e8066454283cdf3389ffd8a255dc9f8560ab81f03264e023e747f69c5f4b068ca73405d88066e4c9d11062aaac6107debba30c61c713afcb8f5e15310ba7d3c896f2ca017d86d31110de4b3d130b0e679c8987eb4fed0926a17d207add6d963b80739ece271bbf4c764a621eb829cf9ead42bd60b69e9988b84c84144e656687134dba7aa08aca8ddd00349d8f5fd7e305c8815564f62ee812e7e2876947916ddb6a349c5efc750e399510ed05446a2e84cae97a6816e9413b5c1368e9932056f9d1836c4bdf3100c7295e477cee7e29e51b06dbceed99deb7604ea00e085c422abfa49d79d834368b4d542ee002f801a36692e84fb821ed3bedb8e507121e2583ebc006e4dd808f6abe28ff6a16949226dfb2a4470badb927f230eccdf56bad05677d997ff1aee1e1ff151a90faf1ac191ecc1f40da8add3eb1fb3cab2cde19c4b9b2831585adf86dbe2c81aac976747cf8c2d09eefbb03a65328e22426696206c5a3af199a94881a3d1f6c9e9bf31e66702ff5c1592493dcc4ddf05952984fa3f9339f7d3b3ef38a016b04570797fb380cc7d03565ebd592bd02cd615def2d92da59ff52f4b01f03406a2e419e3c7e0a79e136410f6e5f6636c1859fd6911934fb2cef41558d28fbb528380e34ef8f7524b35cedd8620ec40488d93ab57e1546994dbcd9873dd5c7d85ddc610540322c7dacccd0c0526f89ad92608ad2ca483cc8f653683ed138d27da39eff53b167476eeaeb486b3866fb9b78fd07906c104d984cf0f99b7b96ec4a4e45eac9bd5eb1902485958eba71e63039d3b2a10f1d3d6c7a2f8f3e99e3b92733244712fb72d2f2c1778c6cbea4fe4f3cf0b2f0c56e7ae15ceb0d6e2345038ef58ebec3abda1d88c5e613f9be8bd010d97eb795189a427c58a06ca62305a44f7f8a51613143f2b05b0ab31cf6ce519f3266ac3ac02efe020e35670876fcb3edfa15d86fb58bb71ac5a9ec5c2b619c33bb478bd7d9bce199381851f05bd4a9c85579bf6f654e6bf25be37ddaee45658fc9669d64bbf2cd2faf53d7b8563f0f08a2182902a873edc7fea2b3087f40cdba6fb713f2632b9c6119fbb945ce9bf49a8a97b4f5014f1326435e7a41701c84f5e69d221fbabb48cacb26ba796c0f9049d2f5db85ca413b54641bde837a32f73afa5c4e370be80e562d9e6dc9b535cf3a5f29e6aaa2b273d054c9d7b11bc5d1621c4a4665387f5ea309b6550cec1953274e97074792ec4e3d85a3e6bb174b37346bc3741a60b1318b1235e7c2eba07ae52b6a79a94131b91e8ba98ae78351c7af8c2aa73f7af60da53370806115647c8e20dd2022af4d27b0d29d15121c1d5fdcc02e3c41d1bc416ac9df3480e4359ebba059d37ef6402d119f0961869428a977c8aecc47af1937af91d91ebcde6846d084206e356ff3ff850fd4b9b38df8fc11c6036618303b5e37b741a76327829137d8a15540706da58da75b0b17a534c2b6202a7e561e363a300584b3f77a7bd1ad2de4c2119f3feffc27b8ff1c78200429131dbb599b00da79114da31c69421b55076b519e793865bb130e6ec0294ed361aada0ca0f2ef7b7a23bcf8b8e9ee4375010badf7cc8fee498e42118d73d7b4dc1446377367e0848b2e7f4"})
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0)='tls\x00', 0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:45 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'})

14:29:45 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x10000000})

14:29:45 executing program 4:
r0 = socket$kcm(0x2b, 0x8000000000001, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x161, 0x11, 0x2c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0xff55, &(0x7f0000001200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

14:29:45 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:45 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'})

14:29:45 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:45 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:29:45 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:45 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x400, 0x0)
ioctl$VIDIOC_DBG_S_REGISTER(r1, 0x4038564f, &(0x7f0000000080)={{0x2, @name="bbf849c487829021a0ffd9ba1c992aa54e6057b20078937306b3e545df60dba6"}, 0x8, 0x101, 0x2130})
ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000100)={0x62, 0x1, 0x7ff, "3736f923ceffbab03cb497e146c6f8f400f61555b8738a6314c2053dd78c8c91bc446225d36fc7b0c1b5db4ca05a97fa6dc542d5c2dd96e095fdf0df00605cec89e0e78c56ee42a02232b58b3055ab96038cb7d8d142187c1ffcbf1b49334e8a70cf"})

14:29:45 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00%\x00'})

14:29:45 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:45 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\\x00'})

14:29:45 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:46 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x11000000})

14:29:46 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000080)={0x2, 0x0, 0x7, 0x20000000000, '\x00', 0xffffffff})

14:29:46 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:46 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'})

14:29:46 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

[ 1432.554306][T17124] IPVS: ftp: loaded support on port[0] = 21
[ 1432.635307][T17124] chnl_net:caif_netlink_parms(): no params data found
[ 1432.677331][T17124] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1432.684512][T17124] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1432.692131][T17124] device bridge_slave_0 entered promiscuous mode
[ 1432.700213][T17124] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1432.713587][T17124] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1432.721430][T17124] device bridge_slave_1 entered promiscuous mode
[ 1432.739527][T17124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1432.750208][T17124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1432.768717][T17124] team0: Port device team_slave_0 added
[ 1432.775346][T17124] team0: Port device team_slave_1 added
[ 1432.830738][T17124] device hsr_slave_0 entered promiscuous mode
[ 1432.868388][T17124] device hsr_slave_1 entered promiscuous mode
[ 1432.907877][T17124] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1433.046576][T17124] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1433.053690][T17124] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1433.061112][T17124] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1433.068246][T17124] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1433.171622][T17124] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1433.184393][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1433.193257][T13658] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1433.202032][T13658] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1433.210120][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1433.289076][T17124] 8021q: adding VLAN 0 to HW filter on device team0
[ 1433.299370][T14533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1433.307736][T14533] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1433.314772][T14533] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1433.417591][T14533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1433.426003][T14533] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1433.433114][T14533] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1433.441976][T14533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1433.451784][T14533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1433.460220][T14533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1433.468561][T14533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1433.477279][T14533] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1433.489505][T17124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1433.506658][T17124] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1433.688908][T17132] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1433.699393][T17132] CPU: 0 PID: 17132 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1433.707027][T17132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1433.717081][T17132] Call Trace:
[ 1433.720384][T17132]  dump_stack+0x1d8/0x2f8
[ 1433.724719][T17132]  dump_header+0xd8/0x970
[ 1433.729059][T17132]  oom_kill_process+0xcd/0x320
[ 1433.733823][T17132]  out_of_memory+0x5e1/0x8a0
[ 1433.738392][T17132]  ? unregister_oom_notifier+0x20/0x20
[ 1433.743849][T17132]  ? trace_hardirqs_on+0x74/0x80
[ 1433.748773][T17132]  memory_max_write+0x537/0x6a0
[ 1433.753604][T17132]  ? lock_acquire+0x158/0x250
[ 1433.758265][T17132]  ? memory_max_show+0xa0/0xa0
[ 1433.763466][T17132]  ? trace_lock_acquire+0x154/0x1b0
[ 1433.768653][T17132]  ? lock_acquire+0x158/0x250
[ 1433.773308][T17132]  ? kernfs_fop_write+0x22e/0x4f0
[ 1433.778310][T17132]  ? memory_max_show+0xa0/0xa0
[ 1433.783071][T17132]  cgroup_file_write+0x27b/0x6e0
[ 1433.787994][T17132]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1433.793098][T17132]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1433.798201][T17132]  kernfs_fop_write+0x3e4/0x4f0
[ 1433.803055][T17132]  ? kernfs_fop_read+0x580/0x580
[ 1433.807978][T17132]  __vfs_write+0xf9/0x7d0
[ 1433.812308][T17132]  ? __lock_acquire+0x4750/0x4750
[ 1433.817331][T17132]  ? __kernel_write+0x350/0x350
[ 1433.822163][T17132]  ? trace_lock_acquire+0x154/0x1b0
[ 1433.827347][T17132]  ? __sb_start_write+0x39c/0x440
[ 1433.832352][T17132]  ? __kasan_check_read+0x11/0x20
[ 1433.837374][T17132]  vfs_write+0x275/0x590
[ 1433.841603][T17132]  ksys_write+0x16b/0x2a0
[ 1433.845932][T17132]  ? __ia32_sys_read+0x90/0x90
[ 1433.850715][T17132]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1433.856424][T17132]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1433.862142][T17132]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1433.867585][T17132]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1433.873286][T17132]  ? do_syscall_64+0x1d/0x140
[ 1433.877945][T17132]  __x64_sys_write+0x7b/0x90
[ 1433.882530][T17132]  do_syscall_64+0xfe/0x140
[ 1433.887016][T17132]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1433.892886][T17132] RIP: 0033:0x459829
[ 1433.896767][T17132] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1433.916352][T17132] RSP: 002b:00007fc00c334c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1433.924741][T17132] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1433.932713][T17132] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1433.940664][T17132] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1433.948615][T17132] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc00c3356d4
[ 1433.956569][T17132] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1433.967160][T17132] memory: usage 3576kB, limit 0kB, failcnt 489170
[ 1433.973637][T17132] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1433.980989][T17132] Memory cgroup stats for /syz2:
[ 1433.981083][T17132] anon 2093056
[ 1433.981083][T17132] file 274432
[ 1433.981083][T17132] kernel_stack 65536
[ 1433.981083][T17132] slab 1101824
[ 1433.981083][T17132] sock 0
[ 1433.981083][T17132] shmem 172032
[ 1433.981083][T17132] file_mapped 135168
[ 1433.981083][T17132] file_dirty 135168
[ 1433.981083][T17132] file_writeback 0
[ 1433.981083][T17132] anon_thp 2097152
[ 1433.981083][T17132] inactive_anon 135168
[ 1433.981083][T17132] active_anon 2093056
[ 1433.981083][T17132] inactive_file 135168
[ 1433.981083][T17132] active_file 135168
[ 1433.981083][T17132] unevictable 0
[ 1433.981083][T17132] slab_reclaimable 405504
[ 1433.981083][T17132] slab_unreclaimable 696320
[ 1433.981083][T17132] pgfault 191103
[ 1433.981083][T17132] pgmajfault 0
[ 1433.981083][T17132] workingset_refault 0
[ 1433.981083][T17132] workingset_activate 0
[ 1433.981083][T17132] workingset_nodereclaim 0
[ 1433.981083][T17132] pgrefill 0
[ 1433.981083][T17132] pgscan 0
[ 1433.981083][T17132] pgsteal 0
[ 1434.075085][T17132] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17131,uid=0
[ 1434.090586][T17132] Memory cgroup out of memory: Killed process 17131 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
14:29:49 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:49 executing program 4:
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:49 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'})

14:29:49 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x1ff, 0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xa421, 0x620000)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f00000000c0))
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00')
getsockopt$inet_udp_int(r1, 0x11, 0x65, &(0x7f00000002c0), &(0x7f0000000300)=0x4)
sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="98000000", @ANYRES16=r2, @ANYBLOB="20042dbd7000fedbdf25050000000c00040007000000000000000c000400fdffffffffffffff0c00080001000000000000000c00020008000000000000005400070008000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="626408000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1], 0x98}, 0x1, 0x0, 0x0, 0x20004010}, 0x80)

14:29:49 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:29:49 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x12000000})

[ 1434.224193][T17124] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1434.234272][T17124] CPU: 0 PID: 17124 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1434.241906][T17124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1434.251972][T17124] Call Trace:
[ 1434.255272][T17124]  dump_stack+0x1d8/0x2f8
[ 1434.259611][T17124]  dump_header+0xd8/0x970
[ 1434.263951][T17124]  oom_kill_process+0xcd/0x320
[ 1434.268735][T17124]  out_of_memory+0x5e1/0x8a0
14:29:49 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x3, 0x42)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x802, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x400000, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = epoll_create1(0x80000)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000140)=[r1, r2, r3], 0x3)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x2, 0x200000)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r4, 0xc0405519, &(0x7f0000000040)={0x9})
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000100), 0x4)
pipe2(&(0x7f0000000080), 0x84000)

[ 1434.273364][T17124]  ? unregister_oom_notifier+0x20/0x20
[ 1434.278925][T17124]  ? __kasan_check_read+0x11/0x20
[ 1434.283989][T17124]  try_charge+0x134a/0x17b0
[ 1434.288515][T17124]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1434.294419][T17124]  ? __lock_acquire+0x4750/0x4750
[ 1434.299451][T17124]  ? rcu_lock_release+0x15/0x20
[ 1434.299462][T17124]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1434.299473][T17124]  mem_cgroup_try_charge+0x216/0x560
[ 1434.299491][T17124]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1434.309930][T17124]  handle_mm_fault+0x31f3/0x6080
[ 1434.309958][T17124]  ? finish_fault+0x230/0x230
[ 1434.309983][T17124]  ? vmacache_find+0x251/0x5b0
[ 1434.310001][T17124]  do_user_addr_fault+0x589/0xaf0
[ 1434.310019][T17124]  __do_page_fault+0xd3/0x1f0
[ 1434.344945][T17124]  do_page_fault+0x99/0xb0
[ 1434.349367][T17124]  page_fault+0x39/0x40
[ 1434.353515][T17124] RIP: 0033:0x4577c1
[ 1434.357405][T17124] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 <e8> ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00
[ 1434.377020][T17124] RSP: 002b:00007fffe2f34f70 EFLAGS: 00010206
[ 1434.383298][T17124] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004577a0
[ 1434.391285][T17124] RDX: 00007fffe2f34f70 RSI: 0000000000000003 RDI: 0000000000000001
[ 1434.399271][T17124] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556365940
[ 1434.407375][T17124] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fffe2f36150
[ 1434.415363][T17124] R13: 00007fffe2f36140 R14: 0000000000000000 R15: 00007fffe2f36150
14:29:49 executing program 4:
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x9})

[ 1434.423543][T17124] memory: usage 1244kB, limit 0kB, failcnt 489187
[ 1434.430114][T17124] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1434.437071][T17124] Memory cgroup stats for /syz2:
[ 1434.437148][T17124] anon 0
[ 1434.437148][T17124] file 274432
[ 1434.437148][T17124] kernel_stack 0
[ 1434.437148][T17124] slab 1101824
[ 1434.437148][T17124] sock 0
[ 1434.437148][T17124] shmem 172032
[ 1434.437148][T17124] file_mapped 135168
[ 1434.437148][T17124] file_dirty 135168
[ 1434.437148][T17124] file_writeback 0
[ 1434.437148][T17124] anon_thp 0
14:29:49 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x11d000)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

[ 1434.437148][T17124] inactive_anon 135168
[ 1434.437148][T17124] active_anon 0
[ 1434.437148][T17124] inactive_file 135168
[ 1434.437148][T17124] active_file 135168
[ 1434.437148][T17124] unevictable 0
[ 1434.437148][T17124] slab_reclaimable 405504
[ 1434.437148][T17124] slab_unreclaimable 696320
[ 1434.437148][T17124] pgfault 191103
[ 1434.437148][T17124] pgmajfault 0
[ 1434.437148][T17124] workingset_refault 0
[ 1434.437148][T17124] workingset_activate 0
[ 1434.437148][T17124] workingset_nodereclaim 0
[ 1434.437148][T17124] pgrefill 0
14:29:49 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:49 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'})

[ 1434.437148][T17124] pgscan 0
[ 1434.437148][T17124] pgsteal 0
[ 1434.437148][T17124] pgactivate 0
[ 1434.532988][T17124] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17124,uid=0
[ 1434.548515][T17124] Memory cgroup out of memory: Killed process 17124 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1434.568374][ T1056] oom_reaper: reaped process 17124 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:29:49 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x7, 0xfffffffffffffffd)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:49 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00'})

14:29:49 executing program 4:
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:50 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vga_arbiter\x00', 0x20001, 0x0)
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x8, 'syz0\x00', @default, 0x3, 0x4, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default]})
r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0xff, 0x8082)
r3 = add_key(&(0x7f0000000100)='pkcs7_test\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000180)="3b4a0cae6278e80c5d126dfbb68380a7c6c7692e82baa6158e8110c6ae", 0x1d, 0xffffffffffffffff)
r4 = add_key(&(0x7f00000001c0)='cifs.idmap\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000240)="e9414b65833d2cc4bb50a40b9aab7f0148c54d294e73ef479ae26863ef18336118a2664a8f596ec2f0a99dd498829809b82e9a2a3fb01d8bc47f1fdbf02ab1eeb3c7b2e04a3d5eff76dfcc9deedf589c9d2053a0ff19327a51eb39c7e391d43c89b7e7cf27e49df38f539ae8449cbae90bc98ffb0be2dbfb58cdf1f73df7294e962602fec02622941fd4c31b371fed540b1931c3a634f13412bd11640bc8b5f4a68835fdc32449d51aaddba1562b8485a7e5f90c1d1412d251f93a3cf2430da257865ff150e2fe05b580671573fabcef1295619700d91be11c46d2857763b34d2f2e863e4d12", 0xe6, 0x0)
keyctl$link(0x8, r3, r4)
ioctl$CAPI_GET_ERRCODE(r2, 0x80024321, &(0x7f0000000080))

14:29:50 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'})

14:29:50 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:29:50 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:50 executing program 4:
r0 = syz_open_dev$sndctrl(0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:50 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9, 0x0, 0x2, 0xbb9, 'syz0\x00\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'})
r1 = syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0x5, 0x8302)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000001c0)='\x00', 0x0, r0)
r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x2, 0x0)
ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000080)=0x200)
ioctl$VIDIOC_ENUMOUTPUT(r2, 0xc0485630, &(0x7f0000000100)={0x9, "d49935b76842730c56200ac4a675458e4a4c6d6c46368d1ceeba393be252ad9a", 0x1, 0x10000, 0x4faed238, 0x200000, 0xc})

14:29:50 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'})

14:29:50 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x25000000})

14:29:50 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

[ 1435.612665][  T788] device bridge_slave_1 left promiscuous mode
[ 1435.619024][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1435.660578][  T788] device bridge_slave_0 left promiscuous mode
[ 1435.666790][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
14:29:50 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:29:50 executing program 4:
r0 = syz_open_dev$sndctrl(0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:50 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'})

14:29:50 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0xfffffffffffffefc)
r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x1, 0x8480)
sendmsg$xdp(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000100)="8f5ff942bf32210c064d441f72daa4b215d7c286880337d6085cf5a70cdbc6a4d350fbeae0e983520b80035bf3b27a57ad6e1a8032505667f1bfd110eff4b68b5d0885c22d3f637be60a6bfa2d61d6413711d670de973b2d0b071d29cef3e27e1f10399612f6d8411b84ce33ad18cb41f95e7b28c57635d97d24d43458b7b29657323f6f96dc9e4b073e95882695207f75fe5b200de96d662b1839b1c21f4a8929afa3c3a9689ef35dc5e4caacb02541ade5d2b2ecdd0457703e161a5c3245c1418b1df9e02a08de968201c3d091cbf334c05b42f568d5c272a2e2716d", 0xdd}, {&(0x7f0000000080)="7345bc5a50d7b75c64043857de44f8d4b5f8d11ce4b640448892f3f83b", 0x1d}, {&(0x7f0000000200)="4eaa7a5ff9dbc3e61212422dbd9fb12f209c0151c91f2472ee0552f9a0daef17add1c7d41cea9a38af243d12eede613e08869d2b196728d1646ad36a611bb63186618dbb96826c2be9ad9142b9f9ef722412c433f0c8091e9951d6ced2d9ddc2d1d1734ca492a3c19d8c808a6e4eaf143fbfe475b7ec184ce8640a84f781459295b3289cfc72c1df1b0c03023cf67e3f030eb4f4b27bd239296d63db2810fc276ffc9ba7f6b7b648bf99968888a693dbc1", 0xb1}, {&(0x7f00000002c0)="729c10327af6909432fe92505abe07e19d3501ba68b4ed30f85907dff7f8f35f6cec8029e95a2977085fdc1860a00691d0115790fcad84341e0842d42499ced158441b4bc6ddc5afb53d60", 0x4b}, {&(0x7f0000000340)="2cc7521343e166129b8b54b85857e53bc1156bcc8f6aec7d15e20172dc483ccc6a6728cb6ba4bf409e865b862e477ffc086dc8d21aad3cf44570a5b6cca31a7ee21f6e9aca71ef43f8ab50bd3edd263d746f735f806c9bc571f6b6f5d67ed11d54846611d4106bdd7149a8778cf39a9358fc50dc68ac1d93348d6634f283653baac55f3b3f24ccebc0fd3771d8f300b0335aec52d9b29eec1df3f7f281db4889d1e23415f6b8439567903dff523338466c793e31e4c150dcc3647c6a25b2ebfa0f0f414ade2cb648293dacfd3f8baed5e7cd57d20e7ede3de846e7abf05e11", 0xdf}], 0x5, 0x0, 0x0, 0x40000}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:51 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f0000000240)='/dev/snd/controlC#\x00', 0x80, 0x40)
syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x400004)
r1 = getpgrp(0x0)
waitid(0x1, r1, &(0x7f0000000100), 0x5, &(0x7f0000000180))
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:51 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00'})

14:29:51 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:51 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00'})

14:29:51 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:51 executing program 4:
r0 = syz_open_dev$sndctrl(0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:52 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'})

14:29:52 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x3f000000})

[ 1439.368464][  T788] device hsr_slave_0 left promiscuous mode
[ 1439.418332][  T788] device hsr_slave_1 left promiscuous mode
[ 1439.487130][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1439.497785][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1439.509267][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1439.541274][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1439.621722][  T788] bond0 (unregistering): Released all slaves
[ 1439.720518][T17240] IPVS: ftp: loaded support on port[0] = 21
[ 1439.785203][T17240] chnl_net:caif_netlink_parms(): no params data found
[ 1439.813012][T17240] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1439.820141][T17240] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1439.827985][T17240] device bridge_slave_0 entered promiscuous mode
[ 1439.835730][T17240] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1439.842860][T17240] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1439.850856][T17240] device bridge_slave_1 entered promiscuous mode
[ 1439.899851][T17240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1439.917241][T17240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1439.938914][T17240] team0: Port device team_slave_0 added
[ 1439.946015][T17240] team0: Port device team_slave_1 added
[ 1440.010501][T17240] device hsr_slave_0 entered promiscuous mode
[ 1440.178141][T17240] device hsr_slave_1 entered promiscuous mode
[ 1440.397761][T17240] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1440.423096][T17240] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1440.430254][T17240] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1440.437681][T17240] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1440.444779][T17240] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1440.513807][T17240] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1440.527408][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1440.535774][ T2622] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1440.558821][ T2622] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1440.572016][T17240] 8021q: adding VLAN 0 to HW filter on device team0
[ 1440.584166][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1440.592774][T13746] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1440.599900][T13746] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1440.630682][T17240] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1440.641527][T17240] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1440.654872][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1440.664044][T13746] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1440.671170][T13746] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1440.679526][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1440.688409][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1440.696961][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1440.713438][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1440.724280][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1440.732131][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1440.755506][T17240] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1440.855441][T17247] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1440.868928][T17247] CPU: 1 PID: 17247 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1440.876857][T17247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1440.876870][T17247] Call Trace:
[ 1440.890236][T17247]  dump_stack+0x1d8/0x2f8
[ 1440.890251][T17247]  dump_header+0xd8/0x970
[ 1440.890265][T17247]  oom_kill_process+0xcd/0x320
[ 1440.890275][T17247]  out_of_memory+0x5e1/0x8a0
[ 1440.890287][T17247]  ? unregister_oom_notifier+0x20/0x20
[ 1440.890305][T17247]  ? trace_hardirqs_on+0x74/0x80
[ 1440.898965][T17247]  memory_max_write+0x537/0x6a0
[ 1440.898978][T17247]  ? lock_acquire+0x1b2/0x250
[ 1440.898994][T17247]  ? memory_max_show+0xa0/0xa0
[ 1440.899009][T17247]  ? trace_lock_acquire+0x154/0x1b0
[ 1440.899023][T17247]  ? lock_acquire+0x158/0x250
[ 1440.908352][T17247]  ? kernfs_fop_write+0x22e/0x4f0
[ 1440.908362][T17247]  ? memory_max_show+0xa0/0xa0
[ 1440.908373][T17247]  cgroup_file_write+0x27b/0x6e0
[ 1440.908385][T17247]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1440.908399][T17247]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1440.908416][T17247]  kernfs_fop_write+0x3e4/0x4f0
[ 1440.972649][T17247]  ? kernfs_fop_read+0x580/0x580
[ 1440.977598][T17247]  __vfs_write+0xf9/0x7d0
[ 1440.981946][T17247]  ? __kernel_write+0x350/0x350
[ 1440.986834][T17247]  ? __sb_start_write+0x39c/0x440
[ 1440.991864][T17247]  ? __kasan_check_read+0x11/0x20
[ 1440.996897][T17247]  vfs_write+0x275/0x590
[ 1441.001155][T17247]  ksys_write+0x16b/0x2a0
[ 1441.005480][T17247]  ? __ia32_sys_read+0x90/0x90
[ 1441.010243][T17247]  ? do_syscall_64+0xc0/0x140
[ 1441.015010][T17247]  __x64_sys_write+0x7b/0x90
[ 1441.019611][T17247]  do_syscall_64+0xfe/0x140
[ 1441.024108][T17247]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1441.030002][T17247] RIP: 0033:0x459829
[ 1441.033889][T17247] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1441.053513][T17247] RSP: 002b:00007fa6b62b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1441.061927][T17247] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1441.069912][T17247] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1441.077898][T17247] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1441.085883][T17247] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa6b62b16d4
[ 1441.093855][T17247] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1441.101938][T17247] memory: usage 3568kB, limit 0kB, failcnt 489188
[ 1441.108494][T17247] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1441.115510][T17247] Memory cgroup stats for /syz2:
[ 1441.116448][T17247] anon 2174976
[ 1441.116448][T17247] file 274432
[ 1441.116448][T17247] kernel_stack 65536
[ 1441.116448][T17247] slab 1101824
[ 1441.116448][T17247] sock 0
[ 1441.116448][T17247] shmem 172032
[ 1441.116448][T17247] file_mapped 135168
[ 1441.116448][T17247] file_dirty 135168
[ 1441.116448][T17247] file_writeback 0
[ 1441.116448][T17247] anon_thp 2097152
[ 1441.116448][T17247] inactive_anon 135168
[ 1441.116448][T17247] active_anon 2174976
[ 1441.116448][T17247] inactive_file 135168
[ 1441.116448][T17247] active_file 135168
[ 1441.116448][T17247] unevictable 0
[ 1441.116448][T17247] slab_reclaimable 405504
[ 1441.116448][T17247] slab_unreclaimable 696320
[ 1441.116448][T17247] pgfault 191169
[ 1441.116448][T17247] pgmajfault 0
[ 1441.116448][T17247] workingset_refault 0
[ 1441.116448][T17247] workingset_activate 0
[ 1441.116448][T17247] workingset_nodereclaim 0
[ 1441.116448][T17247] pgrefill 0
[ 1441.116448][T17247] pgscan 0
[ 1441.116448][T17247] pgsteal 0
[ 1441.210398][T17247] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17246,uid=0
[ 1441.226340][T17247] Memory cgroup out of memory: Killed process 17246 (syz-executor.2) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1441.244447][ T1056] oom_reaper: reaped process 17246 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1441.344298][T17240] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1441.354528][T17240] CPU: 0 PID: 17240 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1441.362157][T17240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1441.372205][T17240] Call Trace:
[ 1441.375495][T17240]  dump_stack+0x1d8/0x2f8
[ 1441.379834][T17240]  dump_header+0xd8/0x970
[ 1441.384169][T17240]  oom_kill_process+0xcd/0x320
[ 1441.388937][T17240]  out_of_memory+0x5e1/0x8a0
14:29:56 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0x0, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:29:56 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:56 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:56 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
eventfd2(0x4, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x101400, 0x0)
ioctl$TIOCMGET(r1, 0x5415, &(0x7f0000000080))
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:56 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'})

14:29:56 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x40000000})

[ 1441.393537][T17240]  ? unregister_oom_notifier+0x20/0x20
[ 1441.399016][T17240]  ? __kasan_check_read+0x11/0x20
[ 1441.404068][T17240]  try_charge+0x134a/0x17b0
[ 1441.408609][T17240]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1441.414428][T17240]  ? __lock_acquire+0x4750/0x4750
[ 1441.419457][T17240]  ? rcu_lock_release+0x15/0x20
[ 1441.424303][T17240]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1441.429851][T17240]  mem_cgroup_try_charge+0x216/0x560
[ 1441.435145][T17240]  mem_cgroup_try_charge_delay+0x25/0xa0
14:29:56 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

[ 1441.440796][T17240]  wp_page_copy+0x367/0x18c0
[ 1441.445392][T17240]  ? rcu_lock_release+0x30/0x30
[ 1441.450244][T17240]  ? __lock_acquire+0x4750/0x4750
[ 1441.455275][T17240]  ? __kasan_check_read+0x11/0x20
[ 1441.460299][T17240]  ? do_raw_spin_unlock+0x49/0x260
[ 1441.460314][T17240]  do_wp_page+0x2c9/0x1ce0
[ 1441.460332][T17240]  ? __rwlock_init+0x130/0x130
[ 1441.460346][T17240]  ? count_memcg_event_mm+0x300/0x300
[ 1441.469857][T17240]  handle_mm_fault+0x2bcf/0x6080
[ 1441.469877][T17240]  ? finish_fault+0x230/0x230
[ 1441.469895][T17240]  ? vmacache_find+0x566/0x5b0
14:29:56 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})

[ 1441.469903][T17240]  ? vmacache_update+0xb7/0x120
[ 1441.469920][T17240]  do_user_addr_fault+0x589/0xaf0
[ 1441.504235][T17240]  __do_page_fault+0xd3/0x1f0
[ 1441.508915][T17240]  do_page_fault+0x99/0xb0
[ 1441.513332][T17240]  page_fault+0x39/0x40
[ 1441.517487][T17240] RIP: 0033:0x4034f2
[ 1441.521387][T17240] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
14:29:56 executing program 4:
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x9})

[ 1441.541013][T17240] RSP: 002b:00007fffb5b1bd00 EFLAGS: 00010246
[ 1441.547100][T17240] RAX: 0000000000000000 RBX: 000000000015fc40 RCX: 0000000000413430
[ 1441.555081][T17240] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffb5b1ce30
[ 1441.563054][T17240] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555971940
[ 1441.571123][T17240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb5b1ce30
[ 1441.579102][T17240] R13: 00007fffb5b1ce20 R14: 0000000000000000 R15: 00007fffb5b1ce30
[ 1441.587339][T17240] memory: usage 1244kB, limit 0kB, failcnt 489205
[ 1441.593809][T17240] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1441.600715][T17240] Memory cgroup stats for /syz2:
[ 1441.600795][T17240] anon 77824
[ 1441.600795][T17240] file 274432
[ 1441.600795][T17240] kernel_stack 0
[ 1441.600795][T17240] slab 1101824
[ 1441.600795][T17240] sock 0
[ 1441.600795][T17240] shmem 172032
[ 1441.600795][T17240] file_mapped 135168
[ 1441.600795][T17240] file_dirty 135168
[ 1441.600795][T17240] file_writeback 0
[ 1441.600795][T17240] anon_thp 0
[ 1441.600795][T17240] inactive_anon 135168
14:29:56 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

[ 1441.600795][T17240] active_anon 77824
[ 1441.600795][T17240] inactive_file 135168
[ 1441.600795][T17240] active_file 135168
[ 1441.600795][T17240] unevictable 0
[ 1441.600795][T17240] slab_reclaimable 405504
[ 1441.600795][T17240] slab_unreclaimable 696320
[ 1441.600795][T17240] pgfault 191169
[ 1441.600795][T17240] pgmajfault 0
[ 1441.600795][T17240] workingset_refault 0
[ 1441.600795][T17240] workingset_activate 0
[ 1441.600795][T17240] workingset_nodereclaim 0
[ 1441.600795][T17240] pgrefill 0
[ 1441.600795][T17240] pgscan 0
[ 1441.600795][T17240] pgsteal 0
[ 1441.600795][T17240] pgactivate 0
[ 1441.697061][T17240] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17240,uid=0
[ 1441.712565][T17240] Memory cgroup out of memory: Killed process 17240 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
14:29:56 executing program 4:
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x9})

[ 1441.737201][ T1056] oom_reaper: reaped process 17240 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:29:56 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
pipe2(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80000)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000100)={0x0, 0x6, 0x3, 0xb66, 0x1000, 0xc34, 0x8, 0x5, {<r3=>0x0, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x23}}}, 0x8, 0xac5e, 0x4ee3, 0x5184, 0x400}}, &(0x7f0000000080)=0xb0)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f00000001c0)={r3, 0x4, 0x6}, 0x8)
ioctl$TIOCSRS485(r2, 0x542f, &(0x7f0000000200)={0x6000000000, 0x2, 0x7})
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000240)={r3, 0x14, "4a28b16ea13fd970f22bd9ccf51e2f4ea610d368"}, &(0x7f0000000280)=0x1c)

14:29:57 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0x0, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:29:57 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:57 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'})

14:29:57 executing program 4:
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x9})

14:29:57 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100)={0x7, 0x9d, 0xffff, 0x0, 0x0, [], [], [], 0xffffffffffffffc1, 0xffff})
r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x8, 0x4200)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000540)={{{@in=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@loopback}, 0x0, @in=@initdev}}, &(0x7f0000000300)=0xfffffffffffffef5)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f0000000e00)=0x80000001, 0x4)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r1, 0x28, 0x6, &(0x7f0000000080), 0x10)
r3 = getegid()
r4 = fcntl$getown(r0, 0x9)
r5 = getpgrp(0xffffffffffffffff)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000b40)=<r6=>0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000b80)=<r7=>0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000bc0)={<r8=>0x0}, &(0x7f0000000c00)=0xc)
sendmmsg$unix(r1, &(0x7f0000000dc0)=[{&(0x7f00000004c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000640)="e0c2570edf0c02", 0x7}, {&(0x7f0000000680)="f135f63a1df23c0eb7b4dc2c80457ec11d7b632f3f3a01519e648dd0a35a97c6b4cdd5423528cb3783db3241a87b125766d0770c00bebb8bb0b0ba089fc6b99fde6685bcb12196028fb487afd051758ffbba359250d51668adf1293dd0706fc47ac473eeafe42aeed4a522c9767dd2ff107cfa10b2a368e893ce86487ee0dc5b7707b9ee8b4f2331fd541836bd70b7e8f2a4d9e4e9b99f7ab6197b7fa58599c183a8cc34c720b2573422027a3fba85d683ba0530c9593cc3767c6bdbc4ea599d9391581cd12c008d121682af9c4cb3a662aca2ab9c1f", 0xd6}, {&(0x7f0000000780)="b8a300dbb76fa130fc517e0545c94a47dc9b4317a37824db855167a18f52199066", 0x21}, {&(0x7f00000007c0)="36067d03ff6719a509de3eb9510ac6934eaf522dbdff920419d2666c7dce65fda72b4a8582b22772d15dd5d0ec04fb4c08664abdc32a8d9fdd0bb9ab11eb48c4074978fc15b41828968ebdc72e126d595dca4b36c4f60c2ee37fcd1b5b049e58a5888c4d3dedb3d1f8354665747a209a2c097a76b7", 0x75}, {&(0x7f0000000840)="db86139ec77c37a91ab72311aaac480442f982dc0aad80e05eccb40bf5e169a14ec6258e224329871105872a162f83df4a584c41fe1e90e20af70ce624a64ea7e9c3d041e059c26551e3bd7dafec95c99da1e19750590bdeaf6f367db6278910b38444d2e0c645413379de0eb4bef9a98715bd582147c35057eb32a8b3b54951ea515ec236517ff8d9668461d0f39cf4c7a4038f10b21bf0b0b5f0e1be07e02d5902637b034ee8e9", 0xa8}, {&(0x7f0000000900)="a0110f69cb3c61e9d65cc2c6e0fe64783b4102bb59d2070b2d114f6240d8900b8cee97e9ae726dd9bd37705702", 0x2d}, {&(0x7f0000000940)="519dcf9b1f0958e6cba63b1576cd34bc812cff13fe6bf23782f88784e4d767a608b16c2ceed34ad3abf2451d7b32f3bd474cf98231741309efd10824b3bc711df389b6ad07c0cea93296124d4699fdab1a91b2928a385055da16d2147bfca000425fa97f58f5b2063d6b3cee0052cf72d159125633d1d8987563a9cf3f3750f43a78c09f39328534af1e99d8ebbb0ae73d37a4b3d933e58298eb1683b5f91b6b83e899a7b34802cbd6d3a1ec49ea186fdb74e87c6903418581c4b091397dafea3f6600bcf5308b1b80faec77064a4d498139dad90d2de61479fdb2eb35", 0xdd}, {&(0x7f0000000a40)="d942bdac890cae83a2795d9d7e509f94758cc00701231d4ee7c8556705b9fd6c90dd563978008bfe4012cfe68d09e6d5ddb9b675a4fe471237d66ccf63261f627980bf032dd1d15eb4505d852b0f22ed29bad8defd4ba81ac0afee", 0x5b}], 0x8, &(0x7f0000000c40)=[@rights={{0x18, 0x1, 0x1, [r1, r0]}}, @cred={{0x1c, 0x1, 0x2, {r4, r2, r3}}}, @rights={{0x34, 0x1, 0x1, [r1, r0, r1, r1, r0, r0, r1, r0, r1]}}, @rights={{0x24, 0x1, 0x1, [r1, r0, r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r5, r2, r3}}}, @cred={{0x1c, 0x1, 0x2, {r6, r2, r3}}}, @cred={{0x1c, 0x1, 0x2, {r7, r2, r3}}}, @cred={{0x1c, 0x1, 0x2, {r8, r2, r3}}}, @rights={{0x18, 0x1, 0x1, [r1, r1]}}, @rights={{0x2c, 0x1, 0x1, [r1, r1, r1, r0, r0, r1, r1]}}], 0x160, 0xc0}], 0x1, 0x20000000)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000340)={0xb0, 0x0, 0x2, [{{0x6, 0x1, 0x7, 0x3, 0x40, 0x40, {0x6, 0x7, 0xffff, 0x1f, 0x0, 0x3, 0xfff, 0xfffffffffffffff9, 0x5, 0x68fa83db, 0x8, r2, r3, 0x1, 0x8}}, {0x3, 0xff, 0x1, 0xa8, '\x00'}}]}, 0xb0)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000e80)=ANY=[@ANYBLOB="020000ff03000000a52b31c46ea512d3af07e364d6c6b3c858a6d8f661"], 0x8)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})
ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000e40)={'bond_slave_0\x00', {0x2, 0x7, @dev={0xac, 0x14, 0x14, 0x1d}}})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000002c0)=ANY=[@ANYBLOB="fdffffff", @ANYRES32=<r9=>0x0], &(0x7f0000000400)=0x8)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000440)={r9, 0xa56}, &(0x7f0000000480)=0x8)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000000280)=0xb3)

14:29:57 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x5c000000})

14:29:57 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, 0x0)

14:29:57 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:57 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00%\x00'})

14:29:57 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x80000, 0x0)
ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000100))
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x6)

14:29:57 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0x0, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:29:57 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, 0x0)

14:29:57 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:58 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'})

14:29:58 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:58 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})
r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x1, 0x1)
setsockopt$inet6_opts(r1, 0x29, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="af08000800000000fe8000000000000000000000000000bbfe800000000000000000f6ffffff00aafe80000000739700000000000000000000aa00000000000000000000ffffac1e"], 0x48)

14:29:58 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\\x00'})

14:29:58 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xdf0e0000})

14:29:58 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, 0x0)

14:29:58 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:29:58 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'})

14:29:58 executing program 3:
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x9})
r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0x280000)
ioctl$EVIOCGPROP(r0, 0x80404509, &(0x7f0000000080)=""/227)
r1 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa)
ioctl$SIOCGETLINKNAME(r0, 0x89e0, &(0x7f0000000400)={0x4})
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000200)={r1, 0x50, 0xa9}, &(0x7f0000000240)={'enc=', 'pkcs1', ' hash=', {'crc32c-generic\x00'}}, &(0x7f00000002c0)="fbea85bf46866bbe01cf5e04deaf6135424a44c848f68d33d85d0246b52dfcbe55f5f968d49c4470273586bea61140a2a9942424f8f3b9a6a952aabd8d8b3cddfe6da20bdee7ba6209af46b5253c8162", &(0x7f0000000340)="96af5d661ead68b1410b1ede80e8aaf6463adda3eb5e3c77e6b8e5baa858b26f7f9db1562231fb447a35943ecacdc88f0c6de080c00c6deab63ddd2b4cae9f071defa9c10699068dafa55e1bc690ab8cb08c23c55a4b38826eb01b03bd90a26f13c8c43e97691260f5b74660c509ff126a6c27bf0026cad7aed978e6ceb68227c65f025f4152f18db3db4a2c8709021ee5689cd9a6468f21f2c43adeff001af319b6d0d0abb2e228c7")

[ 1445.058240][T17354] IPVS: ftp: loaded support on port[0] = 21
[ 1445.100742][  T788] device bridge_slave_1 left promiscuous mode
[ 1445.107079][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1445.168569][  T788] device bridge_slave_0 left promiscuous mode
[ 1445.174748][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1446.938279][  T788] device hsr_slave_0 left promiscuous mode
[ 1446.978451][  T788] device hsr_slave_1 left promiscuous mode
[ 1447.054909][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1447.068193][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1447.079916][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1447.123361][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1447.193458][  T788] bond0 (unregistering): Released all slaves
[ 1447.312526][T17354] chnl_net:caif_netlink_parms(): no params data found
[ 1447.341603][T17354] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1447.348763][T17354] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1447.356346][T17354] device bridge_slave_0 entered promiscuous mode
[ 1447.364073][T17354] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1447.371216][T17354] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1447.379178][T17354] device bridge_slave_1 entered promiscuous mode
[ 1447.393967][T17354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1447.405105][T17354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1447.425774][T17354] team0: Port device team_slave_0 added
[ 1447.432884][T17354] team0: Port device team_slave_1 added
[ 1447.540524][T17354] device hsr_slave_0 entered promiscuous mode
[ 1447.578076][T17354] device hsr_slave_1 entered promiscuous mode
[ 1447.617745][T17354] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1447.642870][T17354] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1447.650025][T17354] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1447.657409][T17354] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1447.664598][T17354] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1447.726747][T17354] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1447.748361][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1447.764345][T13660] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1447.774873][T13660] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1447.791875][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1447.808393][T17354] 8021q: adding VLAN 0 to HW filter on device team0
[ 1447.829976][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1447.838565][T13660] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1447.846428][T13660] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1447.854212][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1447.862953][T13660] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1447.870082][T13660] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1447.897887][T17354] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1447.908509][T17354] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1447.928868][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1447.937704][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1447.946289][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1447.954952][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1447.966822][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1447.974616][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1447.996947][T17354] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1448.210182][T17363] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1448.221579][T17363] CPU: 1 PID: 17363 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1448.229242][T17363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1448.239300][T17363] Call Trace:
[ 1448.242596][T17363]  dump_stack+0x1d8/0x2f8
[ 1448.246927][T17363]  dump_header+0xd8/0x970
[ 1448.251260][T17363]  oom_kill_process+0xcd/0x320
[ 1448.256018][T17363]  out_of_memory+0x5e1/0x8a0
[ 1448.260606][T17363]  ? unregister_oom_notifier+0x20/0x20
[ 1448.266064][T17363]  memory_max_write+0x537/0x6a0
[ 1448.270908][T17363]  ? lock_acquire+0x158/0x250
[ 1448.275594][T17363]  ? memory_max_show+0xa0/0xa0
[ 1448.280349][T17363]  ? trace_lock_acquire+0x154/0x1b0
[ 1448.285540][T17363]  ? lock_acquire+0x158/0x250
[ 1448.290215][T17363]  ? kernfs_fop_write+0x22e/0x4f0
[ 1448.295230][T17363]  ? memory_max_show+0xa0/0xa0
[ 1448.299986][T17363]  cgroup_file_write+0x27b/0x6e0
[ 1448.304920][T17363]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1448.310027][T17363]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1448.315127][T17363]  kernfs_fop_write+0x3e4/0x4f0
[ 1448.319986][T17363]  ? kernfs_fop_read+0x580/0x580
[ 1448.324915][T17363]  __vfs_write+0xf9/0x7d0
[ 1448.329248][T17363]  ? retint_kernel+0x10/0x10
[ 1448.333831][T17363]  ? __kernel_write+0x350/0x350
[ 1448.338669][T17363]  ? rcu_irq_exit+0xe3/0x260
[ 1448.343279][T17363]  ? __sb_start_write+0x39c/0x440
[ 1448.348303][T17363]  ? __kasan_check_read+0x11/0x20
[ 1448.353330][T17363]  vfs_write+0x275/0x590
[ 1448.357570][T17363]  ksys_write+0x16b/0x2a0
[ 1448.361902][T17363]  ? __ia32_sys_read+0x90/0x90
[ 1448.366656][T17363]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1448.372384][T17363]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1448.378098][T17363]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1448.383550][T17363]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1448.389262][T17363]  ? do_syscall_64+0x1d/0x140
[ 1448.393932][T17363]  __x64_sys_write+0x7b/0x90
[ 1448.400524][T17363]  do_syscall_64+0xfe/0x140
[ 1448.405025][T17363]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1448.410918][T17363] RIP: 0033:0x459829
[ 1448.414801][T17363] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1448.434403][T17363] RSP: 002b:00007f7deb621c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1448.442820][T17363] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1448.450803][T17363] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1448.458768][T17363] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1448.466731][T17363] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7deb6226d4
[ 1448.474698][T17363] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1448.482867][T17363] memory: usage 3620kB, limit 0kB, failcnt 489206
[ 1448.489440][T17363] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1448.496372][T17363] Memory cgroup stats for /syz2:
[ 1448.496872][T17363] anon 2174976
[ 1448.496872][T17363] file 274432
[ 1448.496872][T17363] kernel_stack 65536
[ 1448.496872][T17363] slab 1101824
[ 1448.496872][T17363] sock 0
[ 1448.496872][T17363] shmem 172032
[ 1448.496872][T17363] file_mapped 135168
[ 1448.496872][T17363] file_dirty 135168
[ 1448.496872][T17363] file_writeback 0
[ 1448.496872][T17363] anon_thp 2097152
[ 1448.496872][T17363] inactive_anon 135168
[ 1448.496872][T17363] active_anon 2174976
[ 1448.496872][T17363] inactive_file 135168
[ 1448.496872][T17363] active_file 135168
[ 1448.496872][T17363] unevictable 0
[ 1448.496872][T17363] slab_reclaimable 405504
[ 1448.496872][T17363] slab_unreclaimable 696320
[ 1448.496872][T17363] pgfault 191235
[ 1448.496872][T17363] pgmajfault 0
[ 1448.496872][T17363] workingset_refault 0
[ 1448.496872][T17363] workingset_activate 0
[ 1448.496872][T17363] workingset_nodereclaim 0
[ 1448.496872][T17363] pgrefill 0
[ 1448.496872][T17363] pgscan 0
[ 1448.496872][T17363] pgsteal 0
[ 1448.591148][T17363] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17362,uid=0
[ 1448.607035][T17363] Memory cgroup out of memory: Killed process 17362 (syz-executor.2) total-vm:72840kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1448.622876][ T1056] oom_reaper: reaped process 17362 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
14:30:03 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:03 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:03 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'})

14:30:03 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:30:03 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100)={0x7, 0x9d, 0xffff, 0x0, 0x0, [], [], [], 0xffffffffffffffc1, 0xffff})
r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x8, 0x4200)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000540)={{{@in=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@loopback}, 0x0, @in=@initdev}}, &(0x7f0000000300)=0xfffffffffffffef5)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f0000000e00)=0x80000001, 0x4)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r1, 0x28, 0x6, &(0x7f0000000080), 0x10)
r3 = getegid()
r4 = fcntl$getown(r0, 0x9)
r5 = getpgrp(0xffffffffffffffff)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000b40)=<r6=>0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000b80)=<r7=>0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000bc0)={<r8=>0x0}, &(0x7f0000000c00)=0xc)
sendmmsg$unix(r1, &(0x7f0000000dc0)=[{&(0x7f00000004c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000640)="e0c2570edf0c02", 0x7}, {&(0x7f0000000680)="f135f63a1df23c0eb7b4dc2c80457ec11d7b632f3f3a01519e648dd0a35a97c6b4cdd5423528cb3783db3241a87b125766d0770c00bebb8bb0b0ba089fc6b99fde6685bcb12196028fb487afd051758ffbba359250d51668adf1293dd0706fc47ac473eeafe42aeed4a522c9767dd2ff107cfa10b2a368e893ce86487ee0dc5b7707b9ee8b4f2331fd541836bd70b7e8f2a4d9e4e9b99f7ab6197b7fa58599c183a8cc34c720b2573422027a3fba85d683ba0530c9593cc3767c6bdbc4ea599d9391581cd12c008d121682af9c4cb3a662aca2ab9c1f", 0xd6}, {&(0x7f0000000780)="b8a300dbb76fa130fc517e0545c94a47dc9b4317a37824db855167a18f52199066", 0x21}, {&(0x7f00000007c0)="36067d03ff6719a509de3eb9510ac6934eaf522dbdff920419d2666c7dce65fda72b4a8582b22772d15dd5d0ec04fb4c08664abdc32a8d9fdd0bb9ab11eb48c4074978fc15b41828968ebdc72e126d595dca4b36c4f60c2ee37fcd1b5b049e58a5888c4d3dedb3d1f8354665747a209a2c097a76b7", 0x75}, {&(0x7f0000000840)="db86139ec77c37a91ab72311aaac480442f982dc0aad80e05eccb40bf5e169a14ec6258e224329871105872a162f83df4a584c41fe1e90e20af70ce624a64ea7e9c3d041e059c26551e3bd7dafec95c99da1e19750590bdeaf6f367db6278910b38444d2e0c645413379de0eb4bef9a98715bd582147c35057eb32a8b3b54951ea515ec236517ff8d9668461d0f39cf4c7a4038f10b21bf0b0b5f0e1be07e02d5902637b034ee8e9", 0xa8}, {&(0x7f0000000900)="a0110f69cb3c61e9d65cc2c6e0fe64783b4102bb59d2070b2d114f6240d8900b8cee97e9ae726dd9bd37705702", 0x2d}, {&(0x7f0000000940)="519dcf9b1f0958e6cba63b1576cd34bc812cff13fe6bf23782f88784e4d767a608b16c2ceed34ad3abf2451d7b32f3bd474cf98231741309efd10824b3bc711df389b6ad07c0cea93296124d4699fdab1a91b2928a385055da16d2147bfca000425fa97f58f5b2063d6b3cee0052cf72d159125633d1d8987563a9cf3f3750f43a78c09f39328534af1e99d8ebbb0ae73d37a4b3d933e58298eb1683b5f91b6b83e899a7b34802cbd6d3a1ec49ea186fdb74e87c6903418581c4b091397dafea3f6600bcf5308b1b80faec77064a4d498139dad90d2de61479fdb2eb35", 0xdd}, {&(0x7f0000000a40)="d942bdac890cae83a2795d9d7e509f94758cc00701231d4ee7c8556705b9fd6c90dd563978008bfe4012cfe68d09e6d5ddb9b675a4fe471237d66ccf63261f627980bf032dd1d15eb4505d852b0f22ed29bad8defd4ba81ac0afee", 0x5b}], 0x8, &(0x7f0000000c40)=[@rights={{0x18, 0x1, 0x1, [r1, r0]}}, @cred={{0x1c, 0x1, 0x2, {r4, r2, r3}}}, @rights={{0x34, 0x1, 0x1, [r1, r0, r1, r1, r0, r0, r1, r0, r1]}}, @rights={{0x24, 0x1, 0x1, [r1, r0, r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r5, r2, r3}}}, @cred={{0x1c, 0x1, 0x2, {r6, r2, r3}}}, @cred={{0x1c, 0x1, 0x2, {r7, r2, r3}}}, @cred={{0x1c, 0x1, 0x2, {r8, r2, r3}}}, @rights={{0x18, 0x1, 0x1, [r1, r1]}}, @rights={{0x2c, 0x1, 0x1, [r1, r1, r1, r0, r0, r1, r1]}}], 0x160, 0xc0}], 0x1, 0x20000000)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000340)={0xb0, 0x0, 0x2, [{{0x6, 0x1, 0x7, 0x3, 0x40, 0x40, {0x6, 0x7, 0xffff, 0x1f, 0x0, 0x3, 0xfff, 0xfffffffffffffff9, 0x5, 0x68fa83db, 0x8, r2, r3, 0x1, 0x8}}, {0x3, 0xff, 0x1, 0xa8, '\x00'}}]}, 0xb0)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000e80)=ANY=[@ANYBLOB="020000ff03000000a52b31c46ea512d3af07e364d6c6b3c858a6d8f661"], 0x8)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x9})
ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000e40)={'bond_slave_0\x00', {0x2, 0x7, @dev={0xac, 0x14, 0x14, 0x1d}}})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000002c0)=ANY=[@ANYBLOB="fdffffff", @ANYRES32=<r9=>0x0], &(0x7f0000000400)=0x8)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000440)={r9, 0xa56}, &(0x7f0000000480)=0x8)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000000280)=0xb3)

