T16927] ? oom_killer_disable+0x280/0x280 [ 2294.110864][T16927] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2294.116412][T16927] ? memcg_stat_show+0xc40/0xc40 [ 2294.121357][T16927] ? do_raw_spin_unlock+0x57/0x270 [ 2294.126471][T16927] ? _raw_spin_unlock+0x2d/0x50 [ 2294.131935][T16927] try_charge+0xf4b/0x1440 [ 2294.136360][T16927] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2294.141902][T16927] ? percpu_ref_tryget_live+0x111/0x290 [ 2294.147456][T16927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2294.153706][T16927] ? __kasan_check_read+0x11/0x20 [ 2294.158735][T16927] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2294.164290][T16927] mem_cgroup_try_charge+0x136/0x590 [ 2294.169588][T16927] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2294.175234][T16927] __handle_mm_fault+0x1f0d/0x4040 [ 2294.180363][T16927] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2294.185909][T16927] ? handle_mm_fault+0x292/0xaa0 [ 2294.190865][T16927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2294.197119][T16927] ? __kasan_check_read+0x11/0x20 [ 2294.202160][T16927] handle_mm_fault+0x3b7/0xaa0 [ 2294.206940][T16927] __do_page_fault+0x536/0xdd0 [ 2294.211724][T16927] do_page_fault+0x38/0x590 [ 2294.216234][T16927] page_fault+0x39/0x40 [ 2294.220388][T16927] RIP: 0033:0x4579f1 [ 2294.224285][T16927] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 2294.243890][T16927] RSP: 002b:00007ffce7aa6fa0 EFLAGS: 00010206 [ 2294.249961][T16927] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004579d0 [ 2294.258371][T16927] RDX: 00007ffce7aa6fa0 RSI: 0000000000000003 RDI: 0000000000000001 [ 2294.266350][T16927] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000027b3940 [ 2294.274329][T16927] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffce7aa8180 [ 2294.282300][T16927] R13: 00007ffce7aa8170 R14: 0000000000000000 R15: 00007ffce7aa8180 [ 2294.295442][T16927] memory: usage 728kB, limit 0kB, failcnt 950 [ 2294.307580][T16927] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2294.315099][T16927] Memory cgroup stats for /syz4: [ 2294.315330][T16927] anon 32768 [ 2294.315330][T16927] file 163840 [ 2294.315330][T16927] kernel_stack 0 [ 2294.315330][T16927] slab 692224 [ 2294.315330][T16927] sock 0 [ 2294.315330][T16927] shmem 0 [ 2294.315330][T16927] file_mapped 0 [ 2294.315330][T16927] file_dirty 135168 [ 2294.315330][T16927] file_writeback 0 [ 2294.315330][T16927] anon_thp 0 [ 2294.315330][T16927] inactive_anon 0 [ 2294.315330][T16927] active_anon 32768 [ 2294.315330][T16927] inactive_file 135168 [ 2294.315330][T16927] active_file 0 [ 2294.315330][T16927] unevictable 0 [ 2294.315330][T16927] slab_reclaimable 270336 [ 2294.315330][T16927] slab_unreclaimable 421888 [ 2294.315330][T16927] pgfault 8844 [ 2294.315330][T16927] pgmajfault 0 [ 2294.315330][T16927] workingset_refault 0 [ 2294.315330][T16927] workingset_activate 0 [ 2294.315330][T16927] workingset_nodereclaim 0 [ 2294.315330][T16927] pgrefill 264 [ 2294.315330][T16927] pgscan 292 [ 2294.315330][T16927] pgsteal 59 [ 2294.315330][T16927] pgactivate 231 [ 2294.411480][T16927] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=16927,uid=0 [ 2294.430901][T16927] Memory cgroup out of memory: Killed process 16927 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2294.449600][ T1054] oom_reaper: reaped process 16927 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 04:54:09 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x0, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 04:54:09 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x0, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2295.484450][T17001] IPVS: ftp: loaded support on port[0] = 21 [ 2295.856082][T17010] IPVS: ftp: loaded support on port[0] = 21 [ 2295.865240][T17008] IPVS: ftp: loaded support on port[0] = 21 [ 2295.865547][T17007] IPVS: ftp: loaded support on port[0] = 21 [ 2295.934508][T17001] chnl_net:caif_netlink_parms(): no params data found [ 2296.143750][T17009] IPVS: ftp: loaded support on port[0] = 21 [ 2296.256326][T17001] bridge0: port 1(bridge_slave_0) entered blocking state [ 2296.269003][T17001] bridge0: port 1(bridge_slave_0) entered disabled state [ 2296.289424][T17001] device bridge_slave_0 entered promiscuous mode [ 2296.423645][T17001] bridge0: port 2(bridge_slave_1) entered blocking state [ 2296.431049][T17001] bridge0: port 2(bridge_slave_1) entered disabled state [ 2296.440449][T17001] device bridge_slave_1 entered promiscuous mode [ 2296.484429][T17012] IPVS: ftp: loaded support on port[0] = 21 [ 2296.757214][T17001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2296.815014][T17001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2296.905049][T17007] chnl_net:caif_netlink_parms(): no params data found [ 2297.041700][T17001] team0: Port device team_slave_0 added [ 2297.086119][T17001] team0: Port device team_slave_1 added [ 2297.208488][T17008] chnl_net:caif_netlink_parms(): no params data found [ 2297.232292][T17009] chnl_net:caif_netlink_parms(): no params data found [ 2297.312672][T17007] bridge0: port 1(bridge_slave_0) entered blocking state [ 2297.322368][T17007] bridge0: port 1(bridge_slave_0) entered disabled state [ 2297.331942][T17007] device bridge_slave_0 entered promiscuous mode [ 2297.408666][T17007] bridge0: port 2(bridge_slave_1) entered blocking state [ 2297.422073][T17007] bridge0: port 2(bridge_slave_1) entered disabled state [ 2297.431293][T17007] device bridge_slave_1 entered promiscuous mode [ 2297.532682][T17001] device hsr_slave_0 entered promiscuous mode [ 2297.589860][T17001] device hsr_slave_1 entered promiscuous mode [ 2297.629002][T17001] debugfs: Directory 'hsr0' with parent '/' already present! [ 2297.646898][T17010] chnl_net:caif_netlink_parms(): no params data found [ 2297.798161][T17008] bridge0: port 1(bridge_slave_0) entered blocking state [ 2297.807086][T17008] bridge0: port 1(bridge_slave_0) entered disabled state [ 2297.829079][T17008] device bridge_slave_0 entered promiscuous mode [ 2297.892142][T17007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2297.905862][T17007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2297.959848][T17008] bridge0: port 2(bridge_slave_1) entered blocking state [ 2297.966928][T17008] bridge0: port 2(bridge_slave_1) entered disabled state [ 2297.981316][T17008] device bridge_slave_1 entered promiscuous mode [ 2298.012839][T17009] bridge0: port 1(bridge_slave_0) entered blocking state [ 2298.020469][T17009] bridge0: port 1(bridge_slave_0) entered disabled state [ 2298.029576][T17009] device bridge_slave_0 entered promiscuous mode [ 2298.126711][T17007] team0: Port device team_slave_0 added [ 2298.133705][T17009] bridge0: port 2(bridge_slave_1) entered blocking state [ 2298.141262][T17009] bridge0: port 2(bridge_slave_1) entered disabled state [ 2298.150006][T17009] device bridge_slave_1 entered promiscuous mode [ 2298.185749][T17007] team0: Port device team_slave_1 added [ 2298.207684][T17012] chnl_net:caif_netlink_parms(): no params data found [ 2298.232202][T17008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2298.241852][T17010] bridge0: port 1(bridge_slave_0) entered blocking state [ 2298.249530][T17010] bridge0: port 1(bridge_slave_0) entered disabled state [ 2298.257918][T17010] device bridge_slave_0 entered promiscuous mode [ 2298.314178][T17009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2298.333098][T17009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2298.345032][T17008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2298.362045][T17010] bridge0: port 2(bridge_slave_1) entered blocking state [ 2298.374151][T17010] bridge0: port 2(bridge_slave_1) entered disabled state [ 2298.382803][T17010] device bridge_slave_1 entered promiscuous mode [ 2298.471033][T17009] team0: Port device team_slave_0 added [ 2298.522498][T17007] device hsr_slave_0 entered promiscuous mode [ 2298.579671][T17007] device hsr_slave_1 entered promiscuous mode [ 2298.629083][T17007] debugfs: Directory 'hsr0' with parent '/' already present! [ 2298.638529][T17009] team0: Port device team_slave_1 added [ 2298.662664][T17008] team0: Port device team_slave_0 added [ 2298.735010][T17010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2298.759672][T17008] team0: Port device team_slave_1 added [ 2298.852983][T17010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2298.863194][T17012] bridge0: port 1(bridge_slave_0) entered blocking state [ 2298.870914][T17012] bridge0: port 1(bridge_slave_0) entered disabled state [ 2298.879869][T17012] device bridge_slave_0 entered promiscuous mode [ 2298.991811][T17012] bridge0: port 2(bridge_slave_1) entered blocking state [ 2299.003333][T17012] bridge0: port 2(bridge_slave_1) entered disabled state [ 2299.015660][T17012] device bridge_slave_1 entered promiscuous mode [ 2299.072386][T17008] device hsr_slave_0 entered promiscuous mode [ 2299.109779][T17008] device hsr_slave_1 entered promiscuous mode [ 2299.149033][T17008] debugfs: Directory 'hsr0' with parent '/' already present! [ 2299.332324][T17009] device hsr_slave_0 entered promiscuous mode [ 2299.369762][T17009] device hsr_slave_1 entered promiscuous mode [ 2299.409043][T17009] debugfs: Directory 'hsr0' with parent '/' already present! [ 2299.495877][T17010] team0: Port device team_slave_0 added [ 2299.516512][T17012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2299.543951][T17001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2299.559590][T17010] team0: Port device team_slave_1 added [ 2299.592740][T17012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2299.682180][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2299.690598][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2299.704417][T17001] 8021q: adding VLAN 0 to HW filter on device team0 [ 2299.851886][T17010] device hsr_slave_0 entered promiscuous mode [ 2299.889803][T17010] device hsr_slave_1 entered promiscuous mode [ 2299.938889][T17010] debugfs: Directory 'hsr0' with parent '/' already present! [ 2299.961560][T17012] team0: Port device team_slave_0 added [ 2300.082480][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2300.091847][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2300.100874][T11102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2300.107953][T11102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2300.117231][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2300.126877][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2300.135990][T11102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2300.143108][T11102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2300.153861][T17012] team0: Port device team_slave_1 added [ 2300.255905][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2300.266697][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2300.390557][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2300.400546][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2300.410210][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2300.483448][T17007] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2300.583673][T17012] device hsr_slave_0 entered promiscuous mode [ 2300.649870][T17012] device hsr_slave_1 entered promiscuous mode [ 2300.708956][T17012] debugfs: Directory 'hsr0' with parent '/' already present! [ 2300.730946][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2300.739860][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2300.749365][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2300.817790][T17001] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2300.830943][T17001] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2300.843845][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2300.852156][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2300.860659][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2300.870178][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2300.879412][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2300.887979][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2300.912315][T17007] 8021q: adding VLAN 0 to HW filter on device team0 [ 2300.954998][T17008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2301.025538][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2301.056728][T17009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2301.086550][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2301.110318][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2301.119535][T11481] bridge0: port 1(bridge_slave_0) entered blocking state [ 2301.126616][T11481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2301.134828][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2301.144131][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2301.152749][T11481] bridge0: port 2(bridge_slave_1) entered blocking state [ 2301.159866][T11481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2301.254231][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2301.264096][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2301.274037][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2301.302454][T17008] 8021q: adding VLAN 0 to HW filter on device team0 [ 2301.351390][T17001] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2301.375576][T17010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2301.396537][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2301.417649][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2301.449873][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2301.460078][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2301.469636][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2301.479425][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2301.488400][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2301.497572][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2301.585280][T17009] 8021q: adding VLAN 0 to HW filter on device team0 [ 2301.626123][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2301.635454][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2301.645369][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2301.668035][T11481] bridge0: port 1(bridge_slave_0) entered blocking state [ 2301.675224][T11481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2301.685042][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2301.694115][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2301.703642][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2301.713586][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2301.723070][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2301.732387][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2301.745740][T17007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2301.788639][T17010] 8021q: adding VLAN 0 to HW filter on device team0 [ 2301.847815][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2301.859438][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2301.869315][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2301.878019][T10564] bridge0: port 1(bridge_slave_0) entered blocking state [ 2301.885165][T10564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2301.914399][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2301.940263][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2301.953475][T10564] bridge0: port 2(bridge_slave_1) entered blocking state [ 2301.960673][T10564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2301.972011][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2301.981659][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2301.991279][T10564] bridge0: port 2(bridge_slave_1) entered blocking state [ 2301.998408][T10564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2302.008463][T17025] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2302.110344][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2302.130559][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2302.132694][T17025] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2302.140622][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2302.158505][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2302.168043][T17025] CPU: 0 PID: 17025 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2302.169513][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2302.175974][T17025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2302.185141][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2302.194147][T17025] Call Trace: [ 2302.194173][T17025] dump_stack+0x172/0x1f0 [ 2302.194191][T17025] dump_header+0x10b/0x82d [ 2302.194206][T17025] oom_kill_process.cold+0x10/0x15 [ 2302.194221][T17025] out_of_memory+0x334/0x1340 [ 2302.194238][T17025] ? cgroup_file_notify+0x140/0x1b0 [ 2302.194255][T17025] ? oom_killer_disable+0x280/0x280 [ 2302.194281][T17025] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2302.194294][T17025] ? memcg_stat_show+0xc40/0xc40 [ 2302.194317][T17025] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2302.194330][T17025] ? cgroup_file_notify+0x140/0x1b0 [ 2302.194345][T17025] memory_max_write+0x262/0x3a0 [ 2302.194363][T17025] ? mem_cgroup_write+0x370/0x370 [ 2302.194380][T17025] ? lock_acquire+0x190/0x410 [ 2302.194397][T17025] ? kernfs_fop_write+0x227/0x480 [ 2302.194421][T17025] cgroup_file_write+0x241/0x790 [ 2302.203910][T11102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2302.205701][T17025] ? mem_cgroup_write+0x370/0x370 [ 2302.210104][T11102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2302.214416][T17025] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2302.252090][T17007] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2302.253379][T17025] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2302.263386][T17025] kernfs_fop_write+0x2b8/0x480 [ 2302.263403][T17025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2302.263422][T17025] __vfs_write+0x8a/0x110 [ 2302.263435][T17025] ? kernfs_fop_open+0xd80/0xd80 [ 2302.263449][T17025] vfs_write+0x268/0x5d0 [ 2302.263464][T17025] ksys_write+0x14f/0x290 [ 2302.263479][T17025] ? __ia32_sys_read+0xb0/0xb0 [ 2302.263495][T17025] ? do_syscall_64+0x26/0x760 [ 2302.263517][T17025] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2302.325474][T17012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2302.325599][T17025] ? do_syscall_64+0x26/0x760 [ 2302.359572][T17012] 8021q: adding VLAN 0 to HW filter on device team0 [ 2302.365125][T17025] __x64_sys_write+0x73/0xb0 [ 2302.387532][T17025] do_syscall_64+0xfa/0x760 [ 2302.392054][T17025] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2302.398733][T17025] RIP: 0033:0x459a59 [ 2302.402721][T17025] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2302.424332][T17025] RSP: 002b:00007f10c15a0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2302.432852][T17025] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2302.441276][T17025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2302.449355][T17025] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2302.457557][T17025] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10c15a16d4 [ 2302.465548][T17025] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2302.485263][T17025] memory: usage 3236kB, limit 0kB, failcnt 828 [ 2302.491690][T17025] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2302.499758][T17025] Memory cgroup stats for /syz0: [ 2302.499873][T17025] anon 2105344 [ 2302.499873][T17025] file 0 [ 2302.499873][T17025] kernel_stack 65536 [ 2302.499873][T17025] slab 704512 [ 2302.499873][T17025] sock 0 [ 2302.499873][T17025] shmem 0 [ 2302.499873][T17025] file_mapped 0 [ 2302.499873][T17025] file_dirty 0 [ 2302.499873][T17025] file_writeback 0 [ 2302.499873][T17025] anon_thp 2097152 [ 2302.499873][T17025] inactive_anon 0 [ 2302.499873][T17025] active_anon 2105344 [ 2302.499873][T17025] inactive_file 135168 [ 2302.499873][T17025] active_file 0 [ 2302.499873][T17025] unevictable 0 [ 2302.499873][T17025] slab_reclaimable 135168 [ 2302.499873][T17025] slab_unreclaimable 569344 [ 2302.499873][T17025] pgfault 14685 [ 2302.499873][T17025] pgmajfault 0 [ 2302.499873][T17025] workingset_refault 0 [ 2302.499873][T17025] workingset_activate 0 [ 2302.499873][T17025] workingset_nodereclaim 0 [ 2302.499873][T17025] pgrefill 0 [ 2302.499873][T17025] pgscan 0 [ 2302.499873][T17025] pgsteal 0 [ 2302.499873][T17025] pgactivate 0 [ 2302.595839][T17025] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17022,uid=0 [ 2302.620624][T17025] Memory cgroup out of memory: Killed process 17022 (syz-executor.0) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2302.642753][ T1054] oom_reaper: reaped process 17022 (syz-executor.0), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2302.654914][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2302.664536][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2302.673664][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2302.682621][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2302.694067][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2302.703234][T15292] bridge0: port 1(bridge_slave_0) entered blocking state [ 2302.710359][T15292] bridge0: port 1(bridge_slave_0) entered forwarding state 04:54:17 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0x0, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2302.730405][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2302.749892][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2302.758546][T15292] bridge0: port 2(bridge_slave_1) entered blocking state [ 2302.765711][T15292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2302.793537][T17001] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2302.800033][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2302.804908][T17001] CPU: 0 PID: 17001 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2302.820633][T17001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2302.830605][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2302.830691][T17001] Call Trace: [ 2302.841879][T17001] dump_stack+0x172/0x1f0 [ 2302.846216][T17001] dump_header+0x10b/0x82d [ 2302.850898][T17001] ? oom_kill_process+0x94/0x3f0 [ 2302.855858][T17001] oom_kill_process.cold+0x10/0x15 [ 2302.860998][T17001] out_of_memory+0x334/0x1340 [ 2302.865693][T17001] ? lock_downgrade+0x920/0x920 [ 2302.866634][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2302.870572][T17001] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2302.870588][T17001] ? oom_killer_disable+0x280/0x280 [ 2302.870608][T17001] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2302.870620][T17001] ? memcg_stat_show+0xc40/0xc40 [ 2302.870638][T17001] ? do_raw_spin_unlock+0x57/0x270 [ 2302.870654][T17001] ? _raw_spin_unlock+0x2d/0x50 [ 2302.870668][T17001] try_charge+0xf4b/0x1440 [ 2302.870690][T17001] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2302.870701][T17001] ? percpu_ref_tryget_live+0x111/0x290 [ 2302.870722][T17001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2302.880336][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2302.884485][T17001] ? __kasan_check_read+0x11/0x20 [ 2302.900222][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2302.905194][T17001] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2302.920290][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2302.925683][T17001] mem_cgroup_try_charge+0x136/0x590 [ 2302.950119][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2302.953031][T17001] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2302.969568][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2302.971878][T17001] __handle_mm_fault+0x1f0d/0x4040 [ 2302.989779][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2302.993358][T17001] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2303.010170][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2303.013872][T17001] ? handle_mm_fault+0x292/0xaa0 [ 2303.027748][T17001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2303.034185][T17001] ? __kasan_check_read+0x11/0x20 [ 2303.039231][T17001] handle_mm_fault+0x3b7/0xaa0 [ 2303.040248][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2303.044535][T17001] __do_page_fault+0x536/0xdd0 [ 2303.057180][T17001] do_page_fault+0x38/0x590 [ 2303.061706][T17001] page_fault+0x39/0x40 [ 2303.065870][T17001] RIP: 0033:0x403522 [ 2303.069769][T17001] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2303.070299][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2303.089384][T17001] RSP: 002b:00007ffdcd7f2e80 EFLAGS: 00010246 [ 2303.089395][T17001] RAX: 0000000000000000 RBX: 0000000000232084 RCX: 0000000000413660 [ 2303.089402][T17001] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdcd7f3fb0 [ 2303.089409][T17001] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000010fe940 [ 2303.089416][T17001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcd7f3fb0 [ 2303.089423][T17001] R13: 00007ffdcd7f3fa0 R14: 0000000000000000 R15: 00007ffdcd7f3fb0 [ 2303.108810][T17001] memory: usage 864kB, limit 0kB, failcnt 836 [ 2303.113686][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2303.120111][T17001] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2303.132299][T15292] bridge0: port 2(bridge_slave_1) entered blocking state [ 2303.158889][T17001] Memory cgroup stats for /syz0: [ 2303.158987][T17001] anon 8192 [ 2303.158987][T17001] file 0 [ 2303.158987][T17001] kernel_stack 0 [ 2303.158987][T17001] slab 704512 [ 2303.158987][T17001] sock 0 [ 2303.158987][T17001] shmem 0 [ 2303.158987][T17001] file_mapped 0 [ 2303.158987][T17001] file_dirty 0 [ 2303.158987][T17001] file_writeback 0 [ 2303.158987][T17001] anon_thp 0 [ 2303.158987][T17001] inactive_anon 0 [ 2303.158987][T17001] active_anon 8192 [ 2303.158987][T17001] inactive_file 135168 [ 2303.158987][T17001] active_file 0 [ 2303.158987][T17001] unevictable 0 [ 2303.158987][T17001] slab_reclaimable 135168 [ 2303.158987][T17001] slab_unreclaimable 569344 [ 2303.158987][T17001] pgfault 14685 [ 2303.158987][T17001] pgmajfault 0 [ 2303.158987][T17001] workingset_refault 0 [ 2303.158987][T17001] workingset_activate 0 [ 2303.158987][T17001] workingset_nodereclaim 0 [ 2303.158987][T17001] pgrefill 0 [ 2303.158987][T17001] pgscan 0 [ 2303.158987][T17001] pgsteal 0 [ 2303.158987][T17001] pgactivate 0 [ 2303.158987][T17001] pgdeactivate 0 [ 2303.164982][T15292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2303.188820][T17001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17001,uid=0 [ 2303.293706][T17001] Memory cgroup out of memory: Killed process 17001 (syz-executor.0) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2303.312231][ T1054] oom_reaper: reaped process 17001 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2303.324264][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2303.357753][T17012] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2303.370343][T17012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2303.430403][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2303.439471][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2303.448112][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2303.457399][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2303.467154][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2303.477508][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2303.487329][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2303.500679][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2303.510328][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2303.519582][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2303.529338][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2303.538093][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2303.547195][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2303.556782][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2303.566065][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2303.575562][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2303.584847][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2303.594318][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2303.603970][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2303.613365][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2303.915892][T17009] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2303.929882][T17009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2303.984917][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2303.995256][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2304.003981][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2304.013221][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2304.022191][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2304.039951][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2304.048682][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2304.057966][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2304.071488][T17008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 04:54:19 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x0, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2304.090929][T17012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2304.104799][T17010] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2304.117578][T17010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 04:54:19 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x0, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2304.208650][T17033] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2304.233416][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2304.250039][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2304.361719][T17009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2304.403082][T17010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2304.434583][T17033] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2304.468147][T17033] CPU: 0 PID: 17033 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2304.476092][T17033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2304.486160][T17033] Call Trace: [ 2304.489465][T17033] dump_stack+0x172/0x1f0 [ 2304.493813][T17033] dump_header+0x10b/0x82d [ 2304.498238][T17033] oom_kill_process.cold+0x10/0x15 [ 2304.503386][T17033] out_of_memory+0x334/0x1340 [ 2304.508786][T17033] ? __sched_text_start+0x8/0x8 [ 2304.510172][T17042] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2304.513752][T17033] ? oom_killer_disable+0x280/0x280 [ 2304.513782][T17033] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2304.513796][T17033] ? memcg_stat_show+0xc40/0xc40 [ 2304.513818][T17033] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2304.553949][T17033] ? cgroup_file_notify+0x140/0x1b0 [ 2304.559154][T17033] memory_max_write+0x262/0x3a0 [ 2304.564036][T17033] ? mem_cgroup_write+0x370/0x370 [ 2304.569070][T17033] ? cgroup_file_write+0x86/0x790 [ 2304.574103][T17033] cgroup_file_write+0x241/0x790 [ 2304.579048][T17033] ? mem_cgroup_write+0x370/0x370 [ 2304.584077][T17033] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2304.589827][T17033] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2304.595486][T17033] kernfs_fop_write+0x2b8/0x480 [ 2304.600346][T17033] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2304.606684][T17033] __vfs_write+0x8a/0x110 [ 2304.611024][T17033] ? kernfs_fop_open+0xd80/0xd80 [ 2304.615974][T17033] vfs_write+0x268/0x5d0 [ 2304.620228][T17033] ksys_write+0x14f/0x290 [ 2304.624566][T17033] ? __ia32_sys_read+0xb0/0xb0 [ 2304.629354][T17033] ? do_syscall_64+0x26/0x760 [ 2304.634036][T17033] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2304.640106][T17033] ? do_syscall_64+0x26/0x760 [ 2304.644815][T17033] __x64_sys_write+0x73/0xb0 [ 2304.649441][T17033] do_syscall_64+0xfa/0x760 [ 2304.653959][T17033] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2304.659851][T17033] RIP: 0033:0x459a59 [ 2304.663751][T17033] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2304.683451][T17033] RSP: 002b:00007f7370b12c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2304.691901][T17033] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2304.699888][T17033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2304.708131][T17033] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2304.716467][T17033] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7370b136d4 [ 2304.724463][T17033] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2304.754259][T17008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2304.771004][T17033] memory: usage 6540kB, limit 0kB, failcnt 1475 [ 2304.800570][T17033] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2304.852087][T17033] Memory cgroup stats for /syz3: [ 2304.853128][T17033] anon 2158592 [ 2304.853128][T17033] file 0 [ 2304.853128][T17033] kernel_stack 65536 [ 2304.853128][T17033] slab 4337664 [ 2304.853128][T17033] sock 0 [ 2304.853128][T17033] shmem 0 [ 2304.853128][T17033] file_mapped 0 [ 2304.853128][T17033] file_dirty 0 [ 2304.853128][T17033] file_writeback 0 [ 2304.853128][T17033] anon_thp 2097152 [ 2304.853128][T17033] inactive_anon 0 [ 2304.853128][T17033] active_anon 2158592 [ 2304.853128][T17033] inactive_file 0 [ 2304.853128][T17033] active_file 0 [ 2304.853128][T17033] unevictable 0 [ 2304.853128][T17033] slab_reclaimable 3244032 [ 2304.853128][T17033] slab_unreclaimable 1093632 [ 2304.853128][T17033] pgfault 12903 [ 2304.853128][T17033] pgmajfault 0 [ 2304.853128][T17033] workingset_refault 0 [ 2304.853128][T17033] workingset_activate 0 [ 2304.853128][T17033] workingset_nodereclaim 0 [ 2304.853128][T17033] pgrefill 496 [ 2304.853128][T17033] pgscan 4606 [ 2304.853128][T17033] pgsteal 4107 [ 2304.853128][T17033] pgactivate 462 [ 2304.950470][T17033] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17032,uid=0 [ 2305.000348][T17033] Memory cgroup out of memory: Killed process 17032 (syz-executor.3) total-vm:72580kB, anon-rss:2184kB, file-rss:35848kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2305.041739][ T1054] oom_reaper: reaped process 17032 (syz-executor.3), now anon-rss:0kB, file-rss:34888kB, shmem-rss:0kB [ 2305.053444][T17042] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2305.074276][T17042] CPU: 1 PID: 17042 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2305.082197][T17042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2305.092253][T17042] Call Trace: [ 2305.092274][T17042] dump_stack+0x172/0x1f0 [ 2305.092295][T17042] dump_header+0x10b/0x82d [ 2305.092312][T17042] oom_kill_process.cold+0x10/0x15 [ 2305.092330][T17042] out_of_memory+0x334/0x1340 [ 2305.114230][T17042] ? oom_killer_disable+0x280/0x280 [ 2305.119453][T17042] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2305.125004][T17042] ? memcg_stat_show+0xc40/0xc40 [ 2305.129956][T17042] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2305.135781][T17042] ? cgroup_file_notify+0x140/0x1b0 [ 2305.141948][T17042] memory_max_write+0x262/0x3a0 [ 2305.146815][T17042] ? mem_cgroup_write+0x370/0x370 [ 2305.152027][T17042] ? __lock_acquire+0x8a0/0x4a00 [ 2305.157151][T17042] cgroup_file_write+0x241/0x790 [ 2305.162093][T17042] ? mem_cgroup_write+0x370/0x370 [ 2305.167121][T17042] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2305.172776][T17042] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2305.178414][T17042] kernfs_fop_write+0x2b8/0x480 [ 2305.183268][T17042] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2305.189544][T17042] __vfs_write+0x8a/0x110 [ 2305.193881][T17042] ? kernfs_fop_open+0xd80/0xd80 [ 2305.198828][T17042] vfs_write+0x268/0x5d0 [ 2305.203091][T17042] ksys_write+0x14f/0x290 [ 2305.207435][T17042] ? __ia32_sys_read+0xb0/0xb0 [ 2305.212398][T17042] ? do_syscall_64+0x26/0x760 [ 2305.213731][T17055] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2305.217078][T17042] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2305.217095][T17042] ? do_syscall_64+0x26/0x760 [ 2305.217117][T17042] __x64_sys_write+0x73/0xb0 [ 2305.217134][T17042] do_syscall_64+0xfa/0x760 [ 2305.217154][T17042] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2305.217166][T17042] RIP: 0033:0x459a59 [ 2305.217180][T17042] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2305.217194][T17042] RSP: 002b:00007f2578204c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2305.295295][T17042] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2305.303444][T17042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2305.311411][T17042] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2305.319365][T17042] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f25782056d4 [ 2305.328202][T17042] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff 04:54:20 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x2040) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x0, 0x300) socket$kcm(0x10, 0x400800000000000, 0x10) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = socket$kcm(0xa, 0x3, 0x11) sendmsg$kcm(r0, &(0x7f00000027c0)={&(0x7f0000002200)=@nl=@unspec={0x2001001000000000}, 0x80, 0x0}, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f00000003c0)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0xfdf3) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1e2}, 0x22) recvmsg(r0, &(0x7f00000016c0)={0x0, 0x0, 0x0}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) recvmsg$kcm(r2, &(0x7f0000005e80)={&(0x7f0000005ac0)=@hci={0x1f, 0x0}, 0x80, &(0x7f0000005dc0)=[{&(0x7f0000005b40)=""/120, 0x78}, {&(0x7f0000005bc0)=""/164, 0xa4}, {&(0x7f0000005c80)=""/100, 0x64}, {&(0x7f0000005d00)=""/53, 0x35}, {&(0x7f0000005d40)=""/76, 0x4c}], 0x5, &(0x7f0000005e40)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, [], r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$kcm(0xa, 0x1, 0x0) close(0xffffffffffffffff) sendmsg$kcm(r5, &(0x7f0000001900)={0x0, 0xfffffffffffffdb4, 0x0, 0x5b, 0x0, 0xfffffffffffffdf0}, 0x4000000) close(0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f0000000400)) recvmsg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0xff, 0x0, 0x0, 0x0, 0x1fd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0xfffffff5) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) write$cgroup_pid(r6, &(0x7f0000000100), 0xda4fff08) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x660c, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0xfffffff5) ioctl$SIOCSIFHWADDR(r7, 0x8924, 0x0) write$cgroup_pid(r7, &(0x7f0000000100), 0xda4fff08) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r7, 0x660c, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000040)={'erspan0\x00', @dev={[], 0x2b}}) [ 2305.376607][T17042] memory: usage 3144kB, limit 0kB, failcnt 951 [ 2305.427023][T17042] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2305.445031][T17042] Memory cgroup stats for /syz4: [ 2305.445135][T17042] anon 2154496 [ 2305.445135][T17042] file 163840 [ 2305.445135][T17042] kernel_stack 0 [ 2305.445135][T17042] slab 692224 [ 2305.445135][T17042] sock 0 [ 2305.445135][T17042] shmem 0 [ 2305.445135][T17042] file_mapped 0 [ 2305.445135][T17042] file_dirty 135168 [ 2305.445135][T17042] file_writeback 0 [ 2305.445135][T17042] anon_thp 2097152 [ 2305.445135][T17042] inactive_anon 0 [ 2305.445135][T17042] active_anon 2154496 [ 2305.445135][T17042] inactive_file 135168 [ 2305.445135][T17042] active_file 0 [ 2305.445135][T17042] unevictable 0 [ 2305.445135][T17042] slab_reclaimable 270336 [ 2305.445135][T17042] slab_unreclaimable 421888 [ 2305.445135][T17042] pgfault 8910 [ 2305.445135][T17042] pgmajfault 0 [ 2305.445135][T17042] workingset_refault 0 [ 2305.445135][T17042] workingset_activate 0 [ 2305.445135][T17042] workingset_nodereclaim 0 [ 2305.445135][T17042] pgrefill 264 [ 2305.445135][T17042] pgscan 292 [ 2305.445135][T17042] pgsteal 59 [ 2305.445135][T17042] pgactivate 231 [ 2305.565384][T17060] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2305.597890][T17061] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2305.810048][T17042] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17041,uid=0 [ 2305.836310][T17042] Memory cgroup out of memory: Killed process 17042 (syz-executor.4) total-vm:72712kB, anon-rss:2192kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2305.856341][ T1054] oom_reaper: reaped process 17042 (syz-executor.4), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2305.867713][T17055] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2305.878625][T17055] CPU: 0 PID: 17055 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2305.886521][T17055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2305.896579][T17055] Call Trace: [ 2305.899894][T17055] dump_stack+0x172/0x1f0 [ 2305.904231][T17055] dump_header+0x10b/0x82d [ 2305.908656][T17055] oom_kill_process.cold+0x10/0x15 [ 2305.913782][T17055] out_of_memory+0x334/0x1340 [ 2305.918473][T17055] ? oom_killer_disable+0x280/0x280 [ 2305.923691][T17055] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2305.929244][T17055] ? memcg_stat_show+0xc40/0xc40 [ 2305.934191][T17055] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2305.940022][T17055] ? cgroup_file_notify+0x140/0x1b0 [ 2305.945237][T17055] memory_max_write+0x262/0x3a0 [ 2305.950096][T17055] ? mem_cgroup_write+0x370/0x370 [ 2305.955132][T17055] cgroup_file_write+0x241/0x790 [ 2305.960380][T17055] ? mem_cgroup_write+0x370/0x370 [ 2305.965413][T17055] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2305.971082][T17055] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2305.976728][T17055] kernfs_fop_write+0x2b8/0x480 [ 2305.981586][T17055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2305.987832][T17055] __vfs_write+0x8a/0x110 [ 2305.992166][T17055] ? kernfs_fop_open+0xd80/0xd80 [ 2305.997116][T17055] vfs_write+0x268/0x5d0 [ 2306.001458][T17055] ksys_write+0x14f/0x290 [ 2306.008513][T17055] ? __ia32_sys_read+0xb0/0xb0 [ 2306.014062][T17055] ? do_syscall_64+0x26/0x760 [ 2306.018742][T17055] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2306.025346][T17055] ? do_syscall_64+0x26/0x760 [ 2306.030129][T17055] __x64_sys_write+0x73/0xb0 [ 2306.034727][T17055] do_syscall_64+0xfa/0x760 [ 2306.039240][T17055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2306.045132][T17055] RIP: 0033:0x459a59 [ 2306.049030][T17055] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2306.068642][T17055] RSP: 002b:00007f9a5da78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2306.077060][T17055] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2306.085041][T17055] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2306.093895][T17055] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2306.102066][T17055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9a5da796d4 [ 2306.111346][T17055] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff 04:54:21 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x0, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2306.363932][T17055] memory: usage 27660kB, limit 0kB, failcnt 75 [ 2306.375105][T17065] IPVS: ftp: loaded support on port[0] = 21 [ 2306.387213][T17055] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2306.397752][T17055] Memory cgroup stats for /syz1: [ 2306.397858][T17055] anon 2183168 [ 2306.397858][T17055] file 4096 [ 2306.397858][T17055] kernel_stack 65536 04:54:21 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2306.397858][T17055] slab 25960448 [ 2306.397858][T17055] sock 0 [ 2306.397858][T17055] shmem 0 [ 2306.397858][T17055] file_mapped 0 [ 2306.397858][T17055] file_dirty 0 [ 2306.397858][T17055] file_writeback 0 [ 2306.397858][T17055] anon_thp 2097152 [ 2306.397858][T17055] inactive_anon 0 [ 2306.397858][T17055] active_anon 2236416 [ 2306.397858][T17055] inactive_file 135168 [ 2306.397858][T17055] active_file 0 [ 2306.397858][T17055] unevictable 0 [ 2306.397858][T17055] slab_reclaimable 25276416 [ 2306.397858][T17055] slab_unreclaimable 684032 04:54:21 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x0, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2306.397858][T17055] pgfault 37455 [ 2306.397858][T17055] pgmajfault 0 [ 2306.397858][T17055] workingset_refault 0 [ 2306.397858][T17055] workingset_activate 0 [ 2306.397858][T17055] workingset_nodereclaim 0 [ 2306.397858][T17055] pgrefill 135 [ 2306.397858][T17055] pgscan 133 [ 2306.397858][T17055] pgsteal 0 [ 2306.397858][T17055] pgactivate 99 [ 2306.526943][T17055] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17054,uid=0 [ 2306.558768][T17055] Memory cgroup out of memory: Killed process 17055 (syz-executor.1) total-vm:72580kB, anon-rss:2184kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2306.582928][ T1054] oom_reaper: reaped process 17055 (syz-executor.1), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 2306.595033][T17007] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2306.618871][T17007] CPU: 0 PID: 17007 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 04:54:21 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2306.626877][T17007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2306.636923][T17007] Call Trace: [ 2306.636942][T17007] dump_stack+0x172/0x1f0 [ 2306.636960][T17007] dump_header+0x10b/0x82d [ 2306.636972][T17007] ? oom_kill_process+0x94/0x3f0 [ 2306.636987][T17007] oom_kill_process.cold+0x10/0x15 [ 2306.637002][T17007] out_of_memory+0x334/0x1340 [ 2306.637017][T17007] ? lock_downgrade+0x920/0x920 [ 2306.637035][T17007] ? oom_killer_disable+0x280/0x280 [ 2306.664008][T17007] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2306.674118][T17007] ? memcg_stat_show+0xc40/0xc40 [ 2306.684913][T17007] ? do_raw_spin_unlock+0x57/0x270 [ 2306.690019][T17007] ? _raw_spin_unlock+0x2d/0x50 [ 2306.690037][T17007] try_charge+0xf4b/0x1440 [ 2306.690065][T17007] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2306.690077][T17007] ? percpu_ref_tryget_live+0x111/0x290 [ 2306.690094][T17007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2306.690111][T17007] ? __kasan_check_read+0x11/0x20 [ 2306.690129][T17007] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2306.690147][T17007] mem_cgroup_try_charge+0x136/0x590 [ 2306.690166][T17007] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2306.690182][T17007] wp_page_copy+0x407/0x1860 [ 2306.690196][T17007] ? find_held_lock+0x35/0x130 [ 2306.690210][T17007] ? do_wp_page+0x53b/0x15c0 [ 2306.690225][T17007] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2306.690239][T17007] ? lock_downgrade+0x920/0x920 [ 2306.690255][T17007] ? swp_swapcount+0x540/0x540 [ 2306.690269][T17007] ? __kasan_check_read+0x11/0x20 [ 2306.690281][T17007] ? do_raw_spin_unlock+0x57/0x270 [ 2306.690297][T17007] do_wp_page+0x543/0x15c0 [ 2306.690316][T17007] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2306.690340][T17007] __handle_mm_fault+0x23ec/0x4040 [ 2306.690360][T17007] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2306.690372][T17007] ? handle_mm_fault+0x292/0xaa0 [ 2306.690396][T17007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2306.690412][T17007] ? __kasan_check_read+0x11/0x20 [ 2306.690431][T17007] handle_mm_fault+0x3b7/0xaa0 [ 2306.690449][T17007] __do_page_fault+0x536/0xdd0 [ 2306.690471][T17007] do_page_fault+0x38/0x590 [ 2306.690489][T17007] page_fault+0x39/0x40 [ 2306.690500][T17007] RIP: 0033:0x430b36 [ 2306.690515][T17007] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2306.690522][T17007] RSP: 002b:00007ffc551cd6b0 EFLAGS: 00010206 [ 2306.690533][T17007] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2306.690541][T17007] RDX: 000000000215a930 RSI: 0000000002162970 RDI: 0000000000000003 [ 2306.690549][T17007] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002159940 [ 2306.690557][T17007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2306.690563][T17007] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2306.768900][T17007] memory: usage 4208kB, limit 0kB, failcnt 1483 [ 2306.774124][T17007] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2306.799016][T17007] Memory cgroup stats for /syz3: [ 2306.799113][T17007] anon 53248 [ 2306.799113][T17007] file 0 [ 2306.799113][T17007] kernel_stack 65536 [ 2306.799113][T17007] slab 4337664 [ 2306.799113][T17007] sock 0 [ 2306.799113][T17007] shmem 0 [ 2306.799113][T17007] file_mapped 0 [ 2306.799113][T17007] file_dirty 0 [ 2306.799113][T17007] file_writeback 0 [ 2306.799113][T17007] anon_thp 0 [ 2306.799113][T17007] inactive_anon 0 [ 2306.799113][T17007] active_anon 53248 [ 2306.799113][T17007] inactive_file 0 [ 2306.799113][T17007] active_file 0 [ 2306.799113][T17007] unevictable 0 [ 2306.799113][T17007] slab_reclaimable 3244032 [ 2306.799113][T17007] slab_unreclaimable 1093632 [ 2306.799113][T17007] pgfault 12903 [ 2306.799113][T17007] pgmajfault 0 [ 2306.799113][T17007] workingset_refault 0 [ 2306.799113][T17007] workingset_activate 0 [ 2306.799113][T17007] workingset_nodereclaim 0 [ 2306.799113][T17007] pgrefill 496 [ 2306.799113][T17007] pgscan 4606 [ 2306.799113][T17007] pgsteal 4107 [ 2306.799113][T17007] pgactivate 462 [ 2306.805915][T17007] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17007,uid=0 [ 2306.828888][T17007] Memory cgroup out of memory: Killed process 17007 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2306.837135][T17012] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2306.841460][ T1054] oom_reaper: reaped process 17007 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2306.878877][T17012] CPU: 0 PID: 17012 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2306.892904][T17012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2306.892911][T17012] Call Trace: [ 2306.892930][T17012] dump_stack+0x172/0x1f0 [ 2306.892948][T17012] dump_header+0x10b/0x82d [ 2306.892960][T17012] ? oom_kill_process+0x94/0x3f0 [ 2306.892976][T17012] oom_kill_process.cold+0x10/0x15 [ 2306.892990][T17012] out_of_memory+0x334/0x1340 [ 2306.893010][T17012] ? lock_downgrade+0x920/0x920 [ 2306.893030][T17012] ? oom_killer_disable+0x280/0x280 [ 2306.893053][T17012] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2306.893070][T17012] ? memcg_stat_show+0xc40/0xc40 [ 2306.909013][T17012] ? do_raw_spin_unlock+0x57/0x270 [ 2306.909030][T17012] ? _raw_spin_unlock+0x2d/0x50 [ 2306.909048][T17012] try_charge+0xf4b/0x1440 [ 2306.909073][T17012] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2306.909084][T17012] ? percpu_ref_tryget_live+0x111/0x290 [ 2306.909103][T17012] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2306.909118][T17012] ? __kasan_check_read+0x11/0x20 [ 2306.909135][T17012] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2306.909152][T17012] mem_cgroup_try_charge+0x136/0x590 [ 2306.909171][T17012] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2306.909189][T17012] wp_page_copy+0x407/0x1860 [ 2306.909202][T17012] ? find_held_lock+0x35/0x130 [ 2306.909218][T17012] ? do_wp_page+0x53b/0x15c0 [ 2307.016802][T17012] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2307.016822][T17012] ? lock_downgrade+0x920/0x920 [ 2307.016837][T17012] ? swp_swapcount+0x540/0x540 [ 2307.016852][T17012] ? __kasan_check_read+0x11/0x20 [ 2307.016863][T17012] ? do_raw_spin_unlock+0x57/0x270 [ 2307.016878][T17012] do_wp_page+0x543/0x15c0 [ 2307.016895][T17012] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2307.016914][T17012] __handle_mm_fault+0x23ec/0x4040 [ 2307.016932][T17012] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2307.016947][T17012] ? handle_mm_fault+0x292/0xaa0 [ 2307.016972][T17012] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2307.016987][T17012] ? __kasan_check_read+0x11/0x20 [ 2307.017001][T17012] handle_mm_fault+0x3b7/0xaa0 [ 2307.017019][T17012] __do_page_fault+0x536/0xdd0 [ 2307.017038][T17012] do_page_fault+0x38/0x590 [ 2307.017056][T17012] page_fault+0x39/0x40 [ 2307.017067][T17012] RIP: 0033:0x403522 [ 2307.017082][T17012] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2307.017088][T17012] RSP: 002b:00007ffee3799b80 EFLAGS: 00010246 [ 2307.017098][T17012] RAX: 0000000000000000 RBX: 0000000000232d58 RCX: 0000000000413660 [ 2307.017106][T17012] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffee379acb0 [ 2307.017112][T17012] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002a67940 [ 2307.017120][T17012] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee379acb0 [ 2307.017128][T17012] R13: 00007ffee379aca0 R14: 0000000000000000 R15: 00007ffee379acb0 [ 2307.031996][T17012] memory: usage 772kB, limit 0kB, failcnt 959 [ 2307.050916][T17012] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2307.050923][T17012] Memory cgroup stats for /syz4: [ 2307.051025][T17012] anon 0 [ 2307.051025][T17012] file 163840 [ 2307.051025][T17012] kernel_stack 0 [ 2307.051025][T17012] slab 692224 [ 2307.051025][T17012] sock 0 [ 2307.051025][T17012] shmem 0 [ 2307.051025][T17012] file_mapped 0 [ 2307.051025][T17012] file_dirty 135168 [ 2307.051025][T17012] file_writeback 0 [ 2307.051025][T17012] anon_thp 0 [ 2307.051025][T17012] inactive_anon 0 [ 2307.051025][T17012] active_anon 0 [ 2307.051025][T17012] inactive_file 135168 [ 2307.051025][T17012] active_file 0 [ 2307.051025][T17012] unevictable 0 [ 2307.051025][T17012] slab_reclaimable 270336 [ 2307.051025][T17012] slab_unreclaimable 421888 [ 2307.051025][T17012] pgfault 8910 [ 2307.051025][T17012] pgmajfault 0 [ 2307.051025][T17012] workingset_refault 0 [ 2307.051025][T17012] workingset_activate 0 [ 2307.051025][T17012] workingset_nodereclaim 0 [ 2307.051025][T17012] pgrefill 264 [ 2307.051025][T17012] pgscan 292 [ 2307.051025][T17012] pgsteal 59 [ 2307.051025][T17012] pgactivate 231 [ 2307.051063][T17012] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17012,uid=0 [ 2307.051168][T17012] Memory cgroup out of memory: Killed process 17012 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2307.092035][ T1054] oom_reaper: reaped process 17012 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2307.098307][T17010] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2307.134592][T17010] CPU: 0 PID: 17010 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2307.152472][T17010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2307.164384][T17010] Call Trace: [ 2307.164406][T17010] dump_stack+0x172/0x1f0 [ 2307.164423][T17010] dump_header+0x10b/0x82d [ 2307.164434][T17010] ? oom_kill_process+0x94/0x3f0 [ 2307.164449][T17010] oom_kill_process.cold+0x10/0x15 [ 2307.164464][T17010] out_of_memory+0x334/0x1340 [ 2307.164481][T17010] ? lock_downgrade+0x920/0x920 [ 2307.164500][T17010] ? oom_killer_disable+0x280/0x280 [ 2307.164527][T17010] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2307.164540][T17010] ? memcg_stat_show+0xc40/0xc40 [ 2307.164559][T17010] ? do_raw_spin_unlock+0x57/0x270 [ 2307.164579][T17010] ? _raw_spin_unlock+0x2d/0x50 [ 2307.192424][T17010] try_charge+0xf4b/0x1440 [ 2307.201769][T17010] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2307.201781][T17010] ? percpu_ref_tryget_live+0x111/0x290 [ 2307.201802][T17010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2307.201818][T17010] ? __kasan_check_read+0x11/0x20 [ 2307.201837][T17010] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2307.201856][T17010] mem_cgroup_try_charge+0x136/0x590 [ 2307.201877][T17010] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2307.201895][T17010] wp_page_copy+0x407/0x1860 [ 2307.201914][T17010] ? find_held_lock+0x35/0x130 [ 2307.232059][T17010] ? do_wp_page+0x53b/0x15c0 [ 2307.241845][T17010] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2307.241862][T17010] ? lock_downgrade+0x920/0x920 [ 2307.241878][T17010] ? swp_swapcount+0x540/0x540 [ 2307.241893][T17010] ? __kasan_check_read+0x11/0x20 [ 2307.241904][T17010] ? do_raw_spin_unlock+0x57/0x270 [ 2307.241919][T17010] do_wp_page+0x543/0x15c0 [ 2307.241935][T17010] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2307.241957][T17010] __handle_mm_fault+0x23ec/0x4040 [ 2307.241977][T17010] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2307.241991][T17010] ? handle_mm_fault+0x292/0xaa0 [ 2307.242020][T17010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2307.242034][T17010] ? __kasan_check_read+0x11/0x20 [ 2307.242051][T17010] handle_mm_fault+0x3b7/0xaa0 [ 2307.263829][T17010] __do_page_fault+0x536/0xdd0 [ 2307.282914][T17010] do_page_fault+0x38/0x590 [ 2307.316696][T17010] page_fault+0x39/0x40 [ 2307.332643][T17010] RIP: 0033:0x430b36 [ 2307.362587][T17010] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2307.462863][T17010] RSP: 002b:00007fffe8564590 EFLAGS: 00010206 [ 2307.462878][T17010] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2307.462885][T17010] RDX: 0000000001f7d930 RSI: 0000000001f85970 RDI: 0000000000000003 [ 2307.462891][T17010] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001f7c940 [ 2307.462898][T17010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2307.462904][T17010] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2307.829184][T17010] memory: usage 728kB, limit 0kB, failcnt 649 [ 2307.835424][T17010] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2307.859262][T17010] Memory cgroup stats for /syz5: [ 2307.859397][T17010] anon 233472 [ 2307.859397][T17010] file 36864 [ 2307.859397][T17010] kernel_stack 0 [ 2307.859397][T17010] slab 544768 [ 2307.859397][T17010] sock 0 [ 2307.859397][T17010] shmem 0 [ 2307.859397][T17010] file_mapped 0 [ 2307.859397][T17010] file_dirty 0 [ 2307.859397][T17010] file_writeback 0 [ 2307.859397][T17010] anon_thp 0 [ 2307.859397][T17010] inactive_anon 0 [ 2307.859397][T17010] active_anon 86016 [ 2307.859397][T17010] inactive_file 0 [ 2307.859397][T17010] active_file 0 [ 2307.859397][T17010] unevictable 0 [ 2307.859397][T17010] slab_reclaimable 135168 [ 2307.859397][T17010] slab_unreclaimable 409600 [ 2307.859397][T17010] pgfault 8217 [ 2307.859397][T17010] pgmajfault 0 [ 2307.859397][T17010] workingset_refault 0 [ 2307.859397][T17010] workingset_activate 0 [ 2307.859397][T17010] workingset_nodereclaim 0 [ 2307.859397][T17010] pgrefill 200 [ 2307.859397][T17010] pgscan 362 [ 2307.859397][T17010] pgsteal 146 [ 2307.859397][T17010] pgactivate 198 [ 2307.955680][T17010] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17010,uid=0 [ 2307.973878][T17010] Memory cgroup out of memory: Killed process 17010 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2307.992439][ T1054] oom_reaper: reaped process 17010 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2308.003713][T17008] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2308.014361][T17008] CPU: 0 PID: 17008 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2308.022255][T17008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2308.032309][T17008] Call Trace: [ 2308.035610][T17008] dump_stack+0x172/0x1f0 [ 2308.039946][T17008] dump_header+0x10b/0x82d [ 2308.044357][T17008] ? oom_kill_process+0x94/0x3f0 [ 2308.049311][T17008] oom_kill_process.cold+0x10/0x15 [ 2308.054447][T17008] out_of_memory+0x334/0x1340 [ 2308.059140][T17008] ? lock_downgrade+0x920/0x920 [ 2308.064008][T17008] ? oom_killer_disable+0x280/0x280 [ 2308.069225][T17008] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2308.074771][T17008] ? memcg_stat_show+0xc40/0xc40 [ 2308.079713][T17008] ? do_raw_spin_unlock+0x57/0x270 [ 2308.084838][T17008] ? _raw_spin_unlock+0x2d/0x50 [ 2308.089691][T17008] try_charge+0xf4b/0x1440 [ 2308.094116][T17008] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2308.099666][T17008] ? percpu_ref_tryget_live+0x111/0x290 [ 2308.105216][T17008] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2308.111459][T17008] ? __kasan_check_read+0x11/0x20 [ 2308.116486][T17008] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2308.122035][T17008] mem_cgroup_try_charge+0x136/0x590 [ 2308.127325][T17008] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2308.132963][T17008] wp_page_copy+0x407/0x1860 [ 2308.137560][T17008] ? find_held_lock+0x35/0x130 [ 2308.142322][T17008] ? do_wp_page+0x53b/0x15c0 [ 2308.146910][T17008] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2308.152716][T17008] ? lock_downgrade+0x920/0x920 [ 2308.157567][T17008] ? swp_swapcount+0x540/0x540 [ 2308.162331][T17008] ? __kasan_check_read+0x11/0x20 [ 2308.167352][T17008] ? do_raw_spin_unlock+0x57/0x270 [ 2308.172462][T17008] do_wp_page+0x543/0x15c0 [ 2308.176878][T17008] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2308.182258][T17008] __handle_mm_fault+0x23ec/0x4040 [ 2308.187371][T17008] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2308.192915][T17008] ? handle_mm_fault+0x292/0xaa0 [ 2308.197871][T17008] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2308.204118][T17008] ? __kasan_check_read+0x11/0x20 [ 2308.209147][T17008] handle_mm_fault+0x3b7/0xaa0 [ 2308.213915][T17008] __do_page_fault+0x536/0xdd0 [ 2308.218684][T17008] do_page_fault+0x38/0x590 [ 2308.223189][T17008] page_fault+0x39/0x40 [ 2308.227340][T17008] RIP: 0033:0x403522 [ 2308.231233][T17008] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2308.250859][T17008] RSP: 002b:00007fff7b0a8df0 EFLAGS: 00010246 [ 2308.256930][T17008] RAX: 0000000000000000 RBX: 000000000023310a RCX: 0000000000413660 [ 2308.264904][T17008] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff7b0a9f20 [ 2308.272886][T17008] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000027d2940 [ 2308.280858][T17008] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff7b0a9f20 [ 2308.288916][T17008] R13: 00007fff7b0a9f10 R14: 0000000000000000 R15: 00007fff7b0a9f20 [ 2308.308972][T17008] memory: usage 700kB, limit 0kB, failcnt 764 [ 2308.315994][T17008] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2308.323338][T17008] Memory cgroup stats for /syz2: [ 2308.323442][T17008] anon 57344 [ 2308.323442][T17008] file 12288 [ 2308.323442][T17008] kernel_stack 0 [ 2308.323442][T17008] slab 516096 [ 2308.323442][T17008] sock 0 [ 2308.323442][T17008] shmem 0 [ 2308.323442][T17008] file_mapped 0 [ 2308.323442][T17008] file_dirty 0 [ 2308.323442][T17008] file_writeback 0 [ 2308.323442][T17008] anon_thp 0 [ 2308.323442][T17008] inactive_anon 0 [ 2308.323442][T17008] active_anon 0 [ 2308.323442][T17008] inactive_file 0 [ 2308.323442][T17008] active_file 0 [ 2308.323442][T17008] unevictable 0 [ 2308.323442][T17008] slab_reclaimable 135168 [ 2308.323442][T17008] slab_unreclaimable 380928 [ 2308.323442][T17008] pgfault 14784 [ 2308.323442][T17008] pgmajfault 0 [ 2308.323442][T17008] workingset_refault 0 [ 2308.323442][T17008] workingset_activate 0 [ 2308.323442][T17008] workingset_nodereclaim 0 [ 2308.323442][T17008] pgrefill 0 [ 2308.323442][T17008] pgscan 0 [ 2308.323442][T17008] pgsteal 0 [ 2308.323442][T17008] pgactivate 0 [ 2308.323442][T17008] pgdeactivate 0 [ 2308.421903][T17008] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17008,uid=0 [ 2308.437558][T17008] Memory cgroup out of memory: Killed process 17008 (syz-executor.2) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2308.456421][ T1054] oom_reaper: reaped process 17008 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2308.468459][T17009] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2308.478758][T17009] CPU: 1 PID: 17009 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2308.486649][T17009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2308.486659][T17009] Call Trace: [ 2308.499998][T17009] dump_stack+0x172/0x1f0 [ 2308.504332][T17009] dump_header+0x10b/0x82d [ 2308.508743][T17009] ? oom_kill_process+0x94/0x3f0 [ 2308.513671][T17009] oom_kill_process.cold+0x10/0x15 [ 2308.518784][T17009] out_of_memory+0x334/0x1340 [ 2308.518800][T17009] ? lock_downgrade+0x920/0x920 [ 2308.518819][T17009] ? oom_killer_disable+0x280/0x280 [ 2308.518846][T17009] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2308.539052][T17009] ? memcg_stat_show+0xc40/0xc40 [ 2308.544557][T17009] ? do_raw_spin_unlock+0x57/0x270 [ 2308.549690][T17009] ? _raw_spin_unlock+0x2d/0x50 [ 2308.549710][T17009] try_charge+0xf4b/0x1440 [ 2308.549733][T17009] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2308.549745][T17009] ? percpu_ref_tryget_live+0x111/0x290 [ 2308.549763][T17009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2308.549786][T17009] ? __kasan_check_read+0x11/0x20 [ 2308.559050][T17009] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2308.559071][T17009] mem_cgroup_try_charge+0x136/0x590 [ 2308.559088][T17009] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2308.559105][T17009] wp_page_copy+0x407/0x1860 [ 2308.559125][T17009] ? find_held_lock+0x35/0x130 [ 2308.586954][T17009] ? do_wp_page+0x53b/0x15c0 [ 2308.597840][T17009] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2308.617516][T17009] ? lock_downgrade+0x920/0x920 [ 2308.622361][T17009] ? swp_swapcount+0x540/0x540 [ 2308.622376][T17009] ? __kasan_check_read+0x11/0x20 [ 2308.622387][T17009] ? do_raw_spin_unlock+0x57/0x270 [ 2308.622406][T17009] do_wp_page+0x543/0x15c0 [ 2308.622426][T17009] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2308.632191][T17009] __handle_mm_fault+0x23ec/0x4040 [ 2308.632211][T17009] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2308.632224][T17009] ? handle_mm_fault+0x292/0xaa0 [ 2308.632252][T17009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2308.641745][T17009] ? __kasan_check_read+0x11/0x20 [ 2308.641764][T17009] handle_mm_fault+0x3b7/0xaa0 [ 2308.641786][T17009] __do_page_fault+0x536/0xdd0 [ 2308.652229][T17009] do_page_fault+0x38/0x590 [ 2308.652248][T17009] page_fault+0x39/0x40 [ 2308.652258][T17009] RIP: 0033:0x430b36 [ 2308.652275][T17009] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2308.662717][T17009] RSP: 002b:00007ffd65ad0480 EFLAGS: 00010206 [ 2308.722078][T17009] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2308.730191][T17009] RDX: 0000000001287930 RSI: 000000000128f970 RDI: 0000000000000003 [ 2308.738160][T17009] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001286940 [ 2308.746169][T17009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2308.754319][T17009] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2308.772788][T17009] memory: usage 25160kB, limit 0kB, failcnt 83 [ 2308.787933][T17009] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2308.808913][T17009] Memory cgroup stats for /syz1: [ 2308.809050][T17009] anon 0 [ 2308.809050][T17009] file 4096 [ 2308.809050][T17009] kernel_stack 0 [ 2308.809050][T17009] slab 25554944 [ 2308.809050][T17009] sock 0 [ 2308.809050][T17009] shmem 0 [ 2308.809050][T17009] file_mapped 0 [ 2308.809050][T17009] file_dirty 0 [ 2308.809050][T17009] file_writeback 0 [ 2308.809050][T17009] anon_thp 0 [ 2308.809050][T17009] inactive_anon 0 [ 2308.809050][T17009] active_anon 0 [ 2308.809050][T17009] inactive_file 135168 [ 2308.809050][T17009] active_file 0 [ 2308.809050][T17009] unevictable 0 [ 2308.809050][T17009] slab_reclaimable 24870912 [ 2308.809050][T17009] slab_unreclaimable 684032 [ 2308.809050][T17009] pgfault 37455 [ 2308.809050][T17009] pgmajfault 0 [ 2308.809050][T17009] workingset_refault 0 [ 2308.809050][T17009] workingset_activate 0 [ 2308.809050][T17009] workingset_nodereclaim 0 [ 2308.809050][T17009] pgrefill 135 [ 2308.809050][T17009] pgscan 133 [ 2308.809050][T17009] pgsteal 0 [ 2308.809050][T17009] pgactivate 99 [ 2308.906092][T17009] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17009,uid=0 [ 2308.922212][T17009] Memory cgroup out of memory: Killed process 17009 (syz-executor.1) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2308.941496][ T1054] oom_reaper: reaped process 17009 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 04:54:24 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x2040) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x0, 0x300) socket$kcm(0x10, 0x400800000000000, 0x10) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = socket$kcm(0xa, 0x3, 0x11) sendmsg$kcm(r0, &(0x7f00000027c0)={&(0x7f0000002200)=@nl=@unspec={0x2001001000000000}, 0x80, 0x0}, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f00000003c0)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0xfdf3) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1e2}, 0x22) recvmsg(r0, &(0x7f00000016c0)={0x0, 0x0, 0x0}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) recvmsg$kcm(r2, &(0x7f0000005e80)={&(0x7f0000005ac0)=@hci={0x1f, 0x0}, 0x80, &(0x7f0000005dc0)=[{&(0x7f0000005b40)=""/120, 0x78}, {&(0x7f0000005bc0)=""/164, 0xa4}, {&(0x7f0000005c80)=""/100, 0x64}, {&(0x7f0000005d00)=""/53, 0x35}, {&(0x7f0000005d40)=""/76, 0x4c}], 0x5, &(0x7f0000005e40)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, [], r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$kcm(0xa, 0x1, 0x0) close(0xffffffffffffffff) sendmsg$kcm(r5, &(0x7f0000001900)={0x0, 0xfffffffffffffdb4, 0x0, 0x5b, 0x0, 0xfffffffffffffdf0}, 0x4000000) close(0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f0000000400)) recvmsg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0xff, 0x0, 0x0, 0x0, 0x1fd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0xfffffff5) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) write$cgroup_pid(r6, &(0x7f0000000100), 0xda4fff08) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x660c, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0xfffffff5) ioctl$SIOCSIFHWADDR(r7, 0x8924, 0x0) write$cgroup_pid(r7, &(0x7f0000000100), 0xda4fff08) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r7, 0x660c, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000040)={'erspan0\x00', @dev={[], 0x2b}}) 04:54:24 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x2040) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x0, 0x300) socket$kcm(0x10, 0x400800000000000, 0x10) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = socket$kcm(0xa, 0x3, 0x11) sendmsg$kcm(r0, &(0x7f00000027c0)={&(0x7f0000002200)=@nl=@unspec={0x2001001000000000}, 0x80, 0x0}, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f00000003c0)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0xfdf3) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1e2}, 0x22) recvmsg(r0, &(0x7f00000016c0)={0x0, 0x0, 0x0}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) recvmsg$kcm(r2, &(0x7f0000005e80)={&(0x7f0000005ac0)=@hci={0x1f, 0x0}, 0x80, &(0x7f0000005dc0)=[{&(0x7f0000005b40)=""/120, 0x78}, {&(0x7f0000005bc0)=""/164, 0xa4}, {&(0x7f0000005c80)=""/100, 0x64}, {&(0x7f0000005d00)=""/53, 0x35}, {&(0x7f0000005d40)=""/76, 0x4c}], 0x5, &(0x7f0000005e40)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, [], r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$kcm(0xa, 0x1, 0x0) close(0xffffffffffffffff) sendmsg$kcm(r5, &(0x7f0000001900)={0x0, 0xfffffffffffffdb4, 0x0, 0x5b, 0x0, 0xfffffffffffffdf0}, 0x4000000) close(0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f0000000400)) recvmsg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0xff, 0x0, 0x0, 0x0, 0x1fd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0xfffffff5) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) write$cgroup_pid(r6, &(0x7f0000000100), 0xda4fff08) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x660c, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0xfffffff5) ioctl$SIOCSIFHWADDR(r7, 0x8924, 0x0) write$cgroup_pid(r7, &(0x7f0000000100), 0xda4fff08) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r7, 0x660c, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000040)={'erspan0\x00', @dev={[], 0x2b}}) 04:54:25 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0x0, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 04:54:25 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:25 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x0, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:25 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2310.404911][T17065] chnl_net:caif_netlink_parms(): no params data found [ 2310.556678][T17065] bridge0: port 1(bridge_slave_0) entered blocking state [ 2310.565235][T17065] bridge0: port 1(bridge_slave_0) entered disabled state [ 2310.580156][T17065] device bridge_slave_0 entered promiscuous mode [ 2310.602795][T17065] bridge0: port 2(bridge_slave_1) entered blocking state [ 2310.619140][T17065] bridge0: port 2(bridge_slave_1) entered disabled state [ 2310.650203][T17065] device bridge_slave_1 entered promiscuous mode [ 2310.715113][T17065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2310.728242][T17065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2310.795830][T17065] team0: Port device team_slave_0 added [ 2310.804483][T17065] team0: Port device team_slave_1 added [ 2310.813855][T17068] IPVS: ftp: loaded support on port[0] = 21 [ 2310.892821][T17065] device hsr_slave_0 entered promiscuous mode [ 2310.931079][T17065] device hsr_slave_1 entered promiscuous mode [ 2310.969059][T17065] debugfs: Directory 'hsr0' with parent '/' already present! [ 2311.157534][T17065] bridge0: port 2(bridge_slave_1) entered blocking state [ 2311.164725][T17065] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2311.172176][T17065] bridge0: port 1(bridge_slave_0) entered blocking state [ 2311.179297][T17065] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2311.196163][T11159] bridge0: port 1(bridge_slave_0) entered disabled state [ 2311.205872][T11159] bridge0: port 2(bridge_slave_1) entered disabled state [ 2311.554975][T17068] chnl_net:caif_netlink_parms(): no params data found [ 2311.586734][T17065] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2311.619595][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2311.627865][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2311.708365][T17065] 8021q: adding VLAN 0 to HW filter on device team0 [ 2311.723723][T17068] bridge0: port 1(bridge_slave_0) entered blocking state [ 2311.732842][T17068] bridge0: port 1(bridge_slave_0) entered disabled state [ 2311.741919][T17068] device bridge_slave_0 entered promiscuous mode [ 2311.836654][T17068] bridge0: port 2(bridge_slave_1) entered blocking state [ 2311.844356][T17068] bridge0: port 2(bridge_slave_1) entered disabled state [ 2311.853656][T17068] device bridge_slave_1 entered promiscuous mode [ 2311.862771][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2311.873069][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2311.882305][ T2871] bridge0: port 1(bridge_slave_0) entered blocking state [ 2311.889444][ T2871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2311.920388][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2311.930360][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2311.939574][T16569] bridge0: port 2(bridge_slave_1) entered blocking state [ 2311.946640][T16569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2311.957662][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2312.019818][T17068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2312.031426][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2312.043572][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2312.053406][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2312.071985][T17068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2312.147349][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2312.158240][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2312.168135][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2312.234424][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2312.246658][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2312.256256][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2312.266715][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2312.292102][T17068] team0: Port device team_slave_0 added [ 2312.348287][T17068] team0: Port device team_slave_1 added [ 2312.358169][T17065] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2312.593676][T17068] device hsr_slave_0 entered promiscuous mode [ 2312.649971][T17068] device hsr_slave_1 entered promiscuous mode [ 2312.690752][T17068] debugfs: Directory 'hsr0' with parent '/' already present! [ 2312.771321][T17065] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2312.968200][T17068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2312.991057][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2313.010718][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2313.075267][T17068] 8021q: adding VLAN 0 to HW filter on device team0 [ 2313.094518][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2313.104085][T17076] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2313.125125][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2313.134116][T10564] bridge0: port 1(bridge_slave_0) entered blocking state [ 2313.141513][T10564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2313.212071][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2313.220704][T17077] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2313.231874][T17077] CPU: 0 PID: 17077 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2313.239791][T17077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2313.249879][T17077] Call Trace: [ 2313.251279][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2313.253183][T17077] dump_stack+0x172/0x1f0 [ 2313.263144][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2313.265564][T17077] dump_header+0x10b/0x82d [ 2313.278279][T17077] oom_kill_process.cold+0x10/0x15 [ 2313.283396][T17077] out_of_memory+0x334/0x1340 [ 2313.288078][T17077] ? __sched_text_start+0x8/0x8 [ 2313.289638][T11102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2313.292931][T17077] ? oom_killer_disable+0x280/0x280 [ 2313.300006][T11102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2313.305120][T17077] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2313.318100][T17077] ? memcg_stat_show+0xc40/0xc40 [ 2313.323314][T17077] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2313.329135][T17077] ? cgroup_file_notify+0x140/0x1b0 [ 2313.334346][T17077] memory_max_write+0x262/0x3a0 [ 2313.339217][T17077] ? mem_cgroup_write+0x370/0x370 [ 2313.339739][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2313.344242][T17077] ? lock_acquire+0x190/0x410 [ 2313.356780][T17077] ? kernfs_fop_write+0x227/0x480 [ 2313.361815][T17077] cgroup_file_write+0x241/0x790 [ 2313.366759][T17077] ? mem_cgroup_write+0x370/0x370 [ 2313.371802][T17077] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2313.377462][T17077] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2313.380893][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2313.383101][T17077] kernfs_fop_write+0x2b8/0x480 [ 2313.395826][T17077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2313.400389][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2313.402073][T17077] __vfs_write+0x8a/0x110 [ 2313.414357][T17077] ? kernfs_fop_open+0xd80/0xd80 [ 2313.419298][T17077] vfs_write+0x268/0x5d0 [ 2313.420231][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2313.423542][T17077] ksys_write+0x14f/0x290 [ 2313.435642][T17077] ? __ia32_sys_read+0xb0/0xb0 [ 2313.440496][T17077] ? do_syscall_64+0x26/0x760 [ 2313.445169][T17077] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2313.451237][T17077] ? do_syscall_64+0x26/0x760 [ 2313.456612][T17077] __x64_sys_write+0x73/0xb0 [ 2313.460558][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2313.461214][T17077] do_syscall_64+0xfa/0x760 [ 2313.472028][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2313.472883][T17077] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2313.486625][T17077] RIP: 0033:0x459a59 [ 2313.490524][T17077] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2313.500331][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2313.510127][T17077] RSP: 002b:00007f81aa53ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2313.510142][T17077] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2313.510149][T17077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2313.510156][T17077] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2313.510163][T17077] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81aa53f6d4 [ 2313.510169][T17077] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2313.529356][T17077] memory: usage 3280kB, limit 0kB, failcnt 837 [ 2313.570309][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2313.573402][T17077] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2313.588442][T17077] Memory cgroup stats for /syz0: [ 2313.588558][T17077] anon 2154496 [ 2313.588558][T17077] file 0 [ 2313.588558][T17077] kernel_stack 65536 [ 2313.588558][T17077] slab 843776 [ 2313.588558][T17077] sock 0 [ 2313.588558][T17077] shmem 0 [ 2313.588558][T17077] file_mapped 0 [ 2313.588558][T17077] file_dirty 0 [ 2313.588558][T17077] file_writeback 0 [ 2313.588558][T17077] anon_thp 2097152 [ 2313.588558][T17077] inactive_anon 0 [ 2313.588558][T17077] active_anon 2154496 [ 2313.588558][T17077] inactive_file 135168 [ 2313.588558][T17077] active_file 0 [ 2313.588558][T17077] unevictable 0 [ 2313.588558][T17077] slab_reclaimable 135168 [ 2313.588558][T17077] slab_unreclaimable 708608 [ 2313.588558][T17077] pgfault 14751 [ 2313.588558][T17077] pgmajfault 0 [ 2313.588558][T17077] workingset_refault 0 [ 2313.588558][T17077] workingset_activate 0 [ 2313.588558][T17077] workingset_nodereclaim 0 [ 2313.588558][T17077] pgrefill 0 [ 2313.588558][T17077] pgscan 0 [ 2313.588558][T17077] pgsteal 0 [ 2313.588558][T17077] pgactivate 0 [ 2313.590608][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2313.598289][T17077] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17075,uid=0 [ 2313.697695][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2313.716845][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2313.727263][T17077] Memory cgroup out of memory: Killed process 17075 (syz-executor.0) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2313.751317][T17068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 04:54:28 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x0, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:28 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0x0, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 04:54:28 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x0, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:28 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:28 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x0, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2313.783809][ T1054] oom_reaper: reaped process 17075 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 2313.859004][T17068] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2313.867573][T17065] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2313.890576][T17065] CPU: 1 PID: 17065 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2313.898524][T17065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2313.908706][T17065] Call Trace: [ 2313.912017][T17065] dump_stack+0x172/0x1f0 [ 2313.916362][T17065] dump_header+0x10b/0x82d [ 2313.920788][T17065] ? oom_kill_process+0x94/0x3f0 [ 2313.925745][T17065] oom_kill_process.cold+0x10/0x15 [ 2313.930873][T17065] out_of_memory+0x334/0x1340 [ 2313.935563][T17065] ? lock_downgrade+0x920/0x920 [ 2313.940437][T17065] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2313.946249][T17065] ? oom_killer_disable+0x280/0x280 [ 2313.951468][T17065] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2313.957022][T17065] ? memcg_stat_show+0xc40/0xc40 [ 2313.961969][T17065] ? do_raw_spin_unlock+0x57/0x270 [ 2313.967087][T17065] ? _raw_spin_unlock+0x2d/0x50 [ 2313.971948][T17065] try_charge+0xf4b/0x1440 [ 2313.976374][T17065] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2313.981921][T17065] ? percpu_ref_tryget_live+0x111/0x290 [ 2313.987484][T17065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2313.993736][T17065] ? __kasan_check_read+0x11/0x20 [ 2313.998776][T17065] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2314.004340][T17065] mem_cgroup_try_charge+0x136/0x590 [ 2314.009654][T17065] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2314.015319][T17065] wp_page_copy+0x407/0x1860 [ 2314.019926][T17065] ? find_held_lock+0x35/0x130 [ 2314.024698][T17065] ? do_wp_page+0x53b/0x15c0 [ 2314.029298][T17065] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2314.035116][T17065] ? lock_downgrade+0x920/0x920 [ 2314.039977][T17065] ? swp_swapcount+0x540/0x540 [ 2314.044755][T17065] ? __kasan_check_read+0x11/0x20 [ 2314.049786][T17065] ? do_raw_spin_unlock+0x57/0x270 [ 2314.054913][T17065] do_wp_page+0x543/0x15c0 [ 2314.059348][T17065] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2314.064733][T17065] __handle_mm_fault+0x23ec/0x4040 [ 2314.069866][T17065] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2314.075422][T17065] ? handle_mm_fault+0x292/0xaa0 [ 2314.080383][T17065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2314.086812][T17065] ? __kasan_check_read+0x11/0x20 [ 2314.091848][T17065] handle_mm_fault+0x3b7/0xaa0 [ 2314.096623][T17065] __do_page_fault+0x536/0xdd0 [ 2314.101434][T17065] do_page_fault+0x38/0x590 [ 2314.105954][T17065] page_fault+0x39/0x40 [ 2314.110110][T17065] RIP: 0033:0x430b36 [ 2314.114029][T17065] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2314.136597][T17065] RSP: 002b:00007fffc98c66d0 EFLAGS: 00010206 [ 2314.142791][T17065] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2314.150802][T17065] RDX: 00000000015e5930 RSI: 00000000015ed970 RDI: 0000000000000003 [ 2314.158791][T17065] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000015e4940 [ 2314.166787][T17065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2314.174786][T17065] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2314.204481][T17065] memory: usage 908kB, limit 0kB, failcnt 845 [ 2314.211598][T17065] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2314.218594][T17065] Memory cgroup stats for /syz0: [ 2314.218721][T17065] anon 36864 [ 2314.218721][T17065] file 0 [ 2314.218721][T17065] kernel_stack 0 [ 2314.218721][T17065] slab 843776 [ 2314.218721][T17065] sock 0 [ 2314.218721][T17065] shmem 0 [ 2314.218721][T17065] file_mapped 0 [ 2314.218721][T17065] file_dirty 0 [ 2314.218721][T17065] file_writeback 0 [ 2314.218721][T17065] anon_thp 0 [ 2314.218721][T17065] inactive_anon 0 [ 2314.218721][T17065] active_anon 36864 [ 2314.218721][T17065] inactive_file 135168 [ 2314.218721][T17065] active_file 0 [ 2314.218721][T17065] unevictable 0 [ 2314.218721][T17065] slab_reclaimable 135168 [ 2314.218721][T17065] slab_unreclaimable 708608 [ 2314.218721][T17065] pgfault 14751 [ 2314.218721][T17065] pgmajfault 0 [ 2314.218721][T17065] workingset_refault 0 [ 2314.218721][T17065] workingset_activate 0 [ 2314.218721][T17065] workingset_nodereclaim 0 [ 2314.218721][T17065] pgrefill 0 [ 2314.218721][T17065] pgscan 0 [ 2314.218721][T17065] pgsteal 0 [ 2314.218721][T17065] pgactivate 0 [ 2314.218721][T17065] pgdeactivate 0 [ 2314.317483][T17065] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17065,uid=0 [ 2314.334416][T17065] Memory cgroup out of memory: Killed process 17065 (syz-executor.0) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2314.353473][ T1054] oom_reaper: reaped process 17065 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 04:54:29 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2314.821730][T17084] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. 