14:30:03 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xfdfdffff})

[ 1448.771074][T17354] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1448.781084][T17354] CPU: 0 PID: 17354 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1448.788715][T17354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1448.798949][T17354] Call Trace:
[ 1448.802258][T17354]  dump_stack+0x1d8/0x2f8
[ 1448.806618][T17354]  dump_header+0xd8/0x970
[ 1448.810948][T17354]  oom_kill_process+0xcd/0x320
[ 1448.815716][T17354]  out_of_memory+0x5e1/0x8a0
14:30:03 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'})

[ 1448.820316][T17354]  ? unregister_oom_notifier+0x20/0x20
[ 1448.825780][T17354]  ? __kasan_check_read+0x11/0x20
[ 1448.830811][T17354]  try_charge+0x134a/0x17b0
[ 1448.835421][T17354]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1448.841232][T17354]  ? __lock_acquire+0x4750/0x4750
[ 1448.846264][T17354]  ? rcu_lock_release+0x15/0x20
[ 1448.851115][T17354]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1448.856668][T17354]  mem_cgroup_try_charge+0x216/0x560
[ 1448.861961][T17354]  mem_cgroup_try_charge_delay+0x25/0xa0
14:30:03 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

[ 1448.867630][T17354]  wp_page_copy+0x367/0x18c0
[ 1448.872227][T17354]  ? rcu_lock_release+0x30/0x30
[ 1448.877071][T17354]  ? __lock_acquire+0x4750/0x4750
[ 1448.882093][T17354]  ? __kasan_check_read+0x11/0x20
[ 1448.887120][T17354]  ? do_raw_spin_unlock+0x49/0x260
[ 1448.892246][T17354]  do_wp_page+0x2c9/0x1ce0
[ 1448.896678][T17354]  ? __rwlock_init+0x130/0x130
[ 1448.901445][T17354]  ? count_memcg_event_mm+0x300/0x300
[ 1448.906829][T17354]  handle_mm_fault+0x2bcf/0x6080
[ 1448.911783][T17354]  ? finish_fault+0x230/0x230
[ 1448.916471][T17354]  ? vmacache_find+0x251/0x5b0
[ 1448.921240][T17354]  do_user_addr_fault+0x589/0xaf0
[ 1448.926272][T17354]  __do_page_fault+0xd3/0x1f0
[ 1448.930957][T17354]  do_page_fault+0x99/0xb0
[ 1448.935375][T17354]  page_fault+0x39/0x40
[ 1448.939518][T17354] RIP: 0033:0x4034f2
[ 1448.939530][T17354] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1448.939535][T17354] RSP: 002b:00007fffe9965c40 EFLAGS: 00010246
[ 1448.939544][T17354] RAX: 0000000000000000 RBX: 00000000001618ed RCX: 0000000000413430
[ 1448.939550][T17354] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffe9966d70
[ 1448.939556][T17354] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555569af940
[ 1448.939562][T17354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffe9966d70
[ 1448.939568][T17354] R13: 00007fffe9966d60 R14: 0000000000000000 R15: 00007fffe9966d70
[ 1448.939788][T17354] memory: usage 1248kB, limit 0kB, failcnt 489225
14:30:04 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x2})

[ 1449.015951][T17354] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1449.022872][T17354] Memory cgroup stats for /syz2:
[ 1449.022958][T17354] anon 69632
[ 1449.022958][T17354] file 274432
[ 1449.022958][T17354] kernel_stack 0
[ 1449.022958][T17354] slab 1101824
[ 1449.022958][T17354] sock 0
[ 1449.022958][T17354] shmem 172032
[ 1449.022958][T17354] file_mapped 135168
[ 1449.022958][T17354] file_dirty 135168
[ 1449.022958][T17354] file_writeback 0
[ 1449.022958][T17354] anon_thp 0
[ 1449.022958][T17354] inactive_anon 135168
[ 1449.022958][T17354] active_anon 69632
[ 1449.022958][T17354] inactive_file 135168
[ 1449.022958][T17354] active_file 135168
[ 1449.022958][T17354] unevictable 0
[ 1449.022958][T17354] slab_reclaimable 405504
[ 1449.022958][T17354] slab_unreclaimable 696320
[ 1449.022958][T17354] pgfault 191235
[ 1449.022958][T17354] pgmajfault 0
[ 1449.022958][T17354] workingset_refault 0
[ 1449.022958][T17354] workingset_activate 0
[ 1449.022958][T17354] workingset_nodereclaim 0
[ 1449.022958][T17354] pgrefill 0
[ 1449.022958][T17354] pgscan 0
[ 1449.022958][T17354] pgsteal 0
[ 1449.022958][T17354] pgactivate 0
[ 1449.118876][T17354] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17354,uid=0
[ 1449.134438][T17354] Memory cgroup out of memory: Killed process 17354 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
14:30:04 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'})

14:30:04 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xfe0f0000})

[ 1449.163016][ T1056] oom_reaper: reaped process 17354 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:30:04 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x3})

14:30:05 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:05 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:05 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:05 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'})

14:30:05 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x4})

14:30:05 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xff0f0000})

14:30:05 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:05 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'})

14:30:05 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x5})

14:30:05 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xdf0e0000})

14:30:05 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:05 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x6})

14:30:05 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:05 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00'})

14:30:05 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x7})

14:30:05 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'})

14:30:05 executing program 3:
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040))

14:30:06 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xfffffdfd})

14:30:06 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x8})

14:30:06 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'})

14:30:06 executing program 3:
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040))

14:30:06 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xdf0e0000})

[ 1452.704337][T17472] IPVS: ftp: loaded support on port[0] = 21
[ 1452.902326][T17472] chnl_net:caif_netlink_parms(): no params data found
[ 1452.928415][T17472] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1452.935499][T17472] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1452.943331][T17472] device bridge_slave_0 entered promiscuous mode
[ 1452.951960][T17472] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1452.959085][T17472] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1452.967000][T17472] device bridge_slave_1 entered promiscuous mode
[ 1453.112880][T17472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1453.123796][T17472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1453.142137][T17472] team0: Port device team_slave_0 added
[ 1453.280326][T17472] team0: Port device team_slave_1 added
[ 1453.330869][T17472] device hsr_slave_0 entered promiscuous mode
[ 1453.368147][T17472] device hsr_slave_1 entered promiscuous mode
[ 1453.417792][T17472] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1453.426877][  T788] device bridge_slave_1 left promiscuous mode
[ 1453.433139][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1453.468548][  T788] device bridge_slave_0 left promiscuous mode
[ 1453.474914][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1453.519736][  T788] device bridge_slave_1 left promiscuous mode
[ 1453.525905][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1453.568515][  T788] device bridge_slave_0 left promiscuous mode
[ 1453.574672][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1457.138148][  T788] device hsr_slave_0 left promiscuous mode
[ 1457.197820][  T788] device hsr_slave_1 left promiscuous mode
[ 1457.244233][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1457.254766][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1457.267097][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1457.313887][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1457.405567][  T788] bond0 (unregistering): Released all slaves
[ 1457.518312][  T788] device hsr_slave_0 left promiscuous mode
[ 1457.567968][  T788] device hsr_slave_1 left promiscuous mode
[ 1457.618182][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1457.630429][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1457.641151][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1457.681719][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1457.747582][  T788] bond0 (unregistering): Released all slaves
[ 1457.855567][T17472] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1457.862722][T17472] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1457.870156][T17472] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1457.877218][T17472] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1457.886312][T14533] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1457.894461][T14533] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1457.933965][T17472] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1457.944281][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1457.952399][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1457.973821][T17472] 8021q: adding VLAN 0 to HW filter on device team0
[ 1458.079971][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1458.088839][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1458.097484][T13744] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1458.104615][T13744] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1458.143829][T17472] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1458.154443][T17472] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1458.167346][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1458.176268][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1458.184712][T13744] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1458.191837][T13744] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1458.200155][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1458.209064][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1458.217703][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1458.226342][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1458.234786][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1458.243467][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1458.252050][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1458.260436][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1458.268909][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1458.277325][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1458.293645][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1458.301672][T13744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1458.321056][T17472] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1458.594060][T17480] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1458.604505][T17480] CPU: 0 PID: 17480 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1458.612141][T17480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1458.622204][T17480] Call Trace:
[ 1458.625505][T17480]  dump_stack+0x1d8/0x2f8
[ 1458.629852][T17480]  dump_header+0xd8/0x970
[ 1458.634281][T17480]  oom_kill_process+0xcd/0x320
[ 1458.639050][T17480]  out_of_memory+0x5e1/0x8a0
[ 1458.643649][T17480]  ? unregister_oom_notifier+0x20/0x20
[ 1458.649102][T17480]  ? __kasan_check_read+0x11/0x20
[ 1458.654131][T17480]  try_charge+0x134a/0x17b0
[ 1458.659137][T17480]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1458.664950][T17480]  ? __lock_acquire+0x4750/0x4750
[ 1458.669983][T17480]  ? rcu_lock_release+0x15/0x20
[ 1458.674836][T17480]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1458.680375][T17480]  mem_cgroup_try_charge+0x216/0x560
[ 1458.685658][T17480]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1458.691284][T17480]  handle_mm_fault+0x31f3/0x6080
[ 1458.696241][T17480]  ? finish_fault+0x230/0x230
[ 1458.700921][T17480]  ? vmacache_find+0x566/0x5b0
[ 1458.705671][T17480]  ? vmacache_update+0xb7/0x120
[ 1458.710524][T17480]  do_user_addr_fault+0x589/0xaf0
[ 1458.715547][T17480]  __do_page_fault+0xd3/0x1f0
[ 1458.720219][T17480]  do_page_fault+0x99/0xb0
[ 1458.724628][T17480]  page_fault+0x39/0x40
[ 1458.728775][T17480] RIP: 0033:0x41116f
[ 1458.732664][T17480] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1458.752270][T17480] RSP: 002b:00007ffc391b93d0 EFLAGS: 00010206
[ 1458.758356][T17480] RAX: 00007efedbc43000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1458.766330][T17480] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1458.774313][T17480] RBP: 00007ffc391b94b0 R08: ffffffffffffffff R09: 0000000000000000
[ 1458.782281][T17480] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc391b95a0
[ 1458.790250][T17480] R13: 00007efedbc63700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1458.798349][T17480] memory: usage 3552kB, limit 0kB, failcnt 489234
[ 1458.804771][T17480] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1458.811680][T17480] Memory cgroup stats for /syz2:
[ 1458.811780][T17480] anon 2183168
[ 1458.811780][T17480] file 274432
[ 1458.811780][T17480] kernel_stack 65536
[ 1458.811780][T17480] slab 1101824
[ 1458.811780][T17480] sock 0
[ 1458.811780][T17480] shmem 172032
[ 1458.811780][T17480] file_mapped 135168
[ 1458.811780][T17480] file_dirty 135168
[ 1458.811780][T17480] file_writeback 0
[ 1458.811780][T17480] anon_thp 2097152
[ 1458.811780][T17480] inactive_anon 135168
[ 1458.811780][T17480] active_anon 2183168
[ 1458.811780][T17480] inactive_file 135168
[ 1458.811780][T17480] active_file 135168
[ 1458.811780][T17480] unevictable 0
[ 1458.811780][T17480] slab_reclaimable 405504
[ 1458.811780][T17480] slab_unreclaimable 696320
[ 1458.811780][T17480] pgfault 191301
[ 1458.811780][T17480] pgmajfault 0
[ 1458.811780][T17480] workingset_refault 0
[ 1458.811780][T17480] workingset_activate 0
[ 1458.811780][T17480] workingset_nodereclaim 0
[ 1458.811780][T17480] pgrefill 0
[ 1458.811780][T17480] pgscan 0
[ 1458.811780][T17480] pgsteal 0
[ 1458.905502][T17480] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17480,uid=0
[ 1458.921046][T17480] Memory cgroup out of memory: Killed process 17480 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[ 1458.940988][ T1056] oom_reaper: reaped process 17480 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
14:30:14 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:14 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'})

14:30:14 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x9})

14:30:14 executing program 3:
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040))

14:30:14 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xdf0e0000})

14:30:14 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x1000000000000})

[ 1459.058589][T17472] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1459.068664][T17472] CPU: 1 PID: 17472 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1459.076299][T17472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1459.086350][T17472] Call Trace:
[ 1459.089650][T17472]  dump_stack+0x1d8/0x2f8
[ 1459.093979][T17472]  dump_header+0xd8/0x970
[ 1459.098309][T17472]  oom_kill_process+0xcd/0x320
[ 1459.103069][T17472]  out_of_memory+0x5e1/0x8a0
[ 1459.107657][T17472]  ? unregister_oom_notifier+0x20/0x20
[ 1459.113110][T17472]  ? __kasan_check_read+0x11/0x20
[ 1459.118144][T17472]  try_charge+0x134a/0x17b0
[ 1459.122665][T17472]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1459.128497][T17472]  ? __lock_acquire+0x4750/0x4750
[ 1459.133537][T17472]  ? rcu_lock_release+0x15/0x20
[ 1459.138400][T17472]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1459.138412][T17472]  mem_cgroup_try_charge+0x216/0x560
[ 1459.138428][T17472]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1459.138440][T17472]  wp_page_copy+0x367/0x18c0
[ 1459.138461][T17472]  ? rcu_lock_release+0x30/0x30
[ 1459.138474][T17472]  ? __lock_acquire+0x4750/0x4750
[ 1459.138496][T17472]  ? __kasan_check_read+0x11/0x20
[ 1459.138504][T17472]  ? do_raw_spin_unlock+0x49/0x260
[ 1459.138516][T17472]  do_wp_page+0x2c9/0x1ce0
[ 1459.138532][T17472]  ? __rwlock_init+0x130/0x130
[ 1459.138542][T17472]  ? count_memcg_event_mm+0x300/0x300
[ 1459.138559][T17472]  handle_mm_fault+0x2bcf/0x6080
[ 1459.138581][T17472]  ? finish_fault+0x230/0x230
[ 1459.203521][T17472]  ? vmacache_find+0x566/0x5b0
[ 1459.208272][T17472]  ? vmacache_update+0xb7/0x120
[ 1459.213114][T17472]  do_user_addr_fault+0x589/0xaf0
[ 1459.218140][T17472]  __do_page_fault+0xd3/0x1f0
[ 1459.222802][T17472]  do_page_fault+0x99/0xb0
[ 1459.227212][T17472]  page_fault+0x39/0x40
[ 1459.231438][T17472] RIP: 0033:0x430906
[ 1459.235318][T17472] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1459.254926][T17472] RSP: 002b:00007ffc391b83e0 EFLAGS: 00010206
[ 1459.260984][T17472] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1459.268945][T17472] RDX: 0000555556fbd930 RSI: 0000555556fc5970 RDI: 0000000000000003
[ 1459.276901][T17472] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556fbc940
[ 1459.284954][T17472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1459.292913][T17472] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1459.301653][T17472] memory: usage 1220kB, limit 0kB, failcnt 489243
14:30:14 executing program 3:
r0 = syz_open_dev$sndctrl(0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:14 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'})

14:30:14 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00'})

14:30:14 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xa})

[ 1459.308105][T17472] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1459.314945][T17472] Memory cgroup stats for /syz2:
[ 1459.315032][T17472] anon 40960
[ 1459.315032][T17472] file 274432
[ 1459.315032][T17472] kernel_stack 0
[ 1459.315032][T17472] slab 1101824
[ 1459.315032][T17472] sock 0
[ 1459.315032][T17472] shmem 172032
[ 1459.315032][T17472] file_mapped 135168
[ 1459.315032][T17472] file_dirty 135168
[ 1459.315032][T17472] file_writeback 0
[ 1459.315032][T17472] anon_thp 0
[ 1459.315032][T17472] inactive_anon 135168
[ 1459.315032][T17472] active_anon 40960
[ 1459.315032][T17472] inactive_file 135168
[ 1459.315032][T17472] active_file 135168
[ 1459.315032][T17472] unevictable 0
[ 1459.315032][T17472] slab_reclaimable 405504
[ 1459.315032][T17472] slab_unreclaimable 696320
[ 1459.315032][T17472] pgfault 191301
[ 1459.315032][T17472] pgmajfault 0
[ 1459.315032][T17472] workingset_refault 0
[ 1459.315032][T17472] workingset_activate 0
[ 1459.315032][T17472] workingset_nodereclaim 0
[ 1459.315032][T17472] pgrefill 0
[ 1459.315032][T17472] pgscan 0
[ 1459.315032][T17472] pgsteal 0
[ 1459.315032][T17472] pgactivate 0
[ 1459.410734][T17472] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17472,uid=0
[ 1459.410813][T17472] Memory cgroup out of memory: Killed process 17472 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB
[ 1459.441446][ T1056] oom_reaper: reaped process 17472 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:30:14 executing program 3:
r0 = syz_open_dev$sndctrl(0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:14 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xb})

14:30:15 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:15 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00'})

14:30:15 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xc})

14:30:15 executing program 3:
r0 = syz_open_dev$sndctrl(0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:15 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:15 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xc000000000000})

14:30:15 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:15 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'})

14:30:15 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xd})

14:30:15 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:15 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

14:30:15 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xe})

[ 1460.625011][T17524] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1460.637225][T17524] CPU: 0 PID: 17524 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1460.644868][T17524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1460.654929][T17524] Call Trace:
[ 1460.658751][T17524]  dump_stack+0x1d8/0x2f8
[ 1460.663090][T17524]  dump_header+0xd8/0x970
[ 1460.667423][T17524]  oom_kill_process+0xcd/0x320
[ 1460.672186][T17524]  out_of_memory+0x5e1/0x8a0
[ 1460.676775][T17524]  ? unregister_oom_notifier+0x20/0x20
[ 1460.682235][T17524]  ? __kasan_check_read+0x11/0x20
[ 1460.687262][T17524]  try_charge+0x134a/0x17b0
[ 1460.691783][T17524]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1460.697595][T17524]  ? rcu_lock_release+0x4/0x20
[ 1460.702361][T17524]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1460.707911][T17524]  ? memcg_kmem_put_cache+0x50/0x50
[ 1460.713112][T17524]  ? rcu_lock_release+0x15/0x20
[ 1460.717956][T17524]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1460.723513][T17524]  __memcg_kmem_charge+0x105/0x340
[ 1460.728729][T17524]  __alloc_pages_nodemask+0x377/0x790
[ 1460.734117][T17524]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1460.739674][T17524]  ? __put_page+0x12b/0x170
[ 1460.744184][T17524]  ? do_huge_pmd_anonymous_page+0xed2/0x1cf0
[ 1460.750179][T17524]  alloc_pages_current+0x2db/0x500
[ 1460.755305][T17524]  pte_alloc_one+0x1f/0x180
[ 1460.759813][T17524]  __pte_alloc+0x20/0x2f0
[ 1460.764156][T17524]  handle_mm_fault+0x54c4/0x6080
[ 1460.769128][T17524]  ? finish_fault+0x230/0x230
[ 1460.773831][T17524]  ? vmacache_find+0x566/0x5b0
[ 1460.778596][T17524]  ? vmacache_update+0xb7/0x120
[ 1460.783462][T17524]  do_user_addr_fault+0x589/0xaf0
[ 1460.788497][T17524]  __do_page_fault+0xd3/0x1f0
[ 1460.793182][T17524]  do_page_fault+0x99/0xb0
[ 1460.797601][T17524]  page_fault+0x39/0x40
[ 1460.801776][T17524] RIP: 0033:0x400644
[ 1460.805676][T17524] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 54 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
[ 1460.825285][T17524] RSP: 002b:00007ffefd19c310 EFLAGS: 00010202
[ 1460.831361][T17524] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000000000000000
[ 1460.839338][T17524] RDX: 0000000000000000 RSI: 000000002025c000 RDI: 0000000000000002
[ 1460.847313][T17524] RBP: 00000000007622f0 R08: 0000000000000000 R09: 0000000000000000
[ 1460.855289][T17524] R10: 0000000000439100 R11: 0000000000000012 R12: 00000000004c5c44
[ 1460.863288][T17524] R13: 000000000000012c R14: 00000000007622f8 R15: fffffffffffffffe
[ 1460.871956][T17524] memory: usage 262824kB, limit 0kB, failcnt 9
[ 1460.878171][T17524] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1460.885010][T17524] Memory cgroup stats for /syz4:
[ 1460.885119][T17524] anon 9236480
[ 1460.885119][T17524] file 247037952
[ 1460.885119][T17524] kernel_stack 851968
[ 1460.885119][T17524] slab 7991296
[ 1460.885119][T17524] sock 0
[ 1460.885119][T17524] shmem 246845440
[ 1460.885119][T17524] file_mapped 211673088
[ 1460.885119][T17524] file_dirty 0
[ 1460.885119][T17524] file_writeback 0
[ 1460.885119][T17524] anon_thp 6291456
[ 1460.885119][T17524] inactive_anon 211673088
[ 1460.885119][T17524] active_anon 44392448
[ 1460.885119][T17524] inactive_file 135168
[ 1460.885119][T17524] active_file 0
[ 1460.885119][T17524] unevictable 0
[ 1460.885119][T17524] slab_reclaimable 2973696
[ 1460.885119][T17524] slab_unreclaimable 5017600
[ 1460.885119][T17524] pgfault 354618
[ 1460.885119][T17524] pgmajfault 0
[ 1460.885119][T17524] workingset_refault 0
[ 1460.885119][T17524] workingset_activate 0
[ 1460.885119][T17524] workingset_nodereclaim 0
[ 1460.885119][T17524] pgrefill 0
[ 1460.885119][T17524] pgscan 0
[ 1460.885119][T17524] pgsteal 0
[ 1460.979314][T17524] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9570,uid=0
[ 1460.994744][T17524] Memory cgroup out of memory: Killed process 9570 (syz-executor.4) total-vm:72836kB, anon-rss:160kB, file-rss:35784kB, shmem-rss:11480kB
[ 1461.011224][ T1056] oom_reaper: reaped process 9570 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:11480kB
[ 1461.023718][T17525] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1461.036657][T17525] CPU: 1 PID: 17525 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1461.044303][T17525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1461.054370][T17525] Call Trace:
[ 1461.057669][T17525]  dump_stack+0x1d8/0x2f8
[ 1461.062002][T17525]  dump_header+0xd8/0x970
[ 1461.066335][T17525]  oom_kill_process+0xcd/0x320
[ 1461.071101][T17525]  out_of_memory+0x5e1/0x8a0
14:30:16 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x10})

14:30:16 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'})

[ 1461.075699][T17525]  ? unregister_oom_notifier+0x20/0x20
[ 1461.081170][T17525]  memory_max_write+0x537/0x6a0
[ 1461.086039][T17525]  ? memory_max_show+0xa0/0xa0
[ 1461.090810][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1461.096270][T17525]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1461.101555][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1461.107105][T17525]  ? retint_kernel+0x10/0x10
[ 1461.111704][T17525]  ? memory_max_show+0xa0/0xa0
[ 1461.116471][T17525]  cgroup_file_write+0x27b/0x6e0
[ 1461.121461][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1461.126759][T17525]  ? kernfs_fop_write+0x349/0x4f0
[ 1461.131781][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1461.136890][T17525]  kernfs_fop_write+0x3e4/0x4f0
[ 1461.141746][T17525]  ? kernfs_fop_read+0x580/0x580
[ 1461.146684][T17525]  __vfs_write+0xf9/0x7d0
[ 1461.151015][T17525]  ? rcu_irq_exit+0xe3/0x260
[ 1461.155605][T17525]  ? __kernel_write+0x350/0x350
[ 1461.160475][T17525]  ? __sb_start_write+0x39c/0x440
[ 1461.165506][T17525]  vfs_write+0x275/0x590
[ 1461.169758][T17525]  ksys_write+0x16b/0x2a0
[ 1461.174099][T17525]  ? __ia32_sys_read+0x90/0x90
[ 1461.178867][T17525]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1461.184594][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1461.190057][T17525]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1461.195781][T17525]  ? do_syscall_64+0x1d/0x140
[ 1461.200466][T17525]  __x64_sys_write+0x7b/0x90
[ 1461.205076][T17525]  do_syscall_64+0xfe/0x140
[ 1461.209589][T17525]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1461.215486][T17525] RIP: 0033:0x459829
14:30:16 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040))

[ 1461.219379][T17525] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1461.238986][T17525] RSP: 002b:00007f5cf6807c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1461.247407][T17525] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1461.255379][T17525] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1461.263348][T17525] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
14:30:16 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'})

[ 1461.271325][T17525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5cf68086d4
[ 1461.271332][T17525] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1461.271687][T17525] memory: usage 262700kB, limit 0kB, failcnt 10
[ 1461.287597][T17525] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1461.300691][T17525] Memory cgroup stats for /syz4:
[ 1461.303851][T17525] anon 9101312
[ 1461.303851][T17525] file 247037952
[ 1461.303851][T17525] kernel_stack 851968
[ 1461.303851][T17525] slab 7991296
[ 1461.303851][T17525] sock 0
[ 1461.303851][T17525] shmem 246845440
[ 1461.303851][T17525] file_mapped 211673088
[ 1461.303851][T17525] file_dirty 0
[ 1461.303851][T17525] file_writeback 0
[ 1461.303851][T17525] anon_thp 6291456
[ 1461.303851][T17525] inactive_anon 211673088
[ 1461.303851][T17525] active_anon 44257280
[ 1461.303851][T17525] inactive_file 135168
[ 1461.303851][T17525] active_file 0
[ 1461.303851][T17525] unevictable 0
[ 1461.303851][T17525] slab_reclaimable 2973696
[ 1461.303851][T17525] slab_unreclaimable 5017600
[ 1461.303851][T17525] pgfault 354618
[ 1461.303851][T17525] pgmajfault 0
[ 1461.303851][T17525] workingset_refault 0
[ 1461.303851][T17525] workingset_activate 0
[ 1461.303851][T17525] workingset_nodereclaim 0
[ 1461.303851][T17525] pgrefill 0
[ 1461.303851][T17525] pgscan 0
[ 1461.303851][T17525] pgsteal 0
[ 1461.398239][T17525] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7464,uid=0
[ 1461.414123][T17525] Memory cgroup out of memory: Killed process 7464 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35792kB, shmem-rss:11480kB
[ 1461.431819][ T1056] oom_reaper: reaped process 7464 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:11480kB
[ 1461.444551][T17525] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1461.455179][T17525] CPU: 1 PID: 17525 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1461.462812][T17525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1461.472869][T17525] Call Trace:
[ 1461.476169][T17525]  dump_stack+0x1d8/0x2f8
[ 1461.480506][T17525]  dump_header+0xd8/0x970
[ 1461.484845][T17525]  oom_kill_process+0xcd/0x320
[ 1461.489636][T17525]  out_of_memory+0x5e1/0x8a0
[ 1461.494227][T17525]  ? unregister_oom_notifier+0x20/0x20
[ 1461.499690][T17525]  memory_max_write+0x537/0x6a0
[ 1461.504549][T17525]  ? memory_max_show+0xa0/0xa0
[ 1461.509311][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1461.514784][T17525]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1461.520067][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1461.525528][T17525]  ? retint_kernel+0x10/0x10
[ 1461.530123][T17525]  ? memory_max_show+0xa0/0xa0
[ 1461.534890][T17525]  cgroup_file_write+0x27b/0x6e0
[ 1461.539829][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1461.544945][T17525]  ? kernfs_fop_write+0x349/0x4f0
[ 1461.549972][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1461.555087][T17525]  kernfs_fop_write+0x3e4/0x4f0
[ 1461.559940][T17525]  ? kernfs_fop_read+0x580/0x580
[ 1461.564877][T17525]  __vfs_write+0xf9/0x7d0
[ 1461.569209][T17525]  ? rcu_irq_exit+0xe3/0x260
[ 1461.573811][T17525]  ? __kernel_write+0x350/0x350
[ 1461.578684][T17525]  ? __sb_start_write+0x39c/0x440
[ 1461.583714][T17525]  vfs_write+0x275/0x590
[ 1461.587968][T17525]  ksys_write+0x16b/0x2a0
[ 1461.592298][T17525]  ? __ia32_sys_read+0x90/0x90
[ 1461.597059][T17525]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1461.602777][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1461.608234][T17525]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1461.608246][T17525]  ? do_syscall_64+0x1d/0x140
[ 1461.608259][T17525]  __x64_sys_write+0x7b/0x90
[ 1461.608270][T17525]  do_syscall_64+0xfe/0x140
[ 1461.608285][T17525]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1461.608295][T17525] RIP: 0033:0x459829
[ 1461.608306][T17525] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1461.608313][T17525] RSP: 002b:00007f5cf6807c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1461.608324][T17525] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1461.608331][T17525] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1461.608337][T17525] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1461.608343][T17525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5cf68086d4
[ 1461.608350][T17525] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1461.608707][T17525] memory: usage 262584kB, limit 0kB, failcnt 10
[ 1461.618854][T17525] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1461.719542][T17525] Memory cgroup stats for /syz4:
[ 1461.721114][T17525] anon 8953856
[ 1461.721114][T17525] file 247037952
[ 1461.721114][T17525] kernel_stack 851968
[ 1461.721114][T17525] slab 7991296
[ 1461.721114][T17525] sock 0
[ 1461.721114][T17525] shmem 246845440
[ 1461.721114][T17525] file_mapped 211673088
[ 1461.721114][T17525] file_dirty 0
[ 1461.721114][T17525] file_writeback 0
[ 1461.721114][T17525] anon_thp 6291456
[ 1461.721114][T17525] inactive_anon 211673088
[ 1461.721114][T17525] active_anon 44257280
[ 1461.721114][T17525] inactive_file 135168
[ 1461.721114][T17525] active_file 0
[ 1461.721114][T17525] unevictable 0
[ 1461.721114][T17525] slab_reclaimable 2973696
[ 1461.721114][T17525] slab_unreclaimable 5017600
[ 1461.721114][T17525] pgfault 354618
[ 1461.721114][T17525] pgmajfault 0
[ 1461.721114][T17525] workingset_refault 0
[ 1461.721114][T17525] workingset_activate 0
[ 1461.721114][T17525] workingset_nodereclaim 0
[ 1461.721114][T17525] pgrefill 0
[ 1461.721114][T17525] pgscan 0
[ 1461.721114][T17525] pgsteal 0
[ 1461.816921][T17525] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7426,uid=0
[ 1461.817310][T17525] Memory cgroup out of memory: Killed process 7426 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35792kB, shmem-rss:11480kB
[ 1461.849372][ T1056] oom_reaper: reaped process 7426 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:11480kB
[ 1461.865718][T17525] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1461.876023][T17525] CPU: 1 PID: 17525 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1461.883654][T17525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1461.893707][T17525] Call Trace:
[ 1461.897006][T17525]  dump_stack+0x1d8/0x2f8
[ 1461.901341][T17525]  dump_header+0xd8/0x970
[ 1461.905679][T17525]  oom_kill_process+0xcd/0x320
[ 1461.910526][T17525]  out_of_memory+0x5e1/0x8a0
[ 1461.915116][T17525]  ? unregister_oom_notifier+0x20/0x20
[ 1461.920577][T17525]  memory_max_write+0x537/0x6a0
[ 1461.925440][T17525]  ? memory_max_show+0xa0/0xa0
[ 1461.930207][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1461.935690][T17525]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1461.940969][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1461.946432][T17525]  ? retint_kernel+0x10/0x10
[ 1461.951026][T17525]  ? memory_max_show+0xa0/0xa0
[ 1461.955875][T17525]  cgroup_file_write+0x27b/0x6e0
[ 1461.960815][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1461.965928][T17525]  ? kernfs_fop_write+0x349/0x4f0
[ 1461.970959][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1461.976069][T17525]  kernfs_fop_write+0x3e4/0x4f0
[ 1461.980920][T17525]  ? kernfs_fop_read+0x580/0x580
[ 1461.985859][T17525]  __vfs_write+0xf9/0x7d0
[ 1461.990192][T17525]  ? rcu_irq_exit+0xe3/0x260
[ 1461.994778][T17525]  ? __kernel_write+0x350/0x350
[ 1461.999653][T17525]  ? __sb_start_write+0x39c/0x440
[ 1462.004685][T17525]  vfs_write+0x275/0x590
[ 1462.008927][T17525]  ksys_write+0x16b/0x2a0
[ 1462.013254][T17525]  ? __ia32_sys_read+0x90/0x90
[ 1462.018014][T17525]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1462.023733][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1462.029290][T17525]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1462.035021][T17525]  ? do_syscall_64+0x1d/0x140
[ 1462.039710][T17525]  __x64_sys_write+0x7b/0x90
[ 1462.044307][T17525]  do_syscall_64+0xfe/0x140
[ 1462.048812][T17525]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1462.054715][T17525] RIP: 0033:0x459829
[ 1462.058614][T17525] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1462.078220][T17525] RSP: 002b:00007f5cf6807c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1462.086638][T17525] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1462.094616][T17525] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1462.102587][T17525] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1462.110564][T17525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5cf68086d4
[ 1462.118622][T17525] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1462.126760][T17525] memory: usage 262468kB, limit 0kB, failcnt 10
[ 1462.133175][T17525] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1462.140236][T17525] Memory cgroup stats for /syz4:
[ 1462.143459][T17525] anon 8818688
[ 1462.143459][T17525] file 247037952
[ 1462.143459][T17525] kernel_stack 851968
[ 1462.143459][T17525] slab 7991296
[ 1462.143459][T17525] sock 0
[ 1462.143459][T17525] shmem 246845440
[ 1462.143459][T17525] file_mapped 176394240
[ 1462.143459][T17525] file_dirty 0
[ 1462.143459][T17525] file_writeback 0
[ 1462.143459][T17525] anon_thp 6291456
[ 1462.143459][T17525] inactive_anon 176394240
[ 1462.143459][T17525] active_anon 79265792
[ 1462.143459][T17525] inactive_file 135168
[ 1462.143459][T17525] active_file 0
[ 1462.143459][T17525] unevictable 0
[ 1462.143459][T17525] slab_reclaimable 2973696
[ 1462.143459][T17525] slab_unreclaimable 5017600
[ 1462.143459][T17525] pgfault 354618
[ 1462.143459][T17525] pgmajfault 0
[ 1462.143459][T17525] workingset_refault 0
[ 1462.143459][T17525] workingset_activate 0
[ 1462.143459][T17525] workingset_nodereclaim 0
[ 1462.143459][T17525] pgrefill 0
[ 1462.143459][T17525] pgscan 0
[ 1462.143459][T17525] pgsteal 0
[ 1462.237819][T17525] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7382,uid=0
[ 1462.253879][T17525] Memory cgroup out of memory: Killed process 7382 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35792kB, shmem-rss:11480kB
[ 1462.273003][T17525] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1462.283446][T17525] CPU: 1 PID: 17525 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1462.291099][T17525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1462.301154][T17525] Call Trace:
[ 1462.304453][T17525]  dump_stack+0x1d8/0x2f8
[ 1462.308792][T17525]  dump_header+0xd8/0x970
[ 1462.313123][T17525]  oom_kill_process+0xcd/0x320
[ 1462.317888][T17525]  out_of_memory+0x5e1/0x8a0
[ 1462.322744][T17525]  ? unregister_oom_notifier+0x20/0x20
[ 1462.328203][T17525]  ? trace_hardirqs_on+0x74/0x80
[ 1462.333147][T17525]  memory_max_write+0x537/0x6a0
[ 1462.338014][T17525]  ? memory_max_show+0xa0/0xa0
[ 1462.342775][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1462.348234][T17525]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1462.353514][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1462.358981][T17525]  ? retint_kernel+0x10/0x10
[ 1462.363574][T17525]  ? memory_max_show+0xa0/0xa0
[ 1462.368338][T17525]  cgroup_file_write+0x27b/0x6e0
[ 1462.373275][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1462.378385][T17525]  ? kernfs_fop_write+0x349/0x4f0
[ 1462.383406][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1462.388518][T17525]  kernfs_fop_write+0x3e4/0x4f0
[ 1462.393372][T17525]  ? kernfs_fop_read+0x580/0x580
[ 1462.398305][T17525]  __vfs_write+0xf9/0x7d0
[ 1462.402635][T17525]  ? rcu_irq_exit+0xe3/0x260
[ 1462.407220][T17525]  ? __kernel_write+0x350/0x350
[ 1462.412084][T17525]  ? __sb_start_write+0x39c/0x440
[ 1462.417118][T17525]  vfs_write+0x275/0x590
[ 1462.421366][T17525]  ksys_write+0x16b/0x2a0
[ 1462.425695][T17525]  ? __ia32_sys_read+0x90/0x90
[ 1462.430450][T17525]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1462.436168][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1462.441636][T17525]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1462.447359][T17525]  ? do_syscall_64+0x1d/0x140
[ 1462.452041][T17525]  __x64_sys_write+0x7b/0x90
[ 1462.456638][T17525]  do_syscall_64+0xfe/0x140
[ 1462.461232][T17525]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1462.467129][T17525] RIP: 0033:0x459829
[ 1462.471025][T17525] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1462.490718][T17525] RSP: 002b:00007f5cf6807c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1462.499151][T17525] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1462.507124][T17525] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1462.515093][T17525] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1462.523066][T17525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5cf68086d4
[ 1462.531039][T17525] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1462.539186][T17525] memory: usage 215632kB, limit 0kB, failcnt 15
[ 1462.545587][T17525] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1462.552575][T17525] Memory cgroup stats for /syz4:
[ 1462.555610][T17525] anon 8679424
[ 1462.555610][T17525] file 199970816
[ 1462.555610][T17525] kernel_stack 786432
[ 1462.555610][T17525] slab 7991296
[ 1462.555610][T17525] sock 0
[ 1462.555610][T17525] shmem 199778304
[ 1462.555610][T17525] file_mapped 164634624
[ 1462.555610][T17525] file_dirty 0
[ 1462.555610][T17525] file_writeback 0
[ 1462.555610][T17525] anon_thp 6291456
[ 1462.555610][T17525] inactive_anon 164634624
[ 1462.555610][T17525] active_anon 43986944
[ 1462.555610][T17525] inactive_file 135168
[ 1462.555610][T17525] active_file 0
[ 1462.555610][T17525] unevictable 0
[ 1462.555610][T17525] slab_reclaimable 2973696
[ 1462.555610][T17525] slab_unreclaimable 5017600
[ 1462.555610][T17525] pgfault 354618
[ 1462.555610][T17525] pgmajfault 0
[ 1462.555610][T17525] workingset_refault 0
[ 1462.555610][T17525] workingset_activate 0
[ 1462.555610][T17525] workingset_nodereclaim 0
[ 1462.555610][T17525] pgrefill 0
[ 1462.555610][T17525] pgscan 0
[ 1462.555610][T17525] pgsteal 0
[ 1462.650160][T17525] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8603,uid=0
[ 1462.666591][T17525] Memory cgroup out of memory: Killed process 8603 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35788kB, shmem-rss:11480kB
[ 1462.686927][ T1056] oom_reaper: reaped process 8603 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:11480kB
[ 1462.695056][T17524] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1462.710616][T17524] CPU: 1 PID: 17524 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1462.718253][T17524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1462.728326][T17524] Call Trace:
[ 1462.731620][T17524]  dump_stack+0x1d8/0x2f8
[ 1462.735950][T17524]  dump_header+0xd8/0x970
[ 1462.740301][T17524]  oom_kill_process+0xcd/0x320
[ 1462.745065][T17524]  out_of_memory+0x5e1/0x8a0
[ 1462.749655][T17524]  ? unregister_oom_notifier+0x20/0x20
[ 1462.755121][T17524]  ? __kasan_check_read+0x11/0x20
[ 1462.760165][T17524]  try_charge+0x134a/0x17b0
[ 1462.764676][T17524]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1462.770489][T17524]  ? rcu_lock_release+0x4/0x20
[ 1462.775247][T17524]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1462.780798][T17524]  ? memcg_kmem_put_cache+0x50/0x50
[ 1462.785995][T17524]  ? rcu_lock_release+0x15/0x20
[ 1462.790839][T17524]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1462.796425][T17524]  __memcg_kmem_charge+0x105/0x340
[ 1462.801538][T17524]  __alloc_pages_nodemask+0x377/0x790
[ 1462.806900][T17524]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1462.812427][T17524]  ? __put_page+0x12b/0x170
[ 1462.816915][T17524]  ? do_huge_pmd_anonymous_page+0xed2/0x1cf0
[ 1462.822878][T17524]  alloc_pages_current+0x2db/0x500
[ 1462.827972][T17524]  pte_alloc_one+0x1f/0x180
[ 1462.832457][T17524]  __pte_alloc+0x20/0x2f0
[ 1462.836769][T17524]  handle_mm_fault+0x54c4/0x6080
[ 1462.841709][T17524]  ? finish_fault+0x230/0x230
[ 1462.846383][T17524]  ? vmacache_find+0x566/0x5b0
[ 1462.851129][T17524]  ? vmacache_update+0xb7/0x120
[ 1462.855964][T17524]  do_user_addr_fault+0x589/0xaf0
[ 1462.860996][T17524]  __do_page_fault+0xd3/0x1f0
[ 1462.865666][T17524]  do_page_fault+0x99/0xb0
[ 1462.870062][T17524]  page_fault+0x39/0x40
[ 1462.874197][T17524] RIP: 0033:0x400644
[ 1462.878080][T17524] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 54 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
[ 1462.897709][T17524] RSP: 002b:00007ffefd19c310 EFLAGS: 00010202
[ 1462.903777][T17524] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000000000000000
[ 1462.911751][T17524] RDX: 0000000000000000 RSI: 000000002025c000 RDI: 0000000000000002
[ 1462.919716][T17524] RBP: 00000000007622f0 R08: 0000000000000000 R09: 0000000000000000
[ 1462.927696][T17524] R10: 0000000000439100 R11: 0000000000000012 R12: 00000000004c5c44
[ 1462.935863][T17524] R13: 000000000000012c R14: 00000000007622f8 R15: fffffffffffffffe
[ 1462.943898][T17524] memory: usage 203824kB, limit 0kB, failcnt 15
[ 1462.950171][T17524] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1462.957014][T17524] Memory cgroup stats for /syz4:
[ 1462.957076][T17524] anon 8540160
[ 1462.957076][T17524] file 188215296
[ 1462.957076][T17524] kernel_stack 720896
[ 1462.957076][T17524] slab 7991296
[ 1462.957076][T17524] sock 0
[ 1462.957076][T17524] shmem 188022784
[ 1462.957076][T17524] file_mapped 152875008
[ 1462.957076][T17524] file_dirty 0
[ 1462.957076][T17524] file_writeback 0
[ 1462.957076][T17524] anon_thp 6291456
[ 1462.957076][T17524] inactive_anon 152875008
[ 1462.957076][T17524] active_anon 43851776
[ 1462.957076][T17524] inactive_file 135168
[ 1462.957076][T17524] active_file 0
[ 1462.957076][T17524] unevictable 0
[ 1462.957076][T17524] slab_reclaimable 2973696
[ 1462.957076][T17524] slab_unreclaimable 5017600
[ 1462.957076][T17524] pgfault 354618
[ 1462.957076][T17524] pgmajfault 0
[ 1462.957076][T17524] workingset_refault 0
[ 1462.957076][T17524] workingset_activate 0
[ 1462.957076][T17524] workingset_nodereclaim 0
[ 1462.957076][T17524] pgrefill 0
[ 1462.957076][T17524] pgscan 0
[ 1462.957076][T17524] pgsteal 0
[ 1463.051430][T17524] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8519,uid=0
[ 1463.066906][T17524] Memory cgroup out of memory: Killed process 8519 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35788kB, shmem-rss:11480kB
[ 1463.081858][ T1056] oom_reaper: reaped process 8519 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:11480kB
[ 1463.096274][T17525] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1463.108967][T17525] CPU: 0 PID: 17525 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1463.116626][T17525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1463.126690][T17525] Call Trace:
[ 1463.130004][T17525]  dump_stack+0x1d8/0x2f8
[ 1463.134393][T17525]  dump_header+0xd8/0x970
[ 1463.138733][T17525]  oom_kill_process+0xcd/0x320
[ 1463.138745][T17525]  out_of_memory+0x5e1/0x8a0
[ 1463.138756][T17525]  ? unregister_oom_notifier+0x20/0x20
[ 1463.138772][T17525]  memory_max_write+0x537/0x6a0
[ 1463.138791][T17525]  ? memory_max_show+0xa0/0xa0
[ 1463.138807][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1463.138824][T17525]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1463.148157][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1463.148171][T17525]  ? retint_kernel+0x10/0x10
[ 1463.148180][T17525]  ? memory_max_show+0xa0/0xa0
[ 1463.148191][T17525]  cgroup_file_write+0x27b/0x6e0
[ 1463.148208][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1463.156064][T17560] IPVS: ftp: loaded support on port[0] = 21
[ 1463.158489][T17525]  ? kernfs_fop_write+0x349/0x4f0
[ 1463.158501][T17525]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1463.158510][T17525]  kernfs_fop_write+0x3e4/0x4f0
[ 1463.158521][T17525]  ? kernfs_fop_read+0x580/0x580
[ 1463.158533][T17525]  __vfs_write+0xf9/0x7d0
[ 1463.158548][T17525]  ? rcu_irq_exit+0xe3/0x260
[ 1463.168746][T17525]  ? __kernel_write+0x350/0x350
[ 1463.168771][T17525]  ? __sb_start_write+0x39c/0x440
[ 1463.168791][T17525]  vfs_write+0x275/0x590
[ 1463.168807][T17525]  ksys_write+0x16b/0x2a0
[ 1463.168819][T17525]  ? __ia32_sys_read+0x90/0x90
[ 1463.179838][T17525]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1463.179855][T17525]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1463.179866][T17525]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1463.179875][T17525]  ? do_syscall_64+0x1d/0x140
[ 1463.179888][T17525]  __x64_sys_write+0x7b/0x90
[ 1463.179904][T17525]  do_syscall_64+0xfe/0x140
[ 1463.189244][T17525]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1463.189255][T17525] RIP: 0033:0x459829
[ 1463.189265][T17525] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1463.189271][T17525] RSP: 002b:00007f5cf6807c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1463.189281][T17525] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1463.189293][T17525] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1463.199320][T17525] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1463.199326][T17525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5cf68086d4
[ 1463.199331][T17525] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1463.199659][T17525] memory: usage 203708kB, limit 0kB, failcnt 16
[ 1463.210428][T17525] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1463.210463][T17525] Memory cgroup stats for /syz4:
[ 1463.213934][T17525] anon 8540160
[ 1463.213934][T17525] file 188215296
[ 1463.213934][T17525] kernel_stack 720896
[ 1463.213934][T17525] slab 7991296
[ 1463.213934][T17525] sock 0
[ 1463.213934][T17525] shmem 188022784
[ 1463.213934][T17525] file_mapped 152875008
[ 1463.213934][T17525] file_dirty 0
[ 1463.213934][T17525] file_writeback 0
[ 1463.213934][T17525] anon_thp 6291456
[ 1463.213934][T17525] inactive_anon 152875008
[ 1463.213934][T17525] active_anon 43716608
[ 1463.213934][T17525] inactive_file 135168
[ 1463.213934][T17525] active_file 0
[ 1463.213934][T17525] unevictable 0
[ 1463.213934][T17525] slab_reclaimable 2973696
[ 1463.213934][T17525] slab_unreclaimable 5017600
[ 1463.213934][T17525] pgfault 354618
[ 1463.213934][T17525] pgmajfault 0
[ 1463.213934][T17525] workingset_refault 0
[ 1463.213934][T17525] workingset_activate 0
[ 1463.213934][T17525] workingset_nodereclaim 0
[ 1463.213934][T17525] pgrefill 0
[ 1463.213934][T17525] pgscan 0
[ 1463.213934][T17525] pgsteal 0
[ 1463.220589][T17525] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8435,uid=0
[ 1463.231126][T17525] Memory cgroup out of memory: Killed process 8435 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35788kB, shmem-rss:11480kB
[ 1463.597258][ T1056] oom_reaper: reaped process 8435 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:11480kB
[ 1463.665812][T17560] chnl_net:caif_netlink_parms(): no params data found
[ 1463.753447][T17560] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1463.760653][T17560] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1463.769169][T17560] device bridge_slave_0 entered promiscuous mode
[ 1463.784195][T17560] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1463.791311][T17560] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1463.799611][T17560] device bridge_slave_1 entered promiscuous mode
[ 1463.837306][T17560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1463.855876][T17560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1463.915456][T17560] team0: Port device team_slave_0 added
[ 1463.930375][T17560] team0: Port device team_slave_1 added
14:30:19 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:19 executing program 3:
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040))

14:30:19 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'})

14:30:19 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x100000000000000})

14:30:19 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x11})

[ 1464.004931][T17560] device hsr_slave_0 entered promiscuous mode
[ 1464.042216][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1464.054282][ T8193] CPU: 0 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1464.061832][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1464.071891][ T8193] Call Trace:
[ 1464.075184][ T8193]  dump_stack+0x1d8/0x2f8
[ 1464.077990][T17560] device hsr_slave_1 entered promiscuous mode
[ 1464.079512][ T8193]  dump_header+0xd8/0x970
[ 1464.079526][ T8193]  oom_kill_process+0xcd/0x320
[ 1464.079540][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1464.099245][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1464.104709][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1464.109749][ T8193]  try_charge+0x134a/0x17b0
[ 1464.114251][ T8193]  ? rmqueue+0x2248/0x2810
[ 1464.118665][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1464.123704][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1464.129518][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1464.129537][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1464.129551][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1464.139931][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1464.139942][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1464.139954][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1464.139969][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1464.139991][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1464.140006][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1464.177268][ T8193]  ? copy_process+0x599/0x5a00
[ 1464.182037][ T8193]  copy_process+0x620/0x5a00
[ 1464.186714][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1464.191395][ T8193]  ? __rwlock_init+0x130/0x130
[ 1464.196158][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1464.201533][ T8193]  ? fork_idle+0x290/0x290
[ 1464.205964][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1464.211005][ T8193]  ? lock_acquire+0x158/0x250
[ 1464.215682][ T8193]  _do_fork+0x179/0x630
[ 1464.215695][ T8193]  ? dup_mm+0x340/0x340
[ 1464.215716][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1464.224004][ T8193]  ? _copy_to_user+0x104/0x150
[ 1464.233830][ T8193]  ? put_timespec64+0x106/0x150
[ 1464.238684][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1464.243282][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1464.248049][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1464.248062][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1464.248076][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1464.248091][ T8193]  do_syscall_64+0xfe/0x140
[ 1464.248107][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1464.258848][ T8193] RIP: 0033:0x457dfa
[ 1464.258859][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1464.258865][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1464.258875][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1464.258881][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1464.258887][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1464.258899][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1464.338706][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1464.347538][ T8193] memory: usage 177816kB, limit 0kB, failcnt 27
[ 1464.353834][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1464.360742][ T8193] Memory cgroup stats for /syz4:
[ 1464.360827][ T8193] anon 6205440
[ 1464.360827][ T8193] file 164876288
[ 1464.360827][ T8193] kernel_stack 589824
[ 1464.360827][ T8193] slab 7991296
[ 1464.360827][ T8193] sock 0
[ 1464.360827][ T8193] shmem 164679680
[ 1464.360827][ T8193] file_mapped 129490944
[ 1464.360827][ T8193] file_dirty 0
[ 1464.360827][ T8193] file_writeback 0
[ 1464.360827][ T8193] anon_thp 4194304
[ 1464.360827][ T8193] inactive_anon 129490944
[ 1464.360827][ T8193] active_anon 41496576
[ 1464.360827][ T8193] inactive_file 135168
[ 1464.360827][ T8193] active_file 0
[ 1464.360827][ T8193] unevictable 0
[ 1464.360827][ T8193] slab_reclaimable 2973696
[ 1464.360827][ T8193] slab_unreclaimable 5017600
[ 1464.360827][ T8193] pgfault 354651
[ 1464.360827][ T8193] pgmajfault 0
[ 1464.360827][ T8193] workingset_refault 0
[ 1464.360827][ T8193] workingset_activate 0
[ 1464.360827][ T8193] workingset_nodereclaim 0
[ 1464.360827][ T8193] pgrefill 0
[ 1464.360827][ T8193] pgscan 0
[ 1464.360827][ T8193] pgsteal 0
[ 1464.455011][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8270,uid=0
[ 1464.470457][ T8193] Memory cgroup out of memory: Killed process 8270 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35788kB, shmem-rss:11480kB
[ 1464.487354][ T1056] oom_reaper: reaped process 8270 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:11480kB
[ 1464.527892][T17560] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1464.530019][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1464.547210][ T8193] CPU: 0 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1464.554081][T17560] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1464.554750][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1464.554756][ T8193] Call Trace:
[ 1464.554776][ T8193]  dump_stack+0x1d8/0x2f8
[ 1464.554798][ T8193]  dump_header+0xd8/0x970
[ 1464.561960][T17560] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1464.571956][ T8193]  oom_kill_process+0xcd/0x320
[ 1464.571969][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1464.571988][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1464.572006][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1464.575434][T17560] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1464.579596][ T8193]  try_charge+0x134a/0x17b0
[ 1464.579608][ T8193]  ? rmqueue+0x2248/0x2810
[ 1464.579624][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1464.583972][T17560] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1464.591143][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1464.591166][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1464.649565][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1464.655122][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1464.660839][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1464.665700][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1464.671246][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1464.676385][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1464.681768][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1464.687309][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1464.693029][ T8193]  ? copy_process+0x599/0x5a00
[ 1464.697799][ T8193]  copy_process+0x620/0x5a00
[ 1464.702393][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1464.706158][T17560] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1464.711145][ T8193]  ? __rwlock_init+0x130/0x130
[ 1464.711158][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1464.711175][ T8193]  ? fork_idle+0x290/0x290
[ 1464.732280][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1464.737331][ T8193]  ? lock_acquire+0x158/0x250
[ 1464.742016][ T8193]  _do_fork+0x179/0x630
[ 1464.746180][ T8193]  ? dup_mm+0x340/0x340
[ 1464.749864][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1464.750343][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1464.762545][ T8193]  ? _copy_to_user+0x104/0x150
[ 1464.767304][ T8193]  ? put_timespec64+0x106/0x150
[ 1464.772154][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1464.776794][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1464.781643][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1464.786700][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1464.792464][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1464.797152][ T8193]  do_syscall_64+0xfe/0x140
[ 1464.801684][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1464.807579][ T8193] RIP: 0033:0x457dfa
[ 1464.811475][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1464.831090][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1464.839515][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1464.847492][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1464.855467][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1464.863447][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1464.871421][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1464.880058][ T8193] memory: usage 173252kB, limit 0kB, failcnt 33
[ 1464.886312][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1464.893241][ T8193] Memory cgroup stats for /syz4:
[ 1464.893337][ T8193] anon 6062080
[ 1464.893337][ T8193] file 161230848
[ 1464.893337][ T8193] kernel_stack 589824
[ 1464.893337][ T8193] slab 7380992
[ 1464.893337][ T8193] sock 0
[ 1464.893337][ T8193] shmem 161034240
[ 1464.893337][ T8193] file_mapped 117731328
[ 1464.893337][ T8193] file_dirty 0
[ 1464.893337][ T8193] file_writeback 0
[ 1464.893337][ T8193] anon_thp 4194304
[ 1464.893337][ T8193] inactive_anon 117731328
[ 1464.893337][ T8193] active_anon 49471488
[ 1464.893337][ T8193] inactive_file 135168
[ 1464.893337][ T8193] active_file 0
[ 1464.893337][ T8193] unevictable 0
[ 1464.893337][ T8193] slab_reclaimable 2973696
[ 1464.893337][ T8193] slab_unreclaimable 4407296
[ 1464.893337][ T8193] pgfault 354651
[ 1464.893337][ T8193] pgmajfault 0
[ 1464.893337][ T8193] workingset_refault 0
[ 1464.893337][ T8193] workingset_activate 0
[ 1464.893337][ T8193] workingset_nodereclaim 0
[ 1464.893337][ T8193] pgrefill 0
[ 1464.893337][ T8193] pgscan 0
[ 1464.893337][ T8193] pgsteal 0
[ 1464.987529][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8060,uid=0
[ 1464.987671][ T8193] Memory cgroup out of memory: Killed process 8060 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35788kB, shmem-rss:11480kB
[ 1464.990491][ T1056] oom_reaper: reaped process 8060 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:11480kB
[ 1465.008536][T31107] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1465.046706][T31107] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1465.050904][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1465.065675][ T8193] CPU: 0 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1465.073229][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1465.083289][ T8193] Call Trace:
[ 1465.086598][ T8193]  dump_stack+0x1d8/0x2f8
[ 1465.090937][ T8193]  dump_header+0xd8/0x970
[ 1465.095274][ T8193]  oom_kill_process+0xcd/0x320
[ 1465.100042][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1465.104638][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1465.110098][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1465.115123][ T8193]  try_charge+0x134a/0x17b0
[ 1465.119628][ T8193]  ? rmqueue+0x2248/0x2810
[ 1465.124116][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1465.129128][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1465.134923][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1465.139676][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1465.145203][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1465.150378][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1465.155228][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1465.160751][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1465.165870][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1465.171231][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1465.176754][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1465.182452][ T8193]  ? copy_process+0x599/0x5a00
[ 1465.187202][ T8193]  copy_process+0x620/0x5a00
[ 1465.191775][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1465.196459][ T8193]  ? __rwlock_init+0x130/0x130
[ 1465.201205][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1465.206556][ T8193]  ? fork_idle+0x290/0x290
[ 1465.210953][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1465.215965][ T8193]  ? lock_acquire+0x158/0x250
[ 1465.220622][ T8193]  _do_fork+0x179/0x630
[ 1465.224765][ T8193]  ? dup_mm+0x340/0x340
[ 1465.228898][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1465.233898][ T8193]  ? _copy_to_user+0x104/0x150
[ 1465.238653][ T8193]  ? put_timespec64+0x106/0x150
[ 1465.243673][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1465.248240][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1465.252978][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1465.257997][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1465.263705][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1465.268372][ T8193]  do_syscall_64+0xfe/0x140
[ 1465.272854][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1465.278734][ T8193] RIP: 0033:0x457dfa
[ 1465.282603][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1465.302189][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1465.310582][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1465.318537][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1465.326506][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1465.334458][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1465.342408][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1465.350754][ T8193] memory: usage 153608kB, limit 0kB, failcnt 39
[ 1465.357000][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1465.363903][ T8193] Memory cgroup stats for /syz4:
[ 1465.364010][ T8193] anon 5922816
[ 1465.364010][ T8193] file 141406208
[ 1465.364010][ T8193] kernel_stack 524288
[ 1465.364010][ T8193] slab 7380992
[ 1465.364010][ T8193] sock 0
[ 1465.364010][ T8193] shmem 141209600
[ 1465.364010][ T8193] file_mapped 105971712
[ 1465.364010][ T8193] file_dirty 0
[ 1465.364010][ T8193] file_writeback 0
[ 1465.364010][ T8193] anon_thp 4194304
[ 1465.364010][ T8193] inactive_anon 105971712
[ 1465.364010][ T8193] active_anon 41226240
[ 1465.364010][ T8193] inactive_file 135168
[ 1465.364010][ T8193] active_file 0
[ 1465.364010][ T8193] unevictable 0
[ 1465.364010][ T8193] slab_reclaimable 2973696
[ 1465.364010][ T8193] slab_unreclaimable 4407296
[ 1465.364010][ T8193] pgfault 354651
[ 1465.364010][ T8193] pgmajfault 0
[ 1465.364010][ T8193] workingset_refault 0
[ 1465.364010][ T8193] workingset_activate 0
[ 1465.364010][ T8193] workingset_nodereclaim 0
[ 1465.364010][ T8193] pgrefill 0
[ 1465.364010][ T8193] pgscan 0
[ 1465.364010][ T8193] pgsteal 0
[ 1465.458253][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7344,uid=0
[ 1465.473688][ T8193] Memory cgroup out of memory: Killed process 7344 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35788kB, shmem-rss:11480kB
[ 1465.489729][ T1056] oom_reaper: reaped process 7344 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:11480kB
[ 1465.490096][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1465.513990][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1465.525896][ T8193] CPU: 0 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1465.533442][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1465.543502][ T8193] Call Trace:
[ 1465.546807][ T8193]  dump_stack+0x1d8/0x2f8
[ 1465.551131][ T8193]  dump_header+0xd8/0x970
[ 1465.555437][ T8193]  oom_kill_process+0xcd/0x320
[ 1465.560181][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1465.564748][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1465.570184][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1465.575198][ T8193]  try_charge+0x134a/0x17b0
[ 1465.579677][ T8193]  ? rmqueue+0x2248/0x2810
[ 1465.584068][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1465.589079][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1465.594863][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1465.599603][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1465.605133][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1465.610321][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1465.615161][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1465.620699][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1465.627090][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1465.632488][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1465.638018][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1465.643718][ T8193]  ? copy_process+0x599/0x5a00
[ 1465.648461][ T8193]  copy_process+0x620/0x5a00
[ 1465.653028][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1465.657689][ T8193]  ? __rwlock_init+0x130/0x130
[ 1465.662425][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1465.667774][ T8193]  ? fork_idle+0x290/0x290
[ 1465.672166][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1465.677178][ T8193]  ? lock_acquire+0x158/0x250
[ 1465.681832][ T8193]  _do_fork+0x179/0x630
[ 1465.685960][ T8193]  ? dup_mm+0x340/0x340
[ 1465.690098][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1465.695095][ T8193]  ? _copy_to_user+0x104/0x150
[ 1465.699835][ T8193]  ? put_timespec64+0x106/0x150
[ 1465.704663][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1465.709421][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1465.714174][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1465.719197][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1465.724896][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1465.729575][ T8193]  do_syscall_64+0xfe/0x140
[ 1465.734057][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1465.739949][ T8193] RIP: 0033:0x457dfa
[ 1465.743837][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1465.763420][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1465.772329][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1465.780297][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1465.788249][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1465.796201][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1465.804155][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1465.812337][ T8193] memory: usage 141816kB, limit 0kB, failcnt 45
[ 1465.818637][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1465.825497][ T8193] Memory cgroup stats for /syz4:
[ 1465.825611][ T8193] anon 5787648
[ 1465.825611][ T8193] file 129650688
[ 1465.825611][ T8193] kernel_stack 524288
[ 1465.825611][ T8193] slab 7380992
[ 1465.825611][ T8193] sock 0
[ 1465.825611][ T8193] shmem 129454080
[ 1465.825611][ T8193] file_mapped 94212096
[ 1465.825611][ T8193] file_dirty 0
[ 1465.825611][ T8193] file_writeback 0
[ 1465.825611][ T8193] anon_thp 4194304
[ 1465.825611][ T8193] inactive_anon 94212096
[ 1465.825611][ T8193] active_anon 41091072
[ 1465.825611][ T8193] inactive_file 135168
[ 1465.825611][ T8193] active_file 0
[ 1465.825611][ T8193] unevictable 0
[ 1465.825611][ T8193] slab_reclaimable 2973696
[ 1465.825611][ T8193] slab_unreclaimable 4407296
[ 1465.825611][ T8193] pgfault 354651
[ 1465.825611][ T8193] pgmajfault 0
[ 1465.825611][ T8193] workingset_refault 0
[ 1465.825611][ T8193] workingset_activate 0
[ 1465.825611][ T8193] workingset_nodereclaim 0
[ 1465.825611][ T8193] pgrefill 0
[ 1465.825611][ T8193] pgscan 0
[ 1465.825611][ T8193] pgsteal 0
[ 1465.919874][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8805,uid=0
[ 1465.935301][ T8193] Memory cgroup out of memory: Killed process 8805 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35784kB, shmem-rss:11480kB
[ 1465.950798][ T1056] oom_reaper: reaped process 8805 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:11480kB
[ 1465.954234][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1465.974472][ T8193] CPU: 1 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1465.982024][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1465.992085][ T8193] Call Trace:
[ 1465.995380][ T8193]  dump_stack+0x1d8/0x2f8
[ 1465.999714][ T8193]  dump_header+0xd8/0x970
[ 1466.004046][ T8193]  oom_kill_process+0xcd/0x320
[ 1466.008905][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1466.013505][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1466.018969][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1466.024029][ T8193]  try_charge+0x134a/0x17b0
[ 1466.028540][ T8193]  ? rmqueue+0x2248/0x2810
[ 1466.032957][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1466.037986][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1466.043789][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1466.048555][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1466.054112][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1466.059299][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1466.064225][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1466.069752][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1466.074842][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1466.080203][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1466.085756][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1466.091500][ T8193]  ? copy_process+0x599/0x5a00
[ 1466.096331][ T8193]  copy_process+0x620/0x5a00
[ 1466.100917][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1466.105762][ T8193]  ? __rwlock_init+0x130/0x130
[ 1466.110517][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1466.115873][ T8193]  ? fork_idle+0x290/0x290
[ 1466.120288][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1466.125318][ T8193]  ? lock_acquire+0x158/0x250
[ 1466.130005][ T8193]  _do_fork+0x179/0x630
[ 1466.134144][ T8193]  ? dup_mm+0x340/0x340
[ 1466.138293][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1466.143310][ T8193]  ? _copy_to_user+0x104/0x150
[ 1466.148159][ T8193]  ? put_timespec64+0x106/0x150
[ 1466.153005][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1466.157573][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1466.162333][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1466.167363][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1466.173062][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1466.177730][ T8193]  do_syscall_64+0xfe/0x140
[ 1466.182232][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1466.188130][ T8193] RIP: 0033:0x457dfa
[ 1466.192013][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1466.211622][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1466.220028][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1466.228002][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1466.235971][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1466.243925][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1466.251885][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1466.259975][ T8193] memory: usage 130024kB, limit 0kB, failcnt 51
[ 1466.266223][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1466.273134][ T8193] Memory cgroup stats for /syz4:
[ 1466.273223][ T8193] anon 5648384
[ 1466.273223][ T8193] file 117854208
[ 1466.273223][ T8193] kernel_stack 458752
[ 1466.273223][ T8193] slab 7380992
[ 1466.273223][ T8193] sock 0
[ 1466.273223][ T8193] shmem 117657600
[ 1466.273223][ T8193] file_mapped 82452480
[ 1466.273223][ T8193] file_dirty 0
[ 1466.273223][ T8193] file_writeback 0
[ 1466.273223][ T8193] anon_thp 4194304
[ 1466.273223][ T8193] inactive_anon 82452480
[ 1466.273223][ T8193] active_anon 41091072
[ 1466.273223][ T8193] inactive_file 135168
[ 1466.273223][ T8193] active_file 0
[ 1466.273223][ T8193] unevictable 0
[ 1466.273223][ T8193] slab_reclaimable 2973696
[ 1466.273223][ T8193] slab_unreclaimable 4407296
[ 1466.273223][ T8193] pgfault 354651
[ 1466.273223][ T8193] pgmajfault 0
[ 1466.273223][ T8193] workingset_refault 0
[ 1466.273223][ T8193] workingset_activate 0
[ 1466.273223][ T8193] workingset_nodereclaim 0
[ 1466.273223][ T8193] pgrefill 0
[ 1466.273223][ T8193] pgscan 0
[ 1466.273223][ T8193] pgsteal 0
[ 1466.367249][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8760,uid=0
[ 1466.382668][ T8193] Memory cgroup out of memory: Killed process 8760 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35784kB, shmem-rss:11480kB
[ 1466.398047][ T1056] oom_reaper: reaped process 8760 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:11480kB
[ 1466.413336][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1466.425347][ T8193] CPU: 0 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1466.432902][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1466.442965][ T8193] Call Trace:
[ 1466.446376][ T8193]  dump_stack+0x1d8/0x2f8
[ 1466.450712][ T8193]  dump_header+0xd8/0x970
[ 1466.455041][ T8193]  oom_kill_process+0xcd/0x320
[ 1466.459861][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1466.464466][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1466.469930][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1466.474958][ T8193]  try_charge+0x134a/0x17b0
[ 1466.479484][ T8193]  ? rmqueue+0x2248/0x2810
[ 1466.483904][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1466.488998][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1466.494816][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1466.499587][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1466.505146][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1466.510365][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1466.515217][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1466.520765][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1466.525877][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1466.531265][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1466.536819][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1466.542547][ T8193]  ? copy_process+0x599/0x5a00
[ 1466.547318][ T8193]  copy_process+0x620/0x5a00
[ 1466.551917][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1466.556601][ T8193]  ? __rwlock_init+0x130/0x130
[ 1466.561372][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1466.566768][ T8193]  ? fork_idle+0x290/0x290
[ 1466.571193][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1466.576213][ T8193]  ? lock_acquire+0x158/0x250
[ 1466.580885][ T8193]  _do_fork+0x179/0x630
[ 1466.585037][ T8193]  ? dup_mm+0x340/0x340
[ 1466.589212][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1466.594244][ T8193]  ? _copy_to_user+0x104/0x150
[ 1466.599020][ T8193]  ? put_timespec64+0x106/0x150
[ 1466.603878][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1466.608484][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1466.613265][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1466.618293][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1466.624030][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1466.628717][ T8193]  do_syscall_64+0xfe/0x140
[ 1466.633225][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1466.639119][ T8193] RIP: 0033:0x457dfa
[ 1466.643010][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1466.662601][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1466.672290][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1466.683892][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1466.691851][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1466.699819][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1466.707769][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1466.715995][ T8193] memory: usage 118232kB, limit 0kB, failcnt 57
[ 1466.722319][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1466.729289][ T8193] Memory cgroup stats for /syz4:
[ 1466.729384][ T8193] anon 5509120
[ 1466.729384][ T8193] file 106098688
[ 1466.729384][ T8193] kernel_stack 393216
[ 1466.729384][ T8193] slab 7380992
[ 1466.729384][ T8193] sock 0
[ 1466.729384][ T8193] shmem 105902080
[ 1466.729384][ T8193] file_mapped 70692864
[ 1466.729384][ T8193] file_dirty 0
[ 1466.729384][ T8193] file_writeback 0
[ 1466.729384][ T8193] anon_thp 4194304
[ 1466.729384][ T8193] inactive_anon 70692864
[ 1466.729384][ T8193] active_anon 40955904
[ 1466.729384][ T8193] inactive_file 135168
[ 1466.729384][ T8193] active_file 0
[ 1466.729384][ T8193] unevictable 0
[ 1466.729384][ T8193] slab_reclaimable 2973696
[ 1466.729384][ T8193] slab_unreclaimable 4407296
[ 1466.729384][ T8193] pgfault 354651
[ 1466.729384][ T8193] pgmajfault 0
[ 1466.729384][ T8193] workingset_refault 0
[ 1466.729384][ T8193] workingset_activate 0
[ 1466.729384][ T8193] workingset_nodereclaim 0
[ 1466.729384][ T8193] pgrefill 0
[ 1466.729384][ T8193] pgscan 0
[ 1466.729384][ T8193] pgsteal 0
[ 1466.823458][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8725,uid=0
[ 1466.839012][ T8193] Memory cgroup out of memory: Killed process 8725 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35784kB, shmem-rss:11480kB
[ 1466.855716][ T1056] oom_reaper: reaped process 8725 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:11480kB
[ 1466.878195][T17560] 8021q: adding VLAN 0 to HW filter on device team0
[ 1466.890605][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1466.899682][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1466.908076][T31107] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1466.915136][T31107] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1466.920388][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1466.934265][ T8193] CPU: 0 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1466.941785][T17560] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1466.952830][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1466.952836][ T8193] Call Trace:
[ 1466.952856][ T8193]  dump_stack+0x1d8/0x2f8
[ 1466.952871][ T8193]  dump_header+0xd8/0x970
[ 1466.952887][ T8193]  oom_kill_process+0xcd/0x320
[ 1466.962979][T17560] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1466.966229][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1466.972341][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1466.974874][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1466.980170][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1466.989956][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1466.989976][ T8193]  try_charge+0x134a/0x17b0
[ 1466.989996][ T8193]  ? rmqueue+0x2248/0x2810
[ 1466.994957][T31107] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1467.002638][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1467.002668][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1467.008164][T31107] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1467.016121][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1467.021604][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1467.025608][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1467.030835][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1467.037017][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1467.042833][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1467.047810][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1467.047823][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1467.047838][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1467.055858][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1467.059810][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1467.059824][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1467.059835][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1467.059856][ T8193]  ? copy_process+0x599/0x5a00
[ 1467.068574][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1467.073325][ T8193]  copy_process+0x620/0x5a00
[ 1467.082107][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1467.086388][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1467.095056][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1467.099118][ T8193]  ? __rwlock_init+0x130/0x130
[ 1467.099136][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1467.105186][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1467.109778][ T8193]  ? fork_idle+0x290/0x290
[ 1467.109797][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1467.109811][ T8193]  ? lock_acquire+0x158/0x250
[ 1467.118435][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1467.122966][ T8193]  _do_fork+0x179/0x630
[ 1467.129053][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1467.134207][ T8193]  ? dup_mm+0x340/0x340
[ 1467.149814][T17560] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1467.151423][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1467.163900][ T8193]  ? _copy_to_user+0x104/0x150
[ 1467.172609][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1467.176448][ T8193]  ? put_timespec64+0x106/0x150
[ 1467.182566][T31107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1467.189496][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1467.189512][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1467.189527][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1467.198939][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1467.198954][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1467.211403][ T8193]  do_syscall_64+0xfe/0x140
[ 1467.211418][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1467.211428][ T8193] RIP: 0033:0x457dfa
[ 1467.211444][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1467.223300][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1467.223311][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1467.223317][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1467.223322][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1467.223328][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1467.223333][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1467.223734][ T8193] memory: usage 109428kB, limit 0kB, failcnt 63
[ 1467.234286][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1467.244088][ T8193] Memory cgroup stats for /syz4:
[ 1467.244193][ T8193] anon 5509120
[ 1467.244193][ T8193] file 97517568
[ 1467.244193][ T8193] kernel_stack 393216
[ 1467.244193][ T8193] slab 7380992
[ 1467.244193][ T8193] sock 0
[ 1467.244193][ T8193] shmem 97320960
[ 1467.244193][ T8193] file_mapped 58933248
[ 1467.244193][ T8193] file_dirty 0
[ 1467.244193][ T8193] file_writeback 0
[ 1467.244193][ T8193] anon_thp 4194304
[ 1467.244193][ T8193] inactive_anon 58933248
[ 1467.244193][ T8193] active_anon 43794432
[ 1467.244193][ T8193] inactive_file 135168
[ 1467.244193][ T8193] active_file 0
[ 1467.244193][ T8193] unevictable 0
[ 1467.244193][ T8193] slab_reclaimable 2973696
[ 1467.244193][ T8193] slab_unreclaimable 4407296
[ 1467.244193][ T8193] pgfault 354651
[ 1467.244193][ T8193] pgmajfault 0
[ 1467.244193][ T8193] workingset_refault 0
[ 1467.244193][ T8193] workingset_activate 0
[ 1467.244193][ T8193] workingset_nodereclaim 0
[ 1467.244193][ T8193] pgrefill 0
[ 1467.244193][ T8193] pgscan 0
[ 1467.244193][ T8193] pgsteal 0
[ 1467.477368][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8682,uid=0
[ 1467.492769][ T8193] Memory cgroup out of memory: Killed process 8682 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35784kB, shmem-rss:11480kB
[ 1467.508434][ T1056] oom_reaper: reaped process 8682 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:11480kB
[ 1467.531248][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1467.543272][ T8193] CPU: 0 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1467.550909][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1467.560969][ T8193] Call Trace:
[ 1467.564276][ T8193]  dump_stack+0x1d8/0x2f8
[ 1467.568611][ T8193]  dump_header+0xd8/0x970
[ 1467.572940][ T8193]  oom_kill_process+0xcd/0x320
[ 1467.577707][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1467.582296][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1467.587751][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1467.592774][ T8193]  try_charge+0x134a/0x17b0
[ 1467.597275][ T8193]  ? rmqueue+0x2248/0x2810
[ 1467.601693][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1467.606839][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1467.612670][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1467.617451][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1467.623255][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1467.628464][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1467.633309][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1467.638944][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1467.644057][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1467.649440][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1467.654988][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1467.660687][ T8193]  ? copy_process+0x599/0x5a00
[ 1467.665429][ T8193]  copy_process+0x620/0x5a00
[ 1467.670017][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1467.674673][ T8193]  ? __rwlock_init+0x130/0x130
[ 1467.679416][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1467.684768][ T8193]  ? fork_idle+0x290/0x290
[ 1467.689168][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1467.694184][ T8193]  ? lock_acquire+0x158/0x250
[ 1467.698838][ T8193]  _do_fork+0x179/0x630
[ 1467.702970][ T8193]  ? dup_mm+0x340/0x340
[ 1467.707104][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1467.712104][ T8193]  ? _copy_to_user+0x104/0x150
[ 1467.716848][ T8193]  ? put_timespec64+0x106/0x150
[ 1467.721694][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1467.726272][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1467.731012][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1467.736033][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1467.741739][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1467.746480][ T8193]  do_syscall_64+0xfe/0x140
[ 1467.750965][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1467.756837][ T8193] RIP: 0033:0x457dfa
[ 1467.760735][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1467.780813][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1467.789219][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1467.797174][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1467.805127][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1467.813082][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1467.821059][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1467.829223][ T8193] memory: usage 94628kB, limit 0kB, failcnt 69
[ 1467.835381][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1467.842307][ T8193] Memory cgroup stats for /syz4:
[ 1467.842414][ T8193] anon 5349376
[ 1467.842414][ T8193] file 82628608
[ 1467.842414][ T8193] kernel_stack 327680
[ 1467.842414][ T8193] slab 7380992
[ 1467.842414][ T8193] sock 0
[ 1467.842414][ T8193] shmem 82432000
[ 1467.842414][ T8193] file_mapped 47173632
[ 1467.842414][ T8193] file_dirty 0
[ 1467.842414][ T8193] file_writeback 0
[ 1467.842414][ T8193] anon_thp 4194304
[ 1467.842414][ T8193] inactive_anon 47173632
[ 1467.842414][ T8193] active_anon 40550400
[ 1467.842414][ T8193] inactive_file 135168
[ 1467.842414][ T8193] active_file 0
[ 1467.842414][ T8193] unevictable 0
[ 1467.842414][ T8193] slab_reclaimable 2973696
[ 1467.842414][ T8193] slab_unreclaimable 4407296
[ 1467.842414][ T8193] pgfault 354651
[ 1467.842414][ T8193] pgmajfault 0
[ 1467.842414][ T8193] workingset_refault 0
[ 1467.842414][ T8193] workingset_activate 0
[ 1467.842414][ T8193] workingset_nodereclaim 0
[ 1467.842414][ T8193] pgrefill 0
[ 1467.842414][ T8193] pgscan 0
[ 1467.842414][ T8193] pgsteal 0
[ 1467.936208][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8647,uid=0
[ 1467.951646][ T8193] Memory cgroup out of memory: Killed process 8647 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35784kB, shmem-rss:11480kB
[ 1467.968646][ T1056] oom_reaper: reaped process 8647 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:11480kB
[ 1467.970049][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1467.991913][ T8193] CPU: 0 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1467.999454][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1468.009505][ T8193] Call Trace:
[ 1468.012802][ T8193]  dump_stack+0x1d8/0x2f8
[ 1468.017133][ T8193]  dump_header+0xd8/0x970
[ 1468.021464][ T8193]  oom_kill_process+0xcd/0x320
[ 1468.026218][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1468.030785][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1468.036246][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1468.041342][ T8193]  try_charge+0x134a/0x17b0
[ 1468.045837][ T8193]  ? rmqueue+0x2248/0x2810
[ 1468.050237][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1468.055252][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1468.061111][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1468.065946][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1468.071474][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1468.076658][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1468.081488][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1468.087022][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1468.092126][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1468.097476][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1468.103005][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1468.108703][ T8193]  ? copy_process+0x599/0x5a00
[ 1468.113471][ T8193]  copy_process+0x620/0x5a00
[ 1468.118069][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1468.122728][ T8193]  ? __rwlock_init+0x130/0x130
[ 1468.127472][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1468.132923][ T8193]  ? fork_idle+0x290/0x290
[ 1468.137319][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1468.142318][ T8193]  ? lock_acquire+0x158/0x250
[ 1468.146969][ T8193]  _do_fork+0x179/0x630
[ 1468.151110][ T8193]  ? dup_mm+0x340/0x340
[ 1468.155253][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1468.160253][ T8193]  ? _copy_to_user+0x104/0x150
[ 1468.164997][ T8193]  ? put_timespec64+0x106/0x150
[ 1468.169836][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1468.174405][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1468.179148][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1468.184147][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1468.189864][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1468.194527][ T8193]  do_syscall_64+0xfe/0x140
[ 1468.199017][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1468.204882][ T8193] RIP: 0033:0x457dfa
[ 1468.208778][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1468.228377][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1468.236767][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1468.244723][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1468.252762][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1468.260717][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1468.268678][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1468.276836][ T8193] memory: usage 82836kB, limit 0kB, failcnt 75
[ 1468.283049][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1468.289953][ T8193] Memory cgroup stats for /syz4:
[ 1468.290061][ T8193] anon 5349376
[ 1468.290061][ T8193] file 70873088
[ 1468.290061][ T8193] kernel_stack 327680
[ 1468.290061][ T8193] slab 7380992
[ 1468.290061][ T8193] sock 0
[ 1468.290061][ T8193] shmem 70676480
[ 1468.290061][ T8193] file_mapped 35414016
[ 1468.290061][ T8193] file_dirty 0
[ 1468.290061][ T8193] file_writeback 0
[ 1468.290061][ T8193] anon_thp 4194304
[ 1468.290061][ T8193] inactive_anon 35414016
[ 1468.290061][ T8193] active_anon 40415232
[ 1468.290061][ T8193] inactive_file 135168
[ 1468.290061][ T8193] active_file 0
[ 1468.290061][ T8193] unevictable 0
[ 1468.290061][ T8193] slab_reclaimable 2973696
[ 1468.290061][ T8193] slab_unreclaimable 4407296
[ 1468.290061][ T8193] pgfault 354651
[ 1468.290061][ T8193] pgmajfault 0
[ 1468.290061][ T8193] workingset_refault 0
[ 1468.290061][ T8193] workingset_activate 0
[ 1468.290061][ T8193] workingset_nodereclaim 0
[ 1468.290061][ T8193] pgrefill 0
[ 1468.290061][ T8193] pgscan 0
[ 1468.290061][ T8193] pgsteal 0
[ 1468.383951][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8558,uid=0
[ 1468.399428][ T8193] Memory cgroup out of memory: Killed process 8558 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35784kB, shmem-rss:11480kB
[ 1468.418005][ T8193] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1468.418564][ T1056] oom_reaper: reaped process 8558 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:11480kB
[ 1468.429897][ T8193] CPU: 0 PID: 8193 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1468.429904][ T8193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1468.429909][ T8193] Call Trace:
[ 1468.429932][ T8193]  dump_stack+0x1d8/0x2f8
[ 1468.429947][ T8193]  dump_header+0xd8/0x970
[ 1468.429959][ T8193]  oom_kill_process+0xcd/0x320
[ 1468.429970][ T8193]  out_of_memory+0x5e1/0x8a0
[ 1468.429982][ T8193]  ? unregister_oom_notifier+0x20/0x20
[ 1468.430004][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1468.430021][ T8193]  try_charge+0x134a/0x17b0
[ 1468.430033][ T8193]  ? rmqueue+0x2248/0x2810
[ 1468.430048][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1468.430071][ T8193]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1468.448918][ T8193]  ? rcu_lock_release+0x4/0x20
[ 1468.448937][ T8193]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1468.448951][ T8193]  ? memcg_kmem_put_cache+0x50/0x50
[ 1468.448962][ T8193]  ? rcu_lock_release+0x15/0x20
[ 1468.448971][ T8193]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1468.448997][ T8193]  __memcg_kmem_charge+0x105/0x340
[ 1468.462332][ T8193]  __alloc_pages_nodemask+0x377/0x790
[ 1468.470954][ T8193]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1468.470967][ T8193]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1468.470989][ T8193]  ? copy_process+0x599/0x5a00
[ 1468.471003][ T8193]  copy_process+0x620/0x5a00
[ 1468.480322][ T8193]  ? do_wp_page+0x12d0/0x1ce0
[ 1468.480341][ T8193]  ? __rwlock_init+0x130/0x130
[ 1468.480354][ T8193]  ? count_memcg_event_mm+0x300/0x300
[ 1468.491258][ T8193]  ? fork_idle+0x290/0x290
[ 1468.491277][ T8193]  ? __lock_acquire+0x4750/0x4750
[ 1468.500157][ T8193]  ? lock_acquire+0x158/0x250
[ 1468.500171][ T8193]  _do_fork+0x179/0x630
[ 1468.500182][ T8193]  ? dup_mm+0x340/0x340
[ 1468.500198][ T8193]  ? __kasan_check_read+0x11/0x20
[ 1468.510995][ T8193]  ? _copy_to_user+0x104/0x150
[ 1468.511010][ T8193]  ? put_timespec64+0x106/0x150
[ 1468.511027][ T8193]  ? ktime_get_raw+0xf0/0xf0
[ 1468.521315][ T8193]  __x64_sys_clone+0x247/0x2b0
[ 1468.521327][ T8193]  ? __ia32_sys_vfork+0x110/0x110
[ 1468.521339][ T8193]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1468.521353][ T8193]  ? do_syscall_64+0x1d/0x140
[ 1468.531373][ T8193]  do_syscall_64+0xfe/0x140
[ 1468.531387][ T8193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1468.531398][ T8193] RIP: 0033:0x457dfa
[ 1468.531412][ T8193] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1468.542026][ T8193] RSP: 002b:00007ffefd19c4b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1468.542037][ T8193] RAX: ffffffffffffffda RBX: 00007ffefd19c4b0 RCX: 0000000000457dfa
[ 1468.542043][ T8193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1468.542049][ T8193] RBP: 00007ffefd19c4f0 R08: 0000000000000001 R09: 000055555578e940
[ 1468.542055][ T8193] R10: 000055555578ec10 R11: 0000000000000246 R12: 0000000000000001
[ 1468.542066][ T8193] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffefd19c540
[ 1468.553597][ T8193] memory: usage 82720kB, limit 0kB, failcnt 81
[ 1468.563522][ T8193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1468.572806][ T8193] Memory cgroup stats for /syz4:
[ 1468.572909][ T8193] anon 5210112
[ 1468.572909][ T8193] file 70873088
[ 1468.572909][ T8193] kernel_stack 327680
[ 1468.572909][ T8193] slab 7380992
[ 1468.572909][ T8193] sock 0
[ 1468.572909][ T8193] shmem 70676480
[ 1468.572909][ T8193] file_mapped 35414016
[ 1468.572909][ T8193] file_dirty 0
[ 1468.572909][ T8193] file_writeback 0
[ 1468.572909][ T8193] anon_thp 4194304
[ 1468.572909][ T8193] inactive_anon 35414016
[ 1468.572909][ T8193] active_anon 40280064
[ 1468.572909][ T8193] inactive_file 135168
[ 1468.572909][ T8193] active_file 0
[ 1468.572909][ T8193] unevictable 0
[ 1468.572909][ T8193] slab_reclaimable 2973696
[ 1468.572909][ T8193] slab_unreclaimable 4407296
[ 1468.572909][ T8193] pgfault 354651
[ 1468.572909][ T8193] pgmajfault 0
[ 1468.572909][ T8193] workingset_refault 0
[ 1468.572909][ T8193] workingset_activate 0
[ 1468.572909][ T8193] workingset_nodereclaim 0
[ 1468.572909][ T8193] pgrefill 0
[ 1468.572909][ T8193] pgscan 0
[ 1468.572909][ T8193] pgsteal 0
[ 1468.582964][ T8193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8394,uid=0
[ 1468.592459][ T8193] Memory cgroup out of memory: Killed process 8394 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35784kB, shmem-rss:11480kB
[ 1468.730828][ T8193] Memory cgroup out of memory: Killed process 8170 (syz-executor.4) total-vm:72704kB, anon-rss:152kB, file-rss:35784kB, shmem-rss:11480kB
[ 1468.744336][ T1056] oom_reaper: reaped process 8170 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:11480kB
[ 1468.756317][ T8193] Memory cgroup out of memory: Killed process 4675 (syz-executor.4) total-vm:72836kB, anon-rss:2208kB, file-rss:35780kB, shmem-rss:0kB
[ 1468.912139][ T1056] oom_reaper: reaped process 4675 (syz-executor.4), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB
[ 1468.930663][ T8193] Memory cgroup out of memory: Killed process 7313 (syz-executor.4) total-vm:72572kB, anon-rss:2192kB, file-rss:35780kB, shmem-rss:0kB
[ 1468.946064][ T1056] oom_reaper: reaped process 7313 (syz-executor.4), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB
[ 1469.015937][ T8193] Memory cgroup out of memory: Killed process 8193 (syz-executor.4) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB
[ 1469.037047][ T1056] oom_reaper: reaped process 8193 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[ 1469.267749][T17585] oom_kill_process: 4 callbacks suppressed
[ 1469.267765][T17585] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1469.283867][T17585] CPU: 0 PID: 17585 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1469.291492][T17585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1469.301547][T17585] Call Trace:
[ 1469.304845][T17585]  dump_stack+0x1d8/0x2f8
[ 1469.309175][T17585]  dump_header+0xd8/0x970
[ 1469.313529][T17585]  oom_kill_process+0xcd/0x320
[ 1469.318315][T17585]  out_of_memory+0x5e1/0x8a0
[ 1469.322905][T17585]  ? unregister_oom_notifier+0x20/0x20
[ 1469.328367][T17585]  ? __kasan_check_read+0x11/0x20
[ 1469.333403][T17585]  try_charge+0x134a/0x17b0
[ 1469.337959][T17585]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1469.343806][T17585]  ? __lock_acquire+0x4750/0x4750
[ 1469.348828][T17585]  ? rcu_lock_release+0x15/0x20
[ 1469.353763][T17585]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1469.359315][T17585]  mem_cgroup_try_charge+0x216/0x560
[ 1469.364602][T17585]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1469.370217][T17585]  handle_mm_fault+0x31f3/0x6080
[ 1469.375154][T17585]  ? finish_fault+0x230/0x230
[ 1469.379814][T17585]  ? vmacache_find+0x566/0x5b0
[ 1469.384554][T17585]  ? vmacache_update+0xb7/0x120
[ 1469.389387][T17585]  do_user_addr_fault+0x589/0xaf0
[ 1469.394422][T17585]  __do_page_fault+0xd3/0x1f0
[ 1469.399095][T17585]  do_page_fault+0x99/0xb0
[ 1469.403505][T17585]  page_fault+0x39/0x40
[ 1469.407643][T17585] RIP: 0033:0x41116f
[ 1469.411519][T17585] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1469.432149][T17585] RSP: 002b:00007fffa0678e10 EFLAGS: 00010206
[ 1469.438195][T17585] RAX: 00007fe4285b9000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1469.446153][T17585] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1469.454132][T17585] RBP: 00007fffa0678ef0 R08: ffffffffffffffff R09: 0000000000000000
[ 1469.462084][T17585] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa0678fe0
[ 1469.470045][T17585] R13: 00007fe4285d9700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1469.478303][T17585] memory: usage 3576kB, limit 0kB, failcnt 489252
[ 1469.484728][T17585] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1469.491636][T17585] Memory cgroup stats for /syz2:
[ 1469.491720][T17585] anon 2117632
[ 1469.491720][T17585] file 274432
[ 1469.491720][T17585] kernel_stack 65536
[ 1469.491720][T17585] slab 1101824
[ 1469.491720][T17585] sock 0
[ 1469.491720][T17585] shmem 172032
[ 1469.491720][T17585] file_mapped 135168
[ 1469.491720][T17585] file_dirty 135168
[ 1469.491720][T17585] file_writeback 0
[ 1469.491720][T17585] anon_thp 2097152
[ 1469.491720][T17585] inactive_anon 135168
[ 1469.491720][T17585] active_anon 2117632
[ 1469.491720][T17585] inactive_file 135168
[ 1469.491720][T17585] active_file 135168
[ 1469.491720][T17585] unevictable 0
[ 1469.491720][T17585] slab_reclaimable 405504
[ 1469.491720][T17585] slab_unreclaimable 696320
[ 1469.491720][T17585] pgfault 191367
[ 1469.491720][T17585] pgmajfault 0
[ 1469.491720][T17585] workingset_refault 0
14:30:24 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:24 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00%\x00'})

14:30:24 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x12})

14:30:24 executing program 3:
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040))

14:30:24 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x200000000000000})

[ 1469.491720][T17585] workingset_activate 0
[ 1469.491720][T17585] workingset_nodereclaim 0
[ 1469.491720][T17585] pgrefill 0
[ 1469.491720][T17585] pgscan 0
[ 1469.491720][T17585] pgsteal 0
[ 1469.585538][T17585] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17585,uid=0
[ 1469.601061][T17585] Memory cgroup out of memory: Killed process 17585 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
14:30:24 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'})

[ 1469.634744][T17560] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1469.644859][T17560] CPU: 0 PID: 17560 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1469.652493][T17560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1469.662564][T17560] Call Trace:
[ 1469.665864][T17560]  dump_stack+0x1d8/0x2f8
[ 1469.670198][T17560]  dump_header+0xd8/0x970
[ 1469.674525][T17560]  oom_kill_process+0xcd/0x320
[ 1469.679290][T17560]  out_of_memory+0x5e1/0x8a0
14:30:24 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\\x00'})

[ 1469.683885][T17560]  ? unregister_oom_notifier+0x20/0x20
[ 1469.689348][T17560]  ? __kasan_check_read+0x11/0x20
[ 1469.694380][T17560]  try_charge+0x134a/0x17b0
[ 1469.698899][T17560]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1469.704712][T17560]  ? __lock_acquire+0x4750/0x4750
[ 1469.709745][T17560]  ? rcu_lock_release+0x15/0x20
[ 1469.714598][T17560]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1469.720145][T17560]  mem_cgroup_try_charge+0x216/0x560
[ 1469.725434][T17560]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1469.731067][T17560]  handle_mm_fault+0x31f3/0x6080
[ 1469.736051][T17560]  ? finish_fault+0x230/0x230
[ 1469.740744][T17560]  ? vmacache_find+0x251/0x5b0
[ 1469.745522][T17560]  do_user_addr_fault+0x589/0xaf0
[ 1469.750555][T17560]  __do_page_fault+0xd3/0x1f0
[ 1469.755237][T17560]  do_page_fault+0x99/0xb0
[ 1469.759651][T17560]  page_fault+0x39/0x40
[ 1469.764257][T17560] RIP: 0033:0x4034f2
[ 1469.764271][T17560] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1469.787830][T17560] RSP: 002b:00007fffa0677fc0 EFLAGS: 00010246
[ 1469.793896][T17560] RAX: 0000000000000000 RBX: 0000000000166b1b RCX: 0000000000413430
[ 1469.801861][T17560] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffa06790f0
[ 1469.809829][T17560] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555571dd940
[ 1469.817799][T17560] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa06790f0
[ 1469.817806][T17560] R13: 00007fffa06790e0 R14: 0000000000000000 R15: 00007fffa06790f0
[ 1469.818012][T17560] memory: usage 1252kB, limit 0kB, failcnt 489261
[ 1469.833829][T17560] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1469.833834][T17560] Memory cgroup stats for /syz2:
[ 1469.833917][T17560] anon 0
[ 1469.833917][T17560] file 274432
[ 1469.833917][T17560] kernel_stack 0
[ 1469.833917][T17560] slab 1101824
[ 1469.833917][T17560] sock 0
[ 1469.833917][T17560] shmem 172032
[ 1469.833917][T17560] file_mapped 135168
[ 1469.833917][T17560] file_dirty 135168
[ 1469.833917][T17560] file_writeback 0
[ 1469.833917][T17560] anon_thp 0
[ 1469.833917][T17560] inactive_anon 135168
[ 1469.833917][T17560] active_anon 0
[ 1469.833917][T17560] inactive_file 135168
[ 1469.833917][T17560] active_file 135168
[ 1469.833917][T17560] unevictable 0
[ 1469.833917][T17560] slab_reclaimable 405504
[ 1469.833917][T17560] slab_unreclaimable 696320
[ 1469.833917][T17560] pgfault 191367
[ 1469.833917][T17560] pgmajfault 0
[ 1469.833917][T17560] workingset_refault 0
[ 1469.833917][T17560] workingset_activate 0
[ 1469.833917][T17560] workingset_nodereclaim 0
[ 1469.833917][T17560] pgrefill 0
[ 1469.833917][T17560] pgscan 0
[ 1469.833917][T17560] pgsteal 0
[ 1469.833917][T17560] pgactivate 0
[ 1469.833935][T17560] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17560,uid=0
[ 1469.958269][T17560] Memory cgroup out of memory: Killed process 17560 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB
[ 1469.979251][ T1056] oom_reaper: reaped process 17560 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:30:25 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:25 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:25 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x25})

14:30:25 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x300000000000000})

14:30:25 executing program 3:
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040))

14:30:26 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:26 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:26 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x5c})

14:30:26 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, 0x0)

14:30:26 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:26 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x400000000000000})

14:30:26 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x300})

14:30:26 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, 0x0)

14:30:26 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:26 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:26 executing program 3:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, 0x0)

14:30:26 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:26 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:27 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:30:27 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x500})