04:54:29 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2315.583979][T17089] IPVS: ftp: loaded support on port[0] = 21 [ 2315.732357][T17094] IPVS: ftp: loaded support on port[0] = 21 [ 2315.733680][T17093] IPVS: ftp: loaded support on port[0] = 21 [ 2315.777014][T17095] IPVS: ftp: loaded support on port[0] = 21 04:54:30 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2316.006460][T17098] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2316.179832][T17098] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2316.190665][T17098] CPU: 1 PID: 17098 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2316.198581][T17098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2316.208658][T17098] Call Trace: [ 2316.211947][T17098] dump_stack+0x172/0x1f0 [ 2316.216295][T17098] dump_header+0x10b/0x82d [ 2316.220706][T17098] oom_kill_process.cold+0x10/0x15 [ 2316.220721][T17098] out_of_memory+0x334/0x1340 [ 2316.220742][T17098] ? __sched_text_start+0x8/0x8 [ 2316.220758][T17098] ? oom_killer_disable+0x280/0x280 [ 2316.220782][T17098] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2316.220799][T17098] ? memcg_stat_show+0xc40/0xc40 [ 2316.240587][T17098] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2316.251025][T17098] ? cgroup_file_notify+0x140/0x1b0 [ 2316.251045][T17098] memory_max_write+0x262/0x3a0 [ 2316.251064][T17098] ? mem_cgroup_write+0x370/0x370 [ 2316.251087][T17098] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2316.271893][T17098] cgroup_file_write+0x241/0x790 [ 2316.282258][T17098] ? mem_cgroup_write+0x370/0x370 [ 2316.282274][T17098] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2316.282295][T17098] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2316.282319][T17098] kernfs_fop_write+0x2b8/0x480 [ 2316.298838][T17098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2316.298861][T17098] __vfs_write+0x8a/0x110 [ 2316.298884][T17098] ? kernfs_fop_open+0xd80/0xd80 [ 2316.310721][T17098] vfs_write+0x268/0x5d0 [ 2316.310741][T17098] ksys_write+0x14f/0x290 [ 2316.310755][T17098] ? __ia32_sys_read+0xb0/0xb0 [ 2316.310774][T17098] ? do_syscall_64+0x26/0x760 [ 2316.319997][T17098] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2316.320013][T17098] ? do_syscall_64+0x26/0x760 [ 2316.320031][T17098] __x64_sys_write+0x73/0xb0 [ 2316.320049][T17098] do_syscall_64+0xfa/0x760 [ 2316.328582][T17098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2316.337969][T17098] RIP: 0033:0x459a59 [ 2316.337988][T17098] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2316.348694][T17098] RSP: 002b:00007f9fc9d8ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2316.348710][T17098] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2316.348723][T17098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2316.357770][T17098] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2316.357779][T17098] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9fc9d8f6d4 [ 2316.357788][T17098] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2316.409132][T17098] memory: usage 6352kB, limit 0kB, failcnt 1484 [ 2316.479461][T17098] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2316.499175][T17098] Memory cgroup stats for /syz3: [ 2316.550218][T17098] anon 2166784 [ 2316.550218][T17098] file 0 [ 2316.550218][T17098] kernel_stack 131072 [ 2316.550218][T17098] slab 3796992 [ 2316.550218][T17098] sock 0 [ 2316.550218][T17098] shmem 0 [ 2316.550218][T17098] file_mapped 0 [ 2316.550218][T17098] file_dirty 0 [ 2316.550218][T17098] file_writeback 0 [ 2316.550218][T17098] anon_thp 2097152 [ 2316.550218][T17098] inactive_anon 0 [ 2316.550218][T17098] active_anon 2166784 [ 2316.550218][T17098] inactive_file 28672 [ 2316.550218][T17098] active_file 0 [ 2316.550218][T17098] unevictable 0 [ 2316.550218][T17098] slab_reclaimable 2838528 [ 2316.550218][T17098] slab_unreclaimable 958464 [ 2316.550218][T17098] pgfault 13101 [ 2316.550218][T17098] pgmajfault 0 [ 2316.550218][T17098] workingset_refault 0 [ 2316.550218][T17098] workingset_activate 0 [ 2316.550218][T17098] workingset_nodereclaim 0 [ 2316.550218][T17098] pgrefill 496 [ 2316.550218][T17098] pgscan 4606 [ 2316.550218][T17098] pgsteal 4107 [ 2316.550218][T17098] pgactivate 462 [ 2316.657839][T17098] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 2316.657907][T17098] ,cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17097,uid=0 [ 2316.677133][T17098] Memory cgroup out of memory: Killed process 17097 (syz-executor.3) total-vm:72708kB, anon-rss:2196kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:54:31 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2316.709845][ T1054] oom_reaper: reaped process 17097 (syz-executor.3), now anon-rss:0kB, file-rss:34904kB, shmem-rss:0kB [ 2316.723238][T17089] chnl_net:caif_netlink_parms(): no params data found [ 2316.744953][T17068] syz-executor.3 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2316.757947][T17068] CPU: 1 PID: 17068 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2316.765850][T17068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2316.775907][T17068] Call Trace: [ 2316.779204][T17068] dump_stack+0x172/0x1f0 [ 2316.783672][T17068] dump_header+0x10b/0x82d [ 2316.788202][T17068] ? oom_kill_process+0x94/0x3f0 [ 2316.793161][T17068] oom_kill_process.cold+0x10/0x15 [ 2316.798280][T17068] out_of_memory+0x334/0x1340 [ 2316.802959][T17068] ? lock_downgrade+0x920/0x920 [ 2316.807810][T17068] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2316.813599][T17068] ? oom_killer_disable+0x280/0x280 [ 2316.818794][T17068] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2316.824323][T17068] ? memcg_stat_show+0xc40/0xc40 [ 2316.829245][T17068] ? do_raw_spin_unlock+0x57/0x270 [ 2316.834334][T17068] ? _raw_spin_unlock+0x2d/0x50 [ 2316.839176][T17068] try_charge+0xf4b/0x1440 [ 2316.844094][T17068] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2316.849614][T17068] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2316.855137][T17068] ? cache_grow_begin+0x122/0xd20 [ 2316.860140][T17068] ? find_held_lock+0x35/0x130 [ 2316.864891][T17068] ? cache_grow_begin+0x122/0xd20 [ 2316.869897][T17068] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2316.875418][T17068] ? lock_downgrade+0x920/0x920 [ 2316.880243][T17068] ? memcg_kmem_put_cache+0x50/0x50 [ 2316.885427][T17068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2316.891645][T17068] ? __kasan_check_read+0x11/0x20 [ 2316.897171][T17068] cache_grow_begin+0x629/0xd20 [ 2316.902018][T17068] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 2316.907740][T17068] ? mempolicy_slab_node+0x139/0x390 [ 2316.913017][T17068] fallback_alloc+0x1fd/0x2d0 [ 2316.917691][T17068] ____cache_alloc_node+0x1bc/0x1d0 [ 2316.922958][T17068] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2316.930395][T17068] kmem_cache_alloc+0x1ef/0x710 [ 2316.935402][T17068] ? lock_downgrade+0x920/0x920 [ 2316.940282][T17068] ? rwlock_bug.part.0+0x90/0x90 [ 2316.945230][T17068] ? ratelimit_state_init+0xb0/0xb0 [ 2316.950442][T17068] ext4_alloc_inode+0x1f/0x640 [ 2316.955217][T17068] ? ratelimit_state_init+0xb0/0xb0 [ 2316.960397][T17068] alloc_inode+0x68/0x1e0 [ 2316.964719][T17068] iget_locked+0x1a6/0x4b0 [ 2316.969119][T17068] __ext4_iget+0x265/0x3e20 [ 2316.973621][T17068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2316.979854][T17068] ? ext4_get_projid+0x190/0x190 [ 2316.984774][T17068] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2316.990319][T17068] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2316.996367][T17068] ? d_alloc_parallel+0xa78/0x1c30 [ 2317.001465][T17068] ext4_lookup+0x3b1/0x7a0 [ 2317.005860][T17068] ? ext4_cross_rename+0x1430/0x1430 [ 2317.011127][T17068] ? __lock_acquire+0x16f2/0x4a00 [ 2317.016130][T17068] ? __kasan_check_read+0x11/0x20 [ 2317.021137][T17068] ? lockdep_init_map+0x1be/0x6d0 [ 2317.026154][T17068] __lookup_slow+0x279/0x500 [ 2317.030724][T17068] ? vfs_unlink+0x620/0x620 [ 2317.035218][T17068] lookup_slow+0x58/0x80 [ 2317.039440][T17068] path_mountpoint+0x5d2/0x1e60 [ 2317.044291][T17068] ? __kasan_check_read+0x11/0x20 [ 2317.050006][T17068] ? __lock_acquire+0x16f2/0x4a00 [ 2317.055033][T17068] ? path_openat+0x46d0/0x46d0 [ 2317.059795][T17068] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2317.065427][T17068] ? find_held_lock+0x35/0x130 [ 2317.070195][T17068] filename_mountpoint+0x18e/0x390 [ 2317.075291][T17068] ? filename_parentat.isra.0+0x410/0x410 [ 2317.080995][T17068] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2317.087144][T17068] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2317.093559][T17068] ? __phys_addr_symbol+0x30/0x70 [ 2317.098579][T17068] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2317.104301][T17068] ? __check_object_size+0x3d/0x437 [ 2317.109491][T17068] ? strncpy_from_user+0x2b4/0x400 [ 2317.114588][T17068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2317.120810][T17068] ? getname_flags+0x277/0x5b0 [ 2317.125560][T17068] user_path_mountpoint_at+0x3a/0x50 [ 2317.130833][T17068] ksys_umount+0x164/0xf00 [ 2317.135249][T17068] ? down_read_non_owner+0x490/0x490 [ 2317.140519][T17068] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2317.146743][T17068] ? __detach_mounts+0x2a0/0x2a0 [ 2317.151692][T17068] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2317.157221][T17068] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2317.162688][T17068] ? do_syscall_64+0x26/0x760 [ 2317.167376][T17068] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2317.173502][T17068] ? do_syscall_64+0x26/0x760 [ 2317.178186][T17068] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2317.183473][T17068] __x64_sys_umount+0x54/0x80 [ 2317.188166][T17068] do_syscall_64+0xfa/0x760 [ 2317.192751][T17068] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2317.198621][T17068] RIP: 0033:0x45c487 [ 2317.202524][T17068] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2317.225176][T17068] RSP: 002b:00007fff2025e478 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2317.233576][T17068] RAX: ffffffffffffffda RBX: 0000000000235747 RCX: 000000000045c487 [ 2317.241660][T17068] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007fff2025e520 [ 2317.249621][T17068] RBP: 0000000000000007 R08: 0000000000000000 R09: 000000000000000e [ 2317.257748][T17068] R10: 000000000000000a R11: 0000000000000202 R12: 00007fff2025f5b0 [ 2317.265710][T17068] R13: 000000000137a940 R14: 0000000000000000 R15: 00007fff2025f5b0 [ 2317.283761][T17068] memory: usage 3748kB, limit 0kB, failcnt 1500 [ 2317.290548][T17068] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2317.297387][T17068] Memory cgroup stats for /syz3: [ 2317.297488][T17068] anon 61440 [ 2317.297488][T17068] file 0 [ 2317.297488][T17068] kernel_stack 65536 [ 2317.297488][T17068] slab 3796992 [ 2317.297488][T17068] sock 0 [ 2317.297488][T17068] shmem 0 [ 2317.297488][T17068] file_mapped 0 [ 2317.297488][T17068] file_dirty 0 [ 2317.297488][T17068] file_writeback 0 [ 2317.297488][T17068] anon_thp 0 [ 2317.297488][T17068] inactive_anon 0 [ 2317.297488][T17068] active_anon 61440 [ 2317.297488][T17068] inactive_file 28672 [ 2317.297488][T17068] active_file 0 [ 2317.297488][T17068] unevictable 0 [ 2317.297488][T17068] slab_reclaimable 2838528 [ 2317.297488][T17068] slab_unreclaimable 958464 [ 2317.297488][T17068] pgfault 13134 [ 2317.297488][T17068] pgmajfault 0 [ 2317.297488][T17068] workingset_refault 0 [ 2317.297488][T17068] workingset_activate 0 [ 2317.297488][T17068] workingset_nodereclaim 0 [ 2317.297488][T17068] pgrefill 496 [ 2317.297488][T17068] pgscan 4606 [ 2317.297488][T17068] pgsteal 4107 [ 2317.297488][T17068] pgactivate 462 [ 2317.406113][T17068] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17068,uid=0 [ 2317.428960][T17068] Memory cgroup out of memory: Killed process 17068 (syz-executor.3) total-vm:72444kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2317.452997][T17102] IPVS: ftp: loaded support on port[0] = 21 [ 2317.464535][ T1054] oom_reaper: reaped process 17068 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 04:54:32 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:33 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2318.040969][T17093] chnl_net:caif_netlink_parms(): no params data found [ 2318.057318][T17094] chnl_net:caif_netlink_parms(): no params data found [ 2318.219203][T17089] bridge0: port 1(bridge_slave_0) entered blocking state [ 2318.236532][T17089] bridge0: port 1(bridge_slave_0) entered disabled state [ 2318.247944][T17089] device bridge_slave_0 entered promiscuous mode [ 2318.350191][T17089] bridge0: port 2(bridge_slave_1) entered blocking state [ 2318.357291][T17089] bridge0: port 2(bridge_slave_1) entered disabled state [ 2318.366169][T17089] device bridge_slave_1 entered promiscuous mode [ 2318.395377][T17095] chnl_net:caif_netlink_parms(): no params data found [ 2318.412985][T17094] bridge0: port 1(bridge_slave_0) entered blocking state [ 2318.422422][T17094] bridge0: port 1(bridge_slave_0) entered disabled state [ 2318.430987][T17094] device bridge_slave_0 entered promiscuous mode [ 2318.439550][T17093] bridge0: port 1(bridge_slave_0) entered blocking state [ 2318.446610][T17093] bridge0: port 1(bridge_slave_0) entered disabled state [ 2318.455452][T17093] device bridge_slave_0 entered promiscuous mode [ 2318.466384][T17093] bridge0: port 2(bridge_slave_1) entered blocking state [ 2318.474397][T17093] bridge0: port 2(bridge_slave_1) entered disabled state [ 2318.483228][T17093] device bridge_slave_1 entered promiscuous mode [ 2318.556339][T17094] bridge0: port 2(bridge_slave_1) entered blocking state [ 2318.564014][T17094] bridge0: port 2(bridge_slave_1) entered disabled state [ 2318.572742][T17094] device bridge_slave_1 entered promiscuous mode [ 2318.604890][T17089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2318.687137][T17089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2318.714223][T17094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2318.727007][T17094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2318.741094][T17093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2318.788514][T17093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2318.805533][T17095] bridge0: port 1(bridge_slave_0) entered blocking state [ 2318.813467][T17095] bridge0: port 1(bridge_slave_0) entered disabled state [ 2318.822619][T17095] device bridge_slave_0 entered promiscuous mode [ 2318.833138][T17089] team0: Port device team_slave_0 added [ 2318.919127][T17094] team0: Port device team_slave_0 added [ 2318.925230][T17095] bridge0: port 2(bridge_slave_1) entered blocking state [ 2318.933148][T17095] bridge0: port 2(bridge_slave_1) entered disabled state [ 2318.942574][T17095] device bridge_slave_1 entered promiscuous mode [ 2318.952058][T17089] team0: Port device team_slave_1 added [ 2318.983622][T17094] team0: Port device team_slave_1 added [ 2319.066534][T17093] team0: Port device team_slave_0 added [ 2319.106068][T17095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2319.181831][T17093] team0: Port device team_slave_1 added [ 2319.187948][T17102] chnl_net:caif_netlink_parms(): no params data found [ 2319.253398][T17089] device hsr_slave_0 entered promiscuous mode [ 2319.330464][T17089] device hsr_slave_1 entered promiscuous mode [ 2319.368996][T17089] debugfs: Directory 'hsr0' with parent '/' already present! [ 2319.379757][T17095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2319.472199][T17094] device hsr_slave_0 entered promiscuous mode [ 2319.510189][T17094] device hsr_slave_1 entered promiscuous mode [ 2319.529613][T17094] debugfs: Directory 'hsr0' with parent '/' already present! [ 2319.642811][T17093] device hsr_slave_0 entered promiscuous mode [ 2319.719909][T17093] device hsr_slave_1 entered promiscuous mode [ 2319.779019][T17093] debugfs: Directory 'hsr0' with parent '/' already present! [ 2319.939759][T17095] team0: Port device team_slave_0 added [ 2320.063846][T17102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2320.074635][T17108] IPVS: ftp: loaded support on port[0] = 21 [ 2320.078910][T17102] bridge0: port 1(bridge_slave_0) entered disabled state [ 2320.094959][T17102] device bridge_slave_0 entered promiscuous mode [ 2320.105849][T17102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2320.113634][T17102] bridge0: port 2(bridge_slave_1) entered disabled state [ 2320.122881][T17102] device bridge_slave_1 entered promiscuous mode [ 2320.141066][T17095] team0: Port device team_slave_1 added [ 2320.352575][T17095] device hsr_slave_0 entered promiscuous mode [ 2320.400083][T17095] device hsr_slave_1 entered promiscuous mode [ 2320.449084][T17095] debugfs: Directory 'hsr0' with parent '/' already present! [ 2320.470036][T17102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2320.562030][T17102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2320.682210][T17102] team0: Port device team_slave_0 added [ 2320.723060][T17102] team0: Port device team_slave_1 added [ 2321.102648][T17102] device hsr_slave_0 entered promiscuous mode [ 2321.179851][T17102] device hsr_slave_1 entered promiscuous mode [ 2321.239045][T17102] debugfs: Directory 'hsr0' with parent '/' already present! [ 2321.330307][T17108] chnl_net:caif_netlink_parms(): no params data found [ 2321.375510][T17093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2321.393743][T17094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2321.415349][T17089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2321.532066][T17095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2321.628232][T17093] 8021q: adding VLAN 0 to HW filter on device team0 [ 2321.652527][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2321.662117][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2321.670731][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2321.679575][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2321.687639][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2321.696449][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2321.713707][T17089] 8021q: adding VLAN 0 to HW filter on device team0 [ 2321.791541][T17094] 8021q: adding VLAN 0 to HW filter on device team0 [ 2321.827346][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2321.837161][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2321.847151][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2321.854268][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2321.869922][T17108] bridge0: port 1(bridge_slave_0) entered blocking state [ 2321.876995][T17108] bridge0: port 1(bridge_slave_0) entered disabled state [ 2321.886631][T17108] device bridge_slave_0 entered promiscuous mode [ 2321.910920][T17095] 8021q: adding VLAN 0 to HW filter on device team0 [ 2322.000333][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2322.016388][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2322.026299][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2322.035756][T11361] bridge0: port 2(bridge_slave_1) entered blocking state [ 2322.042862][T11361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2322.053371][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2322.062452][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2322.071374][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2322.078427][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2322.087143][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2322.096185][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2322.104743][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2322.129898][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2322.138416][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2322.145546][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2322.153951][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2322.163019][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2322.171578][T11361] bridge0: port 2(bridge_slave_1) entered blocking state [ 2322.178625][T11361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2322.200403][T17108] bridge0: port 2(bridge_slave_1) entered blocking state [ 2322.207827][T17108] bridge0: port 2(bridge_slave_1) entered disabled state [ 2322.219491][T17108] device bridge_slave_1 entered promiscuous mode [ 2322.275063][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2322.284751][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2322.293621][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2322.303017][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2322.312314][T11361] bridge0: port 2(bridge_slave_1) entered blocking state [ 2322.319425][T11361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2322.328474][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2322.338426][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2322.347978][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2322.357446][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2322.367022][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2322.376144][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2322.383245][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2322.391782][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2322.409828][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2322.418579][T11361] bridge0: port 2(bridge_slave_1) entered blocking state [ 2322.425674][T11361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2322.434425][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2322.444084][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2322.469845][T17102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2322.541736][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2322.552788][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2322.564301][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2322.573572][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2322.583294][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2322.592884][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2322.602255][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2322.611360][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2322.621056][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2322.630106][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2322.639534][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2322.659744][T17108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2322.726075][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2322.735806][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2322.744614][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2322.753282][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2322.762930][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2322.772759][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2322.781952][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2322.791491][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2322.801510][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2322.810602][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2322.822036][T17108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2322.856967][T17093] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2322.878698][T17093] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2322.895089][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2322.904833][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2322.914504][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2322.923565][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2322.933691][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2322.942674][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2322.954580][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2322.980292][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2322.990853][T17089] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2323.090118][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2323.098140][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2323.120194][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2323.129670][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2323.138295][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2323.147437][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2323.156588][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2323.176832][T17102] 8021q: adding VLAN 0 to HW filter on device team0 [ 2323.254635][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2323.263148][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2323.271570][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2323.282989][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2323.297478][T17108] team0: Port device team_slave_0 added [ 2323.307059][T17093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2323.317501][T17095] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2323.338400][T17089] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2323.384671][T17094] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2323.412899][T17094] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2323.433795][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2323.444583][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2323.454551][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2323.466415][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2323.475291][T10564] bridge0: port 1(bridge_slave_0) entered blocking state [ 2323.482401][T10564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2323.491921][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2323.501130][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2323.510382][T10564] bridge0: port 2(bridge_slave_1) entered blocking state [ 2323.517430][T10564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2323.527336][T17108] team0: Port device team_slave_1 added [ 2323.608237][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2323.617865][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2323.627652][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2323.740279][T17095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2323.791473][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2323.809416][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2323.812168][T17122] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2323.833368][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2323.840515][T17123] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2323.845411][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2323.883102][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2323.921917][T17126] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2323.932308][T17126] CPU: 0 PID: 17126 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2323.940210][T17126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2323.950298][T17126] Call Trace: [ 2323.953609][T17126] dump_stack+0x172/0x1f0 [ 2323.957948][T17126] dump_header+0x10b/0x82d [ 2323.962430][T17126] oom_kill_process.cold+0x10/0x15 [ 2323.967523][T17126] out_of_memory+0x334/0x1340 [ 2323.972202][T17126] ? __sched_text_start+0x8/0x8 [ 2323.977085][T17126] ? oom_killer_disable+0x280/0x280 [ 2323.982274][T17126] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2323.987816][T17126] ? memcg_stat_show+0xc40/0xc40 [ 2323.992745][T17126] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2323.998549][T17126] ? cgroup_file_notify+0x140/0x1b0 [ 2324.003751][T17126] memory_max_write+0x262/0x3a0 [ 2324.008674][T17126] ? mem_cgroup_write+0x370/0x370 [ 2324.013678][T17126] ? lock_acquire+0x190/0x410 [ 2324.018386][T17126] ? kernfs_fop_write+0x227/0x480 [ 2324.023405][T17126] cgroup_file_write+0x241/0x790 [ 2324.028323][T17126] ? mem_cgroup_write+0x370/0x370 [ 2324.033327][T17126] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2324.038952][T17126] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2324.044577][T17126] kernfs_fop_write+0x2b8/0x480 [ 2324.049441][T17126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2324.055679][T17126] __vfs_write+0x8a/0x110 [ 2324.059991][T17126] ? kernfs_fop_open+0xd80/0xd80 [ 2324.064916][T17126] vfs_write+0x268/0x5d0 [ 2324.069144][T17126] ksys_write+0x14f/0x290 [ 2324.073473][T17126] ? __ia32_sys_read+0xb0/0xb0 [ 2324.078219][T17126] ? do_syscall_64+0x26/0x760 [ 2324.082876][T17126] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2324.088934][T17126] ? do_syscall_64+0x26/0x760 [ 2324.093604][T17126] __x64_sys_write+0x73/0xb0 [ 2324.098174][T17126] do_syscall_64+0xfa/0x760 [ 2324.102662][T17126] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2324.108543][T17126] RIP: 0033:0x459a59 [ 2324.112420][T17126] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2324.132005][T17126] RSP: 002b:00007f7f9f876c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2324.140409][T17126] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2324.148360][T17126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2324.156311][T17126] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2324.164275][T17126] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f9f8776d4 [ 2324.172226][T17126] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2324.188899][T17126] memory: usage 3076kB, limit 0kB, failcnt 650 [ 2324.195090][T17126] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2324.202464][T17126] Memory cgroup stats for /syz5: [ 2324.202582][T17126] anon 2146304 [ 2324.202582][T17126] file 36864 [ 2324.202582][T17126] kernel_stack 65536 [ 2324.202582][T17126] slab 544768 [ 2324.202582][T17126] sock 0 [ 2324.202582][T17126] shmem 0 [ 2324.202582][T17126] file_mapped 0 [ 2324.202582][T17126] file_dirty 0 [ 2324.202582][T17126] file_writeback 0 [ 2324.202582][T17126] anon_thp 2097152 [ 2324.202582][T17126] inactive_anon 0 [ 2324.202582][T17126] active_anon 2207744 [ 2324.202582][T17126] inactive_file 0 [ 2324.202582][T17126] active_file 0 [ 2324.202582][T17126] unevictable 0 [ 2324.202582][T17126] slab_reclaimable 135168 [ 2324.202582][T17126] slab_unreclaimable 409600 [ 2324.202582][T17126] pgfault 8283 [ 2324.202582][T17126] pgmajfault 0 [ 2324.202582][T17126] workingset_refault 0 [ 2324.202582][T17126] workingset_activate 0 [ 2324.202582][T17126] workingset_nodereclaim 0 [ 2324.202582][T17126] pgrefill 200 [ 2324.202582][T17126] pgscan 362 [ 2324.202582][T17126] pgsteal 146 [ 2324.202582][T17126] pgactivate 198 [ 2324.299749][T17126] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17120,uid=0 [ 2324.315717][T17126] Memory cgroup out of memory: Killed process 17120 (syz-executor.5) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2324.334340][T17127] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2324.336445][ T1054] oom_reaper: reaped process 17120 (syz-executor.5), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 2324.345655][T17127] CPU: 0 PID: 17127 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2324.364246][T17127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2324.374291][T17127] Call Trace: [ 2324.374313][T17127] dump_stack+0x172/0x1f0 [ 2324.374333][T17127] dump_header+0x10b/0x82d [ 2324.374349][T17127] oom_kill_process.cold+0x10/0x15 [ 2324.374366][T17127] out_of_memory+0x334/0x1340 [ 2324.374386][T17127] ? oom_killer_disable+0x280/0x280 [ 2324.374409][T17127] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2324.374421][T17127] ? memcg_stat_show+0xc40/0xc40 [ 2324.374443][T17127] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2324.374459][T17127] ? cgroup_file_notify+0x140/0x1b0 [ 2324.374477][T17127] memory_max_write+0x262/0x3a0 [ 2324.374494][T17127] ? mem_cgroup_write+0x370/0x370 [ 2324.374507][T17127] ? lock_acquire+0x190/0x410 [ 2324.374521][T17127] ? kernfs_fop_write+0x227/0x480 [ 2324.374540][T17127] cgroup_file_write+0x241/0x790 [ 2324.374556][T17127] ? mem_cgroup_write+0x370/0x370 [ 2324.374570][T17127] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2324.374594][T17127] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2324.374610][T17127] kernfs_fop_write+0x2b8/0x480 [ 2324.374627][T17127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2324.374647][T17127] __vfs_write+0x8a/0x110 [ 2324.374658][T17127] ? kernfs_fop_open+0xd80/0xd80 [ 2324.374675][T17127] vfs_write+0x268/0x5d0 [ 2324.374692][T17127] ksys_write+0x14f/0x290 [ 2324.374714][T17127] ? __ia32_sys_read+0xb0/0xb0 [ 2324.374732][T17127] ? do_syscall_64+0x26/0x760 [ 2324.374745][T17127] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2324.374758][T17127] ? do_syscall_64+0x26/0x760 [ 2324.374775][T17127] __x64_sys_write+0x73/0xb0 [ 2324.374793][T17127] do_syscall_64+0xfa/0x760 [ 2324.391886][T17127] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2324.407238][T17127] RIP: 0033:0x459a59 [ 2324.407254][T17127] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2324.407261][T17127] RSP: 002b:00007f9d30579c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2324.427977][T17127] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 04:54:39 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x0, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2324.427987][T17127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2324.427995][T17127] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2324.428004][T17127] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d3057a6d4 [ 2324.428018][T17127] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2324.621852][T17094] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2324.639309][T17127] memory: usage 3136kB, limit 0kB, failcnt 960 [ 2324.659131][T17127] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2324.669325][T17127] Memory cgroup stats for /syz4: [ 2324.669433][T17127] anon 2043904 [ 2324.669433][T17127] file 163840 [ 2324.669433][T17127] kernel_stack 65536 [ 2324.669433][T17127] slab 692224 [ 2324.669433][T17127] sock 0 [ 2324.669433][T17127] shmem 0 [ 2324.669433][T17127] file_mapped 0 [ 2324.669433][T17127] file_dirty 135168 [ 2324.669433][T17127] file_writeback 0 [ 2324.669433][T17127] anon_thp 2097152 [ 2324.669433][T17127] inactive_anon 0 [ 2324.669433][T17127] active_anon 2043904 [ 2324.669433][T17127] inactive_file 135168 [ 2324.669433][T17127] active_file 0 [ 2324.669433][T17127] unevictable 0 [ 2324.669433][T17127] slab_reclaimable 270336 [ 2324.669433][T17127] slab_unreclaimable 421888 [ 2324.669433][T17127] pgfault 9009 [ 2324.669433][T17127] pgmajfault 0 [ 2324.669433][T17127] workingset_refault 0 [ 2324.669433][T17127] workingset_activate 0 [ 2324.669433][T17127] workingset_nodereclaim 0 [ 2324.669433][T17127] pgrefill 264 [ 2324.669433][T17127] pgscan 292 [ 2324.669433][T17127] pgsteal 59 [ 2324.669433][T17127] pgactivate 231 [ 2324.688880][T17127] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17121,uid=0 [ 2324.768643][T17108] device hsr_slave_0 entered promiscuous mode [ 2324.788519][T17127] Memory cgroup out of memory: Killed process 17122 (syz-executor.4) total-vm:72712kB, anon-rss:2192kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2324.809691][ T1054] oom_reaper: reaped process 17122 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2324.821024][T17089] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2324.831742][T17089] CPU: 1 PID: 17089 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2324.840247][T17089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2324.850294][T17089] Call Trace: [ 2324.853585][T17089] dump_stack+0x172/0x1f0 [ 2324.857918][T17089] dump_header+0x10b/0x82d [ 2324.862338][T17089] ? oom_kill_process+0x94/0x3f0 [ 2324.867275][T17089] oom_kill_process.cold+0x10/0x15 [ 2324.872386][T17089] out_of_memory+0x334/0x1340 [ 2324.877090][T17089] ? lock_downgrade+0x920/0x920 [ 2324.881938][T17089] ? oom_killer_disable+0x280/0x280 [ 2324.887130][T17089] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2324.892656][T17089] ? memcg_stat_show+0xc40/0xc40 [ 2324.897579][T17089] ? do_raw_spin_unlock+0x57/0x270 [ 2324.902686][T17089] ? _raw_spin_unlock+0x2d/0x50 [ 2324.907528][T17089] try_charge+0xf4b/0x1440 [ 2324.911933][T17089] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2324.917459][T17089] ? percpu_ref_tryget_live+0x111/0x290 [ 2324.922992][T17089] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2324.929222][T17089] ? __kasan_check_read+0x11/0x20 [ 2324.934237][T17089] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2324.939789][T17089] mem_cgroup_try_charge+0x136/0x590 [ 2324.945080][T17089] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2324.950695][T17089] __handle_mm_fault+0x1f0d/0x4040 [ 2324.955792][T17089] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2324.961323][T17089] ? handle_mm_fault+0x292/0xaa0 [ 2324.966258][T17089] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2324.972492][T17089] ? __kasan_check_read+0x11/0x20 [ 2324.977503][T17089] handle_mm_fault+0x3b7/0xaa0 [ 2324.982253][T17089] __do_page_fault+0x536/0xdd0 [ 2324.987020][T17089] do_page_fault+0x38/0x590 [ 2324.991515][T17089] page_fault+0x39/0x40 [ 2324.995661][T17089] RIP: 0033:0x4579f1 [ 2324.999540][T17089] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 2325.019397][T17089] RSP: 002b:00007fffcb41d000 EFLAGS: 00010206 [ 2325.025458][T17089] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004579d0 [ 2325.033445][T17089] RDX: 00007fffcb41d000 RSI: 0000000000000003 RDI: 0000000000000001 [ 2325.041408][T17089] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000023ff940 [ 2325.049361][T17089] R10: 0000000000000000 R11: 0000000000000206 R12: 00007fffcb41e1e0 [ 2325.057333][T17089] R13: 00007fffcb41e1d0 R14: 0000000000000000 R15: 00007fffcb41e1e0 [ 2325.069514][T17108] device hsr_slave_1 entered promiscuous mode [ 2325.076147][T17089] memory: usage 700kB, limit 0kB, failcnt 666 [ 2325.082334][T17089] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2325.089292][T17089] Memory cgroup stats for /syz5: [ 2325.089412][T17089] anon 0 [ 2325.089412][T17089] file 36864 [ 2325.089412][T17089] kernel_stack 65536 [ 2325.089412][T17089] slab 544768 [ 2325.089412][T17089] sock 0 [ 2325.089412][T17089] shmem 0 [ 2325.089412][T17089] file_mapped 0 [ 2325.089412][T17089] file_dirty 0 [ 2325.089412][T17089] file_writeback 0 [ 2325.089412][T17089] anon_thp 0 [ 2325.089412][T17089] inactive_anon 0 [ 2325.089412][T17089] active_anon 57344 [ 2325.089412][T17089] inactive_file 0 [ 2325.089412][T17089] active_file 0 [ 2325.089412][T17089] unevictable 0 [ 2325.089412][T17089] slab_reclaimable 135168 [ 2325.089412][T17089] slab_unreclaimable 409600 [ 2325.089412][T17089] pgfault 8283 [ 2325.089412][T17089] pgmajfault 0 [ 2325.089412][T17089] workingset_refault 0 [ 2325.089412][T17089] workingset_activate 0 [ 2325.089412][T17089] workingset_nodereclaim 0 [ 2325.089412][T17089] pgrefill 233 [ 2325.089412][T17089] pgscan 362 [ 2325.089412][T17089] pgsteal 146 [ 2325.089412][T17089] pgactivate 198 [ 2325.182899][T17089] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17089,uid=0 [ 2325.199626][T17108] debugfs: Directory 'hsr0' with parent '/' already present! [ 2325.218955][T17089] Memory cgroup out of memory: Killed process 17089 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 2325.259496][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2325.268657][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 04:54:40 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0x0, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2325.298517][T17093] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2325.326005][T17093] CPU: 0 PID: 17093 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2325.333945][T17093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2325.344003][T17093] Call Trace: [ 2325.344028][T17093] dump_stack+0x172/0x1f0 [ 2325.351621][T17093] dump_header+0x10b/0x82d [ 2325.351632][T17093] ? oom_kill_process+0x94/0x3f0 [ 2325.351647][T17093] oom_kill_process.cold+0x10/0x15 [ 2325.351664][T17093] out_of_memory+0x334/0x1340 [ 2325.351678][T17093] ? lock_downgrade+0x920/0x920 [ 2325.351700][T17093] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2325.382092][T17093] ? oom_killer_disable+0x280/0x280 [ 2325.387322][T17093] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2325.392872][T17093] ? memcg_stat_show+0xc40/0xc40 [ 2325.397817][T17093] ? do_raw_spin_unlock+0x57/0x270 [ 2325.402930][T17093] ? _raw_spin_unlock+0x2d/0x50 [ 2325.407786][T17093] try_charge+0xf4b/0x1440 [ 2325.412215][T17093] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2325.417753][T17093] ? percpu_ref_tryget_live+0x111/0x290 [ 2325.423424][T17093] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2325.429669][T17093] ? __kasan_check_read+0x11/0x20 [ 2325.434699][T17093] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2325.440261][T17093] mem_cgroup_try_charge+0x136/0x590 [ 2325.445550][T17093] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2325.451193][T17093] __handle_mm_fault+0x1f0d/0x4040 [ 2325.456312][T17093] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2325.461887][T17093] ? handle_mm_fault+0x292/0xaa0 [ 2325.466866][T17093] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2325.473121][T17093] ? __kasan_check_read+0x11/0x20 [ 2325.478165][T17093] handle_mm_fault+0x3b7/0xaa0 [ 2325.482954][T17093] __do_page_fault+0x536/0xdd0 [ 2325.487744][T17093] do_page_fault+0x38/0x590 [ 2325.492071][T17102] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2325.492263][T17093] page_fault+0x39/0x40 [ 2325.506703][T17093] RIP: 0033:0x403522 [ 2325.510607][T17093] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2325.520536][T17102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2325.530204][T17093] RSP: 002b:00007fff25fc5f50 EFLAGS: 00010246 [ 2325.530216][T17093] RAX: 0000000000000000 RBX: 0000000000237884 RCX: 0000000000413660 [ 2325.530223][T17093] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff25fc7080 [ 2325.530230][T17093] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001f13940 [ 2325.530236][T17093] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff25fc7080 [ 2325.530244][T17093] R13: 00007fff25fc7070 R14: 0000000000000000 R15: 00007fff25fc7080 [ 2325.583775][T17093] memory: usage 768kB, limit 0kB, failcnt 972 [ 2325.589976][T17093] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2325.596818][T17093] Memory cgroup stats for /syz4: [ 2325.596941][T17093] anon 0 [ 2325.596941][T17093] file 163840 [ 2325.596941][T17093] kernel_stack 65536 [ 2325.596941][T17093] slab 692224 [ 2325.596941][T17093] sock 0 [ 2325.596941][T17093] shmem 0 [ 2325.596941][T17093] file_mapped 0 [ 2325.596941][T17093] file_dirty 135168 [ 2325.596941][T17093] file_writeback 0 [ 2325.596941][T17093] anon_thp 0 [ 2325.596941][T17093] inactive_anon 0 [ 2325.596941][T17093] active_anon 0 [ 2325.596941][T17093] inactive_file 135168 [ 2325.596941][T17093] active_file 0 [ 2325.596941][T17093] unevictable 0 [ 2325.596941][T17093] slab_reclaimable 270336 [ 2325.596941][T17093] slab_unreclaimable 421888 [ 2325.596941][T17093] pgfault 9009 [ 2325.596941][T17093] pgmajfault 0 [ 2325.596941][T17093] workingset_refault 0 [ 2325.596941][T17093] workingset_activate 0 [ 2325.596941][T17093] workingset_nodereclaim 0 [ 2325.596941][T17093] pgrefill 264 [ 2325.596941][T17093] pgscan 292 [ 2325.596941][T17093] pgsteal 59 [ 2325.596941][T17093] pgactivate 231 [ 2325.693229][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2325.699297][T17093] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17093,uid=0 [ 2325.713573][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2325.749203][T17093] Memory cgroup out of memory: Killed process 17093 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2325.777590][ T1054] oom_reaper: reaped process 17093 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2325.797071][T17136] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2325.935532][T17137] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2325.969341][T17137] CPU: 1 PID: 17137 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2325.977277][T17137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2325.987334][T17137] Call Trace: [ 2325.990632][T17137] dump_stack+0x172/0x1f0 [ 2325.994974][T17137] dump_header+0x10b/0x82d [ 2325.999398][T17137] oom_kill_process.cold+0x10/0x15 [ 2326.004517][T17137] out_of_memory+0x334/0x1340 [ 2326.009199][T17137] ? cgroup_file_notify+0x140/0x1b0 [ 2326.014398][T17137] ? oom_killer_disable+0x280/0x280 [ 2326.019603][T17137] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2326.025147][T17137] ? memcg_stat_show+0xc40/0xc40 [ 2326.030098][T17137] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2326.035904][T17137] ? cgroup_file_notify+0x140/0x1b0 [ 2326.041102][T17137] memory_max_write+0x262/0x3a0 [ 2326.045961][T17137] ? mem_cgroup_write+0x370/0x370 [ 2326.050990][T17137] ? lock_acquire+0x190/0x410 [ 2326.055683][T17137] ? kernfs_fop_write+0x227/0x480 [ 2326.060716][T17137] cgroup_file_write+0x241/0x790 [ 2326.065654][T17137] ? mem_cgroup_write+0x370/0x370 [ 2326.070675][T17137] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2326.076316][T17137] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2326.081964][T17137] kernfs_fop_write+0x2b8/0x480 [ 2326.086815][T17137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2326.093057][T17137] __vfs_write+0x8a/0x110 [ 2326.097383][T17137] ? kernfs_fop_open+0xd80/0xd80 [ 2326.102319][T17137] vfs_write+0x268/0x5d0 [ 2326.106668][T17137] ksys_write+0x14f/0x290 [ 2326.110995][T17137] ? __ia32_sys_read+0xb0/0xb0 [ 2326.115758][T17137] ? do_syscall_64+0x26/0x760 [ 2326.120444][T17137] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2326.126512][T17137] ? do_syscall_64+0x26/0x760 [ 2326.131192][T17137] __x64_sys_write+0x73/0xb0 [ 2326.135780][T17137] do_syscall_64+0xfa/0x760 [ 2326.140286][T17137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2326.146182][T17137] RIP: 0033:0x459a59 [ 2326.150078][T17137] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2326.169681][T17137] RSP: 002b:00007ff3575a0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2326.178189][T17137] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2326.186213][T17137] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2326.194166][T17137] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2326.202115][T17137] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3575a16d4 [ 2326.210063][T17137] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2326.221506][T17137] memory: usage 3056kB, limit 0kB, failcnt 765 [ 2326.227721][T17137] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2326.234649][T17137] Memory cgroup stats for /syz2: [ 2326.234766][T17137] anon 2248704 [ 2326.234766][T17137] file 12288 [ 2326.234766][T17137] kernel_stack 65536 [ 2326.234766][T17137] slab 516096 [ 2326.234766][T17137] sock 0 [ 2326.234766][T17137] shmem 0 [ 2326.234766][T17137] file_mapped 0 [ 2326.234766][T17137] file_dirty 0 [ 2326.234766][T17137] file_writeback 0 [ 2326.234766][T17137] anon_thp 2097152 [ 2326.234766][T17137] inactive_anon 0 [ 2326.234766][T17137] active_anon 2174976 [ 2326.234766][T17137] inactive_file 0 [ 2326.234766][T17137] active_file 0 [ 2326.234766][T17137] unevictable 0 [ 2326.234766][T17137] slab_reclaimable 135168 [ 2326.234766][T17137] slab_unreclaimable 380928 [ 2326.234766][T17137] pgfault 14817 [ 2326.234766][T17137] pgmajfault 0 [ 2326.234766][T17137] workingset_refault 0 [ 2326.234766][T17137] workingset_activate 0 [ 2326.234766][T17137] workingset_nodereclaim 0 [ 2326.234766][T17137] pgrefill 0 [ 2326.234766][T17137] pgscan 0 [ 2326.234766][T17137] pgsteal 0 [ 2326.234766][T17137] pgactivate 0 [ 2326.239744][T17137] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17135,uid=0 [ 2326.239857][T17137] Memory cgroup out of memory: Killed process 17135 (syz-executor.2) total-vm:72712kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2326.392794][ T1054] oom_reaper: reaped process 17135 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2326.542397][T17140] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2326.575129][T17141] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2326.585602][T17141] CPU: 0 PID: 17141 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2326.593493][T17141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2326.603555][T17141] Call Trace: [ 2326.606848][T17141] dump_stack+0x172/0x1f0 [ 2326.611191][T17141] dump_header+0x10b/0x82d [ 2326.615609][T17141] oom_kill_process.cold+0x10/0x15 [ 2326.620739][T17141] out_of_memory+0x334/0x1340 [ 2326.625417][T17141] ? __sched_text_start+0x8/0x8 [ 2326.630266][T17141] ? oom_killer_disable+0x280/0x280 [ 2326.635481][T17141] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2326.641024][T17141] ? memcg_stat_show+0xc40/0xc40 [ 2326.645964][T17141] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2326.651773][T17141] ? cgroup_file_notify+0x140/0x1b0 [ 2326.656967][T17141] memory_max_write+0x262/0x3a0 [ 2326.661843][T17141] ? mem_cgroup_write+0x370/0x370 [ 2326.666874][T17141] ? lock_acquire+0x190/0x410 [ 2326.671554][T17141] ? kernfs_fop_write+0x227/0x480 [ 2326.676584][T17141] cgroup_file_write+0x241/0x790 [ 2326.681531][T17141] ? mem_cgroup_write+0x370/0x370 [ 2326.686559][T17141] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2326.692201][T17141] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2326.697831][T17141] kernfs_fop_write+0x2b8/0x480 [ 2326.702681][T17141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2326.708924][T17141] __vfs_write+0x8a/0x110 [ 2326.713252][T17141] ? kernfs_fop_open+0xd80/0xd80 [ 2326.718187][T17141] vfs_write+0x268/0x5d0 [ 2326.722430][T17141] ksys_write+0x14f/0x290 [ 2326.726758][T17141] ? __ia32_sys_read+0xb0/0xb0 [ 2326.731522][T17141] ? do_syscall_64+0x26/0x760 [ 2326.736281][T17141] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2326.742348][T17141] ? do_syscall_64+0x26/0x760 [ 2326.747029][T17141] __x64_sys_write+0x73/0xb0 [ 2326.751617][T17141] do_syscall_64+0xfa/0x760 [ 2326.756143][T17141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2326.762038][T17141] RIP: 0033:0x459a59 [ 2326.765940][T17141] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2326.785727][T17141] RSP: 002b:00007f5f423b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2326.794152][T17141] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2326.802123][T17141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2326.810094][T17141] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2326.818060][T17141] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5f423b66d4 [ 2326.826037][T17141] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2326.842304][T17141] memory: usage 24576kB, limit 0kB, failcnt 84 [ 2326.850516][T17141] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2326.857545][T17141] Memory cgroup stats for /syz1: [ 2326.857684][T17141] anon 2097152 [ 2326.857684][T17141] file 4096 [ 2326.857684][T17141] kernel_stack 65536 [ 2326.857684][T17141] slab 22716416 [ 2326.857684][T17141] sock 0 [ 2326.857684][T17141] shmem 0 [ 2326.857684][T17141] file_mapped 0 [ 2326.857684][T17141] file_dirty 0 [ 2326.857684][T17141] file_writeback 0 [ 2326.857684][T17141] anon_thp 2097152 [ 2326.857684][T17141] inactive_anon 0 [ 2326.857684][T17141] active_anon 2097152 [ 2326.857684][T17141] inactive_file 135168 [ 2326.857684][T17141] active_file 0 [ 2326.857684][T17141] unevictable 0 [ 2326.857684][T17141] slab_reclaimable 22032384 [ 2326.857684][T17141] slab_unreclaimable 684032 [ 2326.857684][T17141] pgfault 37521 [ 2326.857684][T17141] pgmajfault 0 [ 2326.857684][T17141] workingset_refault 0 [ 2326.857684][T17141] workingset_activate 0 [ 2326.857684][T17141] workingset_nodereclaim 0 [ 2326.857684][T17141] pgrefill 135 [ 2326.857684][T17141] pgscan 133 [ 2326.857684][T17141] pgsteal 0 [ 2326.857684][T17141] pgactivate 99 [ 2326.955254][T17141] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17139,uid=0 [ 2326.971628][T17141] Memory cgroup out of memory: Killed process 17139 (syz-executor.1) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2326.993248][ T1054] oom_reaper: reaped process 17139 (syz-executor.1), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB 04:54:42 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x0, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:42 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:42 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x0, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2327.051372][T17102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2327.081548][T17094] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2327.139933][T17094] CPU: 1 PID: 17094 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2327.147862][T17094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2327.157938][T17094] Call Trace: [ 2327.161253][T17094] dump_stack+0x172/0x1f0 [ 2327.165617][T17094] dump_header+0x10b/0x82d [ 2327.170040][T17094] ? oom_kill_process+0x94/0x3f0 [ 2327.174985][T17094] oom_kill_process.cold+0x10/0x15 [ 2327.180103][T17094] out_of_memory+0x334/0x1340 [ 2327.184783][T17094] ? lock_downgrade+0x920/0x920 [ 2327.189639][T17094] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2327.195443][T17094] ? oom_killer_disable+0x280/0x280 [ 2327.200657][T17094] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2327.206202][T17094] ? memcg_stat_show+0xc40/0xc40 [ 2327.211153][T17094] ? do_raw_spin_unlock+0x57/0x270 [ 2327.216265][T17094] ? _raw_spin_unlock+0x2d/0x50 [ 2327.221121][T17094] try_charge+0xf4b/0x1440 [ 2327.222154][T17108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2327.225572][T17094] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2327.237669][T17094] ? percpu_ref_tryget_live+0x111/0x290 [ 2327.243223][T17094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2327.249474][T17094] ? __kasan_check_read+0x11/0x20 [ 2327.254499][T17094] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2327.260139][T17094] mem_cgroup_try_charge+0x136/0x590 [ 2327.265445][T17094] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2327.270598][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2327.271079][T17094] wp_page_copy+0x407/0x1860 [ 2327.282823][T17094] ? find_held_lock+0x35/0x130 [ 2327.287571][T17094] ? do_wp_page+0x53b/0x15c0 [ 2327.292150][T17094] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2327.297940][T17094] ? lock_downgrade+0x920/0x920 [ 2327.302775][T17094] ? swp_swapcount+0x540/0x540 [ 2327.307520][T17094] ? __kasan_check_read+0x11/0x20 [ 2327.312526][T17094] ? do_raw_spin_unlock+0x57/0x270 [ 2327.317620][T17094] do_wp_page+0x543/0x15c0 [ 2327.322022][T17094] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2327.327381][T17094] __handle_mm_fault+0x23ec/0x4040 [ 2327.332477][T17094] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2327.338089][T17094] ? handle_mm_fault+0x292/0xaa0 [ 2327.343016][T17094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2327.349241][T17094] ? __kasan_check_read+0x11/0x20 [ 2327.354248][T17094] handle_mm_fault+0x3b7/0xaa0 [ 2327.358997][T17094] __do_page_fault+0x536/0xdd0 [ 2327.363835][T17094] do_page_fault+0x38/0x590 [ 2327.368324][T17094] page_fault+0x39/0x40 [ 2327.372462][T17094] RIP: 0033:0x430b36 [ 2327.376363][T17094] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2327.395945][T17094] RSP: 002b:00007fffda709830 EFLAGS: 00010206 [ 2327.401989][T17094] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2327.409939][T17094] RDX: 000000000183f930 RSI: 0000000001847970 RDI: 0000000000000003 [ 2327.417893][T17094] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000183e940 [ 2327.425843][T17094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2327.433794][T17094] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2327.443487][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:54:42 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x0, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:42 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x0, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2327.549003][T17094] memory: usage 22168kB, limit 0kB, failcnt 92 [ 2327.555208][T17094] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2327.575137][T17094] Memory cgroup stats for /syz1: [ 2327.575236][T17094] anon 0 [ 2327.575236][T17094] file 4096 [ 2327.575236][T17094] kernel_stack 0 [ 2327.575236][T17094] slab 22581248 [ 2327.575236][T17094] sock 0 [ 2327.575236][T17094] shmem 0 [ 2327.575236][T17094] file_mapped 0 [ 2327.575236][T17094] file_dirty 0 [ 2327.575236][T17094] file_writeback 0 [ 2327.575236][T17094] anon_thp 0 [ 2327.575236][T17094] inactive_anon 0 [ 2327.575236][T17094] active_anon 0 [ 2327.575236][T17094] inactive_file 135168 [ 2327.575236][T17094] active_file 0 [ 2327.575236][T17094] unevictable 0 [ 2327.575236][T17094] slab_reclaimable 21897216 [ 2327.575236][T17094] slab_unreclaimable 684032 [ 2327.575236][T17094] pgfault 37521 [ 2327.575236][T17094] pgmajfault 0 [ 2327.575236][T17094] workingset_refault 0 [ 2327.575236][T17094] workingset_activate 0 [ 2327.575236][T17094] workingset_nodereclaim 0 [ 2327.575236][T17094] pgrefill 135 [ 2327.575236][T17094] pgscan 133 [ 2327.575236][T17094] pgsteal 0 [ 2327.575236][T17094] pgactivate 99 [ 2327.581841][T17108] 8021q: adding VLAN 0 to HW filter on device team0 [ 2327.756895][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2327.769898][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2327.788605][T15292] bridge0: port 1(bridge_slave_0) entered blocking state [ 2327.795796][T15292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2327.840065][T17148] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2327.890943][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2327.906554][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2327.915789][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2327.925727][T11102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2327.932845][T11102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2327.941283][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2327.949022][T17094] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17094,uid=0 [ 2327.975534][T17094] Memory cgroup out of memory: Killed process 17094 (syz-executor.1) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2327.994990][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2328.005354][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2328.012717][ T1054] oom_reaper: reaped process 17094 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2328.026069][T17095] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2328.037770][T17095] CPU: 1 PID: 17095 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2328.045672][T17095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2328.055733][T17095] Call Trace: [ 2328.059027][T17095] dump_stack+0x172/0x1f0 [ 2328.063357][T17095] dump_header+0x10b/0x82d [ 2328.067768][T17095] ? oom_kill_process+0x94/0x3f0 [ 2328.072708][T17095] oom_kill_process.cold+0x10/0x15 [ 2328.077818][T17095] out_of_memory+0x334/0x1340 [ 2328.082489][T17095] ? lock_downgrade+0x920/0x920 [ 2328.087343][T17095] ? oom_killer_disable+0x280/0x280 [ 2328.092553][T17095] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2328.098089][T17095] ? memcg_stat_show+0xc40/0xc40 [ 2328.098108][T17095] ? do_raw_spin_unlock+0x57/0x270 [ 2328.098126][T17095] ? _raw_spin_unlock+0x2d/0x50 [ 2328.112973][T17095] try_charge+0xf4b/0x1440 [ 2328.117372][T17095] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2328.122896][T17095] ? percpu_ref_tryget_live+0x111/0x290 [ 2328.128421][T17095] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2328.134638][T17095] ? __kasan_check_read+0x11/0x20 [ 2328.139643][T17095] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2328.145213][T17095] mem_cgroup_try_charge+0x136/0x590 [ 2328.150489][T17095] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2328.156103][T17095] wp_page_copy+0x407/0x1860 [ 2328.160683][T17095] ? find_held_lock+0x35/0x130 [ 2328.165431][T17095] ? do_wp_page+0x53b/0x15c0 [ 2328.170029][T17095] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2328.175868][T17095] ? lock_downgrade+0x920/0x920 [ 2328.180711][T17095] ? swp_swapcount+0x540/0x540 [ 2328.185802][T17095] ? __kasan_check_read+0x11/0x20 [ 2328.190946][T17095] ? do_raw_spin_unlock+0x57/0x270 [ 2328.196039][T17095] do_wp_page+0x543/0x15c0 [ 2328.200554][T17095] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2328.206003][T17095] __handle_mm_fault+0x23ec/0x4040 [ 2328.211136][T17095] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2328.216664][T17095] ? handle_mm_fault+0x292/0xaa0 [ 2328.221601][T17095] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2328.227823][T17095] ? __kasan_check_read+0x11/0x20 [ 2328.232845][T17095] handle_mm_fault+0x3b7/0xaa0 [ 2328.237618][T17095] __do_page_fault+0x536/0xdd0 [ 2328.242372][T17095] do_page_fault+0x38/0x590 [ 2328.246869][T17095] page_fault+0x39/0x40 [ 2328.251015][T17095] RIP: 0033:0x403522 [ 2328.254890][T17095] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2328.275089][T17095] RSP: 002b:00007ffd69524b40 EFLAGS: 00010246 [ 2328.281132][T17095] RAX: 0000000000000000 RBX: 0000000000237d7f RCX: 0000000000413660 [ 2328.289083][T17095] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd69525c70 [ 2328.297034][T17095] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001178940 [ 2328.304987][T17095] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd69525c70 [ 2328.312938][T17095] R13: 00007ffd69525c60 R14: 0000000000000000 R15: 00007ffd69525c70 [ 2328.323794][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2328.324322][T17095] memory: usage 688kB, limit 0kB, failcnt 781 [ 2328.332892][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2328.333962][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2328.357152][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2328.359947][T17095] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2328.366319][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2328.385099][T17095] Memory cgroup stats for /syz2: [ 2328.385199][T17095] anon 147456 [ 2328.385199][T17095] file 12288 [ 2328.385199][T17095] kernel_stack 0 [ 2328.385199][T17095] slab 516096 [ 2328.385199][T17095] sock 0 [ 2328.385199][T17095] shmem 0 [ 2328.385199][T17095] file_mapped 0 [ 2328.385199][T17095] file_dirty 0 [ 2328.385199][T17095] file_writeback 0 [ 2328.385199][T17095] anon_thp 0 [ 2328.385199][T17095] inactive_anon 0 [ 2328.385199][T17095] active_anon 73728 [ 2328.385199][T17095] inactive_file 0 [ 2328.385199][T17095] active_file 0 [ 2328.385199][T17095] unevictable 0 [ 2328.385199][T17095] slab_reclaimable 135168 [ 2328.385199][T17095] slab_unreclaimable 380928 [ 2328.385199][T17095] pgfault 14850 [ 2328.385199][T17095] pgmajfault 0 [ 2328.385199][T17095] workingset_refault 0 [ 2328.385199][T17095] workingset_activate 0 [ 2328.385199][T17095] workingset_nodereclaim 0 [ 2328.385199][T17095] pgrefill 0 [ 2328.385199][T17095] pgscan 0 [ 2328.385199][T17095] pgsteal 0 [ 2328.385199][T17095] pgactivate 0 [ 2328.385199][T17095] pgdeactivate 0 [ 2328.482051][T17095] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17095,uid=0 [ 2328.508141][T17095] Memory cgroup out of memory: Killed process 17095 (syz-executor.2) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2328.510612][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2328.526238][ T1054] oom_reaper: reaped process 17095 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2328.544122][T17149] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2328.557079][T17149] CPU: 0 PID: 17149 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2328.564992][T17149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2328.570215][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2328.575042][T17149] Call Trace: [ 2328.575068][T17149] dump_stack+0x172/0x1f0 [ 2328.575095][T17149] dump_header+0x10b/0x82d [ 2328.594883][T17149] oom_kill_process.cold+0x10/0x15 [ 2328.597607][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2328.600085][T17149] out_of_memory+0x334/0x1340 [ 2328.600104][T17149] ? cgroup_file_notify+0x140/0x1b0 [ 2328.600121][T17149] ? oom_killer_disable+0x280/0x280 [ 2328.600148][T17149] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2328.600160][T17149] ? memcg_stat_show+0xc40/0xc40 [ 2328.600182][T17149] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2328.600198][T17149] ? cgroup_file_notify+0x140/0x1b0 [ 2328.600215][T17149] memory_max_write+0x262/0x3a0 [ 2328.600231][T17149] ? mem_cgroup_write+0x370/0x370 [ 2328.600247][T17149] ? lock_acquire+0x190/0x410 [ 2328.600263][T17149] ? kernfs_fop_write+0x227/0x480 [ 2328.600283][T17149] cgroup_file_write+0x241/0x790 [ 2328.600299][T17149] ? mem_cgroup_write+0x370/0x370 [ 2328.600312][T17149] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2328.600332][T17149] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2328.600346][T17149] kernfs_fop_write+0x2b8/0x480 [ 2328.600361][T17149] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2328.600380][T17149] __vfs_write+0x8a/0x110 [ 2328.600398][T17149] ? kernfs_fop_open+0xd80/0xd80 [ 2328.705578][T17149] vfs_write+0x268/0x5d0 [ 2328.709826][T17149] ksys_write+0x14f/0x290 [ 2328.714167][T17149] ? __ia32_sys_read+0xb0/0xb0 [ 2328.718936][T17149] ? do_syscall_64+0x26/0x760 [ 2328.723613][T17149] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2328.729683][T17149] ? do_syscall_64+0x26/0x760 [ 2328.734369][T17149] __x64_sys_write+0x73/0xb0 [ 2328.739052][T17149] do_syscall_64+0xfa/0x760 [ 2328.743561][T17149] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2328.749460][T17149] RIP: 0033:0x459a59 [ 2328.753353][T17149] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2328.772961][T17149] RSP: 002b:00007f2f44c5ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2328.781376][T17149] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2328.789360][T17149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2328.797341][T17149] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2328.805324][T17149] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2f44c5f6d4 [ 2328.814257][T17149] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2328.828880][T17149] memory: usage 3296kB, limit 0kB, failcnt 846 [ 2328.835647][T17149] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2328.843643][T17149] Memory cgroup stats for /syz0: [ 2328.843761][T17149] anon 2195456 [ 2328.843761][T17149] file 0 [ 2328.843761][T17149] kernel_stack 65536 [ 2328.843761][T17149] slab 843776 [ 2328.843761][T17149] sock 0 [ 2328.843761][T17149] shmem 0 [ 2328.843761][T17149] file_mapped 0 [ 2328.843761][T17149] file_dirty 0 [ 2328.843761][T17149] file_writeback 0 [ 2328.843761][T17149] anon_thp 2097152 [ 2328.843761][T17149] inactive_anon 0 [ 2328.843761][T17149] active_anon 2195456 [ 2328.843761][T17149] inactive_file 135168 [ 2328.843761][T17149] active_file 0 [ 2328.843761][T17149] unevictable 0 [ 2328.843761][T17149] slab_reclaimable 135168 [ 2328.843761][T17149] slab_unreclaimable 708608 [ 2328.843761][T17149] pgfault 14817 [ 2328.843761][T17149] pgmajfault 0 [ 2328.843761][T17149] workingset_refault 0 [ 2328.843761][T17149] workingset_activate 0 [ 2328.843761][T17149] workingset_nodereclaim 0 [ 2328.843761][T17149] pgrefill 0 [ 2328.843761][T17149] pgscan 0 [ 2328.843761][T17149] pgsteal 0 [ 2328.843761][T17149] pgactivate 0 [ 2328.939997][T17149] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17147,uid=0 [ 2328.955960][T17149] Memory cgroup out of memory: Killed process 17149 (syz-executor.0) total-vm:72712kB, anon-rss:2192kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2328.976999][ T1054] oom_reaper: reaped process 17149 (syz-executor.0), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB 04:54:44 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x0, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:44 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x0, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2329.011626][T17102] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2329.093333][T17102] CPU: 1 PID: 17102 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2329.101286][T17102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2329.111343][T17102] Call Trace: [ 2329.114662][T17102] dump_stack+0x172/0x1f0 [ 2329.118997][T17102] dump_header+0x10b/0x82d [ 2329.123418][T17102] ? oom_kill_process+0x94/0x3f0 [ 2329.128376][T17102] oom_kill_process.cold+0x10/0x15 [ 2329.133593][T17102] out_of_memory+0x334/0x1340 [ 2329.138280][T17102] ? lock_downgrade+0x920/0x920 [ 2329.143159][T17102] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2329.148968][T17102] ? oom_killer_disable+0x280/0x280 [ 2329.154181][T17102] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2329.159729][T17102] ? memcg_stat_show+0xc40/0xc40 [ 2329.164678][T17102] ? do_raw_spin_unlock+0x57/0x270 [ 2329.169804][T17102] ? _raw_spin_unlock+0x2d/0x50 [ 2329.174660][T17102] try_charge+0xf4b/0x1440 [ 2329.179087][T17102] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2329.184629][T17102] ? percpu_ref_tryget_live+0x111/0x290 [ 2329.190180][T17102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2329.196423][T17102] ? __kasan_check_read+0x11/0x20 [ 2329.201462][T17102] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2329.207029][T17102] mem_cgroup_try_charge+0x136/0x590 [ 2329.212337][T17102] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2329.217990][T17102] wp_page_copy+0x407/0x1860 [ 2329.222608][T17102] ? find_held_lock+0x35/0x130 [ 2329.227384][T17102] ? do_wp_page+0x53b/0x15c0 [ 2329.231981][T17102] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2329.237798][T17102] ? lock_downgrade+0x920/0x920 [ 2329.242660][T17102] ? swp_swapcount+0x540/0x540 [ 2329.247455][T17102] ? __kasan_check_read+0x11/0x20 [ 2329.252486][T17102] ? do_raw_spin_unlock+0x57/0x270 [ 2329.257608][T17102] do_wp_page+0x543/0x15c0 [ 2329.262036][T17102] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2329.267426][T17102] __handle_mm_fault+0x23ec/0x4040 [ 2329.272550][T17102] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2329.278104][T17102] ? handle_mm_fault+0x292/0xaa0 [ 2329.283063][T17102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2329.289311][T17102] ? __kasan_check_read+0x11/0x20 [ 2329.294347][T17102] handle_mm_fault+0x3b7/0xaa0 [ 2329.299126][T17102] __do_page_fault+0x536/0xdd0 [ 2329.303908][T17102] do_page_fault+0x38/0x590 [ 2329.308424][T17102] page_fault+0x39/0x40 [ 2329.312580][T17102] RIP: 0033:0x403522 [ 2329.316475][T17102] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2329.336119][T17102] RSP: 002b:00007ffe91055d90 EFLAGS: 00010246 [ 2329.342186][T17102] RAX: 0000000000000000 RBX: 0000000000238801 RCX: 0000000000413660 [ 2329.350136][T17102] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe91056ec0 [ 2329.358171][T17102] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000014b3940 [ 2329.366159][T17102] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe91056ec0 [ 2329.374120][T17102] R13: 00007ffe91056eb0 R14: 0000000000000000 R15: 00007ffe91056ec0 [ 2329.390811][T17102] memory: usage 932kB, limit 0kB, failcnt 854 [ 2329.396917][T17102] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2329.418823][T17102] Memory cgroup stats for /syz0: [ 2329.418985][T17102] anon 45056 [ 