14:30:27 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

[ 1472.226462][T17649] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1472.236795][T17649] CPU: 0 PID: 17649 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1472.244436][T17649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1472.254502][T17649] Call Trace:
[ 1472.257815][T17649]  dump_stack+0x1d8/0x2f8
[ 1472.262168][T17649]  dump_header+0xd8/0x970
[ 1472.266509][T17649]  oom_kill_process+0xcd/0x320
[ 1472.271276][T17649]  out_of_memory+0x5e1/0x8a0
[ 1472.275872][T17649]  ? unregister_oom_notifier+0x20/0x20
[ 1472.281338][T17649]  ? __kasan_check_read+0x11/0x20
[ 1472.286369][T17649]  try_charge+0x134a/0x17b0
[ 1472.290894][T17649]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1472.296709][T17649]  ? __lock_acquire+0x4750/0x4750
[ 1472.301736][T17649]  ? rcu_lock_release+0x15/0x20
[ 1472.306586][T17649]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1472.312133][T17649]  mem_cgroup_try_charge+0x216/0x560
[ 1472.317417][T17649]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1472.323056][T17649]  handle_mm_fault+0x31f3/0x6080
[ 1472.328016][T17649]  ? finish_fault+0x230/0x230
[ 1472.332697][T17649]  ? vmacache_find+0x566/0x5b0
[ 1472.337451][T17649]  ? vmacache_update+0xb7/0x120
[ 1472.342301][T17649]  do_user_addr_fault+0x589/0xaf0
[ 1472.347332][T17649]  __do_page_fault+0xd3/0x1f0
[ 1472.352017][T17649]  do_page_fault+0x99/0xb0
[ 1472.356432][T17649]  page_fault+0x39/0x40
[ 1472.360583][T17649] RIP: 0033:0x41116f
[ 1472.364470][T17649] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1472.384079][T17649] RSP: 002b:00007ffeee7d5ee0 EFLAGS: 00010206
[ 1472.390142][T17649] RAX: 00007f8307e47000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1472.398112][T17649] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1472.406089][T17649] RBP: 00007ffeee7d5fc0 R08: ffffffffffffffff R09: 0000000000000000
[ 1472.414064][T17649] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeee7d60b0
[ 1472.422043][T17649] R13: 00007f8307e67700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1472.430272][T17649] memory: usage 6180kB, limit 0kB, failcnt 8
[ 1472.436272][T17649] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1472.443171][T17649] Memory cgroup stats for /syz3:
[ 1472.443267][T17649] anon 2191360
[ 1472.443267][T17649] file 0
[ 1472.443267][T17649] kernel_stack 65536
[ 1472.443267][T17649] slab 3846144
[ 1472.443267][T17649] sock 0
[ 1472.443267][T17649] shmem 0
[ 1472.443267][T17649] file_mapped 0
[ 1472.443267][T17649] file_dirty 0
[ 1472.443267][T17649] file_writeback 0
[ 1472.443267][T17649] anon_thp 2097152
[ 1472.443267][T17649] inactive_anon 0
[ 1472.443267][T17649] active_anon 2191360
[ 1472.443267][T17649] inactive_file 0
[ 1472.443267][T17649] active_file 0
[ 1472.443267][T17649] unevictable 0
[ 1472.443267][T17649] slab_reclaimable 1486848
[ 1472.443267][T17649] slab_unreclaimable 2359296
[ 1472.443267][T17649] pgfault 251229
[ 1472.443267][T17649] pgmajfault 0
[ 1472.443267][T17649] workingset_refault 0
[ 1472.443267][T17649] workingset_activate 0
[ 1472.443267][T17649] workingset_nodereclaim 0
[ 1472.443267][T17649] pgrefill 0
[ 1472.443267][T17649] pgscan 0
[ 1472.443267][T17649] pgsteal 0
[ 1472.443267][T17649] pgactivate 0
[ 1472.537382][T17649] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17649,uid=0
[ 1472.553062][T17649] Memory cgroup out of memory: Killed process 17649 (syz-executor.3) total-vm:72704kB, anon-rss:2156kB, file-rss:34816kB, shmem-rss:0kB
[ 1472.568893][ T1056] oom_reaper: reaped process 17649 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
[ 1473.198775][  T788] device bridge_slave_1 left promiscuous mode
[ 1473.205037][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1473.239758][  T788] device bridge_slave_0 left promiscuous mode
[ 1473.245929][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1475.108526][  T788] device hsr_slave_0 left promiscuous mode
[ 1475.158419][  T788] device hsr_slave_1 left promiscuous mode
[ 1475.204721][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1475.217681][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1475.228710][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1475.274256][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1475.337065][  T788] bond0 (unregistering): Released all slaves
[ 1475.438118][T17662] IPVS: ftp: loaded support on port[0] = 21
[ 1475.446339][T17664] IPVS: ftp: loaded support on port[0] = 21
[ 1475.556723][T17662] chnl_net:caif_netlink_parms(): no params data found
[ 1475.696186][T17662] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1475.703347][T17662] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1475.711444][T17662] device bridge_slave_0 entered promiscuous mode
[ 1475.718976][T17664] chnl_net:caif_netlink_parms(): no params data found
[ 1475.729214][T17662] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1475.736280][T17662] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1475.744310][T17662] device bridge_slave_1 entered promiscuous mode
[ 1475.777002][T17662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1475.800641][T17662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1475.810131][T17664] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1475.817190][T17664] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1475.825284][T17664] device bridge_slave_0 entered promiscuous mode
[ 1475.846329][T17662] team0: Port device team_slave_0 added
[ 1475.854727][T17662] team0: Port device team_slave_1 added
[ 1475.860941][T17664] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1475.868120][T17664] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1475.876135][T17664] device bridge_slave_1 entered promiscuous mode
[ 1476.053396][T17662] device hsr_slave_0 entered promiscuous mode
[ 1476.178235][T17662] device hsr_slave_1 entered promiscuous mode
[ 1476.307853][T17662] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1476.328697][T17664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1476.353038][T17662] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1476.360153][T17662] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1476.367507][T17662] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1476.374633][T17662] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1476.386014][T17664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1476.420056][T17664] team0: Port device team_slave_0 added
[ 1476.427100][T17664] team0: Port device team_slave_1 added
[ 1476.455960][ T2622] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1476.471952][ T2622] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1476.530500][T17664] device hsr_slave_0 entered promiscuous mode
[ 1476.608109][T17664] device hsr_slave_1 entered promiscuous mode
[ 1476.647788][T17664] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1476.689284][T17662] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1476.702485][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1476.710665][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1476.739150][T17662] 8021q: adding VLAN 0 to HW filter on device team0
[ 1476.780224][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1476.789199][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1476.797649][T17356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1476.804717][T17356] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1476.821170][T17664] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1476.840243][T17664] 8021q: adding VLAN 0 to HW filter on device team0
[ 1476.847318][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1476.856057][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1476.864770][T17356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1476.871868][T17356] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1476.879701][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1476.887426][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1476.895222][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1476.903700][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1476.918925][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1476.927519][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1476.936096][T13746] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1476.943278][T13746] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1476.950782][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1476.959517][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1476.967910][T13746] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1476.974965][T13746] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1476.982621][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1476.991351][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1477.004201][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1477.012242][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1477.020229][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1477.029696][T13746] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1477.053475][T17662] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1477.064197][T17662] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1477.076128][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1477.085211][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1477.094016][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1477.102531][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1477.111154][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1477.119630][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1477.138239][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1477.145922][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1477.154667][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1477.163087][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1477.171516][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1477.180023][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1477.188444][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1477.196607][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1477.204984][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1477.214692][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1477.225487][T17664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1477.250579][T17662] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1477.271591][T17664] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1477.494409][T17680] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1477.505367][T17680] CPU: 0 PID: 17680 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1477.513010][T17680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1477.523068][T17680] Call Trace:
[ 1477.526375][T17680]  dump_stack+0x1d8/0x2f8
[ 1477.530708][T17680]  dump_header+0xd8/0x970
[ 1477.535046][T17680]  oom_kill_process+0xcd/0x320
[ 1477.539905][T17680]  out_of_memory+0x5e1/0x8a0
[ 1477.544494][T17680]  ? unregister_oom_notifier+0x20/0x20
[ 1477.549961][T17680]  memory_max_write+0x537/0x6a0
[ 1477.554821][T17680]  ? memory_max_show+0xa0/0xa0
[ 1477.559593][T17680]  ? lock_acquire+0x1b2/0x250
[ 1477.564268][T17680]  ? memory_max_show+0xa0/0xa0
[ 1477.569035][T17680]  cgroup_file_write+0x27b/0x6e0
[ 1477.573983][T17680]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1477.579109][T17680]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1477.584225][T17680]  kernfs_fop_write+0x3e4/0x4f0
[ 1477.589104][T17680]  ? kernfs_fop_read+0x580/0x580
[ 1477.594045][T17680]  __vfs_write+0xf9/0x7d0
[ 1477.598377][T17680]  ? __kernel_write+0x350/0x350
[ 1477.603247][T17680]  ? __sb_start_write+0x39c/0x440
[ 1477.608274][T17680]  ? __kasan_check_read+0x11/0x20
[ 1477.613301][T17680]  vfs_write+0x275/0x590
[ 1477.617553][T17680]  ksys_write+0x16b/0x2a0
[ 1477.621889][T17680]  ? __ia32_sys_read+0x90/0x90
[ 1477.626674][T17680]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1477.632396][T17680]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1477.638118][T17680]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1477.643572][T17680]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1477.649286][T17680]  ? do_syscall_64+0x1d/0x140
[ 1477.653995][T17680]  __x64_sys_write+0x7b/0x90
[ 1477.658593][T17680]  do_syscall_64+0xfe/0x140
[ 1477.663100][T17680]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1477.668985][T17680] RIP: 0033:0x459829
[ 1477.672880][T17680] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1477.692485][T17680] RSP: 002b:00007f3185671c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1477.700983][T17680] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1477.708953][T17680] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1477.716920][T17680] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1477.724888][T17680] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f31856726d4
[ 1477.732854][T17680] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1477.752731][T17680] memory: usage 3596kB, limit 0kB, failcnt 489262
[ 1477.759348][T17680] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1477.767052][T17680] Memory cgroup stats for /syz2:
[ 1477.767771][T17680] anon 2121728
[ 1477.767771][T17680] file 274432
[ 1477.767771][T17680] kernel_stack 65536
[ 1477.767771][T17680] slab 1101824
[ 1477.767771][T17680] sock 0
[ 1477.767771][T17680] shmem 172032
[ 1477.767771][T17680] file_mapped 135168
[ 1477.767771][T17680] file_dirty 135168
[ 1477.767771][T17680] file_writeback 0
[ 1477.767771][T17680] anon_thp 2097152
[ 1477.767771][T17680] inactive_anon 135168
[ 1477.767771][T17680] active_anon 2121728
[ 1477.767771][T17680] inactive_file 135168
[ 1477.767771][T17680] active_file 135168
[ 1477.767771][T17680] unevictable 0
[ 1477.767771][T17680] slab_reclaimable 405504
[ 1477.767771][T17680] slab_unreclaimable 696320
[ 1477.767771][T17680] pgfault 191433
[ 1477.767771][T17680] pgmajfault 0
[ 1477.767771][T17680] workingset_refault 0
[ 1477.767771][T17680] workingset_activate 0
[ 1477.767771][T17680] workingset_nodereclaim 0
[ 1477.767771][T17680] pgrefill 0
[ 1477.767771][T17680] pgscan 0
[ 1477.767771][T17680] pgsteal 0
[ 1477.861563][T17680] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17678,uid=0
[ 1477.877400][T17680] Memory cgroup out of memory: Killed process 17678 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[ 1477.893724][ T1056] oom_reaper: reaped process 17678 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1477.897260][T17676] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1477.915059][T17676] CPU: 0 PID: 17676 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1477.922688][T17676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1477.932740][T17676] Call Trace:
[ 1477.936036][T17676]  dump_stack+0x1d8/0x2f8
[ 1477.940385][T17676]  dump_header+0xd8/0x970
[ 1477.944731][T17676]  oom_kill_process+0xcd/0x320
[ 1477.949496][T17676]  out_of_memory+0x5e1/0x8a0
[ 1477.954087][T17676]  ? unregister_oom_notifier+0x20/0x20
[ 1477.959544][T17676]  ? __kasan_check_read+0x11/0x20
[ 1477.964580][T17676]  try_charge+0x134a/0x17b0
[ 1477.969102][T17676]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1477.974940][T17676]  ? __lock_acquire+0x4750/0x4750
[ 1477.979966][T17676]  ? rcu_lock_release+0x15/0x20
[ 1477.984820][T17676]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1477.990363][T17676]  mem_cgroup_try_charge+0x216/0x560
[ 1477.995651][T17676]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1478.001281][T17676]  handle_mm_fault+0x31f3/0x6080
[ 1478.006228][T17676]  ? finish_fault+0x230/0x230
[ 1478.010909][T17676]  ? vmacache_find+0x566/0x5b0
[ 1478.015671][T17676]  ? vmacache_update+0xb7/0x120
[ 1478.020524][T17676]  do_user_addr_fault+0x589/0xaf0
[ 1478.025558][T17676]  __do_page_fault+0xd3/0x1f0
[ 1478.030238][T17676]  do_page_fault+0x99/0xb0
[ 1478.034652][T17676]  page_fault+0x39/0x40
[ 1478.038817][T17676] RIP: 0033:0x41116f
[ 1478.042711][T17676] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1478.062322][T17676] RSP: 002b:00007fffa1907280 EFLAGS: 00010206
[ 1478.068421][T17676] RAX: 00007f75b7ec8000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1478.076420][T17676] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1478.084394][T17676] RBP: 00007fffa1907360 R08: ffffffffffffffff R09: 0000000000000000
[ 1478.092363][T17676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa1907450
[ 1478.100336][T17676] R13: 00007f75b7ee8700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1478.108868][T17676] memory: usage 8584kB, limit 0kB, failcnt 116
[ 1478.115031][T17676] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1478.121935][T17676] Memory cgroup stats for /syz4:
[ 1478.122035][T17676] anon 2150400
[ 1478.122035][T17676] file 299008
[ 1478.122035][T17676] kernel_stack 65536
[ 1478.122035][T17676] slab 6283264
[ 1478.122035][T17676] sock 0
[ 1478.122035][T17676] shmem 102400
[ 1478.122035][T17676] file_mapped 135168
[ 1478.122035][T17676] file_dirty 0
[ 1478.122035][T17676] file_writeback 0
[ 1478.122035][T17676] anon_thp 2097152
[ 1478.122035][T17676] inactive_anon 135168
[ 1478.122035][T17676] active_anon 2170880
[ 1478.122035][T17676] inactive_file 135168
[ 1478.122035][T17676] active_file 0
[ 1478.122035][T17676] unevictable 0
[ 1478.122035][T17676] slab_reclaimable 2838528
[ 1478.122035][T17676] slab_unreclaimable 3444736
[ 1478.122035][T17676] pgfault 354684
[ 1478.122035][T17676] pgmajfault 0
[ 1478.122035][T17676] workingset_refault 0
[ 1478.122035][T17676] workingset_activate 0
[ 1478.122035][T17676] workingset_nodereclaim 0
[ 1478.122035][T17676] pgrefill 0
[ 1478.122035][T17676] pgscan 0
[ 1478.122035][T17676] pgsteal 0
[ 1478.122035][T17676] pgactivate 0
[ 1478.218190][T17676] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17676,uid=0
[ 1478.233714][T17676] Memory cgroup out of memory: Killed process 17676 (syz-executor.4) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[ 1478.249176][ T1056] oom_reaper: reaped process 17676 (syz-executor.4), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB
[ 1478.300333][T17664] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1478.310366][T17664] CPU: 0 PID: 17664 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1478.318013][T17664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1478.328075][T17664] Call Trace:
[ 1478.331375][T17664]  dump_stack+0x1d8/0x2f8
[ 1478.335708][T17664]  dump_header+0xd8/0x970
[ 1478.340047][T17664]  oom_kill_process+0xcd/0x320
[ 1478.344908][T17664]  out_of_memory+0x5e1/0x8a0
[ 1478.349498][T17664]  ? unregister_oom_notifier+0x20/0x20
[ 1478.354984][T17664]  ? __kasan_check_read+0x11/0x20
[ 1478.360026][T17664]  try_charge+0x134a/0x17b0
[ 1478.364548][T17664]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1478.370363][T17664]  ? __lock_acquire+0x4750/0x4750
[ 1478.375392][T17664]  ? rcu_lock_release+0x15/0x20
[ 1478.380244][T17664]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1478.385788][T17664]  mem_cgroup_try_charge+0x216/0x560
[ 1478.391079][T17664]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1478.396727][T17664]  wp_page_copy+0x367/0x18c0
[ 1478.401351][T17664]  ? rcu_lock_release+0x30/0x30
[ 1478.406203][T17664]  ? __lock_acquire+0x4750/0x4750
[ 1478.411234][T17664]  ? __kasan_check_read+0x11/0x20
[ 1478.416261][T17664]  ? do_raw_spin_unlock+0x49/0x260
[ 1478.421381][T17664]  do_wp_page+0x2c9/0x1ce0
[ 1478.425807][T17664]  ? __rwlock_init+0x130/0x130
[ 1478.430573][T17664]  ? count_memcg_event_mm+0x300/0x300
[ 1478.435951][T17664]  handle_mm_fault+0x2bcf/0x6080
[ 1478.440901][T17664]  ? finish_fault+0x230/0x230
[ 1478.445635][T17664]  ? vmacache_find+0x51b/0x5b0
[ 1478.450395][T17664]  ? vmacache_update+0xb7/0x120
[ 1478.455253][T17664]  do_user_addr_fault+0x589/0xaf0
[ 1478.460284][T17664]  __do_page_fault+0xd3/0x1f0
[ 1478.464963][T17664]  do_page_fault+0x99/0xb0
[ 1478.469385][T17664]  page_fault+0x39/0x40
[ 1478.473540][T17664] RIP: 0033:0x430906
[ 1478.477440][T17664] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1478.497051][T17664] RSP: 002b:00007ffca020d430 EFLAGS: 00010206
[ 1478.503124][T17664] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1478.511090][T17664] RDX: 000055555636e930 RSI: 0000555556376970 RDI: 0000000000000003
[ 1478.511097][T17664] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555636d940
[ 1478.511103][T17664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1478.511109][T17664] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1478.511765][T17664] memory: usage 1264kB, limit 0kB, failcnt 489279
[ 1478.527850][T17664] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1478.527861][T17664] Memory cgroup stats for /syz2:
[ 1478.527949][T17664] anon 20480
[ 1478.527949][T17664] file 274432
[ 1478.527949][T17664] kernel_stack 0
[ 1478.527949][T17664] slab 1101824
[ 1478.527949][T17664] sock 0
[ 1478.527949][T17664] shmem 172032
[ 1478.527949][T17664] file_mapped 135168
[ 1478.527949][T17664] file_dirty 135168
[ 1478.527949][T17664] file_writeback 0
[ 1478.527949][T17664] anon_thp 0
[ 1478.527949][T17664] inactive_anon 135168
[ 1478.527949][T17664] active_anon 20480
[ 1478.527949][T17664] inactive_file 135168
[ 1478.527949][T17664] active_file 135168
[ 1478.527949][T17664] unevictable 0
[ 1478.527949][T17664] slab_reclaimable 405504
[ 1478.527949][T17664] slab_unreclaimable 696320
[ 1478.527949][T17664] pgfault 191433
[ 1478.527949][T17664] pgmajfault 0
[ 1478.527949][T17664] workingset_refault 0
[ 1478.527949][T17664] workingset_activate 0
[ 1478.527949][T17664] workingset_nodereclaim 0
[ 1478.527949][T17664] pgrefill 0
[ 1478.527949][T17664] pgscan 0
[ 1478.527949][T17664] pgsteal 0
[ 1478.527949][T17664] pgactivate 0
[ 1478.543881][T17664] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17664,uid=0
[ 1478.557187][T17664] Memory cgroup out of memory: Killed process 17664 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB
[ 1478.654255][ T1056] oom_reaper: reaped process 17664 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
[ 1478.713645][T17662] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1478.724698][T17662] CPU: 0 PID: 17662 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1478.732414][T17662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1478.742474][T17662] Call Trace:
[ 1478.745776][T17662]  dump_stack+0x1d8/0x2f8
[ 1478.750112][T17662]  dump_header+0xd8/0x970
[ 1478.754453][T17662]  oom_kill_process+0xcd/0x320
[ 1478.759222][T17662]  out_of_memory+0x5e1/0x8a0
[ 1478.763809][T17662]  ? unregister_oom_notifier+0x20/0x20
[ 1478.769263][T17662]  ? __kasan_check_read+0x11/0x20
[ 1478.774293][T17662]  try_charge+0x134a/0x17b0
[ 1478.778815][T17662]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1478.784627][T17662]  ? __lock_acquire+0x4750/0x4750
[ 1478.784652][T17662]  ? rcu_lock_release+0x15/0x20
[ 1478.794497][T17662]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1478.800044][T17662]  mem_cgroup_try_charge+0x216/0x560
[ 1478.805338][T17662]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1478.810985][T17662]  wp_page_copy+0x367/0x18c0
[ 1478.815601][T17662]  ? rcu_lock_release+0x30/0x30
[ 1478.820457][T17662]  ? __lock_acquire+0x4750/0x4750
[ 1478.825496][T17662]  ? __kasan_check_read+0x11/0x20
[ 1478.830523][T17662]  ? do_raw_spin_unlock+0x49/0x260
[ 1478.835638][T17662]  do_wp_page+0x2c9/0x1ce0
[ 1478.840081][T17662]  ? __rwlock_init+0x130/0x130
[ 1478.844851][T17662]  ? count_memcg_event_mm+0x300/0x300
[ 1478.850232][T17662]  handle_mm_fault+0x2bcf/0x6080
[ 1478.855179][T17662]  ? finish_fault+0x230/0x230
[ 1478.859862][T17662]  ? vmacache_find+0x566/0x5b0
14:30:33 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:33 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:33 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x600})

14:30:33 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:30:33 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x500000000000000})

14:30:33 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:33 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x700})

[ 1478.864623][T17662]  ? vmacache_update+0xb7/0x120
[ 1478.869475][T17662]  do_user_addr_fault+0x589/0xaf0
[ 1478.874506][T17662]  __do_page_fault+0xd3/0x1f0
[ 1478.879186][T17662]  do_page_fault+0x99/0xb0
[ 1478.883600][T17662]  page_fault+0x39/0x40
[ 1478.887749][T17662] RIP: 0033:0x430906
[ 1478.891648][T17662] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1478.911258][T17662] RSP: 002b:00007fffa1906290 EFLAGS: 00010206
[ 1478.917324][T17662] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1478.925298][T17662] RDX: 0000555555754930 RSI: 000055555575c970 RDI: 0000000000000003
[ 1478.933269][T17662] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555753940
[ 1478.941234][T17662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1478.949206][T17662] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1478.958360][T17662] memory: usage 5724kB, limit 0kB, failcnt 129
14:30:34 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x900})

[ 1478.964524][T17662] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1478.971427][T17662] Memory cgroup stats for /syz4:
[ 1478.971508][T17662] anon 49152
[ 1478.971508][T17662] file 299008
[ 1478.971508][T17662] kernel_stack 65536
[ 1478.971508][T17662] slab 5804032
[ 1478.971508][T17662] sock 0
[ 1478.971508][T17662] shmem 102400
[ 1478.971508][T17662] file_mapped 135168
[ 1478.971508][T17662] file_dirty 0
[ 1478.971508][T17662] file_writeback 0
[ 1478.971508][T17662] anon_thp 0
[ 1478.971508][T17662] inactive_anon 135168
14:30:34 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

[ 1478.971508][T17662] active_anon 69632
[ 1478.971508][T17662] inactive_file 135168
[ 1478.971508][T17662] active_file 0
[ 1478.971508][T17662] unevictable 0
[ 1478.971508][T17662] slab_reclaimable 2838528
[ 1478.971508][T17662] slab_unreclaimable 2965504
[ 1478.971508][T17662] pgfault 354684
[ 1478.971508][T17662] pgmajfault 0
[ 1478.971508][T17662] workingset_refault 0
[ 1478.971508][T17662] workingset_activate 0
[ 1478.971508][T17662] workingset_nodereclaim 0
[ 1478.971508][T17662] pgrefill 0
[ 1478.971508][T17662] pgscan 0
[ 1478.971508][T17662] pgsteal 0
[ 1478.971508][T17662] pgactivate 0
[ 1479.066904][T17662] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17662,uid=0
[ 1479.066987][T17662] Memory cgroup out of memory: Killed process 17662 (syz-executor.4) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB
[ 1479.088117][ T8187] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[ 1479.108402][ T8187] CPU: 0 PID: 8187 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1479.116033][ T8187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1479.126092][ T8187] Call Trace:
[ 1479.129400][ T8187]  dump_stack+0x1d8/0x2f8
[ 1479.133736][ T8187]  dump_header+0xd8/0x970
[ 1479.138070][ T8187]  oom_kill_process+0xcd/0x320
[ 1479.142840][ T8187]  out_of_memory+0x5e1/0x8a0
[ 1479.147444][ T8187]  ? unregister_oom_notifier+0x20/0x20
[ 1479.152913][ T8187]  ? __kasan_check_read+0x11/0x20
[ 1479.157949][ T8187]  try_charge+0x134a/0x17b0
14:30:34 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xa00})

[ 1479.162465][ T8187]  ? rmqueue+0x2248/0x2810
[ 1479.166884][ T8187]  ? __lock_acquire+0x4750/0x4750
[ 1479.171927][ T8187]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1479.177746][ T8187]  ? rcu_lock_release+0x4/0x20
[ 1479.182515][ T8187]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1479.188071][ T8187]  ? memcg_kmem_put_cache+0x50/0x50
[ 1479.188082][ T8187]  ? rcu_lock_release+0x15/0x20
[ 1479.188092][ T8187]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1479.188104][ T8187]  __memcg_kmem_charge+0x105/0x340
[ 1479.188120][ T8187]  __alloc_pages_nodemask+0x377/0x790
[ 1479.188135][ T8187]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1479.219698][ T8187]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1479.225431][ T8187]  ? copy_process+0x599/0x5a00
[ 1479.230199][ T8187]  copy_process+0x620/0x5a00
[ 1479.234793][ T8187]  ? do_wp_page+0x12d0/0x1ce0
[ 1479.239478][ T8187]  ? __rwlock_init+0x130/0x130
[ 1479.244243][ T8187]  ? count_memcg_event_mm+0x300/0x300
[ 1479.249708][ T8187]  ? fork_idle+0x290/0x290
[ 1479.254128][ T8187]  ? __lock_acquire+0x4750/0x4750
[ 1479.254139][ T8187]  ? lock_acquire+0x158/0x250
14:30:34 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xb00})

[ 1479.254151][ T8187]  _do_fork+0x179/0x630
[ 1479.254167][ T8187]  ? dup_mm+0x340/0x340
[ 1479.263887][ T8187]  ? __kasan_check_read+0x11/0x20
[ 1479.277164][ T8187]  ? _copy_to_user+0x104/0x150
[ 1479.281933][ T8187]  ? put_timespec64+0x106/0x150
[ 1479.286794][ T8187]  ? ktime_get_raw+0xf0/0xf0
[ 1479.291389][ T8187]  __x64_sys_clone+0x247/0x2b0
[ 1479.296165][ T8187]  ? __ia32_sys_vfork+0x110/0x110
[ 1479.301192][ T8187]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1479.306916][ T8187]  ? do_syscall_64+0x1d/0x140
[ 1479.306933][ T8187]  do_syscall_64+0xfe/0x140
14:30:34 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

[ 1479.306948][ T8187]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1479.306963][ T8187] RIP: 0033:0x457dfa
[ 1479.316376][ T8187] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 1479.345709][ T8187] RSP: 002b:00007ffeee7d6130 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1479.354158][ T8187] RAX: ffffffffffffffda RBX: 00007ffeee7d6130 RCX: 0000000000457dfa
[ 1479.362126][ T8187] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1479.370103][ T8187] RBP: 00007ffeee7d6170 R08: 0000000000000001 R09: 00005555560b5940
[ 1479.378076][ T8187] R10: 00005555560b5c10 R11: 0000000000000246 R12: 0000000000000001
[ 1479.378083][ T8187] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffeee7d61c0
[ 1479.379151][ T8187] memory: usage 3716kB, limit 0kB, failcnt 21
[ 1479.394763][ T8187] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1479.407712][ T8187] Memory cgroup stats for /syz3:
[ 1479.407800][ T8187] anon 90112
[ 1479.407800][ T8187] file 0
[ 1479.407800][ T8187] kernel_stack 0
[ 1479.407800][ T8187] slab 3706880
[ 1479.407800][ T8187] sock 0
[ 1479.407800][ T8187] shmem 0
[ 1479.407800][ T8187] file_mapped 0
[ 1479.407800][ T8187] file_dirty 0
[ 1479.407800][ T8187] file_writeback 0
[ 1479.407800][ T8187] anon_thp 0
[ 1479.407800][ T8187] inactive_anon 0
[ 1479.407800][ T8187] active_anon 90112
[ 1479.407800][ T8187] inactive_file 0
[ 1479.407800][ T8187] active_file 0
[ 1479.407800][ T8187] unevictable 0
[ 1479.407800][ T8187] slab_reclaimable 1486848
[ 1479.407800][ T8187] slab_unreclaimable 2220032
[ 1479.407800][ T8187] pgfault 251229
[ 1479.407800][ T8187] pgmajfault 0
[ 1479.407800][ T8187] workingset_refault 0
[ 1479.407800][ T8187] workingset_activate 0
[ 1479.407800][ T8187] workingset_nodereclaim 0
[ 1479.407800][ T8187] pgrefill 0
[ 1479.407800][ T8187] pgscan 0
[ 1479.407800][ T8187] pgsteal 0
[ 1479.407800][ T8187] pgactivate 0
[ 1479.407800][ T8187] pgdeactivate 0
[ 1479.503975][ T8187] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=8187,uid=0
[ 1479.519492][ T8187] Memory cgroup out of memory: Killed process 8187 (syz-executor.3) total-vm:72440kB, anon-rss:108kB, file-rss:35776kB, shmem-rss:0kB
[ 1479.536409][ T1056] oom_reaper: reaped process 8187 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
14:30:35 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:35 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xc00})

14:30:35 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:35 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x600000000000000})

14:30:35 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:35 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:30:35 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:35 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xd00})

14:30:35 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:35 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)

14:30:35 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:35 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xe00})

14:30:35 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x1100})

14:30:35 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:35 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:36 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x700000000000000})

[ 1482.358207][T17747] IPVS: ftp: loaded support on port[0] = 21
[ 1482.422441][T17747] chnl_net:caif_netlink_parms(): no params data found
[ 1482.515222][T17747] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1482.522553][T17747] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1482.530526][T17747] device bridge_slave_0 entered promiscuous mode
[ 1482.538623][T17747] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1482.545698][T17747] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1482.553722][T17747] device bridge_slave_1 entered promiscuous mode
[ 1482.568583][T17747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1482.580111][T17747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1482.600060][  T788] device bridge_slave_1 left promiscuous mode
[ 1482.606283][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1482.648684][  T788] device bridge_slave_0 left promiscuous mode
[ 1482.654881][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1482.698971][  T788] device bridge_slave_1 left promiscuous mode
[ 1482.705257][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1482.738470][  T788] device bridge_slave_0 left promiscuous mode
[ 1482.744611][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1484.722473][  T788] device hsr_slave_0 left promiscuous mode
[ 1484.767819][  T788] device hsr_slave_1 left promiscuous mode
[ 1484.814642][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1484.828166][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1484.839836][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1484.872877][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1484.949944][  T788] bond0 (unregistering): Released all slaves
[ 1485.098297][  T788] device hsr_slave_0 left promiscuous mode
[ 1485.137833][  T788] device hsr_slave_1 left promiscuous mode
[ 1485.184719][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1485.197579][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1485.208849][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1485.254475][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1485.341743][  T788] bond0 (unregistering): Released all slaves
[ 1485.431525][T17747] team0: Port device team_slave_0 added
[ 1485.443786][T17751] IPVS: ftp: loaded support on port[0] = 21
[ 1485.443830][T17752] IPVS: ftp: loaded support on port[0] = 21
[ 1485.462947][T17747] team0: Port device team_slave_1 added
[ 1485.530595][T17747] device hsr_slave_0 entered promiscuous mode
[ 1485.588418][T17747] device hsr_slave_1 entered promiscuous mode
[ 1485.628283][T17747] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1485.781424][T17747] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1485.900730][T17752] chnl_net:caif_netlink_parms(): no params data found
[ 1485.910197][T17751] chnl_net:caif_netlink_parms(): no params data found
[ 1485.924436][T17747] 8021q: adding VLAN 0 to HW filter on device team0
[ 1485.933550][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1485.941443][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1485.998475][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1486.007324][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1486.016064][T17584] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1486.023302][T17584] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1486.031376][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1486.041075][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1486.049601][T17584] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1486.056680][T17584] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1486.064451][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1486.073525][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1486.130099][T17752] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1486.137227][T17752] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1486.145390][T17752] device bridge_slave_0 entered promiscuous mode
[ 1486.154594][T17747] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1486.165299][T17747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1486.183053][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1486.191317][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1486.200397][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1486.208975][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1486.217872][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1486.226494][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1486.235162][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1486.243728][T17752] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1486.250858][T17752] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1486.258924][T17752] device bridge_slave_1 entered promiscuous mode
[ 1486.265920][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1486.273952][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1486.282047][T17751] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1486.289182][T17751] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1486.297246][T17751] device bridge_slave_0 entered promiscuous mode
[ 1486.318003][T17747] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1486.325237][T17751] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1486.332462][T17751] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1486.340723][T17751] device bridge_slave_1 entered promiscuous mode
[ 1486.370868][T17752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1486.387370][T17752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1486.439159][T17752] team0: Port device team_slave_0 added
[ 1486.446843][T17751] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1486.463771][T17752] team0: Port device team_slave_1 added
[ 1486.480108][T17751] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1486.540428][T17751] team0: Port device team_slave_0 added
[ 1486.547775][T17751] team0: Port device team_slave_1 added
[ 1486.590935][T17752] device hsr_slave_0 entered promiscuous mode
[ 1486.693960][T17752] device hsr_slave_1 entered promiscuous mode
[ 1486.705499][T17760] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1486.717814][T17760] CPU: 0 PID: 17760 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1486.725445][T17760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1486.735506][T17760] Call Trace:
[ 1486.738802][T17760]  dump_stack+0x1d8/0x2f8
[ 1486.743136][T17760]  dump_header+0xd8/0x970
[ 1486.747465][T17760]  oom_kill_process+0xcd/0x320
[ 1486.752328][T17760]  out_of_memory+0x5e1/0x8a0
[ 1486.756912][T17760]  ? unregister_oom_notifier+0x20/0x20
[ 1486.762369][T17760]  ? __kasan_check_read+0x11/0x20
[ 1486.767400][T17760]  try_charge+0x134a/0x17b0
[ 1486.772034][T17760]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1486.777860][T17760]  ? rcu_lock_release+0x4/0x20
[ 1486.782633][T17760]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1486.788216][T17760]  ? memcg_kmem_put_cache+0x50/0x50
[ 1486.793418][T17760]  ? rcu_lock_release+0x15/0x20
[ 1486.798276][T17760]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1486.803831][T17760]  __memcg_kmem_charge+0x105/0x340
[ 1486.808958][T17760]  __alloc_pages_nodemask+0x377/0x790
[ 1486.814346][T17760]  ? gfp_pfmemalloc_allowed+0x130/0x130
[ 1486.819987][T17760]  ? __put_page+0x12b/0x170
[ 1486.824499][T17760]  ? do_huge_pmd_anonymous_page+0xed2/0x1cf0
[ 1486.830484][T17760]  alloc_pages_current+0x2db/0x500
[ 1486.835615][T17760]  pte_alloc_one+0x1f/0x180
[ 1486.840121][T17760]  __pte_alloc+0x20/0x2f0
[ 1486.844453][T17760]  handle_mm_fault+0x54c4/0x6080
[ 1486.849409][T17760]  ? finish_fault+0x230/0x230
[ 1486.854108][T17760]  ? vmacache_find+0x554/0x5b0
[ 1486.858883][T17760]  do_user_addr_fault+0x589/0xaf0
[ 1486.863930][T17760]  __do_page_fault+0xd3/0x1f0
[ 1486.868654][T17760]  do_page_fault+0x99/0xb0
[ 1486.873187][T17760]  page_fault+0x39/0x40
[ 1486.877529][T17760] RIP: 0033:0x400644
[ 1486.881734][T17760] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 54 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
[ 1486.901708][T17760] RSP: 002b:00007fff039e55b0 EFLAGS: 00010202
[ 1486.907781][T17760] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000000000000000
[ 1486.915845][T17760] RDX: 0000000000000000 RSI: 000000002025c000 RDI: 0000000000000002
[ 1486.923828][T17760] RBP: 00000000007623a0 R08: 0000000000000000 R09: 0000000000000000
[ 1486.931817][T17760] R10: 0000000000439100 R11: 0000000000000012 R12: 00000000004c5c44
[ 1486.939826][T17760] R13: 000000000000012c R14: 00000000007623a8 R15: fffffffffffffffe
[ 1486.948593][T17760] memory: usage 3624kB, limit 0kB, failcnt 489289
[ 1486.955032][T17760] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1486.961946][T17760] Memory cgroup stats for /syz2:
[ 1486.962067][T17760] anon 2179072
[ 1486.962067][T17760] file 274432
[ 1486.962067][T17760] kernel_stack 65536
[ 1486.962067][T17760] slab 1101824
[ 1486.962067][T17760] sock 0
[ 1486.962067][T17760] shmem 172032
[ 1486.962067][T17760] file_mapped 135168
[ 1486.962067][T17760] file_dirty 135168
[ 1486.962067][T17760] file_writeback 0
[ 1486.962067][T17760] anon_thp 2097152
[ 1486.962067][T17760] inactive_anon 135168
[ 1486.962067][T17760] active_anon 2179072
[ 1486.962067][T17760] inactive_file 135168
[ 1486.962067][T17760] active_file 135168
[ 1486.962067][T17760] unevictable 0
[ 1486.962067][T17760] slab_reclaimable 405504
[ 1486.962067][T17760] slab_unreclaimable 696320
[ 1486.962067][T17760] pgfault 191499
[ 1486.962067][T17760] pgmajfault 0
[ 1486.962067][T17760] workingset_refault 0
[ 1486.962067][T17760] workingset_activate 0
[ 1486.962067][T17760] workingset_nodereclaim 0
[ 1486.962067][T17760] pgrefill 0
[ 1486.962067][T17760] pgscan 0
[ 1486.962067][T17760] pgsteal 0
[ 1487.056084][T17760] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17760,uid=0
[ 1487.071634][T17760] Memory cgroup out of memory: Killed process 17760 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1487.086627][T17752] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1487.096955][ T1056] oom_reaper: reaped process 17760 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
14:30:42 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:42 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x1200})

14:30:42 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:42 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x800000000000000})

[ 1487.187439][T17747] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1487.197751][T17747] CPU: 1 PID: 17747 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1487.205398][T17747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1487.215486][T17747] Call Trace:
[ 1487.218813][T17747]  dump_stack+0x1d8/0x2f8
[ 1487.223152][T17747]  dump_header+0xd8/0x970
[ 1487.227486][T17747]  oom_kill_process+0xcd/0x320
[ 1487.232267][T17747]  out_of_memory+0x5e1/0x8a0
[ 1487.236863][T17747]  ? unregister_oom_notifier+0x20/0x20
[ 1487.242325][T17747]  ? __kasan_check_read+0x11/0x20
[ 1487.247358][T17747]  try_charge+0x134a/0x17b0
[ 1487.251895][T17747]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1487.257730][T17747]  ? __lock_acquire+0x4750/0x4750
[ 1487.262767][T17747]  ? rcu_lock_release+0x15/0x20
[ 1487.267650][T17747]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1487.273206][T17747]  mem_cgroup_try_charge+0x216/0x560
[ 1487.278521][T17747]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1487.284262][T17747]  wp_page_copy+0x367/0x18c0
[ 1487.288874][T17747]  ? rcu_lock_release+0x30/0x30
[ 1487.293745][T17747]  ? __lock_acquire+0x4750/0x4750
[ 1487.298782][T17747]  ? __kasan_check_read+0x11/0x20
[ 1487.303813][T17747]  ? do_raw_spin_unlock+0x49/0x260
[ 1487.308945][T17747]  do_wp_page+0x2c9/0x1ce0
[ 1487.313374][T17747]  ? __rwlock_init+0x130/0x130
[ 1487.318142][T17747]  ? count_memcg_event_mm+0x300/0x300
[ 1487.323532][T17747]  handle_mm_fault+0x2bcf/0x6080
[ 1487.328491][T17747]  ? finish_fault+0x230/0x230
[ 1487.333191][T17747]  ? vmacache_find+0x251/0x5b0
[ 1487.337967][T17747]  do_user_addr_fault+0x589/0xaf0
[ 1487.343012][T17747]  __do_page_fault+0xd3/0x1f0
[ 1487.347699][T17747]  do_page_fault+0x99/0xb0
[ 1487.352117][T17747]  page_fault+0x39/0x40
[ 1487.356272][T17747] RIP: 0033:0x430906
[ 1487.360160][T17747] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1487.360166][T17747] RSP: 002b:00007fff039e4510 EFLAGS: 00010206
[ 1487.360174][T17747] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1487.360180][T17747] RDX: 0000555557487930 RSI: 000055555748f970 RDI: 0000000000000003
[ 1487.360186][T17747] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557486940
[ 1487.360191][T17747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1487.360196][T17747] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1487.360267][T17747] memory: usage 1248kB, limit 0kB, failcnt 489304
[ 1487.386109][T17747] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1487.439775][T17747] Memory cgroup stats for /syz2:
[ 1487.439882][T17747] anon 90112
[ 1487.439882][T17747] file 274432
[ 1487.439882][T17747] kernel_stack 65536
[ 1487.439882][T17747] slab 1101824
[ 1487.439882][T17747] sock 0
[ 1487.439882][T17747] shmem 172032
[ 1487.439882][T17747] file_mapped 135168
[ 1487.439882][T17747] file_dirty 135168
[ 1487.439882][T17747] file_writeback 0
[ 1487.439882][T17747] anon_thp 0
[ 1487.439882][T17747] inactive_anon 135168
[ 1487.439882][T17747] active_anon 90112
[ 1487.439882][T17747] inactive_file 135168
[ 1487.439882][T17747] active_file 135168
[ 1487.439882][T17747] unevictable 0
[ 1487.439882][T17747] slab_reclaimable 405504
[ 1487.439882][T17747] slab_unreclaimable 696320
[ 1487.439882][T17747] pgfault 191499
[ 1487.439882][T17747] pgmajfault 0
[ 1487.439882][T17747] workingset_refault 0
[ 1487.439882][T17747] workingset_activate 0
[ 1487.439882][T17747] workingset_nodereclaim 0
[ 1487.439882][T17747] pgrefill 0
[ 1487.439882][T17747] pgscan 0
[ 1487.439882][T17747] pgsteal 0
[ 1487.439882][T17747] pgactivate 0
[ 1487.444845][T17747] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17747,uid=0
[ 1487.551708][T17747] Memory cgroup out of memory: Killed process 17747 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1487.567253][T17751] device hsr_slave_0 entered promiscuous mode
[ 1487.575701][ T1056] oom_reaper: reaped process 17747 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
[ 1487.674037][T17751] device hsr_slave_1 entered promiscuous mode
[ 1488.072973][T17751] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1488.265488][T17752] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1488.295152][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1488.303687][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1488.316454][T17752] 8021q: adding VLAN 0 to HW filter on device team0
[ 1488.347064][T17751] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1488.374286][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1488.384331][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1488.393035][T17582] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1488.401192][T17582] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1488.409469][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1488.418224][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1488.426723][T17582] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1488.434522][T17582] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1488.442345][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1488.451674][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1488.468365][T17751] 8021q: adding VLAN 0 to HW filter on device team0
[ 1488.476914][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1488.485237][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1488.493390][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1488.521895][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1488.531496][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1488.540285][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1488.550094][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1488.558767][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1488.567956][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1488.576655][T17584] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1488.584082][T17584] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1488.592232][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1488.601261][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1488.609809][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1488.618847][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1488.627539][T17584] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1488.635017][T17584] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1488.642934][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1488.651490][T17584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1488.664026][T17752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1488.674489][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1488.688411][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1488.696667][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1488.718009][T17752] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1488.748962][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1488.758692][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1488.767850][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1488.776683][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1488.785827][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1488.794717][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1488.803398][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1488.812328][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1488.820944][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1488.832458][T17751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1488.870948][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1488.907360][T17751] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1489.128342][T17781] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1489.139102][T17781] CPU: 1 PID: 17781 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1489.147010][T17781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1489.157467][T17781] Call Trace:
[ 1489.160877][T17781]  dump_stack+0x1d8/0x2f8
[ 1489.165232][T17781]  dump_header+0xd8/0x970
[ 1489.169580][T17781]  oom_kill_process+0xcd/0x320
[ 1489.174463][T17781]  out_of_memory+0x5e1/0x8a0
[ 1489.179187][T17781]  ? unregister_oom_notifier+0x20/0x20
[ 1489.184675][T17781]  memory_max_write+0x537/0x6a0
[ 1489.189544][T17781]  ? lock_acquire+0x1b2/0x250
[ 1489.194466][T17781]  ? memory_max_show+0xa0/0xa0
[ 1489.199256][T17781]  ? trace_lock_acquire+0x154/0x1b0
[ 1489.204816][T17781]  ? lock_acquire+0x158/0x250
[ 1489.209637][T17781]  ? kernfs_fop_write+0x22e/0x4f0
[ 1489.214908][T17781]  ? memory_max_show+0xa0/0xa0
[ 1489.219873][T17781]  cgroup_file_write+0x27b/0x6e0
[ 1489.225201][T17781]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1489.230335][T17781]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1489.235555][T17781]  kernfs_fop_write+0x3e4/0x4f0
[ 1489.240459][T17781]  ? kernfs_fop_read+0x580/0x580
[ 1489.245663][T17781]  __vfs_write+0xf9/0x7d0
[ 1489.250104][T17781]  ? retint_kernel+0x10/0x10
[ 1489.254719][T17781]  ? __kernel_write+0x350/0x350
[ 1489.259875][T17781]  ? lock_is_held_type+0x25c/0x2b0
[ 1489.265020][T17781]  ? __sb_start_write+0x39c/0x440
[ 1489.270156][T17781]  ? __kasan_check_read+0x11/0x20
[ 1489.275377][T17781]  vfs_write+0x275/0x590
[ 1489.279831][T17781]  ksys_write+0x16b/0x2a0
[ 1489.284608][T17781]  ? __ia32_sys_read+0x90/0x90
[ 1489.289386][T17781]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1489.295271][T17781]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1489.301035][T17781]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1489.310973][T17781]  ? do_syscall_64+0x1d/0x140
[ 1489.315933][T17781]  __x64_sys_write+0x7b/0x90
[ 1489.321283][T17781]  do_syscall_64+0xfe/0x140
[ 1489.326356][T17781]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1489.332638][T17781] RIP: 0033:0x459829
[ 1489.336777][T17781] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1489.360594][T17781] RSP: 002b:00007f033b6f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1489.369819][T17781] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1489.378534][T17781] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1489.387112][T17781] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1489.395361][T17781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f033b6f86d4
[ 1489.404526][T17781] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1489.413085][T17781] memory: usage 5804kB, limit 0kB, failcnt 34
[ 1489.419546][T17781] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1489.426604][T17781] Memory cgroup stats for /syz3:
[ 1489.429087][T17781] anon 2117632
[ 1489.429087][T17781] file 0
[ 1489.429087][T17781] kernel_stack 0
[ 1489.429087][T17781] slab 3567616
[ 1489.429087][T17781] sock 0
[ 1489.429087][T17781] shmem 0
[ 1489.429087][T17781] file_mapped 0
[ 1489.429087][T17781] file_dirty 0
[ 1489.429087][T17781] file_writeback 0
[ 1489.429087][T17781] anon_thp 2097152
[ 1489.429087][T17781] inactive_anon 0
[ 1489.429087][T17781] active_anon 2117632
[ 1489.429087][T17781] inactive_file 0
[ 1489.429087][T17781] active_file 0
[ 1489.429087][T17781] unevictable 0
[ 1489.429087][T17781] slab_reclaimable 1486848
[ 1489.429087][T17781] slab_unreclaimable 2080768
[ 1489.429087][T17781] pgfault 251295
[ 1489.429087][T17781] pgmajfault 0
[ 1489.429087][T17781] workingset_refault 0
[ 1489.429087][T17781] workingset_activate 0
[ 1489.429087][T17781] workingset_nodereclaim 0
[ 1489.429087][T17781] pgrefill 0
[ 1489.429087][T17781] pgscan 0
[ 1489.429087][T17781] pgsteal 0
[ 1489.429087][T17781] pgactivate 0
[ 1489.528522][T17781] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17779,uid=0
[ 1489.545821][T17781] Memory cgroup out of memory: Killed process 17779 (syz-executor.3) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[ 1489.564965][ T1056] oom_reaper: reaped process 17779 (syz-executor.3), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB
[ 1489.568187][T17786] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1489.587506][T17786] CPU: 1 PID: 17786 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1489.595161][T17786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1489.605480][T17786] Call Trace:
[ 1489.608802][T17786]  dump_stack+0x1d8/0x2f8
[ 1489.613161][T17786]  dump_header+0xd8/0x970
[ 1489.617707][T17786]  oom_kill_process+0xcd/0x320
[ 1489.622785][T17786]  out_of_memory+0x5e1/0x8a0
[ 1489.627689][T17786]  ? unregister_oom_notifier+0x20/0x20
[ 1489.633166][T17786]  ? __kasan_check_read+0x11/0x20
[ 1489.638211][T17786]  try_charge+0x134a/0x17b0
[ 1489.642836][T17786]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1489.648841][T17786]  ? __lock_acquire+0x4750/0x4750
[ 1489.654070][T17786]  ? rcu_lock_release+0x15/0x20
[ 1489.659369][T17786]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1489.665279][T17786]  mem_cgroup_try_charge+0x216/0x560
[ 1489.670588][T17786]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1489.676325][T17786]  handle_mm_fault+0x31f3/0x6080
[ 1489.681775][T17786]  ? finish_fault+0x230/0x230
[ 1489.686699][T17786]  ? vmacache_find+0x566/0x5b0
[ 1489.691810][T17786]  ? vmacache_update+0xb7/0x120
[ 1489.696896][T17786]  do_user_addr_fault+0x589/0xaf0
[ 1489.702070][T17786]  __do_page_fault+0xd3/0x1f0
[ 1489.707054][T17786]  do_page_fault+0x99/0xb0
[ 1489.711612][T17786]  page_fault+0x39/0x40
[ 1489.715934][T17786] RIP: 0033:0x41116f
[ 1489.719954][T17786] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1489.740323][T17786] RSP: 002b:00007ffc90d29920 EFLAGS: 00010206
[ 1489.746594][T17786] RAX: 00007f1af7087000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1489.754915][T17786] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1489.764988][T17786] RBP: 00007ffc90d29a00 R08: ffffffffffffffff R09: 0000000000000000
[ 1489.773572][T17786] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc90d29af0
[ 1489.782253][T17786] R13: 00007f1af70a7700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1489.791568][T17786] memory: usage 7576kB, limit 0kB, failcnt 138
[ 1489.798057][T17786] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1489.805293][T17786] Memory cgroup stats for /syz4:
[ 1489.805392][T17786] anon 2158592
[ 1489.805392][T17786] file 299008
[ 1489.805392][T17786] kernel_stack 65536
[ 1489.805392][T17786] slab 5292032
[ 1489.805392][T17786] sock 0
[ 1489.805392][T17786] shmem 102400
[ 1489.805392][T17786] file_mapped 135168
[ 1489.805392][T17786] file_dirty 0
[ 1489.805392][T17786] file_writeback 0
[ 1489.805392][T17786] anon_thp 2097152
[ 1489.805392][T17786] inactive_anon 135168
[ 1489.805392][T17786] active_anon 2158592
[ 1489.805392][T17786] inactive_file 135168
[ 1489.805392][T17786] active_file 0
[ 1489.805392][T17786] unevictable 0
[ 1489.805392][T17786] slab_reclaimable 2703360
[ 1489.805392][T17786] slab_unreclaimable 2588672
[ 1489.805392][T17786] pgfault 354750
[ 1489.805392][T17786] pgmajfault 0
[ 1489.805392][T17786] workingset_refault 0
[ 1489.805392][T17786] workingset_activate 0
[ 1489.805392][T17786] workingset_nodereclaim 0
[ 1489.805392][T17786] pgrefill 0
[ 1489.805392][T17786] pgscan 0
[ 1489.805392][T17786] pgsteal 0
[ 1489.805392][T17786] pgactivate 0
[ 1489.910299][T17786] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17786,uid=0
[ 1489.926080][T17786] Memory cgroup out of memory: Killed process 17786 (syz-executor.4) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1489.941919][ T1056] oom_reaper: reaped process 17786 (syz-executor.4), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
14:30:45 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)

14:30:45 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x2000})

14:30:45 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:45 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x900000000000000})

14:30:45 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:45 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)

[ 1489.995217][T17752] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1490.005794][T17752] CPU: 0 PID: 17752 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1490.013650][T17752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1490.024597][T17752] Call Trace:
[ 1490.028021][T17752]  dump_stack+0x1d8/0x2f8
[ 1490.032389][T17752]  dump_header+0xd8/0x970
[ 1490.036839][T17752]  oom_kill_process+0xcd/0x320
[ 1490.041646][T17752]  out_of_memory+0x5e1/0x8a0
[ 1490.046341][T17752]  ? unregister_oom_notifier+0x20/0x20
[ 1490.052005][T17752]  ? __kasan_check_read+0x11/0x20
[ 1490.057181][T17752]  try_charge+0x134a/0x17b0
[ 1490.061978][T17752]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1490.068203][T17752]  ? __lock_acquire+0x4750/0x4750
[ 1490.073337][T17752]  ? rcu_lock_release+0x15/0x20
[ 1490.078427][T17752]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1490.084137][T17752]  mem_cgroup_try_charge+0x216/0x560
[ 1490.089587][T17752]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1490.095234][T17752]  wp_page_copy+0x367/0x18c0
[ 1490.100093][T17752]  ? rcu_lock_release+0x30/0x30
[ 1490.105057][T17752]  ? __lock_acquire+0x4750/0x4750
[ 1490.110285][T17752]  ? __kasan_check_read+0x11/0x20
[ 1490.115917][T17752]  ? do_raw_spin_unlock+0x49/0x260
[ 1490.121301][T17752]  do_wp_page+0x2c9/0x1ce0
[ 1490.126069][T17752]  ? __rwlock_init+0x130/0x130
[ 1490.131389][T17752]  ? count_memcg_event_mm+0x300/0x300
[ 1490.136971][T17752]  handle_mm_fault+0x2bcf/0x6080
[ 1490.141954][T17752]  ? finish_fault+0x230/0x230
[ 1490.147235][T17752]  ? vmacache_find+0x50f/0x5b0
[ 1490.152110][T17752]  ? vmacache_update+0xb7/0x120
[ 1490.157253][T17752]  do_user_addr_fault+0x589/0xaf0
[ 1490.162480][T17752]  __do_page_fault+0xd3/0x1f0
[ 1490.167170][T17752]  do_page_fault+0x99/0xb0
[ 1490.171597][T17752]  page_fault+0x39/0x40
[ 1490.175763][T17752] RIP: 0033:0x430906
[ 1490.179902][T17752] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1490.200026][T17752] RSP: 002b:00007ffe58c50290 EFLAGS: 00010206
[ 1490.206287][T17752] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1490.214726][T17752] RDX: 0000555555ee5930 RSI: 0000555555eed970 RDI: 0000000000000003
[ 1490.223790][T17752] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555ee4940
[ 1490.231787][T17752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1490.240240][T17752] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1490.249195][T17752] memory: usage 3472kB, limit 0kB, failcnt 43
[ 1490.255546][T17752] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1490.263644][T17752] Memory cgroup stats for /syz3:
[ 1490.263738][T17752] anon 0
[ 1490.263738][T17752] file 0
[ 1490.263738][T17752] kernel_stack 0
[ 1490.263738][T17752] slab 3567616
[ 1490.263738][T17752] sock 0
[ 1490.263738][T17752] shmem 0
[ 1490.263738][T17752] file_mapped 0
[ 1490.263738][T17752] file_dirty 0
[ 1490.263738][T17752] file_writeback 0
[ 1490.263738][T17752] anon_thp 0
[ 1490.263738][T17752] inactive_anon 0
[ 1490.263738][T17752] active_anon 0
[ 1490.263738][T17752] inactive_file 0
[ 1490.263738][T17752] active_file 0
[ 1490.263738][T17752] unevictable 0
[ 1490.263738][T17752] slab_reclaimable 1486848
[ 1490.263738][T17752] slab_unreclaimable 2080768
[ 1490.263738][T17752] pgfault 251295
[ 1490.263738][T17752] pgmajfault 0
[ 1490.263738][T17752] workingset_refault 0
[ 1490.263738][T17752] workingset_activate 0
[ 1490.263738][T17752] workingset_nodereclaim 0
[ 1490.263738][T17752] pgrefill 0
[ 1490.263738][T17752] pgscan 0
[ 1490.263738][T17752] pgsteal 0
[ 1490.263738][T17752] pgactivate 0
[ 1490.263738][T17752] pgdeactivate 0
[ 1490.364930][T17752] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17752,uid=0
[ 1490.381227][T17752] Memory cgroup out of memory: Killed process 17752 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB
[ 1490.395674][T17751] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1490.407432][T17751] CPU: 1 PID: 17751 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1490.416007][ T1056] oom_reaper: reaped process 17752 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
[ 1490.427541][T17751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1490.438196][T17751] Call Trace:
[ 1490.441776][T17751]  dump_stack+0x1d8/0x2f8
[ 1490.446361][T17751]  dump_header+0xd8/0x970
[ 1490.450709][T17751]  oom_kill_process+0xcd/0x320
[ 1490.456190][T17751]  out_of_memory+0x5e1/0x8a0
[ 1490.461062][T17751]  ? unregister_oom_notifier+0x20/0x20
[ 1490.466867][T17751]  ? __kasan_check_read+0x11/0x20
[ 1490.472223][T17751]  try_charge+0x134a/0x17b0
[ 1490.477018][T17751]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1490.483592][T17751]  ? __lock_acquire+0x4750/0x4750
[ 1490.489102][T17751]  ? rcu_lock_release+0x15/0x20
[ 1490.494238][T17751]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1490.500314][T17751]  mem_cgroup_try_charge+0x216/0x560
[ 1490.505815][T17751]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1490.511865][T17751]  wp_page_copy+0x367/0x18c0
[ 1490.516478][T17751]  ? rcu_lock_release+0x30/0x30
[ 1490.521770][T17751]  ? __lock_acquire+0x4750/0x4750
[ 1490.526816][T17751]  ? __kasan_check_read+0x11/0x20
[ 1490.531855][T17751]  ? do_raw_spin_unlock+0x49/0x260
[ 1490.537736][T17751]  do_wp_page+0x2c9/0x1ce0
[ 1490.542581][T17751]  ? __rwlock_init+0x130/0x130
[ 1490.547446][T17751]  ? count_memcg_event_mm+0x300/0x300
[ 1490.552866][T17751]  handle_mm_fault+0x2bcf/0x6080
[ 1490.557941][T17751]  ? finish_fault+0x230/0x230
[ 1490.562799][T17751]  ? vmacache_find+0x251/0x5b0
[ 1490.567727][T17751]  do_user_addr_fault+0x589/0xaf0
[ 1490.572860][T17751]  __do_page_fault+0xd3/0x1f0
[ 1490.578794][T17751]  do_page_fault+0x99/0xb0
[ 1490.583495][T17751]  page_fault+0x39/0x40
[ 1490.588105][T17751] RIP: 0033:0x430906
[ 1490.592469][T17751] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1490.613845][T17751] RSP: 002b:00007ffc90d28930 EFLAGS: 00010206
[ 1490.619928][T17751] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1490.628694][T17751] RDX: 00005555570ea930 RSI: 00005555570f2970 RDI: 0000000000000003
[ 1490.637269][T17751] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555570e9940
[ 1490.646231][T17751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1490.654736][T17751] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1490.664750][T17751] memory: usage 5244kB, limit 0kB, failcnt 147
[ 1490.671413][T17751] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1490.678814][T17751] Memory cgroup stats for /syz4:
[ 1490.678906][T17751] anon 57344
[ 1490.678906][T17751] file 299008
[ 1490.678906][T17751] kernel_stack 0
[ 1490.678906][T17751] slab 5292032
[ 1490.678906][T17751] sock 0
[ 1490.678906][T17751] shmem 102400
[ 1490.678906][T17751] file_mapped 135168
[ 1490.678906][T17751] file_dirty 0
[ 1490.678906][T17751] file_writeback 0
[ 1490.678906][T17751] anon_thp 0
[ 1490.678906][T17751] inactive_anon 135168
[ 1490.678906][T17751] active_anon 57344
[ 1490.678906][T17751] inactive_file 135168
[ 1490.678906][T17751] active_file 0
[ 1490.678906][T17751] unevictable 0
[ 1490.678906][T17751] slab_reclaimable 2703360
[ 1490.678906][T17751] slab_unreclaimable 2588672
[ 1490.678906][T17751] pgfault 354783
[ 1490.678906][T17751] pgmajfault 0
[ 1490.678906][T17751] workingset_refault 0
[ 1490.678906][T17751] workingset_activate 0
[ 1490.678906][T17751] workingset_nodereclaim 0
[ 1490.678906][T17751] pgrefill 0
[ 1490.678906][T17751] pgscan 0
[ 1490.678906][T17751] pgsteal 0
[ 1490.678906][T17751] pgactivate 0
14:30:45 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x2500})

[ 1490.784383][T17751] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17751,uid=0
[ 1490.800482][T17751] Memory cgroup out of memory: Killed process 17751 (syz-executor.4) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
[ 1490.815585][ T1056] oom_reaper: reaped process 17751 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:30:46 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:46 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x4000})

14:30:46 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:46 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x5c00})

14:30:46 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xa00000000000000})

14:30:47 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)

14:30:47 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:47 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x200000})

14:30:47 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xb00000000000000})

[ 1492.465329][T17823] IPVS: ftp: loaded support on port[0] = 21
[ 1492.753373][T17823] chnl_net:caif_netlink_parms(): no params data found
[ 1492.817409][T17823] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1492.824987][T17823] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1492.833438][T17823] device bridge_slave_0 entered promiscuous mode
[ 1492.846872][T17823] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1492.854630][T17823] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1492.863137][T17823] device bridge_slave_1 entered promiscuous mode
[ 1492.884775][T17823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1492.896865][T17823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1492.939909][T17823] team0: Port device team_slave_0 added
[ 1492.947465][T17823] team0: Port device team_slave_1 added
[ 1493.040546][T17823] device hsr_slave_0 entered promiscuous mode
[ 1493.428379][T17823] device hsr_slave_1 entered promiscuous mode
[ 1493.468387][T17823] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1493.514680][T17823] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1493.527450][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1493.536284][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1493.548795][T17823] 8021q: adding VLAN 0 to HW filter on device team0
[ 1493.559063][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1493.568216][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1493.577042][T17356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1493.585198][T17356] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1493.593743][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1494.313156][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1494.322310][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1494.330934][T17356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1494.338750][T17356] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1494.346442][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1494.355608][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1494.365913][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1494.374901][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1494.384201][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1494.393341][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1494.403260][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1494.776546][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1494.785520][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1494.797153][T17823] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1494.808832][T17823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1494.817272][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1494.826435][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1495.201362][T17823] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1495.402450][T17843] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1495.414413][T17843] CPU: 1 PID: 17843 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1495.422869][T17843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1495.433228][T17843] Call Trace:
[ 1495.436547][T17843]  dump_stack+0x1d8/0x2f8
[ 1495.440911][T17843]  dump_header+0xd8/0x970
[ 1495.445636][T17843]  oom_kill_process+0xcd/0x320
[ 1495.450840][T17843]  out_of_memory+0x5e1/0x8a0
[ 1495.455852][T17843]  ? unregister_oom_notifier+0x20/0x20
[ 1495.461533][T17843]  ? __kasan_check_read+0x11/0x20
[ 1495.467020][T17843]  try_charge+0x134a/0x17b0
[ 1495.471871][T17843]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1495.478342][T17843]  ? __lock_acquire+0x4750/0x4750
[ 1495.483577][T17843]  ? rcu_lock_release+0x15/0x20
[ 1495.488792][T17843]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1495.494633][T17843]  mem_cgroup_try_charge+0x216/0x560
[ 1495.500360][T17843]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1495.506400][T17843]  handle_mm_fault+0x31f3/0x6080
[ 1495.511807][T17843]  ? finish_fault+0x230/0x230
[ 1495.516768][T17843]  ? vmacache_find+0x566/0x5b0
[ 1495.522020][T17843]  ? vmacache_update+0xb7/0x120
[ 1495.527017][T17843]  do_user_addr_fault+0x589/0xaf0
[ 1495.532169][T17843]  __do_page_fault+0xd3/0x1f0
[ 1495.537213][T17843]  do_page_fault+0x99/0xb0
[ 1495.542122][T17843]  page_fault+0x39/0x40
[ 1495.546605][T17843] RIP: 0033:0x41116f
[ 1495.550786][T17843] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1495.571349][T17843] RSP: 002b:00007fffa6b26f00 EFLAGS: 00010206
[ 1495.578499][T17843] RAX: 00007f3e5d320000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1495.586598][T17843] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1495.594959][T17843] RBP: 00007fffa6b26fe0 R08: ffffffffffffffff R09: 0000000000000000
[ 1495.603299][T17843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa6b270d0
[ 1495.611790][T17843] R13: 00007f3e5d340700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1495.620926][T17843] memory: usage 3556kB, limit 0kB, failcnt 489313
[ 1495.627860][T17843] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1495.635004][T17843] Memory cgroup stats for /syz2:
[ 1495.635118][T17843] anon 2187264
[ 1495.635118][T17843] file 274432
[ 1495.635118][T17843] kernel_stack 65536
[ 1495.635118][T17843] slab 1101824
[ 1495.635118][T17843] sock 0
[ 1495.635118][T17843] shmem 172032
[ 1495.635118][T17843] file_mapped 135168
[ 1495.635118][T17843] file_dirty 135168
[ 1495.635118][T17843] file_writeback 0
[ 1495.635118][T17843] anon_thp 2097152
[ 1495.635118][T17843] inactive_anon 135168
[ 1495.635118][T17843] active_anon 2187264
[ 1495.635118][T17843] inactive_file 135168
[ 1495.635118][T17843] active_file 135168
[ 1495.635118][T17843] unevictable 0
[ 1495.635118][T17843] slab_reclaimable 405504
[ 1495.635118][T17843] slab_unreclaimable 696320
[ 1495.635118][T17843] pgfault 191565
[ 1495.635118][T17843] pgmajfault 0
[ 1495.635118][T17843] workingset_refault 0
[ 1495.635118][T17843] workingset_activate 0
[ 1495.635118][T17843] workingset_nodereclaim 0
[ 1495.635118][T17843] pgrefill 0
[ 1495.635118][T17843] pgscan 0
[ 1495.635118][T17843] pgsteal 0
[ 1495.734688][T17843] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17843,uid=0
14:30:50 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:30:50 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)

[ 1495.752087][T17843] Memory cgroup out of memory: Killed process 17843 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[ 1495.769753][ T1056] oom_reaper: reaped process 17843 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
[ 1495.807104][T17823] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1495.818992][T17823] CPU: 1 PID: 17823 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1495.828292][T17823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1495.839712][T17823] Call Trace:
[ 1495.843254][T17823]  dump_stack+0x1d8/0x2f8
[ 1495.848660][T17823]  dump_header+0xd8/0x970
[ 1495.854079][T17823]  oom_kill_process+0xcd/0x320
[ 1495.859394][T17823]  out_of_memory+0x5e1/0x8a0
[ 1495.864469][T17823]  ? unregister_oom_notifier+0x20/0x20
[ 1495.870401][T17823]  ? __kasan_check_read+0x11/0x20
[ 1495.875941][T17823]  try_charge+0x134a/0x17b0
[ 1495.880944][T17823]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1495.888584][T17823]  ? __lock_acquire+0x4750/0x4750
[ 1495.893886][T17823]  ? rcu_lock_release+0x15/0x20
[ 1495.899628][T17823]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1495.905808][T17823]  mem_cgroup_try_charge+0x216/0x560
[ 1495.911394][T17823]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1495.917182][T17823]  handle_mm_fault+0x31f3/0x6080
[ 1495.922870][T17823]  ? finish_fault+0x230/0x230
[ 1495.928062][T17823]  ? vmacache_find+0x251/0x5b0
[ 1495.933317][T17823]  do_user_addr_fault+0x589/0xaf0
[ 1495.938555][T17823]  __do_page_fault+0xd3/0x1f0
[ 1495.943336][T17823]  do_page_fault+0x99/0xb0
[ 1495.947860][T17823]  page_fault+0x39/0x40
[ 1495.952966][T17823] RIP: 0033:0x4577c1
[ 1495.957289][T17823] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 <e8> ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00
[ 1495.978146][T17823] RSP: 002b:00007fffa6b26000 EFLAGS: 00010206
[ 1495.984620][T17823] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004577a0
[ 1495.992781][T17823] RDX: 00007fffa6b26000 RSI: 0000000000000003 RDI: 0000000000000001
[ 1496.000771][T17823] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555557222940
[ 1496.009298][T17823] R10: 0000000000000000 R11: 0000000000000206 R12: 00007fffa6b271e0
[ 1496.017377][T17823] R13: 00007fffa6b271d0 R14: 0000000000000000 R15: 00007fffa6b271e0
[ 1496.026222][T17823] memory: usage 1224kB, limit 0kB, failcnt 489322
[ 1496.033113][T17823] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1496.040726][T17823] Memory cgroup stats for /syz2:
[ 1496.040818][T17823] anon 0
[ 1496.040818][T17823] file 274432
[ 1496.040818][T17823] kernel_stack 0
14:30:50 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x1000000})

14:30:50 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:30:50 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)

14:30:50 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xc00000000000000})

[ 1496.040818][T17823] slab 1101824
[ 1496.040818][T17823] sock 0
[ 1496.040818][T17823] shmem 172032
[ 1496.040818][T17823] file_mapped 135168
[ 1496.040818][T17823] file_dirty 135168
[ 1496.040818][T17823] file_writeback 0
[ 1496.040818][T17823] anon_thp 0
[ 1496.040818][T17823] inactive_anon 135168
[ 1496.040818][T17823] active_anon 0
[ 1496.040818][T17823] inactive_file 135168
[ 1496.040818][T17823] active_file 135168
[ 1496.040818][T17823] unevictable 0
[ 1496.040818][T17823] slab_reclaimable 405504
14:30:51 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

[ 1496.040818][T17823] slab_unreclaimable 696320
[ 1496.040818][T17823] pgfault 191598
[ 1496.040818][T17823] pgmajfault 0
[ 1496.040818][T17823] workingset_refault 0
[ 1496.040818][T17823] workingset_activate 0
[ 1496.040818][T17823] workingset_nodereclaim 0
[ 1496.040818][T17823] pgrefill 0
[ 1496.040818][T17823] pgscan 0
[ 1496.040818][T17823] pgsteal 0
[ 1496.040818][T17823] pgactivate 0
[ 1496.145944][T17823] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17823,uid=0
[ 1496.161792][T17823] Memory cgroup out of memory: Killed process 17823 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB
[ 1496.177476][ T1056] oom_reaper: reaped process 17823 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:30:51 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x2000000})

14:30:51 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff'})

14:30:51 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x3000000})

14:30:51 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'})

14:30:51 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'})

14:30:52 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

[ 1498.063998][T17877] IPVS: ftp: loaded support on port[0] = 21
[ 1498.539234][T17880] IPVS: ftp: loaded support on port[0] = 21
[ 1498.562293][T17877] chnl_net:caif_netlink_parms(): no params data found
[ 1498.955238][T17877] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1498.962409][T17877] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1498.970810][T17877] device bridge_slave_0 entered promiscuous mode
[ 1498.978837][T17877] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1498.985961][T17877] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1498.994037][T17877] device bridge_slave_1 entered promiscuous mode
[ 1499.364699][T17877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1499.389360][T17877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1499.415224][T17877] team0: Port device team_slave_0 added
[ 1499.423661][T17877] team0: Port device team_slave_1 added
[ 1499.443327][  T788] device bridge_slave_1 left promiscuous mode
[ 1499.449731][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1499.488837][  T788] device bridge_slave_0 left promiscuous mode
[ 1499.495008][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1499.543616][  T788] device bridge_slave_1 left promiscuous mode
[ 1499.549867][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1499.598450][  T788] device bridge_slave_0 left promiscuous mode
[ 1499.604619][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1499.650311][  T788] device bridge_slave_1 left promiscuous mode
[ 1499.656496][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1499.708936][  T788] device bridge_slave_0 left promiscuous mode
[ 1499.715235][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1499.779071][  T788] device bridge_slave_1 left promiscuous mode
[ 1499.785251][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1499.829048][  T788] device bridge_slave_0 left promiscuous mode
[ 1499.835381][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1499.869725][  T788] device bridge_slave_1 left promiscuous mode
[ 1499.875960][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1499.918461][  T788] device bridge_slave_0 left promiscuous mode
[ 1499.924676][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1499.958954][  T788] device bridge_slave_1 left promiscuous mode
[ 1499.965130][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1499.999491][  T788] device bridge_slave_0 left promiscuous mode
[ 1500.005736][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1509.618154][  T788] device hsr_slave_0 left promiscuous mode
[ 1509.678835][  T788] device hsr_slave_1 left promiscuous mode
[ 1509.748684][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1509.761098][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1509.771766][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1509.805708][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1509.892930][  T788] bond0 (unregistering): Released all slaves
[ 1510.038732][  T788] device hsr_slave_0 left promiscuous mode
[ 1510.078307][  T788] device hsr_slave_1 left promiscuous mode
[ 1510.136301][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1510.149168][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1510.161181][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1510.191751][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1510.258986][  T788] bond0 (unregistering): Released all slaves
[ 1510.390295][  T788] device hsr_slave_0 left promiscuous mode
[ 1510.437787][  T788] device hsr_slave_1 left promiscuous mode
[ 1510.484478][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1510.494886][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1510.510058][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1510.543743][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1510.615326][  T788] bond0 (unregistering): Released all slaves
[ 1510.728286][  T788] device hsr_slave_0 left promiscuous mode
[ 1510.767809][  T788] device hsr_slave_1 left promiscuous mode
[ 1510.834460][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1510.847393][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1510.859788][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1510.893503][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1510.958782][  T788] bond0 (unregistering): Released all slaves
[ 1511.088309][  T788] device hsr_slave_0 left promiscuous mode
[ 1511.127807][  T788] device hsr_slave_1 left promiscuous mode
[ 1511.194498][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1511.207379][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1511.219690][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1511.265244][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1511.343345][  T788] bond0 (unregistering): Released all slaves
[ 1511.478718][  T788] device hsr_slave_0 left promiscuous mode
[ 1511.528302][  T788] device hsr_slave_1 left promiscuous mode
[ 1511.574320][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1511.587088][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1511.600041][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1511.641805][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1511.710691][  T788] bond0 (unregistering): Released all slaves
[ 1511.860734][T17877] device hsr_slave_0 entered promiscuous mode
[ 1511.928050][T17877] device hsr_slave_1 entered promiscuous mode
[ 1511.967769][T17877] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1512.021348][T17880] chnl_net:caif_netlink_parms(): no params data found
[ 1512.057558][T17880] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1512.064733][T17880] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1512.072822][T17880] device bridge_slave_0 entered promiscuous mode
[ 1512.081589][T17880] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1512.088894][T17880] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1512.096862][T17880] device bridge_slave_1 entered promiscuous mode
[ 1512.125400][T17880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1512.137543][T17880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1512.169552][T17880] team0: Port device team_slave_0 added
[ 1512.176742][T17880] team0: Port device team_slave_1 added
[ 1512.239383][T17880] device hsr_slave_0 entered promiscuous mode
[ 1512.288008][T17880] device hsr_slave_1 entered promiscuous mode
[ 1512.327740][T17880] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1512.368740][T17880] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1512.375831][T17880] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1512.383251][T17880] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1512.390352][T17880] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1512.402135][T17877] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1512.427406][T13658] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1512.440339][T13658] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1512.451765][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1512.459853][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1512.472743][T17877] 8021q: adding VLAN 0 to HW filter on device team0
[ 1512.501223][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1512.510038][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1512.518826][T17356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1512.525890][T17356] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1512.534074][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1512.546911][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1512.555632][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1512.564456][T13658] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1512.571581][T13658] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1512.584544][T17880] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1512.596380][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1512.708299][T17880] 8021q: adding VLAN 0 to HW filter on device team0
[ 1512.715182][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1512.724453][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1512.733131][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1512.741705][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1512.750217][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1512.860818][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1512.869475][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1512.877921][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1512.886301][T17836] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1512.893393][T17836] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1512.901358][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1512.909742][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1512.918050][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1512.926471][T17836] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1512.933585][T17836] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1512.941245][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1512.949672][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1513.070445][T17877] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1513.083301][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1513.092148][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1513.113828][T17880] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1513.124625][T17880] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1513.142024][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1513.150129][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1513.158478][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1513.166878][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1513.175303][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1513.185783][T17877] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1513.203867][T17880] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1513.226081][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1513.556135][T17892] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1513.569764][T17892] CPU: 1 PID: 17892 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1513.577851][T17892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1513.588079][T17892] Call Trace:
[ 1513.591394][T17892]  dump_stack+0x1d8/0x2f8
[ 1513.595857][T17892]  dump_header+0xd8/0x970
[ 1513.600975][T17892]  oom_kill_process+0xcd/0x320
[ 1513.606295][T17892]  out_of_memory+0x5e1/0x8a0
[ 1513.610943][T17892]  ? unregister_oom_notifier+0x20/0x20
[ 1513.617174][T17892]  memory_max_write+0x537/0x6a0
[ 1513.622153][T17892]  ? lock_acquire+0x1b2/0x250
[ 1513.627027][T17892]  ? memory_max_show+0xa0/0xa0
[ 1513.632019][T17892]  ? trace_hardirqs_on_caller+0x74/0x80
[ 1513.637671][T17892]  ? trace_lock_acquire+0x154/0x1b0
[ 1513.642887][T17892]  ? lock_acquire+0x158/0x250
[ 1513.647728][T17892]  ? kernfs_fop_write+0x22e/0x4f0
[ 1513.652939][T17892]  ? memory_max_show+0xa0/0xa0
[ 1513.657865][T17892]  cgroup_file_write+0x27b/0x6e0
[ 1513.663171][T17892]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1513.668324][T17892]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1513.673658][T17892]  kernfs_fop_write+0x3e4/0x4f0
[ 1513.678680][T17892]  ? kernfs_fop_read+0x580/0x580
[ 1513.683812][T17892]  __vfs_write+0xf9/0x7d0
[ 1513.688333][T17892]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1513.693918][T17892]  ? __kernel_write+0x350/0x350
[ 1513.699045][T17892]  ? trace_hardirqs_on_caller+0x74/0x80
[ 1513.704624][T17892]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1513.710793][T17892]  ? rcu_irq_exit+0xe3/0x260
[ 1513.715413][T17892]  ? retint_kernel+0x10/0x10
[ 1513.720476][T17892]  ? __sb_start_write+0x393/0x440
[ 1513.725603][T17892]  vfs_write+0x275/0x590
[ 1513.730017][T17892]  ksys_write+0x16b/0x2a0
[ 1513.734543][T17892]  ? __ia32_sys_read+0x90/0x90
[ 1513.739343][T17892]  ? do_syscall_64+0xc0/0x140
[ 1513.744217][T17892]  __x64_sys_write+0x7b/0x90
[ 1513.748943][T17892]  do_syscall_64+0xfe/0x140
[ 1513.753973][T17892]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1513.759994][T17892] RIP: 0033:0x459829
[ 1513.765592][T17892] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1513.785659][T17892] RSP: 002b:00007f33abda1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1513.794368][T17892] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1513.802450][T17892] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1513.811085][T17892] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1513.819277][T17892] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f33abda26d4
[ 1513.827379][T17892] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1513.835980][T17892] memory: usage 6864kB, limit 0kB, failcnt 156
[ 1513.842699][T17892] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1513.850064][T17892] Memory cgroup stats for /syz4:
[ 1513.855203][T17892] anon 2121728
[ 1513.855203][T17892] file 299008
[ 1513.855203][T17892] kernel_stack 0
[ 1513.855203][T17892] slab 4608000
[ 1513.855203][T17892] sock 0
[ 1513.855203][T17892] shmem 102400
[ 1513.855203][T17892] file_mapped 135168
[ 1513.855203][T17892] file_dirty 0
[ 1513.855203][T17892] file_writeback 0
[ 1513.855203][T17892] anon_thp 2097152
[ 1513.855203][T17892] inactive_anon 135168
[ 1513.855203][T17892] active_anon 2121728
[ 1513.855203][T17892] inactive_file 135168
[ 1513.855203][T17892] active_file 0
[ 1513.855203][T17892] unevictable 0
[ 1513.855203][T17892] slab_reclaimable 2433024
[ 1513.855203][T17892] slab_unreclaimable 2174976
[ 1513.855203][T17892] pgfault 354849
[ 1513.855203][T17892] pgmajfault 0
[ 1513.855203][T17892] workingset_refault 0
[ 1513.855203][T17892] workingset_activate 0
[ 1513.855203][T17892] workingset_nodereclaim 0
[ 1513.855203][T17892] pgrefill 0
[ 1513.855203][T17892] pgscan 0
[ 1513.855203][T17892] pgsteal 0
[ 1513.855203][T17892] pgactivate 0
[ 1513.956393][T17892] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17890,uid=0
[ 1513.974194][T17892] Memory cgroup out of memory: Killed process 17890 (syz-executor.4) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1513.995346][ T1056] oom_reaper: reaped process 17890 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1514.002468][T17895] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1514.019231][T17895] CPU: 1 PID: 17895 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1514.026971][T17895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1514.037396][T17895] Call Trace:
[ 1514.040713][T17895]  dump_stack+0x1d8/0x2f8
[ 1514.045108][T17895]  dump_header+0xd8/0x970
[ 1514.049978][T17895]  oom_kill_process+0xcd/0x320
[ 1514.054934][T17895]  out_of_memory+0x5e1/0x8a0
[ 1514.059548][T17895]  ? unregister_oom_notifier+0x20/0x20
[ 1514.065109][T17895]  ? trace_hardirqs_on+0x74/0x80
[ 1514.070317][T17895]  memory_max_write+0x537/0x6a0
[ 1514.075272][T17895]  ? lock_acquire+0x158/0x250
[ 1514.080154][T17895]  ? memory_max_show+0xa0/0xa0
[ 1514.085518][T17895]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1514.091065][T17895]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1514.096962][T17895]  ? retint_kernel+0x10/0x10
[ 1514.102060][T17895]  ? memory_max_show+0xa0/0xa0
[ 1514.107130][T17895]  cgroup_file_write+0x27b/0x6e0
[ 1514.112612][T17895]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1514.117935][T17895]  ? kernfs_fop_write+0x349/0x4f0
[ 1514.122983][T17895]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1514.128209][T17895]  kernfs_fop_write+0x3e4/0x4f0
[ 1514.133257][T17895]  ? kernfs_fop_read+0x580/0x580
[ 1514.138450][T17895]  __vfs_write+0xf9/0x7d0
[ 1514.142822][T17895]  ? retint_kernel+0x10/0x10
[ 1514.151825][T17895]  ? __kernel_write+0x350/0x350
[ 1514.157806][T17895]  ? rcu_irq_exit+0xe3/0x260
[ 1514.163135][T17895]  ? __sb_start_write+0x39c/0x440
[ 1514.168299][T17895]  ? __kasan_check_read+0x11/0x20
[ 1514.173908][T17895]  vfs_write+0x275/0x590
[ 1514.178185][T17895]  ksys_write+0x16b/0x2a0
[ 1514.182634][T17895]  ? __ia32_sys_read+0x90/0x90
[ 1514.187559][T17895]  ? retint_kernel+0x10/0x10
[ 1514.192532][T17895]  __x64_sys_write+0x7b/0x90
[ 1514.197615][T17895]  do_syscall_64+0xfe/0x140
[ 1514.202179][T17895]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1514.208212][T17895] RIP: 0033:0x459829
[ 1514.212299][T17895] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1514.232415][T17895] RSP: 002b:00007f7c7f7ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1514.241289][T17895] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1514.249808][T17895] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1514.258443][T17895] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1514.266651][T17895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c7f7de6d4
[ 1514.274859][T17895] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1514.288835][T17895] memory: usage 5156kB, limit 0kB, failcnt 52
[ 1514.295193][T17895] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1514.302819][T17895] Memory cgroup stats for /syz3:
[ 1514.327654][T17895] anon 2195456
[ 1514.327654][T17895] file 0
[ 1514.327654][T17895] kernel_stack 65536
[ 1514.327654][T17895] slab 2891776
[ 1514.327654][T17895] sock 0
[ 1514.327654][T17895] shmem 0
[ 1514.327654][T17895] file_mapped 0
[ 1514.327654][T17895] file_dirty 0
[ 1514.327654][T17895] file_writeback 0
[ 1514.327654][T17895] anon_thp 2097152
[ 1514.327654][T17895] inactive_anon 0
[ 1514.327654][T17895] active_anon 2195456
[ 1514.327654][T17895] inactive_file 0
[ 1514.327654][T17895] active_file 0
[ 1514.327654][T17895] unevictable 0
[ 1514.327654][T17895] slab_reclaimable 1216512
[ 1514.327654][T17895] slab_unreclaimable 1675264
[ 1514.327654][T17895] pgfault 251394
[ 1514.327654][T17895] pgmajfault 0
[ 1514.327654][T17895] workingset_refault 0
[ 1514.327654][T17895] workingset_activate 0
[ 1514.327654][T17895] workingset_nodereclaim 0
[ 1514.327654][T17895] pgrefill 0
[ 1514.327654][T17895] pgscan 0
[ 1514.327654][T17895] pgsteal 0
[ 1514.327654][T17895] pgactivate 0
[ 1514.425526][T17895] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17894,uid=0
[ 1514.441902][T17895] Memory cgroup out of memory: Killed process 17894 (syz-executor.3) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1514.461131][ T1056] oom_reaper: reaped process 17894 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1514.704945][T17877] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1514.716107][T17877] CPU: 1 PID: 17877 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1514.724082][T17877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1514.734727][T17877] Call Trace:
[ 1514.738210][T17877]  dump_stack+0x1d8/0x2f8
[ 1514.743230][T17877]  dump_header+0xd8/0x970
[ 1514.747796][T17877]  oom_kill_process+0xcd/0x320
[ 1514.752590][T17877]  out_of_memory+0x5e1/0x8a0
[ 1514.757291][T17877]  ? unregister_oom_notifier+0x20/0x20
[ 1514.762935][T17877]  ? __kasan_check_read+0x11/0x20
[ 1514.768139][T17877]  try_charge+0x134a/0x17b0
[ 1514.772967][T17877]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1514.779161][T17877]  ? __lock_acquire+0x4750/0x4750
[ 1514.784319][T17877]  ? rcu_lock_release+0x15/0x20
[ 1514.789408][T17877]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1514.795302][T17877]  mem_cgroup_try_charge+0x216/0x560
[ 1514.800630][T17877]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1514.806561][T17877]  wp_page_copy+0x367/0x18c0
[ 1514.811595][T17877]  ? rcu_lock_release+0x30/0x30
[ 1514.816830][T17877]  ? __lock_acquire+0x4750/0x4750
[ 1514.821892][T17877]  ? __kasan_check_read+0x11/0x20
[ 1514.826948][T17877]  ? do_raw_spin_unlock+0x49/0x260
[ 1514.832084][T17877]  do_wp_page+0x2c9/0x1ce0
[ 1514.836625][T17877]  ? __rwlock_init+0x130/0x130
[ 1514.841551][T17877]  ? count_memcg_event_mm+0x300/0x300
[ 1514.847483][T17877]  handle_mm_fault+0x2bcf/0x6080
[ 1514.852482][T17877]  ? finish_fault+0x230/0x230
[ 1514.852501][T17877]  ? vmacache_find+0x566/0x5b0
[ 1514.852508][T17877]  ? vmacache_update+0xb7/0x120
[ 1514.852532][T17877]  do_user_addr_fault+0x589/0xaf0
[ 1514.852551][T17877]  __do_page_fault+0xd3/0x1f0
[ 1514.852565][T17877]  do_page_fault+0x99/0xb0
[ 1514.883441][T17877]  page_fault+0x39/0x40
[ 1514.887797][T17877] RIP: 0033:0x430906
[ 1514.891964][T17877] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1514.913284][T17877] RSP: 002b:00007ffdd362d430 EFLAGS: 00010206
[ 1514.920217][T17877] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1514.928533][T17877] RDX: 0000555557381930 RSI: 0000555557389970 RDI: 0000000000000003
[ 1514.936696][T17877] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557380940
[ 1514.945825][T17877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1514.954590][T17877] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1514.963888][T17877] memory: usage 4528kB, limit 0kB, failcnt 165
[ 1514.970444][T17877] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1514.978228][T17877] Memory cgroup stats for /syz4:
[ 1514.978314][T17877] anon 24576
[ 1514.978314][T17877] file 299008
[ 1514.978314][T17877] kernel_stack 0
[ 1514.978314][T17877] slab 4608000
[ 1514.978314][T17877] sock 0
[ 1514.978314][T17877] shmem 102400
[ 1514.978314][T17877] file_mapped 135168
[ 1514.978314][T17877] file_dirty 0
[ 1514.978314][T17877] file_writeback 0
[ 1514.978314][T17877] anon_thp 0
[ 1514.978314][T17877] inactive_anon 135168
[ 1514.978314][T17877] active_anon 24576
[ 1514.978314][T17877] inactive_file 135168
[ 1514.978314][T17877] active_file 0
[ 1514.978314][T17877] unevictable 0
[ 1514.978314][T17877] slab_reclaimable 2433024
[ 1514.978314][T17877] slab_unreclaimable 2174976
[ 1514.978314][T17877] pgfault 354849
[ 1514.978314][T17877] pgmajfault 0
[ 1514.978314][T17877] workingset_refault 0
[ 1514.978314][T17877] workingset_activate 0
[ 1514.978314][T17877] workingset_nodereclaim 0
[ 1514.978314][T17877] pgrefill 0
[ 1514.978314][T17877] pgscan 0
[ 1514.978314][T17877] pgsteal 0
[ 1514.978314][T17877] pgactivate 0
[ 1515.076823][T17877] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17877,uid=0
[ 1515.092904][T17877] Memory cgroup out of memory: Killed process 17877 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
14:31:09 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:31:09 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x4000000})

14:31:09 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'})

14:31:09 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xd00000000000000})

14:31:09 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:09 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'})

14:31:09 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:09 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'})

14:31:10 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00'})

14:31:10 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x5000000})

[ 1515.107904][ T1056] oom_reaper: reaped process 17877 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
[ 1515.115894][T17880] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1515.129486][T17880] CPU: 1 PID: 17880 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1515.137547][T17880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1515.147989][T17880] Call Trace:
[ 1515.151695][T17880]  dump_stack+0x1d8/0x2f8
[ 1515.156132][T17880]  dump_header+0xd8/0x970
[ 1515.160661][T17880]  oom_kill_process+0xcd/0x320
[ 1515.165720][T17880]  out_of_memory+0x5e1/0x8a0
[ 1515.170673][T17880]  ? unregister_oom_notifier+0x20/0x20
[ 1515.170687][T17880]  ? __kasan_check_read+0x11/0x20
[ 1515.170705][T17880]  try_charge+0x134a/0x17b0
[ 1515.182495][T17880]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1515.182520][T17880]  ? __lock_acquire+0x4750/0x4750
[ 1515.182536][T17880]  ? rcu_lock_release+0x15/0x20
[ 1515.182546][T17880]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1515.182556][T17880]  mem_cgroup_try_charge+0x216/0x560
[ 1515.182569][T17880]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1515.182582][T17880]  handle_mm_fault+0x31f3/0x6080
[ 1515.182603][T17880]  ? finish_fault+0x230/0x230
[ 1515.182627][T17880]  ? vmacache_find+0x251/0x5b0
[ 1515.236680][T17880]  do_user_addr_fault+0x589/0xaf0
[ 1515.241961][T17880]  __do_page_fault+0xd3/0x1f0
[ 1515.246820][T17880]  do_page_fault+0x99/0xb0
[ 1515.251397][T17880]  page_fault+0x39/0x40
[ 1515.255589][T17880] RIP: 0033:0x4034f2
[ 1515.259682][T17880] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1515.279756][T17880] RSP: 002b:00007ffdc3930e10 EFLAGS: 00010246
[ 1515.286029][T17880] RAX: 0000000000000000 RBX: 0000000000171836 RCX: 0000000000413430
[ 1515.294551][T17880] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdc3931f40
[ 1515.303244][T17880] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555953940
[ 1515.311625][T17880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc3931f40
[ 1515.320095][T17880] R13: 00007ffdc3931f30 R14: 0000000000000000 R15: 00007ffdc3931f40
[ 1515.329155][T17880] memory: usage 2824kB, limit 0kB, failcnt 61
[ 1515.335256][T17880] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1515.342770][T17880] Memory cgroup stats for /syz3:
[ 1515.342862][T17880] anon 0
[ 1515.342862][T17880] file 0
[ 1515.342862][T17880] kernel_stack 0
[ 1515.342862][T17880] slab 2891776
[ 1515.342862][T17880] sock 0
[ 1515.342862][T17880] shmem 0
[ 1515.342862][T17880] file_mapped 0
[ 1515.342862][T17880] file_dirty 0
[ 1515.342862][T17880] file_writeback 0
[ 1515.342862][T17880] anon_thp 0
[ 1515.342862][T17880] inactive_anon 0
[ 1515.342862][T17880] active_anon 0
[ 1515.342862][T17880] inactive_file 0
[ 1515.342862][T17880] active_file 0
[ 1515.342862][T17880] unevictable 0
[ 1515.342862][T17880] slab_reclaimable 1216512
[ 1515.342862][T17880] slab_unreclaimable 1675264
[ 1515.342862][T17880] pgfault 251394
[ 1515.342862][T17880] pgmajfault 0
[ 1515.342862][T17880] workingset_refault 0
[ 1515.342862][T17880] workingset_activate 0
[ 1515.342862][T17880] workingset_nodereclaim 0
[ 1515.342862][T17880] pgrefill 0
[ 1515.342862][T17880] pgscan 0
[ 1515.342862][T17880] pgsteal 0
[ 1515.342862][T17880] pgactivate 0
[ 1515.342862][T17880] pgdeactivate 0
[ 1515.445689][T17880] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17880,uid=0
[ 1515.445783][T17880] Memory cgroup out of memory: Killed process 17880 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1515.481372][ T1056] oom_reaper: reaped process 17880 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:31:10 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x6000000})

14:31:10 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'})

14:31:11 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:31:11 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x7000000})

14:31:11 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'})

14:31:11 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xe00000000000000})

[ 1516.959492][T17936] IPVS: ftp: loaded support on port[0] = 21
[ 1517.081706][T17936] chnl_net:caif_netlink_parms(): no params data found
[ 1517.139685][T17936] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1517.147419][T17936] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1517.155866][T17936] device bridge_slave_0 entered promiscuous mode
[ 1517.233450][T17936] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1517.240863][T17936] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1517.248984][T17936] device bridge_slave_1 entered promiscuous mode
[ 1517.276366][T17936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1517.295226][T17936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1517.324968][T17936] team0: Port device team_slave_0 added
[ 1517.338192][T17936] team0: Port device team_slave_1 added
[ 1517.420466][T17936] device hsr_slave_0 entered promiscuous mode
[ 1517.458182][T17936] device hsr_slave_1 entered promiscuous mode
[ 1517.478089][T17936] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1517.552578][T17936] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1517.568102][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1517.586963][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1517.597288][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1517.609182][T17936] 8021q: adding VLAN 0 to HW filter on device team0
[ 1517.625092][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1517.634991][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1517.643979][T17474] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1517.651686][T17474] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1517.659741][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1517.668727][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1517.677545][T17474] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1517.684861][T17474] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1517.710739][T17936] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1517.721846][T17936] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1517.746789][T17936] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1517.755693][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1517.766583][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1517.775415][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1517.784228][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1517.793166][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1517.819709][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1517.828219][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1518.010704][T17946] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1518.022334][T17946] CPU: 0 PID: 17946 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1518.030367][T17946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1518.040634][T17946] Call Trace:
[ 1518.044161][T17946]  dump_stack+0x1d8/0x2f8
[ 1518.048657][T17946]  dump_header+0xd8/0x970
[ 1518.053353][T17946]  oom_kill_process+0xcd/0x320
[ 1518.058430][T17946]  out_of_memory+0x5e1/0x8a0
[ 1518.063662][T17946]  ? unregister_oom_notifier+0x20/0x20
[ 1518.070830][T17946]  memory_max_write+0x537/0x6a0
[ 1518.079226][T17946]  ? memory_max_show+0xa0/0xa0
[ 1518.085092][T17946]  ? lock_acquire+0x1b2/0x250
[ 1518.090354][T17946]  ? memory_max_show+0xa0/0xa0
[ 1518.095754][T17946]  cgroup_file_write+0x27b/0x6e0
[ 1518.101221][T17946]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1518.106827][T17946]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1518.112495][T17946]  kernfs_fop_write+0x3e4/0x4f0
[ 1518.118231][T17946]  ? kernfs_fop_read+0x580/0x580
[ 1518.123188][T17946]  __vfs_write+0xf9/0x7d0
[ 1518.128129][T17946]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1518.133577][T17946]  ? __kernel_write+0x350/0x350
[ 1518.138593][T17946]  ? trace_lock_acquire+0x154/0x1b0
[ 1518.144857][T17946]  ? __sb_start_write+0x39c/0x440
[ 1518.150005][T17946]  vfs_write+0x275/0x590
[ 1518.154805][T17946]  ksys_write+0x16b/0x2a0
[ 1518.159829][T17946]  ? __ia32_sys_read+0x90/0x90
[ 1518.164945][T17946]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1518.170928][T17946]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1518.176838][T17946]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1518.182877][T17946]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1518.189390][T17946]  ? do_syscall_64+0x1d/0x140
[ 1518.194298][T17946]  __x64_sys_write+0x7b/0x90
[ 1518.198988][T17946]  do_syscall_64+0xfe/0x140
[ 1518.203668][T17946]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1518.210237][T17946] RIP: 0033:0x459829
[ 1518.214155][T17946] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1518.235279][T17946] RSP: 002b:00007fcd36f4ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1518.245736][T17946] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1518.254354][T17946] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1518.264919][T17946] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1518.273360][T17946] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcd36f4f6d4
[ 1518.281546][T17946] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1518.301711][T17946] memory: usage 3508kB, limit 0kB, failcnt 489331
[ 1518.309644][T17946] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1518.317489][T17946] Memory cgroup stats for /syz2:
[ 1518.318268][T17946] anon 2084864
[ 1518.318268][T17946] file 274432
[ 1518.318268][T17946] kernel_stack 65536
[ 1518.318268][T17946] slab 966656
[ 1518.318268][T17946] sock 0
[ 1518.318268][T17946] shmem 172032
[ 1518.318268][T17946] file_mapped 135168
[ 1518.318268][T17946] file_dirty 135168
[ 1518.318268][T17946] file_writeback 0
[ 1518.318268][T17946] anon_thp 2097152
[ 1518.318268][T17946] inactive_anon 135168
[ 1518.318268][T17946] active_anon 2084864
[ 1518.318268][T17946] inactive_file 135168
[ 1518.318268][T17946] active_file 135168
[ 1518.318268][T17946] unevictable 0
[ 1518.318268][T17946] slab_reclaimable 405504
[ 1518.318268][T17946] slab_unreclaimable 561152
[ 1518.318268][T17946] pgfault 191631
[ 1518.318268][T17946] pgmajfault 0
[ 1518.318268][T17946] workingset_refault 0
[ 1518.318268][T17946] workingset_activate 0
[ 1518.318268][T17946] workingset_nodereclaim 0
[ 1518.318268][T17946] pgrefill 0
[ 1518.318268][T17946] pgscan 0
[ 1518.318268][T17946] pgsteal 0
[ 1518.425638][T17946] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17945,uid=0
[ 1518.442082][T17946] Memory cgroup out of memory: Killed process 17945 (syz-executor.2) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1518.463609][ T1056] oom_reaper: reaped process 17945 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
14:31:13 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:13 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:13 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x8000000})

14:31:13 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'})

14:31:13 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1518.571293][T17936] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1518.582544][T17936] CPU: 0 PID: 17936 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1518.590353][T17936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1518.601566][T17936] Call Trace:
[ 1518.605203][T17936]  dump_stack+0x1d8/0x2f8
[ 1518.610536][T17936]  dump_header+0xd8/0x970
[ 1518.617102][T17936]  oom_kill_process+0xcd/0x320
[ 1518.622828][T17936]  out_of_memory+0x5e1/0x8a0
[ 1518.628390][T17936]  ? unregister_oom_notifier+0x20/0x20
[ 1518.635502][T17936]  ? __kasan_check_read+0x11/0x20
[ 1518.641626][T17936]  try_charge+0x134a/0x17b0
[ 1518.648247][T17936]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1518.657154][T17936]  ? __lock_acquire+0x4750/0x4750
[ 1518.663142][T17936]  ? rcu_lock_release+0x15/0x20
14:31:13 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x1000000000000000})

14:31:13 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x9000000})

[ 1518.668355][T17936]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1518.674061][T17936]  mem_cgroup_try_charge+0x216/0x560
[ 1518.679541][T17936]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1518.679554][T17936]  wp_page_copy+0x367/0x18c0
[ 1518.679573][T17936]  ? rcu_lock_release+0x30/0x30
[ 1518.679586][T17936]  ? __lock_acquire+0x4750/0x4750
[ 1518.679601][T17936]  ? __kasan_check_read+0x11/0x20
[ 1518.679610][T17936]  ? do_raw_spin_unlock+0x49/0x260
[ 1518.679621][T17936]  do_wp_page+0x2c9/0x1ce0
[ 1518.679639][T17936]  ? __rwlock_init+0x130/0x130
[ 1518.679650][T17936]  ? count_memcg_event_mm+0x300/0x300
[ 1518.679665][T17936]  handle_mm_fault+0x2bcf/0x6080
[ 1518.679687][T17936]  ? finish_fault+0x230/0x230
[ 1518.679706][T17936]  ? vmacache_find+0x50f/0x5b0
[ 1518.679713][T17936]  ? vmacache_update+0xb7/0x120
[ 1518.679728][T17936]  do_user_addr_fault+0x589/0xaf0
[ 1518.679745][T17936]  __do_page_fault+0xd3/0x1f0
[ 1518.679756][T17936]  do_page_fault+0x99/0xb0
[ 1518.679768][T17936]  page_fault+0x39/0x40
[ 1518.679778][T17936] RIP: 0033:0x430906
[ 1518.679789][T17936] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1518.679794][T17936] RSP: 002b:00007ffd8183e810 EFLAGS: 00010206
[ 1518.679803][T17936] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1518.679810][T17936] RDX: 0000555556207930 RSI: 000055555620f970 RDI: 0000000000000003
14:31:13 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'})

[ 1518.679817][T17936] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556206940
[ 1518.679824][T17936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1518.679830][T17936] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1518.680656][T17936] memory: usage 1180kB, limit 0kB, failcnt 489340
[ 1518.849042][T17936] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1518.849047][T17936] Memory cgroup stats for /syz2:
[ 1518.849122][T17936] anon 0
[ 1518.849122][T17936] file 274432
[ 1518.849122][T17936] kernel_stack 0
[ 1518.849122][T17936] slab 966656
[ 1518.849122][T17936] sock 0
[ 1518.849122][T17936] shmem 172032
[ 1518.849122][T17936] file_mapped 135168
[ 1518.849122][T17936] file_dirty 135168
[ 1518.849122][T17936] file_writeback 0
[ 1518.849122][T17936] anon_thp 0
[ 1518.849122][T17936] inactive_anon 135168
[ 1518.849122][T17936] active_anon 0
[ 1518.849122][T17936] inactive_file 135168
[ 1518.849122][T17936] active_file 135168
[ 1518.849122][T17936] unevictable 0
[ 1518.849122][T17936] slab_reclaimable 405504
[ 1518.849122][T17936] slab_unreclaimable 561152
[ 1518.849122][T17936] pgfault 191631
[ 1518.849122][T17936] pgmajfault 0
[ 1518.849122][T17936] workingset_refault 0
[ 1518.849122][T17936] workingset_activate 0
[ 1518.849122][T17936] workingset_nodereclaim 0
[ 1518.849122][T17936] pgrefill 0
[ 1518.849122][T17936] pgscan 0
[ 1518.849122][T17936] pgsteal 0
[ 1518.849122][T17936] pgactivate 0
[ 1518.861353][T17936] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17936,uid=0
[ 1518.861428][T17936] Memory cgroup out of memory: Killed process 17936 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
[ 1518.982776][ T1056] oom_reaper: reaped process 17936 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:31:14 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xa000000})

14:31:14 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xb000000})

14:31:14 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00'})

14:31:14 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xc000000})