2329.418985][T17102] file 0 [ 2329.418985][T17102] kernel_stack 65536 [ 2329.418985][T17102] slab 843776 [ 2329.418985][T17102] sock 0 [ 2329.418985][T17102] shmem 0 [ 2329.418985][T17102] file_mapped 0 [ 2329.418985][T17102] file_dirty 0 [ 2329.418985][T17102] file_writeback 0 [ 2329.418985][T17102] anon_thp 0 [ 2329.418985][T17102] inactive_anon 0 [ 2329.418985][T17102] active_anon 45056 [ 2329.418985][T17102] inactive_file 135168 [ 2329.418985][T17102] active_file 0 [ 2329.418985][T17102] unevictable 0 [ 2329.418985][T17102] slab_reclaimable 135168 [ 2329.418985][T17102] slab_unreclaimable 708608 [ 2329.418985][T17102] pgfault 14817 [ 2329.418985][T17102] pgmajfault 0 [ 2329.418985][T17102] workingset_refault 0 [ 2329.418985][T17102] workingset_activate 0 [ 2329.418985][T17102] workingset_nodereclaim 0 [ 2329.418985][T17102] pgrefill 0 [ 2329.418985][T17102] pgscan 0 [ 2329.418985][T17102] pgsteal 0 [ 2329.418985][T17102] pgactivate 0 [ 2329.520366][T17102] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17102,uid=0 [ 2329.540873][T17108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2329.550764][T17102] Memory cgroup out of memory: Killed process 17102 (syz-executor.0) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2329.571171][ T1054] oom_reaper: reaped process 17102 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 04:54:44 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2329.883305][T17151] IPVS: ftp: loaded support on port[0] = 21 04:54:45 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2330.476258][T17108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2330.529547][T17153] IPVS: ftp: loaded support on port[0] = 21 [ 2330.858959][T17160] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2330.907690][T17151] chnl_net:caif_netlink_parms(): no params data found [ 2330.963768][T17153] chnl_net:caif_netlink_parms(): no params data found [ 2330.995843][T17160] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2331.006627][T17160] CPU: 1 PID: 17160 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2331.014534][T17160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2331.024599][T17160] Call Trace: [ 2331.027908][T17160] dump_stack+0x172/0x1f0 [ 2331.032254][T17160] dump_header+0x10b/0x82d [ 2331.036683][T17160] oom_kill_process.cold+0x10/0x15 [ 2331.041805][T17160] out_of_memory+0x334/0x1340 [ 2331.046493][T17160] ? __sched_text_start+0x8/0x8 [ 2331.051356][T17160] ? oom_killer_disable+0x280/0x280 [ 2331.056568][T17160] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2331.062299][T17160] ? memcg_stat_show+0xc40/0xc40 [ 2331.067411][T17160] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2331.073210][T17160] ? cgroup_file_notify+0x140/0x1b0 [ 2331.078513][T17160] memory_max_write+0x262/0x3a0 [ 2331.083359][T17160] ? mem_cgroup_write+0x370/0x370 [ 2331.088473][T17160] ? mem_cgroup_write+0x370/0x370 [ 2331.093674][T17160] ? cgroup_file_write+0x1e2/0x790 [ 2331.098961][T17160] cgroup_file_write+0x241/0x790 [ 2331.103980][T17160] ? mem_cgroup_write+0x370/0x370 [ 2331.108995][T17160] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2331.115580][T17160] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2331.121234][T17160] kernfs_fop_write+0x2b8/0x480 [ 2331.126105][T17160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2331.132430][T17160] __vfs_write+0x8a/0x110 [ 2331.136766][T17160] ? kernfs_fop_open+0xd80/0xd80 [ 2331.141707][T17160] vfs_write+0x268/0x5d0 [ 2331.145951][T17160] ksys_write+0x14f/0x290 [ 2331.150275][T17160] ? __ia32_sys_read+0xb0/0xb0 [ 2331.155031][T17160] ? do_syscall_64+0x26/0x760 [ 2331.159704][T17160] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2331.165952][T17160] ? do_syscall_64+0x26/0x760 [ 2331.170900][T17160] __x64_sys_write+0x73/0xb0 [ 2331.175482][T17160] do_syscall_64+0xfa/0x760 [ 2331.180175][T17160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2331.186056][T17160] RIP: 0033:0x459a59 [ 2331.189942][T17160] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2331.209537][T17160] RSP: 002b:00007ff888799c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2331.218053][T17160] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2331.226020][T17160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2331.233986][T17160] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2331.241949][T17160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff88879a6d4 [ 2331.249913][T17160] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2331.279129][T17160] memory: usage 4968kB, limit 0kB, failcnt 1501 [ 2331.285906][T17160] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2331.328975][T17160] Memory cgroup stats for /syz3: [ 2331.329759][T17160] anon 2166784 [ 2331.329759][T17160] file 0 [ 2331.329759][T17160] kernel_stack 65536 [ 2331.329759][T17160] slab 2850816 [ 2331.329759][T17160] sock 0 [ 2331.329759][T17160] shmem 0 [ 2331.329759][T17160] file_mapped 0 [ 2331.329759][T17160] file_dirty 0 [ 2331.329759][T17160] file_writeback 0 [ 2331.329759][T17160] anon_thp 2097152 [ 2331.329759][T17160] inactive_anon 0 [ 2331.329759][T17160] active_anon 2166784 [ 2331.329759][T17160] inactive_file 28672 [ 2331.329759][T17160] active_file 0 [ 2331.329759][T17160] unevictable 0 [ 2331.329759][T17160] slab_reclaimable 2027520 [ 2331.329759][T17160] slab_unreclaimable 823296 [ 2331.329759][T17160] pgfault 13200 [ 2331.329759][T17160] pgmajfault 0 [ 2331.329759][T17160] workingset_refault 0 [ 2331.329759][T17160] workingset_activate 0 [ 2331.329759][T17160] workingset_nodereclaim 0 [ 2331.329759][T17160] pgrefill 496 [ 2331.329759][T17160] pgscan 4606 [ 2331.329759][T17160] pgsteal 4107 [ 2331.329759][T17160] pgactivate 462 [ 2331.437940][T17160] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17158,uid=0 [ 2331.455411][T17160] Memory cgroup out of memory: Killed process 17158 (syz-executor.3) total-vm:72712kB, anon-rss:2196kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2331.478069][ T1054] oom_reaper: reaped process 17158 (syz-executor.3), now anon-rss:0kB, file-rss:34908kB, shmem-rss:0kB 04:54:46 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:46 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x0, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:46 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x0, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2331.605730][T17151] bridge0: port 1(bridge_slave_0) entered blocking state [ 2331.615117][T17151] bridge0: port 1(bridge_slave_0) entered disabled state [ 2331.624026][T17151] device bridge_slave_0 entered promiscuous mode [ 2331.633015][T17151] bridge0: port 2(bridge_slave_1) entered blocking state [ 2331.642203][T17108] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2331.674324][T17151] bridge0: port 2(bridge_slave_1) entered disabled state [ 2331.679874][T17108] CPU: 1 PID: 17108 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2331.689807][T17108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2331.689814][T17108] Call Trace: [ 2331.689834][T17108] dump_stack+0x172/0x1f0 [ 2331.689856][T17108] dump_header+0x10b/0x82d [ 2331.701401][T17151] device bridge_slave_1 entered promiscuous mode [ 2331.703321][T17108] ? oom_kill_process+0x94/0x3f0 [ 2331.703339][T17108] oom_kill_process.cold+0x10/0x15 [ 2331.712063][T17108] out_of_memory+0x334/0x1340 [ 2331.712078][T17108] ? lock_downgrade+0x920/0x920 [ 2331.712101][T17108] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2331.723651][T17108] ? oom_killer_disable+0x280/0x280 [ 2331.723676][T17108] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2331.723689][T17108] ? memcg_stat_show+0xc40/0xc40 [ 2331.723708][T17108] ? do_raw_spin_unlock+0x57/0x270 [ 2331.733498][T17108] ? _raw_spin_unlock+0x2d/0x50 [ 2331.744916][T17108] try_charge+0xf4b/0x1440 [ 2331.756216][T17108] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2331.766493][T17108] ? percpu_ref_tryget_live+0x111/0x290 [ 2331.775771][T17108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2331.786835][T17108] ? __kasan_check_read+0x11/0x20 [ 2331.798332][T17108] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2331.803895][T17108] mem_cgroup_try_charge+0x136/0x590 [ 2331.803915][T17108] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2331.803931][T17108] wp_page_copy+0x407/0x1860 [ 2331.803945][T17108] ? find_held_lock+0x35/0x130 [ 2331.803962][T17108] ? do_wp_page+0x53b/0x15c0 [ 2331.814867][T17108] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2331.824233][T17108] ? lock_downgrade+0x920/0x920 [ 2331.834601][T17108] ? swp_swapcount+0x540/0x540 [ 2331.844439][T17108] ? __kasan_check_read+0x11/0x20 [ 2331.849468][T17108] ? do_raw_spin_unlock+0x57/0x270 [ 2331.849486][T17108] do_wp_page+0x543/0x15c0 [ 2331.849505][T17108] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2331.859152][T17108] __handle_mm_fault+0x23ec/0x4040 [ 2331.859171][T17108] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2331.859188][T17108] ? handle_mm_fault+0x292/0xaa0 [ 2331.869699][T17108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2331.869720][T17108] ? __kasan_check_read+0x11/0x20 [ 2331.880262][T17108] handle_mm_fault+0x3b7/0xaa0 [ 2331.880282][T17108] __do_page_fault+0x536/0xdd0 [ 2331.880305][T17108] do_page_fault+0x38/0x590 [ 2331.891630][T17108] page_fault+0x39/0x40 [ 2331.891641][T17108] RIP: 0033:0x403522 [ 2331.891661][T17108] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2331.901186][T17108] RSP: 002b:00007ffd48a56bb0 EFLAGS: 00010246 [ 2331.901197][T17108] RAX: 0000000000000000 RBX: 0000000000239130 RCX: 0000000000413660 [ 2331.901204][T17108] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd48a57ce0 [ 2331.901211][T17108] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000c5e940 [ 2331.901219][T17108] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd48a57ce0 [ 2331.901232][T17108] R13: 00007ffd48a57cd0 R14: 0000000000000000 R15: 00007ffd48a57ce0 [ 2331.982304][T17108] memory: usage 2548kB, limit 0kB, failcnt 1509 [ 2331.988666][T17108] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2331.996299][T17108] Memory cgroup stats for /syz3: [ 2331.996397][T17108] anon 65536 [ 2331.996397][T17108] file 0 [ 2331.996397][T17108] kernel_stack 65536 [ 2331.996397][T17108] slab 2715648 [ 2331.996397][T17108] sock 0 [ 2331.996397][T17108] shmem 0 [ 2331.996397][T17108] file_mapped 0 [ 2331.996397][T17108] file_dirty 0 [ 2331.996397][T17108] file_writeback 0 [ 2331.996397][T17108] anon_thp 0 [ 2331.996397][T17108] inactive_anon 0 [ 2331.996397][T17108] active_anon 65536 [ 2331.996397][T17108] inactive_file 28672 [ 2331.996397][T17108] active_file 0 [ 2331.996397][T17108] unevictable 0 [ 2331.996397][T17108] slab_reclaimable 1892352 [ 2331.996397][T17108] slab_unreclaimable 823296 [ 2331.996397][T17108] pgfault 13200 [ 2331.996397][T17108] pgmajfault 0 [ 2331.996397][T17108] workingset_refault 0 [ 2331.996397][T17108] workingset_activate 0 [ 2331.996397][T17108] workingset_nodereclaim 0 [ 2331.996397][T17108] pgrefill 496 [ 2331.996397][T17108] pgscan 4606 [ 2331.996397][T17108] pgsteal 4107 [ 2331.996397][T17108] pgactivate 462 [ 2332.096083][T17153] bridge0: port 1(bridge_slave_0) entered blocking state [ 2332.103769][T17153] bridge0: port 1(bridge_slave_0) entered disabled state [ 2332.112902][T17153] device bridge_slave_0 entered promiscuous mode [ 2332.122105][T17108] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17108,uid=0 [ 2332.137997][T17108] Memory cgroup out of memory: Killed process 17108 (syz-executor.3) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2332.156823][ T1054] oom_reaper: reaped process 17108 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2332.241745][T17153] bridge0: port 2(bridge_slave_1) entered blocking state [ 2332.259155][T17153] bridge0: port 2(bridge_slave_1) entered disabled state [ 2332.278559][T17153] device bridge_slave_1 entered promiscuous mode [ 2332.303833][T17165] IPVS: ftp: loaded support on port[0] = 21 04:54:47 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2332.723008][T17151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2332.736928][T17153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2332.754213][T17151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2332.785664][T17153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2332.880904][T17151] team0: Port device team_slave_0 added [ 2332.898152][T17153] team0: Port device team_slave_0 added 04:54:47 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2332.921980][T17151] team0: Port device team_slave_1 added [ 2332.943256][T17153] team0: Port device team_slave_1 added [ 2333.143650][T17151] device hsr_slave_0 entered promiscuous mode [ 2333.219893][T17151] device hsr_slave_1 entered promiscuous mode [ 2333.259100][T17151] debugfs: Directory 'hsr0' with parent '/' already present! [ 2333.342803][T17153] device hsr_slave_0 entered promiscuous mode [ 2333.450062][T17153] device hsr_slave_1 entered promiscuous mode [ 2333.489786][T17153] debugfs: Directory 'hsr0' with parent '/' already present! [ 2333.578666][T17168] IPVS: ftp: loaded support on port[0] = 21 [ 2333.611718][T17170] IPVS: ftp: loaded support on port[0] = 21 [ 2333.680037][T17165] chnl_net:caif_netlink_parms(): no params data found [ 2334.204384][T17165] bridge0: port 1(bridge_slave_0) entered blocking state [ 2334.229268][T17165] bridge0: port 1(bridge_slave_0) entered disabled state [ 2334.249401][T17165] device bridge_slave_0 entered promiscuous mode [ 2334.360988][T17165] bridge0: port 2(bridge_slave_1) entered blocking state [ 2334.368258][T17165] bridge0: port 2(bridge_slave_1) entered disabled state [ 2334.379658][T17165] device bridge_slave_1 entered promiscuous mode [ 2334.410570][T17172] IPVS: ftp: loaded support on port[0] = 21 [ 2334.443032][T17151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2334.586144][T17165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2334.627569][T17153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2334.651582][T17165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2334.834832][T17170] chnl_net:caif_netlink_parms(): no params data found [ 2334.846567][T17168] chnl_net:caif_netlink_parms(): no params data found [ 2334.861980][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2334.870966][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2334.886173][T17151] 8021q: adding VLAN 0 to HW filter on device team0 [ 2334.898484][T17165] team0: Port device team_slave_0 added [ 2334.916248][T17165] team0: Port device team_slave_1 added [ 2335.002047][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2335.012540][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2335.028213][T17153] 8021q: adding VLAN 0 to HW filter on device team0 [ 2335.126616][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2335.138583][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2335.148398][T11481] bridge0: port 1(bridge_slave_0) entered blocking state [ 2335.156180][T11481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2335.166790][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2335.176848][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2335.186262][T11481] bridge0: port 2(bridge_slave_1) entered blocking state [ 2335.193687][T11481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2335.255199][T17168] bridge0: port 1(bridge_slave_0) entered blocking state [ 2335.263155][T17168] bridge0: port 1(bridge_slave_0) entered disabled state [ 2335.272297][T17168] device bridge_slave_0 entered promiscuous mode [ 2335.285728][T17170] bridge0: port 1(bridge_slave_0) entered blocking state [ 2335.294151][T17170] bridge0: port 1(bridge_slave_0) entered disabled state [ 2335.303269][T17170] device bridge_slave_0 entered promiscuous mode [ 2335.313609][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2335.323039][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2335.333032][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2335.344091][ T8893] bridge0: port 1(bridge_slave_0) entered blocking state [ 2335.351404][ T8893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2335.361473][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2335.437718][T17168] bridge0: port 2(bridge_slave_1) entered blocking state [ 2335.446174][T17168] bridge0: port 2(bridge_slave_1) entered disabled state [ 2335.456176][T17168] device bridge_slave_1 entered promiscuous mode [ 2335.464685][T17170] bridge0: port 2(bridge_slave_1) entered blocking state [ 2335.473656][T17170] bridge0: port 2(bridge_slave_1) entered disabled state [ 2335.483383][T17170] device bridge_slave_1 entered promiscuous mode [ 2335.498143][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2335.507897][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2335.517938][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2335.539339][T11481] bridge0: port 2(bridge_slave_1) entered blocking state [ 2335.546520][T11481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2335.571112][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2335.653190][T17165] device hsr_slave_0 entered promiscuous mode [ 2335.700167][T17165] device hsr_slave_1 entered promiscuous mode [ 2335.749130][T17165] debugfs: Directory 'hsr0' with parent '/' already present! [ 2335.847855][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2335.907618][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2335.921373][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2335.932126][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2335.942126][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2335.952797][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2336.045269][T17170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2336.060549][T17168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2336.073505][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2336.083263][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2336.092311][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2336.103385][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2336.214738][T17170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2336.232552][T17168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2336.245241][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2336.255074][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2336.264768][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2336.274298][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2336.283968][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2336.294948][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2336.305015][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2336.314904][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2336.330811][T17151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2336.392192][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2336.402082][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2336.432194][T17172] chnl_net:caif_netlink_parms(): no params data found [ 2336.498426][T17168] team0: Port device team_slave_0 added [ 2336.506900][T17153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2336.533819][T17170] team0: Port device team_slave_0 added [ 2336.555797][T17168] team0: Port device team_slave_1 added [ 2336.673923][T17170] team0: Port device team_slave_1 added [ 2336.815046][T17151] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2336.905475][T17172] bridge0: port 1(bridge_slave_0) entered blocking state [ 2336.914733][T17172] bridge0: port 1(bridge_slave_0) entered disabled state [ 2336.924928][T17172] device bridge_slave_0 entered promiscuous mode [ 2337.003202][T17168] device hsr_slave_0 entered promiscuous mode [ 2337.049829][T17168] device hsr_slave_1 entered promiscuous mode [ 2337.089649][T17168] debugfs: Directory 'hsr0' with parent '/' already present! [ 2337.132765][T17170] device hsr_slave_0 entered promiscuous mode [ 2337.180334][T17170] device hsr_slave_1 entered promiscuous mode [ 2337.249312][T17170] debugfs: Directory 'hsr0' with parent '/' already present! [ 2337.297981][T17153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2337.316964][T17172] bridge0: port 2(bridge_slave_1) entered blocking state [ 2337.325854][T17172] bridge0: port 2(bridge_slave_1) entered disabled state [ 2337.341246][T17172] device bridge_slave_1 entered promiscuous mode [ 2337.474687][T17165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2337.566453][T17187] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2337.612792][T17172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2337.643355][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2337.658543][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2337.725289][T17165] 8021q: adding VLAN 0 to HW filter on device team0 [ 2337.733250][T17190] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2337.750376][T17185] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2337.766511][T17172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2337.772450][T17185] CPU: 1 PID: 17185 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2337.783726][T17185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2337.794006][T17185] Call Trace: [ 2337.797324][T17185] dump_stack+0x172/0x1f0 [ 2337.801849][T17185] dump_header+0x10b/0x82d [ 2337.806267][T17185] oom_kill_process.cold+0x10/0x15 [ 2337.811378][T17185] out_of_memory+0x334/0x1340 [ 2337.816058][T17185] ? __sched_text_start+0x8/0x8 [ 2337.820909][T17185] ? oom_killer_disable+0x280/0x280 [ 2337.826116][T17185] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2337.831660][T17185] ? memcg_stat_show+0xc40/0xc40 [ 2337.836738][T17185] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2337.842541][T17185] ? cgroup_file_notify+0x140/0x1b0 [ 2337.847736][T17185] memory_max_write+0x262/0x3a0 [ 2337.852595][T17185] ? mem_cgroup_write+0x370/0x370 [ 2337.857640][T17185] ? cgroup_file_write+0x86/0x790 [ 2337.862662][T17185] cgroup_file_write+0x241/0x790 [ 2337.867598][T17185] ? mem_cgroup_write+0x370/0x370 [ 2337.872618][T17185] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2337.878259][T17185] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2337.883888][T17185] kernfs_fop_write+0x2b8/0x480 [ 2337.889084][T17185] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2337.895408][T17185] __vfs_write+0x8a/0x110 [ 2337.899747][T17185] ? kernfs_fop_open+0xd80/0xd80 [ 2337.904837][T17185] vfs_write+0x268/0x5d0 [ 2337.909773][T17185] ksys_write+0x14f/0x290 [ 2337.914189][T17185] ? __ia32_sys_read+0xb0/0xb0 [ 2337.919035][T17185] ? do_syscall_64+0x26/0x760 [ 2337.923797][T17185] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2337.929857][T17185] ? do_syscall_64+0x26/0x760 [ 2337.934620][T17185] __x64_sys_write+0x73/0xb0 [ 2337.939210][T17185] do_syscall_64+0xfa/0x760 [ 2337.943752][T17185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2337.949923][T17185] RIP: 0033:0x459a59 [ 2337.953831][T17185] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2337.973461][T17185] RSP: 002b:00007f2121a70c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2337.981878][T17185] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2337.989952][T17185] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2337.998013][T17185] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2338.006063][T17185] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2121a716d4 [ 2338.014043][T17185] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2338.044329][T17185] memory: usage 3140kB, limit 0kB, failcnt 667 [ 2338.104909][T17185] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2338.120972][T17185] Memory cgroup stats for /syz5: [ 2338.121698][T17185] anon 2093056 [ 2338.121698][T17185] file 0 [ 2338.121698][T17185] kernel_stack 65536 [ 2338.121698][T17185] slab 544768 [ 2338.121698][T17185] sock 0 [ 2338.121698][T17185] shmem 0 [ 2338.121698][T17185] file_mapped 0 [ 2338.121698][T17185] file_dirty 0 [ 2338.121698][T17185] file_writeback 0 [ 2338.121698][T17185] anon_thp 2097152 [ 2338.121698][T17185] inactive_anon 0 [ 2338.121698][T17185] active_anon 2154496 [ 2338.121698][T17185] inactive_file 0 [ 2338.121698][T17185] active_file 0 [ 2338.121698][T17185] unevictable 0 [ 2338.121698][T17185] slab_reclaimable 135168 [ 2338.121698][T17185] slab_unreclaimable 409600 [ 2338.121698][T17185] pgfault 8382 [ 2338.121698][T17185] pgmajfault 0 [ 2338.121698][T17185] workingset_refault 0 [ 2338.121698][T17185] workingset_activate 0 [ 2338.121698][T17185] workingset_nodereclaim 0 [ 2338.121698][T17185] pgrefill 233 [ 2338.121698][T17185] pgscan 362 [ 2338.121698][T17185] pgsteal 146 [ 2338.121698][T17185] pgactivate 198 [ 2338.127228][T17185] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17183,uid=0 [ 2338.248188][T17185] Memory cgroup out of memory: Killed process 17183 (syz-executor.5) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2338.272422][ T1054] oom_reaper: reaped process 17183 (syz-executor.5), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2338.311789][T17191] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2338.334442][T17191] CPU: 0 PID: 17191 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2338.342391][T17191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2338.352470][T17191] Call Trace: [ 2338.355785][T17191] dump_stack+0x172/0x1f0 [ 2338.360142][T17191] dump_header+0x10b/0x82d [ 2338.364709][T17191] oom_kill_process.cold+0x10/0x15 [ 2338.369842][T17191] out_of_memory+0x334/0x1340 [ 2338.374636][T17191] ? cgroup_file_notify+0x140/0x1b0 [ 2338.379857][T17191] ? oom_killer_disable+0x280/0x280 [ 2338.386138][T17191] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2338.391710][T17191] ? memcg_stat_show+0xc40/0xc40 [ 2338.396681][T17191] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2338.402520][T17191] ? cgroup_file_notify+0x140/0x1b0 [ 2338.407750][T17191] memory_max_write+0x262/0x3a0 [ 2338.412803][T17191] ? mem_cgroup_write+0x370/0x370 [ 2338.418290][T17191] ? lock_acquire+0x190/0x410 [ 2338.423001][T17191] ? kernfs_fop_write+0x227/0x480 [ 2338.428075][T17191] cgroup_file_write+0x241/0x790 [ 2338.433046][T17191] ? mem_cgroup_write+0x370/0x370 [ 2338.438108][T17191] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2338.444899][T17191] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2338.450675][T17191] kernfs_fop_write+0x2b8/0x480 [ 2338.455710][T17191] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2338.461991][T17191] __vfs_write+0x8a/0x110 [ 2338.466349][T17191] ? kernfs_fop_open+0xd80/0xd80 [ 2338.471315][T17191] vfs_write+0x268/0x5d0 [ 2338.471813][T17165] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2338.475575][T17191] ksys_write+0x14f/0x290 [ 2338.475590][T17191] ? __ia32_sys_read+0xb0/0xb0 [ 2338.475611][T17191] ? do_syscall_64+0x26/0x760 [ 2338.493258][T17165] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2338.495376][T17191] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2338.495397][T17191] ? do_syscall_64+0x26/0x760 [ 2338.521146][T17191] __x64_sys_write+0x73/0xb0 [ 2338.525767][T17191] do_syscall_64+0xfa/0x760 [ 2338.530386][T17191] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2338.532196][T17165] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2338.536462][T17191] RIP: 0033:0x459a59 [ 2338.536480][T17191] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2338.536495][T17191] RSP: 002b:00007f6518ecac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2338.547277][T17191] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2338.547286][T17191] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2338.547294][T17191] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2338.547302][T17191] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6518ecb6d4 04:54:53 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x0, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2338.547316][T17191] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2338.638981][T17191] memory: usage 3152kB, limit 0kB, failcnt 973 [ 2338.646828][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2338.655169][T17191] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2338.655178][T17191] Memory cgroup stats for /syz4: [ 2338.655359][T17191] anon 2101248 [ 2338.655359][T17191] file 163840 [ 2338.655359][T17191] kernel_stack 65536 [ 2338.655359][T17191] slab 692224 [ 2338.655359][T17191] sock 0 [ 2338.655359][T17191] shmem 0 [ 2338.655359][T17191] file_mapped 0 [ 2338.655359][T17191] file_dirty 135168 [ 2338.655359][T17191] file_writeback 0 [ 2338.655359][T17191] anon_thp 2097152 [ 2338.655359][T17191] inactive_anon 0 [ 2338.655359][T17191] active_anon 2101248 [ 2338.655359][T17191] inactive_file 135168 [ 2338.655359][T17191] active_file 0 [ 2338.655359][T17191] unevictable 0 [ 2338.655359][T17191] slab_reclaimable 270336 [ 2338.655359][T17191] slab_unreclaimable 421888 [ 2338.655359][T17191] pgfault 9075 [ 2338.655359][T17191] pgmajfault 0 [ 2338.655359][T17191] workingset_refault 0 [ 2338.655359][T17191] workingset_activate 0 [ 2338.655359][T17191] workingset_nodereclaim 0 [ 2338.655359][T17191] pgrefill 264 [ 2338.655359][T17191] pgscan 292 [ 2338.655359][T17191] pgsteal 59 [ 2338.655359][T17191] pgactivate 231 [ 2338.655407][T17191] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17189,uid=0 [ 2338.680103][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2338.769302][T17191] Memory cgroup out of memory: Killed process 17189 (syz-executor.4) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2338.810148][T17151] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2338.812835][ T1054] oom_reaper: reaped process 17189 (syz-executor.4), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2338.822784][T17151] CPU: 1 PID: 17151 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2338.839505][T17151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2338.849580][T17151] Call Trace: [ 2338.852922][T17151] dump_stack+0x172/0x1f0 [ 2338.857623][T17151] dump_header+0x10b/0x82d [ 2338.862058][T17151] ? oom_kill_process+0x94/0x3f0 [ 2338.867014][T17151] oom_kill_process.cold+0x10/0x15 [ 2338.872376][T17151] out_of_memory+0x334/0x1340 [ 2338.877073][T17151] ? lock_downgrade+0x920/0x920 [ 2338.881984][T17151] ? oom_killer_disable+0x280/0x280 [ 2338.887212][T17151] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2338.892794][T17151] ? memcg_stat_show+0xc40/0xc40 [ 2338.897754][T17151] ? do_raw_spin_unlock+0x57/0x270 [ 2338.899474][ T2871] bridge0: port 1(bridge_slave_0) entered blocking state [ 2338.902887][T17151] ? _raw_spin_unlock+0x2d/0x50 [ 2338.910116][ T2871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2338.914913][T17151] try_charge+0xf4b/0x1440 [ 2338.926660][T17151] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2338.932304][T17151] ? percpu_ref_tryget_live+0x111/0x290 [ 2338.935752][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2338.937958][T17151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2338.947389][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2338.953504][T17151] ? __kasan_check_read+0x11/0x20 [ 2338.953525][T17151] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2338.953541][T17151] mem_cgroup_try_charge+0x136/0x590 [ 2338.953561][T17151] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2338.962302][ T2871] bridge0: port 2(bridge_slave_1) entered blocking state [ 2338.966798][T17151] wp_page_copy+0x407/0x1860 [ 2338.972489][ T2871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2338.977697][T17151] ? find_held_lock+0x35/0x130 [ 2338.984500][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2338.990663][T17151] ? do_wp_page+0x53b/0x15c0 [ 2338.990680][T17151] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2338.990696][T17151] ? lock_downgrade+0x920/0x920 [ 2338.990714][T17151] ? swp_swapcount+0x540/0x540 [ 2338.996888][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2339.002770][T17151] ? __kasan_check_read+0x11/0x20 [ 2339.002787][T17151] ? do_raw_spin_unlock+0x57/0x270 [ 2339.002806][T17151] do_wp_page+0x543/0x15c0 [ 2339.002834][T17151] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2339.009401][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2339.015544][T17151] __handle_mm_fault+0x23ec/0x4040 [ 2339.022007][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2339.026461][T17151] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2339.033231][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2339.036589][T17151] ? handle_mm_fault+0x292/0xaa0 [ 2339.046366][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2339.049985][T17151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2339.050003][T17151] ? __kasan_check_read+0x11/0x20 [ 2339.050024][T17151] handle_mm_fault+0x3b7/0xaa0 [ 2339.056498][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2339.059836][T17151] __do_page_fault+0x536/0xdd0 [ 2339.059858][T17151] do_page_fault+0x38/0x590 [ 2339.059880][T17151] page_fault+0x39/0x40 [ 2339.066396][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2339.073467][T17151] RIP: 0033:0x430b36 [ 2339.073484][T17151] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2339.073491][T17151] RSP: 002b:00007fffd75db400 EFLAGS: 00010206 [ 2339.073501][T17151] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2339.073515][T17151] RDX: 0000000000f47930 RSI: 0000000000f4f970 RDI: 0000000000000003 [ 2339.080421][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2339.086740][T17151] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000f46940 [ 2339.093557][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2339.100210][T17151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2339.100218][T17151] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2339.104898][T17151] memory: usage 768kB, limit 0kB, failcnt 675 [ 2339.128961][T17151] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2339.148092][T17151] Memory cgroup stats for /syz5: [ 2339.148195][T17151] anon 8192 [ 2339.148195][T17151] file 0 [ 2339.148195][T17151] kernel_stack 0 [ 2339.148195][T17151] slab 544768 [ 2339.148195][T17151] sock 0 [ 2339.148195][T17151] shmem 0 [ 2339.148195][T17151] file_mapped 0 [ 2339.148195][T17151] file_dirty 0 [ 2339.148195][T17151] file_writeback 0 [ 2339.148195][T17151] anon_thp 0 [ 2339.148195][T17151] inactive_anon 0 [ 2339.148195][T17151] active_anon 8192 [ 2339.148195][T17151] inactive_file 0 [ 2339.148195][T17151] active_file 0 [ 2339.148195][T17151] unevictable 0 [ 2339.148195][T17151] slab_reclaimable 135168 [ 2339.148195][T17151] slab_unreclaimable 409600 [ 2339.148195][T17151] pgfault 8382 [ 2339.148195][T17151] pgmajfault 0 [ 2339.148195][T17151] workingset_refault 0 [ 2339.148195][T17151] workingset_activate 0 [ 2339.148195][T17151] workingset_nodereclaim 0 [ 2339.148195][T17151] pgrefill 233 [ 2339.148195][T17151] pgscan 362 [ 2339.148195][T17151] pgsteal 146 [ 2339.148195][T17151] pgactivate 198 [ 2339.173118][T17151] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17151,uid=0 [ 2339.209007][T17151] Memory cgroup out of memory: Killed process 17151 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2339.449306][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2339.470989][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2339.500986][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 04:54:54 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x0, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2339.593952][T17153] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2339.602707][T17198] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2339.664468][T17153] CPU: 1 PID: 17153 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2339.672602][T17153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2339.683118][T17153] Call Trace: [ 2339.686441][T17153] dump_stack+0x172/0x1f0 [ 2339.690786][T17153] dump_header+0x10b/0x82d [ 2339.695211][T17153] ? oom_kill_process+0x94/0x3f0 [ 2339.700835][T17153] oom_kill_process.cold+0x10/0x15 [ 2339.706185][T17153] out_of_memory+0x334/0x1340 [ 2339.711191][T17153] ? lock_downgrade+0x920/0x920 [ 2339.716644][T17153] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2339.722590][T17153] ? oom_killer_disable+0x280/0x280 [ 2339.727943][T17153] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2339.733688][T17153] ? memcg_stat_show+0xc40/0xc40 [ 2339.738835][T17153] ? do_raw_spin_unlock+0x57/0x270 [ 2339.744069][T17153] ? _raw_spin_unlock+0x2d/0x50 [ 2339.749034][T17153] try_charge+0xf4b/0x1440 [ 2339.753647][T17153] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2339.759304][T17153] ? percpu_ref_tryget_live+0x111/0x290 [ 2339.764984][T17153] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2339.771257][T17153] ? __kasan_check_read+0x11/0x20 [ 2339.776593][T17153] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2339.782517][T17153] mem_cgroup_try_charge+0x136/0x590 [ 2339.787839][T17153] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2339.793500][T17153] wp_page_copy+0x407/0x1860 [ 2339.798109][T17153] ? find_held_lock+0x35/0x130 [ 2339.802894][T17153] ? do_wp_page+0x53b/0x15c0 [ 2339.807520][T17153] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2339.813344][T17153] ? lock_downgrade+0x920/0x920 [ 2339.818212][T17153] ? swp_swapcount+0x540/0x540 [ 2339.823003][T17153] ? __kasan_check_read+0x11/0x20 [ 2339.828042][T17153] ? do_raw_spin_unlock+0x57/0x270 [ 2339.833278][T17153] do_wp_page+0x543/0x15c0 [ 2339.837723][T17153] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2339.843138][T17153] __handle_mm_fault+0x23ec/0x4040 [ 2339.848417][T17153] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2339.853994][T17153] ? handle_mm_fault+0x292/0xaa0 [ 2339.858967][T17153] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2339.865537][T17153] ? __kasan_check_read+0x11/0x20 [ 2339.870594][T17153] handle_mm_fault+0x3b7/0xaa0 [ 2339.875535][T17153] __do_page_fault+0x536/0xdd0 [ 2339.880318][T17153] do_page_fault+0x38/0x590 [ 2339.884845][T17153] page_fault+0x39/0x40 [ 2339.889012][T17153] RIP: 0033:0x430b36 [ 2339.892919][T17153] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2339.912542][T17153] RSP: 002b:00007ffe28a4e6a0 EFLAGS: 00010206 [ 2339.918622][T17153] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2339.926737][T17153] RDX: 00000000029ef930 RSI: 00000000029f7970 RDI: 0000000000000003 [ 2339.934911][T17153] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000029ee940 [ 2339.942902][T17153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2339.950917][T17153] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2339.964080][T17153] memory: usage 780kB, limit 0kB, failcnt 989 [ 2339.973334][T17153] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2339.980672][T17153] Memory cgroup stats for /syz4: [ 2339.980811][T17153] anon 40960 [ 2339.980811][T17153] file 163840 [ 2339.980811][T17153] kernel_stack 65536 [ 2339.980811][T17153] slab 692224 [ 2339.980811][T17153] sock 0 [ 2339.980811][T17153] shmem 0 [ 2339.980811][T17153] file_mapped 0 [ 2339.980811][T17153] file_dirty 135168 [ 2339.980811][T17153] file_writeback 0 [ 2339.980811][T17153] anon_thp 0 [ 2339.980811][T17153] inactive_anon 0 [ 2339.980811][T17153] active_anon 40960 [ 2339.980811][T17153] inactive_file 135168 [ 2339.980811][T17153] active_file 0 [ 2339.980811][T17153] unevictable 0 [ 2339.980811][T17153] slab_reclaimable 270336 [ 2339.980811][T17153] slab_unreclaimable 421888 [ 2339.980811][T17153] pgfault 9108 [ 2339.980811][T17153] pgmajfault 0 [ 2339.980811][T17153] workingset_refault 0 [ 2339.980811][T17153] workingset_activate 0 [ 2339.980811][T17153] workingset_nodereclaim 0 [ 2339.980811][T17153] pgrefill 264 [ 2339.980811][T17153] pgscan 292 [ 2339.980811][T17153] pgsteal 59 [ 2339.980811][T17153] pgactivate 231 [ 2340.076582][T17153] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17153,uid=0 [ 2340.094347][T17153] Memory cgroup out of memory: Killed process 17153 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2340.112831][ T1054] oom_reaper: reaped process 17153 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2340.124619][T17198] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2340.136746][T17198] CPU: 1 PID: 17198 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2340.144975][T17198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2340.144987][T17198] Call Trace: [ 2340.158359][T17198] dump_stack+0x172/0x1f0 [ 2340.162846][T17198] dump_header+0x10b/0x82d [ 2340.167274][T17198] oom_kill_process.cold+0x10/0x15 [ 2340.172405][T17198] out_of_memory+0x334/0x1340 [ 2340.177102][T17198] ? oom_killer_disable+0x280/0x280 [ 2340.182328][T17198] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2340.187888][T17198] ? memcg_stat_show+0xc40/0xc40 [ 2340.192850][T17198] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2340.198680][T17198] ? cgroup_file_notify+0x140/0x1b0 [ 2340.203901][T17198] memory_max_write+0x262/0x3a0 [ 2340.208767][T17198] ? mem_cgroup_write+0x370/0x370 [ 2340.213939][T17198] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2340.219409][T17198] cgroup_file_write+0x241/0x790 [ 2340.224343][T17198] ? mem_cgroup_write+0x370/0x370 [ 2340.229524][T17198] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2340.235156][T17198] ? kernfs_ops+0xe2/0x120 [ 2340.240152][T17198] ? kernfs_ops+0x9a/0x120 [ 2340.244583][T17198] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2340.250451][T17198] kernfs_fop_write+0x2b8/0x480 [ 2340.255740][T17198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2340.261979][T17198] __vfs_write+0x8a/0x110 [ 2340.266372][T17198] ? kernfs_fop_open+0xd80/0xd80 [ 2340.271307][T17198] vfs_write+0x268/0x5d0 [ 2340.275545][T17198] ksys_write+0x14f/0x290 [ 2340.279867][T17198] ? __ia32_sys_read+0xb0/0xb0 [ 2340.284630][T17198] ? do_syscall_64+0x26/0x760 [ 2340.289740][T17198] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2340.295800][T17198] ? do_syscall_64+0x26/0x760 [ 2340.300469][T17198] __x64_sys_write+0x73/0xb0 [ 2340.305049][T17198] do_syscall_64+0xfa/0x760 [ 2340.309542][T17198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2340.315459][T17198] RIP: 0033:0x459a59 [ 2340.319432][T17198] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2340.339048][T17198] RSP: 002b:00007f6084286c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2340.347546][T17198] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2340.355623][T17198] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2340.363588][T17198] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2340.371673][T17198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f60842876d4 [ 2340.379628][T17198] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2340.409957][T17198] memory: usage 22604kB, limit 0kB, failcnt 93 [ 2340.416248][T17198] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2340.425141][T17198] Memory cgroup stats for /syz1: [ 2340.425255][T17198] anon 2056192 [ 2340.425255][T17198] file 4096 [ 2340.425255][T17198] kernel_stack 0 [ 2340.425255][T17198] slab 20688896 [ 2340.425255][T17198] sock 0 [ 2340.425255][T17198] shmem 0 [ 2340.425255][T17198] file_mapped 0 [ 2340.425255][T17198] file_dirty 0 [ 2340.425255][T17198] file_writeback 0 [ 2340.425255][T17198] anon_thp 2097152 [ 2340.425255][T17198] inactive_anon 0 [ 2340.425255][T17198] active_anon 2056192 [ 2340.425255][T17198] inactive_file 135168 [ 2340.425255][T17198] active_file 0 [ 2340.425255][T17198] unevictable 0 [ 2340.425255][T17198] slab_reclaimable 20004864 [ 2340.425255][T17198] slab_unreclaimable 684032 [ 2340.425255][T17198] pgfault 37587 [ 2340.425255][T17198] pgmajfault 0 [ 2340.425255][T17198] workingset_refault 0 [ 2340.425255][T17198] workingset_activate 0 [ 2340.425255][T17198] workingset_nodereclaim 0 [ 2340.425255][T17198] pgrefill 135 [ 2340.425255][T17198] pgscan 133 [ 2340.425255][T17198] pgsteal 0 [ 2340.425255][T17198] pgactivate 99 [ 2340.524486][T17198] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17197,uid=0 [ 2340.541619][T17198] Memory cgroup out of memory: Killed process 17197 (syz-executor.1) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:54:55 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x0, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:54:55 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2340.562364][ T1054] oom_reaper: reaped process 17197 (syz-executor.1), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2340.595486][T17172] team0: Port device team_slave_0 added [ 2340.641551][T17165] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2340.658977][T17165] CPU: 0 PID: 17165 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2340.666895][T17165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2340.676951][T17165] Call Trace: [ 2340.680245][T17165] dump_stack+0x172/0x1f0 [ 2340.684616][T17165] dump_header+0x10b/0x82d [ 2340.689043][T17165] ? oom_kill_process+0x94/0x3f0 [ 2340.693983][T17165] oom_kill_process.cold+0x10/0x15 [ 2340.699093][T17165] out_of_memory+0x334/0x1340 [ 2340.703768][T17165] ? lock_downgrade+0x920/0x920 [ 2340.708619][T17165] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2340.714424][T17165] ? oom_killer_disable+0x280/0x280 [ 2340.719614][T17165] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2340.725238][T17165] ? memcg_stat_show+0xc40/0xc40 [ 2340.730160][T17165] ? do_raw_spin_unlock+0x57/0x270 [ 2340.735263][T17165] ? _raw_spin_unlock+0x2d/0x50 [ 2340.740099][T17165] try_charge+0xf4b/0x1440 [ 2340.744505][T17165] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2340.750033][T17165] ? percpu_ref_tryget_live+0x111/0x290 [ 2340.755558][T17165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2340.761893][T17165] ? __kasan_check_read+0x11/0x20 [ 2340.767093][T17165] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2340.772642][T17165] mem_cgroup_try_charge+0x136/0x590 [ 2340.777919][T17165] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2340.783733][T17165] wp_page_copy+0x407/0x1860 [ 2340.788328][T17165] ? find_held_lock+0x35/0x130 [ 2340.793078][T17165] ? do_wp_page+0x53b/0x15c0 [ 2340.797656][T17165] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2340.803537][T17165] ? lock_downgrade+0x920/0x920 [ 2340.808373][T17165] ? swp_swapcount+0x540/0x540 [ 2340.813119][T17165] ? __kasan_check_read+0x11/0x20 [ 2340.818124][T17165] ? do_raw_spin_unlock+0x57/0x270 [ 2340.823219][T17165] do_wp_page+0x543/0x15c0 [ 2340.827625][T17165] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2340.833012][T17165] __handle_mm_fault+0x23ec/0x4040 [ 2340.838109][T17165] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2340.843641][T17165] ? handle_mm_fault+0x292/0xaa0 [ 2340.848568][T17165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2340.854811][T17165] ? __kasan_check_read+0x11/0x20 [ 2340.859822][T17165] handle_mm_fault+0x3b7/0xaa0 [ 2340.864572][T17165] __do_page_fault+0x536/0xdd0 [ 2340.869324][T17165] do_page_fault+0x38/0x590 [ 2340.873825][T17165] page_fault+0x39/0x40 [ 2340.877959][T17165] RIP: 0033:0x430b36 [ 2340.881837][T17165] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2340.901433][T17165] RSP: 002b:00007fff5264c610 EFLAGS: 00010206 [ 2340.907479][T17165] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2340.915431][T17165] RDX: 0000000000b23930 RSI: 0000000000b2b970 RDI: 0000000000000003 [ 2340.923385][T17165] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000b22940 [ 2340.931335][T17165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2340.939286][T17165] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2340.951849][T17165] memory: usage 20280kB, limit 0kB, failcnt 101 [ 2340.958119][T17165] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2340.965356][T17165] Memory cgroup stats for /syz1: [ 2340.965456][T17165] anon 0 [ 2340.965456][T17165] file 4096 [ 2340.965456][T17165] kernel_stack 0 [ 2340.965456][T17165] slab 20688896 [ 2340.965456][T17165] sock 0 [ 2340.965456][T17165] shmem 0 [ 2340.965456][T17165] file_mapped 0 [ 2340.965456][T17165] file_dirty 0 [ 2340.965456][T17165] file_writeback 0 [ 2340.965456][T17165] anon_thp 0 [ 2340.965456][T17165] inactive_anon 0 [ 2340.965456][T17165] active_anon 0 [ 2340.965456][T17165] inactive_file 135168 [ 2340.965456][T17165] active_file 0 [ 2340.965456][T17165] unevictable 0 [ 2340.965456][T17165] slab_reclaimable 20004864 [ 2340.965456][T17165] slab_unreclaimable 684032 [ 2340.965456][T17165] pgfault 37587 [ 2340.965456][T17165] pgmajfault 0 [ 2340.965456][T17165] workingset_refault 0 [ 2340.965456][T17165] workingset_activate 0 [ 2340.965456][T17165] workingset_nodereclaim 0 [ 2340.965456][T17165] pgrefill 135 [ 2340.965456][T17165] pgscan 133 [ 2340.965456][T17165] pgsteal 0 [ 2340.965456][T17165] pgactivate 99 [ 2341.059596][T17165] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17165,uid=0 [ 2341.075677][T17165] Memory cgroup out of memory: Killed process 17165 (syz-executor.1) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2341.094175][ T1054] oom_reaper: reaped process 17165 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 04:54:56 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2341.311359][T17172] team0: Port device team_slave_1 added 04:54:56 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0x0, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 04:54:56 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0x0, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2341.932653][T17172] device hsr_slave_0 entered promiscuous mode [ 2341.991365][T17172] device hsr_slave_1 entered promiscuous mode [ 2342.028929][T17172] debugfs: Directory 'hsr0' with parent '/' already present! 04:54:57 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2342.257315][T17168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2342.357705][T17170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2342.380760][T17168] 8021q: adding VLAN 0 to HW filter on device team0 [ 2342.389390][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2342.397569][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2342.509382][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2342.518371][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2342.531868][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2342.538977][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2342.633611][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2342.644025][T17200] IPVS: ftp: loaded support on port[0] = 21 [ 2342.651218][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2342.663995][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2342.672956][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2342.682338][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2342.691917][ T2871] bridge0: port 2(bridge_slave_1) entered blocking state [ 2342.699016][ T2871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2342.712046][T17170] 8021q: adding VLAN 0 to HW filter on device team0 [ 2342.739352][T17172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2342.801131][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2342.860924][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2342.880200][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2342.899231][T11481] bridge0: port 1(bridge_slave_0) entered blocking state [ 2342.906489][T11481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2342.929702][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2342.938740][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2342.963148][T11481] bridge0: port 2(bridge_slave_1) entered blocking state [ 2342.970300][T11481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2342.978938][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2342.988722][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2342.997197][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2343.088241][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2343.099657][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2343.109250][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2343.118345][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2343.128519][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2343.137925][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2343.147941][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2343.162191][T17172] 8021q: adding VLAN 0 to HW filter on device team0 [ 2343.242513][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2343.255637][T17202] IPVS: ftp: loaded support on port[0] = 21 [ 2343.262688][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2343.278228][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2343.382116][T17168] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2343.404484][T17168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2343.429828][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2343.440501][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2343.450004][T15292] bridge0: port 1(bridge_slave_0) entered blocking state [ 2343.457060][T15292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2343.466340][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2343.475187][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2343.484259][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2343.493867][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2343.503244][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2343.515960][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2343.525407][T15292] bridge0: port 2(bridge_slave_1) entered blocking state [ 2343.532510][T15292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2343.542010][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2343.550444][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2343.660422][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2343.670544][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2343.680324][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2343.689813][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2343.698404][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2343.760534][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2343.779993][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2343.788580][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2343.862566][T17170] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2343.874907][T17168] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2343.890228][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2343.901361][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2343.920017][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2343.931829][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2343.950796][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2344.075648][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2344.088631][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2344.180238][T17172] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2344.194816][T17172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2344.213269][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2344.224104][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2344.268536][T17200] chnl_net:caif_netlink_parms(): no params data found [ 2344.296298][T17170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2344.356935][T17211] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2344.487508][T17172] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2344.516934][T17211] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2344.527505][T17211] CPU: 1 PID: 17211 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2344.535426][T17211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2344.545482][T17211] Call Trace: [ 2344.548780][T17211] dump_stack+0x172/0x1f0 [ 2344.553117][T17211] dump_header+0x10b/0x82d [ 2344.557532][T17211] oom_kill_process.cold+0x10/0x15 [ 2344.562648][T17211] out_of_memory+0x334/0x1340 [ 2344.567425][T17211] ? __sched_text_start+0x8/0x8 [ 2344.572281][T17211] ? oom_killer_disable+0x280/0x280 [ 2344.577489][T17211] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2344.583032][T17211] ? memcg_stat_show+0xc40/0xc40 [ 2344.587973][T17211] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2344.593786][T17211] ? cgroup_file_notify+0x140/0x1b0 [ 2344.598993][T17211] memory_max_write+0x262/0x3a0 [ 2344.603861][T17211] ? mem_cgroup_write+0x370/0x370 [ 2344.608888][T17211] ? lock_acquire+0x20b/0x410 [ 2344.613991][T17211] ? retint_kernel+0x2b/0x2b [ 2344.618612][T17211] cgroup_file_write+0x241/0x790 [ 2344.623544][T17211] ? mem_cgroup_write+0x370/0x370 [ 2344.628569][T17211] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2344.634189][T17211] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2344.639807][T17211] kernfs_fop_write+0x2b8/0x480 [ 2344.644760][T17211] __vfs_write+0x8a/0x110 [ 2344.649073][T17211] ? kernfs_fop_open+0xd80/0xd80 [ 2344.654063][T17211] vfs_write+0x268/0x5d0 [ 2344.658293][T17211] ksys_write+0x14f/0x290 [ 2344.662653][T17211] ? __ia32_sys_read+0xb0/0xb0 [ 2344.667439][T17211] __x64_sys_write+0x73/0xb0 [ 2344.672013][T17211] do_syscall_64+0xfa/0x760 [ 2344.676501][T17211] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2344.682377][T17211] RIP: 0033:0x459a59 [ 2344.686251][T17211] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2344.705853][T17211] RSP: 002b:00007fdbd7432c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2344.714254][T17211] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2344.722205][T17211] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2344.730157][T17211] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2344.738194][T17211] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdbd74336d4 [ 2344.746160][T17211] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2344.780011][T17211] memory: usage 2992kB, limit 0kB, failcnt 782 [ 2344.786796][T17211] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2344.794868][T17211] Memory cgroup stats for /syz2: [ 2344.796022][T17211] anon 2207744 [ 2344.796022][T17211] file 12288 [ 2344.796022][T17211] kernel_stack 0 [ 2344.796022][T17211] slab 516096 [ 2344.796022][T17211] sock 0 [ 2344.796022][T17211] shmem 0 [ 2344.796022][T17211] file_mapped 0 [ 2344.796022][T17211] file_dirty 0 [ 2344.796022][T17211] file_writeback 0 [ 2344.796022][T17211] anon_thp 2097152 [ 2344.796022][T17211] inactive_anon 0 [ 2344.796022][T17211] active_anon 2134016 [ 2344.796022][T17211] inactive_file 0 [ 2344.796022][T17211] active_file 0 [ 2344.796022][T17211] unevictable 0 [ 2344.796022][T17211] slab_reclaimable 135168 [ 2344.796022][T17211] slab_unreclaimable 380928 [ 2344.796022][T17211] pgfault 14949 [ 2344.796022][T17211] pgmajfault 0 [ 2344.796022][T17211] workingset_refault 0 [ 2344.796022][T17211] workingset_activate 0 [ 2344.796022][T17211] workingset_nodereclaim 0 [ 2344.796022][T17211] pgrefill 0 [ 2344.796022][T17211] pgscan 0 [ 2344.796022][T17211] pgsteal 0 [ 2344.796022][T17211] pgactivate 0 [ 2344.892879][T17211] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17209,uid=0 [ 2344.909723][T17211] Memory cgroup out of memory: Killed process 17209 (syz-executor.2) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2344.933365][ T1054] oom_reaper: reaped process 17209 (syz-executor.2), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 04:55:00 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0x0, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2345.062038][T17200] bridge0: port 1(bridge_slave_0) entered blocking state [ 2345.079343][T17200] bridge0: port 1(bridge_slave_0) entered disabled state [ 2345.088001][T17200] device bridge_slave_0 entered promiscuous mode [ 2345.121058][T17168] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2345.140655][T17168] CPU: 0 PID: 17168 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2345.148579][T17168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2345.158631][T17168] Call Trace: [ 2345.161926][T17168] dump_stack+0x172/0x1f0 [ 2345.166256][T17168] dump_header+0x10b/0x82d [ 2345.170668][T17168] ? oom_kill_process+0x94/0x3f0 [ 2345.175604][T17168] oom_kill_process.cold+0x10/0x15 [ 2345.180715][T17168] out_of_memory+0x334/0x1340 [ 2345.185386][T17168] ? lock_downgrade+0x920/0x920 [ 2345.190243][T17168] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2345.196047][T17168] ? oom_killer_disable+0x280/0x280 [ 2345.201252][T17168] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2345.206793][T17168] ? memcg_stat_show+0xc40/0xc40 [ 2345.211735][T17168] ? do_raw_spin_unlock+0x57/0x270 [ 2345.216842][T17168] ? _raw_spin_unlock+0x2d/0x50 [ 2345.221699][T17168] try_charge+0xf4b/0x1440 [ 2345.226121][T17168] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2345.231663][T17168] ? percpu_ref_tryget_live+0x111/0x290 [ 2345.237214][T17168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2345.243462][T17168] ? __kasan_check_read+0x11/0x20 [ 2345.248489][T17168] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2345.254039][T17168] mem_cgroup_try_charge+0x136/0x590 [ 2345.259328][T17168] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2345.264959][T17168] wp_page_copy+0x407/0x1860 [ 2345.269546][T17168] ? find_held_lock+0x35/0x130 [ 2345.274306][T17168] ? do_wp_page+0x53b/0x15c0 [ 2345.278898][T17168] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2345.284789][T17168] ? lock_downgrade+0x920/0x920 [ 2345.289642][T17168] ? swp_swapcount+0x540/0x540 [ 2345.294408][T17168] ? __kasan_check_read+0x11/0x20 [ 2345.299431][T17168] ? do_raw_spin_unlock+0x57/0x270 [ 2345.304553][T17168] do_wp_page+0x543/0x15c0 [ 2345.308975][T17168] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2345.314351][T17168] __handle_mm_fault+0x23ec/0x4040 [ 2345.319463][T17168] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2345.325003][T17168] ? handle_mm_fault+0x292/0xaa0 [ 2345.329956][T17168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2345.336194][T17168] ? __kasan_check_read+0x11/0x20 [ 2345.341221][T17168] handle_mm_fault+0x3b7/0xaa0 [ 2345.345988][T17168] __do_page_fault+0x536/0xdd0 [ 2345.350758][T17168] do_page_fault+0x38/0x590 [ 2345.355270][T17168] page_fault+0x39/0x40 [ 2345.359764][T17168] RIP: 0033:0x430b36 [ 2345.363655][T17168] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2345.383254][T17168] RSP: 002b:00007fff476a4350 EFLAGS: 00010206 [ 2345.389317][T17168] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2345.397284][T17168] RDX: 00000000029a2930 RSI: 00000000029aa970 RDI: 0000000000000003 [ 2345.405250][T17168] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000029a1940 [ 2345.413216][T17168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2345.421191][T17168] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2345.430556][T17168] memory: usage 672kB, limit 0kB, failcnt 790 [ 2345.436634][T17168] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2345.444800][T17168] Memory cgroup stats for /syz2: [ 2345.444890][T17168] anon 61440 [ 2345.444890][T17168] file 12288 [ 2345.444890][T17168] kernel_stack 0 [ 2345.444890][T17168] slab 516096 [ 2345.444890][T17168] sock 0 [ 2345.444890][T17168] shmem 0 [ 2345.444890][T17168] file_mapped 0 [ 2345.444890][T17168] file_dirty 0 [ 2345.444890][T17168] file_writeback 0 [ 2345.444890][T17168] anon_thp 0 [ 2345.444890][T17168] inactive_anon 0 [ 2345.444890][T17168] active_anon 0 [ 2345.444890][T17168] inactive_file 0 [ 2345.444890][T17168] active_file 0 [ 2345.444890][T17168] unevictable 0 [ 2345.444890][T17168] slab_reclaimable 135168 [ 2345.444890][T17168] slab_unreclaimable 380928 [ 2345.444890][T17168] pgfault 14949 [ 2345.444890][T17168] pgmajfault 0 [ 2345.444890][T17168] workingset_refault 0 [ 2345.444890][T17168] workingset_activate 0 [ 2345.444890][T17168] workingset_nodereclaim 0 [ 2345.444890][T17168] pgrefill 0 [ 2345.444890][T17168] pgscan 0 [ 2345.444890][T17168] pgsteal 0 [ 2345.444890][T17168] pgactivate 0 [ 2345.444890][T17168] pgdeactivate 0 [ 2345.450304][T17168] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17168,uid=0 [ 2345.575491][T17168] Memory cgroup out of memory: Killed process 17168 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2345.599085][T17200] bridge0: port 2(bridge_slave_1) entered blocking state [ 2345.606424][T17200] bridge0: port 2(bridge_slave_1) entered disabled state [ 2345.614632][ T1054] oom_reaper: reaped process 17168 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2345.615649][T17200] device bridge_slave_1 entered promiscuous mode [ 2345.709817][T17222] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2345.777158][T17225] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2345.813804][T17226] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2345.813823][T17226] CPU: 0 PID: 17226 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2345.831868][T17226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2345.841912][T17226] Call Trace: [ 2345.841934][T17226] dump_stack+0x172/0x1f0 [ 2345.841954][T17226] dump_header+0x10b/0x82d [ 2345.841972][T17226] oom_kill_process.cold+0x10/0x15 [ 2345.841988][T17226] out_of_memory+0x334/0x1340 [ 2345.842007][T17226] ? __sched_text_start+0x8/0x8 [ 2345.842024][T17226] ? oom_killer_disable+0x280/0x280 [ 2345.842047][T17226] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2345.842064][T17226] ? memcg_stat_show+0xc40/0xc40 [ 2345.859147][T17226] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2345.868651][T17226] ? cgroup_file_notify+0x140/0x1b0 [ 2345.868674][T17226] memory_max_write+0x262/0x3a0 [ 2345.890265][T17226] ? mem_cgroup_write+0x370/0x370 [ 2345.890287][T17226] ? lock_acquire+0x190/0x410 [ 2345.890303][T17226] ? kernfs_fop_write+0x227/0x480 [ 2345.890325][T17226] cgroup_file_write+0x241/0x790 [ 2345.890341][T17226] ? mem_cgroup_write+0x370/0x370 [ 2345.890357][T17226] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2345.890377][T17226] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2345.890392][T17226] kernfs_fop_write+0x2b8/0x480 [ 2345.890409][T17226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2345.890428][T17226] __vfs_write+0x8a/0x110 [ 2345.890441][T17226] ? kernfs_fop_open+0xd80/0xd80 [ 2345.890458][T17226] vfs_write+0x268/0x5d0 [ 2345.890475][T17226] ksys_write+0x14f/0x290 [ 2345.890490][T17226] ? __ia32_sys_read+0xb0/0xb0 [ 2345.890506][T17226] ? do_syscall_64+0x26/0x760 [ 2345.890520][T17226] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2345.890532][T17226] ? do_syscall_64+0x26/0x760 [ 2345.890547][T17226] __x64_sys_write+0x73/0xb0 [ 2345.890563][T17226] do_syscall_64+0xfa/0x760 [ 2345.890581][T17226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2345.890592][T17226] RIP: 0033:0x459a59 [ 2345.890607][T17226] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2345.890614][T17226] RSP: 002b:00007f6b45d89c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2345.890628][T17226] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2345.890636][T17226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2345.890643][T17226] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2345.890650][T17226] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6b45d8a6d4 [ 2345.890659][T17226] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2345.931992][T17226] memory: usage 3212kB, limit 0kB, failcnt 855 [ 2345.986583][T17226] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2346.002028][T17226] Memory cgroup stats for /syz0: [ 2346.002135][T17226] anon 2166784 [ 2346.002135][T17226] file 0 [ 2346.002135][T17226] kernel_stack 131072 [ 2346.002135][T17226] slab 704512 [ 2346.002135][T17226] sock 0 [ 2346.002135][T17226] shmem 0 [ 2346.002135][T17226] file_mapped 0 [ 2346.002135][T17226] file_dirty 0 [ 2346.002135][T17226] file_writeback 0 [ 2346.002135][T17226] anon_thp 2097152 [ 2346.002135][T17226] inactive_anon 0 [ 2346.002135][T17226] active_anon 2166784 [ 2346.002135][T17226] inactive_file 135168 [ 2346.002135][T17226] active_file 0 [ 2346.002135][T17226] unevictable 0 [ 2346.002135][T17226] slab_reclaimable 135168 [ 2346.002135][T17226] slab_unreclaimable 569344 [ 2346.002135][T17226] pgfault 14883 [ 2346.002135][T17226] pgmajfault 0 [ 2346.002135][T17226] workingset_refault 0 [ 2346.002135][T17226] workingset_activate 0 [ 2346.002135][T17226] workingset_nodereclaim 0 [ 2346.002135][T17226] pgrefill 0 [ 2346.002135][T17226] pgscan 0 [ 2346.002135][T17226] pgsteal 0 [ 2346.002135][T17226] pgactivate 0 [ 2346.068874][T17226] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17221,uid=0 [ 2346.088081][T17226] Memory cgroup out of memory: Killed process 17221 (syz-executor.0) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2346.186695][ T1054] oom_reaper: reaped process 17221 (syz-executor.0), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2346.229830][T17225] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2346.242616][T17225] CPU: 0 PID: 17225 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2346.250507][T17225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2346.250518][T17225] Call Trace: [ 2346.263865][T17225] dump_stack+0x172/0x1f0 [ 2346.268198][T17225] dump_header+0x10b/0x82d [ 2346.272609][T17225] oom_kill_process.cold+0x10/0x15 [ 2346.277710][T17225] out_of_memory+0x334/0x1340 [ 2346.282382][T17225] ? oom_killer_disable+0x280/0x280 [ 2346.282408][T17225] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2346.282421][T17225] ? memcg_stat_show+0xc40/0xc40 [ 2346.282443][T17225] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2346.282462][T17225] ? cgroup_file_notify+0x140/0x1b0 [ 2346.282480][T17225] memory_max_write+0x262/0x3a0 [ 2346.282497][T17225] ? mem_cgroup_write+0x370/0x370 [ 2346.282515][T17225] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2346.282534][T17225] cgroup_file_write+0x241/0x790 [ 2346.282550][T17225] ? mem_cgroup_write+0x370/0x370 [ 2346.282564][T17225] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2346.282586][T17225] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2346.282600][T17225] kernfs_fop_write+0x2b8/0x480 [ 2346.282615][T17225] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2346.282633][T17225] __vfs_write+0x8a/0x110 [ 2346.282645][T17225] ? kernfs_fop_open+0xd80/0xd80 [ 2346.282659][T17225] vfs_write+0x268/0x5d0 [ 2346.282676][T17225] ksys_write+0x14f/0x290 [ 2346.282692][T17225] ? __ia32_sys_read+0xb0/0xb0 [ 2346.282714][T17225] __x64_sys_write+0x73/0xb0 [ 2346.282731][T17225] do_syscall_64+0xfa/0x760 [ 2346.282750][T17225] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2346.282761][T17225] RIP: 0033:0x459a59 [ 2346.282776][T17225] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2346.282784][T17225] RSP: 002b:00007f1dcd471c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2346.282797][T17225] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2346.282805][T17225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2346.282813][T17225] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2346.282822][T17225] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1dcd4726d4 [ 2346.282830][T17225] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2346.285096][T17225] memory: usage 4704kB, limit 0kB, failcnt 1510 [ 2346.310824][T17225] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2346.321462][T17225] Memory cgroup stats for /syz3: [ 2346.322331][T17225] anon 2121728 [ 2346.322331][T17225] file 0 [ 2346.322331][T17225] kernel_stack 65536 [ 2346.322331][T17225] slab 2715648 [ 2346.322331][T17225] sock 0 [ 2346.322331][T17225] shmem 0 [ 2346.322331][T17225] file_mapped 0 [ 2346.322331][T17225] file_dirty 0 [ 2346.322331][T17225] file_writeback 0 [ 2346.322331][T17225] anon_thp 2097152 [ 2346.322331][T17225] inactive_anon 0 [ 2346.322331][T17225] active_anon 2121728 [ 2346.322331][T17225] inactive_file 28672 [ 2346.322331][T17225] active_file 0 [ 2346.322331][T17225] unevictable 0 [ 2346.322331][T17225] slab_reclaimable 1892352 [ 2346.322331][T17225] slab_unreclaimable 823296 [ 2346.322331][T17225] pgfault 13299 [ 2346.322331][T17225] pgmajfault 0 [ 2346.322331][T17225] workingset_refault 0 [ 2346.322331][T17225] workingset_activate 0 [ 2346.322331][T17225] workingset_nodereclaim 0 [ 2346.322331][T17225] pgrefill 496 [ 2346.322331][T17225] pgscan 4606 [ 2346.322331][T17225] pgsteal 4107 [ 2346.322331][T17225] pgactivate 462 [ 2346.331926][T17225] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17224,uid=0 [ 2346.363797][T17225] Memory cgroup out of memory: Killed process 17224 (syz-executor.3) total-vm:72580kB, anon-rss:2180kB, file-rss:35848kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2346.388000][ T1054] oom_reaper: reaped process 17224 (syz-executor.3), now anon-rss:0kB, file-rss:34908kB, shmem-rss:0kB [ 2346.627647][T17172] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2346.637963][T17200] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2346.656993][T17172] CPU: 0 PID: 17172 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2346.664929][T17172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2346.675009][T17172] Call Trace: [ 2346.678300][T17172] dump_stack+0x172/0x1f0 [ 2346.682640][T17172] dump_header+0x10b/0x82d [ 2346.687054][T17172] ? oom_kill_process+0x94/0x3f0 [ 2346.692004][T17172] oom_kill_process.cold+0x10/0x15 [ 2346.697202][T17172] out_of_memory+0x334/0x1340 [ 2346.701875][T17172] ? lock_downgrade+0x920/0x920 [ 2346.707418][T17172] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2346.713223][T17172] ? oom_killer_disable+0x280/0x280 [ 2346.718431][T17172] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2346.723973][T17172] ? memcg_stat_show+0xc40/0xc40 [ 2346.728932][T17172] ? do_raw_spin_unlock+0x57/0x270 [ 2346.734041][T17172] ? _raw_spin_unlock+0x2d/0x50 [ 2346.738910][T17172] try_charge+0xf4b/0x1440 [ 2346.743353][T17172] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2346.748911][T17172] ? percpu_ref_tryget_live+0x111/0x290 [ 2346.754551][T17172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2346.760800][T17172] ? __kasan_check_read+0x11/0x20 [ 2346.765834][T17172] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2346.771473][T17172] mem_cgroup_try_charge+0x136/0x590 [ 2346.776764][T17172] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2346.782832][T17172] __handle_mm_fault+0x1f0d/0x4040 [ 2346.787954][T17172] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2346.793500][T17172] ? handle_mm_fault+0x292/0xaa0 [ 2346.798468][T17172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2346.804709][T17172] ? __kasan_check_read+0x11/0x20 [ 2346.809739][T17172] handle_mm_fault+0x3b7/0xaa0 [ 2346.814508][T17172] __do_page_fault+0x536/0xdd0 [ 2346.819277][T17172] do_page_fault+0x38/0x590 [ 2346.823777][T17172] page_fault+0x39/0x40 [ 2346.827924][T17172] RIP: 0033:0x403522 [ 2346.831815][T17172] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2346.851423][T17172] RSP: 002b:00007ffc36003f10 EFLAGS: 00010246 [ 2346.857483][T17172] RAX: 0000000000000000 RBX: 000000000023cba2 RCX: 0000000000413660 [ 2346.865625][T17172] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc36005040 [ 2346.873595][T17172] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000133a940 04:55:01 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x0, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:01 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:01 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2346.881560][T17172] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc36005040 [ 2346.889524][T17172] R13: 00007ffc36005030 R14: 0000000000000000 R15: 00007ffc36005040 [ 2347.113589][T17172] memory: usage 2380kB, limit 0kB, failcnt 1518 [ 2347.120282][T17172] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2347.127222][T17172] Memory cgroup stats for /syz3: [ 2347.127324][T17172] anon 16384 [ 2347.127324][T17172] file 0 [ 2347.127324][T17172] kernel_stack 0 [ 2347.127324][T17172] slab 2715648 [ 2347.127324][T17172] sock 0 [ 2347.127324][T17172] shmem 0 [ 2347.127324][T17172] file_mapped 0 [ 2347.127324][T17172] file_dirty 0 [ 2347.127324][T17172] file_writeback 0 [ 2347.127324][T17172] anon_thp 0 [ 2347.127324][T17172] inactive_anon 0 [ 2347.127324][T17172] active_anon 16384 [ 2347.127324][T17172] inactive_file 28672 [ 2347.127324][T17172] active_file 0 [ 2347.127324][T17172] unevictable 0 [ 2347.127324][T17172] slab_reclaimable 1892352 [ 2347.127324][T17172] slab_unreclaimable 823296 [ 2347.127324][T17172] pgfault 13299 [ 2347.127324][T17172] pgmajfault 0 [ 2347.127324][T17172] workingset_refault 0 [ 2347.127324][T17172] workingset_activate 0 [ 2347.127324][T17172] workingset_nodereclaim 0 [ 2347.127324][T17172] pgrefill 496 [ 2347.127324][T17172] pgscan 4606 [ 2347.127324][T17172] pgsteal 4107 [ 2347.127324][T17172] pgactivate 462 [ 2347.132996][T17172] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17172,uid=0 [ 2347.237757][T17202] chnl_net:caif_netlink_parms(): no params data found [ 2347.237970][T17172] Memory cgroup out of memory: Killed process 17172 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2347.264054][ T1054] oom_reaper: reaped process 17172 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2347.275228][T17170] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2347.286174][T17170] CPU: 0 PID: 17170 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2347.294064][T17170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2347.294458][T17200] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2347.304119][T17170] Call Trace: [ 2347.304138][T17170] dump_stack+0x172/0x1f0 [ 2347.304162][T17170] dump_header+0x10b/0x82d [ 2347.304174][T17170] ? oom_kill_process+0x94/0x3f0 [ 2347.304189][T17170] oom_kill_process.cold+0x10/0x15 [ 2347.304203][T17170] out_of_memory+0x334/0x1340 [ 2347.304215][T17170] ? lock_downgrade+0x920/0x920 [ 2347.304233][T17170] ? oom_killer_disable+0x280/0x280 [ 2347.330998][T17170] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2347.345591][T17170] ? memcg_stat_show+0xc40/0xc40 [ 2347.361228][T17170] ? do_raw_spin_unlock+0x57/0x270 [ 2347.366342][T17170] ? _raw_spin_unlock+0x2d/0x50 [ 2347.371192][T17170] try_charge+0xf4b/0x1440 [ 2347.371215][T17170] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2347.381124][T17170] ? percpu_ref_tryget_live+0x111/0x290 [ 2347.381141][T17170] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2347.381161][T17170] ? __kasan_check_read+0x11/0x20 [ 2347.381181][T17170] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2347.381200][T17170] mem_cgroup_try_charge+0x136/0x590 [ 2347.381227][T17170] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2347.403507][T17170] wp_page_copy+0x407/0x1860 [ 2347.419032][T17170] ? find_held_lock+0x35/0x130 [ 2347.423795][T17170] ? do_wp_page+0x53b/0x15c0 [ 2347.428378][T17170] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2347.434174][T17170] ? lock_downgrade+0x920/0x920 [ 2347.434192][T17170] ? swp_swapcount+0x540/0x540 [ 2347.434207][T17170] ? __kasan_check_read+0x11/0x20 [ 2347.434218][T17170] ? do_raw_spin_unlock+0x57/0x270 [ 2347.434233][T17170] do_wp_page+0x543/0x15c0 [ 2347.434252][T17170] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2347.434275][T17170] __handle_mm_fault+0x23ec/0x4040 [ 2347.434297][T17170] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2347.474340][T17170] ? handle_mm_fault+0x292/0xaa0 [ 2347.479291][T17170] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2347.485534][T17170] ? __kasan_check_read+0x11/0x20 [ 2347.490563][T17170] handle_mm_fault+0x3b7/0xaa0 [ 2347.495329][T17170] __do_page_fault+0x536/0xdd0 [ 2347.500569][T17170] do_page_fault+0x38/0x590 [ 2347.505081][T17170] page_fault+0x39/0x40 [ 2347.509243][T17170] RIP: 0033:0x430b36 [ 2347.513139][T17170] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2347.532921][T17170] RSP: 002b:00007ffe94ab2230 EFLAGS: 00010206 [ 2347.538984][T17170] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2347.546949][T17170] RDX: 0000000002131930 RSI: 0000000002139970 RDI: 0000000000000003 [ 2347.554922][T17170] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002130940 [ 2347.562889][T17170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2347.570858][T17170] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2347.583088][T17170] memory: usage 840kB, limit 0kB, failcnt 867 [ 2347.589282][T17170] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2347.596143][T17170] Memory cgroup stats for /syz0: [ 2347.596246][T17170] anon 69632 [ 2347.596246][T17170] file 0 [ 2347.596246][T17170] kernel_stack 0 [ 2347.596246][T17170] slab 704512 [ 2347.596246][T17170] sock 0 [ 2347.596246][T17170] shmem 0 [ 2347.596246][T17170] file_mapped 0 [ 2347.596246][T17170] file_dirty 0 [ 2347.596246][T17170] file_writeback 0 [ 2347.596246][T17170] anon_thp 0 [ 2347.596246][T17170] inactive_anon 0 [ 2347.596246][T17170] active_anon 69632 [ 2347.596246][T17170] inactive_file 135168 [ 2347.596246][T17170] active_file 0 [ 2347.596246][T17170] unevictable 0 [ 2347.596246][T17170] slab_reclaimable 135168 [ 2347.596246][T17170] slab_unreclaimable 569344 [ 2347.596246][T17170] pgfault 14916 [ 2347.596246][T17170] pgmajfault 0 04:55:02 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0x0, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2347.596246][T17170] workingset_refault 0 [ 2347.596246][T17170] workingset_activate 0 [ 2347.596246][T17170] workingset_nodereclaim 0 [ 2347.596246][T17170] pgrefill 0 [ 2347.596246][T17170] pgscan 0 [ 2347.596246][T17170] pgsteal 0 [ 2347.596246][T17170] pgactivate 0 [ 2347.596246][T17170] pgdeactivate 0 [ 2347.602010][T17170] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17170,uid=0 [ 2347.722271][T17170] Memory cgroup out of memory: Killed process 17170 (syz-executor.0) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2347.741369][ T1054] oom_reaper: reaped process 17170 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 04:55:02 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0x0, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2348.165614][T17200] team0: Port device team_slave_0 added 04:55:03 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2348.510377][T17200] team0: Port device team_slave_1 added 04:55:03 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x0, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2348.569201][T17202] bridge0: port 1(bridge_slave_0) entered blocking state [ 2348.576359][T17202] bridge0: port 1(bridge_slave_0) entered disabled state [ 2348.590471][T17202] device bridge_slave_0 entered promiscuous mode [ 2348.649213][T17228] IPVS: ftp: loaded support on port[0] = 21 [ 2348.700776][T17202] bridge0: port 2(bridge_slave_1) entered blocking state [ 2348.707866][T17202] bridge0: port 2(bridge_slave_1) entered disabled state [ 2348.732324][T17202] device bridge_slave_1 entered promiscuous mode [ 2348.842938][T17200] device hsr_slave_0 entered promiscuous mode [ 2348.889769][T17200] device hsr_slave_1 entered promiscuous mode [ 2348.959295][T17200] debugfs: Directory 'hsr0' with parent '/' already present! [ 2349.055857][T17202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2349.092748][T17202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2349.216327][T17202] team0: Port device team_slave_0 added [ 2349.231766][T17202] team0: Port device team_slave_1 added [ 2349.443066][T17202] device hsr_slave_0 entered promiscuous mode [ 2349.550155][T17202] device hsr_slave_1 entered promiscuous mode [ 2349.588926][T17202] debugfs: Directory 'hsr0' with parent '/' already present! [ 2349.696210][T17230] IPVS: ftp: loaded support on port[0] = 21 [ 2349.724871][T17228] chnl_net:caif_netlink_parms(): no params data found [ 2349.847856][T17200] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2349.956554][T17228] bridge0: port 1(bridge_slave_0) entered blocking state [ 2349.965061][T17228] bridge0: port 1(bridge_slave_0) entered disabled state [ 2349.974728][T17228] device bridge_slave_0 entered promiscuous mode [ 2350.002440][T17228] bridge0: port 2(bridge_slave_1) entered blocking state [ 2350.013580][T17228] bridge0: port 2(bridge_slave_1) entered disabled state [ 2350.022654][T17228] device bridge_slave_1 entered promiscuous mode [ 2350.148855][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2350.157320][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2350.191971][T17200] 8021q: adding VLAN 0 to HW filter on device team0 [ 2350.273840][T17228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2350.293958][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2350.304135][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2350.313242][ T8893] bridge0: port 1(bridge_slave_0) entered blocking state [ 2350.320368][ T8893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2350.336521][T17228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2350.395456][T17202] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2350.412234][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2350.421234][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2350.430622][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2350.439612][T11481] bridge0: port 2(bridge_slave_1) entered blocking state [ 2350.446666][T11481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2350.455736][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2350.550641][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2350.573738][T17228] team0: Port device team_slave_0 added [ 2350.592211][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2350.610155][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2350.618274][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2350.628068][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2350.642785][T17202] 8021q: adding VLAN 0 to HW filter on device team0 [ 2350.653381][T17228] team0: Port device team_slave_1 added [ 2350.712428][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2350.753450][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2350.763633][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2350.773016][T11102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2350.780131][T11102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2350.790464][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2350.800109][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2350.808630][T11102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2350.815763][T11102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2350.827019][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2350.835633][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2350.845217][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2350.879406][T17230] chnl_net:caif_netlink_parms(): no params data found [ 2350.953850][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2350.964677][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2350.975344][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2350.985138][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2350.994497][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2351.003474][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2351.034398][T17200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2351.133017][T17228] device hsr_slave_0 entered promiscuous mode [ 2351.190047][T17228] device hsr_slave_1 entered promiscuous mode [ 2351.269028][T17228] debugfs: Directory 'hsr0' with parent '/' already present! [ 2351.284500][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2351.295082][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2351.372171][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2351.381358][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2351.392516][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2351.481506][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2351.494795][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2351.503971][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2351.513594][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2351.526771][T17202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2351.545275][T17200] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2351.560540][T17230] bridge0: port 1(bridge_slave_0) entered blocking state [ 2351.567623][T17230] bridge0: port 1(bridge_slave_0) entered disabled state [ 2351.588304][T17230] device bridge_slave_0 entered promiscuous mode [ 2351.685287][T17230] bridge0: port 2(bridge_slave_1) entered blocking state [ 2351.692981][T17230] bridge0: port 2(bridge_slave_1) entered disabled state [ 2351.701975][T17230] device bridge_slave_1 entered promiscuous mode [ 2351.789954][T17230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2351.803996][T17202] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2351.833187][T17230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2351.892937][T17240] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2351.989949][T17230] team0: Port device team_slave_0 added [ 2352.008647][T17230] team0: Port device team_slave_1 added [ 2352.017191][T17240] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2352.032406][T17240] CPU: 1 PID: 17240 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2352.040356][T17240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2352.051474][T17240] Call Trace: [ 2352.054786][T17240] dump_stack+0x172/0x1f0 [ 2352.059125][T17240] dump_header+0x10b/0x82d [ 2352.063550][T17240] oom_kill_process.cold+0x10/0x15 [ 2352.068668][T17240] out_of_memory+0x334/0x1340 [ 2352.073351][T17240] ? __sched_text_start+0x8/0x8 [ 2352.078205][T17240] ? oom_killer_disable+0x280/0x280 [ 2352.083418][T17240] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2352.088964][T17240] ? memcg_stat_show+0xc40/0xc40 [ 2352.093912][T17240] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2352.099726][T17240] ? cgroup_file_notify+0x140/0x1b0 [ 2352.104932][T17240] memory_max_write+0x262/0x3a0 [ 2352.109775][T17240] ? mem_cgroup_write+0x370/0x370 [ 2352.114846][T17240] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2352.120300][T17240] cgroup_file_write+0x241/0x790 [ 2352.125244][T17240] ? mem_cgroup_write+0x370/0x370 [ 2352.130276][T17240] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2352.135908][T17240] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2352.141525][T17240] kernfs_fop_write+0x2b8/0x480 [ 2352.146364][T17240] __vfs_write+0x8a/0x110 [ 2352.150682][T17240] ? kernfs_fop_open+0xd80/0xd80 [ 2352.155605][T17240] vfs_write+0x268/0x5d0 [ 2352.159833][T17240] ksys_write+0x14f/0x290 [ 2352.164158][T17240] ? __ia32_sys_read+0xb0/0xb0 [ 2352.168917][T17240] ? do_syscall_64+0x26/0x760 [ 2352.173593][T17240] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2352.179656][T17240] ? do_syscall_64+0x26/0x760 [ 2352.184333][T17240] __x64_sys_write+0x73/0xb0 [ 2352.188909][T17240] do_syscall_64+0xfa/0x760 [ 2352.193407][T17240] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2352.199282][T17240] RIP: 0033:0x459a59 [ 2352.203161][T17240] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2352.222757][T17240] RSP: 002b:00007f6cb5b70c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2352.231155][T17240] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2352.239114][T17240] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2352.247081][T17240] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2352.255034][T17240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6cb5b716d4 [ 2352.262990][T17240] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2352.907740][T17240] memory: usage 3108kB, limit 0kB, failcnt 676 [ 2352.914219][T17240] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2352.972553][T17240] Memory cgroup stats for /syz5: [ 2352.972665][T17240] anon 2121728 [ 2352.972665][T17240] file 0 [ 2352.972665][T17240] kernel_stack 65536 [ 2352.972665][T17240] slab 544768 [ 2352.972665][T17240] sock 0 [ 2352.972665][T17240] shmem 0 [ 2352.972665][T17240] file_mapped 0 [ 2352.972665][T17240] file_dirty 0 [ 2352.972665][T17240] file_writeback 0 [ 2352.972665][T17240] anon_thp 2097152 [ 2352.972665][T17240] inactive_anon 0 [ 2352.972665][T17240] active_anon 2121728 [ 2352.972665][T17240] inactive_file 0 [ 2352.972665][T17240] active_file 0 [ 2352.972665][T17240] unevictable 0 [ 2352.972665][T17240] slab_reclaimable 135168 [ 2352.972665][T17240] slab_unreclaimable 409600 [ 2352.972665][T17240] pgfault 8448 [ 2352.972665][T17240] pgmajfault 0 [ 2352.972665][T17240] workingset_refault 0 [ 2352.972665][T17240] workingset_activate 0 [ 2352.972665][T17240] workingset_nodereclaim 0 [ 2352.972665][T17240] pgrefill 233 [ 2352.972665][T17240] pgscan 362 [ 2352.972665][T17240] pgsteal 146 [ 2352.972665][T17240] pgactivate 198 [ 2353.114117][T17246] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2353.170146][T17240] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17239,uid=0 [ 2353.198376][T17240] Memory cgroup out of memory: Killed process 17240 (syz-executor.5) total-vm:72580kB, anon-rss:2180kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2353.223644][ T1054] oom_reaper: reaped process 17240 (syz-executor.5), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2353.245218][T17247] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2353.261400][T17247] CPU: 1 PID: 17247 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2353.269343][T17247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2353.279408][T17247] Call Trace: [ 2353.282720][T17247] dump_stack+0x172/0x1f0 [ 2353.287086][T17247] dump_header+0x10b/0x82d [ 2353.291528][T17247] oom_kill_process.cold+0x10/0x15 [ 2353.296659][T17247] out_of_memory+0x334/0x1340 [ 2353.301517][T17247] ? cgroup_file_notify+0x140/0x1b0 [ 2353.306720][T17247] ? oom_killer_disable+0x280/0x280 [ 2353.311937][T17247] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2353.317482][T17247] ? memcg_stat_show+0xc40/0xc40 [ 2353.322432][T17247] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2353.328331][T17247] ? cgroup_file_notify+0x140/0x1b0 [ 2353.333539][T17247] memory_max_write+0x262/0x3a0 [ 2353.338401][T17247] ? mem_cgroup_write+0x370/0x370 [ 2353.343430][T17247] ? lock_acquire+0x190/0x410 [ 2353.348112][T17247] ? kernfs_fop_write+0x227/0x480 [ 2353.353148][T17247] cgroup_file_write+0x241/0x790 [ 2353.358092][T17247] ? mem_cgroup_write+0x370/0x370 [ 2353.363123][T17247] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2353.368768][T17247] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2353.374414][T17247] kernfs_fop_write+0x2b8/0x480 [ 2353.379276][T17247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2353.385533][T17247] __vfs_write+0x8a/0x110 [ 2353.389868][T17247] ? kernfs_fop_open+0xd80/0xd80 [ 2353.394819][T17247] vfs_write+0x268/0x5d0 [ 2353.399068][T17247] ksys_write+0x14f/0x290 [ 2353.403399][T17247] ? __ia32_sys_read+0xb0/0xb0 [ 2353.408175][T17247] ? do_syscall_64+0x26/0x760 [ 2353.412858][T17247] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2353.418925][T17247] ? do_syscall_64+0x26/0x760 [ 2353.423625][T17247] __x64_sys_write+0x73/0xb0 [ 2353.428226][T17247] do_syscall_64+0xfa/0x760 [ 2353.432745][T17247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2353.438633][T17247] RIP: 0033:0x459a59 [ 2353.442530][T17247] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2353.462138][T17247] RSP: 002b:00007f43495bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 04:55:08 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:08 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2353.470562][T17247] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2353.478564][T17247] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2353.486547][T17247] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2353.494530][T17247] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43495c06d4 [ 2353.502513][T17247] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2353.517643][T17247] memory: usage 3196kB, limit 0kB, failcnt 990 [ 2353.523994][T17247] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2353.531001][T17247] Memory cgroup stats for /syz4: [ 2353.531380][T17247] anon 2142208 [ 2353.531380][T17247] file 163840 [ 2353.531380][T17247] kernel_stack 65536 [ 2353.531380][T17247] slab 692224 [ 2353.531380][T17247] sock 0 [ 2353.531380][T17247] shmem 0 [ 2353.531380][T17247] file_mapped 0 [ 2353.531380][T17247] file_dirty 135168 [ 2353.531380][T17247] file_writeback 0 [ 2353.531380][T17247] anon_thp 2097152 [ 2353.531380][T17247] inactive_anon 0 [ 2353.531380][T17247] active_anon 2142208 [ 2353.531380][T17247] inactive_file 135168 [ 2353.531380][T17247] active_file 0 [ 2353.531380][T17247] unevictable 0 [ 2353.531380][T17247] slab_reclaimable 270336 [ 2353.531380][T17247] slab_unreclaimable 421888 [ 2353.531380][T17247] pgfault 9174 [ 2353.531380][T17247] pgmajfault 0 [ 2353.531380][T17247] workingset_refault 0 [ 2353.531380][T17247] workingset_activate 0 [ 2353.531380][T17247] workingset_nodereclaim 0 [ 2353.531380][T17247] pgrefill 264 [ 2353.531380][T17247] pgscan 292 [ 2353.531380][T17247] pgsteal 59 [ 2353.531380][T17247] pgactivate 231 [ 2353.627941][T17247] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17245,uid=0 [ 2353.651444][T17230] device hsr_slave_0 entered promiscuous mode [ 2353.657860][T17247] Memory cgroup out of memory: Killed process 17245 (syz-executor.4) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2353.679708][ T1054] oom_reaper: reaped process 17245 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2353.691218][T17200] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2353.701616][T17200] CPU: 1 PID: 17200 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2353.709514][T17200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2353.719571][T17200] Call Trace: [ 2353.722883][T17200] dump_stack+0x172/0x1f0 [ 2353.727225][T17200] dump_header+0x10b/0x82d [ 2353.731640][T17200] ? oom_kill_process+0x94/0x3f0 [ 2353.736581][T17200] oom_kill_process.cold+0x10/0x15 [ 2353.742658][T17200] out_of_memory+0x334/0x1340 [ 2353.747338][T17200] ? lock_downgrade+0x920/0x920 [ 2353.752977][T17200] ? oom_killer_disable+0x280/0x280 [ 2353.758311][T17200] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2353.763850][T17200] ? memcg_stat_show+0xc40/0xc40 [ 2353.768783][T17200] ? do_raw_spin_unlock+0x57/0x270 [ 2353.773889][T17200] ? _raw_spin_unlock+0x2d/0x50 [ 2353.778725][T17200] try_charge+0xf4b/0x1440 [ 2353.783130][T17200] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2353.788796][T17200] ? percpu_ref_tryget_live+0x111/0x290 [ 2353.794324][T17200] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2353.800611][T17200] ? __kasan_check_read+0x11/0x20 [ 2353.805656][T17200] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2353.811183][T17200] mem_cgroup_try_charge+0x136/0x590 [ 2353.816450][T17200] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2353.822063][T17200] wp_page_copy+0x407/0x1860 [ 2353.826634][T17200] ? find_held_lock+0x35/0x130 [ 2353.831380][T17200] ? do_wp_page+0x53b/0x15c0 [ 2353.836081][T17200] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2353.841883][T17200] ? lock_downgrade+0x920/0x920 [ 2353.846726][T17200] ? swp_swapcount+0x540/0x540 [ 2353.851505][T17200] ? __kasan_check_read+0x11/0x20 [ 2353.856517][T17200] ? do_raw_spin_unlock+0x57/0x270 [ 2353.861636][T17200] do_wp_page+0x543/0x15c0 [ 2353.866122][T17200] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2353.871490][T17200] __handle_mm_fault+0x23ec/0x4040 [ 2353.876601][T17200] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2353.882137][T17200] ? handle_mm_fault+0x292/0xaa0 [ 2353.887079][T17200] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2353.893321][T17200] ? __kasan_check_read+0x11/0x20 [ 2353.898343][T17200] handle_mm_fault+0x3b7/0xaa0 [ 2353.903121][T17200] __do_page_fault+0x536/0xdd0 [ 2353.907872][T17200] do_page_fault+0x38/0x590 [ 2353.912386][T17200] page_fault+0x39/0x40 [ 2353.916530][T17200] RIP: 0033:0x430b36 [ 2353.920415][T17200] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2353.940002][T17200] RSP: 002b:00007ffcba9b1310 EFLAGS: 00010206 [ 2353.946057][T17200] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2353.954040][T17200] RDX: 0000000001370930 RSI: 0000000001378970 RDI: 0000000000000003 [ 2353.962015][T17200] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000136f940 [ 2353.969984][T17200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2353.978030][T17200] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2353.991653][T17230] device hsr_slave_1 entered promiscuous mode [ 2353.998056][T17200] memory: usage 776kB, limit 0kB, failcnt 684 [ 2354.004772][T17200] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2354.011686][T17200] Memory cgroup stats for /syz5: [ 2354.011818][T17200] anon 32768 [ 2354.011818][T17200] file 0 [ 2354.011818][T17200] kernel_stack 0 [ 2354.011818][T17200] slab 544768 [ 2354.011818][T17200] sock 0 [ 2354.011818][T17200] shmem 0 [ 2354.011818][T17200] file_mapped 0 [ 2354.011818][T17200] file_dirty 0 [ 2354.011818][T17200] file_writeback 0 [ 2354.011818][T17200] anon_thp 0 [ 2354.011818][T17200] inactive_anon 0 [ 2354.011818][T17200] active_anon 32768 [ 2354.011818][T17200] inactive_file 0 [ 2354.011818][T17200] active_file 0 [ 2354.011818][T17200] unevictable 0 [ 2354.011818][T17200] slab_reclaimable 135168 [ 2354.011818][T17200] slab_unreclaimable 409600 [ 2354.011818][T17200] pgfault 8448 [ 2354.011818][T17200] pgmajfault 0 [ 2354.011818][T17200] workingset_refault 0 [ 2354.011818][T17200] workingset_activate 0 [ 2354.011818][T17200] workingset_nodereclaim 0 [ 2354.011818][T17200] pgrefill 233 [ 2354.011818][T17200] pgscan 362 [ 2354.011818][T17200] pgsteal 146 [ 2354.011818][T17200] pgactivate 198 [ 2354.110823][T17200] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17200,uid=0 [ 2354.127623][T17200] Memory cgroup out of memory: Killed process 17200 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2354.146422][ T1054] oom_reaper: reaped process 17200 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2354.149029][T17230] debugfs: Directory 'hsr0' with parent '/' already present! [ 2354.302936][T17228] 8021q: adding VLAN 0 to HW filter on device bond0 04:55:09 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x0, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:09 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0x0, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2354.382515][T17202] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2354.398986][T17202] CPU: 0 PID: 17202 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2354.406901][T17202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2354.406915][T17202] Call Trace: [ 2354.420254][T17202] dump_stack+0x172/0x1f0 [ 2354.425730][T17202] dump_header+0x10b/0x82d [ 2354.430157][T17202] ? oom_kill_process+0x94/0x3f0 [ 2354.435103][T17202] oom_kill_process.cold+0x10/0x15 [ 2354.440218][T17202] out_of_memory+0x334/0x1340 [ 2354.440234][T17202] ? lock_downgrade+0x920/0x920 [ 2354.440253][T17202] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2354.440268][T17202] ? oom_killer_disable+0x280/0x280 [ 2354.440289][T17202] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2354.440301][T17202] ? memcg_stat_show+0xc40/0xc40 [ 2354.440317][T17202] ? do_raw_spin_unlock+0x57/0x270 [ 2354.440336][T17202] ? _raw_spin_unlock+0x2d/0x50 [ 2354.449831][T17202] try_charge+0xf4b/0x1440 [ 2354.449854][T17202] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2354.449867][T17202] ? percpu_ref_tryget_live+0x111/0x290 [ 2354.449886][T17202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2354.449900][T17202] ? __kasan_check_read+0x11/0x20 [ 2354.449916][T17202] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2354.449941][T17202] mem_cgroup_try_charge+0x136/0x590 [ 2354.449960][T17202] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2354.449979][T17202] wp_page_copy+0x407/0x1860 [ 2354.449992][T17202] ? find_held_lock+0x35/0x130 [ 2354.450003][T17202] ? do_wp_page+0x53b/0x15c0 [ 2354.450016][T17202] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2354.450030][T17202] ? lock_downgrade+0x920/0x920 [ 2354.450045][T17202] ? swp_swapcount+0x540/0x540 [ 2354.450056][T17202] ? __kasan_check_read+0x11/0x20 [ 2354.450067][T17202] ? do_raw_spin_unlock+0x57/0x270 [ 2354.450082][T17202] do_wp_page+0x543/0x15c0 [ 2354.450100][T17202] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2354.450122][T17202] __handle_mm_fault+0x23ec/0x4040 [ 2354.450139][T17202] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2354.450152][T17202] ? handle_mm_fault+0x292/0xaa0 [ 2354.450179][T17202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2354.466673][T17202] ? __kasan_check_read+0x11/0x20 [ 2354.476691][T17202] handle_mm_fault+0x3b7/0xaa0 [ 2354.476718][T17202] __do_page_fault+0x536/0xdd0 [ 2354.524641][T17202] do_page_fault+0x38/0x590 [ 2354.553883][T17202] page_fault+0x39/0x40 [ 2354.553895][T17202] RIP: 0033:0x430b36 [ 2354.553911][T17202] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2354.589411][T17202] RSP: 002b:00007ffd4c39e360 EFLAGS: 00010206 [ 2354.589429][T17202] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2354.589436][T17202] RDX: 000000000184a930 RSI: 0000000001852970 RDI: 0000000000000003 [ 2354.589448][T17202] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001849940 [ 2354.600667][T17202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2354.600674][T17202] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2354.603390][T17202] memory: usage 828kB, limit 0kB, failcnt 1002 [ 2354.648921][T17202] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2354.739063][T17202] Memory cgroup stats for /syz4: [ 2354.739182][T17202] anon 0 [ 2354.739182][T17202] file 163840 [ 2354.739182][T17202] kernel_stack 0 [ 2354.739182][T17202] slab 692224 [ 2354.739182][T17202] sock 0 [ 2354.739182][T17202] shmem 0 [ 2354.739182][T17202] file_mapped 0 [ 2354.739182][T17202] file_dirty 135168 [ 2354.739182][T17202] file_writeback 0 [ 2354.739182][T17202] anon_thp 0 [ 2354.739182][T17202] inactive_anon 0 [ 2354.739182][T17202] active_anon 0 [ 2354.739182][T17202] inactive_file 135168 [ 2354.739182][T17202] active_file 0 [ 2354.739182][T17202] unevictable 0 [ 2354.739182][T17202] slab_reclaimable 270336 [ 2354.739182][T17202] slab_unreclaimable 421888 [ 2354.739182][T17202] pgfault 9174 [ 2354.739182][T17202] pgmajfault 0 [ 2354.739182][T17202] workingset_refault 0 [ 2354.739182][T17202] workingset_activate 0 [ 2354.739182][T17202] workingset_nodereclaim 0 [ 2354.739182][T17202] pgrefill 264 [ 2354.739182][T17202] pgscan 292 [ 2354.739182][T17202] pgsteal 59 [ 2354.739182][T17202] pgactivate 231 [ 2354.909004][T17202] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17202,uid=0 [ 2354.939003][T17202] Memory cgroup out of memory: Killed process 17202 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2354.979551][ T1054] oom_reaper: reaped process 17202 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2355.144684][T17249] IPVS: ftp: loaded support on port[0] = 21 [ 2355.183975][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2355.200446][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2355.213406][T17228] 8021q: adding VLAN 0 to HW filter on device team0 04:55:10 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:10 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2355.580167][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2355.590000][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2355.609885][T11481] bridge0: port 1(bridge_slave_0) entered blocking state [ 2355.616971][T11481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2355.650269][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2355.669061][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2355.677557][T11481] bridge0: port 2(bridge_slave_1) entered blocking state [ 2355.684704][T11481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2355.762921][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2355.780004][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2355.907696][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2355.944394][T17230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2356.080039][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2356.099658][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2356.108596][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2356.117944][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2356.126740][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2356.135455][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2356.146216][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2356.163414][T17251] IPVS: ftp: loaded support on port[0] = 21 [ 2356.165655][T17228] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2356.185189][T17228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2356.249857][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2356.259261][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2356.300733][T17230] 8021q: adding VLAN 0 to HW filter on device team0 [ 2356.380432][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2356.390477][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2356.431018][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2356.441000][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2356.449562][T16569] bridge0: port 1(bridge_slave_0) entered blocking state [ 2356.456623][T16569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2356.465282][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2356.475244][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2356.484090][T16569] bridge0: port 2(bridge_slave_1) entered blocking state [ 2356.491190][T16569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2356.508313][T17228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2356.612908][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2356.621688][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2356.671906][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2356.688145][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2356.700935][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2356.795830][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2356.804407][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2356.813647][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2356.829664][T17249] chnl_net:caif_netlink_parms(): no params data found [ 2356.952596][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2356.962806][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2356.976794][T17260] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2356.993746][T17230] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2357.024296][T17230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2357.116087][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2357.130816][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2357.154309][T17260] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2357.165447][T17260] CPU: 1 PID: 17260 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2357.173363][T17260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2357.173370][T17260] Call Trace: [ 2357.173390][T17260] dump_stack+0x172/0x1f0 [ 2357.173412][T17260] dump_header+0x10b/0x82d [ 2357.195440][T17260] oom_kill_process.cold+0x10/0x15 [ 2357.200550][T17260] out_of_memory+0x334/0x1340 [ 2357.200573][T17260] ? __sched_text_start+0x8/0x8 [ 2357.200591][T17260] ? oom_killer_disable+0x280/0x280 [ 2357.215275][T17260] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2357.220824][T17260] ? memcg_stat_show+0xc40/0xc40 [ 2357.225760][T17260] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2357.225779][T17260] ? cgroup_file_notify+0x140/0x1b0 [ 2357.236765][T17260] memory_max_write+0x262/0x3a0 [ 2357.236786][T17260] ? mem_cgroup_write+0x370/0x370 [ 2357.246621][T17260] ? lock_acquire+0x20b/0x410 [ 2357.251301][T17260] cgroup_file_write+0x241/0x790 [ 2357.251320][T17260] ? mem_cgroup_write+0x370/0x370 [ 2357.251338][T17260] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2357.266894][T17260] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2357.272863][T17260] kernfs_fop_write+0x2b8/0x480 [ 2357.277715][T17260] __vfs_write+0x8a/0x110 [ 2357.282034][T17260] ? kernfs_fop_open+0xd80/0xd80 [ 2357.282051][T17260] vfs_write+0x268/0x5d0 [ 2357.282071][T17260] ksys_write+0x14f/0x290 [ 2357.295542][T17260] ? __ia32_sys_read+0xb0/0xb0 [ 2357.300308][T17260] __x64_sys_write+0x73/0xb0 [ 2357.300327][T17260] do_syscall_64+0xfa/0x760 [ 2357.300348][T17260] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2357.315277][T17260] RIP: 0033:0x459a59 [ 2357.319167][T17260] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2357.319175][T17260] RSP: 002b:00007f8e44a73c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2357.319188][T17260] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2357.319201][T17260] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2357.347196][T17260] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2357.347204][T17260] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e44a746d4 [ 2357.347211][T17260] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2357.407213][T17262] IPVS: ftp: loaded support on port[0] = 21 [ 2357.426257][T17260] memory: usage 19452kB, limit 0kB, failcnt 102 [ 2357.435635][T17260] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2357.443191][T17260] Memory cgroup stats for /syz1: [ 2357.444413][T17260] anon 2191360 [ 2357.444413][T17260] file 4096 [ 2357.444413][T17260] kernel_stack 65536 [ 2357.444413][T17260] slab 17580032 [ 2357.444413][T17260] sock 0 [ 2357.444413][T17260] shmem 0 [ 2357.444413][T17260] file_mapped 0 [ 2357.444413][T17260] file_dirty 0 [ 2357.444413][T17260] file_writeback 0 [ 2357.444413][T17260] anon_thp 2097152 [ 2357.444413][T17260] inactive_anon 0 [ 2357.444413][T17260] active_anon 2191360 [ 2357.444413][T17260] inactive_file 135168 [ 2357.444413][T17260] active_file 0 [ 2357.444413][T17260] unevictable 0 [ 2357.444413][T17260] slab_reclaimable 16896000 [ 2357.444413][T17260] slab_unreclaimable 684032 [ 2357.444413][T17260] pgfault 37686 [ 2357.444413][T17260] pgmajfault 0 [ 2357.444413][T17260] workingset_refault 0 [ 2357.444413][T17260] workingset_activate 0 [ 2357.444413][T17260] workingset_nodereclaim 0 [ 2357.444413][T17260] pgrefill 135 [ 2357.444413][T17260] pgscan 133 [ 2357.444413][T17260] pgsteal 0 [ 2357.444413][T17260] pgactivate 99 [ 2357.543835][T17260] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17259,uid=0 [ 2357.566964][T17260] Memory cgroup out of memory: Killed process 17259 (syz-executor.1) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2357.660144][ T1054] oom_reaper: reaped process 17259 (syz-executor.1), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2357.753859][T17230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2357.769733][T17249] bridge0: port 1(bridge_slave_0) entered blocking state [ 2357.776826][T17249] bridge0: port 1(bridge_slave_0) entered disabled state 04:55:12 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:12 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x0, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2357.810563][T17249] device bridge_slave_0 entered promiscuous mode [ 2357.854927][T17228] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2357.865152][T17228] CPU: 0 PID: 17228 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2357.873046][T17228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2357.883108][T17228] Call Trace: [ 2357.886425][T17228] dump_stack+0x172/0x1f0 [ 2357.890766][T17228] dump_header+0x10b/0x82d [ 2357.895191][T17228] ? oom_kill_process+0x94/0x3f0 [ 2357.900138][T17228] oom_kill_process.cold+0x10/0x15 [ 2357.905257][T17228] out_of_memory+0x334/0x1340 [ 2357.909948][T17228] ? lock_downgrade+0x920/0x920 [ 2357.914802][T17228] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2357.920623][T17228] ? oom_killer_disable+0x280/0x280 [ 2357.925846][T17228] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2357.931397][T17228] ? memcg_stat_show+0xc40/0xc40 [ 2357.936336][T17228] ? do_raw_spin_unlock+0x57/0x270 [ 2357.941464][T17228] ? _raw_spin_unlock+0x2d/0x50 [ 2357.946503][T17228] try_charge+0xf4b/0x1440 [ 2357.950931][T17228] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2357.956531][T17228] ? percpu_ref_tryget_live+0x111/0x290 [ 2357.962091][T17228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2357.968339][T17228] ? __kasan_check_read+0x11/0x20 [ 2357.973372][T17228] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2357.978926][T17228] mem_cgroup_try_charge+0x136/0x590 [ 2357.984224][T17228] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2357.990038][T17228] wp_page_copy+0x407/0x1860 [ 2357.994624][T17228] ? find_held_lock+0x35/0x130 [ 2357.999488][T17228] ? do_wp_page+0x53b/0x15c0 [ 2358.004078][T17228] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2358.009886][T17228] ? lock_downgrade+0x920/0x920 [ 2358.014735][T17228] ? swp_swapcount+0x540/0x540 [ 2358.019498][T17228] ? __kasan_check_read+0x11/0x20 [ 2358.024528][T17228] ? do_raw_spin_unlock+0x57/0x270 [ 2358.029649][T17228] do_wp_page+0x543/0x15c0 [ 2358.034071][T17228] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2358.039539][T17228] __handle_mm_fault+0x23ec/0x4040 [ 2358.044656][T17228] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2358.050213][T17228] ? handle_mm_fault+0x292/0xaa0 [ 2358.055169][T17228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2358.061434][T17228] ? __kasan_check_read+0x11/0x20 [ 2358.066468][T17228] handle_mm_fault+0x3b7/0xaa0 [ 2358.071244][T17228] __do_page_fault+0x536/0xdd0 [ 2358.076019][T17228] do_page_fault+0x38/0x590 [ 2358.080530][T17228] page_fault+0x39/0x40 [ 2358.084683][T17228] RIP: 0033:0x430b36 [ 2358.088576][T17228] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2358.108180][T17228] RSP: 002b:00007fff73aa56c0 EFLAGS: 00010206 [ 2358.114246][T17228] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2358.122221][T17228] RDX: 0000000001bc1930 RSI: 0000000001bc9970 RDI: 0000000000000003 [ 2358.130371][T17228] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001bc0940 [ 2358.138434][T17228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2358.146407][T17228] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2358.161501][T17228] memory: usage 16928kB, limit 0kB, failcnt 110 [ 2358.167768][T17228] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2358.175100][T17228] Memory cgroup stats for /syz1: [ 2358.175192][T17228] anon 94208 [ 2358.175192][T17228] file 4096 [ 2358.175192][T17228] kernel_stack 65536 [ 2358.175192][T17228] slab 17444864 [ 2358.175192][T17228] sock 0 [ 2358.175192][T17228] shmem 0 [ 2358.175192][T17228] file_mapped 0 [ 2358.175192][T17228] file_dirty 0 [ 2358.175192][T17228] file_writeback 0 [ 2358.175192][T17228] anon_thp 0 [ 2358.175192][T17228] inactive_anon 0 [ 2358.175192][T17228] active_anon 94208 [ 2358.175192][T17228] inactive_file 135168 [ 2358.175192][T17228] active_file 0 [ 2358.175192][T17228] unevictable 0 [ 2358.175192][T17228] slab_reclaimable 16760832 [ 2358.175192][T17228] slab_unreclaimable 684032 [ 2358.175192][T17228] pgfault 37686 [ 2358.175192][T17228] pgmajfault 0 [ 2358.175192][T17228] workingset_refault 0 [ 2358.175192][T17228] workingset_activate 0 [ 2358.175192][T17228] workingset_nodereclaim 0 [ 2358.175192][T17228] pgrefill 135 [ 2358.175192][T17228] pgscan 133 [ 2358.175192][T17228] pgsteal 0 [ 2358.175192][T17228] pgactivate 99 [ 2358.272327][T17228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17228,uid=0 [ 2358.288863][T17228] Memory cgroup out of memory: Killed process 17228 (syz-executor.1) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2358.307212][ T1054] oom_reaper: reaped process 17228 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2358.372719][T17249] bridge0: port 2(bridge_slave_1) entered blocking state [ 2358.380102][T17249] bridge0: port 2(bridge_slave_1) entered disabled state [ 2358.388625][T17249] device bridge_slave_1 entered promiscuous mode [ 2358.440305][T17251] chnl_net:caif_netlink_parms(): no params data found [ 2358.552116][T17270] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2358.696787][T17271] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2358.728941][T17271] CPU: 0 PID: 17271 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2358.736880][T17271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2358.747632][T17271] Call Trace: [ 2358.750928][T17271] dump_stack+0x172/0x1f0 [ 2358.755263][T17271] dump_header+0x10b/0x82d [ 2358.759702][T17271] oom_kill_process.cold+0x10/0x15 [ 2358.764816][T17271] out_of_memory+0x334/0x1340 [ 2358.769496][T17271] ? cgroup_file_notify+0x140/0x1b0 [ 2358.774697][T17271] ? oom_killer_disable+0x280/0x280 [ 2358.780031][T17271] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2358.785583][T17271] ? memcg_stat_show+0xc40/0xc40 [ 2358.790566][T17271] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2358.796382][T17271] ? cgroup_file_notify+0x140/0x1b0 [ 2358.801596][T17271] memory_max_write+0x262/0x3a0 [ 2358.806650][T17271] ? mem_cgroup_write+0x370/0x370 [ 2358.811680][T17271] ? lock_acquire+0x190/0x410 [ 2358.816361][T17271] ? kernfs_fop_write+0x227/0x480 [ 2358.821425][T17271] cgroup_file_write+0x241/0x790 [ 2358.826413][T17271] ? mem_cgroup_write+0x370/0x370 [ 2358.831534][T17271] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2358.837179][T17271] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2358.842818][T17271] kernfs_fop_write+0x2b8/0x480 [ 2358.847672][T17271] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2358.853922][T17271] __vfs_write+0x8a/0x110 [ 2358.858253][T17271] ? kernfs_fop_open+0xd80/0xd80 [ 2358.863193][T17271] vfs_write+0x268/0x5d0 [ 2358.867442][T17271] ksys_write+0x14f/0x290 [ 2358.871774][T17271] ? __ia32_sys_read+0xb0/0xb0 [ 2358.876542][T17271] ? do_syscall_64+0x26/0x760 [ 2358.881222][T17271] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2358.887287][T17271] ? do_syscall_64+0x26/0x760 [ 2358.891971][T17271] __x64_sys_write+0x73/0xb0 [ 2358.896581][T17271] do_syscall_64+0xfa/0x760 [ 2358.901092][T17271] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2358.906978][T17271] RIP: 0033:0x459a59 [ 2358.910878][T17271] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2358.930483][T17271] RSP: 002b:00007f9724a51c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2358.938898][T17271] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2358.946873][T17271] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2358.954850][T17271] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2358.962829][T17271] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9724a526d4 [ 2358.970804][T17271] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2358.984518][T17271] memory: usage 3124kB, limit 0kB, failcnt 791 [ 2359.007800][T17271] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2359.016229][T17271] Memory cgroup stats for /syz2: [ 2359.016337][T17271] anon 2129920 [ 2359.016337][T17271] file 12288 [ 2359.016337][T17271] kernel_stack 65536 [ 2359.016337][T17271] slab 651264 [ 2359.016337][T17271] sock 0 [ 2359.016337][T17271] shmem 0 [ 2359.016337][T17271] file_mapped 0 [ 2359.016337][T17271] file_dirty 0 [ 2359.016337][T17271] file_writeback 0 [ 2359.016337][T17271] anon_thp 2097152 [ 2359.016337][T17271] inactive_anon 0 [ 2359.016337][T17271] active_anon 2056192 [ 2359.016337][T17271] inactive_file 0 [ 2359.016337][T17271] active_file 0 [ 2359.016337][T17271] unevictable 0 [ 2359.016337][T17271] slab_reclaimable 135168 [ 2359.016337][T17271] slab_unreclaimable 516096 [ 2359.016337][T17271] pgfault 14982 [ 2359.016337][T17271] pgmajfault 0 [ 2359.016337][T17271] workingset_refault 0 [ 2359.016337][T17271] workingset_activate 0 [ 2359.016337][T17271] workingset_nodereclaim 0 [ 2359.016337][T17271] pgrefill 0 [ 2359.016337][T17271] pgscan 0 [ 2359.016337][T17271] pgsteal 0 [ 2359.016337][T17271] pgactivate 0 [ 2359.112841][T17271] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17269,uid=0 [ 2359.128939][T17271] Memory cgroup out of memory: Killed process 17269 (syz-executor.2) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:55:14 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2359.155346][ T1054] oom_reaper: reaped process 17269 (syz-executor.2), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 04:55:14 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x0, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2359.225026][T17249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2359.289926][T17230] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2359.312912][T17230] CPU: 1 PID: 17230 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2359.320829][T17230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2359.320835][T17230] Call Trace: [ 2359.320853][T17230] dump_stack+0x172/0x1f0 [ 2359.320873][T17230] dump_header+0x10b/0x82d [ 2359.320889][T17230] ? oom_kill_process+0x94/0x3f0 [ 2359.320903][T17230] oom_kill_process.cold+0x10/0x15 [ 2359.320920][T17230] out_of_memory+0x334/0x1340 [ 2359.342980][T17230] ? lock_downgrade+0x920/0x920 [ 2359.362580][T17230] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2359.368392][T17230] ? oom_killer_disable+0x280/0x280 [ 2359.373591][T17230] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2359.373605][T17230] ? memcg_stat_show+0xc40/0xc40 [ 2359.373624][T17230] ? do_raw_spin_unlock+0x57/0x270 [ 2359.373638][T17230] ? _raw_spin_unlock+0x2d/0x50 [ 2359.373656][T17230] try_charge+0xf4b/0x1440 [ 2359.380363][T17249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2359.384117][T17230] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2359.398437][T17230] ? percpu_ref_tryget_live+0x111/0x290 [ 2359.412963][T17230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2359.424698][T17230] ? __kasan_check_read+0x11/0x20 [ 2359.424718][T17230] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2359.424736][T17230] mem_cgroup_try_charge+0x136/0x590 [ 2359.424758][T17230] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2359.435285][T17230] wp_page_copy+0x407/0x1860 [ 2359.446160][T17230] ? find_held_lock+0x35/0x130 [ 2359.455473][T17230] ? do_wp_page+0x53b/0x15c0 [ 2359.460077][T17230] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2359.460094][T17230] ? lock_downgrade+0x920/0x920 [ 2359.460110][T17230] ? swp_swapcount+0x540/0x540 [ 2359.460127][T17230] ? __kasan_check_read+0x11/0x20 [ 2359.470739][T17230] ? do_raw_spin_unlock+0x57/0x270 [ 2359.470757][T17230] do_wp_page+0x543/0x15c0 [ 2359.470776][T17230] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2359.480552][T17230] __handle_mm_fault+0x23ec/0x4040 [ 2359.480573][T17230] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2359.480590][T17230] ? handle_mm_fault+0x292/0xaa0 [ 2359.490087][T17230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2359.490103][T17230] ? __kasan_check_read+0x11/0x20 [ 2359.490121][T17230] handle_mm_fault+0x3b7/0xaa0 [ 2359.500572][T17230] __do_page_fault+0x536/0xdd0 [ 2359.500597][T17230] do_page_fault+0x38/0x590 [ 2359.511034][T17230] page_fault+0x39/0x40 04:55:14 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2359.511045][T17230] RIP: 0033:0x430b36 [ 2359.511062][T17230] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2359.522291][T17230] RSP: 002b:00007ffc0afb85d0 EFLAGS: 00010206 [ 2359.531765][T17230] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2359.531774][T17230] RDX: 000000000143f930 RSI: 0000000001447970 RDI: 0000000000000003 [ 2359.531781][T17230] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000143e940 [ 2359.531789][T17230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2359.531797][T17230] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2359.611740][T17230] memory: usage 752kB, limit 0kB, failcnt 799 [ 2359.617897][T17230] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2359.646260][T17273] IPVS: ftp: loaded support on port[0] = 21 [ 2359.676108][T17251] bridge0: port 1(bridge_slave_0) entered blocking state [ 2359.688885][T17251] bridge0: port 1(bridge_slave_0) entered disabled state [ 2359.697495][T17251] device bridge_slave_0 entered promiscuous mode [ 2359.712832][T17249] team0: Port device team_slave_0 added [ 2359.719018][T17230] Memory cgroup stats for /syz2: [ 2359.719129][T17230] anon 16384 [ 2359.719129][T17230] file 12288 [ 2359.719129][T17230] kernel_stack 0 [ 2359.719129][T17230] slab 651264 [ 2359.719129][T17230] sock 0 [ 2359.719129][T17230] shmem 0 [ 2359.719129][T17230] file_mapped 0 [ 2359.719129][T17230] file_dirty 0 [ 2359.719129][T17230] file_writeback 0 [ 2359.719129][T17230] anon_thp 0 [ 2359.719129][T17230] inactive_anon 0 [ 2359.719129][T17230] active_anon 0 [ 2359.719129][T17230] inactive_file 0 [ 2359.719129][T17230] active_file 0 [ 2359.719129][T17230] unevictable 0 [ 2359.719129][T17230] slab_reclaimable 135168 [ 2359.719129][T17230] slab_unreclaimable 516096 [ 2359.719129][T17230] pgfault 14982 [ 2359.719129][T17230] pgmajfault 0 [ 2359.719129][T17230] workingset_refault 0 [ 2359.719129][T17230] workingset_activate 0 [ 2359.719129][T17230] workingset_nodereclaim 0 [ 2359.719129][T17230] pgrefill 0 [ 2359.719129][T17230] pgscan 0 [ 2359.719129][T17230] pgsteal 0 [ 2359.719129][T17230] pgactivate 0 [ 2359.719129][T17230] pgdeactivate 0 [ 2359.831493][T17251] bridge0: port 2(bridge_slave_1) entered blocking state [ 2359.838590][T17251] bridge0: port 2(bridge_slave_1) entered disabled state [ 2359.842028][T17230] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17230,uid=0 [ 2359.861930][T17230] Memory cgroup out of memory: Killed process 17230 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2359.880958][ T1054] oom_reaper: reaped process 17230 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2359.900035][T17251] device bridge_slave_1 entered promiscuous mode [ 2359.926856][T17249] team0: Port device team_slave_1 added [ 2360.299893][T17251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2360.390245][T17251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 04:55:15 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x0, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:15 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x0, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2360.512662][T17249] device hsr_slave_0 entered promiscuous mode [ 2360.550843][T17249] device hsr_slave_1 entered promiscuous mode [ 2360.599762][T17249] debugfs: Directory 'hsr0' with parent '/' already present! [ 2360.756960][T17251] team0: Port device team_slave_0 added [ 2360.763411][T17262] chnl_net:caif_netlink_parms(): no params data found [ 2360.786201][T17251] team0: Port device team_slave_1 added [ 2360.942568][T17251] device hsr_slave_0 entered promiscuous mode [ 2360.999743][T17251] device hsr_slave_1 entered promiscuous mode [ 2361.038907][T17251] debugfs: Directory 'hsr0' with parent '/' already present! [ 2361.058284][T17262] bridge0: port 1(bridge_slave_0) entered blocking state [ 2361.078952][T17262] bridge0: port 1(bridge_slave_0) entered disabled state [ 2361.099183][T17262] device bridge_slave_0 entered promiscuous mode [ 2361.196053][T17262] bridge0: port 2(bridge_slave_1) entered blocking state [ 2361.204203][T17262] bridge0: port 2(bridge_slave_1) entered disabled state [ 2361.213306][T17262] device bridge_slave_1 entered promiscuous mode [ 2361.424955][T17277] IPVS: ftp: loaded support on port[0] = 21 [ 2361.535512][T17262] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2361.551425][T17262] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2361.567450][T17273] chnl_net:caif_netlink_parms(): no params data found [ 2361.603986][T17262] team0: Port device team_slave_0 added [ 2361.614051][T17262] team0: Port device team_slave_1 added [ 2361.863380][T17262] device hsr_slave_0 entered promiscuous mode [ 2361.970171][T17262] device hsr_slave_1 entered promiscuous mode [ 2362.008928][T17262] debugfs: Directory 'hsr0' with parent '/' already present! [ 2362.034173][T17273] bridge0: port 1(bridge_slave_0) entered blocking state [ 2362.041952][T17273] bridge0: port 1(bridge_slave_0) entered disabled state [ 2362.052479][T17273] device bridge_slave_0 entered promiscuous mode [ 2362.147139][T17279] IPVS: ftp: loaded support on port[0] = 21 [ 2362.181346][T17273] bridge0: port 2(bridge_slave_1) entered blocking state [ 2362.188463][T17273] bridge0: port 2(bridge_slave_1) entered disabled state [ 2362.198211][T17273] device bridge_slave_1 entered promiscuous mode [ 2362.331727][T17249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2362.366676][T17273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2362.463717][T17273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2362.593715][T17251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2362.604880][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2362.614977][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2362.665417][T17249] 8021q: adding VLAN 0 to HW filter on device team0 [ 2362.688299][T17277] chnl_net:caif_netlink_parms(): no params data found [ 2362.763356][T17273] team0: Port device team_slave_0 added [ 2362.860300][T17273] team0: Port device team_slave_1 added [ 2362.880696][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2362.900470][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2362.909950][T11102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2362.917018][T11102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2362.925847][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2362.935155][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2362.944686][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2363.142478][T17273] device hsr_slave_0 entered promiscuous mode [ 2363.200116][T17273] device hsr_slave_1 entered promiscuous mode [ 2363.359112][T17273] debugfs: Directory 'hsr0' with parent '/' already present! [ 2363.366925][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2363.376830][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2363.385811][T11102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2363.392925][T11102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2363.404384][T17251] 8021q: adding VLAN 0 to HW filter on device team0 [ 2363.466924][T17277] bridge0: port 1(bridge_slave_0) entered blocking state [ 2363.474749][T17277] bridge0: port 1(bridge_slave_0) entered disabled state [ 2363.484754][T17277] device bridge_slave_0 entered promiscuous mode [ 2363.622411][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2363.711184][T17277] bridge0: port 2(bridge_slave_1) entered blocking state [ 2363.718272][T17277] bridge0: port 2(bridge_slave_1) entered disabled state [ 2363.728189][T17277] device bridge_slave_1 entered promiscuous mode [ 2363.740116][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2363.750377][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2363.759752][T11102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2363.766814][T11102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2363.775952][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2363.845342][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2363.855918][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2363.865578][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2363.874643][T11102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2363.881768][T11102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2363.891650][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2363.901177][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2363.911282][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2363.929049][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2363.938359][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2363.962191][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2363.972537][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2363.981841][T17279] chnl_net:caif_netlink_parms(): no params data found [ 2363.997705][T17262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2364.048459][T17277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2364.103020][T17277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2364.115413][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2364.126450][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2364.136190][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2364.146083][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2364.155900][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2364.165530][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2364.258666][T17279] bridge0: port 1(bridge_slave_0) entered blocking state [ 2364.267230][T17279] bridge0: port 1(bridge_slave_0) entered disabled state [ 2364.276864][T17279] device bridge_slave_0 entered promiscuous mode [ 2364.304015][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2364.313128][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2364.323239][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2364.342071][T17249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2364.353123][T17279] bridge0: port 2(bridge_slave_1) entered blocking state [ 2364.360441][T17279] bridge0: port 2(bridge_slave_1) entered disabled state [ 2364.371467][T17279] device bridge_slave_1 entered promiscuous mode [ 2364.392141][T17277] team0: Port device team_slave_0 added [ 2364.402356][T17262] 8021q: adding VLAN 0 to HW filter on device team0 [ 2364.465803][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2364.474596][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2364.484769][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2364.494318][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2364.520318][T17277] team0: Port device team_slave_1 added [ 2364.623208][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2364.632578][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2364.658617][T17249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2364.668948][T17251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2364.692813][T17279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2364.711073][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2364.722227][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2364.731738][T16569] bridge0: port 1(bridge_slave_0) entered blocking state [ 2364.739899][T16569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2364.874016][T17279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2364.884888][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2364.900309][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2364.919857][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2364.928280][ T2871] bridge0: port 2(bridge_slave_1) entered blocking state [ 2364.935428][ T2871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2364.977069][T17251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2365.003472][T17277] device hsr_slave_0 entered promiscuous mode [ 2365.060004][T17277] device hsr_slave_1 entered promiscuous mode [ 2365.138976][T17277] debugfs: Directory 'hsr0' with parent '/' already present! [ 2365.290157][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2365.302118][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2365.342782][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2365.366129][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2365.387062][T16569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2365.414619][T17279] team0: Port device team_slave_0 added [ 2365.437634][T17290] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2365.462428][T17279] team0: Port device team_slave_1 added [ 2365.525387][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2365.535579][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2365.548265][T17290] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2365.580184][T17290] CPU: 1 PID: 17290 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2365.588125][T17290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2365.588138][T17290] Call Trace: [ 2365.602168][T17290] dump_stack+0x172/0x1f0 [ 2365.606515][T17290] dump_header+0x10b/0x82d [ 2365.610943][T17290] oom_kill_process.cold+0x10/0x15 [ 2365.616068][T17290] out_of_memory+0x334/0x1340 [ 2365.620748][T17290] ? __sched_text_start+0x8/0x8 [ 2365.625607][T17290] ? oom_killer_disable+0x280/0x280 [ 2365.630820][T17290] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2365.636536][T17290] ? memcg_stat_show+0xc40/0xc40 [ 2365.641485][T17290] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2365.647292][T17290] ? cgroup_file_notify+0x140/0x1b0 [ 2365.652504][T17290] memory_max_write+0x262/0x3a0 [ 2365.657367][T17290] ? mem_cgroup_write+0x370/0x370 [ 2365.662405][T17290] ? cgroup_file_write+0x86/0x790 [ 2365.667443][T17290] cgroup_file_write+0x241/0x790 [ 2365.672393][T17290] ? mem_cgroup_write+0x370/0x370 [ 2365.677513][T17290] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2365.683177][T17290] ? cgroup_file_write+0x8/0x790 [ 2365.688128][T17290] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2365.693769][T17290] kernfs_fop_write+0x2b8/0x480 [ 2365.698630][T17290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2365.704895][T17290] __vfs_write+0x8a/0x110 [ 2365.709229][T17290] ? kernfs_fop_open+0xd80/0xd80 [ 2365.714299][T17290] vfs_write+0x268/0x5d0 [ 2365.718590][T17290] ksys_write+0x14f/0x290 [ 2365.722926][T17290] ? __ia32_sys_read+0xb0/0xb0 [ 2365.727724][T17290] __x64_sys_write+0x73/0xb0 [ 2365.732325][T17290] ? do_syscall_64+0x5b/0x760 [ 2365.737008][T17290] do_syscall_64+0xfa/0x760 [ 2365.741522][T17290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2365.747414][T17290] RIP: 0033:0x459a59 [ 2365.751312][T17290] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2365.765268][T17296] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2365.771036][T17290] RSP: 002b:00007fa04cfc1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2365.771052][T17290] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2365.771059][T17290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2365.771066][T17290] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2365.771073][T17290] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa04cfc26d4 [ 2365.771080][T17290] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2365.805532][T17290] memory: usage 4708kB, limit 0kB, failcnt 1519 [ 2365.858005][T17279] device hsr_slave_0 entered promiscuous mode [ 2365.865198][T17290] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2365.874274][T17290] Memory cgroup stats for /syz3: [ 2365.875300][T17290] anon 2187264 [ 2365.875300][T17290] file 0 [ 2365.875300][T17290] kernel_stack 65536 [ 2365.875300][T17290] slab 2580480 [ 2365.875300][T17290] sock 0 [ 2365.875300][T17290] shmem 0 [ 2365.875300][T17290] file_mapped 0 [ 2365.875300][T17290] file_dirty 0 [ 2365.875300][T17290] file_writeback 0 [ 2365.875300][T17290] anon_thp 2097152 [ 2365.875300][T17290] inactive_anon 0 [ 2365.875300][T17290] active_anon 2187264 [ 2365.875300][T17290] inactive_file 28672 [ 2365.875300][T17290] active_file 0 [ 2365.875300][T17290] unevictable 0 [ 2365.875300][T17290] slab_reclaimable 1892352 [ 2365.875300][T17290] slab_unreclaimable 688128 [ 2365.875300][T17290] pgfault 13398 [ 2365.875300][T17290] pgmajfault 0 [ 2365.875300][T17290] workingset_refault 0 [ 2365.875300][T17290] workingset_activate 0 [ 2365.875300][T17290] workingset_nodereclaim 0 [ 2365.875300][T17290] pgrefill 496 [ 2365.875300][T17290] pgscan 4606 [ 2365.875300][T17290] pgsteal 4107 [ 2365.875300][T17290] pgactivate 462 [ 2365.978696][T17290] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17289,uid=0 [ 2365.997929][T17290] Memory cgroup out of memory: Killed process 17289 (syz-executor.3) total-vm:72712kB, anon-rss:2192kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2365.999799][T17279] device hsr_slave_1 entered promiscuous mode [ 2366.019455][ T1054] oom_reaper: reaped process 17289 (syz-executor.3), now anon-rss:0kB, file-rss:34912kB, shmem-rss:0kB [ 2366.034497][T17297] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2366.046403][T17297] CPU: 0 PID: 17297 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2366.054309][T17297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2366.064372][T17297] Call Trace: [ 2366.067675][T17297] dump_stack+0x172/0x1f0 [ 2366.072016][T17297] dump_header+0x10b/0x82d [ 2366.076789][T17297] oom_kill_process.cold+0x10/0x15 [ 2366.081911][T17297] out_of_memory+0x334/0x1340 [ 2366.086599][T17297] ? cgroup_file_notify+0x140/0x1b0 [ 2366.092509][T17297] ? oom_killer_disable+0x280/0x280 [ 2366.097814][T17297] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2366.103380][T17297] ? memcg_stat_show+0xc40/0xc40 [ 2366.108411][T17297] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2366.114227][T17297] ? cgroup_file_notify+0x140/0x1b0 [ 2366.119430][T17297] memory_max_write+0x262/0x3a0 [ 2366.124289][T17297] ? mem_cgroup_write+0x370/0x370 [ 2366.129340][T17297] ? lock_acquire+0x190/0x410 [ 2366.134374][T17297] ? kernfs_fop_write+0x227/0x480 [ 2366.139408][T17297] cgroup_file_write+0x241/0x790 [ 2366.144452][T17297] ? mem_cgroup_write+0x370/0x370 [ 2366.149481][T17297] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2366.155121][T17297] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2366.160757][T17297] kernfs_fop_write+0x2b8/0x480 [ 2366.165610][T17297] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2366.171860][T17297] __vfs_write+0x8a/0x110 [ 2366.176192][T17297] ? kernfs_fop_open+0xd80/0xd80 [ 2366.181746][T17297] vfs_write+0x268/0x5d0 [ 2366.185993][T17297] ksys_write+0x14f/0x290 [ 2366.190328][T17297] ? __ia32_sys_read+0xb0/0xb0 [ 2366.195969][T17297] ? do_syscall_64+0x26/0x760 [ 2366.200653][T17297] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2366.206804][T17297] ? do_syscall_64+0x26/0x760 [ 2366.211493][T17297] __x64_sys_write+0x73/0xb0 [ 2366.216094][T17297] do_syscall_64+0xfa/0x760 [ 2366.220609][T17297] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2366.226500][T17297] RIP: 0033:0x459a59 [ 2366.230395][T17297] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2366.251782][T17297] RSP: 002b:00007fe5f3e59c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2366.260201][T17297] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2366.268174][T17297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2366.276581][T17297] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 04:55:21 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = socket$kcm(0x11, 0x10000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f0000001a00)=r1, 0x4) sendmsg$sock(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, 0x0) [ 2366.284553][T17297] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5f3e5a6d4 [ 2366.292617][T17297] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2366.305074][T17297] memory: usage 3124kB, limit 0kB, failcnt 868 [ 2366.311498][T17297] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2366.319072][T17279] debugfs: Directory 'hsr0' with parent '/' already present! [ 2366.324621][T17297] Memory cgroup stats for /syz0: [ 2366.324720][T17297] anon 2207744 [ 2366.324720][T17297] file 0 [ 2366.324720][T17297] kernel_stack 65536 [ 2366.324720][T17297] slab 704512 [ 2366.324720][T17297] sock 0 [ 2366.324720][T17297] shmem 0 [ 2366.324720][T17297] file_mapped 0 [ 2366.324720][T17297] file_dirty 0 [ 2366.324720][T17297] file_writeback 0 [ 2366.324720][T17297] anon_thp 2097152 [ 2366.324720][T17297] inactive_anon 0 [ 2366.324720][T17297] active_anon 2207744 [ 2366.324720][T17297] inactive_file 135168 [ 2366.324720][T17297] active_file 0 [ 2366.324720][T17297] unevictable 0 [ 2366.324720][T17297] slab_reclaimable 135168 [ 2366.324720][T17297] slab_unreclaimable 569344 [ 2366.324720][T17297] pgfault 14982 [ 2366.324720][T17297] pgmajfault 0 [ 2366.324720][T17297] workingset_refault 0 [ 2366.324720][T17297] workingset_activate 0 [ 2366.324720][T17297] workingset_nodereclaim 0 [ 2366.324720][T17297] pgrefill 0 [ 2366.324720][T17297] pgscan 0 [ 2366.324720][T17297] pgsteal 0 [ 2366.324720][T17297] pgactivate 0 [ 2366.381067][T17273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2366.423587][T17297] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17294,uid=0 [ 2366.445536][T17297] Memory cgroup out of memory: Killed process 17294 (syz-executor.0) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2366.464520][T17249] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2366.467084][ T1054] oom_reaper: reaped process 17294 (syz-executor.0), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 2366.474781][T17249] CPU: 0 PID: 17249 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2366.493381][T17249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2366.503438][T17249] Call Trace: [ 2366.506756][T17249] dump_stack+0x172/0x1f0 [ 2366.511094][T17249] dump_header+0x10b/0x82d [ 2366.515507][T17249] ? oom_kill_process+0x94/0x3f0 [ 2366.520452][T17249] oom_kill_process.cold+0x10/0x15 [ 2366.525567][T17249] out_of_memory+0x334/0x1340 [ 2366.530250][T17249] ? lock_downgrade+0x920/0x920 [ 2366.535114][T17249] ? oom_killer_disable+0x280/0x280 [ 2366.540326][T17249] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2366.546141][T17249] ? memcg_stat_show+0xc40/0xc40 [ 2366.551084][T17249] ? do_raw_spin_unlock+0x57/0x270 [ 2366.556280][T17249] ? _raw_spin_unlock+0x2d/0x50 [ 2366.561138][T17249] try_charge+0xf4b/0x1440 [ 2366.565563][T17249] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2366.571163][T17249] ? percpu_ref_tryget_live+0x111/0x290 [ 2366.576712][T17249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2366.582960][T17249] ? __kasan_check_read+0x11/0x20 [ 2366.587990][T17249] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2366.593898][T17249] mem_cgroup_try_charge+0x136/0x590 [ 2366.599193][T17249] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2366.604849][T17249] wp_page_copy+0x407/0x1860 [ 2366.609440][T17249] ? find_held_lock+0x35/0x130 [ 2366.614243][T17249] ? do_wp_page+0x53b/0x15c0 [ 2366.619446][T17249] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2366.625265][T17249] ? lock_downgrade+0x920/0x920 [ 2366.630125][T17249] ? swp_swapcount+0x540/0x540 [ 2366.634889][T17249] ? __kasan_check_read+0x11/0x20 [ 2366.639912][T17249] ? do_raw_spin_unlock+0x57/0x270 [ 2366.645834][T17249] do_wp_page+0x543/0x15c0 [ 2366.650278][T17249] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2366.655661][T17249] __handle_mm_fault+0x23ec/0x4040 [ 2366.662083][T17249] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2366.667632][T17249] ? handle_mm_fault+0x292/0xaa0 [ 2366.672604][T17249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2366.678849][T17249] ? __kasan_check_read+0x11/0x20 [ 2366.683879][T17249] handle_mm_fault+0x3b7/0xaa0 [ 2366.688650][T17249] __do_page_fault+0x536/0xdd0 [ 2366.693422][T17249] do_page_fault+0x38/0x590 [ 2366.697933][T17249] page_fault+0x39/0x40 [ 2366.702102][T17249] RIP: 0033:0x430b36 [ 2366.705994][T17249] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2366.726821][T17249] RSP: 002b:00007fff6b148920 EFLAGS: 00010206 [ 2366.733844][T17249] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2366.742956][T17249] RDX: 0000000002239930 RSI: 0000000002241970 RDI: 0000000000000003 [ 2366.750938][T17249] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002238940 [ 2366.759001][T17249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2366.766973][T17249] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2366.777936][T17249] memory: usage 2340kB, limit 0kB, failcnt 1527 [ 2366.784874][T17249] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2366.792207][T17249] Memory cgroup stats for /syz3: [ 2366.792310][T17249] anon 0 [ 2366.792310][T17249] file 0 [ 2366.792310][T17249] kernel_stack 65536 [ 2366.792310][T17249] slab 2580480 [ 2366.792310][T17249] sock 0 [ 2366.792310][T17249] shmem 0 [ 2366.792310][T17249] file_mapped 0 [ 2366.792310][T17249] file_dirty 0 [ 2366.792310][T17249] file_writeback 0 [ 2366.792310][T17249] anon_thp 0 [ 2366.792310][T17249] inactive_anon 0 [ 2366.792310][T17249] active_anon 0 [ 2366.792310][T17249] inactive_file 28672 [ 2366.792310][T17249] active_file 0 [ 2366.792310][T17249] unevictable 0 [ 2366.792310][T17249] slab_reclaimable 1892352 [ 2366.792310][T17249] slab_unreclaimable 688128 [ 2366.792310][T17249] pgfault 13398 [ 2366.792310][T17249] pgmajfault 0 [ 2366.792310][T17249] workingset_refault 0 [ 2366.792310][T17249] workingset_activate 0 [ 2366.792310][T17249] workingset_nodereclaim 0 [ 2366.792310][T17249] pgrefill 496 [ 2366.792310][T17249] pgscan 4606 [ 2366.792310][T17249] pgsteal 4107 [ 2366.792310][T17249] pgactivate 462 [ 2366.889148][T17249] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17249,uid=0 [ 2366.905210][T17249] Memory cgroup out of memory: Killed process 17249 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2366.923738][ T1054] oom_reaper: reaped process 17249 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2366.972847][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2366.984848][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2366.996098][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2367.005464][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2367.023741][T17262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 04:55:22 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x0, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2367.270704][T17251] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2367.298879][T17251] CPU: 0 PID: 17251 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2367.306827][T17251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2367.316888][T17251] Call Trace: [ 2367.320187][T17251] dump_stack+0x172/0x1f0 [ 2367.324537][T17251] dump_header+0x10b/0x82d [ 2367.328964][T17251] ? oom_kill_process+0x94/0x3f0 [ 2367.333903][T17251] oom_kill_process.cold+0x10/0x15 [ 2367.339024][T17251] out_of_memory+0x334/0x1340 [ 2367.343701][T17251] ? lock_downgrade+0x920/0x920 [ 2367.349247][T17251] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2367.355485][T17251] ? oom_killer_disable+0x280/0x280 [ 2367.360699][T17251] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2367.366239][T17251] ? memcg_stat_show+0xc40/0xc40 [ 2367.371180][T17251] ? do_raw_spin_unlock+0x57/0x270 [ 2367.376291][T17251] ? _raw_spin_unlock+0x2d/0x50 [ 2367.381148][T17251] try_charge+0xf4b/0x1440 [ 2367.385571][T17251] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2367.391114][T17251] ? percpu_ref_tryget_live+0x111/0x290 [ 2367.396661][T17251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2367.402900][T17251] ? __kasan_check_read+0x11/0x20 [ 2367.407925][T17251] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2367.413481][T17251] mem_cgroup_try_charge+0x136/0x590 [ 2367.418767][T17251] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2367.424401][T17251] wp_page_copy+0x407/0x1860 [ 2367.428993][T17251] ? find_held_lock+0x35/0x130 [ 2367.433756][T17251] ? do_wp_page+0x53b/0x15c0 [ 2367.438346][T17251] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2367.444156][T17251] ? lock_downgrade+0x920/0x920 [ 2367.449010][T17251] ? swp_swapcount+0x540/0x540 [ 2367.453771][T17251] ? __kasan_check_read+0x11/0x20 [ 2367.458797][T17251] ? do_raw_spin_unlock+0x57/0x270 [ 2367.463909][T17251] do_wp_page+0x543/0x15c0 [ 2367.468348][T17251] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2367.473728][T17251] __handle_mm_fault+0x23ec/0x4040 [ 2367.478837][T17251] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2367.484378][T17251] ? handle_mm_fault+0x292/0xaa0 [ 2367.489334][T17251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2367.495666][T17251] ? __kasan_check_read+0x11/0x20 [ 2367.500695][T17251] handle_mm_fault+0x3b7/0xaa0 [ 2367.505477][T17251] __do_page_fault+0x536/0xdd0 [ 2367.510255][T17251] do_page_fault+0x38/0x590 [ 2367.514852][T17251] page_fault+0x39/0x40 [ 2367.519011][T17251] RIP: 0033:0x430b36 [ 2367.522909][T17251] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2367.542514][T17251] RSP: 002b:00007fffa9f387b0 EFLAGS: 00010206 [ 2367.548578][T17251] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2367.556544][T17251] RDX: 000000000294d930 RSI: 0000000002955970 RDI: 0000000000000003 [ 2367.564517][T17251] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000294c940 [ 2367.572483][T17251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2367.580449][T17251] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2367.593107][T17251] memory: usage 760kB, limit 0kB, failcnt 880 [ 2367.599252][T17251] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2367.606177][T17251] Memory cgroup stats for /syz0: [ 2367.607779][T17251] anon 0 [ 2367.607779][T17251] file 0 [ 2367.607779][T17251] kernel_stack 65536 [ 2367.607779][T17251] slab 704512 [ 2367.607779][T17251] sock 0 [ 2367.607779][T17251] shmem 0 [ 2367.607779][T17251] file_mapped 0 [ 2367.607779][T17251] file_dirty 0 [ 2367.607779][T17251] file_writeback 0 [ 2367.607779][T17251] anon_thp 0 [ 2367.607779][T17251] inactive_anon 0 [ 2367.607779][T17251] active_anon 0 [ 2367.607779][T17251] inactive_file 135168 [ 2367.607779][T17251] active_file 0 [ 2367.607779][T17251] unevictable 0 [ 2367.607779][T17251] slab_reclaimable 135168 [ 2367.607779][T17251] slab_unreclaimable 569344 [ 2367.607779][T17251] pgfault 14982 [ 2367.607779][T17251] pgmajfault 0 [ 2367.607779][T17251] workingset_refault 0 [ 2367.607779][T17251] workingset_activate 0 [ 2367.607779][T17251] workingset_nodereclaim 0 [ 2367.607779][T17251] pgrefill 0 [ 2367.607779][T17251] pgscan 0 [ 2367.607779][T17251] pgsteal 0 [ 2367.607779][T17251] pgactivate 0 [ 2367.607779][T17251] pgdeactivate 0 [ 2367.708255][T17251] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17251,uid=0 [ 2367.724329][T17251] Memory cgroup out of memory: Killed process 17251 (syz-executor.0) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2367.743165][ T1054] oom_reaper: reaped process 17251 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 04:55:23 executing program 3: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2368.133328][T17273] 8021q: adding