14:31:15 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

[ 1520.889237][T17977] IPVS: ftp: loaded support on port[0] = 21
[ 1520.951838][T17977] chnl_net:caif_netlink_parms(): no params data found
[ 1520.977250][T17977] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1520.984434][T17977] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1520.992112][T17977] device bridge_slave_0 entered promiscuous mode
[ 1521.000445][T17977] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1521.007518][T17977] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1521.015366][T17977] device bridge_slave_1 entered promiscuous mode
[ 1521.032191][T17977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1521.043386][T17977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1521.060890][T17977] team0: Port device team_slave_0 added
[ 1521.067544][T17977] team0: Port device team_slave_1 added
[ 1521.130632][T17977] device hsr_slave_0 entered promiscuous mode
[ 1521.197995][T17977] device hsr_slave_1 entered promiscuous mode
[ 1521.267783][T17977] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1521.804714][T17980] IPVS: ftp: loaded support on port[0] = 21
[ 1522.426410][T17980] chnl_net:caif_netlink_parms(): no params data found
[ 1522.444583][T17977] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1522.475913][T17980] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1522.483171][T17980] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1522.491275][T17980] device bridge_slave_0 entered promiscuous mode
[ 1522.766661][T17980] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1522.774052][T17980] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1522.782607][T17980] device bridge_slave_1 entered promiscuous mode
[ 1522.804058][T17980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1522.815622][T17980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1522.837339][T17980] team0: Port device team_slave_0 added
[ 1522.845551][T17980] team0: Port device team_slave_1 added
[ 1522.865855][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1522.873744][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1523.154108][T17977] 8021q: adding VLAN 0 to HW filter on device team0
[ 1523.219421][T17980] device hsr_slave_0 entered promiscuous mode
[ 1523.257999][T17980] device hsr_slave_1 entered promiscuous mode
[ 1523.317954][T17980] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1523.608952][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1523.617704][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1523.626187][T17583] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1523.633336][T17583] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1523.641120][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1523.649832][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1523.658282][T17583] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1523.665341][T17583] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1523.673196][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1523.682915][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1523.691581][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1523.699986][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1523.708848][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1523.716748][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1523.729072][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1523.737784][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1523.752666][T17977] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1523.764591][T17977] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1524.053694][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1524.062198][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1524.070639][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1524.079473][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1524.088155][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1524.378376][T17977] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1524.410302][T17980] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1524.424151][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1524.432493][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1524.737444][T17980] 8021q: adding VLAN 0 to HW filter on device team0
[ 1524.749315][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1524.758435][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1524.766815][T17583] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1524.773936][T17583] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1524.789903][  T788] device bridge_slave_1 left promiscuous mode
[ 1524.796128][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1524.841916][  T788] device bridge_slave_0 left promiscuous mode
[ 1524.848246][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1524.869902][T17987] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1524.880231][T17987] CPU: 0 PID: 17987 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1524.887849][T17987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1524.897900][T17987] Call Trace:
[ 1524.901181][T17987]  dump_stack+0x1d8/0x2f8
[ 1524.905603][T17987]  dump_header+0xd8/0x970
[ 1524.909928][T17987]  oom_kill_process+0xcd/0x320
[ 1524.914676][T17987]  out_of_memory+0x5e1/0x8a0
[ 1524.919303][T17987]  ? unregister_oom_notifier+0x20/0x20
[ 1524.924774][T17987]  memory_max_write+0x537/0x6a0
[ 1524.929608][T17987]  ? lock_acquire+0x158/0x250
[ 1524.934291][T17987]  ? memory_max_show+0xa0/0xa0
[ 1524.939057][T17987]  ? trace_hardirqs_on_caller+0x74/0x80
[ 1524.944588][T17987]  ? trace_lock_acquire+0x154/0x1b0
[ 1524.949776][T17987]  ? lock_acquire+0x158/0x250
[ 1524.954456][T17987]  ? kernfs_fop_write+0x22e/0x4f0
[ 1524.959467][T17987]  ? memory_max_show+0xa0/0xa0
[ 1524.964215][T17987]  cgroup_file_write+0x27b/0x6e0
[ 1524.969160][T17987]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1524.974268][T17987]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1524.979395][T17987]  kernfs_fop_write+0x3e4/0x4f0
[ 1524.984233][T17987]  ? kernfs_fop_read+0x580/0x580
[ 1524.989162][T17987]  __vfs_write+0xf9/0x7d0
[ 1524.993473][T17987]  ? rcu_irq_exit+0xe3/0x260
[ 1524.998072][T17987]  ? __kernel_write+0x350/0x350
[ 1525.003004][T17987]  ? __sb_start_write+0x39c/0x440
[ 1525.008075][T17987]  ? __kasan_check_read+0x11/0x20
[ 1525.013294][T17987]  vfs_write+0x275/0x590
[ 1525.017559][T17987]  ksys_write+0x16b/0x2a0
[ 1525.021902][T17987]  ? __ia32_sys_read+0x90/0x90
[ 1525.026650][T17987]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1525.032351][T17987]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1525.038060][T17987]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1525.043517][T17987]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1525.049220][T17987]  ? do_syscall_64+0x1d/0x140
[ 1525.053878][T17987]  __x64_sys_write+0x7b/0x90
[ 1525.058453][T17987]  do_syscall_64+0xfe/0x140
[ 1525.062940][T17987]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1525.068814][T17987] RIP: 0033:0x459829
[ 1525.072685][T17987] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1525.092290][T17987] RSP: 002b:00007fd6fcd3cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1525.100684][T17987] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1525.108638][T17987] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1525.116593][T17987] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1525.124656][T17987] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6fcd3d6d4
[ 1525.132711][T17987] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1525.140793][T17987] memory: usage 4640kB, limit 0kB, failcnt 70
[ 1525.146964][T17987] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1525.153921][T17987] Memory cgroup stats for /syz3:
[ 1525.157051][T17987] anon 2215936
[ 1525.157051][T17987] file 0
[ 1525.157051][T17987] kernel_stack 65536
[ 1525.157051][T17987] slab 2482176
[ 1525.157051][T17987] sock 0
[ 1525.157051][T17987] shmem 0
[ 1525.157051][T17987] file_mapped 0
[ 1525.157051][T17987] file_dirty 0
[ 1525.157051][T17987] file_writeback 0
[ 1525.157051][T17987] anon_thp 2097152
[ 1525.157051][T17987] inactive_anon 0
[ 1525.157051][T17987] active_anon 2215936
[ 1525.157051][T17987] inactive_file 0
[ 1525.157051][T17987] active_file 0
[ 1525.157051][T17987] unevictable 0
[ 1525.157051][T17987] slab_reclaimable 1081344
[ 1525.157051][T17987] slab_unreclaimable 1400832
[ 1525.157051][T17987] pgfault 251460
[ 1525.157051][T17987] pgmajfault 0
[ 1525.157051][T17987] workingset_refault 0
[ 1525.157051][T17987] workingset_activate 0
[ 1525.157051][T17987] workingset_nodereclaim 0
[ 1525.157051][T17987] pgrefill 0
[ 1525.157051][T17987] pgscan 0
[ 1525.157051][T17987] pgsteal 0
[ 1525.157051][T17987] pgactivate 0
[ 1525.251421][T17987] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17986,uid=0
[ 1525.267381][T17987] Memory cgroup out of memory: Killed process 17986 (syz-executor.3) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1525.283077][ T1056] oom_reaper: reaped process 17986 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1525.298584][  T788] device bridge_slave_1 left promiscuous mode
[ 1525.304801][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1525.367397][T17977] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1525.377388][T17977] CPU: 0 PID: 17977 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1525.385276][T17977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1525.395613][T17977] Call Trace:
[ 1525.398907][T17977]  dump_stack+0x1d8/0x2f8
[ 1525.403231][T17977]  dump_header+0xd8/0x970
[ 1525.407542][T17977]  oom_kill_process+0xcd/0x320
[ 1525.412284][T17977]  out_of_memory+0x5e1/0x8a0
[ 1525.416870][T17977]  ? unregister_oom_notifier+0x20/0x20
[ 1525.422310][T17977]  ? __kasan_check_read+0x11/0x20
[ 1525.427327][T17977]  try_charge+0x134a/0x17b0
[ 1525.431841][T17977]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1525.437634][T17977]  ? __lock_acquire+0x4750/0x4750
[ 1525.442639][T17977]  ? rcu_lock_release+0x15/0x20
[ 1525.447462][T17977]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1525.452982][T17977]  mem_cgroup_try_charge+0x216/0x560
[ 1525.458246][T17977]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1525.463857][T17977]  wp_page_copy+0x367/0x18c0
[ 1525.468517][T17977]  ? rcu_lock_release+0x30/0x30
[ 1525.473372][T17977]  ? __lock_acquire+0x4750/0x4750
[ 1525.478377][T17977]  ? __kasan_check_read+0x11/0x20
[ 1525.483392][T17977]  ? do_raw_spin_unlock+0x49/0x260
[ 1525.488485][T17977]  do_wp_page+0x2c9/0x1ce0
[ 1525.492902][T17977]  ? __rwlock_init+0x130/0x130
[ 1525.497649][T17977]  ? count_memcg_event_mm+0x300/0x300
[ 1525.503009][T17977]  handle_mm_fault+0x2bcf/0x6080
[ 1525.507962][T17977]  ? finish_fault+0x230/0x230
[ 1525.512640][T17977]  ? vmacache_find+0x251/0x5b0
[ 1525.517402][T17977]  do_user_addr_fault+0x589/0xaf0
[ 1525.522420][T17977]  __do_page_fault+0xd3/0x1f0
[ 1525.527078][T17977]  do_page_fault+0x99/0xb0
[ 1525.531477][T17977]  page_fault+0x39/0x40
[ 1525.535709][T17977] RIP: 0033:0x4034f2
[ 1525.539608][T17977] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1525.559215][T17977] RSP: 002b:00007fff8c846cd0 EFLAGS: 00010246
[ 1525.565259][T17977] RAX: 0000000000000000 RBX: 0000000000174458 RCX: 0000000000413430
[ 1525.573213][T17977] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff8c847e00
[ 1525.581168][T17977] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555cf4940
[ 1525.589140][T17977] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8c847e00
[ 1525.597112][T17977] R13: 00007fff8c847df0 R14: 0000000000000000 R15: 00007fff8c847e00
[ 1525.605558][T17977] memory: usage 2316kB, limit 0kB, failcnt 79
[ 1525.611674][T17977] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1525.618571][T17977] Memory cgroup stats for /syz3:
[ 1525.618660][T17977] anon 118784
[ 1525.618660][T17977] file 0
[ 1525.618660][T17977] kernel_stack 65536
[ 1525.618660][T17977] slab 2482176
[ 1525.618660][T17977] sock 0
[ 1525.618660][T17977] shmem 0
[ 1525.618660][T17977] file_mapped 0
[ 1525.618660][T17977] file_dirty 0
[ 1525.618660][T17977] file_writeback 0
[ 1525.618660][T17977] anon_thp 0
[ 1525.618660][T17977] inactive_anon 0
[ 1525.618660][T17977] active_anon 118784
[ 1525.618660][T17977] inactive_file 0
[ 1525.618660][T17977] active_file 0
[ 1525.618660][T17977] unevictable 0
[ 1525.618660][T17977] slab_reclaimable 1081344
[ 1525.618660][T17977] slab_unreclaimable 1400832
[ 1525.618660][T17977] pgfault 251460
[ 1525.618660][T17977] pgmajfault 0
[ 1525.618660][T17977] workingset_refault 0
[ 1525.618660][T17977] workingset_activate 0
[ 1525.618660][T17977] workingset_nodereclaim 0
[ 1525.618660][T17977] pgrefill 0
[ 1525.618660][T17977] pgscan 0
[ 1525.618660][T17977] pgsteal 0
[ 1525.618660][T17977] pgactivate 0
[ 1525.712015][T17977] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17977,uid=0
[ 1525.727634][T17977] Memory cgroup out of memory: Killed process 17977 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
[ 1525.742020][ T1056] oom_reaper: reaped process 17977 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
[ 1525.753815][  T788] device bridge_slave_0 left promiscuous mode
[ 1525.760107][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1525.800283][  T788] device bridge_slave_1 left promiscuous mode
[ 1525.806468][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1525.848504][  T788] device bridge_slave_0 left promiscuous mode
[ 1525.854669][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1525.902601][  T788] device bridge_slave_1 left promiscuous mode
[ 1525.908824][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1525.948941][  T788] device bridge_slave_0 left promiscuous mode
[ 1525.955134][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1533.149492][  T788] device hsr_slave_0 left promiscuous mode
[ 1533.187785][  T788] device hsr_slave_1 left promiscuous mode
[ 1533.247949][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1533.260435][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1533.271603][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1533.315916][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1533.389211][  T788] bond0 (unregistering): Released all slaves
[ 1533.528504][  T788] device hsr_slave_0 left promiscuous mode
[ 1533.568401][  T788] device hsr_slave_1 left promiscuous mode
[ 1533.617734][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1533.628628][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1533.640681][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1533.692343][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1533.771688][  T788] bond0 (unregistering): Released all slaves
[ 1533.888718][  T788] device hsr_slave_0 left promiscuous mode
[ 1533.927889][  T788] device hsr_slave_1 left promiscuous mode
[ 1533.977685][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1533.988618][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1533.999765][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1534.042708][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1534.109116][  T788] bond0 (unregistering): Released all slaves
[ 1534.238331][  T788] device hsr_slave_0 left promiscuous mode
[ 1534.313050][  T788] device hsr_slave_1 left promiscuous mode
[ 1534.365425][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1534.378880][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1534.390947][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1534.434206][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1534.504974][  T788] bond0 (unregistering): Released all slaves
[ 1534.598016][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1534.606311][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1534.615054][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1534.623974][T17834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1534.631120][T17834] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1534.638832][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1534.818460][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1534.827204][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1534.837289][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1534.845774][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1534.854608][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1534.884352][T17980] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1534.894855][T17980] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1534.920149][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1534.928252][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1534.936437][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1534.944830][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1534.953129][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1534.962629][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1534.979806][T17980] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1535.090617][T17995] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1535.101226][T17995] CPU: 0 PID: 17995 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1535.108868][T17995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1535.119120][T17995] Call Trace:
[ 1535.122487][T17995]  dump_stack+0x1d8/0x2f8
[ 1535.126871][T17995]  dump_header+0xd8/0x970
[ 1535.131207][T17995]  oom_kill_process+0xcd/0x320
[ 1535.135984][T17995]  out_of_memory+0x5e1/0x8a0
[ 1535.140568][T17995]  ? unregister_oom_notifier+0x20/0x20
[ 1535.146030][T17995]  memory_max_write+0x537/0x6a0
[ 1535.150885][T17995]  ? lock_acquire+0x1b2/0x250
[ 1535.155550][T17995]  ? memory_max_show+0xa0/0xa0
[ 1535.160312][T17995]  ? trace_lock_acquire+0x154/0x1b0
[ 1535.165589][T17995]  ? lock_acquire+0x158/0x250
[ 1535.170277][T17995]  ? kernfs_fop_write+0x22e/0x4f0
[ 1535.175286][T17995]  ? memory_max_show+0xa0/0xa0
[ 1535.180050][T17995]  cgroup_file_write+0x27b/0x6e0
[ 1535.184993][T17995]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1535.190182][T17995]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1535.195274][T17995]  kernfs_fop_write+0x3e4/0x4f0
[ 1535.200121][T17995]  ? kernfs_fop_read+0x580/0x580
[ 1535.205055][T17995]  __vfs_write+0xf9/0x7d0
[ 1535.209376][T17995]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1535.214656][T17995]  ? __kernel_write+0x350/0x350
[ 1535.219534][T17995]  ? trace_lock_acquire+0x154/0x1b0
[ 1535.224926][T17995]  ? __sb_start_write+0x39c/0x440
[ 1535.229961][T17995]  vfs_write+0x275/0x590
[ 1535.234193][T17995]  ksys_write+0x16b/0x2a0
[ 1535.238521][T17995]  ? __ia32_sys_read+0x90/0x90
[ 1535.243285][T17995]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1535.249001][T17995]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1535.254739][T17995]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1535.260767][T17995]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1535.266535][T17995]  ? do_syscall_64+0x1d/0x140
[ 1535.271558][T17995]  __x64_sys_write+0x7b/0x90
[ 1535.276173][T17995]  do_syscall_64+0xfe/0x140
[ 1535.280693][T17995]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1535.286579][T17995] RIP: 0033:0x459829
[ 1535.290456][T17995] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1535.310090][T17995] RSP: 002b:00007fb2b7657c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1535.318501][T17995] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1535.326476][T17995] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1535.334427][T17995] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1535.342386][T17995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb2b76586d4
[ 1535.350352][T17995] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1535.373663][T17995] memory: usage 4452kB, limit 0kB, failcnt 174
[ 1535.379952][T17995] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1535.386906][T17995] Memory cgroup stats for /syz4:
[ 1535.387625][T17995] anon 2203648
[ 1535.387625][T17995] file 299008
[ 1535.387625][T17995] kernel_stack 65536
[ 1535.387625][T17995] slab 2166784
[ 1535.387625][T17995] sock 0
[ 1535.387625][T17995] shmem 102400
[ 1535.387625][T17995] file_mapped 135168
[ 1535.387625][T17995] file_dirty 0
[ 1535.387625][T17995] file_writeback 0
[ 1535.387625][T17995] anon_thp 2097152
[ 1535.387625][T17995] inactive_anon 135168
[ 1535.387625][T17995] active_anon 2203648
[ 1535.387625][T17995] inactive_file 135168
[ 1535.387625][T17995] active_file 0
[ 1535.387625][T17995] unevictable 0
[ 1535.387625][T17995] slab_reclaimable 1081344
[ 1535.387625][T17995] slab_unreclaimable 1085440
[ 1535.387625][T17995] pgfault 354915
[ 1535.387625][T17995] pgmajfault 0
[ 1535.387625][T17995] workingset_refault 0
[ 1535.387625][T17995] workingset_activate 0
[ 1535.387625][T17995] workingset_nodereclaim 0
[ 1535.387625][T17995] pgrefill 0
[ 1535.387625][T17995] pgscan 0
[ 1535.387625][T17995] pgsteal 0
[ 1535.387625][T17995] pgactivate 0
[ 1535.488244][T17995] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17994,uid=0
[ 1535.488915][T17995] Memory cgroup out of memory: Killed process 17994 (syz-executor.4) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[ 1535.496153][ T1056] oom_reaper: reaped process 17994 (syz-executor.4), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
14:31:30 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:30 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00'})

14:31:30 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xd000000})

14:31:30 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x1100000000000000})

14:31:30 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:30 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1535.593237][T17980] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1535.603531][T17980] CPU: 0 PID: 17980 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1535.611177][T17980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1535.621262][T17980] Call Trace:
[ 1535.624606][T17980]  dump_stack+0x1d8/0x2f8
[ 1535.628949][T17980]  dump_header+0xd8/0x970
[ 1535.633281][T17980]  oom_kill_process+0xcd/0x320
[ 1535.638106][T17980]  out_of_memory+0x5e1/0x8a0
[ 1535.642718][T17980]  ? unregister_oom_notifier+0x20/0x20
[ 1535.648188][T17980]  ? __kasan_check_read+0x11/0x20
[ 1535.653242][T17980]  try_charge+0x134a/0x17b0
[ 1535.657791][T17980]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1535.663606][T17980]  ? __lock_acquire+0x4750/0x4750
[ 1535.668633][T17980]  ? rcu_lock_release+0x15/0x20
[ 1535.673518][T17980]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1535.679071][T17980]  mem_cgroup_try_charge+0x216/0x560
[ 1535.684377][T17980]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1535.690013][T17980]  wp_page_copy+0x367/0x18c0
[ 1535.694618][T17980]  ? rcu_lock_release+0x30/0x30
[ 1535.699468][T17980]  ? __lock_acquire+0x4750/0x4750
[ 1535.704502][T17980]  ? __kasan_check_read+0x11/0x20
[ 1535.709619][T17980]  ? do_raw_spin_unlock+0x49/0x260
[ 1535.714746][T17980]  do_wp_page+0x2c9/0x1ce0
[ 1535.719172][T17980]  ? __rwlock_init+0x130/0x130
[ 1535.723942][T17980]  ? count_memcg_event_mm+0x300/0x300
[ 1535.729348][T17980]  handle_mm_fault+0x2bcf/0x6080
[ 1535.734305][T17980]  ? finish_fault+0x230/0x230
[ 1535.738988][T17980]  ? vmacache_find+0x251/0x5b0
[ 1535.743757][T17980]  do_user_addr_fault+0x589/0xaf0
[ 1535.748799][T17980]  __do_page_fault+0xd3/0x1f0
[ 1535.753508][T17980]  do_page_fault+0x99/0xb0
[ 1535.758023][T17980]  page_fault+0x39/0x40
[ 1535.762202][T17980] RIP: 0033:0x430906
[ 1535.766697][T17980] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1535.786302][T17980] RSP: 002b:00007fffa8aa93d0 EFLAGS: 00010206
14:31:30 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xe000000})

[ 1535.792367][T17980] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1535.800341][T17980] RDX: 000055555740a930 RSI: 0000555557412970 RDI: 0000000000000003
[ 1535.808314][T17980] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557409940
[ 1535.816289][T17980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1535.816296][T17980] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1535.816384][T17980] memory: usage 2124kB, limit 0kB, failcnt 187
[ 1535.832395][T17980] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1535.832402][T17980] Memory cgroup stats for /syz4:
[ 1535.832490][T17980] anon 0
[ 1535.832490][T17980] file 299008
[ 1535.832490][T17980] kernel_stack 0
[ 1535.832490][T17980] slab 2166784
[ 1535.832490][T17980] sock 0
[ 1535.832490][T17980] shmem 102400
[ 1535.832490][T17980] file_mapped 135168
[ 1535.832490][T17980] file_dirty 0
[ 1535.832490][T17980] file_writeback 0
[ 1535.832490][T17980] anon_thp 0
[ 1535.832490][T17980] inactive_anon 135168
[ 1535.832490][T17980] active_anon 0
[ 1535.832490][T17980] inactive_file 135168
[ 1535.832490][T17980] active_file 0
[ 1535.832490][T17980] unevictable 0
[ 1535.832490][T17980] slab_reclaimable 1081344
[ 1535.832490][T17980] slab_unreclaimable 1085440
[ 1535.832490][T17980] pgfault 354915
[ 1535.832490][T17980] pgmajfault 0
[ 1535.832490][T17980] workingset_refault 0
[ 1535.832490][T17980] workingset_activate 0
[ 1535.832490][T17980] workingset_nodereclaim 0
[ 1535.832490][T17980] pgrefill 0
[ 1535.832490][T17980] pgscan 0
[ 1535.832490][T17980] pgsteal 0
[ 1535.832490][T17980] pgactivate 0
14:31:31 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'})

[ 1535.845475][T17980] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17980,uid=0
[ 1535.939953][T17980] Memory cgroup out of memory: Killed process 17980 (syz-executor.4) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB
[ 1535.971982][ T1056] oom_reaper: reaped process 17980 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:31:31 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'})

14:31:31 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x10000000})

14:31:31 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'})

14:31:31 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x11000000})

14:31:32 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:32 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x12000000})

14:31:32 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'})

14:31:32 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x1200000000000000})

[ 1537.961912][T18032] IPVS: ftp: loaded support on port[0] = 21
[ 1538.182190][T18032] chnl_net:caif_netlink_parms(): no params data found
[ 1538.264920][T18032] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1538.272168][T18032] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1538.280357][T18032] device bridge_slave_0 entered promiscuous mode
[ 1538.301022][T18037] IPVS: ftp: loaded support on port[0] = 21
[ 1538.340564][T18032] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1538.347713][T18032] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1538.355890][T18032] device bridge_slave_1 entered promiscuous mode
[ 1538.390091][T18032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1538.402094][T18032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1538.427337][T18032] team0: Port device team_slave_0 added
[ 1538.436997][T18032] team0: Port device team_slave_1 added
[ 1538.494241][T18037] chnl_net:caif_netlink_parms(): no params data found
[ 1538.550462][T18032] device hsr_slave_0 entered promiscuous mode
[ 1538.588157][T18032] device hsr_slave_1 entered promiscuous mode
[ 1538.627765][T18032] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1538.664277][T18037] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1538.671460][T18037] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1538.679643][T18037] device bridge_slave_0 entered promiscuous mode
[ 1538.695381][T18037] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1538.702583][T18037] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1538.710687][T18037] device bridge_slave_1 entered promiscuous mode
[ 1538.719452][T18032] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1538.726559][T18032] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1538.733958][T18032] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1538.741105][T18032] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1538.774540][T18037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1538.790794][T18037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1538.829214][T18032] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1538.837130][T18037] team0: Port device team_slave_0 added
[ 1538.856072][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1538.871443][T13658] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1538.884024][T13658] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1538.897154][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1538.915919][T18037] team0: Port device team_slave_1 added
[ 1538.924946][T18032] 8021q: adding VLAN 0 to HW filter on device team0
[ 1538.990555][T18037] device hsr_slave_0 entered promiscuous mode
[ 1539.028123][T18037] device hsr_slave_1 entered promiscuous mode
[ 1539.108770][T18037] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1539.132713][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1539.141185][T13660] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1539.148299][T13660] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1539.155956][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1539.164477][T13660] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1539.171596][T13660] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1539.188272][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1539.196975][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1539.205991][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1539.216988][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1539.225485][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1539.233912][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1539.249674][T18032] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1539.261037][T18032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1539.282517][T18032] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1539.290561][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1539.298552][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1539.306959][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1539.374454][T18037] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1539.396519][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1539.404623][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1539.430743][T18037] 8021q: adding VLAN 0 to HW filter on device team0
[ 1539.447851][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1539.456527][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1539.465180][T17834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1539.472315][T17834] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1539.532638][T18037] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1539.543142][T18037] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1539.561856][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1539.570025][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1539.579006][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1539.587941][T17834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1539.595034][T17834] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1539.602791][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1539.611763][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1539.620626][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1539.629404][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1539.636663][T18045] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1539.637877][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1539.647479][T18045] CPU: 1 PID: 18045 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1539.656244][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1539.662913][T18045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1539.662919][T18045] Call Trace:
[ 1539.662943][T18045]  dump_stack+0x1d8/0x2f8
[ 1539.662963][T18045]  dump_header+0xd8/0x970
[ 1539.671513][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1539.680818][T18045]  oom_kill_process+0xcd/0x320
[ 1539.680833][T18045]  out_of_memory+0x5e1/0x8a0
[ 1539.680848][T18045]  ? unregister_oom_notifier+0x20/0x20
[ 1539.684770][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1539.688471][T18045]  memory_max_write+0x537/0x6a0
[ 1539.688498][T18045]  ? memory_max_show+0xa0/0xa0
[ 1539.693571][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1539.700629][T18045]  ? memory_max_show+0xa0/0xa0
[ 1539.700643][T18045]  cgroup_file_write+0x27b/0x6e0
[ 1539.700659][T18045]  ? retint_kernel+0x10/0x10
[ 1539.705948][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1539.710018][T18045]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1539.710029][T18045]  ? kernfs_fop_write+0x328/0x4f0
[ 1539.710044][T18045]  ? lock_is_held_type+0x268/0x2b0
[ 1539.710059][T18045]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1539.735879][T18037] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1539.740636][T18045]  kernfs_fop_write+0x3e4/0x4f0
[ 1539.740650][T18045]  ? kernfs_fop_read+0x580/0x580
[ 1539.740669][T18045]  __vfs_write+0xf9/0x7d0
[ 1539.750364][T18045]  ? retint_kernel+0x10/0x10
[ 1539.750379][T18045]  ? __kernel_write+0x350/0x350
[ 1539.750391][T18045]  ? rcu_irq_exit+0xe3/0x260
[ 1539.750415][T18045]  ? __sb_start_write+0x39c/0x440
[ 1539.750428][T18045]  vfs_write+0x275/0x590
[ 1539.828712][T18045]  ksys_write+0x16b/0x2a0
[ 1539.833060][T18045]  ? __ia32_sys_read+0x90/0x90
[ 1539.837827][T18045]  ? retint_kernel+0x10/0x10
[ 1539.842418][T18045]  __x64_sys_write+0x7b/0x90
[ 1539.847004][T18045]  do_syscall_64+0xfe/0x140
[ 1539.851541][T18045]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1539.857433][T18045] RIP: 0033:0x459829
[ 1539.861591][T18045] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1539.881210][T18045] RSP: 002b:00007f284f5cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1539.889623][T18045] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1539.897595][T18045] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1539.905566][T18045] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1539.913543][T18045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f284f5ce6d4
[ 1539.921520][T18045] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1539.929657][T18045] memory: usage 4204kB, limit 0kB, failcnt 80
[ 1539.935814][T18045] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1539.942827][T18045] Memory cgroup stats for /syz3:
[ 1539.946864][T18045] anon 2215936
[ 1539.946864][T18045] file 0
[ 1539.946864][T18045] kernel_stack 131072
[ 1539.946864][T18045] slab 2076672
[ 1539.946864][T18045] sock 0
[ 1539.946864][T18045] shmem 0
[ 1539.946864][T18045] file_mapped 0
[ 1539.946864][T18045] file_dirty 0
[ 1539.946864][T18045] file_writeback 0
[ 1539.946864][T18045] anon_thp 2097152
[ 1539.946864][T18045] inactive_anon 0
[ 1539.946864][T18045] active_anon 2215936
[ 1539.946864][T18045] inactive_file 0
[ 1539.946864][T18045] active_file 0
[ 1539.946864][T18045] unevictable 0
[ 1539.946864][T18045] slab_reclaimable 946176
[ 1539.946864][T18045] slab_unreclaimable 1130496
[ 1539.946864][T18045] pgfault 251526
[ 1539.946864][T18045] pgmajfault 0
[ 1539.946864][T18045] workingset_refault 0
[ 1539.946864][T18045] workingset_activate 0
[ 1539.946864][T18045] workingset_nodereclaim 0
[ 1539.946864][T18045] pgrefill 0
[ 1539.946864][T18045] pgscan 0
[ 1539.946864][T18045] pgsteal 0
[ 1539.946864][T18045] pgactivate 0
[ 1539.951954][T18045] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18044,uid=0
[ 1540.056739][T18045] Memory cgroup out of memory: Killed process 18044 (syz-executor.3) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1540.083902][ T1056] oom_reaper: reaped process 18044 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1540.109173][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1540.117227][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1540.221853][T18052] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1540.232327][T18052] CPU: 1 PID: 18052 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1540.239970][T18052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1540.250034][T18052] Call Trace:
[ 1540.253346][T18052]  dump_stack+0x1d8/0x2f8
[ 1540.257694][T18052]  dump_header+0xd8/0x970
[ 1540.262031][T18052]  oom_kill_process+0xcd/0x320
[ 1540.266815][T18052]  out_of_memory+0x5e1/0x8a0
[ 1540.271419][T18052]  ? unregister_oom_notifier+0x20/0x20
[ 1540.276891][T18052]  memory_max_write+0x537/0x6a0
[ 1540.281749][T18052]  ? lock_acquire+0x158/0x250
[ 1540.286443][T18052]  ? memory_max_show+0xa0/0xa0
[ 1540.291237][T18052]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1540.296535][T18052]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1540.302012][T18052]  ? retint_kernel+0x10/0x10
[ 1540.306606][T18052]  ? memory_max_show+0xa0/0xa0
[ 1540.311380][T18052]  cgroup_file_write+0x27b/0x6e0
[ 1540.316337][T18052]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1540.321459][T18052]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1540.326590][T18052]  ? kernfs_fop_write+0x349/0x4f0
[ 1540.331621][T18052]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1540.336739][T18052]  kernfs_fop_write+0x3e4/0x4f0
[ 1540.341599][T18052]  ? kernfs_fop_read+0x580/0x580
[ 1540.346547][T18052]  __vfs_write+0xf9/0x7d0
[ 1540.350882][T18052]  ? retint_kernel+0x10/0x10
[ 1540.355492][T18052]  ? __kernel_write+0x350/0x350
[ 1540.360351][T18052]  ? rcu_irq_exit+0xe3/0x260
[ 1540.364961][T18052]  ? retint_kernel+0x10/0x10
[ 1540.369568][T18052]  ? __sb_start_write+0x286/0x440
[ 1540.374598][T18052]  ? __sb_start_write+0x38a/0x440
[ 1540.379656][T18052]  ? __sb_start_write+0x39c/0x440
[ 1540.384686][T18052]  vfs_write+0x275/0x590
[ 1540.388950][T18052]  ksys_write+0x16b/0x2a0
[ 1540.393285][T18052]  ? __ia32_sys_read+0x90/0x90
[ 1540.398052][T18052]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1540.403780][T18052]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1540.409510][T18052]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1540.415067][T18052]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1540.420789][T18052]  ? do_syscall_64+0x1d/0x140
[ 1540.425471][T18052]  __x64_sys_write+0x7b/0x90
[ 1540.430068][T18052]  do_syscall_64+0xfe/0x140
[ 1540.434582][T18052]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1540.440507][T18052] RIP: 0033:0x459829
[ 1540.444412][T18052] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1540.464121][T18052] RSP: 002b:00007f622f311c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1540.472515][T18052] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1540.480510][T18052] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1540.488516][T18052] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1540.496593][T18052] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f622f3126d4
[ 1540.504638][T18052] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1540.521360][T18052] memory: usage 3464kB, limit 0kB, failcnt 489349
[ 1540.527919][T18052] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1540.534814][T18052] Memory cgroup stats for /syz2:
[ 1540.535085][T18052] anon 2183168
[ 1540.535085][T18052] file 274432
[ 1540.535085][T18052] kernel_stack 0
[ 1540.535085][T18052] slab 831488
[ 1540.535085][T18052] sock 0
[ 1540.535085][T18052] shmem 172032
[ 1540.535085][T18052] file_mapped 135168
[ 1540.535085][T18052] file_dirty 135168
[ 1540.535085][T18052] file_writeback 0
[ 1540.535085][T18052] anon_thp 2097152
[ 1540.535085][T18052] inactive_anon 135168
[ 1540.535085][T18052] active_anon 2183168
[ 1540.535085][T18052] inactive_file 135168
[ 1540.535085][T18052] active_file 135168
[ 1540.535085][T18052] unevictable 0
[ 1540.535085][T18052] slab_reclaimable 270336
[ 1540.535085][T18052] slab_unreclaimable 561152
[ 1540.535085][T18052] pgfault 191697
[ 1540.535085][T18052] pgmajfault 0
[ 1540.535085][T18052] workingset_refault 0
[ 1540.535085][T18052] workingset_activate 0
[ 1540.535085][T18052] workingset_nodereclaim 0
[ 1540.535085][T18052] pgrefill 0
[ 1540.535085][T18052] pgscan 0
[ 1540.535085][T18052] pgsteal 0
[ 1540.628456][T18052] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18051,uid=0
[ 1540.644908][T18052] Memory cgroup out of memory: Killed process 18051 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1540.661727][ T1056] oom_reaper: reaped process 18051 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1540.694365][T18032] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1540.704382][T18032] CPU: 0 PID: 18032 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1540.712016][T18032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1540.722085][T18032] Call Trace:
[ 1540.725387][T18032]  dump_stack+0x1d8/0x2f8
[ 1540.729723][T18032]  dump_header+0xd8/0x970
[ 1540.734059][T18032]  oom_kill_process+0xcd/0x320
[ 1540.738823][T18032]  out_of_memory+0x5e1/0x8a0
[ 1540.743411][T18032]  ? unregister_oom_notifier+0x20/0x20
[ 1540.748878][T18032]  ? __kasan_check_read+0x11/0x20
[ 1540.753907][T18032]  try_charge+0x134a/0x17b0
[ 1540.758433][T18032]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1540.764249][T18032]  ? __lock_acquire+0x4750/0x4750
[ 1540.769288][T18032]  ? rcu_lock_release+0x15/0x20
[ 1540.774150][T18032]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1540.780671][T18032]  mem_cgroup_try_charge+0x216/0x560
[ 1540.785969][T18032]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1540.791624][T18032]  wp_page_copy+0x367/0x18c0
[ 1540.796227][T18032]  ? rcu_lock_release+0x30/0x30
[ 1540.801089][T18032]  ? __lock_acquire+0x4750/0x4750
[ 1540.806119][T18032]  ? __kasan_check_read+0x11/0x20
[ 1540.811145][T18032]  ? do_raw_spin_unlock+0x49/0x260
[ 1540.816265][T18032]  do_wp_page+0x2c9/0x1ce0
[ 1540.820709][T18032]  ? __rwlock_init+0x130/0x130
[ 1540.825479][T18032]  ? count_memcg_event_mm+0x300/0x300
[ 1540.830866][T18032]  handle_mm_fault+0x2bcf/0x6080
[ 1540.835818][T18032]  ? finish_fault+0x230/0x230
[ 1540.840507][T18032]  ? vmacache_find+0x251/0x5b0
[ 1540.845279][T18032]  do_user_addr_fault+0x589/0xaf0
[ 1540.850314][T18032]  __do_page_fault+0xd3/0x1f0
[ 1540.854998][T18032]  do_page_fault+0x99/0xb0
[ 1540.859422][T18032]  page_fault+0x39/0x40
[ 1540.863580][T18032] RIP: 0033:0x4034f2
[ 1540.867476][T18032] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1540.887088][T18032] RSP: 002b:00007ffcb6e93c10 EFLAGS: 00010246
[ 1540.893176][T18032] RAX: 0000000000000000 RBX: 0000000000177ded RCX: 0000000000413430
[ 1540.901147][T18032] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffcb6e94d40
[ 1540.909120][T18032] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555daa940
[ 1540.917110][T18032] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcb6e94d40
[ 1540.925087][T18032] R13: 00007ffcb6e94d30 R14: 0000000000000000 R15: 00007ffcb6e94d40
[ 1540.934114][T18032] memory: usage 1768kB, limit 0kB, failcnt 92
[ 1540.940225][T18032] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1540.947066][T18032] Memory cgroup stats for /syz3:
[ 1540.947160][T18032] anon 0
[ 1540.947160][T18032] file 0
[ 1540.947160][T18032] kernel_stack 0
[ 1540.947160][T18032] slab 1941504
[ 1540.947160][T18032] sock 0
[ 1540.947160][T18032] shmem 0
[ 1540.947160][T18032] file_mapped 0
[ 1540.947160][T18032] file_dirty 0
[ 1540.947160][T18032] file_writeback 0
[ 1540.947160][T18032] anon_thp 0
[ 1540.947160][T18032] inactive_anon 0
[ 1540.947160][T18032] active_anon 0
[ 1540.947160][T18032] inactive_file 0
[ 1540.947160][T18032] active_file 0
[ 1540.947160][T18032] unevictable 0
[ 1540.947160][T18032] slab_reclaimable 946176
[ 1540.947160][T18032] slab_unreclaimable 995328
[ 1540.947160][T18032] pgfault 251526
[ 1540.947160][T18032] pgmajfault 0
[ 1540.947160][T18032] workingset_refault 0
[ 1540.947160][T18032] workingset_activate 0
[ 1540.947160][T18032] workingset_nodereclaim 0
[ 1540.947160][T18032] pgrefill 0
[ 1540.947160][T18032] pgscan 0
[ 1540.947160][T18032] pgsteal 0
[ 1540.947160][T18032] pgactivate 0
[ 1540.947160][T18032] pgdeactivate 0
[ 1541.042477][T18032] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18032,uid=0
[ 1541.058071][T18032] Memory cgroup out of memory: Killed process 18032 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
[ 1541.073023][ T1056] oom_reaper: reaped process 18032 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
14:31:36 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:36 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00%\x00'})

14:31:36 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x25000000})

14:31:36 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:36 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x2500000000000000})

14:31:36 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1541.095596][T18037] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1541.105707][T18037] CPU: 0 PID: 18037 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1541.113351][T18037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1541.123415][T18037] Call Trace:
[ 1541.126818][T18037]  dump_stack+0x1d8/0x2f8
[ 1541.131171][T18037]  dump_header+0xd8/0x970
[ 1541.135535][T18037]  oom_kill_process+0xcd/0x320
[ 1541.140316][T18037]  out_of_memory+0x5e1/0x8a0
[ 1541.144919][T18037]  ? unregister_oom_notifier+0x20/0x20
[ 1541.150385][T18037]  ? __kasan_check_read+0x11/0x20
[ 1541.155424][T18037]  try_charge+0x134a/0x17b0
[ 1541.159952][T18037]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1541.165767][T18037]  ? __lock_acquire+0x4750/0x4750
[ 1541.170801][T18037]  ? rcu_lock_release+0x15/0x20
[ 1541.175652][T18037]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1541.181193][T18037]  mem_cgroup_try_charge+0x216/0x560
[ 1541.186483][T18037]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1541.192122][T18037]  handle_mm_fault+0x31f3/0x6080
[ 1541.197079][T18037]  ? finish_fault+0x230/0x230
[ 1541.201767][T18037]  ? vmacache_find+0x251/0x5b0
[ 1541.206537][T18037]  do_user_addr_fault+0x589/0xaf0
[ 1541.211570][T18037]  __do_page_fault+0xd3/0x1f0
[ 1541.216266][T18037]  do_page_fault+0x99/0xb0
[ 1541.220693][T18037]  page_fault+0x39/0x40
[ 1541.224869][T18037] RIP: 0033:0x42fd4f
[ 1541.228760][T18037] Code: 08 40 4e 00 ba 59 0a 00 00 be 28 31 4e 00 bf d0 38 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 <41> 56 48 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb
[ 1541.248372][T18037] RSP: 002b:00007fff8ac19000 EFLAGS: 00010217
[ 1541.254481][T18037] RAX: 0000000000008030 RBX: 0000000000715640 RCX: 0000000000458b94
[ 1541.262458][T18037] RDX: 00007fff8ac19030 RSI: 0000000000008030 RDI: 0000000000715640
[ 1541.270438][T18037] RBP: 0000000000008030 R08: 0000000000000001 R09: 0000555556439940
[ 1541.278422][T18037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8ac1a210
[ 1541.286409][T18037] R13: 00007fff8ac1a200 R14: 0000000000000000 R15: 00007fff8ac1a210
[ 1541.294978][T18037] memory: usage 1128kB, limit 0kB, failcnt 489358
[ 1541.301463][T18037] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1541.308360][T18037] Memory cgroup stats for /syz2:
[ 1541.308458][T18037] anon 4096
[ 1541.308458][T18037] file 274432
[ 1541.308458][T18037] kernel_stack 0
[ 1541.308458][T18037] slab 831488
[ 1541.308458][T18037] sock 0
[ 1541.308458][T18037] shmem 172032
[ 1541.308458][T18037] file_mapped 135168
[ 1541.308458][T18037] file_dirty 135168
[ 1541.308458][T18037] file_writeback 0
[ 1541.308458][T18037] anon_thp 0
[ 1541.308458][T18037] inactive_anon 135168
[ 1541.308458][T18037] active_anon 4096
[ 1541.308458][T18037] inactive_file 135168
[ 1541.308458][T18037] active_file 135168
[ 1541.308458][T18037] unevictable 0
[ 1541.308458][T18037] slab_reclaimable 270336
[ 1541.308458][T18037] slab_unreclaimable 561152
[ 1541.308458][T18037] pgfault 191697
[ 1541.308458][T18037] pgmajfault 0
[ 1541.308458][T18037] workingset_refault 0
[ 1541.308458][T18037] workingset_activate 0
[ 1541.308458][T18037] workingset_nodereclaim 0
[ 1541.308458][T18037] pgrefill 0
[ 1541.308458][T18037] pgscan 0
14:31:36 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\\x00'})

[ 1541.308458][T18037] pgsteal 0
[ 1541.308458][T18037] pgactivate 0
[ 1541.403802][T18037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18037,uid=0
[ 1541.419328][T18037] Memory cgroup out of memory: Killed process 18037 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1541.433618][ T1056] oom_reaper: reaped process 18037 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:31:36 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x40000000})

14:31:36 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x5c000000})

14:31:36 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'})

14:31:36 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x1000000000000})

14:31:37 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'})

14:31:37 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:37 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x20000000000000})

14:31:37 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'})

[ 1543.910576][T18092] IPVS: ftp: loaded support on port[0] = 21
[ 1543.973587][T18092] chnl_net:caif_netlink_parms(): no params data found
[ 1544.246018][T18092] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1544.253219][T18092] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1544.261267][T18092] device bridge_slave_0 entered promiscuous mode
[ 1544.269046][T18092] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1544.276075][T18092] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1544.284128][T18092] device bridge_slave_1 entered promiscuous mode
[ 1544.562352][T18092] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1544.574299][T18092] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1544.592149][T18092] team0: Port device team_slave_0 added
[ 1544.599385][T18092] team0: Port device team_slave_1 added
[ 1544.630411][T18092] device hsr_slave_0 entered promiscuous mode
[ 1544.668131][T18092] device hsr_slave_1 entered promiscuous mode
[ 1544.717762][T18092] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1545.014334][T18092] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1545.025003][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1545.033361][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1545.044340][T18092] 8021q: adding VLAN 0 to HW filter on device team0
[ 1545.318945][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1545.327523][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1545.336004][T17558] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1545.343153][T17558] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1545.351695][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1545.360418][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1545.368783][T17558] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1545.375815][T17558] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1545.383540][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1545.392561][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1545.412798][T18092] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1545.423316][T18092] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1545.438393][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1545.447180][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1545.456377][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1545.464735][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1545.473554][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1545.482055][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1545.490330][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1545.498767][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1545.506940][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1545.784353][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1545.792437][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1545.809385][T18092] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1546.267099][T18098] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1546.277433][T18098] CPU: 1 PID: 18098 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1546.285076][T18098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1546.295138][T18098] Call Trace:
[ 1546.298444][T18098]  dump_stack+0x1d8/0x2f8
[ 1546.302794][T18098]  dump_header+0xd8/0x970
[ 1546.307128][T18098]  oom_kill_process+0xcd/0x320
[ 1546.311908][T18098]  out_of_memory+0x5e1/0x8a0
[ 1546.316505][T18098]  ? unregister_oom_notifier+0x20/0x20
[ 1546.321974][T18098]  ? __kasan_check_read+0x11/0x20
[ 1546.327003][T18098]  try_charge+0x134a/0x17b0
[ 1546.331538][T18098]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1546.337357][T18098]  ? __lock_acquire+0x4750/0x4750
[ 1546.342389][T18098]  ? rcu_lock_release+0x15/0x20
[ 1546.347264][T18098]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1546.352809][T18098]  mem_cgroup_try_charge+0x216/0x560
[ 1546.358097][T18098]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1546.363913][T18098]  handle_mm_fault+0x31f3/0x6080
[ 1546.368867][T18098]  ? finish_fault+0x230/0x230
[ 1546.373558][T18098]  ? vmacache_find+0x566/0x5b0
[ 1546.378316][T18098]  ? vmacache_update+0xb7/0x120
[ 1546.383169][T18098]  do_user_addr_fault+0x589/0xaf0
[ 1546.388200][T18098]  __do_page_fault+0xd3/0x1f0
[ 1546.392871][T18098]  do_page_fault+0x99/0xb0
[ 1546.397306][T18098]  page_fault+0x39/0x40
[ 1546.401462][T18098] RIP: 0033:0x41116f
[ 1546.405379][T18098] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1546.424993][T18098] RSP: 002b:00007ffd048c3760 EFLAGS: 00010206
[ 1546.431065][T18098] RAX: 00007f5b9f45f000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1546.439044][T18098] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1546.447027][T18098] RBP: 00007ffd048c3840 R08: ffffffffffffffff R09: 0000000000000000
[ 1546.455005][T18098] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd048c3930
[ 1546.462981][T18098] R13: 00007f5b9f47f700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1546.471464][T18098] memory: usage 3720kB, limit 0kB, failcnt 196
[ 1546.477664][T18098] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1546.484512][T18098] Memory cgroup stats for /syz4:
[ 1546.484610][T18098] anon 2195456
[ 1546.484610][T18098] file 299008
[ 1546.484610][T18098] kernel_stack 65536
[ 1546.484610][T18098] slab 1355776
[ 1546.484610][T18098] sock 0
[ 1546.484610][T18098] shmem 102400
[ 1546.484610][T18098] file_mapped 135168
[ 1546.484610][T18098] file_dirty 0
[ 1546.484610][T18098] file_writeback 0
[ 1546.484610][T18098] anon_thp 2097152
[ 1546.484610][T18098] inactive_anon 135168
[ 1546.484610][T18098] active_anon 2195456
[ 1546.484610][T18098] inactive_file 135168
[ 1546.484610][T18098] active_file 0
[ 1546.484610][T18098] unevictable 0
[ 1546.484610][T18098] slab_reclaimable 540672
[ 1546.484610][T18098] slab_unreclaimable 815104
[ 1546.484610][T18098] pgfault 354981
[ 1546.484610][T18098] pgmajfault 0
[ 1546.484610][T18098] workingset_refault 0
[ 1546.484610][T18098] workingset_activate 0
[ 1546.484610][T18098] workingset_nodereclaim 0
[ 1546.484610][T18098] pgrefill 0
[ 1546.484610][T18098] pgscan 0
[ 1546.484610][T18098] pgsteal 0
[ 1546.484610][T18098] pgactivate 0
[ 1546.581789][T18098] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18098,uid=0
[ 1546.597327][T18098] Memory cgroup out of memory: Killed process 18098 (syz-executor.4) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
14:31:41 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:41 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x3f00000000000000})

14:31:41 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:31:41 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00'})

14:31:41 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x100000000000000})

14:31:41 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1546.613402][ T1056] oom_reaper: reaped process 18098 (syz-executor.4), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
[ 1546.716659][T18092] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1546.726813][T18092] CPU: 0 PID: 18092 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1546.734455][T18092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1546.744519][T18092] Call Trace:
[ 1546.747823][T18092]  dump_stack+0x1d8/0x2f8
[ 1546.752159][T18092]  dump_header+0xd8/0x970
[ 1546.756496][T18092]  oom_kill_process+0xcd/0x320
[ 1546.761254][T18092]  out_of_memory+0x5e1/0x8a0
14:31:41 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x200000000000000})

[ 1546.761266][T18092]  ? unregister_oom_notifier+0x20/0x20
[ 1546.761278][T18092]  ? __kasan_check_read+0x11/0x20
[ 1546.761295][T18092]  try_charge+0x134a/0x17b0
[ 1546.761324][T18092]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1546.761341][T18092]  ? __lock_acquire+0x4750/0x4750
[ 1546.761356][T18092]  ? rcu_lock_release+0x15/0x20
[ 1546.761365][T18092]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1546.761378][T18092]  mem_cgroup_try_charge+0x216/0x560
[ 1546.761392][T18092]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1546.761405][T18092]  wp_page_copy+0x367/0x18c0
[ 1546.761426][T18092]  ? rcu_lock_release+0x30/0x30
[ 1546.761437][T18092]  ? __lock_acquire+0x4750/0x4750
[ 1546.761448][T18092]  ? __kasan_check_read+0x11/0x20
[ 1546.761457][T18092]  ? do_raw_spin_unlock+0x49/0x260
[ 1546.761469][T18092]  do_wp_page+0x2c9/0x1ce0
[ 1546.761484][T18092]  ? __rwlock_init+0x130/0x130
[ 1546.761493][T18092]  ? count_memcg_event_mm+0x300/0x300
[ 1546.761507][T18092]  handle_mm_fault+0x2bcf/0x6080
[ 1546.761526][T18092]  ? finish_fault+0x230/0x230
[ 1546.761545][T18092]  ? vmacache_find+0x566/0x5b0
[ 1546.761554][T18092]  ? vmacache_update+0xb7/0x120
[ 1546.761571][T18092]  do_user_addr_fault+0x589/0xaf0
[ 1546.761589][T18092]  __do_page_fault+0xd3/0x1f0
[ 1546.761601][T18092]  do_page_fault+0x99/0xb0
[ 1546.761613][T18092]  page_fault+0x39/0x40
[ 1546.761623][T18092] RIP: 0033:0x430906
[ 1546.761638][T18092] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1546.913208][T18092] RSP: 002b:00007ffd048c2770 EFLAGS: 00010206
[ 1546.919278][T18092] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1546.927249][T18092] RDX: 00005555556cd930 RSI: 00005555556d5970 RDI: 0000000000000003
[ 1546.935313][T18092] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555556cc940
[ 1546.943293][T18092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1546.951273][T18092] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1546.960883][T18092] memory: usage 1380kB, limit 0kB, failcnt 205
[ 1546.967067][T18092] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1546.974045][T18092] Memory cgroup stats for /syz4:
[ 1546.974134][T18092] anon 98304
[ 1546.974134][T18092] file 299008
[ 1546.974134][T18092] kernel_stack 65536
[ 1546.974134][T18092] slab 1355776
[ 1546.974134][T18092] sock 0
[ 1546.974134][T18092] shmem 102400
[ 1546.974134][T18092] file_mapped 135168
[ 1546.974134][T18092] file_dirty 0
[ 1546.974134][T18092] file_writeback 0
[ 1546.974134][T18092] anon_thp 0
[ 1546.974134][T18092] inactive_anon 135168
[ 1546.974134][T18092] active_anon 98304
[ 1546.974134][T18092] inactive_file 135168
[ 1546.974134][T18092] active_file 0
[ 1546.974134][T18092] unevictable 0
[ 1546.974134][T18092] slab_reclaimable 540672
[ 1546.974134][T18092] slab_unreclaimable 815104
[ 1546.974134][T18092] pgfault 355014
[ 1546.974134][T18092] pgmajfault 0
[ 1546.974134][T18092] workingset_refault 0
[ 1546.974134][T18092] workingset_activate 0
[ 1546.974134][T18092] workingset_nodereclaim 0
[ 1546.974134][T18092] pgrefill 0
[ 1546.974134][T18092] pgscan 0
[ 1546.974134][T18092] pgsteal 0
[ 1546.974134][T18092] pgactivate 0
[ 1547.069338][T18092] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18092,uid=0
[ 1547.084824][T18092] Memory cgroup out of memory: Killed process 18092 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
14:31:42 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'})

[ 1547.120336][ T1056] oom_reaper: reaped process 18092 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:31:42 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x300000000000000})

14:31:42 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'})

14:31:42 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'})

14:31:42 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00'})

[ 1548.463070][  T788] device bridge_slave_1 left promiscuous mode
[ 1548.469502][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1548.588892][  T788] device bridge_slave_0 left promiscuous mode
[ 1548.595238][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1548.649875][  T788] device bridge_slave_1 left promiscuous mode
[ 1548.656599][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1548.709387][  T788] device bridge_slave_0 left promiscuous mode
[ 1548.715563][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1548.762970][  T788] device bridge_slave_1 left promiscuous mode
[ 1548.769316][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1548.808563][  T788] device bridge_slave_0 left promiscuous mode
[ 1548.814747][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1548.859788][  T788] device bridge_slave_1 left promiscuous mode
[ 1548.865963][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1548.908546][  T788] device bridge_slave_0 left promiscuous mode
[ 1548.914700][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1556.048446][  T788] device hsr_slave_0 left promiscuous mode
[ 1556.097822][  T788] device hsr_slave_1 left promiscuous mode
[ 1556.184628][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1556.197380][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1556.209807][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1556.271401][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1556.349123][  T788] bond0 (unregistering): Released all slaves
[ 1556.528239][  T788] device hsr_slave_0 left promiscuous mode
[ 1556.607823][  T788] device hsr_slave_1 left promiscuous mode
[ 1556.664454][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1556.678565][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1556.690388][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1556.741470][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1556.820867][  T788] bond0 (unregistering): Released all slaves
[ 1556.988781][  T788] device hsr_slave_0 left promiscuous mode
[ 1557.028326][  T788] device hsr_slave_1 left promiscuous mode
[ 1557.085644][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1557.096967][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1557.109908][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1557.173628][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1557.267483][  T788] bond0 (unregistering): Released all slaves
[ 1557.418163][  T788] device hsr_slave_0 left promiscuous mode
[ 1557.477898][  T788] device hsr_slave_1 left promiscuous mode
[ 1557.525275][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1557.538002][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1557.549262][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1557.574692][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1557.642552][  T788] bond0 (unregistering): Released all slaves
14:31:52 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:52 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00'})

[ 1557.732133][T18132] IPVS: ftp: loaded support on port[0] = 21
[ 1557.732772][T18130] IPVS: ftp: loaded support on port[0] = 21
[ 1557.880930][T18130] chnl_net:caif_netlink_parms(): no params data found
[ 1557.956666][T18132] chnl_net:caif_netlink_parms(): no params data found
[ 1557.995530][T18130] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1558.002741][T18130] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1558.010738][T18130] device bridge_slave_0 entered promiscuous mode
[ 1558.018639][T18130] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1558.025697][T18130] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1558.033815][T18130] device bridge_slave_1 entered promiscuous mode
[ 1558.059689][T18130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1558.074678][T18132] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1558.081905][T18132] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1558.089695][T18132] device bridge_slave_0 entered promiscuous mode
[ 1558.098248][T18130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1558.107987][T18132] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1558.115049][T18132] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1558.122810][T18132] device bridge_slave_1 entered promiscuous mode
[ 1558.152611][T18132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1558.163660][T18132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1558.179446][T18130] team0: Port device team_slave_0 added
[ 1558.268719][T18132] team0: Port device team_slave_0 added
[ 1558.275870][T18130] team0: Port device team_slave_1 added
[ 1558.284601][T18132] team0: Port device team_slave_1 added
[ 1558.450619][T18130] device hsr_slave_0 entered promiscuous mode
[ 1558.538096][T18130] device hsr_slave_1 entered promiscuous mode
[ 1558.587754][T18130] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1558.630482][T18132] device hsr_slave_0 entered promiscuous mode
[ 1558.668029][T18132] device hsr_slave_1 entered promiscuous mode
[ 1558.707718][T18132] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1558.726848][T18130] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1558.733992][T18130] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1558.741419][T18130] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1558.748530][T18130] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1558.758189][T10635] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1558.778487][T10635] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1558.866934][T18130] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1558.883304][T18132] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1558.895897][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1558.904025][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1558.915392][T18130] 8021q: adding VLAN 0 to HW filter on device team0
[ 1558.935797][T18132] 8021q: adding VLAN 0 to HW filter on device team0
[ 1558.943313][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1558.951399][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1558.970296][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1558.979386][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1558.987843][T17581] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1558.994904][T17581] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1559.002587][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1559.011330][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1559.019760][T17581] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1559.026822][T17581] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1559.034557][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1559.043395][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1559.052113][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1559.060586][T17581] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1559.067674][T17581] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1559.075331][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1559.089671][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1559.107745][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1559.116415][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1559.124971][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1559.133723][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1559.143796][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1559.152342][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1559.160783][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1559.169332][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1559.190521][T18130] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1559.203810][T18132] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1559.214213][T18132] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1559.226515][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1559.234810][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1559.243575][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1559.252004][T10635] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1559.259111][T10635] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1559.266782][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1559.275605][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1559.284378][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1559.293123][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1559.301663][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1559.310424][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1559.319002][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1559.327390][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1559.335919][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1559.344392][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1559.355475][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1559.363922][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1559.386625][T18130] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1559.414294][T18132] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1559.617165][T18147] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1559.627664][T18147] CPU: 0 PID: 18147 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1559.635475][T18147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1559.645534][T18147] Call Trace:
[ 1559.648880][T18147]  dump_stack+0x1d8/0x2f8
[ 1559.653218][T18147]  dump_header+0xd8/0x970
[ 1559.658029][T18147]  oom_kill_process+0xcd/0x320
[ 1559.662814][T18147]  out_of_memory+0x5e1/0x8a0
[ 1559.667408][T18147]  ? unregister_oom_notifier+0x20/0x20
[ 1559.672888][T18147]  memory_max_write+0x537/0x6a0
[ 1559.677756][T18147]  ? memory_max_show+0xa0/0xa0
[ 1559.682531][T18147]  ? lock_acquire+0x1b2/0x250
[ 1559.687222][T18147]  ? memory_max_show+0xa0/0xa0
[ 1559.691995][T18147]  cgroup_file_write+0x27b/0x6e0
[ 1559.696946][T18147]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1559.702094][T18147]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1559.707210][T18147]  kernfs_fop_write+0x3e4/0x4f0
[ 1559.712065][T18147]  ? kernfs_fop_read+0x580/0x580
[ 1559.717007][T18147]  __vfs_write+0xf9/0x7d0
[ 1559.721354][T18147]  ? __kernel_write+0x350/0x350
[ 1559.726203][T18147]  ? trace_lock_acquire+0x154/0x1b0
[ 1559.731410][T18147]  ? __sb_start_write+0x39c/0x440
[ 1559.736433][T18147]  vfs_write+0x275/0x590
[ 1559.740707][T18147]  ksys_write+0x16b/0x2a0
[ 1559.745071][T18147]  ? __ia32_sys_read+0x90/0x90
[ 1559.749856][T18147]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1559.755594][T18147]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1559.761056][T18147]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1559.767388][T18147]  ? do_syscall_64+0x1d/0x140
[ 1559.772091][T18147]  __x64_sys_write+0x7b/0x90
[ 1559.776706][T18147]  do_syscall_64+0xfe/0x140
[ 1559.781217][T18147]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1559.787113][T18147] RIP: 0033:0x459829
[ 1559.791010][T18147] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1559.810718][T18147] RSP: 002b:00007f276552ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1559.819149][T18147] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1559.827128][T18147] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1559.835102][T18147] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1559.843081][T18147] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f276552f6d4
[ 1559.851068][T18147] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1559.859168][T18147] memory: usage 3552kB, limit 0kB, failcnt 101
[ 1559.865401][T18147] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1559.872407][T18147] Memory cgroup stats for /syz3:
[ 1559.874684][T18147] anon 2125824
[ 1559.874684][T18147] file 0
[ 1559.874684][T18147] kernel_stack 65536
[ 1559.874684][T18147] slab 1261568
[ 1559.874684][T18147] sock 0
[ 1559.874684][T18147] shmem 0
[ 1559.874684][T18147] file_mapped 0
[ 1559.874684][T18147] file_dirty 0
[ 1559.874684][T18147] file_writeback 0
[ 1559.874684][T18147] anon_thp 2097152
[ 1559.874684][T18147] inactive_anon 0
[ 1559.874684][T18147] active_anon 2125824
[ 1559.874684][T18147] inactive_file 0
[ 1559.874684][T18147] active_file 0
[ 1559.874684][T18147] unevictable 0
[ 1559.874684][T18147] slab_reclaimable 405504
[ 1559.874684][T18147] slab_unreclaimable 856064
[ 1559.874684][T18147] pgfault 251592
[ 1559.874684][T18147] pgmajfault 0
[ 1559.874684][T18147] workingset_refault 0
[ 1559.874684][T18147] workingset_activate 0
[ 1559.874684][T18147] workingset_nodereclaim 0
[ 1559.874684][T18147] pgrefill 0
[ 1559.874684][T18147] pgscan 0
[ 1559.874684][T18147] pgsteal 0
[ 1559.874684][T18147] pgactivate 0
[ 1559.968973][T18147] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18146,uid=0
[ 1559.984919][T18147] Memory cgroup out of memory: Killed process 18146 (syz-executor.3) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[ 1560.000921][ T1056] oom_reaper: reaped process 18146 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1560.005420][T18150] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1560.022346][T18150] CPU: 0 PID: 18150 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1560.029963][T18150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1560.040030][T18150] Call Trace:
[ 1560.043332][T18150]  dump_stack+0x1d8/0x2f8
[ 1560.047644][T18150]  dump_header+0xd8/0x970
[ 1560.051962][T18150]  oom_kill_process+0xcd/0x320
[ 1560.056708][T18150]  out_of_memory+0x5e1/0x8a0
[ 1560.061276][T18150]  ? unregister_oom_notifier+0x20/0x20
[ 1560.066715][T18150]  ? __kasan_check_read+0x11/0x20
[ 1560.071724][T18150]  try_charge+0x134a/0x17b0
[ 1560.076216][T18150]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1560.082021][T18150]  ? __lock_acquire+0x4750/0x4750
[ 1560.087081][T18150]  ? rcu_lock_release+0x15/0x20
[ 1560.091952][T18150]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1560.097476][T18150]  mem_cgroup_try_charge+0x216/0x560
[ 1560.102762][T18150]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1560.108392][T18150]  handle_mm_fault+0x31f3/0x6080
[ 1560.113339][T18150]  ? finish_fault+0x230/0x230
[ 1560.117998][T18150]  ? vmacache_find+0x566/0x5b0
[ 1560.122739][T18150]  ? vmacache_update+0xb7/0x120
[ 1560.127590][T18150]  do_user_addr_fault+0x589/0xaf0
[ 1560.132608][T18150]  __do_page_fault+0xd3/0x1f0
[ 1560.137265][T18150]  do_page_fault+0x99/0xb0
[ 1560.141689][T18150]  page_fault+0x39/0x40
[ 1560.145825][T18150] RIP: 0033:0x41116f
[ 1560.149698][T18150] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1560.169489][T18150] RSP: 002b:00007fffbe2d6810 EFLAGS: 00010206
[ 1560.175591][T18150] RAX: 00007f93f1847000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1560.183567][T18150] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1560.191541][T18150] RBP: 00007fffbe2d68f0 R08: ffffffffffffffff R09: 0000000000000000
[ 1560.199512][T18150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbe2d69e0
[ 1560.207483][T18150] R13: 00007f93f1867700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1560.216302][T18150] memory: usage 3392kB, limit 0kB, failcnt 489367
[ 1560.222778][T18150] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1560.229662][T18150] Memory cgroup stats for /syz2:
[ 1560.229767][T18150] anon 2183168
[ 1560.229767][T18150] file 274432
[ 1560.229767][T18150] kernel_stack 65536
[ 1560.229767][T18150] slab 831488
[ 1560.229767][T18150] sock 0
[ 1560.229767][T18150] shmem 172032
[ 1560.229767][T18150] file_mapped 135168
[ 1560.229767][T18150] file_dirty 135168
[ 1560.229767][T18150] file_writeback 0
[ 1560.229767][T18150] anon_thp 2097152
[ 1560.229767][T18150] inactive_anon 135168
[ 1560.229767][T18150] active_anon 2183168
[ 1560.229767][T18150] inactive_file 135168
[ 1560.229767][T18150] active_file 135168
[ 1560.229767][T18150] unevictable 0
[ 1560.229767][T18150] slab_reclaimable 270336
[ 1560.229767][T18150] slab_unreclaimable 561152
[ 1560.229767][T18150] pgfault 191763
[ 1560.229767][T18150] pgmajfault 0
[ 1560.229767][T18150] workingset_refault 0
[ 1560.229767][T18150] workingset_activate 0
[ 1560.229767][T18150] workingset_nodereclaim 0
[ 1560.229767][T18150] pgrefill 0
[ 1560.229767][T18150] pgscan 0
[ 1560.229767][T18150] pgsteal 0
[ 1560.324133][T18150] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18150,uid=0
[ 1560.339765][T18150] Memory cgroup out of memory: Killed process 18150 (syz-executor.2) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1560.360198][ T1056] oom_reaper: reaped process 18150 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
[ 1560.481681][T18132] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1560.492301][T18132] CPU: 0 PID: 18132 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1560.499947][T18132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1560.510018][T18132] Call Trace:
[ 1560.513335][T18132]  dump_stack+0x1d8/0x2f8
[ 1560.517674][T18132]  dump_header+0xd8/0x970
[ 1560.522011][T18132]  oom_kill_process+0xcd/0x320
[ 1560.526787][T18132]  out_of_memory+0x5e1/0x8a0
[ 1560.531382][T18132]  ? unregister_oom_notifier+0x20/0x20
[ 1560.536846][T18132]  ? __kasan_check_read+0x11/0x20
[ 1560.541879][T18132]  try_charge+0x134a/0x17b0
[ 1560.546383][T18132]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1560.552200][T18132]  ? __lock_acquire+0x4750/0x4750
[ 1560.557237][T18132]  ? rcu_lock_release+0x15/0x20
[ 1560.562082][T18132]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1560.567622][T18132]  mem_cgroup_try_charge+0x216/0x560
[ 1560.572983][T18132]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1560.578609][T18132]  wp_page_copy+0x367/0x18c0
[ 1560.583185][T18132]  ? rcu_lock_release+0x30/0x30
[ 1560.588021][T18132]  ? __lock_acquire+0x4750/0x4750
[ 1560.593034][T18132]  ? __kasan_check_read+0x11/0x20
[ 1560.598049][T18132]  ? do_raw_spin_unlock+0x49/0x260
[ 1560.603146][T18132]  do_wp_page+0x2c9/0x1ce0
[ 1560.607546][T18132]  ? __rwlock_init+0x130/0x130
[ 1560.612300][T18132]  ? count_memcg_event_mm+0x300/0x300
[ 1560.617760][T18132]  handle_mm_fault+0x2bcf/0x6080
[ 1560.622683][T18132]  ? finish_fault+0x230/0x230
[ 1560.627376][T18132]  ? vmacache_find+0x51b/0x5b0
[ 1560.632131][T18132]  ? vmacache_update+0xb7/0x120
[ 1560.636962][T18132]  do_user_addr_fault+0x589/0xaf0
[ 1560.641972][T18132]  __do_page_fault+0xd3/0x1f0
[ 1560.646632][T18132]  do_page_fault+0x99/0xb0
[ 1560.651033][T18132]  page_fault+0x39/0x40
[ 1560.655181][T18132] RIP: 0033:0x430906
[ 1560.659068][T18132] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1560.678747][T18132] RSP: 002b:00007fffbe2d5820 EFLAGS: 00010206
[ 1560.684799][T18132] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1560.692768][T18132] RDX: 0000555555b46930 RSI: 0000555555b4e970 RDI: 0000000000000003
[ 1560.700738][T18132] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555b45940
[ 1560.708813][T18132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1560.716773][T18132] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1560.724816][T18132] memory: usage 1064kB, limit 0kB, failcnt 489380
[ 1560.731285][T18132] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1560.738174][T18132] Memory cgroup stats for /syz2:
[ 1560.738258][T18132] anon 81920
[ 1560.738258][T18132] file 274432
[ 1560.738258][T18132] kernel_stack 0
[ 1560.738258][T18132] slab 831488
[ 1560.738258][T18132] sock 0
[ 1560.738258][T18132] shmem 172032
[ 1560.738258][T18132] file_mapped 135168
[ 1560.738258][T18132] file_dirty 135168
[ 1560.738258][T18132] file_writeback 0
[ 1560.738258][T18132] anon_thp 0
[ 1560.738258][T18132] inactive_anon 135168
[ 1560.738258][T18132] active_anon 81920
[ 1560.738258][T18132] inactive_file 135168
[ 1560.738258][T18132] active_file 135168
[ 1560.738258][T18132] unevictable 0
[ 1560.738258][T18132] slab_reclaimable 270336
[ 1560.738258][T18132] slab_unreclaimable 561152
[ 1560.738258][T18132] pgfault 191763
[ 1560.738258][T18132] pgmajfault 0
[ 1560.738258][T18132] workingset_refault 0
[ 1560.738258][T18132] workingset_activate 0
[ 1560.738258][T18132] workingset_nodereclaim 0
[ 1560.738258][T18132] pgrefill 0
[ 1560.738258][T18132] pgscan 0
[ 1560.738258][T18132] pgsteal 0
[ 1560.738258][T18132] pgactivate 0
[ 1560.833762][T18132] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18132,uid=0
[ 1560.849237][T18132] Memory cgroup out of memory: Killed process 18132 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
[ 1560.863550][ T1056] oom_reaper: reaped process 18132 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
[ 1560.880290][T18130] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1560.890515][T18130] CPU: 0 PID: 18130 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1560.898153][T18130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1560.908394][T18130] Call Trace:
[ 1560.911778][T18130]  dump_stack+0x1d8/0x2f8
[ 1560.916108][T18130]  dump_header+0xd8/0x970
[ 1560.920442][T18130]  oom_kill_process+0xcd/0x320
[ 1560.925208][T18130]  out_of_memory+0x5e1/0x8a0
[ 1560.929802][T18130]  ? unregister_oom_notifier+0x20/0x20
[ 1560.935265][T18130]  ? __kasan_check_read+0x11/0x20
[ 1560.940322][T18130]  try_charge+0x134a/0x17b0
[ 1560.944845][T18130]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1560.950662][T18130]  ? __lock_acquire+0x4750/0x4750
[ 1560.955695][T18130]  ? rcu_lock_release+0x15/0x20
[ 1560.960548][T18130]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1560.966095][T18130]  mem_cgroup_try_charge+0x216/0x560
[ 1560.971394][T18130]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1560.977037][T18130]  wp_page_copy+0x367/0x18c0
[ 1560.981655][T18130]  ? rcu_lock_release+0x30/0x30
[ 1560.986515][T18130]  ? __lock_acquire+0x4750/0x4750
[ 1560.991544][T18130]  ? __kasan_check_read+0x11/0x20
[ 1560.996573][T18130]  ? do_raw_spin_unlock+0x49/0x260
[ 1561.001693][T18130]  do_wp_page+0x2c9/0x1ce0
[ 1561.006123][T18130]  ? __rwlock_init+0x130/0x130
[ 1561.011066][T18130]  ? count_memcg_event_mm+0x300/0x300
[ 1561.016446][T18130]  handle_mm_fault+0x2bcf/0x6080
[ 1561.021399][T18130]  ? finish_fault+0x230/0x230
[ 1561.026091][T18130]  ? vmacache_find+0x51b/0x5b0
[ 1561.030859][T18130]  ? vmacache_update+0xb7/0x120
[ 1561.035718][T18130]  do_user_addr_fault+0x589/0xaf0
[ 1561.040754][T18130]  __do_page_fault+0xd3/0x1f0
[ 1561.045430][T18130]  do_page_fault+0x99/0xb0
[ 1561.049856][T18130]  page_fault+0x39/0x40
[ 1561.054024][T18130] RIP: 0033:0x430906
[ 1561.057916][T18130] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1561.077522][T18130] RSP: 002b:00007ffcc8d994a0 EFLAGS: 00010206
[ 1561.083592][T18130] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1561.091571][T18130] RDX: 0000555556344930 RSI: 000055555634c970 RDI: 0000000000000003
[ 1561.099565][T18130] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556343940
[ 1561.107542][T18130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1561.115524][T18130] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1561.123627][T18130] memory: usage 1220kB, limit 0kB, failcnt 110
14:31:55 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:31:55 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x400000000000000})

14:31:55 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x4000000000000000})

14:31:55 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:31:56 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'})

14:31:56 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1561.129829][T18130] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1561.136669][T18130] Memory cgroup stats for /syz3:
[ 1561.136747][T18130] anon 0
[ 1561.136747][T18130] file 0
[ 1561.136747][T18130] kernel_stack 0
[ 1561.136747][T18130] slab 1261568
[ 1561.136747][T18130] sock 0
[ 1561.136747][T18130] shmem 0
[ 1561.136747][T18130] file_mapped 0
[ 1561.136747][T18130] file_dirty 0
[ 1561.136747][T18130] file_writeback 0
[ 1561.136747][T18130] anon_thp 0
[ 1561.136747][T18130] inactive_anon 0
[ 1561.136747][T18130] active_anon 0
[ 1561.136747][T18130] inactive_file 0
[ 1561.136747][T18130] active_file 0
[ 1561.136747][T18130] unevictable 0
[ 1561.136747][T18130] slab_reclaimable 405504
[ 1561.136747][T18130] slab_unreclaimable 856064
[ 1561.136747][T18130] pgfault 251592
[ 1561.136747][T18130] pgmajfault 0
[ 1561.136747][T18130] workingset_refault 0
[ 1561.136747][T18130] workingset_activate 0
[ 1561.136747][T18130] workingset_nodereclaim 0
[ 1561.136747][T18130] pgrefill 0
[ 1561.136747][T18130] pgscan 0
[ 1561.136747][T18130] pgsteal 0
[ 1561.136747][T18130] pgactivate 0
[ 1561.136747][T18130] pgdeactivate 0
[ 1561.232078][T18130] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18130,uid=0
[ 1561.247633][T18130] Memory cgroup out of memory: Killed process 18130 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB
[ 1561.261986][ T1056] oom_reaper: reaped process 18130 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:31:56 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'})

14:31:56 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x500000000000000})

14:31:56 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x600000000000000})

14:31:56 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'})

14:31:56 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00%\x00'})

14:31:56 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x700000000000000})

14:31:57 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:31:57 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x800000000000000})

14:31:57 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'})

[ 1563.224705][T18189] IPVS: ftp: loaded support on port[0] = 21
[ 1563.285327][T18189] chnl_net:caif_netlink_parms(): no params data found
[ 1563.309443][T18189] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1563.316539][T18189] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1563.324613][T18189] device bridge_slave_0 entered promiscuous mode
[ 1563.332793][T18189] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1563.339964][T18189] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1563.347801][T18189] device bridge_slave_1 entered promiscuous mode
[ 1563.364224][T18189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1563.374959][T18189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1563.393954][T18189] team0: Port device team_slave_0 added
[ 1563.401171][T18189] team0: Port device team_slave_1 added
[ 1563.450599][T18189] device hsr_slave_0 entered promiscuous mode
[ 1563.489114][T18189] device hsr_slave_1 entered promiscuous mode
[ 1563.527806][T18189] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1563.916986][T18189] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1563.924140][T18189] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1563.931555][T18189] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1563.939086][T18189] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1564.165866][T18189] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1564.179491][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1564.190409][T17356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1564.199392][T17356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1564.407247][T18189] 8021q: adding VLAN 0 to HW filter on device team0
[ 1564.418485][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1564.427141][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1564.435640][T17836] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1564.442739][T17836] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1564.458411][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1564.467098][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1564.476431][T17836] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1564.483551][T17836] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1564.492285][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1564.501072][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1564.511669][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1564.520619][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1564.529916][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1564.541645][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1564.550775][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1564.755234][T18189] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1564.765718][T18189] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1564.777265][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1564.785594][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1564.794018][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1564.802236][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1564.811293][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1565.021326][T18189] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1565.202333][T18199] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1565.212880][T18199] CPU: 1 PID: 18199 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1565.220551][T18199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1565.230615][T18199] Call Trace:
[ 1565.233915][T18199]  dump_stack+0x1d8/0x2f8
[ 1565.238251][T18199]  dump_header+0xd8/0x970
[ 1565.242637][T18199]  oom_kill_process+0xcd/0x320
[ 1565.247405][T18199]  out_of_memory+0x5e1/0x8a0
[ 1565.252011][T18199]  ? unregister_oom_notifier+0x20/0x20
[ 1565.257471][T18199]  ? trace_hardirqs_on+0x74/0x80
[ 1565.262506][T18199]  memory_max_write+0x537/0x6a0
[ 1565.267366][T18199]  ? lock_acquire+0x158/0x250
[ 1565.272061][T18199]  ? memory_max_show+0xa0/0xa0
[ 1565.276837][T18199]  ? trace_lock_acquire+0x154/0x1b0
[ 1565.282049][T18199]  ? lock_acquire+0x158/0x250
[ 1565.286730][T18199]  ? kernfs_fop_write+0x22e/0x4f0
[ 1565.291757][T18199]  ? memory_max_show+0xa0/0xa0
[ 1565.296536][T18199]  cgroup_file_write+0x27b/0x6e0
[ 1565.301493][T18199]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1565.306624][T18199]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1565.311750][T18199]  kernfs_fop_write+0x3e4/0x4f0
[ 1565.316616][T18199]  ? kernfs_fop_read+0x580/0x580
[ 1565.321583][T18199]  __vfs_write+0xf9/0x7d0
[ 1565.325928][T18199]  ? __lock_acquire+0x4750/0x4750
[ 1565.330974][T18199]  ? __kernel_write+0x350/0x350
[ 1565.335839][T18199]  ? trace_lock_acquire+0x154/0x1b0
[ 1565.341064][T18199]  ? __sb_start_write+0x39c/0x440
[ 1565.346125][T18199]  ? __kasan_check_read+0x11/0x20
[ 1565.351165][T18199]  vfs_write+0x275/0x590
[ 1565.355427][T18199]  ksys_write+0x16b/0x2a0
[ 1565.359760][T18199]  ? __ia32_sys_read+0x90/0x90
[ 1565.364520][T18199]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1565.370241][T18199]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1565.375964][T18199]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1565.381424][T18199]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1565.387147][T18199]  ? do_syscall_64+0x1d/0x140
[ 1565.391844][T18199]  __x64_sys_write+0x7b/0x90
[ 1565.396441][T18199]  do_syscall_64+0xfe/0x140
[ 1565.400972][T18199]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1565.406873][T18199] RIP: 0033:0x459829
[ 1565.410774][T18199] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1565.430390][T18199] RSP: 002b:00007f66b7554c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1565.438806][T18199] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1565.446780][T18199] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000009
[ 1565.454916][T18199] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000
[ 1565.462880][T18199] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b75556d4
[ 1565.470852][T18199] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1565.478933][T18199] memory: usage 3640kB, limit 0kB, failcnt 206
[ 1565.485104][T18199] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1565.492021][T18199] Memory cgroup stats for /syz4:
[ 1565.492118][T18199] anon 2154496
[ 1565.492118][T18199] file 299008
[ 1565.492118][T18199] kernel_stack 131072
[ 1565.492118][T18199] slab 1085440
[ 1565.492118][T18199] sock 0
[ 1565.492118][T18199] shmem 102400
[ 1565.492118][T18199] file_mapped 135168
[ 1565.492118][T18199] file_dirty 0
[ 1565.492118][T18199] file_writeback 0
[ 1565.492118][T18199] anon_thp 2097152
[ 1565.492118][T18199] inactive_anon 135168
[ 1565.492118][T18199] active_anon 2154496
[ 1565.492118][T18199] inactive_file 135168
[ 1565.492118][T18199] active_file 0
[ 1565.492118][T18199] unevictable 0
[ 1565.492118][T18199] slab_reclaimable 405504
[ 1565.492118][T18199] slab_unreclaimable 679936
[ 1565.492118][T18199] pgfault 355047
[ 1565.492118][T18199] pgmajfault 0
[ 1565.492118][T18199] workingset_refault 0
[ 1565.492118][T18199] workingset_activate 0
[ 1565.492118][T18199] workingset_nodereclaim 0
[ 1565.492118][T18199] pgrefill 0
[ 1565.492118][T18199] pgscan 0
[ 1565.492118][T18199] pgsteal 0
[ 1565.492118][T18199] pgactivate 0
[ 1565.588370][T18199] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18196,uid=0
14:32:00 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:32:00 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x5c00000000000000})

14:32:00 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:00 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\\x00'})

14:32:00 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x900000000000000})

14:32:00 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1565.603916][T18199] Memory cgroup out of memory: Killed process 18196 (syz-executor.4) total-vm:72840kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1565.667048][T18189] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1565.677221][T18189] CPU: 1 PID: 18189 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1565.684864][T18189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1565.694925][T18189] Call Trace:
[ 1565.698231][T18189]  dump_stack+0x1d8/0x2f8
[ 1565.702598][T18189]  dump_header+0xd8/0x970
[ 1565.706942][T18189]  oom_kill_process+0xcd/0x320
[ 1565.711708][T18189]  out_of_memory+0x5e1/0x8a0
[ 1565.716314][T18189]  ? unregister_oom_notifier+0x20/0x20
[ 1565.721781][T18189]  ? __kasan_check_read+0x11/0x20
[ 1565.726808][T18189]  try_charge+0x134a/0x17b0
[ 1565.731342][T18189]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1565.731360][T18189]  ? __lock_acquire+0x4750/0x4750
[ 1565.731375][T18189]  ? rcu_lock_release+0x15/0x20
[ 1565.731384][T18189]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1565.731394][T18189]  mem_cgroup_try_charge+0x216/0x560
[ 1565.731408][T18189]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1565.731421][T18189]  wp_page_copy+0x367/0x18c0
[ 1565.731443][T18189]  ? rcu_lock_release+0x30/0x30
[ 1565.731455][T18189]  ? __lock_acquire+0x4750/0x4750
[ 1565.731469][T18189]  ? __kasan_check_read+0x11/0x20
[ 1565.731478][T18189]  ? do_raw_spin_unlock+0x49/0x260
[ 1565.731495][T18189]  do_wp_page+0x2c9/0x1ce0
[ 1565.794930][T18189]  ? __rwlock_init+0x130/0x130
[ 1565.799693][T18189]  ? count_memcg_event_mm+0x300/0x300
[ 1565.805074][T18189]  handle_mm_fault+0x2bcf/0x6080
[ 1565.810027][T18189]  ? finish_fault+0x230/0x230
14:32:00 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'})

[ 1565.814727][T18189]  ? vmacache_find+0x251/0x5b0
[ 1565.819503][T18189]  do_user_addr_fault+0x589/0xaf0
[ 1565.824536][T18189]  __do_page_fault+0xd3/0x1f0
[ 1565.829221][T18189]  do_page_fault+0x99/0xb0
[ 1565.833644][T18189]  page_fault+0x39/0x40
[ 1565.837822][T18189] RIP: 0033:0x4034f2
[ 1565.841716][T18189] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1565.861423][T18189] RSP: 002b:00007ffcac4a8c30 EFLAGS: 00010246
14:32:00 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xa00000000000000})

[ 1565.867496][T18189] RAX: 0000000000000000 RBX: 000000000017e32a RCX: 0000000000413430
[ 1565.875485][T18189] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffcac4a9d60
[ 1565.883468][T18189] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555e4c940
[ 1565.891449][T18189] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcac4a9d60
[ 1565.899418][T18189] R13: 00007ffcac4a9d50 R14: 0000000000000000 R15: 00007ffcac4a9d60
[ 1565.907487][T18189] memory: usage 1224kB, limit 0kB, failcnt 226
[ 1565.913679][T18189] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1565.920595][T18189] Memory cgroup stats for /syz4:
[ 1565.920679][T18189] anon 0
[ 1565.920679][T18189] file 299008
[ 1565.920679][T18189] kernel_stack 65536
[ 1565.920679][T18189] slab 1085440
[ 1565.920679][T18189] sock 0
[ 1565.920679][T18189] shmem 102400
[ 1565.920679][T18189] file_mapped 135168
[ 1565.920679][T18189] file_dirty 0
[ 1565.920679][T18189] file_writeback 0
[ 1565.920679][T18189] anon_thp 0
[ 1565.920679][T18189] inactive_anon 135168
[ 1565.920679][T18189] active_anon 0
[ 1565.920679][T18189] inactive_file 135168
[ 1565.920679][T18189] active_file 0
[ 1565.920679][T18189] unevictable 0
[ 1565.920679][T18189] slab_reclaimable 405504
[ 1565.920679][T18189] slab_unreclaimable 679936
[ 1565.920679][T18189] pgfault 355047
[ 1565.920679][T18189] pgmajfault 0
[ 1565.920679][T18189] workingset_refault 0
[ 1565.920679][T18189] workingset_activate 0
[ 1565.920679][T18189] workingset_nodereclaim 0
[ 1565.920679][T18189] pgrefill 0
[ 1565.920679][T18189] pgscan 0
[ 1565.920679][T18189] pgsteal 0
[ 1565.920679][T18189] pgactivate 0
14:32:01 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xb00000000000000})

[ 1566.015105][T18189] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18189,uid=0
[ 1566.030632][T18189] Memory cgroup out of memory: Killed process 18189 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1566.047095][ T1056] oom_reaper: reaped process 18189 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:32:01 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'})

14:32:01 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xc00000000000000})

14:32:01 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03'})

14:32:02 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:32:02 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04'})

[ 1567.909842][  T788] device bridge_slave_1 left promiscuous mode
[ 1567.916109][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1567.978481][  T788] device bridge_slave_0 left promiscuous mode
[ 1567.984661][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1568.019226][  T788] device bridge_slave_1 left promiscuous mode
[ 1568.025408][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1568.068618][  T788] device bridge_slave_0 left promiscuous mode
[ 1568.074777][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1568.120605][  T788] device bridge_slave_1 left promiscuous mode
[ 1568.126799][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1568.168493][  T788] device bridge_slave_0 left promiscuous mode
[ 1568.174685][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1573.378451][  T788] device hsr_slave_0 left promiscuous mode
[ 1573.418284][  T788] device hsr_slave_1 left promiscuous mode
[ 1573.466684][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1573.477455][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1573.489748][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1573.524152][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1573.586751][  T788] bond0 (unregistering): Released all slaves
[ 1573.708176][  T788] device hsr_slave_0 left promiscuous mode
[ 1573.758312][  T788] device hsr_slave_1 left promiscuous mode
[ 1573.810569][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1573.823586][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1573.833904][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1573.873526][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1573.961629][  T788] bond0 (unregistering): Released all slaves
[ 1574.098666][  T788] device hsr_slave_0 left promiscuous mode
[ 1574.138321][  T788] device hsr_slave_1 left promiscuous mode
[ 1574.186797][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1574.197150][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1574.208769][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1574.251972][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1574.330421][  T788] bond0 (unregistering): Released all slaves
[ 1574.418450][T18234] IPVS: ftp: loaded support on port[0] = 21
[ 1574.418968][T18236] IPVS: ftp: loaded support on port[0] = 21
[ 1574.550073][T18236] chnl_net:caif_netlink_parms(): no params data found
[ 1574.594546][T18236] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1574.601758][T18236] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1574.609787][T18236] device bridge_slave_0 entered promiscuous mode
[ 1574.619726][T18236] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1574.626794][T18236] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1574.634856][T18236] device bridge_slave_1 entered promiscuous mode
[ 1574.656412][T18234] chnl_net:caif_netlink_parms(): no params data found
[ 1574.667265][T18236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1574.678254][T18236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1574.715969][T18236] team0: Port device team_slave_0 added
[ 1574.723499][T18236] team0: Port device team_slave_1 added
[ 1574.800489][T18236] device hsr_slave_0 entered promiscuous mode
[ 1574.858180][T18236] device hsr_slave_1 entered promiscuous mode
[ 1574.927694][T18236] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1574.978431][T18234] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1574.985518][T18234] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1574.993633][T18234] device bridge_slave_0 entered promiscuous mode
[ 1575.088329][T18234] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1575.095413][T18234] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1575.103433][T18234] device bridge_slave_1 entered promiscuous mode
[ 1575.118331][T18236] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1575.125413][T18236] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1575.132837][T18236] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1575.139961][T18236] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1575.169163][T18234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1575.190712][T18234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1575.231625][T18234] team0: Port device team_slave_0 added
[ 1575.240812][T18236] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1575.249019][T18234] team0: Port device team_slave_1 added
[ 1575.360396][T18234] device hsr_slave_0 entered promiscuous mode
[ 1575.488068][T18234] device hsr_slave_1 entered promiscuous mode
[ 1575.607726][T18234] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1575.619832][T17836] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1575.627720][T17836] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1575.668312][T18236] 8021q: adding VLAN 0 to HW filter on device team0
[ 1575.675366][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1575.683254][T17582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1575.698431][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1575.707058][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1575.715716][T17835] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1575.722823][T17835] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1575.755183][T18236] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1575.766392][T18236] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1575.778999][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1575.787778][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1575.796234][T17835] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1575.803348][T17835] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1575.811524][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1575.820417][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1575.829149][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1575.837937][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1575.846544][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1575.855360][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1575.863891][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1575.872370][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1575.880710][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1575.889082][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1575.899977][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1575.907939][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1575.938258][T18236] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1575.982413][T18234] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1576.009380][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1576.017251][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1576.031535][T18234] 8021q: adding VLAN 0 to HW filter on device team0
[ 1576.054484][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1576.063370][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1576.071808][T17356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1576.078910][T17356] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1576.092220][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1576.100326][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1576.109064][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1576.117414][T17356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1576.124507][T17356] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1576.143165][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1576.166741][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1576.176745][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1576.185573][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1576.194046][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1576.202742][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1576.203221][T18245] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1576.211282][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1576.220900][T18245] CPU: 0 PID: 18245 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1576.229308][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1576.236255][T18245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1576.236265][T18245] Call Trace:
[ 1576.255578][T18234] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1576.257292][T18245]  dump_stack+0x1d8/0x2f8
[ 1576.268521][T18234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1576.271942][T18245]  dump_header+0xd8/0x970
[ 1576.283376][T18245]  oom_kill_process+0xcd/0x320
[ 1576.288149][T18245]  out_of_memory+0x5e1/0x8a0
[ 1576.291614][T18234] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1576.292745][T18245]  ? unregister_oom_notifier+0x20/0x20
[ 1576.304944][T18245]  memory_max_write+0x537/0x6a0
[ 1576.309797][T18245]  ? lock_acquire+0x158/0x250
[ 1576.314504][T18245]  ? memory_max_show+0xa0/0xa0
[ 1576.319288][T18245]  ? trace_lock_acquire+0x154/0x1b0
[ 1576.324586][T18245]  ? lock_acquire+0x158/0x250
[ 1576.329265][T18245]  ? kernfs_fop_write+0x22e/0x4f0
[ 1576.334294][T18245]  ? memory_max_show+0xa0/0xa0
[ 1576.336093][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1576.339241][T18245]  cgroup_file_write+0x27b/0x6e0
[ 1576.339258][T18245]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1576.339273][T18245]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1576.339293][T18245]  kernfs_fop_write+0x3e4/0x4f0
[ 1576.347328][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1576.351499][T18245]  ? kernfs_fop_read+0x580/0x580
[ 1576.351512][T18245]  __vfs_write+0xf9/0x7d0
[ 1576.351522][T18245]  ? retint_kernel+0x10/0x10
[ 1576.351535][T18245]  ? __kernel_write+0x350/0x350
[ 1576.351546][T18245]  ? rcu_irq_exit+0xe3/0x260
[ 1576.351566][T18245]  ? retint_kernel+0x10/0x10
[ 1576.357181][T17356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1576.361783][T18245]  ? __sb_start_write+0x286/0x440
[ 1576.361796][T18245]  ? __sb_start_write+0x38a/0x440
[ 1576.361808][T18245]  ? __sb_start_write+0x39c/0x440
[ 1576.361824][T18245]  ? __kasan_check_read+0x11/0x20
[ 1576.388258][T18245]  vfs_write+0x275/0x590
[ 1576.388281][T18245]  ksys_write+0x16b/0x2a0
[ 1576.397709][T18245]  ? __ia32_sys_read+0x90/0x90
[ 1576.397727][T18245]  ? do_syscall_64+0xc0/0x140
[ 1576.397738][T18245]  __x64_sys_write+0x7b/0x90
[ 1576.397754][T18245]  do_syscall_64+0xfe/0x140
[ 1576.397771][T18245]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1576.463033][T18245] RIP: 0033:0x459829
[ 1576.466944][T18245] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1576.486569][T18245] RSP: 002b:00007fab51e9bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1576.494983][T18245] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1576.502963][T18245] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1576.510942][T18245] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1576.518900][T18245] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fab51e9c6d4
[ 1576.526862][T18245] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1576.534965][T18245] memory: usage 3512kB, limit 0kB, failcnt 119
[ 1576.541598][T18245] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1576.548639][T18245] Memory cgroup stats for /syz3:
[ 1576.549228][T18245] anon 2097152
[ 1576.549228][T18245] file 0
[ 1576.549228][T18245] kernel_stack 65536
[ 1576.549228][T18245] slab 1126400
[ 1576.549228][T18245] sock 0
[ 1576.549228][T18245] shmem 0
[ 1576.549228][T18245] file_mapped 0
[ 1576.549228][T18245] file_dirty 0
[ 1576.549228][T18245] file_writeback 0
[ 1576.549228][T18245] anon_thp 2097152
[ 1576.549228][T18245] inactive_anon 0
[ 1576.549228][T18245] active_anon 2097152
[ 1576.549228][T18245] inactive_file 0
[ 1576.549228][T18245] active_file 0
[ 1576.549228][T18245] unevictable 0
[ 1576.549228][T18245] slab_reclaimable 405504
[ 1576.549228][T18245] slab_unreclaimable 720896
[ 1576.549228][T18245] pgfault 251658
[ 1576.549228][T18245] pgmajfault 0
[ 1576.549228][T18245] workingset_refault 0
[ 1576.549228][T18245] workingset_activate 0
[ 1576.549228][T18245] workingset_nodereclaim 0
[ 1576.549228][T18245] pgrefill 0
[ 1576.549228][T18245] pgscan 0
[ 1576.549228][T18245] pgsteal 0
[ 1576.549228][T18245] pgactivate 0
[ 1576.643092][T18245] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18244,uid=0
[ 1576.658978][T18245] Memory cgroup out of memory: Killed process 18244 (syz-executor.3) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1576.682140][ T1056] oom_reaper: reaped process 18244 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1576.694469][T18252] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1576.704894][T18252] CPU: 1 PID: 18252 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1576.712530][T18252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1576.722687][T18252] Call Trace:
[ 1576.725988][T18252]  dump_stack+0x1d8/0x2f8
[ 1576.730335][T18252]  dump_header+0xd8/0x970
[ 1576.734675][T18252]  oom_kill_process+0xcd/0x320
[ 1576.739532][T18252]  out_of_memory+0x5e1/0x8a0
[ 1576.744132][T18252]  ? unregister_oom_notifier+0x20/0x20
[ 1576.750115][T18252]  ? trace_hardirqs_on+0x74/0x80
[ 1576.755074][T18252]  memory_max_write+0x537/0x6a0
[ 1576.759931][T18252]  ? lock_acquire+0x158/0x250
[ 1576.765123][T18252]  ? memory_max_show+0xa0/0xa0
[ 1576.769896][T18252]  ? trace_lock_acquire+0x154/0x1b0
[ 1576.775100][T18252]  ? lock_acquire+0x158/0x250
[ 1576.779785][T18252]  ? kernfs_fop_write+0x22e/0x4f0
[ 1576.784816][T18252]  ? memory_max_show+0xa0/0xa0
[ 1576.789594][T18252]  cgroup_file_write+0x27b/0x6e0
[ 1576.794542][T18252]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1576.799668][T18252]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1576.804779][T18252]  kernfs_fop_write+0x3e4/0x4f0
[ 1576.809630][T18252]  ? kernfs_fop_read+0x580/0x580
[ 1576.814580][T18252]  __vfs_write+0xf9/0x7d0
[ 1576.818919][T18252]  ? __lock_acquire+0x4750/0x4750
[ 1576.823951][T18252]  ? __kernel_write+0x350/0x350
[ 1576.828809][T18252]  ? trace_lock_acquire+0x154/0x1b0
[ 1576.834025][T18252]  ? __sb_start_write+0x39c/0x440
[ 1576.839056][T18252]  ? __kasan_check_read+0x11/0x20
[ 1576.844095][T18252]  vfs_write+0x275/0x590
[ 1576.848359][T18252]  ksys_write+0x16b/0x2a0
[ 1576.852694][T18252]  ? __ia32_sys_read+0x90/0x90
[ 1576.857460][T18252]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1576.863187][T18252]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1576.868916][T18252]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1576.874381][T18252]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1576.880108][T18252]  ? do_syscall_64+0x1d/0x140
[ 1576.884877][T18252]  __x64_sys_write+0x7b/0x90
[ 1576.889470][T18252]  do_syscall_64+0xfe/0x140
[ 1576.893983][T18252]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1576.903105][T18252] RIP: 0033:0x459829
[ 1576.907003][T18252] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1576.926616][T18252] RSP: 002b:00007f56c5e17c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1576.935044][T18252] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1576.943024][T18252] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1576.951003][T18252] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1576.959000][T18252] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56c5e186d4
[ 1576.966974][T18252] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1576.975032][T18252] memory: usage 3356kB, limit 0kB, failcnt 489389
[ 1576.981481][T18252] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1576.988448][T18252] Memory cgroup stats for /syz2:
[ 1576.989861][T18252] anon 2179072
[ 1576.989861][T18252] file 274432
[ 1576.989861][T18252] kernel_stack 65536
[ 1576.989861][T18252] slab 831488
[ 1576.989861][T18252] sock 0
[ 1576.989861][T18252] shmem 172032
[ 1576.989861][T18252] file_mapped 135168
[ 1576.989861][T18252] file_dirty 135168
[ 1576.989861][T18252] file_writeback 0
[ 1576.989861][T18252] anon_thp 2097152
[ 1576.989861][T18252] inactive_anon 135168
[ 1576.989861][T18252] active_anon 2179072
[ 1576.989861][T18252] inactive_file 135168
[ 1576.989861][T18252] active_file 135168
[ 1576.989861][T18252] unevictable 0
[ 1576.989861][T18252] slab_reclaimable 270336
[ 1576.989861][T18252] slab_unreclaimable 561152
[ 1576.989861][T18252] pgfault 191829
[ 1576.989861][T18252] pgmajfault 0
[ 1576.989861][T18252] workingset_refault 0
[ 1576.989861][T18252] workingset_activate 0
[ 1576.989861][T18252] workingset_nodereclaim 0
[ 1576.989861][T18252] pgrefill 0
[ 1576.989861][T18252] pgscan 0
[ 1576.989861][T18252] pgsteal 0
[ 1577.083407][T18252] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18251,uid=0
[ 1577.098969][T18252] Memory cgroup out of memory: Killed process 18251 (syz-executor.2) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1577.120516][ T1056] oom_reaper: reaped process 18251 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB
[ 1577.138103][T18236] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1577.148108][T18236] CPU: 1 PID: 18236 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1577.155751][T18236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1577.165815][T18236] Call Trace:
[ 1577.169118][T18236]  dump_stack+0x1d8/0x2f8
[ 1577.173452][T18236]  dump_header+0xd8/0x970
[ 1577.177790][T18236]  oom_kill_process+0xcd/0x320
[ 1577.182593][T18236]  out_of_memory+0x5e1/0x8a0
[ 1577.187195][T18236]  ? unregister_oom_notifier+0x20/0x20
[ 1577.192668][T18236]  ? __kasan_check_read+0x11/0x20
[ 1577.197707][T18236]  try_charge+0x134a/0x17b0
[ 1577.202233][T18236]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1577.208053][T18236]  ? __lock_acquire+0x4750/0x4750
[ 1577.213093][T18236]  ? rcu_lock_release+0x15/0x20
[ 1577.217942][T18236]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1577.223489][T18236]  mem_cgroup_try_charge+0x216/0x560
[ 1577.228789][T18236]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1577.234437][T18236]  wp_page_copy+0x367/0x18c0
[ 1577.239047][T18236]  ? rcu_lock_release+0x30/0x30
[ 1577.243931][T18236]  ? __lock_acquire+0x4750/0x4750
[ 1577.248960][T18236]  ? __kasan_check_read+0x11/0x20
[ 1577.253993][T18236]  ? do_raw_spin_unlock+0x49/0x260
[ 1577.259108][T18236]  do_wp_page+0x2c9/0x1ce0
[ 1577.263622][T18236]  ? __rwlock_init+0x130/0x130
[ 1577.268388][T18236]  ? count_memcg_event_mm+0x300/0x300
[ 1577.273770][T18236]  handle_mm_fault+0x2bcf/0x6080
[ 1577.278722][T18236]  ? finish_fault+0x230/0x230
[ 1577.283438][T18236]  ? vmacache_find+0x50f/0x5b0
[ 1577.288226][T18236]  ? vmacache_update+0xb7/0x120
[ 1577.293085][T18236]  do_user_addr_fault+0x589/0xaf0
[ 1577.298128][T18236]  __do_page_fault+0xd3/0x1f0
[ 1577.302804][T18236]  do_page_fault+0x99/0xb0
[ 1577.307230][T18236]  page_fault+0x39/0x40
[ 1577.311381][T18236] RIP: 0033:0x430906
[ 1577.315290][T18236] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1577.334908][T18236] RSP: 002b:00007ffda7814260 EFLAGS: 00010206
[ 1577.340982][T18236] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1577.348966][T18236] RDX: 0000555557348930 RSI: 0000555557350970 RDI: 0000000000000003
[ 1577.356954][T18236] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555557347940
[ 1577.364933][T18236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1577.372916][T18236] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1577.381546][T18236] memory: usage 1184kB, limit 0kB, failcnt 128
[ 1577.387766][T18236] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1577.394711][T18236] Memory cgroup stats for /syz3:
[ 1577.394807][T18236] anon 0
[ 1577.394807][T18236] file 0
[ 1577.394807][T18236] kernel_stack 65536
[ 1577.394807][T18236] slab 1126400
[ 1577.394807][T18236] sock 0
[ 1577.394807][T18236] shmem 0
[ 1577.394807][T18236] file_mapped 0
[ 1577.394807][T18236] file_dirty 0
[ 1577.394807][T18236] file_writeback 0
[ 1577.394807][T18236] anon_thp 0
[ 1577.394807][T18236] inactive_anon 0
[ 1577.394807][T18236] active_anon 0
[ 1577.394807][T18236] inactive_file 0
[ 1577.394807][T18236] active_file 0
[ 1577.394807][T18236] unevictable 0
[ 1577.394807][T18236] slab_reclaimable 405504
[ 1577.394807][T18236] slab_unreclaimable 720896
[ 1577.394807][T18236] pgfault 251658
[ 1577.394807][T18236] pgmajfault 0
[ 1577.394807][T18236] workingset_refault 0
[ 1577.394807][T18236] workingset_activate 0
[ 1577.394807][T18236] workingset_nodereclaim 0
[ 1577.394807][T18236] pgrefill 0
[ 1577.394807][T18236] pgscan 0
[ 1577.394807][T18236] pgsteal 0
[ 1577.394807][T18236] pgactivate 0
[ 1577.394807][T18236] pgdeactivate 0
[ 1577.491131][T18236] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18236,uid=0
[ 1577.506637][T18236] Memory cgroup out of memory: Killed process 18236 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1577.523380][ T1056] oom_reaper: reaped process 18236 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:32:12 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:12 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xd00000000000000})