VLAN 0 to HW filter on device team0 04:55:23 executing program 3: r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = socket$kcm(0x11, 0x10000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f0000001a00)=r1, 0x4) [ 2368.302884][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2368.320102][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2368.344017][T17262] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2368.408620][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2368.444025][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2368.459469][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2368.466587][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2368.495607][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2368.601244][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2368.619837][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2368.628306][T11102] bridge0: port 2(bridge_slave_1) entered blocking state [ 2368.635450][T11102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2368.646000][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2368.701621][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2368.717868][T17277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2368.801648][T17277] 8021q: adding VLAN 0 to HW filter on device team0 [ 2368.809867][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2368.819345][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2368.828246][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2368.831830][T17304] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2368.838160][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2368.868699][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2368.878036][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2368.907867][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2368.937125][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2368.955312][T17304] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2368.967909][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2368.969074][T17304] CPU: 0 PID: 17304 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2368.983027][T17304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2368.993078][T17304] Call Trace: [ 2368.996367][T17304] dump_stack+0x172/0x1f0 [ 2369.000704][T17304] dump_header+0x10b/0x82d [ 2369.005124][T17304] oom_kill_process.cold+0x10/0x15 [ 2369.010244][T17304] out_of_memory+0x334/0x1340 [ 2369.015004][T17304] ? trace_hardirqs_on_caller+0x6a/0x240 [ 2369.020808][T17304] ? cgroup_file_notify+0x140/0x1b0 [ 2369.026014][T17304] ? oom_killer_disable+0x280/0x280 [ 2369.031228][T17304] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2369.036773][T17304] ? memcg_stat_show+0xc40/0xc40 [ 2369.041751][T17304] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2369.047587][T17304] ? cgroup_file_notify+0x140/0x1b0 [ 2369.052796][T17304] memory_max_write+0x262/0x3a0 [ 2369.057651][T17304] ? mem_cgroup_write+0x370/0x370 [ 2369.062684][T17304] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2369.068159][T17304] cgroup_file_write+0x241/0x790 [ 2369.074665][T17304] ? mem_cgroup_write+0x370/0x370 [ 2369.079693][T17304] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2369.085332][T17304] ? kernfs_ops+0x9f/0x120 [ 2369.089750][T17304] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2369.095383][T17304] kernfs_fop_write+0x2b8/0x480 [ 2369.100236][T17304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2369.106486][T17304] __vfs_write+0x8a/0x110 [ 2369.110891][T17304] ? kernfs_fop_open+0xd80/0xd80 [ 2369.115827][T17304] vfs_write+0x268/0x5d0 [ 2369.120072][T17304] ksys_write+0x14f/0x290 [ 2369.124402][T17304] ? __ia32_sys_read+0xb0/0xb0 [ 2369.129168][T17304] ? do_syscall_64+0x26/0x760 [ 2369.133946][T17304] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2369.140037][T17304] ? do_syscall_64+0x26/0x760 [ 2369.144718][T17304] __x64_sys_write+0x73/0xb0 [ 2369.149307][T17304] do_syscall_64+0xfa/0x760 [ 2369.153812][T17304] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2369.159699][T17304] RIP: 0033:0x459a59 [ 2369.163593][T17304] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2369.183200][T17304] RSP: 002b:00007fad27ebbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2369.191616][T17304] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2369.199582][T17304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2369.207550][T17304] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2369.215519][T17304] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad27ebc6d4 [ 2369.223491][T17304] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2369.244817][T17304] memory: usage 3116kB, limit 0kB, failcnt 685 [ 2369.254193][T17304] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2369.262036][T17304] Memory cgroup stats for /syz5: [ 2369.262999][T17304] anon 2166784 [ 2369.262999][T17304] file 0 [ 2369.262999][T17304] kernel_stack 65536 [ 2369.262999][T17304] slab 544768 [ 2369.262999][T17304] sock 0 [ 2369.262999][T17304] shmem 0 [ 2369.262999][T17304] file_mapped 0 [ 2369.262999][T17304] file_dirty 0 [ 2369.262999][T17304] file_writeback 0 [ 2369.262999][T17304] anon_thp 2097152 [ 2369.262999][T17304] inactive_anon 0 [ 2369.262999][T17304] active_anon 2166784 [ 2369.262999][T17304] inactive_file 0 [ 2369.262999][T17304] active_file 0 [ 2369.262999][T17304] unevictable 0 [ 2369.262999][T17304] slab_reclaimable 135168 [ 2369.262999][T17304] slab_unreclaimable 409600 [ 2369.262999][T17304] pgfault 8514 [ 2369.262999][T17304] pgmajfault 0 [ 2369.262999][T17304] workingset_refault 0 [ 2369.262999][T17304] workingset_activate 0 [ 2369.262999][T17304] workingset_nodereclaim 0 [ 2369.262999][T17304] pgrefill 233 [ 2369.262999][T17304] pgscan 362 [ 2369.262999][T17304] pgsteal 146 [ 2369.262999][T17304] pgactivate 198 [ 2369.361601][T17304] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17303,uid=0 [ 2369.389532][T17304] Memory cgroup out of memory: Killed process 17303 (syz-executor.5) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2369.437400][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2369.448188][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2369.461053][ T1054] oom_reaper: reaped process 17303 (syz-executor.5), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2369.474029][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2369.481943][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2369.556978][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2369.589434][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2369.597896][T11361] bridge0: port 2(bridge_slave_1) entered blocking state [ 2369.605048][T11361] bridge0: port 2(bridge_slave_1) entered forwarding state 04:55:24 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:24 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0x0, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2369.666870][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2369.696491][T17262] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2369.731167][T17279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2369.738512][T17262] CPU: 0 PID: 17262 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2369.746556][T17262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2369.756616][T17262] Call Trace: [ 2369.759917][T17262] dump_stack+0x172/0x1f0 [ 2369.764279][T17262] dump_header+0x10b/0x82d [ 2369.768783][T17262] ? oom_kill_process+0x94/0x3f0 [ 2369.773732][T17262] oom_kill_process.cold+0x10/0x15 [ 2369.778848][T17262] out_of_memory+0x334/0x1340 [ 2369.783530][T17262] ? lock_downgrade+0x920/0x920 [ 2369.788385][T17262] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2369.794193][T17262] ? oom_killer_disable+0x280/0x280 [ 2369.799403][T17262] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2369.804947][T17262] ? memcg_stat_show+0xc40/0xc40 [ 2369.808842][T17279] 8021q: adding VLAN 0 to HW filter on device team0 [ 2369.809890][T17262] ? do_raw_spin_unlock+0x57/0x270 [ 2369.822596][T17262] ? _raw_spin_unlock+0x2d/0x50 [ 2369.827454][T17262] try_charge+0xf4b/0x1440 [ 2369.831879][T17262] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2369.837426][T17262] ? percpu_ref_tryget_live+0x111/0x290 [ 2369.842974][T17262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2369.849242][T17262] ? __kasan_check_read+0x11/0x20 [ 2369.854308][T17262] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2369.859857][T17262] mem_cgroup_try_charge+0x136/0x590 [ 2369.865172][T17262] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2369.870821][T17262] wp_page_copy+0x407/0x1860 [ 2369.875408][T17262] ? find_held_lock+0x35/0x130 [ 2369.880175][T17262] ? do_wp_page+0x53b/0x15c0 [ 2369.884770][T17262] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2369.890589][T17262] ? lock_downgrade+0x920/0x920 [ 2369.895446][T17262] ? swp_swapcount+0x540/0x540 [ 2369.900294][T17262] ? __kasan_check_read+0x11/0x20 [ 2369.905316][T17262] ? do_raw_spin_unlock+0x57/0x270 [ 2369.910434][T17262] do_wp_page+0x543/0x15c0 [ 2369.914854][T17262] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2369.920238][T17262] __handle_mm_fault+0x23ec/0x4040 [ 2369.925354][T17262] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2369.930918][T17262] ? handle_mm_fault+0x292/0xaa0 [ 2369.935863][T17262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2369.938716][T17279] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2369.942097][T17262] ? __kasan_check_read+0x11/0x20 [ 2369.942115][T17262] handle_mm_fault+0x3b7/0xaa0 [ 2369.942135][T17262] __do_page_fault+0x536/0xdd0 [ 2369.942161][T17262] do_page_fault+0x38/0x590 [ 2369.942181][T17262] page_fault+0x39/0x40 [ 2369.942192][T17262] RIP: 0033:0x430b36 [ 2369.942208][T17262] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2369.942215][T17262] RSP: 002b:00007fffb16ce8c0 EFLAGS: 00010206 [ 2369.942227][T17262] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2369.942239][T17262] RDX: 00000000010f5930 RSI: 00000000010fd970 RDI: 0000000000000003 [ 2369.979278][T17279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2369.979671][T17262] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000010f4940 [ 2370.039658][T17262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2370.047631][T17262] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2370.078932][T17262] memory: usage 796kB, limit 0kB, failcnt 693 [ 2370.085057][T17262] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2370.095327][T17273] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2370.117672][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2370.121125][T17262] Memory cgroup stats for /syz5: [ 2370.122646][T17262] anon 61440 [ 2370.122646][T17262] file 0 [ 2370.122646][T17262] kernel_stack 0 [ 2370.122646][T17262] slab 544768 [ 2370.122646][T17262] sock 0 [ 2370.122646][T17262] shmem 0 [ 2370.122646][T17262] file_mapped 0 [ 2370.122646][T17262] file_dirty 0 [ 2370.122646][T17262] file_writeback 0 [ 2370.122646][T17262] anon_thp 0 [ 2370.122646][T17262] inactive_anon 0 [ 2370.122646][T17262] active_anon 61440 [ 2370.122646][T17262] inactive_file 0 [ 2370.122646][T17262] active_file 0 [ 2370.122646][T17262] unevictable 0 [ 2370.122646][T17262] slab_reclaimable 135168 [ 2370.122646][T17262] slab_unreclaimable 409600 [ 2370.122646][T17262] pgfault 8514 [ 2370.122646][T17262] pgmajfault 0 [ 2370.122646][T17262] workingset_refault 0 [ 2370.122646][T17262] workingset_activate 0 [ 2370.122646][T17262] workingset_nodereclaim 0 [ 2370.122646][T17262] pgrefill 233 [ 2370.122646][T17262] pgscan 362 [ 2370.122646][T17262] pgsteal 146 [ 2370.122646][T17262] pgactivate 198 [ 2370.127820][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2370.148870][T17262] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17262,uid=0 [ 2370.222793][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2370.254081][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2370.263564][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2370.271793][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2370.280086][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2370.289696][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2370.298157][T11159] bridge0: port 1(bridge_slave_0) entered blocking state [ 2370.305290][T11159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2370.313650][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2370.319711][T17262] Memory cgroup out of memory: Killed process 17262 (syz-executor.5) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2370.322741][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2370.347525][T11159] bridge0: port 2(bridge_slave_1) entered blocking state [ 2370.354644][T11159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2370.362878][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2370.373106][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2370.383442][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2370.392797][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2370.401988][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2370.411215][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2370.420067][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2370.428627][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2370.437896][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2370.447674][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2370.710542][ C0] neighbour: ndisc_cache: neighbor table overflow! [ 2370.823090][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2370.831732][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2370.840784][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2370.849123][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2370.858330][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2370.868210][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2370.877957][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2370.887794][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2370.897263][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2370.906872][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2370.945719][T17306] IPVS: ftp: loaded support on port[0] = 21 [ 2371.054200][T17277] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2371.080831][T17277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2371.110985][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2371.120270][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2371.208200][T17279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2371.234580][T17273] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2371.443576][T17277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2371.565500][T17316] IPVS: ftp: loaded support on port[0] = 21 [ 2371.615590][T17327] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2371.635874][T17326] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2371.840935][T17333] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2371.900167][T17327] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2371.926919][T17327] CPU: 0 PID: 17327 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2371.934871][T17327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2371.945028][T17327] Call Trace: [ 2371.952456][T17327] dump_stack+0x172/0x1f0 [ 2371.957289][T17327] dump_header+0x10b/0x82d [ 2371.961985][T17327] oom_kill_process.cold+0x10/0x15 [ 2371.967116][T17327] out_of_memory+0x334/0x1340 [ 2371.971896][T17327] ? __sched_text_start+0x8/0x8 [ 2371.976777][T17327] ? oom_killer_disable+0x280/0x280 [ 2371.982176][T17327] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2371.987729][T17327] ? memcg_stat_show+0xc40/0xc40 [ 2371.992684][T17327] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2371.998516][T17327] ? cgroup_file_notify+0x140/0x1b0 [ 2372.004182][T17327] memory_max_write+0x262/0x3a0 [ 2372.009076][T17327] ? mem_cgroup_write+0x370/0x370 [ 2372.014125][T17327] ? cgroup_file_write+0x86/0x790 [ 2372.019188][T17327] cgroup_file_write+0x241/0x790 [ 2372.025981][T17327] ? mem_cgroup_write+0x370/0x370 [ 2372.031036][T17327] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2372.036701][T17327] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2372.042436][T17327] kernfs_fop_write+0x2b8/0x480 [ 2372.047658][T17327] __vfs_write+0x8a/0x110 [ 2372.052098][T17327] ? kernfs_fop_open+0xd80/0xd80 [ 2372.057052][T17327] vfs_write+0x268/0x5d0 [ 2372.061310][T17327] ksys_write+0x14f/0x290 [ 2372.065648][T17327] ? __ia32_sys_read+0xb0/0xb0 [ 2372.070426][T17327] ? do_syscall_64+0x26/0x760 [ 2372.075900][T17327] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2372.082071][T17327] ? do_syscall_64+0x26/0x760 [ 2372.086849][T17327] __x64_sys_write+0x73/0xb0 [ 2372.091648][T17327] do_syscall_64+0xfa/0x760 [ 2372.096173][T17327] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2372.102082][T17327] RIP: 0033:0x459a59 [ 2372.105984][T17327] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2372.125689][T17327] RSP: 002b:00007f7f336d1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2372.134122][T17327] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2372.142102][T17327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2372.150084][T17327] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2372.158063][T17327] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f336d26d4 [ 2372.166041][T17327] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2372.189813][T17327] memory: usage 3212kB, limit 0kB, failcnt 1003 [ 2372.196446][T17327] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2372.198191][T17306] chnl_net:caif_netlink_parms(): no params data found [ 2372.211090][T17327] Memory cgroup stats for /syz4: [ 2372.212351][T17327] anon 2088960 [ 2372.212351][T17327] file 163840 [ 2372.212351][T17327] kernel_stack 65536 [ 2372.212351][T17327] slab 692224 [ 2372.212351][T17327] sock 0 [ 2372.212351][T17327] shmem 0 [ 2372.212351][T17327] file_mapped 0 [ 2372.212351][T17327] file_dirty 135168 [ 2372.212351][T17327] file_writeback 0 [ 2372.212351][T17327] anon_thp 2097152 [ 2372.212351][T17327] inactive_anon 0 [ 2372.212351][T17327] active_anon 2088960 [ 2372.212351][T17327] inactive_file 135168 [ 2372.212351][T17327] active_file 0 [ 2372.212351][T17327] unevictable 0 [ 2372.212351][T17327] slab_reclaimable 270336 [ 2372.212351][T17327] slab_unreclaimable 421888 [ 2372.212351][T17327] pgfault 9273 [ 2372.212351][T17327] pgmajfault 0 [ 2372.212351][T17327] workingset_refault 0 [ 2372.212351][T17327] workingset_activate 0 [ 2372.212351][T17327] workingset_nodereclaim 0 [ 2372.212351][T17327] pgrefill 264 [ 2372.212351][T17327] pgscan 292 [ 2372.212351][T17327] pgsteal 59 [ 2372.212351][T17327] pgactivate 231 [ 2372.217585][T17327] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17319,uid=0 [ 2372.349923][T17327] Memory cgroup out of memory: Killed process 17319 (syz-executor.4) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2372.461577][ T1054] oom_reaper: reaped process 17319 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2372.474540][T17333] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2372.491550][T17333] CPU: 1 PID: 17333 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2372.499469][T17333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2372.509697][T17333] Call Trace: [ 2372.512992][T17333] dump_stack+0x172/0x1f0 [ 2372.517321][T17333] dump_header+0x10b/0x82d [ 2372.521732][T17333] oom_kill_process.cold+0x10/0x15 [ 2372.521747][T17333] out_of_memory+0x334/0x1340 [ 2372.521766][T17333] ? oom_killer_disable+0x280/0x280 [ 2372.521790][T17333] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2372.521803][T17333] ? memcg_stat_show+0xc40/0xc40 [ 2372.521827][T17333] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2372.553098][T17333] ? cgroup_file_notify+0x140/0x1b0 [ 2372.558295][T17333] memory_max_write+0x262/0x3a0 [ 2372.558314][T17333] ? mem_cgroup_write+0x370/0x370 [ 2372.568450][T17333] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2372.573954][T17333] cgroup_file_write+0x241/0x790 [ 2372.578906][T17333] ? mem_cgroup_write+0x370/0x370 [ 2372.583936][T17333] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2372.589568][T17333] ? kernfs_ops+0x9f/0x120 [ 2372.589587][T17333] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2372.589601][T17333] kernfs_fop_write+0x2b8/0x480 [ 2372.589622][T17333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2372.600185][T17333] __vfs_write+0x8a/0x110 [ 2372.600200][T17333] ? kernfs_fop_open+0xd80/0xd80 [ 2372.600215][T17333] vfs_write+0x268/0x5d0 [ 2372.600238][T17333] ksys_write+0x14f/0x290 [ 2372.611294][T17333] ? __ia32_sys_read+0xb0/0xb0 [ 2372.611317][T17333] __x64_sys_write+0x73/0xb0 [ 2372.611335][T17333] do_syscall_64+0xfa/0x760 [ 2372.611358][T17333] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2372.620580][T17333] RIP: 0033:0x459a59 [ 2372.620597][T17333] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2372.620605][T17333] RSP: 002b:00007fb06976dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2372.620618][T17333] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2372.620630][T17333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2372.629426][T17333] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 04:55:27 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x0, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 04:55:27 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:27 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2372.629435][T17333] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb06976e6d4 [ 2372.629443][T17333] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2372.761970][T17333] memory: usage 16208kB, limit 0kB, failcnt 111 [ 2372.768499][T17333] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2372.777151][T17333] Memory cgroup stats for /syz1: [ 2372.777276][T17333] anon 2125824 [ 2372.777276][T17333] file 4096 [ 2372.777276][T17333] kernel_stack 65536 [ 2372.777276][T17333] slab 14471168 [ 2372.777276][T17333] sock 0 [ 2372.777276][T17333] shmem 0 [ 2372.777276][T17333] file_mapped 0 [ 2372.777276][T17333] file_dirty 0 [ 2372.777276][T17333] file_writeback 0 [ 2372.777276][T17333] anon_thp 2097152 [ 2372.777276][T17333] inactive_anon 0 [ 2372.777276][T17333] active_anon 2125824 [ 2372.777276][T17333] inactive_file 135168 [ 2372.777276][T17333] active_file 0 [ 2372.777276][T17333] unevictable 0 [ 2372.777276][T17333] slab_reclaimable 13787136 [ 2372.777276][T17333] slab_unreclaimable 684032 [ 2372.777276][T17333] pgfault 37752 [ 2372.777276][T17333] pgmajfault 0 [ 2372.777276][T17333] workingset_refault 0 [ 2372.777276][T17333] workingset_activate 0 [ 2372.777276][T17333] workingset_nodereclaim 0 [ 2372.777276][T17333] pgrefill 135 [ 2372.777276][T17333] pgscan 133 [ 2372.777276][T17333] pgsteal 0 [ 2372.777276][T17333] pgactivate 99 [ 2372.875013][T17333] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17331,uid=0 [ 2372.891002][T17333] Memory cgroup out of memory: Killed process 17333 (syz-executor.1) total-vm:72712kB, anon-rss:2192kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2372.911560][ T1054] oom_reaper: reaped process 17333 (syz-executor.1), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2372.923274][T17279] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2372.934327][T17279] CPU: 0 PID: 17279 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2372.942254][T17279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2372.952343][T17279] Call Trace: [ 2372.955659][T17279] dump_stack+0x172/0x1f0 [ 2372.960018][T17279] dump_header+0x10b/0x82d [ 2372.964452][T17279] ? oom_kill_process+0x94/0x3f0 [ 2372.969850][T17279] oom_kill_process.cold+0x10/0x15 [ 2372.974981][T17279] out_of_memory+0x334/0x1340 [ 2372.979668][T17279] ? lock_downgrade+0x920/0x920 [ 2372.984552][T17279] ? oom_killer_disable+0x280/0x280 [ 2372.989771][T17279] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2372.995332][T17279] ? memcg_stat_show+0xc40/0xc40 [ 2373.000284][T17279] ? do_raw_spin_unlock+0x57/0x270 [ 2373.005522][T17279] ? _raw_spin_unlock+0x2d/0x50 [ 2373.010396][T17279] try_charge+0xf4b/0x1440 [ 2373.014845][T17279] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2373.020399][T17279] ? percpu_ref_tryget_live+0x111/0x290 [ 2373.020423][T17279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.032199][T17279] ? __kasan_check_read+0x11/0x20 [ 2373.037249][T17279] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2373.042858][T17279] mem_cgroup_try_charge+0x136/0x590 [ 2373.048165][T17279] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2373.053813][T17279] wp_page_copy+0x407/0x1860 [ 2373.058429][T17279] ? find_held_lock+0x35/0x130 [ 2373.063189][T17279] ? do_wp_page+0x53b/0x15c0 [ 2373.063205][T17279] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2373.063219][T17279] ? lock_downgrade+0x920/0x920 [ 2373.063238][T17279] ? swp_swapcount+0x540/0x540 [ 2373.063252][T17279] ? __kasan_check_read+0x11/0x20 [ 2373.063263][T17279] ? do_raw_spin_unlock+0x57/0x270 [ 2373.063278][T17279] do_wp_page+0x543/0x15c0 [ 2373.063297][T17279] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2373.103110][T17279] __handle_mm_fault+0x23ec/0x4040 [ 2373.108218][T17279] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2373.108234][T17279] ? handle_mm_fault+0x292/0xaa0 [ 2373.118729][T17279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.124976][T17279] ? __kasan_check_read+0x11/0x20 [ 2373.130002][T17279] handle_mm_fault+0x3b7/0xaa0 [ 2373.134778][T17279] __do_page_fault+0x536/0xdd0 [ 2373.139560][T17279] do_page_fault+0x38/0x590 [ 2373.139581][T17279] page_fault+0x39/0x40 [ 2373.139591][T17279] RIP: 0033:0x430b36 [ 2373.139605][T17279] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2373.139613][T17279] RSP: 002b:00007ffe3abd2890 EFLAGS: 00010206 [ 2373.139624][T17279] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2373.139631][T17279] RDX: 0000000002556930 RSI: 000000000255e970 RDI: 0000000000000003 [ 2373.139639][T17279] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002555940 [ 2373.139647][T17279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 04:55:28 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2373.139655][T17279] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2373.156271][T17279] memory: usage 812kB, limit 0kB, failcnt 808 [ 2373.227585][T17279] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.235276][T17279] Memory cgroup stats for /syz2: [ 2373.235375][T17279] anon 73728 [ 2373.235375][T17279] file 12288 [ 2373.235375][T17279] kernel_stack 65536 [ 2373.235375][T17279] slab 651264 [ 2373.235375][T17279] sock 0 [ 2373.235375][T17279] shmem 0 [ 2373.235375][T17279] file_mapped 0 [ 2373.235375][T17279] file_dirty 0 [ 2373.235375][T17279] file_writeback 0 [ 2373.235375][T17279] anon_thp 0 [ 2373.235375][T17279] inactive_anon 0 [ 2373.235375][T17279] active_anon 0 [ 2373.235375][T17279] inactive_file 0 [ 2373.235375][T17279] active_file 0 [ 2373.235375][T17279] unevictable 0 [ 2373.235375][T17279] slab_reclaimable 135168 [ 2373.235375][T17279] slab_unreclaimable 516096 [ 2373.235375][T17279] pgfault 15081 [ 2373.235375][T17279] pgmajfault 0 [ 2373.235375][T17279] workingset_refault 0 [ 2373.235375][T17279] workingset_activate 0 [ 2373.235375][T17279] workingset_nodereclaim 0 [ 2373.235375][T17279] pgrefill 0 [ 2373.235375][T17279] pgscan 0 [ 2373.235375][T17279] pgsteal 0 [ 2373.235375][T17279] pgactivate 0 [ 2373.235375][T17279] pgdeactivate 0 [ 2373.254790][T17306] bridge0: port 1(bridge_slave_0) entered blocking state [ 2373.341392][T17279] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17279,uid=0 [ 2373.357071][T17279] Memory cgroup out of memory: Killed process 17279 (syz-executor.2) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2373.375092][T17273] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2373.375726][ T1054] oom_reaper: reaped process 17279 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2373.385948][T17273] CPU: 0 PID: 17273 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2373.404284][T17273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2373.414340][T17273] Call Trace: [ 2373.417638][T17273] dump_stack+0x172/0x1f0 [ 2373.421978][T17273] dump_header+0x10b/0x82d [ 2373.426393][T17273] ? oom_kill_process+0x94/0x3f0 [ 2373.431334][T17273] oom_kill_process.cold+0x10/0x15 [ 2373.436452][T17273] out_of_memory+0x334/0x1340 [ 2373.441162][T17273] ? lock_downgrade+0x920/0x920 [ 2373.446038][T17273] ? oom_killer_disable+0x280/0x280 [ 2373.449106][T17306] bridge0: port 1(bridge_slave_0) entered disabled state [ 2373.451256][T17273] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2373.463810][T17273] ? memcg_stat_show+0xc40/0xc40 [ 2373.468763][T17273] ? do_raw_spin_unlock+0x57/0x270 [ 2373.473878][T17273] ? _raw_spin_unlock+0x2d/0x50 [ 2373.478747][T17273] try_charge+0xf4b/0x1440 [ 2373.479467][T17306] device bridge_slave_0 entered promiscuous mode [ 2373.483185][T17273] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2373.495048][T17273] ? percpu_ref_tryget_live+0x111/0x290 [ 2373.500698][T17273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.506986][T17273] ? __kasan_check_read+0x11/0x20 [ 2373.512028][T17273] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2373.512047][T17273] mem_cgroup_try_charge+0x136/0x590 [ 2373.522881][T17273] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2373.528522][T17273] __handle_mm_fault+0x1f0d/0x4040 [ 2373.533657][T17273] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2373.539212][T17273] ? handle_mm_fault+0x292/0xaa0 [ 2373.544175][T17273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.550506][T17273] ? __kasan_check_read+0x11/0x20 [ 2373.555532][T17273] handle_mm_fault+0x3b7/0xaa0 [ 2373.560311][T17273] __do_page_fault+0x536/0xdd0 [ 2373.565082][T17273] do_page_fault+0x38/0x590 [ 2373.569853][T17273] page_fault+0x39/0x40 [ 2373.574006][T17273] RIP: 0033:0x4579f1 [ 2373.577899][T17273] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 2373.597594][T17273] RSP: 002b:00007fffb161bfb0 EFLAGS: 00010206 [ 2373.603673][T17273] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004579d0 [ 2373.611752][T17273] RDX: 00007fffb161bfb0 RSI: 0000000000000003 RDI: 0000000000000001 [ 2373.619853][T17273] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001b0e940 [ 2373.627861][T17273] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fffb161d190 [ 2373.635851][T17273] R13: 00007fffb161d180 R14: 0000000000000000 R15: 00007fffb161d190 [ 2373.656033][T17273] memory: usage 840kB, limit 0kB, failcnt 1011 [ 2373.664348][T17273] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.671814][T17273] Memory cgroup stats for /syz4: [ 2373.671918][T17273] anon 0 [ 2373.671918][T17273] file 163840 [ 2373.671918][T17273] kernel_stack 65536 [ 2373.671918][T17273] slab 692224 [ 2373.671918][T17273] sock 0 [ 2373.671918][T17273] shmem 0 [ 2373.671918][T17273] file_mapped 0 [ 2373.671918][T17273] file_dirty 135168 [ 2373.671918][T17273] file_writeback 0 [ 2373.671918][T17273] anon_thp 0 [ 2373.671918][T17273] inactive_anon 0 [ 2373.671918][T17273] active_anon 0 [ 2373.671918][T17273] inactive_file 135168 [ 2373.671918][T17273] active_file 0 [ 2373.671918][T17273] unevictable 0 [ 2373.671918][T17273] slab_reclaimable 270336 [ 2373.671918][T17273] slab_unreclaimable 421888 [ 2373.671918][T17273] pgfault 9273 [ 2373.671918][T17273] pgmajfault 0 [ 2373.671918][T17273] workingset_refault 0 [ 2373.671918][T17273] workingset_activate 0 [ 2373.671918][T17273] workingset_nodereclaim 0 [ 2373.671918][T17273] pgrefill 264 [ 2373.671918][T17273] pgscan 292 [ 2373.671918][T17273] pgsteal 59 [ 2373.671918][T17273] pgactivate 231 [ 2373.766400][T17273] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17273,uid=0 [ 2373.788938][T17273] Memory cgroup out of memory: Killed process 17273 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2373.806972][T17277] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2373.808258][ T1054] oom_reaper: reaped process 17273 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2373.828627][T17306] bridge0: port 2(bridge_slave_1) entered blocking state [ 2373.829360][T17277] CPU: 0 PID: 17277 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2373.843596][T17277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2373.848995][T17306] bridge0: port 2(bridge_slave_1) entered disabled state [ 2373.853661][T17277] Call Trace: [ 2373.863963][T17277] dump_stack+0x172/0x1f0 [ 2373.868390][T17277] dump_header+0x10b/0x82d [ 2373.872805][T17277] ? oom_kill_process+0x94/0x3f0 [ 2373.872826][T17277] oom_kill_process.cold+0x10/0x15 [ 2373.882891][T17277] out_of_memory+0x334/0x1340 [ 2373.887573][T17277] ? lock_downgrade+0x920/0x920 [ 2373.892436][T17277] ? oom_killer_disable+0x280/0x280 [ 2373.893825][T17306] device bridge_slave_1 entered promiscuous mode [ 2373.897678][T17277] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2373.909527][T17277] ? memcg_stat_show+0xc40/0xc40 [ 2373.914473][T17277] ? do_raw_spin_unlock+0x57/0x270 [ 2373.919591][T17277] ? _raw_spin_unlock+0x2d/0x50 [ 2373.924460][T17277] try_charge+0xf4b/0x1440 [ 2373.928915][T17277] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2373.928928][T17277] ? percpu_ref_tryget_live+0x111/0x290 [ 2373.928946][T17277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.928961][T17277] ? __kasan_check_read+0x11/0x20 [ 2373.928979][T17277] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2373.928995][T17277] mem_cgroup_try_charge+0x136/0x590 [ 2373.929014][T17277] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2373.929032][T17277] wp_page_copy+0x407/0x1860 [ 2373.929049][T17277] ? find_held_lock+0x35/0x130 [ 2373.929063][T17277] ? do_wp_page+0x53b/0x15c0 [ 2373.929079][T17277] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2373.929094][T17277] ? lock_downgrade+0x920/0x920 [ 2373.929112][T17277] ? swp_swapcount+0x540/0x540 [ 2373.929127][T17277] ? __kasan_check_read+0x11/0x20 [ 2373.929145][T17277] ? do_raw_spin_unlock+0x57/0x270 [ 2373.929163][T17277] do_wp_page+0x543/0x15c0 [ 2373.940257][T17277] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2373.940283][T17277] __handle_mm_fault+0x23ec/0x4040 [ 2373.940301][T17277] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2373.940314][T17277] ? handle_mm_fault+0x292/0xaa0 [ 2373.940342][T17277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.981949][T17277] ? __kasan_check_read+0x11/0x20 [ 2373.992598][T17277] handle_mm_fault+0x3b7/0xaa0 [ 2373.992619][T17277] __do_page_fault+0x536/0xdd0 [ 2373.992638][T17277] do_page_fault+0x38/0x590 [ 2373.992657][T17277] page_fault+0x39/0x40 [ 2373.992668][T17277] RIP: 0033:0x430b36 [ 2373.992683][T17277] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2373.992690][T17277] RSP: 002b:00007ffebec31590 EFLAGS: 00010206 [ 2373.992700][T17277] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2373.992708][T17277] RDX: 000000000102b930 RSI: 0000000001033970 RDI: 0000000000000003 [ 2373.992715][T17277] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000102a940 [ 2373.992721][T17277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2373.992728][T17277] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2374.228931][T17277] memory: usage 13840kB, limit 0kB, failcnt 119 [ 2374.235224][T17277] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2374.258837][T17277] Memory cgroup stats for /syz1: [ 2374.258948][T17277] anon 28672 [ 2374.258948][T17277] file 4096 [ 2374.258948][T17277] kernel_stack 0 [ 2374.258948][T17277] slab 14336000 [ 2374.258948][T17277] sock 0 [ 2374.258948][T17277] shmem 0 [ 2374.258948][T17277] file_mapped 0 [ 2374.258948][T17277] file_dirty 0 [ 2374.258948][T17277] file_writeback 0 [ 2374.258948][T17277] anon_thp 0 [ 2374.258948][T17277] inactive_anon 0 [ 2374.258948][T17277] active_anon 28672 [ 2374.258948][T17277] inactive_file 135168 [ 2374.258948][T17277] active_file 0 [ 2374.258948][T17277] unevictable 0 [ 2374.258948][T17277] slab_reclaimable 13651968 [ 2374.258948][T17277] slab_unreclaimable 684032 [ 2374.258948][T17277] pgfault 37752 [ 2374.258948][T17277] pgmajfault 0 [ 2374.258948][T17277] workingset_refault 0 [ 2374.258948][T17277] workingset_activate 0 [ 2374.258948][T17277] workingset_nodereclaim 0 [ 2374.258948][T17277] pgrefill 135 [ 2374.258948][T17277] pgscan 133 [ 2374.258948][T17277] pgsteal 0 [ 2374.258948][T17277] pgactivate 99 [ 2374.360129][T17277] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17277,uid=0 [ 2374.386123][T17277] Memory cgroup out of memory: Killed process 17277 (syz-executor.1) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2374.404719][ T1054] oom_reaper: reaped process 17277 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2374.656351][T17306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2374.941436][T17336] IPVS: ftp: loaded support on port[0] = 21 04:55:30 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:30 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2375.274651][T17306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 04:55:30 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x0, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 04:55:30 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:30 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2375.472698][T17306] team0: Port device team_slave_0 added [ 2375.499425][T17316] chnl_net:caif_netlink_parms(): no params data found [ 2375.566693][T17306] team0: Port device team_slave_1 added [ 2375.762423][T17306] device hsr_slave_0 entered promiscuous mode [ 2375.841145][T17306] device hsr_slave_1 entered promiscuous mode [ 2375.869304][T17306] debugfs: Directory 'hsr0' with parent '/' already present! [ 2375.881816][T17316] bridge0: port 1(bridge_slave_0) entered blocking state [ 2375.891073][T17316] bridge0: port 1(bridge_slave_0) entered disabled state [ 2375.900124][T17316] device bridge_slave_0 entered promiscuous mode [ 2375.964643][T17316] bridge0: port 2(bridge_slave_1) entered blocking state [ 2375.972592][T17316] bridge0: port 2(bridge_slave_1) entered disabled state [ 2375.981635][T17316] device bridge_slave_1 entered promiscuous mode [ 2376.111696][T17316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2376.142628][T17316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2376.242272][T17336] chnl_net:caif_netlink_parms(): no params data found [ 2376.288194][T17316] team0: Port device team_slave_0 added [ 2376.297604][T17316] team0: Port device team_slave_1 added [ 2376.446887][T17336] bridge0: port 1(bridge_slave_0) entered blocking state [ 2376.456526][T17336] bridge0: port 1(bridge_slave_0) entered disabled state [ 2376.465416][T17336] device bridge_slave_0 entered promiscuous mode [ 2376.603023][T17316] device hsr_slave_0 entered promiscuous mode [ 2376.689912][T17316] device hsr_slave_1 entered promiscuous mode [ 2376.728972][T17316] debugfs: Directory 'hsr0' with parent '/' already present! [ 2376.795959][T17336] bridge0: port 2(bridge_slave_1) entered blocking state [ 2376.803987][T17336] bridge0: port 2(bridge_slave_1) entered disabled state [ 2376.812868][T17336] device bridge_slave_1 entered promiscuous mode [ 2376.844191][T17336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2376.866733][T17340] IPVS: ftp: loaded support on port[0] = 21 [ 2376.934385][T17336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2376.966857][T17306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2377.058242][T17342] IPVS: ftp: loaded support on port[0] = 21 [ 2377.082198][T17336] team0: Port device team_slave_0 added [ 2377.131005][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2377.139675][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2377.151976][T17336] team0: Port device team_slave_1 added [ 2377.168456][T17306] 8021q: adding VLAN 0 to HW filter on device team0 [ 2377.300865][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2377.312740][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2377.322483][ T8893] bridge0: port 1(bridge_slave_0) entered blocking state [ 2377.329594][ T8893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2377.374189][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2377.383699][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2377.393814][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2377.402603][T11481] bridge0: port 2(bridge_slave_1) entered blocking state [ 2377.410060][T11481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2377.423042][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2377.481692][T17336] device hsr_slave_0 entered promiscuous mode [ 2377.519953][T17336] device hsr_slave_1 entered promiscuous mode [ 2377.578936][T17336] debugfs: Directory 'hsr0' with parent '/' already present! [ 2377.691900][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2377.803104][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2377.813452][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2377.823347][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2377.833392][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2377.921496][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2377.940126][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2377.949795][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2378.048097][T17306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2378.062753][T17306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2378.077828][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2378.088374][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2378.254746][T17316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2378.270987][T17306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2378.304728][T17342] chnl_net:caif_netlink_parms(): no params data found [ 2378.395459][T17340] chnl_net:caif_netlink_parms(): no params data found [ 2378.522779][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2378.532420][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:55:33 executing program 3: ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000200)=0xa7) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x300, 'c\x86\xdd', 0x7}]}, 0x90ad) 04:55:33 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2378.612856][T17316] 8021q: adding VLAN 0 to HW filter on device team0 [ 2378.681372][T17336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2378.764203][T17342] bridge0: port 1(bridge_slave_0) entered blocking state [ 2378.778911][T17342] bridge0: port 1(bridge_slave_0) entered disabled state [ 2378.794719][T17342] device bridge_slave_0 entered promiscuous mode [ 2378.831075][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2378.859914][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2378.880291][ T2871] bridge0: port 1(bridge_slave_0) entered blocking state [ 2378.887397][ T2871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2378.983515][T17342] bridge0: port 2(bridge_slave_1) entered blocking state [ 2378.991620][T17342] bridge0: port 2(bridge_slave_1) entered disabled state [ 2379.001224][T17342] device bridge_slave_1 entered promiscuous mode [ 2379.016220][T17355] device nr0 entered promiscuous mode [ 2379.026187][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2379.039939][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2379.050025][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2379.059501][ T2871] bridge0: port 2(bridge_slave_1) entered blocking state [ 2379.066568][ T2871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2379.076300][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2379.290924][T17340] bridge0: port 1(bridge_slave_0) entered blocking state [ 2379.298149][T17340] bridge0: port 1(bridge_slave_0) entered disabled state [ 2379.307427][T17340] device bridge_slave_0 entered promiscuous mode [ 2379.360435][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2379.370397][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2379.379615][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2379.400340][T17336] 8021q: adding VLAN 0 to HW filter on device team0 [ 2379.415010][T17340] bridge0: port 2(bridge_slave_1) entered blocking state [ 2379.423849][T17340] bridge0: port 2(bridge_slave_1) entered disabled state [ 2379.433525][T17340] device bridge_slave_1 entered promiscuous mode [ 2379.449827][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2379.461028][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2379.471432][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2379.495438][T17342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2379.607493][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2379.617553][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2379.626240][T11102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2379.633451][T11102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2379.642452][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2379.655307][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2379.686158][T17342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2379.719437][T17340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2379.736098][T17340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2379.795650][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2379.810914][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2379.831320][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2379.849844][ T8893] bridge0: port 2(bridge_slave_1) entered blocking state [ 2379.857007][ T8893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2379.870125][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2379.978624][T17360] device nr0 entered promiscuous mode [ 2380.011850][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2380.029339][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2380.056345][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2380.088433][T17340] team0: Port device team_slave_0 added [ 2380.311793][T17342] team0: Port device team_slave_0 added [ 2380.327626][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2380.338158][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2380.352837][T17340] team0: Port device team_slave_1 added [ 2380.434164][T17316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2380.439837][T17366] IPVS: ftp: loaded support on port[0] = 21 [ 2380.462996][T17342] team0: Port device team_slave_1 added [ 2380.490549][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2380.531394][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2380.653410][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2380.795385][T17340] device hsr_slave_0 entered promiscuous mode [ 2380.890212][T17340] device hsr_slave_1 entered promiscuous mode [ 2380.958909][T17340] debugfs: Directory 'hsr0' with parent '/' already present! [ 2380.985816][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2381.012034][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2381.141507][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2381.151506][T11481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2381.213322][T17342] device hsr_slave_0 entered promiscuous mode [ 2381.270771][T17342] device hsr_slave_1 entered promiscuous mode [ 2381.318921][T17342] debugfs: Directory 'hsr0' with parent '/' already present! [ 2381.340563][T17336] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2381.353194][T17336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2381.363444][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2381.372805][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2381.441667][T17316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2381.654134][T17336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2381.840824][T17377] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2381.911826][T17366] chnl_net:caif_netlink_parms(): no params data found [ 2381.958449][T17377] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2381.975052][T17377] CPU: 1 PID: 17377 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2381.982997][T17377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2381.993060][T17377] Call Trace: [ 2381.996365][T17377] dump_stack+0x172/0x1f0 [ 2382.000793][T17377] dump_header+0x10b/0x82d [ 2382.005744][T17377] oom_kill_process.cold+0x10/0x15 [ 2382.011392][T17377] out_of_memory+0x334/0x1340 [ 2382.016085][T17377] ? cgroup_file_notify+0x140/0x1b0 [ 2382.021292][T17377] ? oom_killer_disable+0x280/0x280 [ 2382.026509][T17377] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2382.032057][T17377] ? memcg_stat_show+0xc40/0xc40 [ 2382.037046][T17377] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2382.043812][T17377] ? cgroup_file_notify+0x140/0x1b0 [ 2382.049017][T17377] memory_max_write+0x262/0x3a0 [ 2382.053860][T17377] ? mem_cgroup_write+0x370/0x370 [ 2382.058870][T17377] ? lock_acquire+0x190/0x410 [ 2382.063531][T17377] ? kernfs_fop_write+0x227/0x480 [ 2382.068557][T17377] cgroup_file_write+0x241/0x790 [ 2382.073684][T17377] ? mem_cgroup_write+0x370/0x370 [ 2382.078708][T17377] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2382.084364][T17377] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2382.090090][T17377] kernfs_fop_write+0x2b8/0x480 [ 2382.094944][T17377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.101175][T17377] __vfs_write+0x8a/0x110 [ 2382.105486][T17377] ? kernfs_fop_open+0xd80/0xd80 [ 2382.110425][T17377] vfs_write+0x268/0x5d0 [ 2382.114651][T17377] ksys_write+0x14f/0x290 [ 2382.118975][T17377] ? __ia32_sys_read+0xb0/0xb0 [ 2382.123722][T17377] ? do_syscall_64+0x26/0x760 [ 2382.128382][T17377] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2382.134444][T17377] ? do_syscall_64+0x26/0x760 [ 2382.139111][T17377] __x64_sys_write+0x73/0xb0 [ 2382.143702][T17377] do_syscall_64+0xfa/0x760 [ 2382.148190][T17377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2382.154064][T17377] RIP: 0033:0x459a59 [ 2382.157955][T17377] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2382.177783][T17377] RSP: 002b:00007f43cd048c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2382.186192][T17377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2382.194159][T17377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2382.202378][T17377] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2382.211028][T17377] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43cd0496d4 [ 2382.219012][T17377] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2382.231673][T17377] memory: usage 3060kB, limit 0kB, failcnt 881 [ 2382.237943][T17377] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2382.245766][T17377] Memory cgroup stats for /syz0: [ 2382.245877][T17377] anon 2088960 [ 2382.245877][T17377] file 0 [ 2382.245877][T17377] kernel_stack 65536 [ 2382.245877][T17377] slab 704512 [ 2382.245877][T17377] sock 0 [ 2382.245877][T17377] shmem 0 [ 2382.245877][T17377] file_mapped 0 [ 2382.245877][T17377] file_dirty 0 [ 2382.245877][T17377] file_writeback 0 [ 2382.245877][T17377] anon_thp 2097152 [ 2382.245877][T17377] inactive_anon 0 [ 2382.245877][T17377] active_anon 2088960 [ 2382.245877][T17377] inactive_file 135168 [ 2382.245877][T17377] active_file 0 [ 2382.245877][T17377] unevictable 0 [ 2382.245877][T17377] slab_reclaimable 135168 [ 2382.245877][T17377] slab_unreclaimable 569344 [ 2382.245877][T17377] pgfault 15048 [ 2382.245877][T17377] pgmajfault 0 [ 2382.245877][T17377] workingset_refault 0 [ 2382.245877][T17377] workingset_activate 0 [ 2382.245877][T17377] workingset_nodereclaim 0 [ 2382.245877][T17377] pgrefill 0 [ 2382.245877][T17377] pgscan 0 [ 2382.245877][T17377] pgsteal 0 [ 2382.245877][T17377] pgactivate 0 [ 2382.251349][T17377] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17376,uid=0 [ 2382.387439][T17377] Memory cgroup out of memory: Killed process 17376 (syz-executor.0) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2382.458353][ T1054] oom_reaper: reaped process 17376 (syz-executor.0), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 04:55:37 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0x0, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xc, 0x4, 0x4, 0x1, 0x0, r0}, 0x2c) [ 2382.495539][T17382] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2382.536464][T17340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2382.562010][T17316] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2382.573688][T17316] CPU: 0 PID: 17316 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2382.581599][T17316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2382.591657][T17316] Call Trace: [ 2382.596173][T17316] dump_stack+0x172/0x1f0 [ 2382.600512][T17316] dump_header+0x10b/0x82d [ 2382.604927][T17316] ? oom_kill_process+0x94/0x3f0 [ 2382.609872][T17316] oom_kill_process.cold+0x10/0x15 [ 2382.615004][T17316] out_of_memory+0x334/0x1340 [ 2382.619695][T17316] ? lock_downgrade+0x920/0x920 [ 2382.624554][T17316] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2382.630379][T17316] ? oom_killer_disable+0x280/0x280 [ 2382.635608][T17316] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2382.641157][T17316] ? memcg_stat_show+0xc40/0xc40 [ 2382.646101][T17316] ? do_raw_spin_unlock+0x57/0x270 [ 2382.651309][T17316] ? _raw_spin_unlock+0x2d/0x50 [ 2382.656165][T17316] try_charge+0xf4b/0x1440 [ 2382.660596][T17316] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2382.666137][T17316] ? percpu_ref_tryget_live+0x111/0x290 [ 2382.671683][T17316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.677921][T17316] ? __kasan_check_read+0x11/0x20 [ 2382.682958][T17316] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2382.688505][T17316] mem_cgroup_try_charge+0x136/0x590 [ 2382.693802][T17316] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2382.699434][T17316] wp_page_copy+0x407/0x1860 [ 2382.704025][T17316] ? find_held_lock+0x35/0x130 [ 2382.708791][T17316] ? do_wp_page+0x53b/0x15c0 [ 2382.713379][T17316] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2382.719275][T17316] ? lock_downgrade+0x920/0x920 [ 2382.724130][T17316] ? swp_swapcount+0x540/0x540 [ 2382.728902][T17316] ? __kasan_check_read+0x11/0x20 [ 2382.733934][T17316] ? do_raw_spin_unlock+0x57/0x270 [ 2382.739053][T17316] do_wp_page+0x543/0x15c0 [ 2382.743469][T17316] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2382.748843][T17316] __handle_mm_fault+0x23ec/0x4040 [ 2382.753961][T17316] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2382.759939][T17316] ? handle_mm_fault+0x292/0xaa0 [ 2382.764893][T17316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.771158][T17316] ? __kasan_check_read+0x11/0x20 [ 2382.776203][T17316] handle_mm_fault+0x3b7/0xaa0 [ 2382.781003][T17316] __do_page_fault+0x536/0xdd0 [ 2382.785871][T17316] do_page_fault+0x38/0x590 [ 2382.790384][T17316] page_fault+0x39/0x40 [ 2382.795093][T17316] RIP: 0033:0x430b36 [ 2382.799976][T17316] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2382.820848][T17316] RSP: 002b:00007ffc6e1452c0 EFLAGS: 00010206 [ 2382.826920][T17316] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2382.835245][T17316] RDX: 00000000028a1930 RSI: 00000000028a9970 RDI: 0000000000000003 [ 2382.843218][T17316] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000028a0940 [ 2382.851189][T17316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2382.859164][T17316] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2382.886289][T17316] memory: usage 728kB, limit 0kB, failcnt 889 [ 2382.908213][T17342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2382.918935][T17316] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2382.926514][T17366] bridge0: port 1(bridge_slave_0) entered blocking state [ 2382.927004][T17316] Memory cgroup stats for /syz0: [ 2382.927103][T17316] anon 0 [ 2382.927103][T17316] file 0 [ 2382.927103][T17316] kernel_stack 0 [ 2382.927103][T17316] slab 704512 [ 2382.927103][T17316] sock 0 [ 2382.927103][T17316] shmem 0 [ 2382.927103][T17316] file_mapped 0 [ 2382.927103][T17316] file_dirty 0 [ 2382.927103][T17316] file_writeback 0 [ 2382.927103][T17316] anon_thp 0 [ 2382.927103][T17316] inactive_anon 0 [ 2382.927103][T17316] active_anon 0 [ 2382.927103][T17316] inactive_file 135168 [ 2382.927103][T17316] active_file 0 [ 2382.927103][T17316] unevictable 0 [ 2382.927103][T17316] slab_reclaimable 135168 [ 2382.927103][T17316] slab_unreclaimable 569344 [ 2382.927103][T17316] pgfault 15048 [ 2382.927103][T17316] pgmajfault 0 [ 2382.927103][T17316] workingset_refault 0 [ 2382.927103][T17316] workingset_activate 0 [ 2382.927103][T17316] workingset_nodereclaim 0 [ 2382.927103][T17316] pgrefill 0 [ 2382.927103][T17316] pgscan 0 [ 2382.927103][T17316] pgsteal 0 [ 2382.927103][T17316] pgactivate 0 [ 2382.927103][T17316] pgdeactivate 0 [ 2382.936391][T17366] bridge0: port 1(bridge_slave_0) entered disabled state [ 2383.047618][T17316] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17316,uid=0 [ 2383.065257][T17366] device bridge_slave_0 entered promiscuous mode [ 2383.082529][T17316] Memory cgroup out of memory: Killed process 17316 (syz-executor.0) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2383.113735][T17366] bridge0: port 2(bridge_slave_1) entered blocking state [ 2383.121681][T17366] bridge0: port 2(bridge_slave_1) entered disabled state [ 2383.123329][ T1054] oom_reaper: reaped process 17316 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2383.141182][T17383] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2383.152342][T17383] CPU: 1 PID: 17383 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2383.160258][T17383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2383.170324][T17383] Call Trace: [ 2383.171722][T17366] device bridge_slave_1 entered promiscuous mode [ 2383.173633][T17383] dump_stack+0x172/0x1f0 [ 2383.173665][T17383] dump_header+0x10b/0x82d [ 2383.188762][T17383] oom_kill_process.cold+0x10/0x15 [ 2383.193895][T17383] out_of_memory+0x334/0x1340 [ 2383.193916][T17383] ? oom_killer_disable+0x280/0x280 [ 2383.203796][T17383] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2383.209349][T17383] ? memcg_stat_show+0xc40/0xc40 [ 2383.214382][T17383] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2383.220184][T17383] ? cgroup_file_notify+0x140/0x1b0 [ 2383.220203][T17383] memory_max_write+0x262/0x3a0 [ 2383.220227][T17383] ? mem_cgroup_write+0x370/0x370 [ 2383.231735][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2383.235269][T17383] ? lock_acquire+0x190/0x410 [ 2383.235293][T17383] ? kernfs_fop_write+0x227/0x480 [ 2383.252273][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2383.252775][T17383] cgroup_file_write+0x241/0x790 [ 2383.264885][T17383] ? mem_cgroup_write+0x370/0x370 [ 2383.269920][T17383] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2383.274901][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2383.275570][T17383] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2383.288366][T17383] kernfs_fop_write+0x2b8/0x480 [ 2383.293140][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2383.293248][T17383] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.306676][T17383] __vfs_write+0x8a/0x110 [ 2383.311015][T17383] ? kernfs_fop_open+0xd80/0xd80 [ 2383.315966][T17383] vfs_write+0x268/0x5d0 [ 2383.318056][T17340] 8021q: adding VLAN 0 to HW filter on device team0 [ 2383.320479][T17383] ksys_write+0x14f/0x290 [ 2383.320493][T17383] ? __ia32_sys_read+0xb0/0xb0 [ 2383.320514][T17383] ? do_syscall_64+0x26/0x760 [ 2383.320529][T17383] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2383.320547][T17383] ? do_syscall_64+0x26/0x760 [ 2383.346364][T17342] 8021q: adding VLAN 0 to HW filter on device team0 [ 2383.347980][T17383] __x64_sys_write+0x73/0xb0 [ 2383.363803][T17383] do_syscall_64+0xfa/0x760 [ 2383.368311][T17383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2383.374199][T17383] RIP: 0033:0x459a59 [ 2383.374215][T17383] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2383.374221][T17383] RSP: 002b:00007f28ab8ffc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2383.374232][T17383] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2383.374238][T17383] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2383.374245][T17383] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2383.374253][T17383] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28ab9006d4 [ 2383.374266][T17383] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2383.451213][T17383] memory: usage 3176kB, limit 0kB, failcnt 694 [ 2383.458963][T17383] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2383.465934][T17383] Memory cgroup stats for /syz5: [ 2383.466067][T17383] anon 2125824 [ 2383.466067][T17383] file 0 [ 2383.466067][T17383] kernel_stack 65536 [ 2383.466067][T17383] slab 544768 [ 2383.466067][T17383] sock 0 [ 2383.466067][T17383] shmem 0 [ 2383.466067][T17383] file_mapped 0 [ 2383.466067][T17383] file_dirty 0 [ 2383.466067][T17383] file_writeback 0 [ 2383.466067][T17383] anon_thp 2097152 [ 2383.466067][T17383] inactive_anon 0 [ 2383.466067][T17383] active_anon 2125824 [ 2383.466067][T17383] inactive_file 0 [ 2383.466067][T17383] active_file 0 [ 2383.466067][T17383] unevictable 0 [ 2383.466067][T17383] slab_reclaimable 135168 [ 2383.466067][T17383] slab_unreclaimable 409600 [ 2383.466067][T17383] pgfault 8580 [ 2383.466067][T17383] pgmajfault 0 [ 2383.466067][T17383] workingset_refault 0 [ 2383.466067][T17383] workingset_activate 0 [ 2383.466067][T17383] workingset_nodereclaim 0 [ 2383.466067][T17383] pgrefill 233 [ 2383.466067][T17383] pgscan 362 [ 2383.466067][T17383] pgsteal 146 [ 2383.466067][T17383] pgactivate 198 [ 2383.576588][T17383] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17381,uid=0 [ 2383.592655][T17383] Memory cgroup out of memory: Killed process 17383 (syz-executor.5) total-vm:72712kB, anon-rss:2196kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2383.613477][ T1054] oom_reaper: reaped process 17383 (syz-executor.5), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB 04:55:38 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:38 executing program 3: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$kcm(0x11, 0x0, 0x300) socket$kcm(0x11, 0x0, 0x0) r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = socket$kcm(0x11, 0x10000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f0000001a00)=r1, 0x4) [ 2383.703391][T17336] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2383.749168][T17336] CPU: 1 PID: 17336 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2383.757405][T17336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2383.767655][T17336] Call Trace: [ 2383.770961][T17336] dump_stack+0x172/0x1f0 [ 2383.775301][T17336] dump_header+0x10b/0x82d [ 2383.779726][T17336] ? oom_kill_process+0x94/0x3f0 [ 2383.784676][T17336] oom_kill_process.cold+0x10/0x15 [ 2383.789792][T17336] out_of_memory+0x334/0x1340 [ 2383.795174][T17336] ? lock_downgrade+0x920/0x920 [ 2383.801111][T17336] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2383.808080][T17336] ? oom_killer_disable+0x280/0x280 [ 2383.813306][T17336] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2383.819148][T17336] ? memcg_stat_show+0xc40/0xc40 [ 2383.824113][T17336] ? do_raw_spin_unlock+0x57/0x270 [ 2383.829241][T17336] ? _raw_spin_unlock+0x2d/0x50 [ 2383.834112][T17336] try_charge+0xf4b/0x1440 [ 2383.838557][T17336] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2383.844114][T17336] ? percpu_ref_tryget_live+0x111/0x290 [ 2383.849694][T17336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.855958][T17336] ? __kasan_check_read+0x11/0x20 [ 2383.860999][T17336] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2383.867127][T17336] mem_cgroup_try_charge+0x136/0x590 [ 2383.872884][T17336] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2383.878615][T17336] wp_page_copy+0x407/0x1860 [ 2383.883295][T17336] ? find_held_lock+0x35/0x130 [ 2383.888058][T17336] ? do_wp_page+0x53b/0x15c0 [ 2383.892651][T17336] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2383.898460][T17336] ? lock_downgrade+0x920/0x920 [ 2383.903323][T17336] ? swp_swapcount+0x540/0x540 [ 2383.908086][T17336] ? __kasan_check_read+0x11/0x20 [ 2383.913106][T17336] ? do_raw_spin_unlock+0x57/0x270 [ 2383.918229][T17336] do_wp_page+0x543/0x15c0 [ 2383.922648][T17336] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2383.928031][T17336] __handle_mm_fault+0x23ec/0x4040 [ 2383.933160][T17336] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2383.938703][T17336] ? handle_mm_fault+0x292/0xaa0 [ 2383.943654][T17336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.949894][T17336] ? __kasan_check_read+0x11/0x20 [ 2383.954923][T17336] handle_mm_fault+0x3b7/0xaa0 [ 2383.959706][T17336] __do_page_fault+0x536/0xdd0 [ 2383.964487][T17336] do_page_fault+0x38/0x590 [ 2383.968998][T17336] page_fault+0x39/0x40 [ 2383.973164][T17336] RIP: 0033:0x403522 [ 2383.977060][T17336] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2383.998490][T17336] RSP: 002b:00007ffca5eb6c00 EFLAGS: 00010246 [ 2384.004574][T17336] RAX: 0000000000000000 RBX: 0000000000245e2c RCX: 0000000000413660 [ 2384.013531][T17336] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffca5eb7d30 [ 2384.021796][T17336] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001017940 [ 2384.029767][T17336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca5eb7d30 [ 2384.037926][T17336] R13: 00007ffca5eb7d20 R14: 0000000000000000 R15: 00007ffca5eb7d30 [ 2384.050536][T17336] memory: usage 808kB, limit 0kB, failcnt 702 [ 2384.056773][T17336] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2384.063770][T17336] Memory cgroup stats for /syz5: [ 2384.063876][T17336] anon 0 [ 2384.063876][T17336] file 0 [ 2384.063876][T17336] kernel_stack 65536 [ 2384.063876][T17336] slab 544768 [ 2384.063876][T17336] sock 0 [ 2384.063876][T17336] shmem 0 [ 2384.063876][T17336] file_mapped 0 [ 2384.063876][T17336] file_dirty 0 [ 2384.063876][T17336] file_writeback 0 [ 2384.063876][T17336] anon_thp 0 [ 2384.063876][T17336] inactive_anon 0 [ 2384.063876][T17336] active_anon 0 [ 2384.063876][T17336] inactive_file 0 [ 2384.063876][T17336] active_file 0 [ 2384.063876][T17336] unevictable 0 [ 2384.063876][T17336] slab_reclaimable 135168 [ 2384.063876][T17336] slab_unreclaimable 409600 [ 2384.063876][T17336] pgfault 8580 [ 2384.063876][T17336] pgmajfault 0 [ 2384.063876][T17336] workingset_refault 0 [ 2384.063876][T17336] workingset_activate 0 [ 2384.063876][T17336] workingset_nodereclaim 0 [ 2384.063876][T17336] pgrefill 233 [ 2384.063876][T17336] pgscan 362 [ 2384.063876][T17336] pgsteal 146 [ 2384.063876][T17336] pgactivate 198 [ 2384.063876][T17336] pgdeactivate 233 [ 2384.069729][T17336] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17336,uid=0 [ 2384.183359][T17336] Memory cgroup out of memory: Killed process 17336 (syz-executor.5) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 04:55:39 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x0, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2384.216275][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2384.230466][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2384.248070][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2384.255331][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2384.304006][T17366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2384.358029][T17391] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 04:55:39 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0x0, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:39 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x0, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2384.570653][T17391] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2384.603857][T17391] CPU: 1 PID: 17391 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2384.611803][T17391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2384.622299][T17391] Call Trace: [ 2384.625615][T17391] dump_stack+0x172/0x1f0 [ 2384.630218][T17391] dump_header+0x10b/0x82d [ 2384.634641][T17391] oom_kill_process.cold+0x10/0x15 [ 2384.639758][T17391] out_of_memory+0x334/0x1340 [ 2384.644460][T17391] ? retint_kernel+0x2b/0x2b [ 2384.649074][T17391] ? oom_killer_disable+0x280/0x280 [ 2384.654325][T17391] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2384.660150][T17391] ? memcg_stat_show+0xc40/0xc40 [ 2384.665107][T17391] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2384.670952][T17391] ? cgroup_file_notify+0x140/0x1b0 [ 2384.676216][T17391] memory_max_write+0x262/0x3a0 [ 2384.681095][T17391] ? mem_cgroup_write+0x370/0x370 [ 2384.686135][T17391] ? __this_cpu_preempt_check+0x3a/0x210 [ 2384.691780][T17391] ? retint_kernel+0x2b/0x2b [ 2384.696404][T17391] cgroup_file_write+0x241/0x790 [ 2384.701364][T17391] ? mem_cgroup_write+0x370/0x370 [ 2384.706406][T17391] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2384.712154][T17391] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2384.717798][T17391] kernfs_fop_write+0x2b8/0x480 [ 2384.722665][T17391] __vfs_write+0x8a/0x110 [ 2384.726996][T17391] ? kernfs_fop_open+0xd80/0xd80 [ 2384.731935][T17391] vfs_write+0x268/0x5d0 [ 2384.736187][T17391] ksys_write+0x14f/0x290 [ 2384.740520][T17391] ? __ia32_sys_read+0xb0/0xb0 [ 2384.745289][T17391] ? do_syscall_64+0x26/0x760 [ 2384.749968][T17391] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2384.756062][T17391] ? do_syscall_64+0x26/0x760 [ 2384.760756][T17391] __x64_sys_write+0x73/0xb0 [ 2384.765705][T17391] do_syscall_64+0xfa/0x760 [ 2384.774153][T17391] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2384.780049][T17391] RIP: 0033:0x459a59 [ 2384.783942][T17391] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2384.803549][T17391] RSP: 002b:00007fa6ee71fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2384.812087][T17391] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2384.820065][T17391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2384.828045][T17391] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2384.836027][T17391] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa6ee7206d4 [ 2384.844018][T17391] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2384.874244][T17391] memory: usage 4428kB, limit 0kB, failcnt 1528 [ 2384.881587][T17391] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2384.888752][T17391] Memory cgroup stats for /syz3: [ 2384.890835][T17391] anon 2166784 [ 2384.890835][T17391] file 0 [ 2384.890835][T17391] kernel_stack 65536 [ 2384.890835][T17391] slab 1904640 [ 2384.890835][T17391] sock 0 [ 2384.890835][T17391] shmem 0 [ 2384.890835][T17391] file_mapped 0 [ 2384.890835][T17391] file_dirty 0 [ 2384.890835][T17391] file_writeback 0 [ 2384.890835][T17391] anon_thp 2097152 [ 2384.890835][T17391] inactive_anon 0 [ 2384.890835][T17391] active_anon 2166784 [ 2384.890835][T17391] inactive_file 28672 [ 2384.890835][T17391] active_file 0 [ 2384.890835][T17391] unevictable 0 [ 2384.890835][T17391] slab_reclaimable 1216512 [ 2384.890835][T17391] slab_unreclaimable 688128 [ 2384.890835][T17391] pgfault 13728 [ 2384.890835][T17391] pgmajfault 0 [ 2384.890835][T17391] workingset_refault 0 [ 2384.890835][T17391] workingset_activate 0 [ 2384.890835][T17391] workingset_nodereclaim 0 [ 2384.890835][T17391] pgrefill 496 [ 2384.890835][T17391] pgscan 4606 [ 2384.890835][T17391] pgsteal 4107 [ 2384.890835][T17391] pgactivate 462 [ 2384.896032][T17391] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17390,uid=0 [ 2385.079343][T17391] Memory cgroup out of memory: Killed process 17390 (syz-executor.3) total-vm:72708kB, anon-rss:2188kB, file-rss:35844kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2385.110459][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2385.122423][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2385.122780][ T1054] oom_reaper: reaped process 17390 (syz-executor.3), now anon-rss:0kB, file-rss:34916kB, shmem-rss:0kB [ 2385.132588][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2385.159253][ T2871] bridge0: port 1(bridge_slave_0) entered blocking state [ 2385.166420][ T2871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2385.176747][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2385.186422][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2385.195562][ T2871] bridge0: port 2(bridge_slave_1) entered blocking state [ 2385.202716][ T2871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2385.211767][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 04:55:40 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2385.236658][T17366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2385.264374][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2385.282745][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2385.300477][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2385.310406][T11159] bridge0: port 2(bridge_slave_1) entered blocking state [ 2385.318194][T11159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2385.344065][T17306] syz-executor.3 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2385.368449][T17306] CPU: 1 PID: 17306 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2385.376403][T17306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2385.386485][T17306] Call Trace: [ 2385.389791][T17306] dump_stack+0x172/0x1f0 [ 2385.394129][T17306] dump_header+0x10b/0x82d [ 2385.398544][T17306] ? oom_kill_process+0x94/0x3f0 [ 2385.403485][T17306] oom_kill_process.cold+0x10/0x15 [ 2385.408596][T17306] out_of_memory+0x334/0x1340 [ 2385.413273][T17306] ? lock_downgrade+0x920/0x920 [ 2385.418126][T17306] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2385.423940][T17306] ? oom_killer_disable+0x280/0x280 [ 2385.429147][T17306] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2385.434692][T17306] ? memcg_stat_show+0xc40/0xc40 [ 2385.439756][T17306] ? do_raw_spin_unlock+0x57/0x270 [ 2385.444899][T17306] ? _raw_spin_unlock+0x2d/0x50 [ 2385.449750][T17306] try_charge+0xf4b/0x1440 [ 2385.449771][T17306] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2385.449786][T17306] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2385.449804][T17306] ? cache_grow_begin+0x122/0xd20 [ 2385.449819][T17306] ? find_held_lock+0x35/0x130 [ 2385.449832][T17306] ? cache_grow_begin+0x122/0xd20 [ 2385.449849][T17306] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2385.449865][T17306] ? lock_downgrade+0x920/0x920 [ 2385.459815][T17306] ? memcg_kmem_put_cache+0x50/0x50 [ 2385.470420][T17306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.470441][T17306] ? __kasan_check_read+0x11/0x20 [ 2385.470462][T17306] cache_grow_begin+0x629/0xd20 [ 2385.470477][T17306] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 2385.470492][T17306] ? mempolicy_slab_node+0x139/0x390 [ 2385.470510][T17306] fallback_alloc+0x1fd/0x2d0 [ 2385.470534][T17306] ____cache_alloc_node+0x1bc/0x1d0 [ 2385.480300][T17306] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2385.480325][T17306] kmem_cache_alloc+0x1ef/0x710 [ 2385.480342][T17306] ? lock_downgrade+0x920/0x920 [ 2385.480366][T17306] ? rwlock_bug.part.0+0x90/0x90 [ 2385.490762][T17306] ? ratelimit_state_init+0xb0/0xb0 [ 2385.502157][T17306] ext4_alloc_inode+0x1f/0x640 [ 2385.502171][T17306] ? ratelimit_state_init+0xb0/0xb0 [ 2385.502186][T17306] alloc_inode+0x68/0x1e0 [ 2385.502202][T17306] iget_locked+0x1a6/0x4b0 [ 2385.502225][T17306] __ext4_iget+0x265/0x3e20 [ 2385.512069][T17306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.512096][T17306] ? ext4_get_projid+0x190/0x190 [ 2385.512118][T17306] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2385.523126][T17306] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2385.539204][T17306] ? d_alloc_parallel+0xa78/0x1c30 [ 2385.539231][T17306] ext4_lookup+0x3b1/0x7a0 [ 2385.539248][T17306] ? ext4_cross_rename+0x1430/0x1430 [ 2385.539270][T17306] ? __lock_acquire+0x16f2/0x4a00 [ 2385.548956][T17306] ? __kasan_check_read+0x11/0x20 [ 2385.548982][T17306] ? lockdep_init_map+0x1be/0x6d0 [ 2385.549005][T17306] __lookup_slow+0x279/0x500 [ 2385.549023][T17306] ? vfs_unlink+0x620/0x620 [ 2385.559163][T17306] lookup_slow+0x58/0x80 [ 2385.559183][T17306] path_mountpoint+0x5d2/0x1e60 [ 2385.569130][T17306] ? __kasan_check_read+0x11/0x20 [ 2385.569148][T17306] ? __lock_acquire+0x16f2/0x4a00 [ 2385.569169][T17306] ? path_openat+0x46d0/0x46d0 [ 2385.569192][T17306] ? find_held_lock+0x35/0x130 [ 2385.577962][T17306] filename_mountpoint+0x18e/0x390 [ 2385.588682][T17306] ? filename_parentat.isra.0+0x410/0x410 [ 2385.599124][T17306] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2385.599155][T17306] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2385.599177][T17306] ? __phys_addr_symbol+0x30/0x70 [ 2385.610233][T17306] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2385.610251][T17306] ? __check_object_size+0x3d/0x437 [ 2385.610277][T17306] ? strncpy_from_user+0x2b4/0x400 [ 2385.619956][T17306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.619973][T17306] ? getname_flags+0x277/0x5b0 [ 2385.619999][T17306] user_path_mountpoint_at+0x3a/0x50 [ 2385.620019][T17306] ksys_umount+0x164/0xf00 [ 2385.620040][T17306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.630065][T17306] ? __detach_mounts+0x2a0/0x2a0 [ 2385.630084][T17306] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2385.630099][T17306] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2385.630119][T17306] ? do_syscall_64+0x26/0x760 [ 2385.639707][T17306] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2385.639724][T17306] ? do_syscall_64+0x26/0x760 [ 2385.639743][T17306] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2385.639765][T17306] __x64_sys_umount+0x54/0x80 [ 2385.648588][T17306] do_syscall_64+0xfa/0x760 [ 2385.658434][T17306] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2385.669587][T17306] RIP: 0033:0x45c487 [ 2385.669604][T17306] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2385.669613][T17306] RSP: 002b:00007fffd84a88d8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2385.669627][T17306] RAX: ffffffffffffffda RBX: 000000000024626f RCX: 000000000045c487 [ 2385.669642][T17306] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007fffd84a8980 [ 2385.679502][T17306] RBP: 0000000000000010 R08: 0000000000000000 R09: 000000000000000e [ 2385.679511][T17306] R10: 000000000000000a R11: 0000000000000202 R12: 00007fffd84a9a10 [ 2385.679519][T17306] R13: 0000000002420940 R14: 0000000000000000 R15: 00007fffd84a9a10 [ 2385.702164][T17306] memory: usage 2028kB, limit 0kB, failcnt 1540 [ 2385.747359][T17306] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2385.768864][T17306] Memory cgroup stats for /syz3: [ 2385.768973][T17306] anon 12288 [ 2385.768973][T17306] file 0 [ 2385.768973][T17306] kernel_stack 0 [ 2385.768973][T17306] slab 1904640 [ 2385.768973][T17306] sock 0 [ 2385.768973][T17306] shmem 0 [ 2385.768973][T17306] file_mapped 0 [ 2385.768973][T17306] file_dirty 0 [ 2385.768973][T17306] file_writeback 0 [ 2385.768973][T17306] anon_thp 0 [ 2385.768973][T17306] inactive_anon 0 [ 2385.768973][T17306] active_anon 12288 [ 2385.768973][T17306] inactive_file 28672 [ 2385.768973][T17306] active_file 0 [ 2385.768973][T17306] unevictable 0 [ 2385.768973][T17306] slab_reclaimable 1216512 [ 2385.768973][T17306] slab_unreclaimable 688128 [ 2385.768973][T17306] pgfault 13728 [ 2385.768973][T17306] pgmajfault 0 [ 2385.768973][T17306] workingset_refault 0 [ 2385.768973][T17306] workingset_activate 0 [ 2385.768973][T17306] workingset_nodereclaim 0 [ 2385.768973][T17306] pgrefill 496 [ 2385.768973][T17306] pgscan 4606 [ 2385.768973][T17306] pgsteal 4107 [ 2385.768973][T17306] pgactivate 462 [ 2385.778976][T17306] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17306,uid=0 [ 2385.798922][T17306] Memory cgroup out of memory: Killed process 17306 (syz-executor.3) total-vm:72444kB, anon-rss:92kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2385.804928][ T1054] oom_reaper: reaped process 17306 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2386.086433][T17366] team0: Port device team_slave_0 added [ 2386.093350][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2386.111745][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2386.123392][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2386.134015][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2386.143452][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2386.510571][T17366] team0: Port device team_slave_1 added [ 2386.531396][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2386.603823][T17394] IPVS: ftp: loaded support on port[0] = 21 [ 2386.626521][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2386.650630][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2386.659871][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2386.680191][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2386.691324][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2386.700730][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2386.709663][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2386.816480][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2386.827507][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2386.837050][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2386.847071][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2386.867750][T17340] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2386.881542][T17340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2386.964136][T17366] device hsr_slave_0 entered promiscuous mode [ 2387.040051][T17366] device hsr_slave_1 entered promiscuous mode [ 2387.099019][T17366] debugfs: Directory 'hsr0' with parent '/' already present! [ 2387.123211][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2387.132528][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2387.143225][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2387.152903][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2387.182676][T17342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2387.388073][T17342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2387.497662][T17340] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2387.756541][T17366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2387.824011][T17406] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2387.865844][T17394] chnl_net:caif_netlink_parms(): no params data found [ 2387.922956][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2387.935052][T17410] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2387.957859][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2388.026794][T17366] 8021q: adding VLAN 0 to HW filter on device team0 [ 2388.101131][T17394] bridge0: port 1(bridge_slave_0) entered blocking state [ 2388.108325][T17394] bridge0: port 1(bridge_slave_0) entered disabled state [ 2388.116647][T17410] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2388.129183][T17410] CPU: 1 PID: 17410 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2388.137095][T17410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2388.147157][T17410] Call Trace: [ 2388.150467][T17410] dump_stack+0x172/0x1f0 [ 2388.154801][T17410] dump_header+0x10b/0x82d [ 2388.159312][T17410] oom_kill_process.cold+0x10/0x15 [ 2388.164430][T17410] out_of_memory+0x334/0x1340 [ 2388.169118][T17410] ? __sched_text_start+0x8/0x8 [ 2388.174145][T17410] ? oom_killer_disable+0x280/0x280 [ 2388.179358][T17410] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2388.184907][T17410] ? memcg_stat_show+0xc40/0xc40 [ 2388.190287][T17410] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2388.196097][T17410] ? cgroup_file_notify+0x140/0x1b0 [ 2388.201306][T17410] memory_max_write+0x262/0x3a0 [ 2388.206167][T17410] ? mem_cgroup_write+0x370/0x370 [ 2388.211192][T17410] ? lock_acquire+0x190/0x410 [ 2388.216066][T17410] ? kernfs_fop_write+0x227/0x480 [ 2388.221089][T17410] ? kernfs_get_active+0xc2/0x240 [ 2388.226113][T17410] cgroup_file_write+0x241/0x790 [ 2388.228973][T17394] device bridge_slave_0 entered promiscuous mode [ 2388.231050][T17410] ? mem_cgroup_write+0x370/0x370 [ 2388.231066][T17410] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2388.231088][T17410] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2388.242402][T17410] kernfs_fop_write+0x2b8/0x480 [ 2388.253613][T17410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2388.253635][T17410] __vfs_write+0x8a/0x110 [ 2388.253653][T17410] ? kernfs_fop_open+0xd80/0xd80 [ 2388.260464][T17394] bridge0: port 2(bridge_slave_1) entered blocking state [ 2388.264693][T17410] vfs_write+0x268/0x5d0 [ 2388.264717][T17410] ksys_write+0x14f/0x290 [ 2388.269105][T17394] bridge0: port 2(bridge_slave_1) entered disabled state [ 2388.273939][T17410] ? __ia32_sys_read+0xb0/0xb0 [ 2388.273956][T17410] ? do_syscall_64+0x26/0x760 [ 2388.273976][T17410] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2388.285190][T17410] ? do_syscall_64+0x26/0x760 [ 2388.285210][T17410] __x64_sys_write+0x73/0xb0 [ 2388.285227][T17410] do_syscall_64+0xfa/0x760 [ 2388.291036][T17394] device bridge_slave_1 entered promiscuous mode [ 2388.296633][T17410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2388.296644][T17410] RIP: 0033:0x459a59 [ 2388.296661][T17410] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2388.307703][T17410] RSP: 002b:00007fe7fce4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2388.307718][T17410] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2388.307726][T17410] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2388.307739][T17410] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2388.318433][T17410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe7fce4c6d4 [ 2388.318447][T17410] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2388.414263][T17410] memory: usage 3200kB, limit 0kB, failcnt 809 [ 2388.420869][T17410] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2388.427928][T17410] Memory cgroup stats for /syz2: [ 2388.431909][T17410] anon 2252800 [ 2388.431909][T17410] file 12288 [ 2388.431909][T17410] kernel_stack 65536 [ 2388.431909][T17410] slab 651264 [ 2388.431909][T17410] sock 0 [ 2388.431909][T17410] shmem 0 [ 2388.431909][T17410] file_mapped 0 [ 2388.431909][T17410] file_dirty 0 [ 2388.431909][T17410] file_writeback 0 [ 2388.431909][T17410] anon_thp 2097152 [ 2388.431909][T17410] inactive_anon 0 [ 2388.431909][T17410] active_anon 2179072 [ 2388.431909][T17410] inactive_file 0 [ 2388.431909][T17410] active_file 0 [ 2388.431909][T17410] unevictable 0 [ 2388.431909][T17410] slab_reclaimable 135168 [ 2388.431909][T17410] slab_unreclaimable 516096 [ 2388.431909][T17410] pgfault 15147 [ 2388.431909][T17410] pgmajfault 0 [ 2388.431909][T17410] workingset_refault 0 [ 2388.431909][T17410] workingset_activate 0 [ 2388.431909][T17410] workingset_nodereclaim 0 [ 2388.431909][T17410] pgrefill 0 [ 2388.431909][T17410] pgscan 0 [ 2388.431909][T17410] pgsteal 0 [ 2388.431909][T17410] pgactivate 0 [ 2388.537445][T17410] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17408,uid=0 [ 2388.555109][T17410] Memory cgroup out of memory: Killed process 17408 (syz-executor.2) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2388.577736][ T1054] oom_reaper: reaped process 17408 (syz-executor.2), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB 04:55:43 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x0, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:43 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x0, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:43 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2388.619251][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2388.628152][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2388.649812][T11159] bridge0: port 1(bridge_slave_0) entered blocking state [ 2388.656873][T11159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2388.665399][T17340] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 2388.698946][T17340] CPU: 0 PID: 17340 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2388.706862][T17340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2388.716911][T17340] Call Trace: [ 2388.720210][T17340] dump_stack+0x172/0x1f0 [ 2388.724552][T17340] dump_header+0x10b/0x82d [ 2388.728966][T17340] ? oom_kill_process+0x94/0x3f0 [ 2388.734342][T17340] oom_kill_process.cold+0x10/0x15 [ 2388.739458][T17340] out_of_memory+0x334/0x1340 [ 2388.744136][T17340] ? lock_downgrade+0x920/0x920 [ 2388.748990][T17340] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2388.754885][T17340] ? oom_killer_disable+0x280/0x280 [ 2388.760093][T17340] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2388.765639][T17340] ? memcg_stat_show+0xc40/0xc40 [ 2388.770579][T17340] ? do_raw_spin_unlock+0x57/0x270 [ 2388.775691][T17340] ? _raw_spin_unlock+0x2d/0x50 [ 2388.780544][T17340] try_charge+0xf4b/0x1440 [ 2388.784969][T17340] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2388.790515][T17340] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2388.796067][T17340] ? cache_grow_begin+0x122/0xd20 [ 2388.801093][T17340] ? find_held_lock+0x35/0x130 [ 2388.805861][T17340] ? cache_grow_begin+0x122/0xd20 [ 2388.810890][T17340] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2388.816434][T17340] ? lock_downgrade+0x920/0x920 [ 2388.821286][T17340] ? memcg_kmem_put_cache+0x50/0x50 [ 2388.826486][T17340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2388.832733][T17340] ? __kasan_check_read+0x11/0x20 [ 2388.837764][T17340] cache_grow_begin+0x629/0xd20 [ 2388.842622][T17340] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 2388.848346][T17340] ? mempolicy_slab_node+0x139/0x390 [ 2388.853639][T17340] fallback_alloc+0x1fd/0x2d0 [ 2388.858322][T17340] ____cache_alloc_node+0x1bc/0x1d0 [ 2388.863521][T17340] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2388.869764][T17340] kmem_cache_alloc+0x1ef/0x710 [ 2388.874623][T17340] ? stack_trace_save+0xac/0xe0 [ 2388.879476][T17340] __alloc_file+0x27/0x340 [ 2388.883894][T17340] alloc_empty_file+0x72/0x170 [ 2388.888666][T17340] path_openat+0xef/0x46d0 [ 2388.893080][T17340] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2388.898884][T17340] ? kasan_slab_alloc+0xf/0x20 [ 2388.903657][T17340] ? kmem_cache_alloc+0x121/0x710 [ 2388.908770][T17340] ? getname_flags+0xd6/0x5b0 [ 2388.913445][T17340] ? getname+0x1a/0x20 [ 2388.917542][T17340] ? do_sys_open+0x2c9/0x5d0 [ 2388.922131][T17340] ? __x64_sys_open+0x7e/0xc0 [ 2388.926810][T17340] ? __kasan_check_read+0x11/0x20 [ 2388.931830][T17340] ? mark_lock+0xc2/0x1220 [ 2388.936238][T17340] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2388.941602][T17340] ? __alloc_fd+0x487/0x620 [ 2388.946373][T17340] do_filp_open+0x1a1/0x280 [ 2388.950880][T17340] ? may_open_dev+0x100/0x100 [ 2388.955555][T17340] ? lock_downgrade+0x920/0x920 [ 2388.960391][T17340] ? rwlock_bug.part.0+0x90/0x90 [ 2388.965314][T17340] ? __kasan_check_read+0x11/0x20 [ 2388.970321][T17340] ? do_raw_spin_unlock+0x57/0x270 [ 2388.975413][T17340] ? _raw_spin_unlock+0x2d/0x50 [ 2388.980243][T17340] ? __alloc_fd+0x487/0x620 [ 2388.984740][T17340] do_sys_open+0x3fe/0x5d0 [ 2388.989156][T17340] ? filp_open+0x80/0x80 [ 2388.993395][T17340] ? __detach_mounts+0x2a0/0x2a0 [ 2388.998339][T17340] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2389.003791][T17340] ? do_syscall_64+0x26/0x760 [ 2389.008453][T17340] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2389.014722][T17340] ? do_syscall_64+0x26/0x760 [ 2389.019403][T17340] __x64_sys_open+0x7e/0xc0 [ 2389.023895][T17340] do_syscall_64+0xfa/0x760 [ 2389.028385][T17340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2389.034261][T17340] RIP: 0033:0x4579d0 [ 2389.038147][T17340] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 2389.057733][T17340] RSP: 002b:00007ffcd8f21830 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 2389.066153][T17340] RAX: ffffffffffffffda RBX: 0000000000247040 RCX: 00000000004579d0 [ 2389.074107][T17340] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffcd8f22a10 [ 2389.082150][T17340] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000028de940 [ 2389.090102][T17340] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffcd8f22a10 [ 2389.098056][T17340] R13: 00007ffcd8f22a00 R14: 0000000000000000 R15: 00007ffcd8f22a10 [ 2389.117389][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2389.130299][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2389.160624][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2389.189367][T11361] bridge0: port 2(bridge_slave_1) entered blocking state [ 2389.196472][T11361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2389.199035][T17340] memory: usage 832kB, limit 0kB, failcnt 825 [ 2389.218883][T17340] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2389.229372][T17340] Memory cgroup stats for /syz2: [ 2389.229490][T17340] anon 143360 [ 2389.229490][T17340] file 12288 [ 2389.229490][T17340] kernel_stack 65536 [ 2389.229490][T17340] slab 651264 [ 2389.229490][T17340] sock 0 [ 2389.229490][T17340] shmem 0 [ 2389.229490][T17340] file_mapped 0 [ 2389.229490][T17340] file_dirty 0 [ 2389.229490][T17340] file_writeback 0 [ 2389.229490][T17340] anon_thp 0 [ 2389.229490][T17340] inactive_anon 0 [ 2389.229490][T17340] active_anon 69632 [ 2389.229490][T17340] inactive_file 0 [ 2389.229490][T17340] active_file 0 [ 2389.229490][T17340] unevictable 0 [ 2389.229490][T17340] slab_reclaimable 135168 [ 2389.229490][T17340] slab_unreclaimable 516096 [ 2389.229490][T17340] pgfault 15147 [ 2389.229490][T17340] pgmajfault 0 [ 2389.229490][T17340] workingset_refault 0 [ 2389.229490][T17340] workingset_activate 0 [ 2389.229490][T17340] workingset_nodereclaim 0 [ 2389.229490][T17340] pgrefill 33 [ 2389.229490][T17340] pgscan 33 [ 2389.229490][T17340] pgsteal 0 [ 2389.229490][T17340] pgactivate 0 [ 2389.338253][T17340] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17340,uid=0 [ 2389.354365][T17340] Memory cgroup out of memory: Killed process 17340 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2389.373218][ T1054] oom_reaper: reaped process 17340 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2389.395306][T17394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2389.410202][T17394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2389.435702][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2389.447016][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2389.872099][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2389.892221][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2389.916295][T17394] team0: Port device team_slave_0 added [ 2389.946849][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2389.970853][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2389.991820][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2390.010488][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2390.029852][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2390.094440][T17394] team0: Port device team_slave_1 added [ 2390.115597][T17366] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2390.127560][T17414] IPVS: ftp: loaded support on port[0] = 21 [ 2390.141461][T17366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2390.150700][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2390.160423][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2390.302496][T17394] device hsr_slave_0 entered promiscuous mode [ 2390.359886][T17394] device hsr_slave_1 entered promiscuous mode [ 2390.479065][T17394] debugfs: Directory 'hsr0' with parent '/' already present! [ 2390.559565][T17366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2390.574672][T17416] IPVS: ftp: loaded support on port[0] = 21 [ 2390.900427][T17425] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2391.065768][T17425] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2391.076158][T17425] CPU: 0 PID: 17425 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2391.084055][T17425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2391.094194][T17425] Call Trace: [ 2391.097490][T17425] dump_stack+0x172/0x1f0 [ 2391.101827][T17425] dump_header+0x10b/0x82d [ 2391.106242][T17425] oom_kill_process.cold+0x10/0x15 [ 2391.111353][T17425] out_of_memory+0x334/0x1340 [ 2391.116034][T17425] ? __sched_text_start+0x8/0x8 [ 2391.120883][T17425] ? oom_killer_disable+0x280/0x280 [ 2391.126086][T17425] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2391.131617][T17425] ? memcg_stat_show+0xc40/0xc40 [ 2391.136662][T17425] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2391.142446][T17425] ? cgroup_file_notify+0x140/0x1b0 [ 2391.147621][T17425] memory_max_write+0x262/0x3a0 [ 2391.152451][T17425] ? mem_cgroup_write+0x370/0x370 [ 2391.157452][T17425] ? lock_acquire+0x190/0x410 [ 2391.162105][T17425] ? kernfs_fop_write+0x227/0x480 [ 2391.167108][T17425] cgroup_file_write+0x241/0x790 [ 2391.172033][T17425] ? mem_cgroup_write+0x370/0x370 [ 2391.177035][T17425] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2391.182661][T17425] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2391.188269][T17425] kernfs_fop_write+0x2b8/0x480 [ 2391.193097][T17425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2391.199320][T17425] __vfs_write+0x8a/0x110 [ 2391.203634][T17425] ? kernfs_fop_open+0xd80/0xd80 [ 2391.208548][T17425] vfs_write+0x268/0x5d0 [ 2391.212778][T17425] ksys_write+0x14f/0x290 [ 2391.217094][T17425] ? __ia32_sys_read+0xb0/0xb0 [ 2391.221848][T17425] ? do_syscall_64+0x26/0x760 [ 2391.226499][T17425] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2391.232540][T17425] ? do_syscall_64+0x26/0x760 [ 2391.237195][T17425] __x64_sys_write+0x73/0xb0 [ 2391.241763][T17425] do_syscall_64+0xfa/0x760 [ 2391.246243][T17425] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2391.252112][T17425] RIP: 0033:0x459a59 [ 2391.255988][T17425] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2391.275567][T17425] RSP: 002b:00007f5a99a6fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2391.283955][T17425] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2391.291902][T17425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2391.299850][T17425] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2391.307796][T17425] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a99a706d4 [ 2391.315741][T17425] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2391.390193][T17425] memory: usage 3176kB, limit 0kB, failcnt 1012 [ 2391.396474][T17425] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2391.414421][T17425] Memory cgroup stats for /syz4: [ 2391.414527][T17425] anon 2138112 [ 2391.414527][T17425] file 163840 [ 2391.414527][T17425] kernel_stack 65536 [ 2391.414527][T17425] slab 692224 [ 2391.414527][T17425] sock 0 [ 2391.414527][T17425] shmem 0 [ 2391.414527][T17425] file_mapped 0 [ 2391.414527][T17425] file_dirty 135168 [ 2391.414527][T17425] file_writeback 0 [ 2391.414527][T17425] anon_thp 2097152 [ 2391.414527][T17425] inactive_anon 0 [ 2391.414527][T17425] active_anon 2138112 [ 2391.414527][T17425] inactive_file 135168 [ 2391.414527][T17425] active_file 0 [ 2391.414527][T17425] unevictable 0 [ 2391.414527][T17425] slab_reclaimable 270336 [ 2391.414527][T17425] slab_unreclaimable 421888 [ 2391.414527][T17425] pgfault 9306 [ 2391.414527][T17425] pgmajfault 0 [ 2391.414527][T17425] workingset_refault 0 [ 2391.414527][T17425] workingset_activate 0 [ 2391.414527][T17425] workingset_nodereclaim 0 [ 2391.414527][T17425] pgrefill 264 [ 2391.414527][T17425] pgscan 292 [ 2391.414527][T17425] pgsteal 59 [ 2391.414527][T17425] pgactivate 231 [ 2391.521280][T17425] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17422,uid=0 [ 2391.542977][T17425] Memory cgroup out of memory: Killed process 17422 (syz-executor.4) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2391.564211][ T1054] oom_reaper: reaped process 17422 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 04:55:46 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 04:55:46 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 04:55:46 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x0, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2391.602907][T17414] chnl_net:caif_netlink_parms(): no params data found [ 2391.615667][T17366] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2391.647337][T17366] CPU: 1 PID: 17366 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2391.655418][T17366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2391.655424][T17366] Call Trace: [ 2391.655441][T17366] dump_stack+0x172/0x1f0 [ 2391.655459][T17366] dump_header+0x10b/0x82d [ 2391.655470][T17366] ? oom_kill_process+0x94/0x3f0 [ 2391.655485][T17366] oom_kill_process.cold+0x10/0x15 [ 2391.655499][T17366] out_of_memory+0x334/0x1340 [ 2391.655514][T17366] ? lock_downgrade+0x920/0x920 [ 2391.655532][T17366] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2391.655548][T17366] ? oom_killer_disable+0x280/0x280 [ 2391.655572][T17366] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2391.655586][T17366] ? memcg_stat_show+0xc40/0xc40 [ 2391.655603][T17366] ? do_raw_spin_unlock+0x57/0x270 [ 2391.655619][T17366] ? _raw_spin_unlock+0x2d/0x50 [ 2391.655636][T17366] try_charge+0xf4b/0x1440 [ 2391.655660][T17366] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2391.655673][T17366] ? percpu_ref_tryget_live+0x111/0x290 [ 2391.655689][T17366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2391.655706][T17366] ? __kasan_check_read+0x11/0x20 [ 2391.655725][T17366] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2391.655743][T17366] mem_cgroup_try_charge+0x136/0x590 [ 2391.655763][T17366] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2391.655780][T17366] wp_page_copy+0x407/0x1860 [ 2391.655794][T17366] ? find_held_lock+0x35/0x130 [ 2391.655807][T17366] ? do_wp_page+0x53b/0x15c0 [ 2391.655828][T17366] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2391.655843][T17366] ? lock_downgrade+0x920/0x920 [ 2391.655860][T17366] ? swp_swapcount+0x540/0x540 [ 2391.655877][T17366] ? __kasan_check_read+0x11/0x20 [ 2391.692575][T17366] ? do_raw_spin_unlock+0x57/0x270 [ 2391.703789][T17366] do_wp_page+0x543/0x15c0 [ 2391.703806][T17366] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2391.703834][T17366] __handle_mm_fault+0x23ec/0x4040 [ 2391.703854][T17366] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2391.703869][T17366] ? handle_mm_fault+0x292/0xaa0 [ 2391.703897][T17366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2391.703912][T17366] ? __kasan_check_read+0x11/0x20 [ 2391.703929][T17366] handle_mm_fault+0x3b7/0xaa0 [ 2391.703948][T17366] __do_page_fault+0x536/0xdd0 [ 2391.703971][T17366] do_page_fault+0x38/0x590 [ 2391.756257][T17366] page_fault+0x39/0x40 [ 2391.756275][T17366] RIP: 0033:0x403522 [ 2391.782046][T17366] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2391.797256][T17366] RSP: 002b:00007ffce0ef2c10 EFLAGS: 00010246 04:55:47 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2391.816511][T17366] RAX: 0000000000000000 RBX: 0000000000247dc8 RCX: 0000000000413660 [ 2391.816524][T17366] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffce0ef3d40 [ 2391.837430][T17366] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001a04940 [ 2391.837440][T17366] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce0ef3d40 [ 2391.837448][T17366] R13: 00007ffce0ef3d30 R14: 0000000000000000 R15: 00007ffce0ef3d40 [ 2391.980085][T17366] memory: usage 804kB, limit 0kB, failcnt 1020 [ 2391.986296][T17366] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2391.994790][T17366] Memory cgroup stats for /syz4: [ 2391.994899][T17366] anon 24576 [ 2391.994899][T17366] file 163840 [ 2391.994899][T17366] kernel_stack 0 [ 2391.994899][T17366] slab 692224 [ 2391.994899][T17366] sock 0 [ 2391.994899][T17366] shmem 0 [ 2391.994899][T17366] file_mapped 0 [ 2391.994899][T17366] file_dirty 135168 [ 2391.994899][T17366] file_writeback 0 [ 2391.994899][T17366] anon_thp 0 [ 2391.994899][T17366] inactive_anon 0 [ 2391.994899][T17366] active_anon 24576 [ 2391.994899][T17366] inactive_file 135168 [ 2391.994899][T17366] active_file 0 [ 2391.994899][T17366] unevictable 0 [ 2391.994899][T17366] slab_reclaimable 270336 [ 2391.994899][T17366] slab_unreclaimable 421888 [ 2391.994899][T17366] pgfault 9306 [ 2391.994899][T17366] pgmajfault 0 [ 2391.994899][T17366] workingset_refault 0 [ 2391.994899][T17366] workingset_activate 0 [ 2391.994899][T17366] workingset_nodereclaim 0 [ 2391.994899][T17366] pgrefill 264 [ 2391.994899][T17366] pgscan 292 [ 2391.994899][T17366] pgsteal 59 [ 2391.994899][T17366] pgactivate 231 [ 2392.095670][T17366] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17366,uid=0 [ 2392.145320][T17366] Memory cgroup out of memory: Killed process 17366 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2392.163734][ T1054] oom_reaper: reaped process 17366 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 04:55:47 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2392.204566][T17394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2392.424271][T17435] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2392.459262][T17435] CPU: 1 PID: 17435 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2392.467711][T17435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2392.477768][T17435] Call Trace: [ 2392.481062][T17435] dump_stack+0x172/0x1f0 [ 2392.485394][T17435] dump_header+0x10b/0x82d [ 2392.489811][T17435] oom_kill_process.cold+0x10/0x15 [ 2392.494923][T17435] out_of_memory+0x334/0x1340 [ 2392.499603][T17435] ? __sched_text_start+0x8/0x8 [ 2392.504453][T17435] ? oom_killer_disable+0x280/0x280 [ 2392.509662][T17435] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2392.515207][T17435] ? memcg_stat_show+0xc40/0xc40 [ 2392.520236][T17435] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2392.526045][T17435] ? cgroup_file_notify+0x140/0x1b0 [ 2392.531251][T17435] memory_max_write+0x262/0x3a0 [ 2392.536105][T17435] ? mem_cgroup_write+0x370/0x370 [ 2392.541143][T17435] ? cgroup_file_write+0x188/0x790 [ 2392.546260][T17435] cgroup_file_write+0x241/0x790 [ 2392.551202][T17435] ? mem_cgroup_write+0x370/0x370 [ 2392.556229][T17435] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2392.561871][T17435] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2392.567501][T17435] kernfs_fop_write+0x2b8/0x480 [ 2392.572356][T17435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2392.578606][T17435] __vfs_write+0x8a/0x110 [ 2392.582937][T17435] ? kernfs_fop_open+0xd80/0xd80 [ 2392.587874][T17435] vfs_write+0x268/0x5d0 [ 2392.592118][T17435] ksys_write+0x14f/0x290 [ 2392.596454][T17435] ? __ia32_sys_read+0xb0/0xb0 [ 2392.601233][T17435] __x64_sys_write+0x73/0xb0 [ 2392.605824][T17435] do_syscall_64+0xfa/0x760 [ 2392.610337][T17435] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2392.616224][T17435] RIP: 0033:0x459a59 [ 2392.620116][T17435] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2392.639722][T17435] RSP: 002b:00007fa2def93c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2392.648231][T17435] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2392.656201][T17435] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2392.664175][T17435] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2392.672151][T17435] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2def946d4 [ 2392.680126][T17435] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2392.699974][T17435] memory: usage 13472kB, limit 0kB, failcnt 120 [ 2392.706756][T17435] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2392.728994][T17435] Memory cgroup stats for /syz1: [ 2392.729919][T17435] anon 2166784 [ 2392.729919][T17435] file 4096 [ 2392.729919][T17435] kernel_stack 65536 [ 2392.729919][T17435] slab 11362304 [ 2392.729919][T17435] sock 0 [ 2392.729919][T17435] shmem 0 [ 2392.729919][T17435] file_mapped 0 [ 2392.729919][T17435] file_dirty 0 [ 2392.729919][T17435] file_writeback 0 [ 2392.729919][T17435] anon_thp 2097152 [ 2392.729919][T17435] inactive_anon 0 [ 2392.729919][T17435] active_anon 2166784 [ 2392.729919][T17435] inactive_file 135168 [ 2392.729919][T17435] active_file 0 [ 2392.729919][T17435] unevictable 0 [ 2392.729919][T17435] slab_reclaimable 10678272 [ 2392.729919][T17435] slab_unreclaimable 684032 [ 2392.729919][T17435] pgfault 38016 [ 2392.729919][T17435] pgmajfault 0 [ 2392.729919][T17435] workingset_refault 0 [ 2392.729919][T17435] workingset_activate 0 [ 2392.729919][T17435] workingset_nodereclaim 0 [ 2392.729919][T17435] pgrefill 135 [ 2392.729919][T17435] pgscan 133 [ 2392.729919][T17435] pgsteal 0 [ 2392.729919][T17435] pgactivate 99 [ 2392.829423][T17435] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17434,uid=0 [ 2392.846881][T17435] Memory cgroup out of memory: Killed process 17434 (syz-executor.1) total-vm:72576kB, anon-rss:2152kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2392.872198][ T1054] oom_reaper: reaped process 17434 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2392.885032][T17416] chnl_net:caif_netlink_parms(): no params data found 04:55:48 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2393.012768][T17414] bridge0: port 1(bridge_slave_0) entered blocking state [ 2393.025546][T17414] bridge0: port 1(bridge_slave_0) entered disabled state [ 2393.043703][T17414] device bridge_slave_0 entered promiscuous mode 04:55:48 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2393.080753][T17414] bridge0: port 2(bridge_slave_1) entered blocking state [ 2393.105211][T17414] bridge0: port 2(bridge_slave_1) entered disabled state [ 2393.140046][T17342] syz-executor.1 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2393.158126][T17414] device bridge_slave_1 entered promiscuous mode [ 2393.178140][T17342] CPU: 1 PID: 17342 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2393.186062][T17342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2393.196230][T17342] Call Trace: [ 2393.199519][T17342] dump_stack+0x172/0x1f0 [ 2393.203849][T17342] dump_header+0x10b/0x82d [ 2393.208257][T17342] ? oom_kill_process+0x94/0x3f0 [ 2393.213198][T17342] oom_kill_process.cold+0x10/0x15 [ 2393.218311][T17342] out_of_memory+0x334/0x1340 [ 2393.222983][T17342] ? lock_downgrade+0x920/0x920 [ 2393.227833][T17342] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2393.233641][T17342] ? oom_killer_disable+0x280/0x280 [ 2393.238844][T17342] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2393.244388][T17342] ? memcg_stat_show+0xc40/0xc40 [ 2393.249335][T17342] ? do_raw_spin_unlock+0x57/0x270 [ 2393.254446][T17342] ? _raw_spin_unlock+0x2d/0x50 [ 2393.259299][T17342] try_charge+0xf4b/0x1440 [ 2393.263721][T17342] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2393.269264][T17342] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2393.274810][T17342] ? cache_grow_begin+0x122/0xd20 [ 2393.279830][T17342] ? find_held_lock+0x35/0x130 [ 2393.285113][T17342] ? cache_grow_begin+0x122/0xd20 [ 2393.290143][T17342] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2393.295680][T17342] ? lock_downgrade+0x920/0x920 [ 2393.300529][T17342] ? memcg_kmem_put_cache+0x50/0x50 [ 2393.305720][T17342] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2393.311971][T17342] ? __kasan_check_read+0x11/0x20 [ 2393.316997][T17342] cache_grow_begin+0x629/0xd20 [ 2393.321863][T17342] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 2393.327578][T17342] ? mempolicy_slab_node+0x139/0x390 [ 2393.332873][T17342] fallback_alloc+0x1fd/0x2d0 [ 2393.337554][T17342] ____cache_alloc_node+0x1bc/0x1d0 [ 2393.342751][T17342] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2393.348993][T17342] kmem_cache_alloc+0x1ef/0x710 [ 2393.353848][T17342] ? lock_downgrade+0x920/0x920 [ 2393.358692][T17342] ? rwlock_bug.part.0+0x90/0x90 [ 2393.363640][T17342] ? ratelimit_state_init+0xb0/0xb0 [ 2393.368834][T17342] ext4_alloc_inode+0x1f/0x640 [ 2393.373592][T17342] ? ratelimit_state_init+0xb0/0xb0 [ 2393.378806][T17342] alloc_inode+0x68/0x1e0 [ 2393.383135][T17342] iget_locked+0x1a6/0x4b0 [ 2393.387550][T17342] __ext4_iget+0x265/0x3e20 [ 2393.392052][T17342] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2393.398296][T17342] ? ext4_get_projid+0x190/0x190 [ 2393.403231][T17342] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2393.408774][T17342] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2393.414758][T17342] ? d_alloc_parallel+0xa78/0x1c30 [ 2393.419876][T17342] ext4_lookup+0x3b1/0x7a0 [ 2393.424292][T17342] ? ext4_cross_rename+0x1430/0x1430 [ 2393.429578][T17342] ? __lock_acquire+0x16f2/0x4a00 [ 2393.434602][T17342] ? __kasan_check_read+0x11/0x20 [ 2393.439639][T17342] ? lockdep_init_map+0x1be/0x6d0 [ 2393.444665][T17342] __lookup_slow+0x279/0x500 [ 2393.449258][T17342] ? vfs_unlink+0x620/0x620 [ 2393.453784][T17342] lookup_slow+0x58/0x80 [ 2393.458025][T17342] path_mountpoint+0x5d2/0x1e60 [ 2393.462876][T17342] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2393.468419][T17342] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2393.474400][T17342] ? path_openat+0x46d0/0x46d0 [ 2393.479191][T17342] filename_mountpoint+0x18e/0x390 [ 2393.484489][T17342] ? filename_parentat.isra.0+0x410/0x410 [ 2393.490214][T17342] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2393.496374][T17342] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2393.502617][T17342] ? __phys_addr_symbol+0x30/0x70 [ 2393.507638][T17342] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2393.513352][T17342] ? __check_object_size+0x3d/0x437 [ 2393.518558][T17342] ? strncpy_from_user+0x2b4/0x400 [ 2393.523669][T17342] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2393.529908][T17342] ? getname_flags+0x277/0x5b0 [ 2393.534759][T17342] user_path_mountpoint_at+0x3a/0x50 [ 2393.540043][T17342] ksys_umount+0x164/0xf00 [ 2393.544634][T17342] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2393.550877][T17342] ? __detach_mounts+0x2a0/0x2a0 [ 2393.555814][T17342] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2393.561269][T17342] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2393.566721][T17342] ? do_syscall_64+0x26/0x760 [ 2393.571411][T17342] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2393.577481][T17342] ? do_syscall_64+0x26/0x760 [ 2393.582177][T17342] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2393.587468][T17342] __x64_sys_umount+0x54/0x80 [ 2393.592154][T17342] do_syscall_64+0xfa/0x760 [ 2393.596668][T17342] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2393.602559][T17342] RIP: 0033:0x45c487 [ 2393.606450][T17342] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2393.626057][T17342] RSP: 002b:00007ffee9239e08 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2393.634523][T17342] RAX: ffffffffffffffda RBX: 0000000000248123 RCX: 000000000045c487 [ 2393.642495][T17342] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007ffee9239eb0 [ 2393.650493][T17342] RBP: 000000000000000a R08: 0000000000000000 R09: 000000000000000e [ 2393.658464][T17342] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffee923af40 [ 2393.666433][T17342] R13: 00000000012ec940 R14: 0000000000000000 R15: 00007ffee923af40 [ 2393.686372][T17342] memory: usage 11104kB, limit 0kB, failcnt 132 [ 2393.692743][T17342] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2393.699692][T17342] Memory cgroup stats for /syz1: [ 2393.699797][T17342] anon 12288 [ 2393.699797][T17342] file 4096 [ 2393.699797][T17342] kernel_stack 0 [ 2393.699797][T17342] slab 11362304 [ 2393.699797][T17342] sock 0 [ 2393.699797][T17342] shmem 0 [ 2393.699797][T17342] file_mapped 0 [ 2393.699797][T17342] file_dirty 0 [ 2393.699797][T17342] file_writeback 0 [ 2393.699797][T17342] anon_thp 0 [ 2393.699797][T17342] inactive_anon 0 [ 2393.699797][T17342] active_anon 12288 [ 2393.699797][T17342] inactive_file 135168 [ 2393.699797][T17342] active_file 0 [ 2393.699797][T17342] unevictable 0 [ 2393.699797][T17342] slab_reclaimable 10678272 [ 2393.699797][T17342] slab_unreclaimable 684032 [ 2393.699797][T17342] pgfault 38016 [ 2393.699797][T17342] pgmajfault 0 [ 2393.699797][T17342] workingset_refault 0 [ 2393.699797][T17342] workingset_activate 0 [ 2393.699797][T17342] workingset_nodereclaim 0 [ 2393.699797][T17342] pgrefill 135 [ 2393.699797][T17342] pgscan 133 [ 2393.699797][T17342] pgsteal 0 [ 2393.699797][T17342] pgactivate 99 [ 2393.800967][T17342] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17342,uid=0 [ 2393.819547][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2393.828016][T17342] Memory cgroup out of memory: Killed process 17342 (syz-executor.1) total-vm:72444kB, anon-rss:104kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2393.828246][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2393.846881][ T1054] oom_reaper: reaped process 17342 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2393.892642][T17394] 8021q: adding VLAN 0 to HW filter on device team0 [ 2394.280368][T17437] IPVS: ftp: loaded support on port[0] = 21 [ 2394.342965][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2394.356912][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2394.366143][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2394.373407][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2394.385858][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2394.395455][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2394.405034][T11361] bridge0: port 2(bridge_slave_1) entered blocking state [ 2394.412184][T11361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2394.434697][T17414] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2394.445984][T17416] bridge0: port 1(bridge_slave_0) entered blocking state [ 2394.455798][T17416] bridge0: port 1(bridge_slave_0) entered disabled state [ 2394.465448][T17416] device bridge_slave_0 entered promiscuous mode [ 2394.550970][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2394.560566][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2394.585739][T17414] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2394.599152][T17416] bridge0: port 2(bridge_slave_1) entered blocking state [ 2394.606232][T17416] bridge0: port 2(bridge_slave_1) entered disabled state [ 2394.617489][T17416] device bridge_slave_1 entered promiscuous mode [ 2394.628384][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2394.741567][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2394.753610][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2394.763325][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2394.776158][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2394.786346][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2394.795955][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2394.882331][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2394.891397][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2394.902056][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2394.915738][T17416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2394.927702][T17414] team0: Port device team_slave_0 added [ 2394.993927][T17416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2395.019603][T17394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2395.030577][T17414] team0: Port device team_slave_1 added [ 2395.183888][T17414] device hsr_slave_0 entered promiscuous mode [ 2395.330402][T17414] device hsr_slave_1 entered promiscuous mode [ 2395.388895][T17414] debugfs: Directory 'hsr0' with parent '/' already present! [ 2395.442456][T17416] team0: Port device team_slave_0 added [ 2395.466555][T17394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2395.495727][T17416] team0: Port device team_slave_1 added [ 2395.642803][T17416] device hsr_slave_0 entered promiscuous mode [ 2395.683013][T17416] device hsr_slave_1 entered promiscuous mode [ 2395.738884][T17416] debugfs: Directory 'hsr0' with parent '/' already present! [ 2395.881737][T17446] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2395.972223][T17446] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2395.986669][T17437] chnl_net:caif_netlink_parms(): no params data found [ 2395.987811][T17446] CPU: 0 PID: 17446 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2396.001369][T17446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2396.011419][T17446] Call Trace: [ 2396.014711][T17446] dump_stack+0x172/0x1f0 [ 2396.019046][T17446] dump_header+0x10b/0x82d [ 2396.019062][T17446] oom_kill_process.cold+0x10/0x15 [ 2396.019077][T17446] out_of_memory+0x334/0x1340 [ 2396.019094][T17446] ? __sched_text_start+0x8/0x8 [ 2396.019111][T17446] ? oom_killer_disable+0x280/0x280 [ 2396.043284][T17446] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2396.048826][T17446] ? memcg_stat_show+0xc40/0xc40 [ 2396.048846][T17446] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2396.048864][T17446] ? cgroup_file_notify+0x140/0x1b0 [ 2396.048882][T17446] memory_max_write+0x262/0x3a0 [ 2396.069883][T17446] ? mem_cgroup_write+0x370/0x370 [ 2396.074901][T17446] ? lock_acquire+0x20b/0x410 [ 2396.079575][T17446] cgroup_file_write+0x241/0x790 [ 2396.079590][T17446] ? mem_cgroup_write+0x370/0x370 [ 2396.079603][T17446] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2396.079624][T17446] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2396.100850][T17446] kernfs_fop_write+0x2b8/0x480 [ 2396.100872][T17446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2396.111916][T17446] __vfs_write+0x8a/0x110 [ 2396.111930][T17446] ? kernfs_fop_open+0xd80/0xd80 [ 2396.111948][T17446] vfs_write+0x268/0x5d0 [ 2396.125393][T17446] ksys_write+0x14f/0x290 [ 2396.129762][T17446] ? __ia32_sys_read+0xb0/0xb0 [ 2396.134525][T17446] ? do_syscall_64+0x26/0x760 [ 2396.139207][T17446] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2396.139223][T17446] ? do_syscall_64+0x26/0x760 [ 2396.139244][T17446] __x64_sys_write+0x73/0xb0 [ 2396.154523][T17446] do_syscall_64+0xfa/0x760 [ 2396.159026][T17446] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2396.159038][T17446] RIP: 0033:0x459a59 [ 2396.159055][T17446] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2396.168782][T17446] RSP: 002b:00007fc823e5bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2396.168796][T17446] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2396.168804][T17446] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2396.168817][T17446] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2396.196802][T17446] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc823e5c6d4 [ 2396.196812][T17446] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2396.239428][T17446] memory: usage 3164kB, limit 0kB, failcnt 890 [ 2396.245585][T17446] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2396.254405][T17446] Memory cgroup stats for /syz0: [ 2396.254521][T17446] anon 2170880 [ 2396.254521][T17446] file 0 [ 2396.254521][T17446] kernel_stack 65536 [ 2396.254521][T17446] slab 565248 [ 2396.254521][T17446] sock 0 [ 2396.254521][T17446] shmem 0 [ 2396.254521][T17446] file_mapped 0 [ 2396.254521][T17446] file_dirty 0 [ 2396.254521][T17446] file_writeback 0 [ 2396.254521][T17446] anon_thp 2097152 [ 2396.254521][T17446] inactive_anon 0 [ 2396.254521][T17446] active_anon 2170880 [ 2396.254521][T17446] inactive_file 135168 [ 2396.254521][T17446] active_file 0 [ 2396.254521][T17446] unevictable 0 [ 2396.254521][T17446] slab_reclaimable 135168 [ 2396.254521][T17446] slab_unreclaimable 430080 [ 2396.254521][T17446] pgfault 15114 [ 2396.254521][T17446] pgmajfault 0 [ 2396.254521][T17446] workingset_refault 0 [ 2396.254521][T17446] workingset_activate 0 [ 2396.254521][T17446] workingset_nodereclaim 0 [ 2396.254521][T17446] pgrefill 0 [ 2396.254521][T17446] pgscan 0 [ 2396.254521][T17446] pgsteal 0 [ 2396.254521][T17446] pgactivate 0 [ 2396.358733][T17446] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17444,uid=0 04:55:51 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x0, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:51 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x0, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2396.399847][T17446] Memory cgroup out of memory: Killed process 17444 (syz-executor.0) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2396.421602][ T1054] oom_reaper: reaped process 17444 (syz-executor.0), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 04:55:51 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2396.463571][T17394] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2396.488926][T17394] CPU: 1 PID: 17394 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2396.496868][T17394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2396.506922][T17394] Call Trace: [ 2396.506939][T17394] dump_stack+0x172/0x1f0 [ 2396.506958][T17394] dump_header+0x10b/0x82d [ 2396.506969][T17394] ? oom_kill_process+0x94/0x3f0 [ 2396.506988][T17394] oom_kill_process.cold+0x10/0x15 [ 2396.507002][T17394] out_of_memory+0x334/0x1340 [ 2396.507017][T17394] ? lock_downgrade+0x920/0x920 [ 2396.507035][T17394] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2396.507050][T17394] ? oom_killer_disable+0x280/0x280 [ 2396.507074][T17394] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2396.507088][T17394] ? memcg_stat_show+0xc40/0xc40 [ 2396.507106][T17394] ? do_raw_spin_unlock+0x57/0x270 [ 2396.507121][T17394] ? _raw_spin_unlock+0x2d/0x50 [ 2396.507137][T17394] try_charge+0xf4b/0x1440 [ 2396.507162][T17394] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2396.507174][T17394] ? percpu_ref_tryget_live+0x111/0x290 [ 2396.507190][T17394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2396.507208][T17394] ? __kasan_check_read+0x11/0x20 [ 2396.514799][T17394] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2396.524120][T17394] mem_cgroup_try_charge+0x136/0x590 [ 2396.533868][T17394] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2396.533887][T17394] wp_page_copy+0x407/0x1860 [ 2396.549786][T17394] ? find_held_lock+0x35/0x130 [ 2396.549802][T17394] ? do_wp_page+0x53b/0x15c0 [ 2396.549819][T17394] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2396.549834][T17394] ? lock_downgrade+0x920/0x920 [ 2396.549852][T17394] ? swp_swapcount+0x540/0x540 [ 2396.549867][T17394] ? __kasan_check_read+0x11/0x20 [ 2396.549878][T17394] ? do_raw_spin_unlock+0x57/0x270 [ 2396.549895][T17394] do_wp_page+0x543/0x15c0 [ 2396.560362][T17394] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2396.560386][T17394] __handle_mm_fault+0x23ec/0x4040 [ 2396.560406][T17394] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2396.560424][T17394] ? handle_mm_fault+0x292/0xaa0 [ 2396.570356][T17394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2396.570373][T17394] ? __kasan_check_read+0x11/0x20 [ 2396.570392][T17394] handle_mm_fault+0x3b7/0xaa0 [ 2396.570411][T17394] __do_page_fault+0x536/0xdd0 [ 2396.570433][T17394] do_page_fault+0x38/0x590 [ 2396.580367][T17394] page_fault+0x39/0x40 [ 2396.580378][T17394] RIP: 0033:0x403522 [ 2396.580393][T17394] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2396.580401][T17394] RSP: 002b:00007ffcfb1d2b70 EFLAGS: 00010246 [ 2396.580412][T17394] RAX: 0000000000000000 RBX: 0000000000249099 RCX: 0000000000413660 [ 2396.580424][T17394] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffcfb1d3ca0 [ 2396.592522][T17394] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000f78940 [ 2396.592531][T17394] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcfb1d3ca0 [ 2396.592540][T17394] R13: 00007ffcfb1d3c90 R14: 0000000000000000 R15: 00007ffcfb1d3ca0 [ 2396.688930][T17394] memory: usage 800kB, limit 0kB, failcnt 902 [ 2396.869036][T17394] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2396.906411][T17394] Memory cgroup stats for /syz0: [ 2396.906529][T17394] anon 0 [ 2396.906529][T17394] file 0 [ 2396.906529][T17394] kernel_stack 0 [ 2396.906529][T17394] slab 565248 [ 2396.906529][T17394] sock 0 [ 2396.906529][T17394] shmem 0 [ 2396.906529][T17394] file_mapped 0 [ 2396.906529][T17394] file_dirty 0 [ 2396.906529][T17394] file_writeback 0 [ 2396.906529][T17394] anon_thp 0 [ 2396.906529][T17394] inactive_anon 0 [ 2396.906529][T17394] active_anon 0 [ 2396.906529][T17394] inactive_file 135168 [ 2396.906529][T17394] active_file 0 [ 2396.906529][T17394] unevictable 0 [ 2396.906529][T17394] slab_reclaimable 135168 [ 2396.906529][T17394] slab_unreclaimable 430080 [ 2396.906529][T17394] pgfault 15114 [ 2396.906529][T17394] pgmajfault 0 [ 2396.906529][T17394] workingset_refault 0 [ 2396.906529][T17394] workingset_activate 0 [ 2396.906529][T17394] workingset_nodereclaim 0 [ 2396.906529][T17394] pgrefill 0 [ 2396.906529][T17394] pgscan 0 [ 2396.906529][T17394] pgsteal 0 [ 2396.906529][T17394] pgactivate 0 [ 2396.906529][T17394] pgdeactivate 0 [ 2397.023851][T17437] bridge0: port 1(bridge_slave_0) entered blocking state [ 2397.031734][T17437] bridge0: port 1(bridge_slave_0) entered disabled state [ 2397.041165][T17437] device bridge_slave_0 entered promiscuous mode [ 2397.051235][T17394] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17394,uid=0 [ 2397.067293][T17394] Memory cgroup out of memory: Killed process 17394 (syz-executor.0) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2397.100716][T17437] bridge0: port 2(bridge_slave_1) entered blocking state [ 2397.119164][T17437] bridge0: port 2(bridge_slave_1) entered disabled state [ 2397.127918][T17437] device bridge_slave_1 entered promiscuous mode [ 2397.283018][T17414] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2397.555372][T17437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2397.652041][T17414] 8021q: adding VLAN 0 to HW filter on device team0 [ 2397.665377][T17437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2397.680784][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2397.698469][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2397.802106][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2397.813064][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2397.821784][T10564] bridge0: port 1(bridge_slave_0) entered blocking state [ 2397.828884][T10564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2397.837602][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2397.859702][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2397.870060][T10564] bridge0: port 2(bridge_slave_1) entered blocking state [ 2397.877133][T10564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2398.004586][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2398.014469][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2398.028327][T17437] team0: Port device team_slave_0 added [ 2398.045147][T17416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2398.086626][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2398.108238][T17448] IPVS: ftp: loaded support on port[0] = 21 [ 2398.116835][T17437] team0: Port device team_slave_1 added [ 2398.147014][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2398.170345][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2398.179369][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2398.188516][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2398.310634][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2398.319379][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2398.328149][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2398.365981][T17450] IPVS: ftp: loaded support on port[0] = 21 [ 2398.378054][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2398.390061][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2398.409833][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2398.419488][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2398.434826][T17416] 8021q: adding VLAN 0 to HW filter on device team0 [ 2398.502617][T17437] device hsr_slave_0 entered promiscuous mode [ 2398.610965][T17437] device hsr_slave_1 entered promiscuous mode [ 2398.659052][T17437] debugfs: Directory 'hsr0' with parent '/' already present! [ 2398.777639][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2398.826449][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2398.837324][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2398.846275][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2398.853416][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2398.979668][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2398.987936][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2398.997842][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2399.007192][ T2871] bridge0: port 2(bridge_slave_1) entered blocking state [ 2399.014311][ T2871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2399.023989][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2399.103071][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2399.113337][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2399.123283][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2399.132943][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2399.234600][T17414] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2399.259889][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2399.271005][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2399.320544][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2399.333469][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2399.401643][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2399.420123][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2399.517510][T17416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2399.608513][T17459] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2399.761208][T17458] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2399.761746][T17437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2399.772025][T17458] CPU: 1 PID: 17458 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2399.786092][T17458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2399.796155][T17458] Call Trace: [ 2399.799455][T17458] dump_stack+0x172/0x1f0 [ 2399.800897][T17416] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2399.803784][T17458] dump_header+0x10b/0x82d [ 2399.814928][T17458] oom_kill_process.cold+0x10/0x15 [ 2399.820042][T17458] out_of_memory+0x334/0x1340 [ 2399.824729][T17458] ? __sched_text_start+0x8/0x8 [ 2399.829591][T17458] ? oom_killer_disable+0x280/0x280 [ 2399.834801][T17458] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2399.840348][T17458] ? memcg_stat_show+0xc40/0xc40 [ 2399.845293][T17458] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2399.851104][T17458] ? cgroup_file_notify+0x140/0x1b0 [ 2399.856735][T17458] memory_max_write+0x262/0x3a0 [ 2399.861595][T17458] ? mem_cgroup_write+0x370/0x370 [ 2399.866615][T17458] ? lock_acquire+0x20b/0x410 [ 2399.871296][T17458] cgroup_file_write+0x241/0x790 [ 2399.876232][T17458] ? mem_cgroup_write+0x370/0x370 [ 2399.881260][T17458] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2399.886907][T17458] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2399.892547][T17458] kernfs_fop_write+0x2b8/0x480 [ 2399.897407][T17458] __vfs_write+0x8a/0x110 [ 2399.901736][T17458] ? kernfs_fop_open+0xd80/0xd80 [ 2399.906674][T17458] vfs_write+0x268/0x5d0 [ 2399.910922][T17458] ksys_write+0x14f/0x290 [ 2399.915267][T17458] ? __ia32_sys_read+0xb0/0xb0 [ 2399.920058][T17458] __x64_sys_write+0x73/0xb0 [ 2399.924651][T17458] do_syscall_64+0xfa/0x760 [ 2399.929164][T17458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2399.935050][T17458] RIP: 0033:0x459a59 [ 2399.938943][T17458] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2399.958714][T17458] RSP: 002b:00007f9c2984fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2399.967132][T17458] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2399.975112][T17458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2399.983092][T17458] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2399.991066][T17458] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9c298506d4 [ 2399.999040][T17458] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2400.039227][T17458] memory: usage 3184kB, limit 0kB, failcnt 703 [ 2400.045491][T17458] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2400.067591][T17458] Memory cgroup stats for /syz5: [ 2400.068299][T17458] anon 2158592 [ 2400.068299][T17458] file 0 [ 2400.068299][T17458] kernel_stack 65536 [ 2400.068299][T17458] slab 544768 [ 2400.068299][T17458] sock 0 [ 2400.068299][T17458] shmem 0 [ 2400.068299][T17458] file_mapped 0 [ 2400.068299][T17458] file_dirty 0 [ 2400.068299][T17458] file_writeback 0 [ 2400.068299][T17458] anon_thp 2097152 [ 2400.068299][T17458] inactive_anon 0 [ 2400.068299][T17458] active_anon 2158592 [ 2400.068299][T17458] inactive_file 0 [ 2400.068299][T17458] active_file 0 [ 2400.068299][T17458] unevictable 0 [ 2400.068299][T17458] slab_reclaimable 135168 [ 2400.068299][T17458] slab_unreclaimable 409600 [ 2400.068299][T17458] pgfault 8679 [ 2400.068299][T17458] pgmajfault 0 [ 2400.068299][T17458] workingset_refault 0 [ 2400.068299][T17458] workingset_activate 0 [ 2400.068299][T17458] workingset_nodereclaim 0 [ 2400.068299][T17458] pgrefill 233 [ 2400.068299][T17458] pgscan 362 [ 2400.068299][T17458] pgsteal 146 [ 2400.068299][T17458] pgactivate 198 [ 2400.195862][T17448] chnl_net:caif_netlink_parms(): no params data found [ 2400.214746][T17458] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17456,uid=0 [ 2400.240815][T17458] Memory cgroup out of memory: Killed process 17456 (syz-executor.5) total-vm:72712kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2400.295885][ T1054] oom_reaper: reaped process 17456 (syz-executor.5), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2400.403970][T17450] chnl_net:caif_netlink_parms(): no params data found [ 2400.465447][T17467] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2400.533068][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2400.542016][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2400.572204][T17437] 8021q: adding VLAN 0 to HW filter on device team0 [ 2400.589781][T17414] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2400.605611][T17414] CPU: 0 PID: 17414 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2400.613537][T17414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2400.623612][T17414] Call Trace: [ 2400.626904][T17414] dump_stack+0x172/0x1f0 [ 2400.631236][T17414] dump_header+0x10b/0x82d [ 2400.635644][T17414] ? oom_kill_process+0x94/0x3f0 [ 2400.640582][T17414] oom_kill_process.cold+0x10/0x15 [ 2400.645698][T17414] out_of_memory+0x334/0x1340 [ 2400.650372][T17414] ? lock_downgrade+0x920/0x920 [ 2400.655225][T17414] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2400.661030][T17414] ? oom_killer_disable+0x280/0x280 [ 2400.666259][T17414] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2400.671829][T17414] ? memcg_stat_show+0xc40/0xc40 [ 2400.676765][T17414] ? do_raw_spin_unlock+0x57/0x270 [ 2400.681870][T17414] ? _raw_spin_unlock+0x2d/0x50 [ 2400.686719][T17414] try_charge+0xf4b/0x1440 [ 2400.691139][T17414] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2400.696677][T17414] ? percpu_ref_tryget_live+0x111/0x290 [ 2400.702225][T17414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.708460][T17414] ? __kasan_check_read+0x11/0x20 [ 2400.713485][T17414] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2400.719026][T17414] mem_cgroup_try_charge+0x136/0x590 [ 2400.724309][T17414] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2400.729923][T17414] wp_page_copy+0x407/0x1860 [ 2400.734498][T17414] ? find_held_lock+0x35/0x130 [ 2400.739238][T17414] ? do_wp_page+0x53b/0x15c0 [ 2400.743804][T17414] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2400.749586][T17414] ? lock_downgrade+0x920/0x920 [ 2400.754476][T17414] ? swp_swapcount+0x540/0x540 [ 2400.759231][T17414] ? __kasan_check_read+0x11/0x20 [ 2400.764250][T17414] ? do_raw_spin_unlock+0x57/0x270 [ 2400.769392][T17414] do_wp_page+0x543/0x15c0 [ 2400.773948][T17414] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2400.779336][T17414] __handle_mm_fault+0x23ec/0x4040 [ 2400.784459][T17414] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2400.790007][T17414] ? handle_mm_fault+0x292/0xaa0 [ 2400.795481][T17414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.801721][T17414] ? __kasan_check_read+0x11/0x20 [ 2400.806749][T17414] handle_mm_fault+0x3b7/0xaa0 [ 2400.811526][T17414] __do_page_fault+0x536/0xdd0 [ 2400.816322][T17414] do_page_fault+0x38/0x590 [ 2400.820828][T17414] page_fault+0x39/0x40 [ 2400.825118][T17414] RIP: 0033:0x403522 [ 2400.828997][T17414] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2400.848584][T17414] RSP: 002b:00007ffc09366df0 EFLAGS: 00010246 [ 2400.854634][T17414] RAX: 0000000000000000 RBX: 0000000000249dac RCX: 0000000000413660 [ 2400.862608][T17414] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc09367f20 [ 2400.870563][T17414] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000161a940 [ 2400.878519][T17414] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc09367f20 [ 2400.886477][T17414] R13: 00007ffc09367f10 R14: 0000000000000000 R15: 00007ffc09367f20 [ 2400.910035][T17414] memory: usage 820kB, limit 0kB, failcnt 715 [ 2400.916215][T17414] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2400.930972][T17414] Memory cgroup stats for /syz5: [ 2400.931075][T17414] anon 0 [ 2400.931075][T17414] file 0 [ 2400.931075][T17414] kernel_stack 0 [ 2400.931075][T17414] slab 544768 [ 2400.931075][T17414] sock 0 [ 2400.931075][T17414] shmem 0 [ 2400.931075][T17414] file_mapped 0 [ 2400.931075][T17414] file_dirty 0 [ 2400.931075][T17414] file_writeback 0 [ 2400.931075][T17414] anon_thp 0 [ 2400.931075][T17414] inactive_anon 0 [ 2400.931075][T17414] active_anon 0 [ 2400.931075][T17414] inactive_file 0 [ 2400.931075][T17414] active_file 0 [ 2400.931075][T17414] unevictable 0 [ 2400.931075][T17414] slab_reclaimable 135168 [ 2400.931075][T17414] slab_unreclaimable 409600 [ 2400.931075][T17414] pgfault 8679 [ 2400.931075][T17414] pgmajfault 0 [ 2400.931075][T17414] workingset_refault 0 [ 2400.931075][T17414] workingset_activate 0 [ 2400.931075][T17414] workingset_nodereclaim 0 [ 2400.931075][T17414] pgrefill 233 [ 2400.931075][T17414] pgscan 362 [ 2400.931075][T17414] pgsteal 146 [ 2400.931075][T17414] pgactivate 198 [ 2400.931075][T17414] pgdeactivate 233 [ 2401.048901][T17448] bridge0: port 1(bridge_slave_0) entered blocking state [ 2401.055996][T17448] bridge0: port 1(bridge_slave_0) entered disabled state [ 2401.065969][T17448] device bridge_slave_0 entered promiscuous mode [ 2401.075555][T17448] bridge0: port 2(bridge_slave_1) entered blocking state [ 2401.082726][T17448] bridge0: port 2(bridge_slave_1) entered disabled state [ 2401.092417][T17448] device bridge_slave_1 entered promiscuous mode [ 2401.099455][T17414] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17414,uid=0 [ 2401.115504][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2401.124890][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2401.133438][T13429] bridge0: port 1(bridge_slave_0) entered blocking state [ 2401.140531][T13429] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2401.148740][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2401.157877][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2401.166399][T13429] bridge0: port 2(bridge_slave_1) entered blocking state [ 2401.173507][T13429] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2401.180895][T17414] Memory cgroup out of memory: Killed process 17414 (syz-executor.5) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2401.199974][ T1054] oom_reaper: reaped process 17414 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2401.211724][T17467] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2401.223102][T17467] CPU: 1 PID: 17467 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2401.231001][T17467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2401.231008][T17467] Call Trace: [ 2401.231029][T17467] dump_stack+0x172/0x1f0 [ 2401.231056][T17467] dump_header+0x10b/0x82d [ 2401.231075][T17467] oom_kill_process.cold+0x10/0x15 [ 2401.231098][T17467] out_of_memory+0x334/0x1340 [ 2401.264607][T17467] ? retint_kernel+0x2b/0x2b [ 2401.269193][T17467] ? oom_killer_disable+0x280/0x280 [ 2401.269218][T17467] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2401.269232][T17467] ? memcg_stat_show+0xc40/0xc40 [ 2401.269251][T17467] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2401.269268][T17467] ? cgroup_file_notify+0x140/0x1b0 [ 2401.269286][T17467] memory_max_write+0x262/0x3a0 [ 2401.269304][T17467] ? mem_cgroup_write+0x370/0x370 [ 2401.269322][T17467] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2401.269348][T17467] cgroup_file_write+0x241/0x790 [ 2401.290757][T17467] ? mem_cgroup_write+0x370/0x370 [ 2401.300755][T17467] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2401.300778][T17467] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2401.300794][T17467] kernfs_fop_write+0x2b8/0x480 [ 2401.300810][T17467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2401.300831][T17467] __vfs_write+0x8a/0x110 [ 2401.300845][T17467] ? kernfs_fop_open+0xd80/0xd80 [ 2401.300861][T17467] vfs_write+0x268/0x5d0 [ 2401.300879][T17467] ksys_write+0x14f/0x290 [ 2401.300895][T17467] ? __ia32_sys_read+0xb0/0xb0 [ 2401.300918][T17467] __x64_sys_write+0x73/0xb0 [ 2401.321291][T17467] ? do_syscall_64+0x5b/0x760 [ 2401.321308][T17467] do_syscall_64+0xfa/0x760 [ 2401.332523][T17467] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2401.332535][T17467] RIP: 0033:0x459a59 [ 2401.332550][T17467] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2401.332557][T17467] RSP: 002b:00007f462b2a5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2401.332568][T17467] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2401.332575][T17467] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2401.332583][T17467] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2401.332592][T17467] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f462b2a66d4 [ 2401.332600][T17467] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2401.358990][T17467] memory: usage 4420kB, limit 0kB, failcnt 1541 [ 2401.506903][T17467] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2401.546162][T17467] Memory cgroup stats for /syz3: [ 2401.546276][T17467] anon 2097152 [ 2401.546276][T17467] file 0 [ 2401.546276][T17467] kernel_stack 65536 [ 2401.546276][T17467] slab 1904640 [ 2401.546276][T17467] sock 0 [ 2401.546276][T17467] shmem 0 [ 2401.546276][T17467] file_mapped 0 [ 2401.546276][T17467] file_dirty 0 [ 2401.546276][T17467] file_writeback 0 [ 2401.546276][T17467] anon_thp 2097152 [ 2401.546276][T17467] inactive_anon 0 [ 2401.546276][T17467] active_anon 2097152 [ 2401.546276][T17467] inactive_file 28672 [ 2401.546276][T17467] active_file 0 [ 2401.546276][T17467] unevictable 0 [ 2401.546276][T17467] slab_reclaimable 1216512 [ 2401.546276][T17467] slab_unreclaimable 688128 [ 2401.546276][T17467] pgfault 13827 [ 2401.546276][T17467] pgmajfault 0 [ 2401.546276][T17467] workingset_refault 0 [ 2401.546276][T17467] workingset_activate 0 [ 2401.546276][T17467] workingset_nodereclaim 0 [ 2401.546276][T17467] pgrefill 496 [ 2401.546276][T17467] pgscan 4606 [ 2401.546276][T17467] pgsteal 4107 [ 2401.546276][T17467] pgactivate 495 [ 2401.551868][T17467] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17466,uid=0 [ 2401.665444][T17467] Memory cgroup out of memory: Killed process 17467 (syz-executor.3) total-vm:72844kB, anon-rss:2196kB, file-rss:35896kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 04:55:56 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x0, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:55:56 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 04:55:56 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2401.685060][ T1054] oom_reaper: reaped process 17467 (syz-executor.3), now anon-rss:0kB, file-rss:34936kB, shmem-rss:0kB [ 2401.708997][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2401.723657][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2401.740673][T17416] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2401.747652][T13429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2401.769429][T17416] CPU: 1 PID: 17416 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2401.777359][T17416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2401.787416][T17416] Call Trace: [ 2401.790775][T17416] dump_stack+0x172/0x1f0 [ 2401.795119][T17416] dump_header+0x10b/0x82d [ 2401.795131][T17416] ? oom_kill_process+0x94/0x3f0 [ 2401.795151][T17416] oom_kill_process.cold+0x10/0x15 [ 2401.809592][T17416] out_of_memory+0x334/0x1340 [ 2401.814285][T17416] ? lock_downgrade+0x920/0x920 [ 2401.819140][T17416] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2401.824942][T17416] ? oom_killer_disable+0x280/0x280 [ 2401.830139][T17416] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2401.830153][T17416] ? memcg_stat_show+0xc40/0xc40 [ 2401.830171][T17416] ? do_raw_spin_unlock+0x57/0x270 [ 2401.830188][T17416] ? _raw_spin_unlock+0x2d/0x50 [ 2401.830206][T17416] try_charge+0xf4b/0x1440 [ 2401.830227][T17416] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2401.830243][T17416] ? percpu_ref_tryget_live+0x111/0x290 [ 2401.861154][T17416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2401.872902][T17416] ? __kasan_check_read+0x11/0x20 [ 2401.877935][T17416] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2401.883482][T17416] mem_cgroup_try_charge+0x136/0x590 [ 2401.883502][T17416] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2401.894393][T17416] wp_page_copy+0x407/0x1860 [ 2401.898988][T17416] ? find_held_lock+0x35/0x130 [ 2401.903750][T17416] ? do_wp_page+0x53b/0x15c0 [ 2401.908338][T17416] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2401.914141][T17416] ? lock_downgrade+0x920/0x920 [ 2401.918996][T17416] ? swp_swapcount+0x540/0x540 [ 2401.919011][T17416] ? __kasan_check_read+0x11/0x20 [ 2401.919022][T17416] ? do_raw_spin_unlock+0x57/0x270 [ 2401.919039][T17416] do_wp_page+0x543/0x15c0 [ 2401.919057][T17416] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2401.919078][T17416] __handle_mm_fault+0x23ec/0x4040 [ 2401.919099][T17416] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2401.919114][T17416] ? handle_mm_fault+0x292/0xaa0 [ 2401.919141][T17416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2401.919156][T17416] ? __kasan_check_read+0x11/0x20 [ 2401.919179][T17416] handle_mm_fault+0x3b7/0xaa0 [ 2401.954419][T17416] __do_page_fault+0x536/0xdd0 [ 2401.980183][T17416] do_page_fault+0x38/0x590 [ 2401.984694][T17416] page_fault+0x39/0x40 [ 2401.988848][T17416] RIP: 0033:0x430b36 [ 2401.992734][T17416] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2402.012330][T17416] RSP: 002b:00007ffdc3754300 EFLAGS: 00010206 [ 2402.012341][T17416] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2402.012348][T17416] RDX: 00000000028c3930 RSI: 00000000028cb970 RDI: 0000000000000003 [ 2402.012355][T17416] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000028c2940 [ 2402.012361][T17416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2402.012368][T17416] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2402.052390][T17416] memory: usage 2008kB, limit 0kB, failcnt 1549 [ 2402.052402][T17416] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2402.052407][T17416] Memory cgroup stats for /syz3: [ 2402.052511][T17416] anon 32768 [ 2402.052511][T17416] file 0 [ 2402.052511][T17416] kernel_stack 65536 [ 2402.052511][T17416] slab 1904640 [ 2402.052511][T17416] sock 0 [ 2402.052511][T17416] shmem 0 [ 2402.052511][T17416] file_mapped 0 [ 2402.052511][T17416] file_dirty 0 [ 2402.052511][T17416] file_writeback 0 [ 2402.052511][T17416] anon_thp 0 [ 2402.052511][T17416] inactive_anon 0 [ 2402.052511][T17416] active_anon 32768 [ 2402.052511][T17416] inactive_file 28672 [ 2402.052511][T17416] active_file 0 [ 2402.052511][T17416] unevictable 0 [ 2402.052511][T17416] slab_reclaimable 1216512 [ 2402.052511][T17416] slab_unreclaimable 688128 [ 2402.052511][T17416] pgfault 13827 [ 2402.052511][T17416] pgmajfault 0 [ 2402.052511][T17416] workingset_refault 0 [ 2402.052511][T17416] workingset_activate 0 [ 2402.052511][T17416] workingset_nodereclaim 0 [ 2402.052511][T17416] pgrefill 496 [ 2402.052511][T17416] pgscan 4606 [ 2402.052511][T17416] pgsteal 4107 [ 2402.052511][T17416] pgactivate 495 [ 2402.052530][T17416] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17416,uid=0 [ 2402.052638][T17416] Memory cgroup out of memory: Killed process 17416 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2402.053399][ T1054] oom_reaper: reaped process 17416 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 04:55:57 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2402.926136][T17448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2402.943442][T17448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2402.953047][T17450] bridge0: port 1(bridge_slave_0) entered blocking state [ 2402.968939][T17450] bridge0: port 1(bridge_slave_0) entered disabled state [ 2402.977886][T17450] device bridge_slave_0 entered promiscuous mode [ 2403.012838][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2403.040122][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2403.118452][T17450] bridge0: port 2(bridge_slave_1) entered blocking state [ 2403.139147][T17450] bridge0: port 2(bridge_slave_1) entered disabled state [ 2403.157246][T17450] device bridge_slave_1 entered promiscuous mode [ 2403.180502][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2403.194433][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2403.220470][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2403.247755][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2403.257682][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2403.352068][T17448] team0: Port device team_slave_0 added [ 2403.361368][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2403.371150][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2403.387352][T17471] IPVS: ftp: loaded support on port[0] = 21 [ 2403.405702][T17448] team0: Port device team_slave_1 added [ 2403.427005][T17437] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2403.440458][T17450] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2403.454078][T17450] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2403.554196][ T2807] device bridge_slave_1 left promiscuous mode [ 2403.562944][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2403.640081][ T2807] device bridge_slave_0 left promiscuous mode [ 2403.646331][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2403.701582][ T2807] device bridge_slave_1 left promiscuous mode [ 2403.707797][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2403.811466][ T2807] device bridge_slave_0 left promiscuous mode [ 2403.817737][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2403.881625][ T2807] device bridge_slave_1 left promiscuous mode [ 2403.887848][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2403.960396][ T2807] device bridge_slave_0 left promiscuous mode [ 2403.966633][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2404.042123][ T2807] device bridge_slave_1 left promiscuous mode [ 2404.048389][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2404.100416][ T2807] device bridge_slave_0 left promiscuous mode [ 2404.106682][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2404.181995][ T2807] device bridge_slave_1 left promiscuous mode [ 2404.188274][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2404.240425][ T2807] device bridge_slave_0 left promiscuous mode [ 2404.246724][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2404.321971][ T2807] device bridge_slave_1 left promiscuous mode [ 2404.328543][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2404.400519][ T2807] device bridge_slave_0 left promiscuous mode [ 2404.406792][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2404.501905][ T2807] device bridge_slave_1 left promiscuous mode [ 2404.508158][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2404.570377][ T2807] device bridge_slave_0 left promiscuous mode [ 2404.576654][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2422.309488][ T2807] device hsr_slave_0 left promiscuous mode [ 2422.348985][ T2807] device hsr_slave_1 left promiscuous mode [ 2422.473179][ T2807] team0 (unregistering): Port device team_slave_1 removed [ 2422.492027][ T2807] team0 (unregistering): Port device team_slave_0 removed [ 2422.514510][ T2807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2422.641033][ T2807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2422.791858][ T2807] bond0 (unregistering): Released all slaves [ 2422.979879][ T2807] device hsr_slave_0 left promiscuous mode [ 2423.049078][ T2807] device hsr_slave_1 left promiscuous mode [ 2423.150236][ T2807] team0 (unregistering): Port device team_slave_1 removed [ 2423.167631][ T2807] team0 (unregistering): Port device team_slave_0 removed [ 2423.192438][ T2807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2423.294773][ T2807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2423.435244][ T2807] bond0 (unregistering): Released all slaves [ 2423.609747][ T2807] device hsr_slave_0 left promiscuous mode [ 2423.689040][ T2807] device hsr_slave_1 left promiscuous mode [ 2423.811089][ T2807] team0 (unregistering): Port device team_slave_1 removed [ 2423.834986][ T2807] team0 (unregistering): Port device team_slave_0 removed [ 2423.853818][ T2807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2423.942761][ T2807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2424.100854][ T2807] bond0 (unregistering): Released all slaves [ 2424.389832][ T2807] device hsr_slave_0 left promiscuous mode [ 2424.451244][ T2807] device hsr_slave_1 left promiscuous mode [ 2424.562150][ T2807] team0 (unregistering): Port device team_slave_1 removed [ 2424.583699][ T2807] team0 (unregistering): Port device team_slave_0 removed [ 2424.602689][ T2807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2424.695730][ T2807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2424.876002][ T2807] bond0 (unregistering): Released all slaves [ 2425.239961][ T2807] device hsr_slave_0 left promiscuous mode [ 2425.279356][ T2807] device hsr_slave_1 left promiscuous mode [ 2425.384773][ T2807] team0 (unregistering): Port device team_slave_1 removed [ 2425.404923][ T2807] team0 (unregistering): Port device team_slave_0 removed [ 2425.426580][ T2807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2425.512391][ T2807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2425.689742][ T2807] bond0 (unregistering): Released all slaves [ 2425.970268][ T2807] device hsr_slave_0 left promiscuous mode [ 2426.069166][ T2807] device hsr_slave_1 left promiscuous mode [ 2426.146732][ T2807] team0 (unregistering): Port device team_slave_1 removed [ 2426.167123][ T2807] team0 (unregistering): Port device team_slave_0 removed [ 2426.186065][ T2807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2426.231495][ T2807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2426.430816][ T2807] bond0 (unregistering): Released all slaves [ 2426.679354][ T2807] device hsr_slave_0 left promiscuous mode [ 2426.749257][ T2807] device hsr_slave_1 left promiscuous mode [ 2426.841087][ T2807] team0 (unregistering): Port device team_slave_1 removed [ 2426.863562][ T2807] team0 (unregistering): Port device team_slave_0 removed [ 2426.884547][ T2807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2426.952587][ T2807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2427.126325][ T2807] bond0 (unregistering): Released all slaves [ 2427.234593][T17450] team0: Port device team_slave_0 added [ 2427.261459][T17450] team0: Port device team_slave_1 added [ 2427.332707][T17448] device hsr_slave_0 entered promiscuous mode [ 2427.410164][T17448] device hsr_slave_1 entered promiscuous mode [ 2427.506081][T17437] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2427.552602][T17450] device hsr_slave_0 entered promiscuous mode [ 2427.653507][T17450] device hsr_slave_1 entered promiscuous mode [ 2427.719024][T17450] debugfs: Directory 'hsr0' with parent '/' already present! [ 2427.926396][T17480] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2427.994056][T17471] chnl_net:caif_netlink_parms(): no params data found [ 2428.091104][T17477] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2428.107248][T17477] CPU: 1 PID: 17477 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2428.107549][T17448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2428.115185][T17477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2428.115193][T17477] Call Trace: [ 2428.115213][T17477] dump_stack+0x172/0x1f0 [ 2428.115236][T17477] dump_header+0x10b/0x82d [ 2428.115256][T17477] oom_kill_process.cold+0x10/0x15 [ 2428.115274][T17477] out_of_memory+0x334/0x1340 [ 2428.115295][T17477] ? __sched_text_start+0x8/0x8 [ 2428.115319][T17477] ? oom_killer_disable+0x280/0x280 [ 2428.115346][T17477] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2428.115362][T17477] ? memcg_stat_show+0xc40/0xc40 [ 2428.115383][T17477] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2428.115400][T17477] ? cgroup_file_notify+0x140/0x1b0 [ 2428.115417][T17477] memory_max_write+0x262/0x3a0 [ 2428.115436][T17477] ? mem_cgroup_write+0x370/0x370 [ 2428.173474][T17448] 8021q: adding VLAN 0 to HW filter on device team0 [ 2428.175094][T17477] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2428.208895][T17477] cgroup_file_write+0x241/0x790 [ 2428.213859][T17477] ? mem_cgroup_write+0x370/0x370 [ 2428.218903][T17477] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2428.224545][T17477] ? kernfs_ops+0x9f/0x120 [ 2428.228961][T17477] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2428.234599][T17477] kernfs_fop_write+0x2b8/0x480 [ 2428.239459][T17477] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2428.245736][T17477] __vfs_write+0x8a/0x110 [ 2428.250092][T17477] ? kernfs_fop_open+0xd80/0xd80 [ 2428.255034][T17477] vfs_write+0x268/0x5d0 [ 2428.259317][T17477] ksys_write+0x14f/0x290 [ 2428.262742][T17448] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2428.263650][T17477] ? __ia32_sys_read+0xb0/0xb0 [ 2428.279070][T17477] ? __x64_sys_write+0x11/0xb0 [ 2428.283837][T17477] __x64_sys_write+0x73/0xb0 [ 2428.288426][T17477] do_syscall_64+0xfa/0x760 [ 2428.290348][T17448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2428.292943][T17477] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2428.305907][T17477] RIP: 0033:0x459a59 [ 2428.309809][T17477] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2428.327620][T17448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2428.329432][T17477] RSP: 002b:00007f1aaccd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2428.329446][T17477] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2428.329453][T17477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2428.329461][T17477] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2428.329468][T17477] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1aaccda6d4 [ 2428.329482][T17477] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2428.390800][T17477] memory: usage 3200kB, limit 0kB, failcnt 828 [ 2428.399490][T17477] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2428.406484][T17477] Memory cgroup stats for /syz2: [ 2428.407407][T17477] anon 2183168 [ 2428.407407][T17477] file 12288 [ 2428.407407][T17477] kernel_stack 65536 [ 2428.407407][T17477] slab 651264 [ 2428.407407][T17477] sock 0 [ 2428.407407][T17477] shmem 0 [ 2428.407407][T17477] file_mapped 0 [ 2428.407407][T17477] file_dirty 0 [ 2428.407407][T17477] file_writeback 0 [ 2428.407407][T17477] anon_thp 2097152 [ 2428.407407][T17477] inactive_anon 0 [ 2428.407407][T17477] active_anon 2183168 [ 2428.407407][T17477] inactive_file 0 [ 2428.407407][T17477] active_file 0 [ 2428.407407][T17477] unevictable 0 [ 2428.407407][T17477] slab_reclaimable 135168 [ 2428.407407][T17477] slab_unreclaimable 516096 [ 2428.407407][T17477] pgfault 15213 [ 2428.407407][T17477] pgmajfault 0 [ 2428.407407][T17477] workingset_refault 0 [ 2428.407407][T17477] workingset_activate 0 [ 2428.407407][T17477] workingset_nodereclaim 0 [ 2428.407407][T17477] pgrefill 33 [ 2428.407407][T17477] pgscan 33 [ 2428.407407][T17477] pgsteal 0 [ 2428.407407][T17477] pgactivate 0 [ 2428.505763][T17477] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17476,uid=0 [ 2428.533142][T17477] Memory cgroup out of memory: Killed process 17476 (syz-executor.2) total-vm:72712kB, anon-rss:2188kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2428.567148][ T1054] oom_reaper: reaped process 17476 (syz-executor.2), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2428.590774][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2428.630046][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2428.638274][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2428.700198][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2428.719680][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2428.728205][T11361] bridge0: port 1(bridge_slave_0) entered blocking state [ 2428.735324][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2428.744885][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2428.754356][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2428.779612][T11361] bridge0: port 2(bridge_slave_1) entered blocking state [ 2428.786736][T11361] bridge0: port 2(bridge_slave_1) entered forwarding state 04:56:23 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x0, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:56:23 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:56:23 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2428.795458][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2428.805150][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2428.808166][T17437] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2428.838100][T17437] CPU: 1 PID: 17437 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2428.846025][T17437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2428.846853][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2428.856076][T17437] Call Trace: [ 2428.856096][T17437] dump_stack+0x172/0x1f0 [ 2428.856115][T17437] dump_header+0x10b/0x82d [ 2428.856126][T17437] ? oom_kill_process+0x94/0x3f0 [ 2428.856142][T17437] oom_kill_process.cold+0x10/0x15 [ 2428.856156][T17437] out_of_memory+0x334/0x1340 [ 2428.856174][T17437] ? lock_downgrade+0x920/0x920 [ 2428.868367][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2428.871745][T17437] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2428.871765][T17437] ? oom_killer_disable+0x280/0x280 [ 2428.871792][T17437] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2428.878156][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2428.881635][T17437] ? memcg_stat_show+0xc40/0xc40 [ 2428.881655][T17437] ? do_raw_spin_unlock+0x57/0x270 [ 2428.881671][T17437] ? _raw_spin_unlock+0x2d/0x50 [ 2428.881689][T17437] try_charge+0xf4b/0x1440 [ 2428.889895][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2428.891532][T17437] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2428.891549][T17437] ? percpu_ref_tryget_live+0x111/0x290 [ 2428.897376][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2428.904305][T17437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2428.904321][T17437] ? __kasan_check_read+0x11/0x20 [ 2428.904340][T17437] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2428.904357][T17437] mem_cgroup_try_charge+0x136/0x590 [ 2428.904378][T17437] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2428.912291][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2428.915382][T17437] wp_page_copy+0x407/0x1860 [ 2428.915401][T17437] ? find_held_lock+0x35/0x130 [ 2428.923224][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2428.928809][T17437] ? do_wp_page+0x53b/0x15c0 [ 2428.928827][T17437] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2428.928844][T17437] ? lock_downgrade+0x920/0x920 [ 2428.928865][T17437] ? swp_swapcount+0x540/0x540 [ 2428.935339][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2428.938883][T17437] ? __kasan_check_read+0x11/0x20 [ 2428.938896][T17437] ? do_raw_spin_unlock+0x57/0x270 [ 2428.938914][T17437] do_wp_page+0x543/0x15c0 [ 2428.938937][T17437] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2429.073817][T17437] __handle_mm_fault+0x23ec/0x4040 [ 2429.078945][T17437] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2429.084536][T17437] ? handle_mm_fault+0x292/0xaa0 [ 2429.089493][T17437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2429.095742][T17437] ? __kasan_check_read+0x11/0x20 [ 2429.100781][T17437] handle_mm_fault+0x3b7/0xaa0 [ 2429.105558][T17437] __do_page_fault+0x536/0xdd0 [ 2429.110339][T17437] do_page_fault+0x38/0x590 [ 2429.114852][T17437] page_fault+0x39/0x40 [ 2429.119018][T17437] RIP: 0033:0x430b36 [ 2429.122922][T17437] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2429.142533][T17437] RSP: 002b:00007fffe0861660 EFLAGS: 00010206 [ 2429.148609][T17437] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2429.156584][T17437] RDX: 0000000001693930 RSI: 000000000169b970 RDI: 0000000000000003 [ 2429.164567][T17437] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001692940 [ 2429.172551][T17437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2429.180625][T17437] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2429.259219][T17471] bridge0: port 1(bridge_slave_0) entered blocking state [ 2429.296787][T17471] bridge0: port 1(bridge_slave_0) entered disabled state [ 2429.317370][T17471] device bridge_slave_0 entered promiscuous mode [ 2429.354942][T17450] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2429.368976][T17437] memory: usage 824kB, limit 0kB, failcnt 840 [ 2429.375086][T17437] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2429.383521][T17471] bridge0: port 2(bridge_slave_1) entered blocking state [ 2429.402566][T17471] bridge0: port 2(bridge_slave_1) entered disabled state [ 2429.418836][T17437] Memory cgroup stats for /syz2: [ 2429.418948][T17437] anon 0 [ 2429.418948][T17437] file 12288 [ 2429.418948][T17437] kernel_stack 0 [ 2429.418948][T17437] slab 651264 [ 2429.418948][T17437] sock 0 [ 2429.418948][T17437] shmem 0 [ 2429.418948][T17437] file_mapped 0 [ 2429.418948][T17437] file_dirty 0 [ 2429.418948][T17437] file_writeback 0 [ 2429.418948][T17437] anon_thp 0 [ 2429.418948][T17437] inactive_anon 0 [ 2429.418948][T17437] active_anon 0 [ 2429.418948][T17437] inactive_file 0 [ 2429.418948][T17437] active_file 0 [ 2429.418948][T17437] unevictable 0 [ 2429.418948][T17437] slab_reclaimable 135168 [ 2429.418948][T17437] slab_unreclaimable 516096 [ 2429.418948][T17437] pgfault 15246 [ 2429.418948][T17437] pgmajfault 0 [ 2429.418948][T17437] workingset_refault 0 [ 2429.418948][T17437] workingset_activate 0 [ 2429.418948][T17437] workingset_nodereclaim 0 [ 2429.418948][T17437] pgrefill 33 [ 2429.418948][T17437] pgscan 33 [ 2429.418948][T17437] pgsteal 0 [ 2429.418948][T17437] pgactivate 33 [ 2429.418948][T17437] pgdeactivate 33 [ 2429.539834][T17486] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2429.609128][T17471] device bridge_slave_1 entered promiscuous mode [ 2429.628544][T17437] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17437,uid=0 [ 2429.644961][T17437] Memory cgroup out of memory: Killed process 17437 (syz-executor.2) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2429.667385][T17488] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2429.667867][ T1054] oom_reaper: reaped process 17437 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2429.678123][T17488] CPU: 0 PID: 17488 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2429.696859][T17488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2429.706924][T17488] Call Trace: [ 2429.706946][T17488] dump_stack+0x172/0x1f0 [ 2429.706971][T17488] dump_header+0x10b/0x82d [ 2429.714585][T17488] oom_kill_process.cold+0x10/0x15 [ 2429.714602][T17488] out_of_memory+0x334/0x1340 [ 2429.714623][T17488] ? cgroup_file_notify+0x140/0x1b0 [ 2429.728877][T17488] ? oom_killer_disable+0x280/0x280 [ 2429.728902][T17488] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2429.728917][T17488] ? memcg_stat_show+0xc40/0xc40 [ 2429.728938][T17488] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2429.728957][T17488] ? cgroup_file_notify+0x140/0x1b0 [ 2429.728974][T17488] memory_max_write+0x262/0x3a0 [ 2429.728994][T17488] ? mem_cgroup_write+0x370/0x370 [ 2429.729011][T17488] ? lock_acquire+0x190/0x410 [ 2429.729026][T17488] ? kernfs_fop_write+0x227/0x480 [ 2429.729048][T17488] cgroup_file_write+0x241/0x790 [ 2429.729064][T17488] ? mem_cgroup_write+0x370/0x370 [ 2429.729080][T17488] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2429.729104][T17488] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2429.729120][T17488] kernfs_fop_write+0x2b8/0x480 [ 2429.729136][T17488] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2429.729157][T17488] __vfs_write+0x8a/0x110 [ 2429.729174][T17488] ? kernfs_fop_open+0xd80/0xd80 [ 2429.729188][T17488] vfs_write+0x268/0x5d0 [ 2429.729203][T17488] ksys_write+0x14f/0x290 [ 2429.729220][T17488] ? __ia32_sys_read+0xb0/0xb0 [ 2429.739618][T17488] ? do_syscall_64+0x26/0x760 [ 2429.750052][T17488] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2429.750066][T17488] ? do_syscall_64+0x26/0x760 [ 2429.750089][T17488] __x64_sys_write+0x73/0xb0 [ 2429.750104][T17488] do_syscall_64+0xfa/0x760 [ 2429.750123][T17488] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2429.750134][T17488] RIP: 0033:0x459a59 [ 2429.750149][T17488] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2429.750161][T17488] RSP: 002b:00007f6ab71e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2429.771066][T17488] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2429.771075][T17488] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2429.771084][T17488] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2429.771096][T17488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ab71e96d4 [ 2429.780797][T17488] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2429.939007][T17488] memory: usage 3116kB, limit 0kB, failcnt 1021 [ 2429.949514][T17488] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2429.974242][T17471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2429.984084][T17488] Memory cgroup stats for /syz4: [ 2429.984196][T17488] anon 2179072 [ 2429.984196][T17488] file 163840 [ 2429.984196][T17488] kernel_stack 65536 [ 2429.984196][T17488] slab 692224 [ 2429.984196][T17488] sock 0 [ 2429.984196][T17488] shmem 0 [ 2429.984196][T17488] file_mapped 0 [ 2429.984196][T17488] file_dirty 135168 [ 2429.984196][T17488] file_writeback 0 [ 2429.984196][T17488] anon_thp 2097152 [ 2429.984196][T17488] inactive_anon 0 [ 2429.984196][T17488] active_anon 2179072 [ 2429.984196][T17488] inactive_file 135168 [ 2429.984196][T17488] active_file 0 [ 2429.984196][T17488] unevictable 0 [ 2429.984196][T17488] slab_reclaimable 270336 [ 2429.984196][T17488] slab_unreclaimable 421888 [ 2429.984196][T17488] pgfault 9405 [ 2429.984196][T17488] pgmajfault 0 [ 2429.984196][T17488] workingset_refault 0 [ 2429.984196][T17488] workingset_activate 0 [ 2429.984196][T17488] workingset_nodereclaim 0 [ 2429.984196][T17488] pgrefill 264 [ 2429.984196][T17488] pgscan 292 [ 2429.984196][T17488] pgsteal 59 [ 2429.984196][T17488] pgactivate 231 [ 2429.999689][T17488] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17485,uid=0 [ 2430.100186][T17488] Memory cgroup out of memory: Killed process 17485 (syz-executor.4) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 04:56:25 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x0, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2430.205061][T17448] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2430.239248][T17448] CPU: 1 PID: 17448 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 2430.247170][T17448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2430.257224][T17448] Call Trace: [ 2430.260515][T17448] dump_stack+0x172/0x1f0 [ 2430.264849][T17448] dump_header+0x10b/0x82d [ 2430.269263][T17448] ? oom_kill_process+0x94/0x3f0 [ 2430.274198][T17448] oom_kill_process.cold+0x10/0x15 [ 2430.279325][T17448] out_of_memory+0x334/0x1340 [ 2430.284007][T17448] ? lock_downgrade+0x920/0x920 [ 2430.288865][T17448] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2430.294669][T17448] ? oom_killer_disable+0x280/0x280 [ 2430.299877][T17448] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2430.305423][T17448] ? memcg_stat_show+0xc40/0xc40 [ 2430.310365][T17448] ? do_raw_spin_unlock+0x57/0x270 [ 2430.315746][T17448] ? _raw_spin_unlock+0x2d/0x50 [ 2430.320691][T17448] try_charge+0xf4b/0x1440 [ 2430.325126][T17448] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2430.330666][T17448] ? percpu_ref_tryget_live+0x111/0x290 [ 2430.336214][T17448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2430.342453][T17448] ? __kasan_check_read+0x11/0x20 [ 2430.347498][T17448] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2430.353048][T17448] mem_cgroup_try_charge+0x136/0x590 [ 2430.358343][T17448] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2430.363976][T17448] wp_page_copy+0x407/0x1860 [ 2430.368568][T17448] ? find_held_lock+0x35/0x130 [ 2430.373336][T17448] ? do_wp_page+0x53b/0x15c0 [ 2430.377950][T17448] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2430.383774][T17448] ? lock_downgrade+0x920/0x920 [ 2430.388645][T17448] ? swp_swapcount+0x540/0x540 [ 2430.393411][T17448] ? __kasan_check_read+0x11/0x20 [ 2430.398441][T17448] ? do_raw_spin_unlock+0x57/0x270 [ 2430.403598][T17448] do_wp_page+0x543/0x15c0 [ 2430.408026][T17448] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2430.413444][T17448] __handle_mm_fault+0x23ec/0x4040 [ 2430.418570][T17448] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2430.424135][T17448] ? handle_mm_fault+0x292/0xaa0 [ 2430.429103][T17448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2430.435349][T17448] ? __kasan_check_read+0x11/0x20 [ 2430.440385][T17448] handle_mm_fault+0x3b7/0xaa0 [ 2430.445426][T17448] __do_page_fault+0x536/0xdd0 [ 2430.450212][T17448] do_page_fault+0x38/0x590 [ 2430.454718][T17448] page_fault+0x39/0x40 [ 2430.458871][T17448] RIP: 0033:0x430b36 [ 2430.463203][T17448] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2430.482818][T17448] RSP: 002b:00007ffe20bbd670 EFLAGS: 00010206 [ 2430.488887][T17448] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2430.496945][T17448] RDX: 0000000001eff930 RSI: 0000000001f07970 RDI: 0000000000000003 [ 2430.504922][T17448] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001efe940 [ 2430.512895][T17448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2430.520866][T17448] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2430.540377][T17448] memory: usage 736kB, limit 0kB, failcnt 1029 [ 2430.546141][T17450] 8021q: adding VLAN 0 to HW filter on device team0 [ 2430.546835][T17448] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2430.565404][T17448] Memory cgroup stats for /syz4: [ 2430.565492][T17448] anon 0 [ 2430.565492][T17448] file 163840 [ 2430.565492][T17448] kernel_stack 0 [ 2430.565492][T17448] slab 692224 [ 2430.565492][T17448] sock 0 [ 2430.565492][T17448] shmem 0 [ 2430.565492][T17448] file_mapped 0 [ 2430.565492][T17448] file_dirty 135168 [ 2430.565492][T17448] file_writeback 0 [ 2430.565492][T17448] anon_thp 0 [ 2430.565492][T17448] inactive_anon 0 [ 2430.565492][T17448] active_anon 0 [ 2430.565492][T17448] inactive_file 135168 [ 2430.565492][T17448] active_file 0 [ 2430.565492][T17448] unevictable 0 [ 2430.565492][T17448] slab_reclaimable 270336 [ 2430.565492][T17448] slab_unreclaimable 421888 [ 2430.565492][T17448] pgfault 9405 [ 2430.565492][T17448] pgmajfault 0 [ 2430.565492][T17448] workingset_refault 0 [ 2430.565492][T17448] workingset_activate 0 [ 2430.565492][T17448] workingset_nodereclaim 0 [ 2430.565492][T17448] pgrefill 264 [ 2430.565492][T17448] pgscan 292 [ 2430.565492][T17448] pgsteal 59 [ 2430.565492][T17448] pgactivate 231 [ 2430.570776][T17448] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17448,uid=0 [ 2430.665128][T17471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2430.686669][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2430.689978][T17448] Memory cgroup out of memory: Killed process 17448 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2430.699876][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2430.714238][ T1054] oom_reaper: reaped process 17448 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2430.750003][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2430.769509][T10564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2430.778675][T10564] bridge0: port 1(bridge_slave_0) entered blocking state [ 2430.785943][T10564] bridge0: port 1(bridge_slave_0) entered forwarding state 04:56:25 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x0, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2430.828015][T17490] IPVS: ftp: loaded support on port[0] = 21 04:56:26 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x0, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2431.265049][T17492] IPVS: ftp: loaded support on port[0] = 21 [ 2431.272614][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2431.281415][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2431.290863][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2431.299602][T15053] bridge0: port 2(bridge_slave_1) entered blocking state [ 2431.306657][T15053] bridge0: port 2(bridge_slave_1) entered forwarding state 04:56:26 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x0, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) [ 2431.344074][T17471] team0: Port device team_slave_0 added [ 2431.357590][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2431.370492][T15292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2431.424705][T17471] team0: Port device team_slave_1 added [ 2431.505395][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2431.517027][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2431.680151][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2431.689550][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2431.704016][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2431.714095][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2431.723487][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2431.783179][T17471] device hsr_slave_0 entered promiscuous mode [ 2431.880222][T17471] device hsr_slave_1 entered promiscuous mode [ 2431.959065][T17471] debugfs: Directory 'hsr0' with parent '/' already present! [ 2432.141890][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2432.151318][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2432.165002][T17450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2432.324942][T17450] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2432.421189][T17494] IPVS: ftp: loaded support on port[0] = 21 [ 2432.563100][T17490] chnl_net:caif_netlink_parms(): no params data found [ 2432.718430][T17471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2432.727855][T17504] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2432.751070][T17492] chnl_net:caif_netlink_parms(): no params data found [ 2432.774772][T17490] bridge0: port 1(bridge_slave_0) entered blocking state [ 2432.782257][T17490] bridge0: port 1(bridge_slave_0) entered disabled state [ 2432.800804][T17490] device bridge_slave_0 entered promiscuous mode [ 2432.859397][T17490] bridge0: port 2(bridge_slave_1) entered blocking state [ 2432.873764][T17490] bridge0: port 2(bridge_slave_1) entered disabled state [ 2432.893276][T17490] device bridge_slave_1 entered promiscuous mode [ 2432.912005][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2432.920551][T17503] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2432.934085][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2432.963075][T17503] CPU: 1 PID: 17503 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2432.971017][T17503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2432.971024][T17503] Call Trace: [ 2432.971045][T17503] dump_stack+0x172/0x1f0 [ 2432.971066][T17503] dump_header+0x10b/0x82d [ 2432.971085][T17503] oom_kill_process.cold+0x10/0x15 [ 2432.971103][T17503] out_of_memory+0x334/0x1340 [ 2432.971118][T17503] ? trace_hardirqs_on_caller+0x6a/0x240 [ 2432.971133][T17503] ? cgroup_file_notify+0x140/0x1b0 [ 2432.971152][T17503] ? oom_killer_disable+0x280/0x280 [ 2433.002944][T17503] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2433.002963][T17503] ? memcg_stat_show+0xc40/0xc40 [ 2433.024572][T17503] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2433.035288][T17503] ? cgroup_file_notify+0x140/0x1b0 [ 2433.040492][T17503] memory_max_write+0x262/0x3a0 [ 2433.040511][T17503] ? mem_cgroup_write+0x370/0x370 [ 2433.050359][T17503] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2433.050380][T17503] cgroup_file_write+0x241/0x790 [ 2433.050397][T17503] ? mem_cgroup_write+0x370/0x370 [ 2433.050412][T17503] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2433.050434][T17503] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2433.050450][T17503] kernfs_fop_write+0x2b8/0x480 [ 2433.050467][T17503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2433.050487][T17503] __vfs_write+0x8a/0x110 [ 2433.071461][T17503] ? kernfs_fop_open+0xd80/0xd80 [ 2433.071479][T17503] vfs_write+0x268/0x5d0 [ 2433.081916][T17503] ksys_write+0x14f/0x290 [ 2433.081930][T17503] ? __ia32_sys_read+0xb0/0xb0 [ 2433.081952][T17503] ? do_syscall_64+0x26/0x760 [ 2433.081967][T17503] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2433.081981][T17503] ? do_syscall_64+0x26/0x760 [ 2433.082000][T17503] __x64_sys_write+0x73/0xb0 [ 2433.082017][T17503] do_syscall_64+0xfa/0x760 [ 2433.082036][T17503] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2433.082047][T17503] RIP: 0033:0x459a59 [ 2433.082063][T17503] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2433.082071][T17503] RSP: 002b:00007fe8fa0aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2433.082088][T17503] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2433.097525][T17503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2433.097535][T17503] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2433.097543][T17503] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe8fa0af6d4 [ 2433.097556][T17503] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2433.214104][T17503] memory: usage 9840kB, limit 0kB, failcnt 133 [ 2433.220955][T17503] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2433.227861][T17503] Memory cgroup stats for /syz1: [ 2433.229775][T17503] anon 2072576 [ 2433.229775][T17503] file 4096 [ 2433.229775][T17503] kernel_stack 65536 [ 2433.229775][T17503] slab 7712768 [ 2433.229775][T17503] sock 0 [ 2433.229775][T17503] shmem 0 [ 2433.229775][T17503] file_mapped 0 [ 2433.229775][T17503] file_dirty 0 [ 2433.229775][T17503] file_writeback 0 [ 2433.229775][T17503] anon_thp 2097152 [ 2433.229775][T17503] inactive_anon 0 [ 2433.229775][T17503] active_anon 2072576 [ 2433.229775][T17503] inactive_file 135168 [ 2433.229775][T17503] active_file 0 [ 2433.229775][T17503] unevictable 0 [ 2433.229775][T17503] slab_reclaimable 7028736 [ 2433.229775][T17503] slab_unreclaimable 684032 [ 2433.229775][T17503] pgfault 38115 [ 2433.229775][T17503] pgmajfault 0 [ 2433.229775][T17503] workingset_refault 0 [ 2433.229775][T17503] workingset_activate 0 [ 2433.229775][T17503] workingset_nodereclaim 0 [ 2433.229775][T17503] pgrefill 135 [ 2433.229775][T17503] pgscan 133 [ 2433.229775][T17503] pgsteal 0 [ 2433.229775][T17503] pgactivate 99 [ 2433.352129][T17471] 8021q: adding VLAN 0 to HW filter on device team0 [ 2433.400547][T17492] bridge0: port 1(bridge_slave_0) entered blocking state [ 2433.407685][T17492] bridge0: port 1(bridge_slave_0) entered disabled state [ 2433.430785][T17492] device bridge_slave_0 entered promiscuous mode [ 2433.449113][T17503] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17502,uid=0 [ 2433.495883][T17490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2433.501101][T17503] Memory cgroup out of memory: Killed process 17502 (syz-executor.1) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2433.532287][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2433.550064][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2433.561287][ T1054] oom_reaper: reaped process 17502 (syz-executor.1), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2433.579120][T10226] bridge0: port 1(bridge_slave_0) entered blocking state [ 2433.586213][T10226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2433.609940][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2433.629718][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2433.649687][T10226] bridge0: port 2(bridge_slave_1) entered blocking state 04:56:28 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 2433.655049][T17450] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2433.656787][T10226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2433.675728][T17450] CPU: 1 PID: 17450 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 2433.683637][T17450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2433.693778][T17450] Call Trace: [ 2433.697071][T17450] dump_stack+0x172/0x1f0 [ 2433.699668][T17492] bridge0: port 2(bridge_slave_1) entered blocking state [ 2433.701400][T17450] dump_header+0x10b/0x82d [ 2433.708601][T17492] bridge0: port 2(bridge_slave_1) entered disabled state [ 2433.713058][T17450] ? oom_kill_process+0x94/0x3f0 [ 2433.713074][T17450] oom_kill_process.cold+0x10/0x15 [ 2433.713088][T17450] out_of_memory+0x334/0x1340 [ 2433.713103][T17450] ? lock_downgrade+0x920/0x920 [ 2433.713120][T17450] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2433.713135][T17450] ? oom_killer_disable+0x280/0x280 [ 2433.713158][T17450] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2433.713173][T17450] ? memcg_stat_show+0xc40/0xc40 [ 2433.713190][T17450] ? do_raw_spin_unlock+0x57/0x270 [ 2433.713205][T17450] ? _raw_spin_unlock+0x2d/0x50 [ 2433.713223][T17450] try_charge+0xf4b/0x1440 [ 2433.713246][T17450] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2433.713256][T17450] ? percpu_ref_tryget_live+0x111/0x290 [ 2433.713272][T17450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2433.713286][T17450] ? __kasan_check_read+0x11/0x20 [ 2433.713302][T17450] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2433.713318][T17450] mem_cgroup_try_charge+0x136/0x590 [ 2433.713338][T17450] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2433.713354][T17450] wp_page_copy+0x407/0x1860 [ 2433.713366][T17450] ? find_held_lock+0x35/0x130 [ 2433.713379][T17450] ? do_wp_page+0x53b/0x15c0 [ 2433.713401][T17450] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2433.741304][T17450] ? lock_downgrade+0x920/0x920 [ 2433.759289][T17492] device bridge_slave_1 entered promiscuous mode [ 2433.762752][T17450] ? swp_swapcount+0x540/0x540 [ 2433.783583][T17450] ? __kasan_check_read+0x11/0x20 [ 2433.800926][T17450] ? do_raw_spin_unlock+0x57/0x270 [ 2433.864284][T17450] do_wp_page+0x543/0x15c0 [ 2433.868704][T17450] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2433.874273][T17450] __handle_mm_fault+0x23ec/0x4040 [ 2433.879395][T17450] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2433.884619][T17471] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2433.884943][T17450] ? handle_mm_fault+0x292/0xaa0 [ 2433.900251][T17450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2433.906492][T17450] ? __kasan_check_read+0x11/0x20 [ 2433.911521][T17450] handle_mm_fault+0x3b7/0xaa0 [ 2433.916292][T17450] __do_page_fault+0x536/0xdd0 [ 2433.918911][T17471] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2433.921156][T17450] do_page_fault+0x38/0x590 [ 2433.935968][T17450] page_fault+0x39/0x40 [ 2433.940124][T17450] RIP: 0033:0x430b36 [ 2433.944026][T17450] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2433.963635][T17450] RSP: 002b:00007fff9242a420 EFLAGS: 00010206 [ 2433.969704][T17450] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2433.978643][T17450] RDX: 0000000001672930 RSI: 000000000167a970 RDI: 0000000000000003 [ 2433.986832][T17450] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001671940 [ 2433.994812][T17450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2434.002893][T17450] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2434.019337][T17471] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2434.020821][T17450] memory: usage 7404kB, limit 0kB, failcnt 141 [ 2434.033924][T17450] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2434.041157][T17450] Memory cgroup stats for /syz1: [ 2434.041257][T17450] anon 0 [ 2434.041257][T17450] file 4096 [ 2434.041257][T17450] kernel_stack 0 [ 2434.041257][T17450] slab 7577600 [ 2434.041257][T17450] sock 0 [ 2434.041257][T17450] shmem 0 [ 2434.041257][T17450] file_mapped 0 [ 2434.041257][T17450] file_dirty 0 [ 2434.041257][T17450] file_writeback 0 [ 2434.041257][T17450] anon_thp 0 [ 2434.041257][T17450] inactive_anon 0 [ 2434.041257][T17450] active_anon 0 [ 2434.041257][T17450] inactive_file 135168 [ 2434.041257][T17450] active_file 0 [ 2434.041257][T17450] unevictable 0 [ 2434.041257][T17450] slab_reclaimable 6893568 [ 2434.041257][T17450] slab_unreclaimable 684032 [ 2434.041257][T17450] pgfault 38115 [ 2434.041257][T17450] pgmajfault 0 [ 2434.041257][T17450] workingset_refault 0 [ 2434.041257][T17450] workingset_activate 0 [ 2434.041257][T17450] workingset_nodereclaim 0 [ 2434.041257][T17450] pgrefill 135 [ 2434.041257][T17450] pgscan 133 [ 2434.041257][T17450] pgsteal 0 [ 2434.041257][T17450] pgactivate 99 [ 2434.140644][T17490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2434.151334][T17450] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17450,uid=0 [ 2434.169397][T17450] Memory cgroup out of memory: Killed process 17450 (syz-executor.1) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2434.188916][ T1054] oom_reaper: reaped process 17450 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2434.243905][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2434.252559][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2434.262671][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2434.272394][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2434.282707][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2434.299889][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2434.309659][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2434.318570][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2434.328415][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2434.338208][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2434.347535][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2434.400839][T17490] team0: Port device team_slave_0 added [ 2434.740569][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2434.759281][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2434.775496][T17492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2434.787906][T17490] team0: Port device team_slave_1 added [ 2434.820299][T17492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2434.837410][T17494] chnl_net:caif_netlink_parms(): no params data found [ 2434.962732][T17490] device hsr_slave_0 entered promiscuous mode [ 2434.971879][T17512] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2435.041454][T17490] device hsr_slave_1 entered promiscuous mode [ 2435.070383][T17512] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2435.080771][T17490] debugfs: Directory 'hsr0' with parent '/' already present! [ 2435.098453][T17492] team0: Port device team_slave_0 added [ 2435.106636][T17512] CPU: 1 PID: 17512 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2435.114624][T17512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2435.124685][T17512] Call Trace: [ 2435.127993][T17512] dump_stack+0x172/0x1f0 [ 2435.132866][T17512] dump_header+0x10b/0x82d [ 2435.137553][T17512] oom_kill_process.cold+0x10/0x15 [ 2435.142934][T17512] out_of_memory+0x334/0x1340 [ 2435.147964][T17512] ? __sched_text_start+0x8/0x8 [ 2435.152850][T17512] ? oom_killer_disable+0x280/0x280 [ 2435.158496][T17512] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2435.164042][T17512] ? memcg_stat_show+0xc40/0xc40 [ 2435.168990][T17512] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2435.174804][T17512] ? cgroup_file_notify+0x140/0x1b0 [ 2435.180016][T17512] memory_max_write+0x262/0x3a0 [ 2435.184872][T17512] ? mem_cgroup_write+0x370/0x370 [ 2435.189901][T17512] ? lock_acquire+0x190/0x410 [ 2435.194577][T17512] ? kernfs_fop_write+0x227/0x480 [ 2435.199611][T17512] cgroup_file_write+0x241/0x790 [ 2435.204555][T17512] ? mem_cgroup_write+0x370/0x370 [ 2435.209584][T17512] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2435.215229][T17512] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2435.220865][T17512] kernfs_fop_write+0x2b8/0x480 [ 2435.225718][T17512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2435.231964][T17512] __vfs_write+0x8a/0x110 [ 2435.236307][T17512] ? kernfs_fop_open+0xd80/0xd80 [ 2435.241269][T17512] vfs_write+0x268/0x5d0 [ 2435.245869][T17512] ksys_write+0x14f/0x290 [ 2435.250202][T17512] ? __ia32_sys_read+0xb0/0xb0 [ 2435.254969][T17512] ? do_syscall_64+0x26/0x760 [ 2435.259648][T17512] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2435.265964][T17512] ? do_syscall_64+0x26/0x760 [ 2435.270647][T17512] __x64_sys_write+0x73/0xb0 [ 2435.275242][T17512] do_syscall_64+0xfa/0x760 [ 2435.279757][T17512] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2435.285649][T17512] RIP: 0033:0x459a59 [ 2435.289554][T17512] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2435.309153][T17512] RSP: 002b:00007f2ed8f20c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2435.317570][T17512] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2435.326225][T17512] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 2435.326233][T17512] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2435.326240][T17512] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2ed8f216d4 [ 2435.326247][T17512] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2435.336411][T17512] memory: usage 3204kB, limit 0kB, failcnt 903 [ 2435.367495][T17512] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2435.374907][T17512] Memory cgroup stats for /syz0: [ 2435.375019][T17512] anon 2129920 [ 2435.375019][T17512] file 0 [ 2435.375019][T17512] kernel_stack 65536 [ 2435.375019][T17512] slab 565248 [ 2435.375019][T17512] sock 0 [ 2435.375019][T17512] shmem 0 [ 2435.375019][T17512] file_mapped 0 [ 2435.375019][T17512] file_dirty 0 [ 2435.375019][T17512] file_writeback 0 [ 2435.375019][T17512] anon_thp 2097152 [ 2435.375019][T17512] inactive_anon 0 [ 2435.375019][T17512] active_anon 2129920 [ 2435.375019][T17512] inactive_file 135168 [ 2435.375019][T17512] active_file 0 [ 2435.375019][T17512] unevictable 0 [ 2435.375019][T17512] slab_reclaimable 135168 [ 2435.375019][T17512] slab_unreclaimable 430080 [ 2435.375019][T17512] pgfault 15213 [ 2435.375019][T17512] pgmajfault 0 [ 2435.375019][T17512] workingset_refault 0 [ 2435.375019][T17512] workingset_activate 0 [ 2435.375019][T17512] workingset_nodereclaim 0 [ 2435.375019][T17512] pgrefill 0 [ 2435.375019][T17512] pgscan 0 [ 2435.375019][T17512] pgsteal 0 [ 2435.375019][T17512] pgactivate 0 [ 2435.521533][T17512] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0 [ 2435.530906][T17512] ,task_memcg=/syz0,task=syz-executor.0,pid=17511,uid=0 [ 2435.559674][T17512] Memory cgroup out of memory: Killed process 17511 (syz-executor.0) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2435.614544][T17492] team0: Port device team_slave_1 added [ 2435.614617][ T1054] oom_reaper: reaped process 17511 (syz-executor.0), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 04:56:30 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x0, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:56:30 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x0, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r5, 0x100000001, 0x8}, 0xc) r6 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r6, 0x0, 0x0) 04:56:30 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 2435.681500][T17471] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2435.710002][T17471] CPU: 1 PID: 17471 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 2435.717927][T17471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2435.727973][T17471] Call Trace: [ 2435.727991][T17471] dump_stack+0x172/0x1f0 [ 2435.728009][T17471] dump_header+0x10b/0x82d [ 2435.728019][T17471] ? oom_kill_process+0x94/0x3f0 [ 2435.728034][T17471] oom_kill_process.cold+0x10/0x15 [ 2435.728049][T17471] out_of_memory+0x334/0x1340 [ 2435.728062][T17471] ? lock_downgrade+0x920/0x920 [ 2435.728080][T17471] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2435.728094][T17471] ? oom_killer_disable+0x280/0x280 [ 2435.728119][T17471] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2435.728133][T17471] ? memcg_stat_show+0xc40/0xc40 [ 2435.728152][T17471] ? do_raw_spin_unlock+0x57/0x270 [ 2435.728169][T17471] ? _raw_spin_unlock+0x2d/0x50 [ 2435.728187][T17471] try_charge+0xf4b/0x1440 [ 2435.728212][T17471] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2435.728222][T17471] ? percpu_ref_tryget_live+0x111/0x290 [ 2435.728242][T17471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2435.792954][T17471] ? __kasan_check_read+0x11/0x20 [ 2435.802979][T17471] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2435.802997][T17471] mem_cgroup_try_charge+0x136/0x590 [ 2435.803017][T17471] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2435.803037][T17471] __handle_mm_fault+0x1f0d/0x4040 [ 2435.842004][T17471] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2435.847654][T17471] ? handle_mm_fault+0x292/0xaa0 [ 2435.852739][T17471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2435.858994][T17471] ? __kasan_check_read+0x11/0x20 [ 2435.864058][T17471] handle_mm_fault+0x3b7/0xaa0 [ 2435.870299][T17471] __do_page_fault+0x536/0xdd0 [ 2435.870320][T17471] do_page_fault+0x38/0x590 [ 2435.879653][T17471] page_fault+0x39/0x40 [ 2435.879663][T17471] RIP: 0033:0x403522 [ 2435.879678][T17471] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2435.879685][T17471] RSP: 002b:00007ffc5083cef0 EFLAGS: 00010246 [ 2435.913613][T17471] RAX: 0000000000000000 RBX: 00000000002527cc RCX: 0000000000413660 [ 2435.921590][T17471] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc5083e020 [ 2435.930507][T17471] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000216a940 [ 2435.930520][T17471] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc5083e020 [ 2435.946436][T17471] R13: 00007ffc5083e010 R14: 0000000000000000 R15: 00007ffc5083e020 [ 2436.102260][T17492] device hsr_slave_0 entered promiscuous mode [ 2436.108902][T17471] memory: usage 836kB, limit 0kB, failcnt 911 [ 2436.114984][T17471] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2436.138898][T17471] Memory cgroup stats for /syz0: [ 2436.139019][T17471] anon 0 [ 2436.139019][T17471] file 0 [ 2436.139019][T17471] kernel_stack 65536 [ 2436.139019][T17471] slab 565248 [ 2436.139019][T17471] sock 0 [ 2436.139019][T17471] shmem 0 [ 2436.139019][T17471] file_mapped 0 [ 2436.139019][T17471] file_dirty 0 [ 2436.139019][T17471] file_writeback 0 [ 2436.139019][T17471] anon_thp 0 [ 2436.139019][T17471] inactive_anon 0 [ 2436.139019][T17471] active_anon 0 [ 2436.139019][T17471] inactive_file 135168 [ 2436.139019][T17471] active_file 0 [ 2436.139019][T17471] unevictable 0 [ 2436.139019][T17471] slab_reclaimable 135168 [ 2436.139019][T17471] slab_unreclaimable 430080 [ 2436.139019][T17471] pgfault 15213 [ 2436.139019][T17471] pgmajfault 0 [ 2436.139019][T17471] workingset_refault 0 [ 2436.139019][T17471] workingset_activate 0 [ 2436.139019][T17471] workingset_nodereclaim 0 [ 2436.139019][T17471] pgrefill 0 [ 2436.139019][T17471] pgscan 0 [ 2436.139019][T17471] pgsteal 0 [ 2436.139019][T17471] pgactivate 0 [ 2436.139019][T17471] pgdeactivate 0 [ 2436.237318][T17492] device hsr_slave_1 entered promiscuous mode [ 2436.273163][T17471] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17471,uid=0 [ 2436.289193][T17492] debugfs: Directory 'hsr0' with parent '/' already present! [ 2436.296861][T17494] bridge0: port 1(bridge_slave_0) entered blocking state [ 2436.304756][T17494] bridge0: port 1(bridge_slave_0) entered disabled state [ 2436.313960][T17494] device bridge_slave_0 entered promiscuous mode [ 2436.320487][T17471] Memory cgroup out of memory: Killed process 17471 (syz-executor.0) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2436.359859][T17494] bridge0: port 2(bridge_slave_1) entered blocking state [ 2436.367019][T17494] bridge0: port 2(bridge_slave_1) entered disabled state [ 2436.376774][ T1054] oom_reaper: reaped process 17471 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2436.390007][T17494] device bridge_slave_1 entered promiscuous mode [ 2436.504718][T17494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2437.007636][T17494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 04:56:32 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x0, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2437.113686][T17490] 8021q: adding VLAN 0 to HW filter on device bond0 04:56:32 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x0, 0x0, 0x3f, 0x4, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0x0, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x0, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2437.184715][T17494] team0: Port device team_slave_0 added [ 2437.212126][T17494] team0: Port device team_slave_1 added [ 2437.271522][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2437.290265][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2437.335047][T17490] 8021q: adding VLAN 0 to HW filter on device team0 [ 2437.374841][T17516] IPVS: ftp: loaded support on port[0] = 21 [ 2437.381330][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2437.403136][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2437.429358][ T2871] bridge0: port 1(bridge_slave_0) entered blocking state [ 2437.436544][ T2871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2437.512266][T17494] device hsr_slave_0 entered promiscuous mode [ 2437.550069][T17494] device hsr_slave_1 entered promiscuous mode [ 2437.609233][T17494] debugfs: Directory 'hsr0' with parent '/' already present! [ 2437.632268][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2437.643999][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2437.654767][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2437.663711][T11430] bridge0: port 2(bridge_slave_1) entered blocking state [ 2437.670817][T11430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2437.716212][T17492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2437.732116][T17517] IPVS: ftp: loaded support on port[0] = 21 [ 2437.747545][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2437.761881][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2437.803733][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2437.813385][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2437.851167][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2437.860043][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2437.869799][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2437.878707][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2437.892024][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2437.900699][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2437.910213][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2437.927727][T17492] 8021q: adding VLAN 0 to HW filter on device team0 [ 2437.963636][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2437.973872][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2437.998115][T17490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2438.013407][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2438.024708][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2438.033743][T10226] bridge0: port 1(bridge_slave_0) entered blocking state [ 2438.040863][T10226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2438.050581][T11361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2438.172787][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2438.190594][T10226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2438.208667][T10226] bridge0: port 2(bridge_slave_1) entered blocking state [ 2438.215890][T10226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2438.244862][T17490] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2438.264988][T16568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2438.299281][T17516] chnl_net:caif_netlink_parms(): no params data found [ 2438.315704][T16175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2438.387957][T16568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2438.399120][T16568] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2438.408229][T16568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2438.417814][T16568] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2438.541047][T16568] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2438.571417][T16568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2438.584114][T17528] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2438.590169][T16568] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2438.740266][T17516] bridge0: port 1(bridge_slave_0) entered blocking state [ 2438.767290][T17516] bridge0: port 1(bridge_slave_0) entered disabled state [ 2438.784642][T17516] device bridge_slave_0 entered promiscuous mode [ 2438.824150][T17494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2438.833107][T17530] IPVS: ftp: loaded support on port[0] = 21 [ 2438.841537][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2438.858095][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2438.871870][T17492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2438.883032][T17516] bridge0: port 2(bridge_slave_1) entered blocking state [ 2438.891008][T17516] bridge0: port 2(bridge_slave_1) entered disabled state [ 2438.900818][T17516] device bridge_slave_1 entered promiscuous mode [ 2438.908139][T17517] chnl_net:caif_netlink_parms(): no params data found [ 2438.969489][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2438.978713][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2439.017833][T17494] 8021q: adding VLAN 0 to HW filter on device team0 [ 2439.035515][T17492] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2439.056418][T17516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2439.125602][T16175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2439.135875][T16175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2439.145273][T16175] bridge0: port 1(bridge_slave_0) entered blocking state [ 2439.152372][T16175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2439.180284][T17516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2439.201562][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2439.214154][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2439.231920][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2439.247518][T15053] bridge0: port 2(bridge_slave_1) entered blocking state [ 2439.254654][T15053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2439.278144][T17517] bridge0: port 1(bridge_slave_0) entered blocking state [ 2439.288187][T17517] bridge0: port 1(bridge_slave_0) entered disabled state [ 2439.297414][T17517] device bridge_slave_0 entered promiscuous mode [ 2439.336795][T16175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2439.347856][T16175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2439.357534][T16175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2439.390922][T16175] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2439.412179][T17517] bridge0: port 2(bridge_slave_1) entered blocking state [ 2439.422358][T17517] bridge0: port 2(bridge_slave_1) entered disabled state [ 2439.429909][T17547] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2439.451789][T17517] device bridge_slave_1 entered promiscuous mode [ 2439.493254][T17516] team0: Port device team_slave_0 added [ 2439.501826][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2439.505894][T17547] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2439.514984][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2439.527659][T17547] CPU: 0 PID: 17547 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2439.535564][T17547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2439.540144][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2439.545630][T17547] Call Trace: [ 2439.556698][T17547] dump_stack+0x172/0x1f0 [ 2439.561031][T17547] dump_header+0x10b/0x82d [ 2439.565443][T17547] oom_kill_process.cold+0x10/0x15 [ 2439.570565][T17547] out_of_memory+0x334/0x1340 [ 2439.575249][T17547] ? __sched_text_start+0x8/0x8 [ 2439.580103][T17547] ? oom_killer_disable+0x280/0x280 [ 2439.585312][T17547] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2439.590856][T17547] ? memcg_stat_show+0xc40/0xc40 [ 2439.595886][T17547] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2439.601694][T17547] ? cgroup_file_notify+0x140/0x1b0 [ 2439.606899][T17547] memory_max_write+0x262/0x3a0 [ 2439.611762][T17547] ? mem_cgroup_write+0x370/0x370 [ 2439.616793][T17547] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2439.622256][T17547] cgroup_file_write+0x241/0x790 [ 2439.627197][T17547] ? mem_cgroup_write+0x370/0x370 [ 2439.632226][T17547] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2439.637865][T17547] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2439.643498][T17547] kernfs_fop_write+0x2b8/0x480 [ 2439.648380][T17547] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2439.654622][T17547] __vfs_write+0x8a/0x110 [ 2439.659057][T17547] ? kernfs_fop_open+0xd80/0xd80 [ 2439.663974][T17547] vfs_write+0x268/0x5d0 [ 2439.668203][T17547] ksys_write+0x14f/0x290 [ 2439.672512][T17547] ? __ia32_sys_read+0xb0/0xb0 [ 2439.677256][T17547] ? do_syscall_64+0x26/0x760 [ 2439.681974][T17547] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2439.688043][T17547] ? do_syscall_64+0x26/0x760 [ 2439.692712][T17547] __x64_sys_write+0x73/0xb0 [ 2439.697288][T17547] do_syscall_64+0xfa/0x760 [ 2439.701865][T17547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2439.707738][T17547] RIP: 0033:0x459a59 [ 2439.711613][T17547] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2439.731197][T17547] RSP: 002b:00007f200020cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2439.739585][T17547] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2439.747545][T17547] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2439.755497][T17547] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2439.763462][T17547] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f200020d6d4 [ 2439.771430][T17547] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2439.811243][T17547] memory: usage 3128kB, limit 0kB, failcnt 716 [ 2439.817866][T17547] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2439.825569][T17547] Memory cgroup stats for /syz5: [ 2439.826653][T17547] anon 2174976 [ 2439.826653][T17547] file 0 [ 2439.826653][T17547] kernel_stack 0 [ 2439.826653][T17547] slab 544768 [ 2439.826653][T17547] sock 0 [ 2439.826653][T17547] shmem 0 [ 2439.826653][T17547] file_mapped 0 [ 2439.826653][T17547] file_dirty 0 [ 2439.826653][T17547] file_writeback 0 [ 2439.826653][T17547] anon_thp 2097152 [ 2439.826653][T17547] inactive_anon 0 [ 2439.826653][T17547] active_anon 2174976 [ 2439.826653][T17547] inactive_file 0 [ 2439.826653][T17547] active_file 0 [ 2439.826653][T17547] unevictable 0 [ 2439.826653][T17547] slab_reclaimable 135168 [ 2439.826653][T17547] slab_unreclaimable 409600 [ 2439.826653][T17547] pgfault 8745 [ 2439.826653][T17547] pgmajfault 0 [ 2439.826653][T17547] workingset_refault 0 [ 2439.826653][T17547] workingset_activate 0 [ 2439.826653][T17547] workingset_nodereclaim 0 [ 2439.826653][T17547] pgrefill 233 [ 2439.826653][T17547] pgscan 362 [ 2439.826653][T17547] pgsteal 146 [ 2439.826653][T17547] pgactivate 198 [ 2439.931037][T17547] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17546,uid=0 [ 2439.950349][T17547] Memory cgroup out of memory: Killed process 17546 (syz-executor.5) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2439.972092][ T1054] oom_reaper: reaped process 17546 (syz-executor.5), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2439.992794][T17517] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2440.030798][T17516] team0: Port device team_slave_1 added 04:56:35 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:56:35 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3f}, 0x0, 0x0, 0xffffffffffffffff, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000003800)=[{0x0}], 0x1}, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(r2, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() r3 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r1, 0x0, 0x0) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) [ 2440.141469][T17492] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2440.159140][T17492] CPU: 1 PID: 17492 Comm: syz-executor.5 Not tainted 5.4.0-rc1+ #0 [ 2440.167063][T17492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2440.177123][T17492] Call Trace: [ 2440.180433][T17492] dump_stack+0x172/0x1f0 [ 2440.184762][T17492] dump_header+0x10b/0x82d [ 2440.189211][T17492] ? oom_kill_process+0x94/0x3f0 [ 2440.194139][T17492] oom_kill_process.cold+0x10/0x15 [ 2440.199239][T17492] out_of_memory+0x334/0x1340 [ 2440.203901][T17492] ? lock_downgrade+0x920/0x920 [ 2440.208740][T17492] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2440.214539][T17492] ? oom_killer_disable+0x280/0x280 [ 2440.219734][T17492] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2440.225265][T17492] ? memcg_stat_show+0xc40/0xc40 [ 2440.230205][T17492] ? do_raw_spin_unlock+0x57/0x270 [ 2440.235314][T17492] ? _raw_spin_unlock+0x2d/0x50 [ 2440.240155][T17492] try_charge+0xf4b/0x1440 [ 2440.244570][T17492] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2440.250103][T17492] ? percpu_ref_tryget_live+0x111/0x290 [ 2440.255636][T17492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2440.262643][T17492] ? __kasan_check_read+0x11/0x20 [ 2440.267658][T17492] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2440.273195][T17492] mem_cgroup_try_charge+0x136/0x590 [ 2440.278477][T17492] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2440.284099][T17492] wp_page_copy+0x407/0x1860 [ 2440.288675][T17492] ? find_held_lock+0x35/0x130 [ 2440.293427][T17492] ? do_wp_page+0x53b/0x15c0 [ 2440.298009][T17492] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2440.303813][T17492] ? lock_downgrade+0x920/0x920 [ 2440.308652][T17492] ? swp_swapcount+0x540/0x540 [ 2440.313418][T17492] ? __kasan_check_read+0x11/0x20 [ 2440.318439][T17492] ? do_raw_spin_unlock+0x57/0x270 [ 2440.323546][T17492] do_wp_page+0x543/0x15c0 [ 2440.327956][T17492] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2440.333324][T17492] __handle_mm_fault+0x23ec/0x4040 [ 2440.338426][T17492] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2440.343973][T17492] ? handle_mm_fault+0x292/0xaa0 [ 2440.348918][T17492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2440.355151][T17492] ? __kasan_check_read+0x11/0x20 [ 2440.360183][T17492] handle_mm_fault+0x3b7/0xaa0 [ 2440.364942][T17492] __do_page_fault+0x536/0xdd0 [ 2440.369710][T17492] do_page_fault+0x38/0x590 [ 2440.374203][T17492] page_fault+0x39/0x40 [ 2440.378340][T17492] RIP: 0033:0x403522 [ 2440.382222][T17492] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2440.401807][T17492] RSP: 002b:00007ffd26887c10 EFLAGS: 00010246 [ 2440.407855][T17492] RAX: 0000000000000000 RBX: 000000000025390a RCX: 0000000000413660 [ 2440.415819][T17492] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd26888d40 [ 2440.423786][T17492] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000010e4940 [ 2440.431739][T17492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd26888d40 [ 2440.439712][T17492] R13: 00007ffd26888d30 R14: 0000000000000000 R15: 00007ffd26888d40 [ 2440.512111][T17492] memory: usage 800kB, limit 0kB, failcnt 724 [ 2440.529698][T17492] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2440.557237][T17492] Memory cgroup stats for /syz5: [ 2440.557636][T17492] anon 12288 [ 2440.557636][T17492] file 0 [ 2440.557636][T17492] kernel_stack 0 [ 2440.557636][T17492] slab 544768 [ 2440.557636][T17492] sock 0 [ 2440.557636][T17492] shmem 0 [ 2440.557636][T17492] file_mapped 0 [ 2440.557636][T17492] file_dirty 0 [ 2440.557636][T17492] file_writeback 0 [ 2440.557636][T17492] anon_thp 0 [ 2440.557636][T17492] inactive_anon 0 [ 2440.557636][T17492] active_anon 12288 [ 2440.557636][T17492] inactive_file 0 [ 2440.557636][T17492] active_file 0 [ 2440.557636][T17492] unevictable 0 [ 2440.557636][T17492] slab_reclaimable 135168 [ 2440.557636][T17492] slab_unreclaimable 409600 [ 2440.557636][T17492] pgfault 8745 [ 2440.557636][T17492] pgmajfault 0 [ 2440.557636][T17492] workingset_refault 0 [ 2440.557636][T17492] workingset_activate 0 [ 2440.557636][T17492] workingset_nodereclaim 0 [ 2440.557636][T17492] pgrefill 233 [ 2440.557636][T17492] pgscan 362 [ 2440.557636][T17492] pgsteal 146 [ 2440.557636][T17492] pgactivate 198 [ 2440.655736][T17492] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17492,uid=0 [ 2440.671807][T17492] Memory cgroup out of memory: Killed process 17492 (syz-executor.5) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2440.690927][ T1054] oom_reaper: reaped process 17492 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2440.702252][T17549] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2440.727182][T17549] CPU: 1 PID: 17549 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2440.735131][T17549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2440.745197][T17549] Call Trace: [ 2440.748502][T17549] dump_stack+0x172/0x1f0 [ 2440.752850][T17549] dump_header+0x10b/0x82d [ 2440.757297][T17549] oom_kill_process.cold+0x10/0x15 [ 2440.762441][T17549] out_of_memory+0x334/0x1340 [ 2440.767141][T17549] ? oom_killer_disable+0x280/0x280 [ 2440.772372][T17549] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2440.777928][T17549] ? memcg_stat_show+0xc40/0xc40 [ 2440.782880][T17549] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2440.788691][T17549] ? cgroup_file_notify+0x140/0x1b0 [ 2440.793905][T17549] memory_max_write+0x262/0x3a0 [ 2440.798761][T17549] ? mem_cgroup_write+0x370/0x370 [ 2440.803781][T17549] ? lock_acquire+0x190/0x410 [ 2440.808480][T17549] ? kernfs_fop_write+0x227/0x480 [ 2440.813516][T17549] cgroup_file_write+0x241/0x790 [ 2440.818454][T17549] ? mem_cgroup_write+0x370/0x370 [ 2440.823482][T17549] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2440.829124][T17549] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2440.834758][T17549] kernfs_fop_write+0x2b8/0x480 [ 2440.839614][T17549] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2440.845862][T17549] __vfs_write+0x8a/0x110 [ 2440.850198][T17549] ? kernfs_fop_open+0xd80/0xd80 [ 2440.855230][T17549] vfs_write+0x268/0x5d0 [ 2440.859500][T17549] ksys_write+0x14f/0x290 [ 2440.863847][T17549] ? __ia32_sys_read+0xb0/0xb0 [ 2440.868610][T17549] ? do_syscall_64+0x26/0x760 [ 2440.873286][T17549] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2440.879352][T17549] ? do_syscall_64+0x26/0x760 [ 2440.884080][T17549] __x64_sys_write+0x73/0xb0 [ 2440.888671][T17549] do_syscall_64+0xfa/0x760 [ 2440.893180][T17549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2440.899072][T17549] RIP: 0033:0x459a59 [ 2440.902968][T17549] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2440.922700][T17549] RSP: 002b:00007fa373012c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2440.931120][T17549] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2440.939103][T17549] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2440.947078][T17549] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2440.955053][T17549] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3730136d4 [ 2440.963047][T17549] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2441.048998][T17549] memory: usage 6540kB, limit 0kB, failcnt 1550 [ 2441.055411][T17549] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2441.078991][T17549] Memory cgroup stats for /syz3: [ 2441.079131][T17549] anon 4300800 [ 2441.079131][T17549] file 0 [ 2441.079131][T17549] kernel_stack 131072 [ 2441.079131][T17549] slab 1904640 [ 2441.079131][T17549] sock 0 [ 2441.079131][T17549] shmem 0 [ 2441.079131][T17549] file_mapped 0 [ 2441.079131][T17549] file_dirty 0 [ 2441.079131][T17549] file_writeback 0 [ 2441.079131][T17549] anon_thp 4194304 [ 2441.079131][T17549] inactive_anon 0 [ 2441.079131][T17549] active_anon 4300800 [ 2441.079131][T17549] inactive_file 28672 [ 2441.079131][T17549] active_file 0 [ 2441.079131][T17549] unevictable 0 [ 2441.079131][T17549] slab_reclaimable 1216512 [ 2441.079131][T17549] slab_unreclaimable 688128 [ 2441.079131][T17549] pgfault 14025 [ 2441.079131][T17549] pgmajfault 0 [ 2441.079131][T17549] workingset_refault 0 [ 2441.079131][T17549] workingset_activate 0 [ 2441.079131][T17549] workingset_nodereclaim 0 [ 2441.079131][T17549] pgrefill 496 [ 2441.079131][T17549] pgscan 4606 [ 2441.079131][T17549] pgsteal 4107 [ 2441.079131][T17549] pgactivate 495 [ 2441.338929][T17549] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17548,uid=0 [ 2441.359102][T17549] Memory cgroup out of memory: Killed process 17548 (syz-executor.3) total-vm:72708kB, anon-rss:4256kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2441.380523][ T1054] oom_reaper: reaped process 17548 (syz-executor.3), now anon-rss:0kB, file-rss:34916kB, shmem-rss:0kB 04:56:36 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2441.516863][T17490] syz-executor.3 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2441.548853][T17490] CPU: 1 PID: 17490 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 2441.556770][T17490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2441.566818][T17490] Call Trace: [ 2441.570118][T17490] dump_stack+0x172/0x1f0 [ 2441.574451][T17490] dump_header+0x10b/0x82d [ 2441.578862][T17490] ? oom_kill_process+0x94/0x3f0 [ 2441.583802][T17490] oom_kill_process.cold+0x10/0x15 [ 2441.588906][T17490] out_of_memory+0x334/0x1340 [ 2441.593592][T17490] ? lock_downgrade+0x920/0x920 [ 2441.598453][T17490] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2441.604257][T17490] ? oom_killer_disable+0x280/0x280 [ 2441.609546][T17490] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2441.615083][T17490] ? memcg_stat_show+0xc40/0xc40 [ 2441.620024][T17490] ? do_raw_spin_unlock+0x57/0x270 [ 2441.625153][T17490] ? _raw_spin_unlock+0x2d/0x50 [ 2441.630011][T17490] try_charge+0xf4b/0x1440 [ 2441.634434][T17490] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2441.639987][T17490] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2441.645545][T17490] ? cache_grow_begin+0x122/0xd20 [ 2441.650662][T17490] ? find_held_lock+0x35/0x130 [ 2441.655426][T17490] ? cache_grow_begin+0x122/0xd20 [ 2441.660459][T17490] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2441.666008][T17490] ? lock_downgrade+0x920/0x920 [ 2441.670857][T17490] ? memcg_kmem_put_cache+0x50/0x50 [ 2441.676055][T17490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2441.682294][T17490] ? __kasan_check_read+0x11/0x20 [ 2441.687407][T17490] cache_grow_begin+0x629/0xd20 [ 2441.692260][T17490] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 2441.697975][T17490] ? mempolicy_slab_node+0x139/0x390 [ 2441.703258][T17490] fallback_alloc+0x1fd/0x2d0 [ 2441.707942][T17490] ____cache_alloc_node+0x1bc/0x1d0 [ 2441.713137][T17490] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2441.719378][T17490] kmem_cache_alloc+0x1ef/0x710 [ 2441.724226][T17490] ? lock_downgrade+0x920/0x920 [ 2441.729601][T17490] ? rwlock_bug.part.0+0x90/0x90 [ 2441.734555][T17490] ? ratelimit_state_init+0xb0/0xb0 [ 2441.739760][T17490] ext4_alloc_inode+0x1f/0x640 [ 2441.744528][T17490] ? ratelimit_state_init+0xb0/0xb0 [ 2441.749725][T17490] alloc_inode+0x68/0x1e0 [ 2441.754057][T17490] iget_locked+0x1a6/0x4b0 [ 2441.758475][T17490] __ext4_iget+0x265/0x3e20 [ 2441.762978][T17490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2441.769227][T17490] ? ext4_get_projid+0x190/0x190 [ 2441.774161][T17490] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2441.779712][T17490] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2441.785704][T17490] ? d_alloc_parallel+0xa78/0x1c30 [ 2441.790833][T17490] ext4_lookup+0x3b1/0x7a0 [ 2441.795262][T17490] ? ext4_cross_rename+0x1430/0x1430 [ 2441.800549][T17490] ? __lock_acquire+0x16f2/0x4a00 [ 2441.805567][T17490] ? __kasan_check_read+0x11/0x20 [ 2441.810603][T17490] ? lockdep_init_map+0x1be/0x6d0 [ 2441.815632][T17490] __lookup_slow+0x279/0x500 [ 2441.820223][T17490] ? vfs_unlink+0x620/0x620 [ 2441.824836][T17490] lookup_slow+0x58/0x80 [ 2441.829082][T17490] path_mountpoint+0x5d2/0x1e60 [ 2441.833929][T17490] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2441.839472][T17490] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2441.845802][T17490] ? path_openat+0x46d0/0x46d0 [ 2441.850574][T17490] filename_mountpoint+0x18e/0x390 [ 2441.855692][T17490] ? filename_parentat.isra.0+0x410/0x410 [ 2441.861405][T17490] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2441.867563][T17490] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2441.873801][T17490] ? __phys_addr_symbol+0x30/0x70 [ 2441.878822][T17490] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2441.884626][T17490] ? __check_object_size+0x3d/0x437 [ 2441.889828][T17490] ? strncpy_from_user+0x2b4/0x400 [ 2441.894948][T17490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2441.901189][T17490] ? getname_flags+0x277/0x5b0 [ 2441.905955][T17490] user_path_mountpoint_at+0x3a/0x50 [ 2441.911240][T17490] ksys_umount+0x164/0xf00 [ 2441.915666][T17490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2441.921912][T17490] ? __detach_mounts+0x2a0/0x2a0 [ 2441.926849][T17490] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2441.932307][T17490] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2441.937847][T17490] ? do_syscall_64+0x26/0x760 [ 2441.942539][T17490] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2441.948624][T17490] ? do_syscall_64+0x26/0x760 [ 2441.953314][T17490] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2441.958606][T17490] __x64_sys_umount+0x54/0x80 [ 2441.963289][T17490] do_syscall_64+0xfa/0x760 [ 2441.967792][T17490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2441.973680][T17490] RIP: 0033:0x45c487 [ 2441.977572][T17490] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2441.997178][T17490] RSP: 002b:00007ffd2e643078 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2442.005588][T17490] RAX: ffffffffffffffda RBX: 0000000000253f2a RCX: 000000000045c487 [ 2442.013905][T17490] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007ffd2e643120 [ 2442.021872][T17490] RBP: 0000000000000005 R08: 0000000000000000 R09: 000000000000000e [ 2442.029841][T17490] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffd2e6441b0 [ 2442.037803][T17490] R13: 0000000000ca0940 R14: 0000000000000000 R15: 00007ffd2e6441b0 [ 2442.078857][T17490] memory: usage 2096kB, limit 0kB, failcnt 1562 [ 2442.085130][T17490] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2442.109061][T17490] Memory cgroup stats for /syz3: [ 2442.109173][T17490] anon 86016 [ 2442.109173][T17490] file 0 [ 2442.109173][T17490] kernel_stack 0 [ 2442.109173][T17490] slab 1904640 [ 2442.109173][T17490] sock 0 [ 2442.109173][T17490] shmem 0 [ 2442.109173][T17490] file_mapped 0 [ 2442.109173][T17490] file_dirty 0 [ 2442.109173][T17490] file_writeback 0 [ 2442.109173][T17490] anon_thp 0 [ 2442.109173][T17490] inactive_anon 0 [ 2442.109173][T17490] active_anon 86016 [ 2442.109173][T17490] inactive_file 28672 [ 2442.109173][T17490] active_file 0 [ 2442.109173][T17490] unevictable 0 [ 2442.109173][T17490] slab_reclaimable 1216512 [ 2442.109173][T17490] slab_unreclaimable 688128 [ 2442.109173][T17490] pgfault 14058 [ 2442.109173][T17490] pgmajfault 0 [ 2442.109173][T17490] workingset_refault 0 [ 2442.109173][T17490] workingset_activate 0 [ 2442.109173][T17490] workingset_nodereclaim 0 [ 2442.109173][T17490] pgrefill 496 [ 2442.109173][T17490] pgscan 4606 [ 2442.109173][T17490] pgsteal 4107 [ 2442.109173][T17490] pgactivate 495 [ 2442.205143][T17490] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17490,uid=0 [ 2442.221264][T17490] Memory cgroup out of memory: Killed process 17490 (syz-executor.3) total-vm:72444kB, anon-rss:108kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2442.239895][ T1054] oom_reaper: reaped process 17490 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2457.371244][T17517] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2457.382469][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2457.391896][T15053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2457.416982][T17494] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2457.430095][T17494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2458.056450][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2458.067514][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 04:56:53 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2458.103588][T17530] chnl_net:caif_netlink_parms(): no params data found [ 2458.123070][T17517] team0: Port device team_slave_0 added [ 2458.175675][T17516] device hsr_slave_0 entered promiscuous mode [ 2458.219722][T17516] device hsr_slave_1 entered promiscuous mode [ 2458.319060][T17516] debugfs: Directory 'hsr0' with parent '/' already present! [ 2458.348366][T17517] team0: Port device team_slave_1 added [ 2458.387717][T17494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2458.482647][T17517] device hsr_slave_0 entered promiscuous mode [ 2458.579909][T17517] device hsr_slave_1 entered promiscuous mode [ 2458.659029][T17517] debugfs: Directory 'hsr0' with parent '/' already present! [ 2466.818973][T17530] bridge0: port 1(bridge_slave_0) entered blocking state [ 2466.826071][T17530] bridge0: port 1(bridge_slave_0) entered disabled state [ 2466.837118][T17530] device bridge_slave_0 entered promiscuous mode [ 2466.857397][T17530] bridge0: port 2(bridge_slave_1) entered blocking state [ 2466.865694][T17530] bridge0: port 2(bridge_slave_1) entered disabled state [ 2466.874540][T17530] device bridge_slave_1 entered promiscuous mode [ 2467.047598][T17558] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2467.162042][T17559] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2467.188907][T17559] CPU: 0 PID: 17559 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2467.196829][T17559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2467.206888][T17559] Call Trace: [ 2467.210192][T17559] dump_stack+0x172/0x1f0 [ 2467.214528][T17559] dump_header+0x10b/0x82d [ 2467.218950][T17559] oom_kill_process.cold+0x10/0x15 [ 2467.224070][T17559] out_of_memory+0x334/0x1340 [ 2467.228750][T17559] ? cgroup_file_notify+0x140/0x1b0 [ 2467.233950][T17559] ? oom_killer_disable+0x280/0x280 [ 2467.239155][T17559] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2467.244696][T17559] ? memcg_stat_show+0xc40/0xc40 [ 2467.249645][T17559] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2467.255453][T17559] ? cgroup_file_notify+0x140/0x1b0 [ 2467.260659][T17559] memory_max_write+0x262/0x3a0 [ 2467.265511][T17559] ? mem_cgroup_write+0x370/0x370 [ 2467.270534][T17559] ? lock_acquire+0x190/0x410 [ 2467.275210][T17559] ? kernfs_fop_write+0x227/0x480 [ 2467.280237][T17559] cgroup_file_write+0x241/0x790 [ 2467.285175][T17559] ? mem_cgroup_write+0x370/0x370 [ 2467.290206][T17559] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2467.295845][T17559] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2467.301478][T17559] kernfs_fop_write+0x2b8/0x480 [ 2467.306332][T17559] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2467.312582][T17559] __vfs_write+0x8a/0x110 [ 2467.316916][T17559] ? kernfs_fop_open+0xd80/0xd80 [ 2467.321858][T17559] vfs_write+0x268/0x5d0 [ 2467.326100][T17559] ksys_write+0x14f/0x290 [ 2467.330429][T17559] ? __ia32_sys_read+0xb0/0xb0 [ 2467.335194][T17559] ? do_syscall_64+0x26/0x760 [ 2467.339867][T17559] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2467.345925][T17559] ? do_syscall_64+0x26/0x760 [ 2467.350603][T17559] __x64_sys_write+0x73/0xb0 [ 2467.355208][T17559] do_syscall_64+0xfa/0x760 [ 2467.359715][T17559] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2467.365602][T17559] RIP: 0033:0x459a59 [ 2467.369494][T17559] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2467.389527][T17559] RSP: 002b:00007fc0761e0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2467.397933][T17559] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2467.405902][T17559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 2467.413870][T17559] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2467.422097][T17559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc0761e16d4 [ 2467.430061][T17559] R13: 00000000004c9ef3 R14: 00000000004e1c48 R15: 00000000ffffffff [ 2467.453320][T17559] memory: usage 3148kB, limit 0kB, failcnt 841 [ 2467.459698][T17559] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2467.466560][T17559] Memory cgroup stats for /syz2: [ 2467.466675][T17559] anon 2064384 [ 2467.466675][T17559] file 12288 [ 2467.466675][T17559] kernel_stack 65536 [ 2467.466675][T17559] slab 651264 [ 2467.466675][T17559] sock 0 [ 2467.466675][T17559] shmem 0 [ 2467.466675][T17559] file_mapped 0 [ 2467.466675][T17559] file_dirty 0 [ 2467.466675][T17559] file_writeback 0 [ 2467.466675][T17559] anon_thp 2097152 [ 2467.466675][T17559] inactive_anon 0 [ 2467.466675][T17559] active_anon 2064384 [ 2467.466675][T17559] inactive_file 0 [ 2467.466675][T17559] active_file 0 [ 2467.466675][T17559] unevictable 0 [ 2467.466675][T17559] slab_reclaimable 135168 [ 2467.466675][T17559] slab_unreclaimable 516096 [ 2467.466675][T17559] pgfault 15279 [ 2467.466675][T17559] pgmajfault 0 [ 2467.466675][T17559] workingset_refault 0 [ 2467.466675][T17559] workingset_activate 0 [ 2467.466675][T17559] workingset_nodereclaim 0 [ 2467.466675][T17559] pgrefill 66 [ 2467.466675][T17559] pgscan 33 [ 2467.466675][T17559] pgsteal 0 [ 2467.466675][T17559] pgactivate 33 [ 2467.564842][T17559] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17557,uid=0 [ 2467.582585][T17559] Memory cgroup out of memory: Killed process 17557 (syz-executor.2) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2467.603148][ T1054] oom_reaper: reaped process 17557 (syz-executor.2), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 2470.107792][T17494] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2470.128998][T17494] CPU: 1 PID: 17494 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 2470.136920][T17494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2470.146975][T17494] Call Trace: [ 2470.150270][T17494] dump_stack+0x172/0x1f0 [ 2470.154601][T17494] dump_header+0x10b/0x82d [ 2470.159012][T17494] ? oom_kill_process+0x94/0x3f0 [ 2470.163950][T17494] oom_kill_process.cold+0x10/0x15 [ 2470.169064][T17494] out_of_memory+0x334/0x1340 [ 2470.173741][T17494] ? lock_downgrade+0x920/0x920 [ 2470.178589][T17494] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2470.184399][T17494] ? oom_killer_disable+0x280/0x280 [ 2470.189609][T17494] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2470.195159][T17494] ? memcg_stat_show+0xc40/0xc40 [ 2470.200109][T17494] ? do_raw_spin_unlock+0x57/0x270 [ 2470.205218][T17494] ? _raw_spin_unlock+0x2d/0x50 [ 2470.210163][T17494] try_charge+0xf4b/0x1440 [ 2470.214599][T17494] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2470.220174][T17494] ? percpu_ref_tryget_live+0x111/0x290 [ 2470.225719][T17494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2470.231971][T17494] ? __kasan_check_read+0x11/0x20 [ 2470.236995][T17494] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2470.242561][T17494] mem_cgroup_try_charge+0x136/0x590 [ 2470.247854][T17494] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2470.253488][T17494] wp_page_copy+0x407/0x1860 [ 2470.258094][T17494] ? find_held_lock+0x35/0x130 [ 2470.262860][T17494] ? do_wp_page+0x53b/0x15c0 [ 2470.267453][T17494] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2470.273262][T17494] ? lock_downgrade+0x920/0x920 [ 2470.278111][T17494] ? swp_swapcount+0x540/0x540 [ 2470.282874][T17494] ? __kasan_check_read+0x11/0x20 [ 2470.288155][T17494] ? do_raw_spin_unlock+0x57/0x270 [ 2470.293271][T17494] do_wp_page+0x543/0x15c0 [ 2470.297709][T17494] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2470.303087][T17494] __handle_mm_fault+0x23ec/0x4040 [ 2470.308205][T17494] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2470.313766][T17494] ? handle_mm_fault+0x292/0xaa0 [ 2470.318721][T17494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2470.324967][T17494] ? __kasan_check_read+0x11/0x20 [ 2470.329999][T17494] handle_mm_fault+0x3b7/0xaa0 [ 2470.334766][T17494] __do_page_fault+0x536/0xdd0 [ 2470.339536][T17494] do_page_fault+0x38/0x590 [ 2470.344043][T17494] page_fault+0x39/0x40 [ 2470.348191][T17494] RIP: 0033:0x430b36 [ 2470.352092][T17494] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2470.371704][T17494] RSP: 002b:00007ffd6f218240 EFLAGS: 00010206 [ 2470.377772][T17494] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2470.385747][T17494] RDX: 0000000001f24930 RSI: 0000000001f2c970 RDI: 0000000000000003 [ 2470.393725][T17494] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001f23940 [ 2470.401694][T17494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2470.409658][T17494] R13: 0000000000716698 R14: 000000000025a483 R15: 0000000000002710 [ 2470.419443][T17494] memory: usage 932kB, limit 0kB, failcnt 849 [ 2470.425535][T17494] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2470.432819][T17494] Memory cgroup stats for /syz2: [ 2470.432926][T17494] anon 0 [ 2470.432926][T17494] file 12288 [ 2470.432926][T17494] kernel_stack 65536 [ 2470.432926][T17494] slab 651264 [ 2470.432926][T17494] sock 0 [ 2470.432926][T17494] shmem 0 [ 2470.432926][T17494] file_mapped 0 [ 2470.432926][T17494] file_dirty 0 [ 2470.432926][T17494] file_writeback 0 [ 2470.432926][T17494] anon_thp 0 [ 2470.432926][T17494] inactive_anon 0 [ 2470.432926][T17494] active_anon 0 [ 2470.432926][T17494] inactive_file 0 [ 2470.432926][T17494] active_file 0 [ 2470.432926][T17494] unevictable 0 [ 2470.432926][T17494] slab_reclaimable 135168 [ 2470.432926][T17494] slab_unreclaimable 516096 [ 2470.432926][T17494] pgfault 15312 [ 2470.432926][T17494] pgmajfault 0 [ 2470.432926][T17494] workingset_refault 0 [ 2470.432926][T17494] workingset_activate 0 [ 2470.432926][T17494] workingset_nodereclaim 0 [ 2470.432926][T17494] pgrefill 66 [ 2470.432926][T17494] pgscan 33 [ 2470.432926][T17494] pgsteal 0 [ 2470.432926][T17494] pgactivate 33 [ 2470.432926][T17494] pgdeactivate 66 [ 2470.533922][T17494] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17494,uid=0 [ 2470.549884][T17494] Memory cgroup out of memory: Killed process 17494 (syz-executor.2) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2470.568511][ T1054] oom_reaper: reaped process 17494 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2475.755513][T17530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2475.794666][T17530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2484.865415][T17530] team0: Port device team_slave_0 added [ 2484.878209][T17516] 8021q: adding VLAN 0 to HW filter on device bond0 04:57:20 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x0, 0xc, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:57:20 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x0, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) 04:57:20 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2484.922826][T17530] team0: Port device team_slave_1 added [ 2484.944576][T17517] 8021q: adding VLAN 0 to HW filter on device bond0 04:57:20 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000001ac0)={&(0x7f00000016c0)=@in6={0xa, 0x4e20, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001a40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x99) gettid() sendmsg(0xffffffffffffffff, 0x0, 0x40) socket$kcm(0x11, 0x3, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000300)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb0100850c0000000000003c0000005400000072c000000000"], 0x0, 0x3f, 0x0, 0x1}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x4, 0xcc, 0x8000, 0x3, 0x0, 0x3f, 0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0xeced, 0x5, 0x3, 0x0, 0xfffffffffffffffa, 0x9, 0xc62, 0x7f, 0xfff, 0x8, 0x1b, 0xfffffffffffffffd, 0x800, 0x0, 0x3ff, 0xd680, 0x1ff, 0x2, 0x2, 0xae2, 0x8, 0x7, 0x7fffffff, 0x0, 0x1, 0x4, @perf_bp={&(0x7f00000003c0), 0xc}, 0x4004, 0x3, 0x9, 0x9, 0x6, 0x7, 0xfffffffffffeffff}, 0x0, 0x0, r1, 0x8) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={0xffffffffffffffff, 0x1, 0x1, 0xfff, &(0x7f00000000c0)=[0x0, 0x0], 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x28}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x40) r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x89a2, &(0x7f0000000080)={'bridge0\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffffffffff97) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2485.092325][T17530] device hsr_slave_0 entered promiscuous mode [ 2485.129791][T17530] device hsr_slave_1 entered promiscuous mode [ 2485.168882][T17530] debugfs: Directory 'hsr0' with parent '/' already present! [ 2493.554154][T13236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2493.562962][T13236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2493.586554][T17563] IPVS: ftp: loaded support on port[0] = 21 [ 2493.586944][T17565] IPVS: ftp: loaded support on port[0] = 21 [ 2493.595115][T17561] IPVS: ftp: loaded support on port[0] = 21 [ 2493.604357][T17516] 8021q: adding VLAN 0 to HW filter on device team0 [ 2493.628323][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2493.637573][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2493.646615][T11102] bridge0: port 1(bridge_slave_0) entered blocking state [ 2493.653737][T11102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2493.667593][T11102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2519.512812][T17563] chnl_net:caif_netlink_parms(): no params data found [ 2519.575984][T17572] IPVS: ftp: loaded support on port[0] = 21 [ 2519.580117][T17571] IPVS: ftp: loaded support on port[0] = 21 [ 2527.771243][T17569] IPVS: ftp: loaded support on port[0] = 21 [ 2527.811023][T17561] chnl_net:caif_netlink_parms(): no params data found [ 2527.821069][T17565] chnl_net:caif_netlink_parms(): no params data found [ 2527.956324][T17563] bridge0: port 1(bridge_slave_0) entered blocking state [ 2527.965203][T17563] bridge0: port 1(bridge_slave_0) entered disabled state [ 2527.974089][T17563] device bridge_slave_0 entered promiscuous mode [ 2528.000246][T17563] bridge0: port 2(bridge_slave_1) entered blocking state [ 2528.007411][T17563] bridge0: port 2(bridge_slave_1) entered disabled state [ 2528.016444][T17563] device bridge_slave_1 entered promiscuous mode [ 2528.186525][T17561] bridge0: port 1(bridge_slave_0) entered blocking state [ 2528.195383][T17561] bridge0: port 1(bridge_slave_0) entered disabled state [ 2528.204657][T17561] device bridge_slave_0 entered promiscuous mode [ 2528.325116][T17563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2528.342144][T17561] bridge0: port 2(bridge_slave_1) entered blocking state [ 2528.349786][T17561] bridge0: port 2(bridge_slave_1) entered disabled state [ 2528.358484][T17561] device bridge_slave_1 entered promiscuous mode [ 2528.370809][T17565] bridge0: port 1(bridge_slave_0) entered blocking state [ 2528.377897][T17565] bridge0: port 1(bridge_slave_0) entered disabled state [ 2528.388191][T17565] device bridge_slave_0 entered promiscuous mode [ 2528.403265][T17563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2528.514364][T17565] bridge0: port 2(bridge_slave_1) entered blocking state [ 2528.522404][T17565] bridge0: port 2(bridge_slave_1) entered disabled state [ 2528.532044][T17565] device bridge_slave_1 entered promiscuous mode [ 2528.757419][T17561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2528.897506][T17563] team0: Port device team_slave_0 added [ 2528.912574][T17561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2528.953745][T17565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2528.965603][T17563] team0: Port device team_slave_1 added [ 2528.972715][T17572] chnl_net:caif_netlink_parms(): no params data found [ 2529.008116][T17565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2529.107930][T17571] chnl_net:caif_netlink_parms(): no params data found [ 2529.120792][T17561] team0: Port device team_slave_0 added [ 2529.155197][T17569] chnl_net:caif_netlink_parms(): no params data found [ 2529.172033][T17561] team0: Port device team_slave_1 added [ 2529.285188][T17565] team0: Port device team_slave_0 added [ 2529.382347][T17563] device hsr_slave_0 entered promiscuous mode [ 2529.419876][T17563] device hsr_slave_1 entered promiscuous mode [ 2529.489241][T17563] debugfs: Directory 'hsr0' with parent '/' already present! [ 2529.498978][T17565] team0: Port device team_slave_1 added [ 2529.560952][T17572] bridge0: port 1(bridge_slave_0) entered blocking state [ 2529.568043][T17572] bridge0: port 1(bridge_slave_0) entered disabled state [ 2529.577346][T17572] device bridge_slave_0 entered promiscuous mode [ 2529.676765][T17571] bridge0: port 1(bridge_slave_0) entered blocking state [ 2529.687231][T17571] bridge0: port 1(bridge_slave_0) entered disabled state [ 2529.696548][T17571] device bridge_slave_0 entered promiscuous mode [ 2529.742855][T17561] device hsr_slave_0 entered promiscuous mode [ 2529.779855][T17561] device hsr_slave_1 entered promiscuous mode [ 2529.858940][T17561] debugfs: Directory 'hsr0' with parent '/' already present! [ 2529.871855][T17572] bridge0: port 2(bridge_slave_1) entered blocking state [ 2529.879609][T17572] bridge0: port 2(bridge_slave_1) entered disabled state [ 2529.888043][T17572] device bridge_slave_1 entered promiscuous mode [ 2529.903481][T17569] bridge0: port 1(bridge_slave_0) entered blocking state [ 2529.912379][T17569] bridge0: port 1(bridge_slave_0) entered disabled state [ 2529.921420][T17569] device bridge_slave_0 entered promiscuous mode [ 2529.930316][T17571] bridge0: port 2(bridge_slave_1) entered blocking state [ 2529.937371][T17571] bridge0: port 2(bridge_slave_1) entered disabled state [ 2529.946955][T17571] device bridge_slave_1 entered promiscuous mode [ 2530.152433][T17565] device hsr_slave_0 entered promiscuous mode [ 2530.210124][T17565] device hsr_slave_1 entered promiscuous mode [ 2530.308984][T17565] debugfs: Directory 'hsr0' with parent '/' already present! [ 2530.316781][T17569] bridge0: port 2(bridge_slave_1) entered blocking state [ 2530.324246][T17569] bridge0: port 2(bridge_slave_1) entered disabled state [ 2530.333807][T17569] device bridge_slave_1 entered promiscuous mode [ 2530.366654][T17572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2530.502355][T17572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2530.531463][T17571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2530.623020][T17569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2530.637264][T17571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2530.664973][T17569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2530.713354][T17572] team0: Port device team_slave_0 added [ 2530.740618][T17572] team0: Port device team_slave_1 added [ 2530.883451][T17571] team0: Port device team_slave_0 added [ 2530.894047][T17571] team0: Port device team_slave_1 added [ 2530.905033][T17569] team0: Port device team_slave_0 added [ 2531.023144][T17572] device hsr_slave_0 entered promiscuous mode [ 2531.140215][T17572] device hsr_slave_1 entered promiscuous mode [ 2531.199142][T17572] debugfs: Directory 'hsr0' with parent '/' already present! [ 2531.242030][T17569] team0: Port device team_slave_1 added [ 2531.463332][T17571] device hsr_slave_0 entered promiscuous mode [ 2531.589909][T17571] device hsr_slave_1 entered promiscuous mode [ 2531.668893][T17571] debugfs: Directory 'hsr0' with parent '/' already present! [ 2531.702398][T17563] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2531.883675][T17569] device hsr_slave_0 entered promiscuous mode [ 2531.991003][T17569] device hsr_slave_1 entered promiscuous mode [ 2532.029081][T17569] debugfs: Directory 'hsr0' with parent '/' already present! [ 2532.104454][T17532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2532.113264][T17532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2532.129992][T17563] 8021q: adding VLAN 0 to HW filter on device team0 [ 2532.142686][T17561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2532.250208][T17565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2532.279316][T17532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2532.288593][T17532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2532.298570][T17532] bridge0: port 1(bridge_slave_0) entered blocking state [ 2532.305720][T17532] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2532.348401][T13236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2532.357009][T13236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2532.365746][T13236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2532.375344][T13236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2532.385862][T13236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2532.394891][T13236] bridge0: port 2(bridge_slave_1) entered blocking state [ 2532.402028][T13236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2532.421566][T17561] 8021q: adding VLAN 0 to HW filter on device team0 [ 2532.470544][T17565] 8021q: adding VLAN 0 to HW filter on device team0 [ 2532.478416][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2532.492275][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2532.502239][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2532.511060][T11430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2532.551377][ T2807] device bridge_slave_1 left promiscuous mode [ 2532.557698][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2532.612020][ T2807] device bridge_slave_0 left promiscuous mode [ 2532.618353][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2532.682986][ T2807] device bridge_slave_1 left promiscuous mode [ 2532.691074][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2532.820810][ T2807] device bridge_slave_0 left promiscuous mode [ 2532.827343][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2532.882529][ T2807] device bridge_slave_1 left promiscuous mode [ 2532.889673][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2532.940569][ T2807] device bridge_slave_0 left promiscuous mode [ 2532.946835][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2533.042125][ T2807] device bridge_slave_1 left promiscuous mode [ 2533.048399][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2533.100742][ T2807] device bridge_slave_0 left promiscuous mode [ 2533.106988][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2533.182451][ T2807] device bridge_slave_1 left promiscuous mode [ 2533.188703][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2533.251095][ T2807] device bridge_slave_0 left promiscuous mode [ 2533.257318][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2533.311471][ T2807] device bridge_slave_1 left promiscuous mode [ 2533.317709][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2533.380837][ T2807] device bridge_slave_0 left promiscuous mode [ 2533.387071][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2533.461641][ T2807] device bridge_slave_1 left promiscuous mode [ 2533.467868][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2533.530565][ T2807] device bridge_slave_0 left promiscuous mode [ 2533.536796][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2533.634242][ T2807] device bridge_slave_1 left promiscuous mode [ 2533.641384][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2533.750443][ T2807] device bridge_slave_0 left promiscuous mode [ 2533.756660][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2533.851521][ T2807] device bridge_slave_1 left promiscuous mode [ 2533.857737][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2533.920700][ T2807] device bridge_slave_0 left promiscuous mode [ 2533.926943][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2533.991393][ T2807] device bridge_slave_1 left promiscuous mode [ 2533.997616][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2534.050939][ T2807] device bridge_slave_0 left promiscuous mode [ 2534.057162][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2534.131426][ T2807] device bridge_slave_1 left promiscuous mode [ 2534.137653][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2534.180567][ T2807] device bridge_slave_0 left promiscuous mode [ 2534.187683][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2534.241882][ T2807] device bridge_slave_1 left promiscuous mode [ 2534.248135][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2534.330829][ T2807] device bridge_slave_0 left promiscuous mode [ 2534.337089][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2534.402089][ T2807] device bridge_slave_1 left promiscuous mode [ 2534.408404][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2534.470636][ T2807] device bridge_slave_0 left promiscuous mode [ 2534.476888][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2534.552141][ T2807] device bridge_slave_1 left promiscuous mode [ 2534.558376][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2534.630693][ T2807] device bridge_slave_0 left promiscuous mode [ 2534.640029][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2534.811905][ T2807] device bridge_slave_1 left promiscuous mode [ 2534.818175][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2534.920765][ T2807] device bridge_slave_0 left promiscuous mode [ 2534.927020][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2534.981860][ T2807] device bridge_slave_1 left promiscuous mode [ 2534.988121][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2535.120729][ T2807] device bridge_slave_0 left promiscuous mode [ 2535.126999][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2535.202012][ T2807] device bridge_slave_1 left promiscuous mode [ 2535.208276][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2535.280675][ T2807] device bridge_slave_0 left promiscuous mode [ 2535.286920][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2535.391836][ T2807] device bridge_slave_1 left promiscuous mode [ 2535.398137][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2535.440750][ T2807] device bridge_slave_0 left promiscuous mode [ 2535.447019][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2535.495864][ T2807] device bridge_slave_1 left promiscuous mode [ 2535.503299][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2535.580791][ T2807] device bridge_slave_0 left promiscuous mode [ 2535.587027][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2535.641920][ T2807] device bridge_slave_1 left promiscuous mode [ 2535.648174][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2535.690809][ T2807] device bridge_slave_0 left promiscuous mode [ 2535.697066][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2535.801970][ T2807] device bridge_slave_1 left promiscuous mode [ 2535.808235][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2535.900739][ T2807] device bridge_slave_0 left promiscuous mode [ 2535.906997][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2536.001877][ T2807] device bridge_slave_1 left promiscuous mode [ 2536.008224][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2536.080802][ T2807] device bridge_slave_0 left promiscuous mode [ 2536.087152][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2536.161919][ T2807] device bridge_slave_1 left promiscuous mode [ 2536.168179][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2536.240613][ T2807] device bridge_slave_0 left promiscuous mode [ 2536.246880][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2536.391645][ T2807] device bridge_slave_1 left promiscuous mode [ 2536.397916][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2536.490573][ T2807] device bridge_slave_0 left promiscuous mode [ 2536.496852][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2536.561736][ T2807] device bridge_slave_1 left promiscuous mode [ 2536.568006][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2536.622317][ T2807] device bridge_slave_0 left promiscuous mode [ 2536.628599][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2536.751764][ T2807] device bridge_slave_1 left promiscuous mode [ 2536.758023][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2536.820746][ T2807] device bridge_slave_0 left promiscuous mode [ 2536.827011][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2536.891811][ T2807] device bridge_slave_1 left promiscuous mode [ 2536.898098][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2537.000505][ T2807] device bridge_slave_0 left promiscuous mode [ 2537.006771][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2537.062027][ T2807] device bridge_slave_1 left promiscuous mode [ 2537.068308][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2537.180801][ T2807] device bridge_slave_0 left promiscuous mode [ 2537.187071][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2537.262237][ T2807] device bridge_slave_1 left promiscuous mode [ 2537.268499][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2537.350432][ T2807] device bridge_slave_0 left promiscuous mode [ 2537.356705][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2537.451276][ T2807] device bridge_slave_1 left promiscuous mode [ 2537.457549][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2537.500965][ T2807] device bridge_slave_0 left promiscuous mode [ 2537.507281][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2537.591798][ T2807] device bridge_slave_1 left promiscuous mode [ 2537.598069][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2537.691410][ T2807] device bridge_slave_0 left promiscuous mode [ 2537.697673][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2537.851731][ T2807] device bridge_slave_1 left promiscuous mode [ 2537.858005][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2537.930404][ T2807] device bridge_slave_0 left promiscuous mode [ 2537.936650][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2538.001919][ T2807] device bridge_slave_1 left promiscuous mode [ 2538.008169][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2538.050537][ T2807] device bridge_slave_0 left promiscuous mode [ 2538.056789][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2538.102590][ T2807] device bridge_slave_1 left promiscuous mode [ 2538.109823][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2538.150600][ T2807] device bridge_slave_0 left promiscuous mode [ 2538.156841][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2538.201947][ T2807] device bridge_slave_1 left promiscuous mode [ 2538.208291][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2538.340378][ T2807] device bridge_slave_0 left promiscuous mode [ 2538.346615][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2538.431926][ T2807] device bridge_slave_1 left promiscuous mode [ 2538.438173][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2538.490352][ T2807] device bridge_slave_0 left promiscuous mode [ 2538.497132][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2538.571888][ T2807] device bridge_slave_1 left promiscuous mode [ 2538.578170][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2538.700229][ T2807] device bridge_slave_0 left promiscuous mode [ 2538.706499][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2538.811784][ T2807] device bridge_slave_1 left promiscuous mode [ 2538.818057][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2538.890517][ T2807] device bridge_slave_0 left promiscuous mode [ 2538.896781][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2538.951855][ T2807] device bridge_slave_1 left promiscuous mode [ 2538.958118][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2539.030700][ T2807] device bridge_slave_0 left promiscuous mode [ 2539.036979][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2539.111671][ T2807] device bridge_slave_1 left promiscuous mode [ 2539.117923][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2539.180892][ T2807] device bridge_slave_0 left promiscuous mode [ 2539.187151][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2539.271634][ T2807] device bridge_slave_1 left promiscuous mode [ 2539.277860][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2539.330509][ T2807] device bridge_slave_0 left promiscuous mode [ 2539.336719][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2539.401358][ T2807] device bridge_slave_1 left promiscuous mode [ 2539.407576][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2539.450261][ T2807] device bridge_slave_0 left promiscuous mode [ 2539.456482][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2539.511484][ T2807] device bridge_slave_1 left promiscuous mode [ 2539.517810][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2539.600072][ T2807] device bridge_slave_0 left promiscuous mode [ 2539.606302][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2539.671463][ T2807] device bridge_slave_1 left promiscuous mode [ 2539.677673][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2539.740204][ T2807] device bridge_slave_0 left promiscuous mode [ 2539.746431][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2539.813195][ T2807] device bridge_slave_1 left promiscuous mode [ 2539.820161][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2539.890302][ T2807] device bridge_slave_0 left promiscuous mode [ 2539.896709][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2540.031393][ T2807] device bridge_slave_1 left promiscuous mode [ 2540.037640][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2540.130597][ T2807] device bridge_slave_0 left promiscuous mode [ 2540.136832][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2540.222332][ T2807] device bridge_slave_1 left promiscuous mode [ 2540.228577][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2540.310131][ T2807] device bridge_slave_0 left promiscuous mode [ 2540.316356][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2540.391499][ T2807] device bridge_slave_1 left promiscuous mode [ 2540.397739][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2540.450367][ T2807] device bridge_slave_0 left promiscuous mode [ 2540.456598][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2540.561357][ T2807] device bridge_slave_1 left promiscuous mode [ 2540.567586][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2540.690364][ T2807] device bridge_slave_0 left promiscuous mode [ 2540.696690][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2540.761398][ T2807] device bridge_slave_1 left promiscuous mode [ 2540.767635][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2540.850405][ T2807] device bridge_slave_0 left promiscuous mode [ 2540.856634][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2540.913215][ T2807] device bridge_slave_1 left promiscuous mode [ 2540.920190][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2540.971155][ T2807] device bridge_slave_0 left promiscuous mode [ 2540.977373][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2541.031407][ T2807] device bridge_slave_1 left promiscuous mode [ 2541.037628][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2541.110082][ T2807] device bridge_slave_0 left promiscuous mode [ 2541.116298][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2541.171419][ T2807] device bridge_slave_1 left promiscuous mode [ 2541.177640][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2541.230448][ T2807] device bridge_slave_0 left promiscuous mode [ 2541.236710][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2541.291649][ T2807] device bridge_slave_1 left promiscuous mode [ 2541.297899][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2541.400280][ T2807] device bridge_slave_0 left promiscuous mode [ 2541.406531][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2541.461810][ T2807] device bridge_slave_1 left promiscuous mode [ 2541.468064][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2541.580786][ T2807] device bridge_slave_0 left promiscuous mode [ 2541.587062][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2541.641886][ T2807] device bridge_slave_1 left promiscuous mode [ 2541.648168][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2541.720382][ T2807] device bridge_slave_0 left promiscuous mode [ 2541.726671][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2541.781755][ T2807] device bridge_slave_1 left promiscuous mode [ 2541.788017][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2541.870200][ T2807] device bridge_slave_0 left promiscuous mode [ 2541.876507][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2541.931774][ T2807] device bridge_slave_1 left promiscuous mode [ 2541.938060][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2542.030522][ T2807] device bridge_slave_0 left promiscuous mode [ 2542.036796][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2542.091771][ T2807] device bridge_slave_1 left promiscuous mode [ 2542.098022][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2542.180425][ T2807] device bridge_slave_0 left promiscuous mode [ 2542.186675][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2542.261751][ T2807] device bridge_slave_1 left promiscuous mode [ 2542.268023][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2542.360357][ T2807] device bridge_slave_0 left promiscuous mode [ 2542.366627][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2542.421781][ T2807] device bridge_slave_1 left promiscuous mode [ 2542.428045][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2542.480473][ T2807] device bridge_slave_0 left promiscuous mode [ 2542.486740][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2542.541764][ T2807] device bridge_slave_1 left promiscuous mode [ 2542.548040][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2542.610420][ T2807] device bridge_slave_0 left promiscuous mode [ 2542.616692][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2542.671541][ T2807] device bridge_slave_1 left promiscuous mode [ 2542.677789][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2542.810296][ T2807] device bridge_slave_0 left promiscuous mode [ 2542.816631][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2542.951683][ T2807] device bridge_slave_1 left promiscuous mode [ 2542.957956][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2543.010535][ T2807] device bridge_slave_0 left promiscuous mode [ 2543.016840][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2543.096649][ T2807] device bridge_slave_1 left promiscuous mode [ 2543.103819][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2543.190260][ T2807] device bridge_slave_0 left promiscuous mode [ 2543.196546][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2543.291794][ T2807] device bridge_slave_1 left promiscuous mode [ 2543.298049][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2543.370186][ T2807] device bridge_slave_0 left promiscuous mode [ 2543.376458][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2543.492927][ T2807] device bridge_slave_1 left promiscuous mode [ 2543.500220][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2543.570289][ T2807] device bridge_slave_0 left promiscuous mode [ 2543.576550][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2543.712122][ T2807] device bridge_slave_1 left promiscuous mode [ 2543.718392][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2543.850246][ T2807] device bridge_slave_0 left promiscuous mode [ 2543.856540][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2543.941561][ T2807] device bridge_slave_1 left promiscuous mode [ 2543.947817][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2544.030249][ T2807] device bridge_slave_0 left promiscuous mode [ 2544.036517][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2544.136165][ T2807] device bridge_slave_1 left promiscuous mode [ 2544.143834][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2544.250813][ T2807] device bridge_slave_0 left promiscuous mode [ 2544.257097][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2544.301340][ T2807] device bridge_slave_1 left promiscuous mode [ 2544.307584][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2544.390054][ T2807] device bridge_slave_0 left promiscuous mode [ 2544.396294][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2544.471340][ T2807] device bridge_slave_1 left promiscuous mode [ 2544.477861][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2544.540366][ T2807] device bridge_slave_0 left promiscuous mode [ 2544.546606][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2544.650112][ T2807] device bridge_slave_1 left promiscuous mode [ 2544.656445][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2544.709907][ T2807] device bridge_slave_0 left promiscuous mode [ 2544.716162][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2544.901330][ T2807] device bridge_slave_1 left promiscuous mode [ 2544.907621][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2545.000600][ T2807] device bridge_slave_0 left promiscuous mode [ 2545.007195][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2545.061343][ T2807] device bridge_slave_1 left promiscuous mode [ 2545.067611][ T2807] bridge0: port 2(bridge_slave_1) entered disabled state [ 2545.139690][ T2807] device bridge_slave_0 left promiscuous mode [ 2545.146462][ T2807] bridge0: port 1(bridge_slave_0) entered disabled state [ 2695.169165][ T1053] INFO: task kworker/1:8:11102 blocked for more than 143 seconds. [ 2695.177028][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2695.198873][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2695.207672][ T1053] kworker/1:8 D26304 11102 2 0x80004000 [ 2695.228895][ T1053] Workqueue: events linkwatch_event [ 2695.234123][ T1053] Call Trace: [ 2695.237452][ T1053] __schedule+0x94f/0x1e70 [ 2695.258834][ T1053] ? __sched_text_start+0x8/0x8 [ 2695.263725][ T1053] ? __kasan_check_read+0x11/0x20 [ 2695.278849][ T1053] ? _raw_spin_unlock_irq+0x5e/0x90 [ 2695.284130][ T1053] schedule+0xd9/0x260 [ 2695.288207][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2695.309744][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2695.314369][ T1053] ? rtnl_lock+0x17/0x20 [ 2695.318632][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2695.338833][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2695.345121][ T1053] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2695.358825][ T1053] mutex_lock_nested+0x16/0x20 [ 2695.363629][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2695.368577][ T1053] rtnl_lock+0x17/0x20 [ 2695.373123][ T1053] linkwatch_event+0xf/0x70 [ 2695.377636][ T1053] process_one_work+0x9af/0x1740 [ 2695.382960][ T1053] ? pwq_dec_nr_in_flight+0x320/0x320 [ 2695.388424][ T1053] ? lock_acquire+0x190/0x410 [ 2695.394512][ T1053] worker_thread+0x98/0xe40 [ 2695.399333][ T1053] kthread+0x361/0x430 [ 2695.403406][ T1053] ? process_one_work+0x1740/0x1740 [ 2695.409326][ T1053] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2695.415640][ T1053] ret_from_fork+0x24/0x30 [ 2695.420500][ T1053] INFO: task kworker/0:4:13236 blocked for more than 143 seconds. [ 2695.428303][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2695.433668][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2695.443725][ T1053] kworker/0:4 D26480 13236 2 0x80004000 [ 2695.450960][ T1053] Workqueue: ipv6_addrconf addrconf_dad_work [ 2695.457049][ T1053] Call Trace: [ 2695.460911][ T1053] __schedule+0x94f/0x1e70 [ 2695.465350][ T1053] ? __sched_text_start+0x8/0x8 [ 2695.470587][ T1053] ? __kasan_check_read+0x11/0x20 [ 2695.475667][ T1053] ? _raw_spin_unlock_irq+0x5e/0x90 [ 2695.488820][ T1053] schedule+0xd9/0x260 [ 2695.493015][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2695.498476][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2695.519015][ T1053] ? rtnl_lock+0x17/0x20 [ 2695.523859][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2695.528742][ T1053] ? mark_lock+0xc2/0x1220 [ 2695.533684][ T1053] mutex_lock_nested+0x16/0x20 [ 2695.538449][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2695.545166][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2695.558862][ T1053] rtnl_lock+0x17/0x20 [ 2695.562952][ T1053] addrconf_dad_work+0xad/0x1150 [ 2695.578883][ T1053] ? addrconf_dad_completed+0xbb0/0xbb0 [ 2695.584462][ T1053] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2695.598925][ T1053] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2695.604943][ T1053] ? trace_hardirqs_on+0x67/0x240 [ 2695.628885][ T1053] process_one_work+0x9af/0x1740 [ 2695.634482][ T1053] ? pwq_dec_nr_in_flight+0x320/0x320 [ 2695.649826][ T1053] ? lock_acquire+0x190/0x410 [ 2695.654558][ T1053] worker_thread+0x98/0xe40 [ 2695.668824][ T1053] ? trace_hardirqs_on+0x67/0x240 [ 2695.674363][ T1053] kthread+0x361/0x430 [ 2695.678437][ T1053] ? process_one_work+0x1740/0x1740 [ 2695.684107][ T1053] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2695.690721][ T1053] ret_from_fork+0x24/0x30 [ 2695.695198][ T1053] INFO: task kworker/1:3:15053 blocked for more than 143 seconds. [ 2695.703623][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2695.709089][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2695.718045][ T1053] kworker/1:3 D25920 15053 2 0x80004000 [ 2695.724960][ T1053] Workqueue: events switchdev_deferred_process_work [ 2695.732786][ T1053] Call Trace: [ 2695.736118][ T1053] __schedule+0x94f/0x1e70 [ 2695.741116][ T1053] ? __sched_text_start+0x8/0x8 [ 2695.745983][ T1053] ? __kasan_check_read+0x11/0x20 [ 2695.751357][ T1053] ? _raw_spin_unlock_irq+0x5e/0x90 [ 2695.756565][ T1053] schedule+0xd9/0x260 [ 2695.761032][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2695.766526][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2695.772535][ T1053] ? rtnl_lock+0x17/0x20 [ 2695.776799][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2695.798828][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2695.805208][ T1053] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2695.818969][ T1053] mutex_lock_nested+0x16/0x20 [ 2695.823849][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2695.838823][ T1053] rtnl_lock+0x17/0x20 [ 2695.842930][ T1053] switchdev_deferred_process_work+0xe/0x20 [ 2695.849321][ T1053] process_one_work+0x9af/0x1740 [ 2695.854457][ T1053] ? pwq_dec_nr_in_flight+0x320/0x320 [ 2695.860613][ T1053] ? lock_acquire+0x190/0x410 [ 2695.865491][ T1053] worker_thread+0x98/0xe40 [ 2695.870703][ T1053] ? trace_hardirqs_on+0x67/0x240 [ 2695.875752][ T1053] kthread+0x361/0x430 [ 2695.880159][ T1053] ? process_one_work+0x1740/0x1740 [ 2695.885360][ T1053] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2695.892019][ T1053] ret_from_fork+0x24/0x30 [ 2695.896492][ T1053] INFO: task kworker/1:12:16175 blocked for more than 144 seconds. [ 2695.904743][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2695.910036][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2695.919150][ T1053] kworker/1:12 D27048 16175 2 0x80004000 [ 2695.925511][ T1053] Workqueue: ipv6_addrconf addrconf_dad_work [ 2695.931922][ T1053] Call Trace: [ 2695.935264][ T1053] __schedule+0x94f/0x1e70 [ 2695.940212][ T1053] ? __sched_text_start+0x8/0x8 [ 2695.945075][ T1053] ? __kasan_check_read+0x11/0x20 [ 2695.969168][ T1053] ? _raw_spin_unlock_irq+0x5e/0x90 [ 2695.974514][ T1053] schedule+0xd9/0x260 [ 2695.978589][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2695.998850][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2696.003482][ T1053] ? rtnl_lock+0x17/0x20 [ 2696.008224][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2696.013498][ T1053] ? mark_lock+0xc2/0x1220 [ 2696.018379][ T1053] mutex_lock_nested+0x16/0x20 [ 2696.023477][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2696.030011][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2696.034952][ T1053] rtnl_lock+0x17/0x20 [ 2696.039323][ T1053] addrconf_dad_work+0xad/0x1150 [ 2696.044283][ T1053] ? addrconf_dad_completed+0xbb0/0xbb0 [ 2696.050701][ T1053] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2696.056259][ T1053] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2696.062545][ T1053] ? trace_hardirqs_on+0x67/0x240 [ 2696.067581][ T1053] process_one_work+0x9af/0x1740 [ 2696.072927][ T1053] ? pwq_dec_nr_in_flight+0x320/0x320 [ 2696.078312][ T1053] ? lock_acquire+0x190/0x410 [ 2696.083317][ T1053] worker_thread+0x98/0xe40 [ 2696.087840][ T1053] ? trace_hardirqs_on+0x67/0x240 [ 2696.093268][ T1053] kthread+0x361/0x430 [ 2696.097353][ T1053] ? process_one_work+0x1740/0x1740 [ 2696.102951][ T1053] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2696.110443][ T1053] ret_from_fork+0x24/0x30 [ 2696.114980][ T1053] INFO: task syz-executor.3:17561 blocked for more than 144 seconds. [ 2696.123629][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2696.128672][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2696.137828][ T1053] syz-executor.3 D24288 17561 1 0x00004004 [ 2696.148362][ T1053] Call Trace: [ 2696.151950][ T1053] __schedule+0x94f/0x1e70 [ 2696.156376][ T1053] ? __sched_text_start+0x8/0x8 [ 2696.162064][ T1053] ? lock_downgrade+0x920/0x920 [ 2696.166920][ T1053] ? rwlock_bug.part.0+0x90/0x90 [ 2696.173090][ T1053] schedule+0xd9/0x260 [ 2696.177165][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2696.183480][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2696.188079][ T1053] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 2696.193523][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2696.198294][ T1053] ? find_held_lock+0x35/0x130 [ 2696.203477][ T1053] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 2696.208603][ T1053] ? lock_downgrade+0x920/0x920 [ 2696.214225][ T1053] ? rcu_read_lock_held_common+0x130/0x130 [ 2696.228849][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2696.235129][ T1053] mutex_lock_nested+0x16/0x20 [ 2696.248799][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2696.254097][ T1053] rtnetlink_rcv_msg+0x40a/0xb00 [ 2696.268814][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2696.274121][ T1053] ? lock_downgrade+0x920/0x920 [ 2696.288864][ T1053] ? netlink_deliver_tap+0x22d/0xbf0 [ 2696.294181][ T1053] ? find_held_lock+0x35/0x130 [ 2696.308814][ T1053] netlink_rcv_skb+0x177/0x450 [ 2696.313608][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2696.339256][ T1053] ? netlink_ack+0xb50/0xb50 [ 2696.343881][ T1053] ? __kasan_check_read+0x11/0x20 [ 2696.349560][ T1053] ? netlink_deliver_tap+0x254/0xbf0 [ 2696.355133][ T1053] rtnetlink_rcv+0x1d/0x30 [ 2696.359862][ T1053] netlink_unicast+0x531/0x710 [ 2696.364639][ T1053] ? netlink_attachskb+0x7c0/0x7c0 [ 2696.370461][ T1053] ? _copy_from_iter_full+0x25d/0x8c0 [ 2696.375843][ T1053] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2696.381905][ T1053] ? __check_object_size+0x3d/0x437 [ 2696.387116][ T1053] netlink_sendmsg+0x8a5/0xd60 [ 2696.392239][ T1053] ? netlink_unicast+0x710/0x710 [ 2696.397184][ T1053] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 2696.403097][ T1053] ? apparmor_socket_sendmsg+0x2a/0x30 [ 2696.408568][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2696.415176][ T1053] ? security_socket_sendmsg+0x8d/0xc0 [ 2696.421212][ T1053] ? netlink_unicast+0x710/0x710 [ 2696.426160][ T1053] sock_sendmsg+0xd7/0x130 [ 2696.430919][ T1053] __sys_sendto+0x262/0x380 [ 2696.435518][ T1053] ? __ia32_sys_getpeername+0xb0/0xb0 [ 2696.441348][ T1053] ? lock_downgrade+0x920/0x920 [ 2696.446207][ T1053] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2696.452059][ T1053] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 2696.457701][ T1053] ? unlock_page_memcg+0x40/0x40 [ 2696.462964][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2696.468451][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2696.474347][ T1053] ? do_syscall_64+0x26/0x760 [ 2696.479391][ T1053] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2696.485490][ T1053] __x64_sys_sendto+0xe1/0x1a0 [ 2696.491100][ T1053] do_syscall_64+0xfa/0x760 [ 2696.499598][ T1053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2696.506103][ T1053] RIP: 0033:0x4138a3 [ 2696.510334][ T1053] Code: 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 b0 39 41 00 e9 1a ff ff ff bf b5 30 44 00 b9 18 00 00 00 48 89 ee f3 a6 <75> 0c 48 c7 03 10 37 41 00 e9 fd fe ff ff bf cd 30 44 00 b9 0a 00 [ 2696.530308][ T1053] RSP: 002b:00007ffc7798ddb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 2696.538726][ T1053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004138a3 [ 2696.547540][ T1053] RDX: 0000000000000040 RSI: 0000000000a70070 RDI: 0000000000000003 [ 2696.555932][ T1053] RBP: 00007ffc7798de20 R08: 00007ffc7798ddc0 R09: 000000000000000c [ 2696.565190][ T1053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2696.577723][ T1053] R13: 00000000004bed41 R14: 0000000000000000 R15: 0000000000000006 [ 2696.586425][ T1053] INFO: task syz-executor.5:17563 blocked for more than 144 seconds. [ 2696.595245][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2696.600519][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2696.609408][ T1053] syz-executor.5 D24288 17563 1 0x00000004 [ 2696.615746][ T1053] Call Trace: [ 2696.619388][ T1053] __schedule+0x94f/0x1e70 [ 2696.623844][ T1053] ? __sched_text_start+0x8/0x8 [ 2696.628696][ T1053] ? lock_downgrade+0x920/0x920 [ 2696.634084][ T1053] ? rwlock_bug.part.0+0x90/0x90 [ 2696.639342][ T1053] schedule+0xd9/0x260 [ 2696.643417][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2696.649188][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2696.653783][ T1053] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 2696.659213][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2696.663980][ T1053] ? find_held_lock+0x35/0x130 [ 2696.669065][ T1053] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 2696.674189][ T1053] ? lock_downgrade+0x920/0x920 [ 2696.679614][ T1053] ? rcu_read_lock_held_common+0x130/0x130 [ 2696.685568][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2696.692807][ T1053] mutex_lock_nested+0x16/0x20 [ 2696.697599][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2696.702926][ T1053] rtnetlink_rcv_msg+0x40a/0xb00 [ 2696.707885][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2696.713649][ T1053] ? lock_downgrade+0x920/0x920 [ 2696.718514][ T1053] ? netlink_deliver_tap+0x22d/0xbf0 [ 2696.724863][ T1053] ? find_held_lock+0x35/0x130 [ 2696.730997][ T1053] netlink_rcv_skb+0x177/0x450 [ 2696.735795][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2696.741473][ T1053] ? netlink_ack+0xb50/0xb50 [ 2696.746072][ T1053] ? __kasan_check_read+0x11/0x20 [ 2696.751487][ T1053] ? netlink_deliver_tap+0x254/0xbf0 [ 2696.756791][ T1053] rtnetlink_rcv+0x1d/0x30 [ 2696.778860][ T1053] netlink_unicast+0x531/0x710 [ 2696.783761][ T1053] ? netlink_attachskb+0x7c0/0x7c0 [ 2696.798808][ T1053] ? _copy_from_iter_full+0x25d/0x8c0 [ 2696.806104][ T1053] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2696.828809][ T1053] ? __check_object_size+0x3d/0x437 [ 2696.834235][ T1053] netlink_sendmsg+0x8a5/0xd60 [ 2696.848898][ T1053] ? netlink_unicast+0x710/0x710 [ 2696.853962][ T1053] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 2696.860399][ T1053] ? apparmor_socket_sendmsg+0x2a/0x30 [ 2696.865872][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2696.888122][ T1053] ? security_socket_sendmsg+0x8d/0xc0 [ 2696.893952][ T1053] ? netlink_unicast+0x710/0x710 [ 2696.899072][ T1053] sock_sendmsg+0xd7/0x130 [ 2696.903495][ T1053] __sys_sendto+0x262/0x380 [ 2696.907995][ T1053] ? __ia32_sys_getpeername+0xb0/0xb0 [ 2696.913506][ T1053] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2696.919877][ T1053] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2696.925432][ T1053] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2696.931571][ T1053] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2696.937827][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2696.943452][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2696.949085][ T1053] ? do_syscall_64+0x26/0x760 [ 2696.953769][ T1053] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2696.959992][ T1053] __x64_sys_sendto+0xe1/0x1a0 [ 2696.964860][ T1053] do_syscall_64+0xfa/0x760 [ 2696.969469][ T1053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2696.975989][ T1053] RIP: 0033:0x4138a3 [ 2696.980032][ T1053] Code: 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 b0 39 41 00 e9 1a ff ff ff bf b5 30 44 00 b9 18 00 00 00 48 89 ee f3 a6 <75> 0c 48 c7 03 10 37 41 00 e9 fd fe ff ff bf cd 30 44 00 b9 0a 00 [ 2697.000731][ T1053] RSP: 002b:00007ffcaf4595c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 2697.009694][ T1053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004138a3 [ 2697.017676][ T1053] RDX: 0000000000000040 RSI: 0000000000a70070 RDI: 0000000000000003 [ 2697.027185][ T1053] RBP: 0000000000000000 R08: 00007ffcaf4595d0 R09: 000000000000000c [ 2697.035490][ T1053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 2697.043949][ T1053] R13: 0000000000000003 R14: 00007ffcaf459678 R15: 0000000000000006 [ 2697.059286][ T1053] INFO: task syz-executor.2:17565 blocked for more than 145 seconds. [ 2697.067381][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2697.089155][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2697.097857][ T1053] syz-executor.2 D24288 17565 1 0x00000004 [ 2697.118859][ T1053] Call Trace: [ 2697.122201][ T1053] __schedule+0x94f/0x1e70 [ 2697.126632][ T1053] ? __sched_text_start+0x8/0x8 [ 2697.148966][ T1053] ? lock_downgrade+0x920/0x920 [ 2697.153846][ T1053] ? rwlock_bug.part.0+0x90/0x90 [ 2697.168924][ T1053] schedule+0xd9/0x260 [ 2697.173084][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2697.179216][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2697.183833][ T1053] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 2697.198822][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2697.203616][ T1053] ? find_held_lock+0x35/0x130 [ 2697.208376][ T1053] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 2697.228878][ T1053] ? lock_downgrade+0x920/0x920 [ 2697.233793][ T1053] ? rcu_read_lock_held_common+0x130/0x130 [ 2697.248871][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2697.255217][ T1053] mutex_lock_nested+0x16/0x20 [ 2697.260033][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2697.264981][ T1053] rtnetlink_rcv_msg+0x40a/0xb00 [ 2697.270390][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2697.275680][ T1053] ? lock_downgrade+0x920/0x920 [ 2697.280922][ T1053] ? netlink_deliver_tap+0x22d/0xbf0 [ 2697.286220][ T1053] ? find_held_lock+0x35/0x130 [ 2697.291362][ T1053] netlink_rcv_skb+0x177/0x450 [ 2697.296131][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2697.301742][ T1053] ? netlink_ack+0xb50/0xb50 [ 2697.306338][ T1053] ? __kasan_check_read+0x11/0x20 [ 2697.311719][ T1053] ? netlink_deliver_tap+0x254/0xbf0 [ 2697.317018][ T1053] rtnetlink_rcv+0x1d/0x30 [ 2697.321870][ T1053] netlink_unicast+0x531/0x710 [ 2697.326643][ T1053] ? netlink_attachskb+0x7c0/0x7c0 [ 2697.332076][ T1053] ? _copy_from_iter_full+0x25d/0x8c0 [ 2697.337455][ T1053] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2697.343688][ T1053] ? __check_object_size+0x3d/0x437 [ 2697.349243][ T1053] netlink_sendmsg+0x8a5/0xd60 [ 2697.354018][ T1053] ? netlink_unicast+0x710/0x710 [ 2697.359423][ T1053] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 2697.364977][ T1053] ? apparmor_socket_sendmsg+0x2a/0x30 [ 2697.370845][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2697.377092][ T1053] ? security_socket_sendmsg+0x8d/0xc0 [ 2697.382964][ T1053] ? netlink_unicast+0x710/0x710 [ 2697.387925][ T1053] sock_sendmsg+0xd7/0x130 [ 2697.393057][ T1053] __sys_sendto+0x262/0x380 [ 2697.397569][ T1053] ? __ia32_sys_getpeername+0xb0/0xb0 [ 2697.403276][ T1053] ? lock_downgrade+0x920/0x920 [ 2697.408222][ T1053] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2697.414076][ T1053] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 2697.420009][ T1053] ? unlock_page_memcg+0x40/0x40 [ 2697.424950][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2697.430725][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2697.436184][ T1053] ? do_syscall_64+0x26/0x760 [ 2697.441206][ T1053] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2697.447286][ T1053] __x64_sys_sendto+0xe1/0x1a0 [ 2697.452395][ T1053] do_syscall_64+0xfa/0x760 [ 2697.456908][ T1053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2697.463260][ T1053] RIP: 0033:0x4138a3 [ 2697.467158][ T1053] Code: 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 b0 39 41 00 e9 1a ff ff ff bf b5 30 44 00 b9 18 00 00 00 48 89 ee f3 a6 <75> 0c 48 c7 03 10 37 41 00 e9 fd fe ff ff bf cd 30 44 00 b9 0a 00 [ 2697.487177][ T1053] RSP: 002b:00007fffc165c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 2697.496289][ T1053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004138a3 [ 2697.504651][ T1053] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 2697.512964][ T1053] RBP: 00007fffc165c0a0 R08: 00007fffc165c040 R09: 000000000000000c [ 2697.521264][ T1053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2697.529579][ T1053] R13: 00000000004bed31 R14: 0000000000000000 R15: 0000000000000006 [ 2697.537620][ T1053] INFO: task syz-executor.1:17569 blocked for more than 145 seconds. [ 2697.568947][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2697.574000][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2697.583032][ T1053] syz-executor.1 D24288 17569 1 0x00000004 [ 2697.589720][ T1053] Call Trace: [ 2697.593021][ T1053] __schedule+0x94f/0x1e70 [ 2697.597445][ T1053] ? __sched_text_start+0x8/0x8 [ 2697.602755][ T1053] ? lock_downgrade+0x920/0x920 [ 2697.607612][ T1053] ? rwlock_bug.part.0+0x90/0x90 [ 2697.612889][ T1053] schedule+0xd9/0x260 [ 2697.616968][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2697.622840][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2697.627451][ T1053] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 2697.633029][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2697.637800][ T1053] ? find_held_lock+0x35/0x130 [ 2697.642899][ T1053] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 2697.648026][ T1053] ? lock_downgrade+0x920/0x920 [ 2697.654391][ T1053] ? rcu_read_lock_held_common+0x130/0x130 [ 2697.660593][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2697.666843][ T1053] mutex_lock_nested+0x16/0x20 [ 2697.688808][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2697.693824][ T1053] rtnetlink_rcv_msg+0x40a/0xb00 [ 2697.699286][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2697.704580][ T1053] ? lock_downgrade+0x920/0x920 [ 2697.725880][ T1053] ? netlink_deliver_tap+0x22d/0xbf0 [ 2697.738858][ T1053] ? find_held_lock+0x35/0x130 [ 2697.743717][ T1053] netlink_rcv_skb+0x177/0x450 [ 2697.748577][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2697.754617][ T1053] ? netlink_ack+0xb50/0xb50 [ 2697.759565][ T1053] ? __kasan_check_read+0x11/0x20 [ 2697.764617][ T1053] ? netlink_deliver_tap+0x254/0xbf0 [ 2697.770308][ T1053] rtnetlink_rcv+0x1d/0x30 [ 2697.774734][ T1053] netlink_unicast+0x531/0x710 [ 2697.779862][ T1053] ? netlink_attachskb+0x7c0/0x7c0 [ 2697.784979][ T1053] ? _copy_from_iter_full+0x25d/0x8c0 [ 2697.790720][ T1053] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2697.796463][ T1053] ? __check_object_size+0x3d/0x437 [ 2697.802052][ T1053] netlink_sendmsg+0x8a5/0xd60 [ 2697.806839][ T1053] ? netlink_unicast+0x710/0x710 [ 2697.813120][ T1053] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 2697.818686][ T1053] ? apparmor_socket_sendmsg+0x2a/0x30 [ 2697.828950][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2697.839117][ T1053] ? security_socket_sendmsg+0x8d/0xc0 [ 2697.844594][ T1053] ? netlink_unicast+0x710/0x710 [ 2697.868812][ T1053] sock_sendmsg+0xd7/0x130 [ 2697.873312][ T1053] __sys_sendto+0x262/0x380 [ 2697.877827][ T1053] ? __ia32_sys_getpeername+0xb0/0xb0 [ 2697.888927][ T1053] ? lock_downgrade+0x920/0x920 [ 2697.893893][ T1053] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2697.908848][ T1053] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 2697.914599][ T1053] ? unlock_page_memcg+0x40/0x40 [ 2697.919986][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2697.925451][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2697.931406][ T1053] ? do_syscall_64+0x26/0x760 [ 2697.936110][ T1053] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2697.942605][ T1053] __x64_sys_sendto+0xe1/0x1a0 [ 2697.947381][ T1053] do_syscall_64+0xfa/0x760 [ 2697.952356][ T1053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2697.958254][ T1053] RIP: 0033:0x4138a3 [ 2697.962576][ T1053] Code: 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 b0 39 41 00 e9 1a ff ff ff bf b5 30 44 00 b9 18 00 00 00 48 89 ee f3 a6 <75> 0c 48 c7 03 10 37 41 00 e9 fd fe ff ff bf cd 30 44 00 b9 0a 00 [ 2697.983019][ T1053] RSP: 002b:00007ffedb6bd0f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 2697.998807][ T1053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004138a3 [ 2698.006924][ T1053] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 2698.018829][ T1053] RBP: 00007ffedb6bd160 R08: 00007ffedb6bd100 R09: 000000000000000c [ 2698.026860][ T1053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2698.048912][ T1053] R13: 00000000004bed04 R14: 0000000000000000 R15: 0000000000000000 [ 2698.056967][ T1053] INFO: task syz-executor.0:17571 blocked for more than 146 seconds. [ 2698.078811][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2698.083866][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2698.092924][ T1053] syz-executor.0 D24288 17571 1 0x00004004 [ 2698.099585][ T1053] Call Trace: [ 2698.102891][ T1053] __schedule+0x94f/0x1e70 [ 2698.107313][ T1053] ? __sched_text_start+0x8/0x8 [ 2698.112796][ T1053] ? lock_downgrade+0x920/0x920 [ 2698.117666][ T1053] ? rwlock_bug.part.0+0x90/0x90 [ 2698.123013][ T1053] schedule+0xd9/0x260 [ 2698.127094][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2698.133170][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2698.137800][ T1053] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 2698.143279][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2698.148045][ T1053] ? find_held_lock+0x35/0x130 [ 2698.153161][ T1053] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 2698.158286][ T1053] ? lock_downgrade+0x920/0x920 [ 2698.168884][ T1053] ? rcu_read_lock_held_common+0x130/0x130 [ 2698.174718][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2698.198868][ T1053] mutex_lock_nested+0x16/0x20 [ 2698.203670][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2698.208608][ T1053] rtnetlink_rcv_msg+0x40a/0xb00 [ 2698.228927][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2698.234244][ T1053] ? lock_downgrade+0x920/0x920 [ 2698.248811][ T1053] ? netlink_deliver_tap+0x22d/0xbf0 [ 2698.254145][ T1053] ? find_held_lock+0x35/0x130 [ 2698.259382][ T1053] netlink_rcv_skb+0x177/0x450 [ 2698.264208][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2698.269876][ T1053] ? netlink_ack+0xb50/0xb50 [ 2698.274466][ T1053] ? __kasan_check_read+0x11/0x20 [ 2698.279828][ T1053] ? netlink_deliver_tap+0x254/0xbf0 [ 2698.285122][ T1053] rtnetlink_rcv+0x1d/0x30 [ 2698.289893][ T1053] netlink_unicast+0x531/0x710 [ 2698.294661][ T1053] ? netlink_attachskb+0x7c0/0x7c0 [ 2698.300509][ T1053] ? _copy_from_iter_full+0x25d/0x8c0 [ 2698.305888][ T1053] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2698.312107][ T1053] ? __check_object_size+0x3d/0x437 [ 2698.317319][ T1053] netlink_sendmsg+0x8a5/0xd60 [ 2698.322432][ T1053] ? netlink_unicast+0x710/0x710 [ 2698.327368][ T1053] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 2698.333521][ T1053] ? apparmor_socket_sendmsg+0x2a/0x30 [ 2698.348804][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2698.355079][ T1053] ? security_socket_sendmsg+0x8d/0xc0 [ 2698.360999][ T1053] ? netlink_unicast+0x710/0x710 [ 2698.365941][ T1053] sock_sendmsg+0xd7/0x130 [ 2698.378812][ T1053] __sys_sendto+0x262/0x380 [ 2698.383339][ T1053] ? __ia32_sys_getpeername+0xb0/0xb0 [ 2698.388721][ T1053] ? lock_downgrade+0x920/0x920 [ 2698.408867][ T1053] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2698.414217][ T1053] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 2698.438857][ T1053] ? unlock_page_memcg+0x40/0x40 [ 2698.443867][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2698.450413][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2698.455885][ T1053] ? do_syscall_64+0x26/0x760 [ 2698.468855][ T1053] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2698.474984][ T1053] __x64_sys_sendto+0xe1/0x1a0 [ 2698.479840][ T1053] do_syscall_64+0xfa/0x760 [ 2698.484353][ T1053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2698.508889][ T1053] RIP: 0033:0x4138a3 [ 2698.512823][ T1053] Code: 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 b0 39 41 00 e9 1a ff ff ff bf b5 30 44 00 b9 18 00 00 00 48 89 ee f3 a6 <75> 0c 48 c7 03 10 37 41 00 e9 fd fe ff ff bf cd 30 44 00 b9 0a 00 [ 2698.558892][ T1053] RSP: 002b:00007fff747a3758 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 2698.567344][ T1053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004138a3 [ 2698.588898][ T1053] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 2698.597522][ T1053] RBP: 00007fff747a37c0 R08: 00007fff747a3760 R09: 000000000000000c [ 2698.605966][ T1053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2698.614455][ T1053] R13: 00000000004bed04 R14: 0000000000000000 R15: 0000000000000000 [ 2698.623134][ T1053] INFO: task syz-executor.4:17572 blocked for more than 146 seconds. [ 2698.631956][ T1053] Not tainted 5.4.0-rc1+ #0 [ 2698.636978][ T1053] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2698.645976][ T1053] syz-executor.4 D24288 17572 1 0x00000004 [ 2698.652771][ T1053] Call Trace: [ 2698.656069][ T1053] __schedule+0x94f/0x1e70 [ 2698.660794][ T1053] ? __sched_text_start+0x8/0x8 [ 2698.665718][ T1053] ? lock_downgrade+0x920/0x920 [ 2698.678802][ T1053] ? rwlock_bug.part.0+0x90/0x90 [ 2698.683770][ T1053] schedule+0xd9/0x260 [ 2698.687843][ T1053] schedule_preempt_disabled+0x13/0x20 [ 2698.708896][ T1053] __mutex_lock+0x7b0/0x13c0 [ 2698.713530][ T1053] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 2698.718645][ T1053] ? mutex_trylock+0x2d0/0x2d0 [ 2698.738829][ T1053] ? find_held_lock+0x35/0x130 [ 2698.743651][ T1053] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 2698.758835][ T1053] ? lock_downgrade+0x920/0x920 [ 2698.763898][ T1053] ? rcu_read_lock_held_common+0x130/0x130 [ 2698.770228][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2698.776484][ T1053] mutex_lock_nested+0x16/0x20 [ 2698.781598][ T1053] ? mutex_lock_nested+0x16/0x20 [ 2698.786541][ T1053] rtnetlink_rcv_msg+0x40a/0xb00 [ 2698.791901][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2698.797189][ T1053] ? lock_downgrade+0x920/0x920 [ 2698.802368][ T1053] ? netlink_deliver_tap+0x22d/0xbf0 [ 2698.807653][ T1053] ? find_held_lock+0x35/0x130 [ 2698.812805][ T1053] netlink_rcv_skb+0x177/0x450 [ 2698.817577][ T1053] ? rtnl_bridge_getlink+0x910/0x910 [ 2698.823182][ T1053] ? netlink_ack+0xb50/0xb50 [ 2698.827771][ T1053] ? __kasan_check_read+0x11/0x20 [ 2698.833296][ T1053] ? netlink_deliver_tap+0x254/0xbf0 [ 2698.838675][ T1053] rtnetlink_rcv+0x1d/0x30 [ 2698.843472][ T1053] netlink_unicast+0x531/0x710 [ 2698.848241][ T1053] ? netlink_attachskb+0x7c0/0x7c0 [ 2698.868902][ T1053] ? _copy_from_iter_full+0x25d/0x8c0 [ 2698.874318][ T1053] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2698.888895][ T1053] ? __check_object_size+0x3d/0x437 [ 2698.894122][ T1053] netlink_sendmsg+0x8a5/0xd60 [ 2698.909031][ T1053] ? netlink_unicast+0x710/0x710 [ 2698.913990][ T1053] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 2698.928953][ T1053] ? apparmor_socket_sendmsg+0x2a/0x30 [ 2698.934453][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2698.941244][ T1053] ? security_socket_sendmsg+0x8d/0xc0 [ 2698.946714][ T1053] ? netlink_unicast+0x710/0x710 [ 2698.952075][ T1053] sock_sendmsg+0xd7/0x130 [ 2698.953035][ T2807] kobject: 'vlan0' (000000005e6e5d48): kobject_uevent_env [ 2698.956563][ T1053] __sys_sendto+0x262/0x380 [ 2698.969005][ T1053] ? __ia32_sys_getpeername+0xb0/0xb0 [ 2698.974397][ T1053] ? lock_downgrade+0x920/0x920 [ 2698.978915][ T2807] kobject: 'vlan0' (000000005e6e5d48): kobject_uevent_env: attempted to send uevent without kset! [ 2698.979626][ T1053] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2698.995539][ T1053] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 2698.998892][ T2807] kobject: 'mesh' (000000006573fc0b): kobject_cleanup, parent 0000000063316e67 [ 2699.001730][ T1053] ? unlock_page_memcg+0x40/0x40 [ 2699.010472][ T2807] kobject: 'mesh' (000000006573fc0b): calling ktype release [ 2699.022517][ T2807] kobject: (000000006573fc0b): dynamic_kobj_release [ 2699.028803][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2699.029828][ T2807] kobject: 'mesh': free name [ 2699.034570][ T1053] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2699.040960][ T2807] kobject: 'vlan0' (000000005e6e5d48): kobject_cleanup, parent 0000000063316e67 [ 2699.055735][ T2807] kobject: 'vlan0' (000000005e6e5d48): calling ktype release [ 2699.058809][ T1053] ? do_syscall_64+0x26/0x760 [ 2699.063600][ T2807] kobject: (000000005e6e5d48): dynamic_kobj_release [ 2699.067867][ T1053] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2699.074835][ T2807] kobject: 'vlan0': free name [ 2699.098903][ T1053] __x64_sys_sendto+0xe1/0x1a0 [ 2699.103713][ T1053] do_syscall_64+0xfa/0x760 [ 2699.108221][ T1053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2699.128865][ T1053] RIP: 0033:0x4138a3 [ 2699.133137][ T1053] Code: 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 b0 39 41 00 e9 1a ff ff ff bf b5 30 44 00 b9 18 00 00 00 48 89 ee f3 a6 <75> 0c 48 c7 03 10 37 41 00 e9 fd fe ff ff bf cd 30 44 00 b9 0a 00 [ 2699.153647][ T1053] RSP: 002b:00007ffe50db6c28 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 2699.162395][ T1053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004138a3 [ 2699.171193][ T1053] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 2699.179479][ T1053] RBP: 00007ffe50db6c90 R08: 00007ffe50db6c30 R09: 000000000000000c [ 2699.187451][ T1053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2699.195785][ T1053] R13: 00000000004bec7a R14: 0000000000000000 R15: 0000000000000006 [ 2699.204108][ T1053] [ 2699.204108][ T1053] Showing all locks held in the system: [ 2699.212747][ T1053] 1 lock held by khungtaskd/1053: [ 2699.217774][ T1053] #0: ffffffff88faae40 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 2699.227610][ T1053] 4 locks held by kworker/u4:5/2807: [ 2699.233320][ T1053] 1 lock held by rsyslogd/8745: [ 2699.238170][ T1053] #0: ffff888094a6d1a0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 2699.247234][ T1053] 2 locks held by getty/8835: [ 2699.252342][ T1053] #0: ffff888090bd66d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2699.278989][ T1053] #1: ffffc90005f192e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 2699.288706][ T1053] 2 locks held by getty/8836: [ 2699.308853][ T1053] #0: ffff8880a5e305d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2699.317840][ T1053] #1: ffffc90005f392e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 2699.327935][ T1053] 2 locks held by getty/8837: [ 2699.338862][ T1053] #0: ffff8880a6de4f50 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2699.347856][ T1053] #1: ffffc90005f3d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 2699.378812][ T1053] 2 locks held by getty/8838: [ 2699.383522][ T1053] #0: ffff88808ca76390 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2699.409195][ T1053] #1: ffffc90005f212e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 2699.419298][ T1053] 2 locks held by getty/8839: [ 2699.423970][ T1053] #0: ffff888095dc4590 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2699.448869][ T1053] #1: ffffc90005f412e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 2699.458474][ T1053] 2 locks held by getty/8840: [ 2699.478893][ T1053] #0: ffff888095dc4e10 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2699.487880][ T1053] #1: ffffc90005f352e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 2699.519245][ T1053] 2 locks held by getty/8841: [ 2699.523965][ T1053] #0: ffff88808d29ea90 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2699.533716][ T1053] #1: ffffc90005f112e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 2699.543638][ T1053] 3 locks held by kworker/1:8/11102: [ 2699.549253][ T1053] #0: ffff8880aa4278e8 ((wq_completion)events){+.+.}, at: process_one_work+0x88b/0x1740 [ 2699.559421][ T1053] #1: ffff888096537dc0 ((linkwatch_work).work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 2699.588846][ T1053] #2: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 2699.596895][ T1053] 3 locks held by kworker/0:4/13236: [ 2699.602933][ T1053] #0: ffff88809c8a5b68 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x88b/0x1740 [ 2699.613791][ T1053] #1: ffff88806c33fdc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 2699.625785][ T1053] #2: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 2699.649876][ T1053] 2 locks held by kworker/u4:7/13565: [ 2699.655278][ T1053] 3 locks held by kworker/1:3/15053: [ 2699.660967][ T1053] #0: ffff8880aa4278e8 ((wq_completion)events){+.+.}, at: process_one_work+0x88b/0x1740 [ 2699.671163][ T1053] #1: ffff8880672efdc0 (deferred_process_work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 2699.681341][ T1053] #2: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 2699.689670][ T1053] 3 locks held by kworker/1:12/16175: [ 2699.695035][ T1053] #0: ffff88809c8a5b68 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x88b/0x1740 [ 2699.705867][ T1053] #1: ffff888065d5fdc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 2699.729050][ T1053] #2: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 2699.737144][ T1053] 1 lock held by syz-executor.3/17561: [ 2699.743204][ T1053] #0: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 2699.752657][ T1053] 1 lock held by syz-executor.5/17563: [ 2699.758126][ T1053] #0: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 2699.767434][ T1053] 1 lock held by syz-executor.2/17565: [ 2699.788854][ T1053] #0: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 2699.797795][ T1053] 1 lock held by syz-executor.1/17569: [ 2699.803738][ T1053] #0: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 2699.813092][ T1053] 1 lock held by syz-executor.0/17571: [ 2699.818542][ T1053] #0: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 2699.829692][ T1053] 1 lock held by syz-executor.4/17572: [ 2699.835227][ T1053] #0: ffffffff89993b60 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 2699.848875][ T1053] [ 2699.851213][ T1053] ============================================= [ 2699.851213][ T1053] [ 2699.879005][ T1053] NMI backtrace for cpu 1 [ 2699.883375][ T1053] CPU: 1 PID: 1053 Comm: khungtaskd Not tainted 5.4.0-rc1+ #0 [ 2699.890821][ T1053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2699.900876][ T1053] Call Trace: [ 2699.904188][ T1053] dump_stack+0x172/0x1f0 [ 2699.908542][ T1053] nmi_cpu_backtrace.cold+0x70/0xb2 [ 2699.913746][ T1053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2699.919988][ T1053] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 2699.925625][ T1053] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 2699.931626][ T1053] arch_trigger_cpumask_backtrace+0x14/0x20 [ 2699.937527][ T1053] watchdog+0x9d0/0xef0 [ 2699.941697][ T1053] kthread+0x361/0x430 [ 2699.945773][ T1053] ? reset_hung_task_detector+0x30/0x30 [ 2699.951318][ T1053] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2699.957562][ T1053] ret_from_fork+0x24/0x30 [ 2699.962399][ T1053] Sending NMI from CPU 1 to CPUs 0: [ 2699.967913][ C0] NMI backtrace for cpu 0 [ 2699.967919][ C0] CPU: 0 PID: 13565 Comm: kworker/u4:7 Not tainted 5.4.0-rc1+ #0 [ 2699.967925][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2699.967928][ C0] Workqueue: bat_events batadv_nc_worker [ 2699.967935][ C0] RIP: 0010:check_memory_region+0x10e/0x1a0 [ 2699.967946][ C0] Code: 4d 39 c8 74 10 41 80 38 00 74 ee 4b 8d 44 25 00 4d 85 c0 75 31 49 89 d9 49 29 c1 e9 68 ff ff ff 5b b8 01 00 00 00 41 5c 41 5d <5d> c3 4d 85 c9 74 ef 4d 01 e1 eb 09 48 83 c0 01 4c 39 c8 74 e1 80 [ 2699.967949][ C0] RSP: 0018:ffff888060ebfbc8 EFLAGS: 00000046 [ 2699.967956][ C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff81594d80 [ 2699.967961][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff89c59540 [ 2699.967965][ C0] RBP: ffff888060ebfbc8 R08: 1ffffffff138b2a8 R09: fffffbfff138b2a9 [ 2699.967970][ C0] R10: fffffbfff138b2a8 R11: ffffffff89c59547 R12: ffff88803ff1db90 [ 2699.967975][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2699.967980][ C0] FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 2699.967984][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2699.967988][ C0] CR2: ffffffffff600400 CR3: 00000000880f6000 CR4: 00000000001406f0 [ 2699.967993][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2699.967998][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2699.968000][ C0] Call Trace: [ 2699.968004][ C0] __kasan_check_read+0x11/0x20 [ 2699.968007][ C0] lock_acquire+0x150/0x410 [ 2699.968011][ C0] ? batadv_nc_to_purge_nc_path_decoding+0x160/0x160 [ 2699.968014][ C0] _raw_spin_lock_bh+0x33/0x50 [ 2699.968017][ C0] ? batadv_nc_purge_paths+0xd8/0x370 [ 2699.968021][ C0] batadv_nc_purge_paths+0xd8/0x370 [ 2699.968024][ C0] batadv_nc_worker+0x29c/0x760 [ 2699.968027][ C0] process_one_work+0x9af/0x1740 [ 2699.968031][ C0] ? pwq_dec_nr_in_flight+0x320/0x320 [ 2699.968034][ C0] ? lock_acquire+0x190/0x410 [ 2699.968037][ C0] worker_thread+0x98/0xe40 [ 2699.968040][ C0] ? trace_hardirqs_on+0x67/0x240 [ 2699.968043][ C0] kthread+0x361/0x430 [ 2699.968047][ C0] ? process_one_work+0x1740/0x1740 [ 2699.968051][ C0] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2699.968054][ C0] ret_from_fork+0x24/0x30 [ 2700.058859][ T1053] Kernel panic - not syncing: hung_task: blocked tasks [ 2700.198513][ T1053] CPU: 1 PID: 1053 Comm: khungtaskd Not tainted 5.4.0-rc1+ #0 [ 2700.206565][ T1053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2700.216613][ T1053] Call Trace: [ 2700.219903][ T1053] dump_stack+0x172/0x1f0 [ 2700.224236][ T1053] panic+0x2dc/0x755 [ 2700.228128][ T1053] ? add_taint.cold+0x16/0x16 [ 2700.232803][ T1053] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 2700.238442][ T1053] ? ___preempt_schedule+0x16/0x20 [ 2700.243561][ T1053] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 2700.249709][ T1053] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 2700.255866][ T1053] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 2700.262014][ T1053] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 2700.268168][ T1053] watchdog+0x9e1/0xef0 [ 2700.272330][ T1053] kthread+0x361/0x430 [ 2700.276399][ T1053] ? reset_hung_task_detector+0x30/0x30 [ 2700.285761][ T1053] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2700.292011][ T1053] ret_from_fork+0x24/0x30 [ 2700.298126][ T1053] Kernel Offset: disabled [ 2700.302461][ T1053] Rebooting in 86400 seconds..