14:32:12 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x8000000000000000})

14:32:12 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:32:12 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05'})

14:32:12 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1577.560798][T18234] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1577.570850][T18234] CPU: 0 PID: 18234 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1577.578485][T18234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1577.588555][T18234] Call Trace:
[ 1577.591854][T18234]  dump_stack+0x1d8/0x2f8
[ 1577.596185][T18234]  dump_header+0xd8/0x970
[ 1577.600512][T18234]  oom_kill_process+0xcd/0x320
[ 1577.605271][T18234]  out_of_memory+0x5e1/0x8a0
[ 1577.609862][T18234]  ? unregister_oom_notifier+0x20/0x20
[ 1577.615330][T18234]  ? __kasan_check_read+0x11/0x20
[ 1577.620362][T18234]  try_charge+0x134a/0x17b0
[ 1577.624885][T18234]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1577.630693][T18234]  ? __lock_acquire+0x4750/0x4750
[ 1577.635721][T18234]  ? rcu_lock_release+0x15/0x20
[ 1577.640569][T18234]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1577.646118][T18234]  mem_cgroup_try_charge+0x216/0x560
[ 1577.651408][T18234]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1577.657044][T18234]  wp_page_copy+0x367/0x18c0
[ 1577.661655][T18234]  ? rcu_lock_release+0x30/0x30
[ 1577.666514][T18234]  ? __lock_acquire+0x4750/0x4750
[ 1577.671537][T18234]  ? __kasan_check_read+0x11/0x20
[ 1577.676567][T18234]  ? do_raw_spin_unlock+0x49/0x260
[ 1577.681697][T18234]  do_wp_page+0x2c9/0x1ce0
[ 1577.686117][T18234]  ? __rwlock_init+0x130/0x130
[ 1577.690877][T18234]  ? count_memcg_event_mm+0x300/0x300
[ 1577.696252][T18234]  handle_mm_fault+0x2bcf/0x6080
[ 1577.701199][T18234]  ? finish_fault+0x230/0x230
[ 1577.705886][T18234]  ? vmacache_find+0x251/0x5b0
[ 1577.710658][T18234]  do_user_addr_fault+0x589/0xaf0
[ 1577.715693][T18234]  __do_page_fault+0xd3/0x1f0
[ 1577.720459][T18234]  do_page_fault+0x99/0xb0
[ 1577.724881][T18234]  page_fault+0x39/0x40
[ 1577.729037][T18234] RIP: 0033:0x4034f2
[ 1577.732930][T18234] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1577.752546][T18234] RSP: 002b:00007fffb109fca0 EFLAGS: 00010246
[ 1577.758623][T18234] RAX: 0000000000000000 RBX: 0000000000180de7 RCX: 0000000000413430
[ 1577.767137][T18234] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffb10a0dd0
[ 1577.775113][T18234] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556400940
[ 1577.783090][T18234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb10a0dd0
[ 1577.791157][T18234] R13: 00007fffb10a0dc0 R14: 0000000000000000 R15: 00007fffb10a0dd0
[ 1577.800265][T18234] memory: usage 1028kB, limit 0kB, failcnt 489400
[ 1577.806707][T18234] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1577.813606][T18234] Memory cgroup stats for /syz2:
[ 1577.813705][T18234] anon 77824
[ 1577.813705][T18234] file 274432
[ 1577.813705][T18234] kernel_stack 65536
[ 1577.813705][T18234] slab 831488
[ 1577.813705][T18234] sock 0
[ 1577.813705][T18234] shmem 172032
[ 1577.813705][T18234] file_mapped 135168
[ 1577.813705][T18234] file_dirty 135168
[ 1577.813705][T18234] file_writeback 0
[ 1577.813705][T18234] anon_thp 0
[ 1577.813705][T18234] inactive_anon 135168
[ 1577.813705][T18234] active_anon 77824
14:32:12 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xe00000000000000})

[ 1577.813705][T18234] inactive_file 135168
[ 1577.813705][T18234] active_file 135168
[ 1577.813705][T18234] unevictable 0
[ 1577.813705][T18234] slab_reclaimable 270336
[ 1577.813705][T18234] slab_unreclaimable 561152
[ 1577.813705][T18234] pgfault 191829
[ 1577.813705][T18234] pgmajfault 0
[ 1577.813705][T18234] workingset_refault 0
[ 1577.813705][T18234] workingset_activate 0
[ 1577.813705][T18234] workingset_nodereclaim 0
[ 1577.813705][T18234] pgrefill 0
[ 1577.813705][T18234] pgscan 0
[ 1577.813705][T18234] pgsteal 0
[ 1577.813705][T18234] pgactivate 0
[ 1577.909659][T18234] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18234,uid=0
[ 1577.909740][T18234] Memory cgroup out of memory: Killed process 18234 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
14:32:13 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06'})

14:32:13 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x1000000000000000})

14:32:13 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x1100000000000000})

14:32:13 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'})

14:32:13 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x1200000000000000})

14:32:14 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:14 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x2500000000000000})

14:32:14 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b'})

[ 1579.642266][T18286] IPVS: ftp: loaded support on port[0] = 21
[ 1579.702827][T18286] chnl_net:caif_netlink_parms(): no params data found
[ 1579.729358][T18286] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1579.736455][T18286] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1579.744188][T18286] device bridge_slave_0 entered promiscuous mode
[ 1579.752301][T18286] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1579.759463][T18286] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1579.767712][T18286] device bridge_slave_1 entered promiscuous mode
[ 1579.783910][T18286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1579.795042][T18286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1579.813939][T18286] team0: Port device team_slave_0 added
[ 1579.821354][T18286] team0: Port device team_slave_1 added
[ 1579.870783][T18286] device hsr_slave_0 entered promiscuous mode
[ 1579.908161][T18286] device hsr_slave_1 entered promiscuous mode
[ 1579.967798][T18286] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1580.573968][T18286] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1580.585483][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1580.593351][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1580.604266][T18286] 8021q: adding VLAN 0 to HW filter on device team0
[ 1580.613433][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1580.622410][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1580.630767][T17583] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1580.637877][T17583] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1580.840731][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1580.857738][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1580.866327][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1580.875250][T17835] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1580.882368][T17835] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1580.890094][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1580.898723][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1580.907123][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1580.915677][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1580.924022][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1580.932748][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1580.943626][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1580.951489][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1580.960125][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1580.973204][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1580.981615][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1580.992871][T18286] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1581.201327][T18286] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1581.425978][T18292] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1581.436264][T18292] CPU: 1 PID: 18292 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1581.443905][T18292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1581.453972][T18292] Call Trace:
[ 1581.457297][T18292]  dump_stack+0x1d8/0x2f8
[ 1581.461639][T18292]  dump_header+0xd8/0x970
[ 1581.465974][T18292]  oom_kill_process+0xcd/0x320
[ 1581.470916][T18292]  out_of_memory+0x5e1/0x8a0
[ 1581.475502][T18292]  ? unregister_oom_notifier+0x20/0x20
[ 1581.480967][T18292]  ? __kasan_check_read+0x11/0x20
[ 1581.486000][T18292]  try_charge+0x134a/0x17b0
[ 1581.490527][T18292]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1581.496351][T18292]  ? __lock_acquire+0x4750/0x4750
[ 1581.501388][T18292]  ? rcu_lock_release+0x15/0x20
[ 1581.506260][T18292]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1581.511818][T18292]  mem_cgroup_try_charge+0x216/0x560
[ 1581.517114][T18292]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1581.522784][T18292]  handle_mm_fault+0x31f3/0x6080
[ 1581.528528][T18292]  ? finish_fault+0x230/0x230
[ 1581.533231][T18292]  ? vmacache_find+0x566/0x5b0
[ 1581.537995][T18292]  ? vmacache_update+0xb7/0x120
[ 1581.542851][T18292]  do_user_addr_fault+0x589/0xaf0
[ 1581.547889][T18292]  __do_page_fault+0xd3/0x1f0
[ 1581.552572][T18292]  do_page_fault+0x99/0xb0
[ 1581.556990][T18292]  page_fault+0x39/0x40
[ 1581.561141][T18292] RIP: 0033:0x41116f
[ 1581.565036][T18292] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1581.585013][T18292] RSP: 002b:00007fff51e60460 EFLAGS: 00010206
[ 1581.591092][T18292] RAX: 00007efc29db0000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1581.599075][T18292] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1581.607059][T18292] RBP: 00007fff51e60540 R08: ffffffffffffffff R09: 0000000000000000
[ 1581.615044][T18292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff51e60630
[ 1581.623027][T18292] R13: 00007efc29dd0700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1581.632062][T18292] memory: usage 3496kB, limit 0kB, failcnt 235
[ 1581.638274][T18292] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1581.645121][T18292] Memory cgroup stats for /syz4:
[ 1581.645231][T18292] anon 2195456
[ 1581.645231][T18292] file 299008
[ 1581.645231][T18292] kernel_stack 65536
[ 1581.645231][T18292] slab 1085440
[ 1581.645231][T18292] sock 0
[ 1581.645231][T18292] shmem 102400
[ 1581.645231][T18292] file_mapped 135168
[ 1581.645231][T18292] file_dirty 0
[ 1581.645231][T18292] file_writeback 0
[ 1581.645231][T18292] anon_thp 2097152
[ 1581.645231][T18292] inactive_anon 135168
[ 1581.645231][T18292] active_anon 2195456
[ 1581.645231][T18292] inactive_file 135168
[ 1581.645231][T18292] active_file 0
[ 1581.645231][T18292] unevictable 0
[ 1581.645231][T18292] slab_reclaimable 405504
[ 1581.645231][T18292] slab_unreclaimable 679936
[ 1581.645231][T18292] pgfault 355113
[ 1581.645231][T18292] pgmajfault 0
[ 1581.645231][T18292] workingset_refault 0
[ 1581.645231][T18292] workingset_activate 0
[ 1581.645231][T18292] workingset_nodereclaim 0
[ 1581.645231][T18292] pgrefill 0
[ 1581.645231][T18292] pgscan 0
[ 1581.645231][T18292] pgsteal 0
[ 1581.645231][T18292] pgactivate 0
[ 1581.741458][T18292] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18292,uid=0
[ 1581.756966][T18292] Memory cgroup out of memory: Killed process 18292 (syz-executor.4) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1581.772794][ T1056] oom_reaper: reaped process 18292 (syz-executor.4), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
14:32:16 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:16 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:32:16 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x4000000000000000})

14:32:16 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t'})

14:32:16 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:16 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xdf0e000000000000})

[ 1581.871639][T18286] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1581.881737][T18286] CPU: 1 PID: 18286 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1581.889378][T18286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1581.899443][T18286] Call Trace:
[ 1581.902774][T18286]  dump_stack+0x1d8/0x2f8
[ 1581.907112][T18286]  dump_header+0xd8/0x970
[ 1581.911458][T18286]  oom_kill_process+0xcd/0x320
[ 1581.916232][T18286]  out_of_memory+0x5e1/0x8a0
[ 1581.920833][T18286]  ? unregister_oom_notifier+0x20/0x20
[ 1581.926298][T18286]  ? __kasan_check_read+0x11/0x20
[ 1581.931333][T18286]  try_charge+0x134a/0x17b0
[ 1581.935862][T18286]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1581.941682][T18286]  ? __lock_acquire+0x4750/0x4750
[ 1581.946712][T18286]  ? rcu_lock_release+0x15/0x20
[ 1581.951572][T18286]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1581.957125][T18286]  mem_cgroup_try_charge+0x216/0x560
[ 1581.962471][T18286]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1581.968117][T18286]  wp_page_copy+0x367/0x18c0
[ 1581.972722][T18286]  ? rcu_lock_release+0x30/0x30
[ 1581.977596][T18286]  ? __lock_acquire+0x4750/0x4750
[ 1581.982644][T18286]  ? __kasan_check_read+0x11/0x20
[ 1581.987686][T18286]  ? do_raw_spin_unlock+0x49/0x260
[ 1581.992811][T18286]  do_wp_page+0x2c9/0x1ce0
[ 1581.997247][T18286]  ? __rwlock_init+0x130/0x130
[ 1582.002014][T18286]  ? count_memcg_event_mm+0x300/0x300
[ 1582.007393][T18286]  handle_mm_fault+0x2bcf/0x6080
[ 1582.013298][T18286]  ? finish_fault+0x230/0x230
[ 1582.017986][T18286]  ? vmacache_find+0x251/0x5b0
[ 1582.022757][T18286]  do_user_addr_fault+0x589/0xaf0
[ 1582.027808][T18286]  __do_page_fault+0xd3/0x1f0
[ 1582.032488][T18286]  do_page_fault+0x99/0xb0
[ 1582.036904][T18286]  page_fault+0x39/0x40
[ 1582.041067][T18286] RIP: 0033:0x430906
[ 1582.044961][T18286] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1582.064578][T18286] RSP: 002b:00007fff51e5f470 EFLAGS: 00010206
[ 1582.070648][T18286] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1582.078622][T18286] RDX: 0000555556df3930 RSI: 0000555556dfb970 RDI: 0000000000000003
[ 1582.086600][T18286] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556df2940
[ 1582.094583][T18286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1582.102571][T18286] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1582.110650][T18286] memory: usage 1164kB, limit 0kB, failcnt 244
[ 1582.116813][T18286] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1582.123745][T18286] Memory cgroup stats for /syz4:
[ 1582.123854][T18286] anon 0
[ 1582.123854][T18286] file 299008
[ 1582.123854][T18286] kernel_stack 0
[ 1582.123854][T18286] slab 1085440
[ 1582.123854][T18286] sock 0
[ 1582.123854][T18286] shmem 102400
[ 1582.123854][T18286] file_mapped 135168
[ 1582.123854][T18286] file_dirty 0
[ 1582.123854][T18286] file_writeback 0
[ 1582.123854][T18286] anon_thp 0
[ 1582.123854][T18286] inactive_anon 135168
[ 1582.123854][T18286] active_anon 0
[ 1582.123854][T18286] inactive_file 135168
[ 1582.123854][T18286] active_file 0
[ 1582.123854][T18286] unevictable 0
[ 1582.123854][T18286] slab_reclaimable 405504
[ 1582.123854][T18286] slab_unreclaimable 679936
[ 1582.123854][T18286] pgfault 355113
[ 1582.123854][T18286] pgmajfault 0
[ 1582.123854][T18286] workingset_refault 0
[ 1582.123854][T18286] workingset_activate 0
[ 1582.123854][T18286] workingset_nodereclaim 0
[ 1582.123854][T18286] pgrefill 0
[ 1582.123854][T18286] pgscan 0
[ 1582.123854][T18286] pgsteal 0
[ 1582.123854][T18286] pgactivate 0
[ 1582.218653][T18286] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18286,uid=0
[ 1582.234205][T18286] Memory cgroup out of memory: Killed process 18286 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1582.249385][ T1056] oom_reaper: reaped process 18286 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:32:17 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0x5c00000000000000})

14:32:17 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n'})

14:32:17 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v'})

14:32:17 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x0, '\x00', 0xffffffff00000000})

14:32:17 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f'})

14:32:17 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x80)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, 0x0, 0x3a9)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40246608, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0)
write(r1, &(0x7f00000000c0)="f7", 0x1)
ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000480))
recvfrom$inet6(r1, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x100, &(0x7f0000001880), 0x1c)
r3 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
r5 = getpid()
getresuid(&(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000300), &(0x7f0000000340))
getgroups(0x6, &(0x7f0000000380)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r7=>0x0, 0x0])
sendmsg$unix(r3, &(0x7f0000000440)={&(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000080)=[{&(0x7f0000000000)="0cb508a0846a129306725b1f50328bff8bf3a90acdce20e71735", 0x1a}], 0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000000000faffffffffffffff0000", @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r2, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32=r4, @ANYRES32=r1, @ANYRES32=r3, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x78, 0x20000000}, 0x1)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00')
sendmsg$IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xdc, r8, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0x6c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x21}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x80000000}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6gre0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e22}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x4}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r2, 0xc008ae09, &(0x7f00000006c0)=""/165)
r9 = semget$private(0x0, 0x1, 0x1c0)
semctl$IPC_RMID(r9, 0x0, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f0000000140)={0x0, @reserved})

[ 1584.066126][T18328] IPVS: ftp: loaded support on port[0] = 21
[ 1584.314941][T18328] chnl_net:caif_netlink_parms(): no params data found
[ 1584.348716][T18328] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1584.355775][T18328] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1584.364818][T18328] device bridge_slave_0 entered promiscuous mode
[ 1584.372812][T18328] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1584.379941][T18328] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1584.387526][T18328] device bridge_slave_1 entered promiscuous mode
[ 1584.394754][  T788] device bridge_slave_1 left promiscuous mode
[ 1584.401145][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1584.440071][  T788] device bridge_slave_0 left promiscuous mode
[ 1584.446252][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1584.480124][  T788] device bridge_slave_1 left promiscuous mode
[ 1584.486311][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1584.529115][  T788] device bridge_slave_0 left promiscuous mode
[ 1584.535323][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1584.569625][  T788] device bridge_slave_1 left promiscuous mode
[ 1584.575838][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1584.608526][  T788] device bridge_slave_0 left promiscuous mode
[ 1584.614708][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1589.888649][  T788] device hsr_slave_0 left promiscuous mode
[ 1589.958384][  T788] device hsr_slave_1 left promiscuous mode
[ 1590.005068][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1590.017994][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1590.031535][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1590.101390][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1590.168738][  T788] bond0 (unregistering): Released all slaves
[ 1590.318293][  T788] device hsr_slave_0 left promiscuous mode
[ 1590.367760][  T788] device hsr_slave_1 left promiscuous mode
[ 1590.427954][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1590.440763][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1590.451801][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1590.491300][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1590.562993][  T788] bond0 (unregistering): Released all slaves
[ 1590.708328][  T788] device hsr_slave_0 left promiscuous mode
[ 1590.767797][  T788] device hsr_slave_1 left promiscuous mode
[ 1590.834700][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1590.847910][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1590.859680][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1590.903000][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1590.979430][  T788] bond0 (unregistering): Released all slaves
[ 1591.096160][T18328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1591.098090][T18331] IPVS: ftp: loaded support on port[0] = 21
[ 1591.111352][T18328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1591.148652][T18328] team0: Port device team_slave_0 added
[ 1591.159111][T18328] team0: Port device team_slave_1 added
[ 1591.230438][T18328] device hsr_slave_0 entered promiscuous mode
[ 1591.297912][T18328] device hsr_slave_1 entered promiscuous mode
[ 1591.367786][T18328] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1591.434443][T18331] chnl_net:caif_netlink_parms(): no params data found
[ 1591.473751][T18331] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1591.481028][T18331] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1591.489027][T18331] device bridge_slave_0 entered promiscuous mode
[ 1591.504310][T18331] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1591.511501][T18331] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1591.519526][T18331] device bridge_slave_1 entered promiscuous mode
[ 1591.554187][T18331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1591.565649][T18331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1591.586968][T18331] team0: Port device team_slave_0 added
[ 1591.595692][T18331] team0: Port device team_slave_1 added
[ 1591.650698][T18331] device hsr_slave_0 entered promiscuous mode
[ 1591.717970][T18331] device hsr_slave_1 entered promiscuous mode
[ 1591.767786][T18331] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1591.779018][T18328] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1591.793871][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1591.805794][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1591.813767][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1591.825322][T18328] 8021q: adding VLAN 0 to HW filter on device team0
[ 1591.859355][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1591.868620][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1591.876856][T17835] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1591.883952][T17835] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1591.891643][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1591.900296][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1591.908686][T17835] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1591.915725][T17835] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1591.923653][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1591.932408][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1591.999566][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1592.007681][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1592.015482][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1592.028553][T13660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1592.130503][T18331] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1592.144688][T18328] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1592.156094][T18328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1592.166597][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1592.184332][T18331] 8021q: adding VLAN 0 to HW filter on device team0
[ 1592.191793][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1592.200517][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1592.218052][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1592.226757][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1592.235481][T17836] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1592.242575][T17836] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1592.258549][T18328] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1592.272442][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1592.280926][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1592.289583][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1592.297980][T17836] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1592.305031][T17836] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1592.312737][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1592.321585][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1592.368500][T18331] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1592.379312][T18331] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1592.405091][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1592.414273][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1592.422759][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1592.431457][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1592.439883][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1592.448363][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1592.456812][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1592.465294][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1592.494718][T18331] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1592.505952][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1592.514241][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1592.701470][T18341] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1592.711850][T18341] CPU: 1 PID: 18341 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1592.719578][T18341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1592.729639][T18341] Call Trace:
[ 1592.732949][T18341]  dump_stack+0x1d8/0x2f8
[ 1592.737295][T18341]  dump_header+0xd8/0x970
[ 1592.741635][T18341]  oom_kill_process+0xcd/0x320
[ 1592.746407][T18341]  out_of_memory+0x5e1/0x8a0
[ 1592.751007][T18341]  ? unregister_oom_notifier+0x20/0x20
[ 1592.756486][T18341]  memory_max_write+0x537/0x6a0
[ 1592.761346][T18341]  ? lock_acquire+0x158/0x250
[ 1592.766503][T18341]  ? memory_max_show+0xa0/0xa0
[ 1592.771278][T18341]  ? trace_lock_acquire+0x154/0x1b0
[ 1592.776486][T18341]  ? lock_acquire+0x158/0x250
[ 1592.781193][T18341]  ? kernfs_fop_write+0x22e/0x4f0
[ 1592.786221][T18341]  ? memory_max_show+0xa0/0xa0
[ 1592.790997][T18341]  cgroup_file_write+0x27b/0x6e0
[ 1592.795941][T18341]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1592.801063][T18341]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1592.806184][T18341]  kernfs_fop_write+0x3e4/0x4f0
[ 1592.811037][T18341]  ? kernfs_fop_read+0x580/0x580
[ 1592.815979][T18341]  __vfs_write+0xf9/0x7d0
[ 1592.820322][T18341]  ? __lock_acquire+0x4750/0x4750
[ 1592.825352][T18341]  ? __kernel_write+0x350/0x350
[ 1592.830205][T18341]  ? trace_lock_acquire+0x154/0x1b0
[ 1592.835420][T18341]  ? __sb_start_write+0x39c/0x440
[ 1592.840450][T18341]  vfs_write+0x275/0x590
[ 1592.844706][T18341]  ksys_write+0x16b/0x2a0
[ 1592.849036][T18341]  ? __ia32_sys_read+0x90/0x90
[ 1592.853799][T18341]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1592.859530][T18341]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1592.865258][T18341]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1592.870723][T18341]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1592.876448][T18341]  ? do_syscall_64+0x1d/0x140
[ 1592.881161][T18341]  __x64_sys_write+0x7b/0x90
[ 1592.885758][T18341]  do_syscall_64+0xfe/0x140
[ 1592.890262][T18341]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1592.896173][T18341] RIP: 0033:0x459829
[ 1592.900067][T18341] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1592.919888][T18341] RSP: 002b:00007f3f8bc14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1592.928308][T18341] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1592.936282][T18341] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1592.944249][T18341] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1592.952245][T18341] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f8bc156d4
[ 1592.960230][T18341] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1592.968393][T18341] memory: usage 3428kB, limit 0kB, failcnt 129
[ 1592.974663][T18341] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1592.981629][T18341] Memory cgroup stats for /syz3:
[ 1592.984427][T18341] anon 2097152
[ 1592.984427][T18341] file 0
[ 1592.984427][T18341] kernel_stack 65536
[ 1592.984427][T18341] slab 1126400
[ 1592.984427][T18341] sock 0
[ 1592.984427][T18341] shmem 0
[ 1592.984427][T18341] file_mapped 0
[ 1592.984427][T18341] file_dirty 0
[ 1592.984427][T18341] file_writeback 0
[ 1592.984427][T18341] anon_thp 2097152
[ 1592.984427][T18341] inactive_anon 0
[ 1592.984427][T18341] active_anon 2097152
[ 1592.984427][T18341] inactive_file 0
[ 1592.984427][T18341] active_file 0
[ 1592.984427][T18341] unevictable 0
[ 1592.984427][T18341] slab_reclaimable 405504
[ 1592.984427][T18341] slab_unreclaimable 720896
[ 1592.984427][T18341] pgfault 251724
[ 1592.984427][T18341] pgmajfault 0
[ 1592.984427][T18341] workingset_refault 0
[ 1592.984427][T18341] workingset_activate 0
[ 1592.984427][T18341] workingset_nodereclaim 0
[ 1592.984427][T18341] pgrefill 0
[ 1592.984427][T18341] pgscan 0
[ 1592.984427][T18341] pgsteal 0
[ 1592.984427][T18341] pgactivate 0
[ 1593.078767][T18341] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18339,uid=0
[ 1593.094911][T18341] Memory cgroup out of memory: Killed process 18339 (syz-executor.3) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1593.110386][T18345] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1593.112359][ T1056] oom_reaper: reaped process 18339 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1593.120733][T18345] CPU: 0 PID: 18345 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1593.139249][T18345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1593.149304][T18345] Call Trace:
[ 1593.152595][T18345]  dump_stack+0x1d8/0x2f8
[ 1593.156923][T18345]  dump_header+0xd8/0x970
[ 1593.161263][T18345]  oom_kill_process+0xcd/0x320
[ 1593.166030][T18345]  out_of_memory+0x5e1/0x8a0
[ 1593.170629][T18345]  ? unregister_oom_notifier+0x20/0x20
[ 1593.176092][T18345]  ? __kasan_check_read+0x11/0x20
[ 1593.181128][T18345]  try_charge+0x134a/0x17b0
[ 1593.185649][T18345]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1593.191460][T18345]  ? __lock_acquire+0x4750/0x4750
[ 1593.196578][T18345]  ? rcu_lock_release+0x15/0x20
[ 1593.201425][T18345]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1593.206971][T18345]  mem_cgroup_try_charge+0x216/0x560
[ 1593.212260][T18345]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1593.217892][T18345]  handle_mm_fault+0x31f3/0x6080
[ 1593.222841][T18345]  ? finish_fault+0x230/0x230
[ 1593.227524][T18345]  ? vmacache_find+0x566/0x5b0
[ 1593.232301][T18345]  ? vmacache_update+0xb7/0x120
[ 1593.237154][T18345]  do_user_addr_fault+0x589/0xaf0
[ 1593.242209][T18345]  __do_page_fault+0xd3/0x1f0
[ 1593.246885][T18345]  do_page_fault+0x99/0xb0
[ 1593.251304][T18345]  page_fault+0x39/0x40
[ 1593.255456][T18345] RIP: 0033:0x41116f
[ 1593.259343][T18345] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1593.278961][T18345] RSP: 002b:00007ffef1cdbd30 EFLAGS: 00010206
[ 1593.285044][T18345] RAX: 00007ff5bcd4a000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1593.293027][T18345] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1593.301007][T18345] RBP: 00007ffef1cdbe10 R08: ffffffffffffffff R09: 0000000000000000
[ 1593.308981][T18345] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffef1cdbf00
[ 1593.316953][T18345] R13: 00007ff5bcd6a700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1593.325028][T18345] memory: usage 3300kB, limit 0kB, failcnt 489409
[ 1593.331495][T18345] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1593.338383][T18345] Memory cgroup stats for /syz2:
[ 1593.338488][T18345] anon 2170880
[ 1593.338488][T18345] file 274432
[ 1593.338488][T18345] kernel_stack 65536
[ 1593.338488][T18345] slab 831488
[ 1593.338488][T18345] sock 0
[ 1593.338488][T18345] shmem 172032
[ 1593.338488][T18345] file_mapped 135168
[ 1593.338488][T18345] file_dirty 135168
[ 1593.338488][T18345] file_writeback 135168
[ 1593.338488][T18345] anon_thp 2097152
[ 1593.338488][T18345] inactive_anon 135168
[ 1593.338488][T18345] active_anon 2170880
[ 1593.338488][T18345] inactive_file 135168
[ 1593.338488][T18345] active_file 135168
[ 1593.338488][T18345] unevictable 0
[ 1593.338488][T18345] slab_reclaimable 270336
[ 1593.338488][T18345] slab_unreclaimable 561152
[ 1593.338488][T18345] pgfault 191895
[ 1593.338488][T18345] pgmajfault 0
[ 1593.338488][T18345] workingset_refault 0
[ 1593.338488][T18345] workingset_activate 0
[ 1593.338488][T18345] workingset_nodereclaim 0
[ 1593.338488][T18345] pgrefill 0
[ 1593.338488][T18345] pgscan 0
[ 1593.338488][T18345] pgsteal 0
[ 1593.432471][T18345] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18345,uid=0
[ 1593.448020][T18345] Memory cgroup out of memory: Killed process 18345 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1593.463279][ T1056] oom_reaper: reaped process 18345 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
[ 1593.513355][T18328] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1593.523365][T18328] CPU: 1 PID: 18328 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1593.530995][T18328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1593.541052][T18328] Call Trace:
[ 1593.544347][T18328]  dump_stack+0x1d8/0x2f8
[ 1593.548682][T18328]  dump_header+0xd8/0x970
[ 1593.553022][T18328]  oom_kill_process+0xcd/0x320
[ 1593.557796][T18328]  out_of_memory+0x5e1/0x8a0
[ 1593.562388][T18328]  ? unregister_oom_notifier+0x20/0x20
[ 1593.567845][T18328]  ? __kasan_check_read+0x11/0x20
[ 1593.572874][T18328]  try_charge+0x134a/0x17b0
[ 1593.577403][T18328]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1593.583219][T18328]  ? __lock_acquire+0x4750/0x4750
[ 1593.588248][T18328]  ? rcu_lock_release+0x15/0x20
[ 1593.593098][T18328]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1593.598649][T18328]  mem_cgroup_try_charge+0x216/0x560
[ 1593.598664][T18328]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1593.598677][T18328]  wp_page_copy+0x367/0x18c0
[ 1593.598696][T18328]  ? rcu_lock_release+0x30/0x30
[ 1593.598709][T18328]  ? __lock_acquire+0x4750/0x4750
[ 1593.598727][T18328]  ? __kasan_check_read+0x11/0x20
[ 1593.624146][T18328]  ? do_raw_spin_unlock+0x49/0x260
[ 1593.624163][T18328]  do_wp_page+0x2c9/0x1ce0
[ 1593.624179][T18328]  ? __rwlock_init+0x130/0x130
[ 1593.634305][T18328]  ? count_memcg_event_mm+0x300/0x300
[ 1593.648826][T18328]  handle_mm_fault+0x2bcf/0x6080
[ 1593.653886][T18328]  ? finish_fault+0x230/0x230
[ 1593.658593][T18328]  ? vmacache_find+0x51b/0x5b0
[ 1593.663368][T18328]  ? vmacache_update+0xb7/0x120
[ 1593.668232][T18328]  do_user_addr_fault+0x589/0xaf0
[ 1593.673278][T18328]  __do_page_fault+0xd3/0x1f0
[ 1593.677962][T18328]  do_page_fault+0x99/0xb0
[ 1593.682382][T18328]  page_fault+0x39/0x40
[ 1593.686537][T18328] RIP: 0033:0x430906
[ 1593.690448][T18328] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1593.710094][T18328] RSP: 002b:00007ffe123b6090 EFLAGS: 00010206
[ 1593.716171][T18328] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1593.724240][T18328] RDX: 00005555572d0930 RSI: 00005555572d8970 RDI: 0000000000000003
[ 1593.732213][T18328] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555572cf940
[ 1593.740274][T18328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1593.748250][T18328] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1593.756322][T18328] memory: usage 1072kB, limit 0kB, failcnt 148
[ 1593.762536][T18328] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1593.770945][T18328] Memory cgroup stats for /syz3:
[ 1593.771028][T18328] anon 0
[ 1593.771028][T18328] file 0
[ 1593.771028][T18328] kernel_stack 0
[ 1593.771028][T18328] slab 1126400
[ 1593.771028][T18328] sock 0
[ 1593.771028][T18328] shmem 0
[ 1593.771028][T18328] file_mapped 0
[ 1593.771028][T18328] file_dirty 0
[ 1593.771028][T18328] file_writeback 0
[ 1593.771028][T18328] anon_thp 0
[ 1593.771028][T18328] inactive_anon 0
[ 1593.771028][T18328] active_anon 0
[ 1593.771028][T18328] inactive_file 0
[ 1593.771028][T18328] active_file 0
[ 1593.771028][T18328] unevictable 0
[ 1593.771028][T18328] slab_reclaimable 405504
[ 1593.771028][T18328] slab_unreclaimable 720896
[ 1593.771028][T18328] pgfault 251724
[ 1593.771028][T18328] pgmajfault 0
[ 1593.771028][T18328] workingset_refault 0
[ 1593.771028][T18328] workingset_activate 0
[ 1593.771028][T18328] workingset_nodereclaim 0
[ 1593.771028][T18328] pgrefill 0
[ 1593.771028][T18328] pgscan 0
[ 1593.771028][T18328] pgsteal 0
[ 1593.771028][T18328] pgactivate 0
14:32:28 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:28 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r'})

14:32:28 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xfdfdffff00000000})

14:32:28 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x9, 0x0)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x400, 0x0)
getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f00000000c0)=0xfffffffffffffffd, &(0x7f0000000100)=0x2)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
lseek(r1, 0x0, 0x0)

[ 1593.771028][T18328] pgdeactivate 0
[ 1593.866485][T18328] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18328,uid=0
[ 1593.882007][T18328] Memory cgroup out of memory: Killed process 18328 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1593.896446][ T1056] oom_reaper: reaped process 18328 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:32:28 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:28 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:32:28 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x100)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$vnet(r1, &(0x7f0000001180)={0x1, {&(0x7f0000000100)=""/4096, 0x1000, &(0x7f0000001100)=""/113, 0x3, 0x4}}, 0x68)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:32:28 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e'})

14:32:28 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xfe0f000000000000})

[ 1593.940355][T18331] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1593.950523][T18331] CPU: 1 PID: 18331 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1593.958258][T18331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1593.968505][T18331] Call Trace:
[ 1593.971814][T18331]  dump_stack+0x1d8/0x2f8
[ 1593.976161][T18331]  dump_header+0xd8/0x970
[ 1593.980498][T18331]  oom_kill_process+0xcd/0x320
[ 1593.985316][T18331]  out_of_memory+0x5e1/0x8a0
[ 1593.989913][T18331]  ? unregister_oom_notifier+0x20/0x20
[ 1593.995386][T18331]  ? __kasan_check_read+0x11/0x20
[ 1594.000514][T18331]  try_charge+0x134a/0x17b0
[ 1594.005071][T18331]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1594.010895][T18331]  ? __lock_acquire+0x4750/0x4750
[ 1594.015947][T18331]  ? rcu_lock_release+0x15/0x20
[ 1594.020806][T18331]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1594.026362][T18331]  mem_cgroup_try_charge+0x216/0x560
[ 1594.031658][T18331]  mem_cgroup_try_charge_delay+0x25/0xa0
14:32:29 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10'})

[ 1594.037296][T18331]  handle_mm_fault+0x31f3/0x6080
[ 1594.042247][T18331]  ? finish_fault+0x230/0x230
[ 1594.046990][T18331]  ? vmacache_find+0x251/0x5b0
[ 1594.051764][T18331]  do_user_addr_fault+0x589/0xaf0
[ 1594.056803][T18331]  __do_page_fault+0xd3/0x1f0
[ 1594.061516][T18331]  do_page_fault+0x99/0xb0
[ 1594.065949][T18331]  page_fault+0x39/0x40
[ 1594.065961][T18331] RIP: 0033:0x4034f2
14:32:29 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x30100, 0x0)
ioctl$SCSI_IOCTL_TEST_UNIT_READY(r1, 0x2)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000080), &(0x7f0000000100)=0x4)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000140)=""/91)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000240)='SEG6\x00')
sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000340)={&(0x7f0000000200), 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="020126bd7000ffdbff25020000000800060007000000080005000400000018000400ffff000001000000004000000900000026d4ffff08000500026e77b0aa788869d43521ba427a85b005d7183aabb13aa9f4b51f36d6ab428f2545cd726025a8"], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x10)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
ioctl$SG_GET_LOW_DMA(r1, 0x227a, &(0x7f00000001c0))
ioctl$NBD_DISCONNECT(r1, 0xab08)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000280)={0x2, 'bcsh0\x00', 0x400000004}, 0x18)

[ 1594.065972][T18331] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1594.065983][T18331] RSP: 002b:00007ffef1cdaee0 EFLAGS: 00010246
[ 1594.074034][T18331] RAX: 0000000000000000 RBX: 0000000000184da7 RCX: 0000000000413430
[ 1594.074047][T18331] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffef1cdc010
[ 1594.115927][T18331] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556155940
[ 1594.123918][T18331] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffef1cdc010
[ 1594.131909][T18331] R13: 00007ffef1cdc000 R14: 0000000000000000 R15: 00007ffef1cdc010
[ 1594.140263][T18331] memory: usage 976kB, limit 0kB, failcnt 489422
[ 1594.146600][T18331] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1594.153519][T18331] Memory cgroup stats for /syz2:
[ 1594.153615][T18331] anon 0
[ 1594.153615][T18331] file 274432
[ 1594.153615][T18331] kernel_stack 65536
[ 1594.153615][T18331] slab 831488
[ 1594.153615][T18331] sock 0
[ 1594.153615][T18331] shmem 172032
[ 1594.153615][T18331] file_mapped 135168
[ 1594.153615][T18331] file_dirty 135168
[ 1594.153615][T18331] file_writeback 135168
[ 1594.153615][T18331] anon_thp 0
[ 1594.153615][T18331] inactive_anon 135168
[ 1594.153615][T18331] active_anon 0
[ 1594.153615][T18331] inactive_file 135168
[ 1594.153615][T18331] active_file 135168
[ 1594.153615][T18331] unevictable 0
[ 1594.153615][T18331] slab_reclaimable 270336
[ 1594.153615][T18331] slab_unreclaimable 561152
[ 1594.153615][T18331] pgfault 191895
[ 1594.153615][T18331] pgmajfault 0
[ 1594.153615][T18331] workingset_refault 0
[ 1594.153615][T18331] workingset_activate 0
[ 1594.153615][T18331] workingset_nodereclaim 0
[ 1594.153615][T18331] pgrefill 0
[ 1594.153615][T18331] pgscan 0
[ 1594.153615][T18331] pgsteal 0
[ 1594.153615][T18331] pgactivate 0
[ 1594.250070][T18331] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18331,uid=0
[ 1594.250151][T18331] Memory cgroup out of memory: Killed process 18331 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1594.263016][ T1056] oom_reaper: reaped process 18331 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:32:29 executing program 5:
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=<r0=>0x0)
move_pages(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000ffb000/0x4000)=nil], &(0x7f0000000100)=[0x1, 0x6, 0x542, 0xe84f, 0x6, 0x7fffffff, 0x31], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x6)
r1 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0x5452, &(0x7f0000000040)={0x9})

14:32:29 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:29 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11'})

14:32:29 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xff0f000000000000})

14:32:29 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x100, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000080)=0x7f, 0x4)

14:32:29 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r2, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r3, 0x0, 0x0)
r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r4, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r2, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r4, &(0x7f00000003c0)=0x100, 0x12)

[ 1595.968240][T18393] IPVS: ftp: loaded support on port[0] = 21
[ 1596.045468][T18393] chnl_net:caif_netlink_parms(): no params data found
[ 1596.072728][T18393] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1596.079874][T18393] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1596.087702][T18393] device bridge_slave_0 entered promiscuous mode
[ 1596.095716][T18393] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1596.102871][T18393] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1596.110942][T18393] device bridge_slave_1 entered promiscuous mode
[ 1596.132963][T18393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1596.144145][T18393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1596.165900][T18393] team0: Port device team_slave_0 added
[ 1596.173382][T18393] team0: Port device team_slave_1 added
[ 1596.236640][T18393] device hsr_slave_0 entered promiscuous mode
[ 1596.378064][T18393] device hsr_slave_1 entered promiscuous mode
[ 1596.417750][T18393] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1596.435972][T18393] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1596.443344][T18393] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1596.450821][T18393] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1596.457989][T18393] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1596.491938][T18393] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1596.504859][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1596.513871][T17583] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1596.522677][T17583] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1596.536180][T18393] 8021q: adding VLAN 0 to HW filter on device team0
[ 1596.561941][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1596.570520][T17834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1596.577626][T17834] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1596.619550][T18393] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1596.630154][T18393] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1596.643054][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1596.651611][T17834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1596.659175][T17834] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1596.667106][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1596.677091][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1596.685540][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1596.693970][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1596.705125][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1596.712838][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1596.730202][T18393] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1596.844297][T18401] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1596.854638][T18401] CPU: 1 PID: 18401 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1596.862521][T18401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1596.872581][T18401] Call Trace:
[ 1596.875885][T18401]  dump_stack+0x1d8/0x2f8
[ 1596.880212][T18401]  dump_header+0xd8/0x970
[ 1596.884543][T18401]  oom_kill_process+0xcd/0x320
[ 1596.889330][T18401]  out_of_memory+0x5e1/0x8a0
[ 1596.893944][T18401]  ? unregister_oom_notifier+0x20/0x20
[ 1596.899482][T18401]  memory_max_write+0x537/0x6a0
[ 1596.904495][T18401]  ? lock_acquire+0x158/0x250
[ 1596.909165][T18401]  ? memory_max_show+0xa0/0xa0
[ 1596.913920][T18401]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1596.919481][T18401]  ? trace_hardirqs_on_caller+0x74/0x80
[ 1596.925081][T18401]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1596.930546][T18401]  ? rcu_irq_exit+0xe3/0x260
[ 1596.935168][T18401]  ? memory_max_show+0xa0/0xa0
[ 1596.939935][T18401]  cgroup_file_write+0x27b/0x6e0
[ 1596.944884][T18401]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1596.949988][T18401]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1596.955262][T18401]  kernfs_fop_write+0x3e4/0x4f0
[ 1596.960102][T18401]  ? kernfs_fop_read+0x580/0x580
[ 1596.965032][T18401]  __vfs_write+0xf9/0x7d0
[ 1596.969467][T18401]  ? retint_kernel+0x10/0x10
[ 1596.974054][T18401]  ? __kernel_write+0x350/0x350
[ 1596.978923][T18401]  ? lock_is_held_type+0x25c/0x2b0
[ 1596.984039][T18401]  ? __sb_start_write+0x39c/0x440
[ 1596.989059][T18401]  vfs_write+0x275/0x590
[ 1596.993304][T18401]  ksys_write+0x16b/0x2a0
[ 1596.997728][T18401]  ? __ia32_sys_read+0x90/0x90
[ 1597.002835][T18401]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1597.009159][T18401]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1597.014866][T18401]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1597.020321][T18401]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1597.026065][T18401]  ? do_syscall_64+0x1d/0x140
[ 1597.030731][T18401]  __x64_sys_write+0x7b/0x90
[ 1597.035307][T18401]  do_syscall_64+0xfe/0x140
[ 1597.039816][T18401]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1597.045708][T18401] RIP: 0033:0x459829
[ 1597.049587][T18401] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1597.069198][T18401] RSP: 002b:00007f0107119c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1597.077618][T18401] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1597.085704][T18401] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1597.093814][T18401] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1597.101870][T18401] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f010711a6d4
[ 1597.109834][T18401] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1597.122532][T18401] memory: usage 3404kB, limit 0kB, failcnt 253
[ 1597.129034][T18401] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1597.136106][T18401] Memory cgroup stats for /syz4:
[ 1597.138742][T18401] anon 2211840
[ 1597.138742][T18401] file 299008
[ 1597.138742][T18401] kernel_stack 65536
[ 1597.138742][T18401] slab 950272
[ 1597.138742][T18401] sock 0
[ 1597.138742][T18401] shmem 102400
[ 1597.138742][T18401] file_mapped 135168
[ 1597.138742][T18401] file_dirty 0
[ 1597.138742][T18401] file_writeback 0
[ 1597.138742][T18401] anon_thp 2097152
[ 1597.138742][T18401] inactive_anon 135168
[ 1597.138742][T18401] active_anon 2211840
[ 1597.138742][T18401] inactive_file 135168
[ 1597.138742][T18401] active_file 0
[ 1597.138742][T18401] unevictable 0
[ 1597.138742][T18401] slab_reclaimable 405504
[ 1597.138742][T18401] slab_unreclaimable 544768
[ 1597.138742][T18401] pgfault 355179
[ 1597.138742][T18401] pgmajfault 0
[ 1597.138742][T18401] workingset_refault 0
[ 1597.138742][T18401] workingset_activate 0
[ 1597.138742][T18401] workingset_nodereclaim 0
[ 1597.138742][T18401] pgrefill 0
[ 1597.138742][T18401] pgscan 0
[ 1597.138742][T18401] pgsteal 0
[ 1597.138742][T18401] pgactivate 0
[ 1597.234873][T18401] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18400,uid=0
[ 1597.250925][T18401] Memory cgroup out of memory: Killed process 18400 (syz-executor.4) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1597.266635][ T1056] oom_reaper: reaped process 18400 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
14:32:32 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:32 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:32:32 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x7, 0x40200)
delete_module(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x200)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:32:32 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r2, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r3, 0x0, 0x0)
r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r4, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r2, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r4, &(0x7f00000003c0)=0x100, 0x12)

14:32:32 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0xffffffff00000000})

14:32:32 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12'})

14:32:32 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00%'})

14:32:32 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x4001)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

[ 1597.430399][T18393] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1597.440435][T18393] CPU: 0 PID: 18393 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1597.448084][T18393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1597.458170][T18393] Call Trace:
[ 1597.461491][T18393]  dump_stack+0x1d8/0x2f8
[ 1597.465826][T18393]  dump_header+0xd8/0x970
[ 1597.470171][T18393]  oom_kill_process+0xcd/0x320
[ 1597.474943][T18393]  out_of_memory+0x5e1/0x8a0
[ 1597.479540][T18393]  ? unregister_oom_notifier+0x20/0x20
[ 1597.485007][T18393]  ? __kasan_check_read+0x11/0x20
[ 1597.490044][T18393]  try_charge+0x134a/0x17b0
[ 1597.494579][T18393]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1597.500404][T18393]  ? __lock_acquire+0x4750/0x4750
[ 1597.505445][T18393]  ? rcu_lock_release+0x15/0x20
[ 1597.510307][T18393]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1597.515866][T18393]  mem_cgroup_try_charge+0x216/0x560
[ 1597.521177][T18393]  mem_cgroup_try_charge_delay+0x25/0xa0
14:32:32 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@'})

[ 1597.527004][T18393]  wp_page_copy+0x367/0x18c0
[ 1597.531621][T18393]  ? rcu_lock_release+0x30/0x30
[ 1597.536676][T18393]  ? __lock_acquire+0x4750/0x4750
[ 1597.541720][T18393]  ? __kasan_check_read+0x11/0x20
[ 1597.546758][T18393]  ? do_raw_spin_unlock+0x49/0x260
[ 1597.551891][T18393]  do_wp_page+0x2c9/0x1ce0
[ 1597.556321][T18393]  ? __rwlock_init+0x130/0x130
[ 1597.561095][T18393]  ? count_memcg_event_mm+0x300/0x300
[ 1597.566479][T18393]  handle_mm_fault+0x2bcf/0x6080
[ 1597.571431][T18393]  ? finish_fault+0x230/0x230
[ 1597.576126][T18393]  ? vmacache_find+0x566/0x5b0
[ 1597.580891][T18393]  ? vmacache_update+0xb7/0x120
[ 1597.585743][T18393]  do_user_addr_fault+0x589/0xaf0
[ 1597.590772][T18393]  __do_page_fault+0xd3/0x1f0
[ 1597.590783][T18393]  do_page_fault+0x99/0xb0
[ 1597.590795][T18393]  page_fault+0x39/0x40
[ 1597.590805][T18393] RIP: 0033:0x4034f2
[ 1597.590816][T18393] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1597.590821][T18393] RSP: 002b:00007ffc4b2b2c20 EFLAGS: 00010246
[ 1597.590830][T18393] RAX: 0000000000000000 RBX: 0000000000185d89 RCX: 0000000000413430
[ 1597.590835][T18393] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc4b2b3d50
[ 1597.590841][T18393] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556876940
[ 1597.590852][T18393] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc4b2b3d50
[ 1597.665522][T18393] R13: 00007ffc4b2b3d40 R14: 0000000000000000 R15: 00007ffc4b2b3d50
[ 1597.674812][T18393] memory: usage 1072kB, limit 0kB, failcnt 262
[ 1597.681021][T18393] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1597.687949][T18393] Memory cgroup stats for /syz4:
[ 1597.688035][T18393] anon 0
[ 1597.688035][T18393] file 299008
[ 1597.688035][T18393] kernel_stack 0
[ 1597.688035][T18393] slab 950272
[ 1597.688035][T18393] sock 0
[ 1597.688035][T18393] shmem 102400
[ 1597.688035][T18393] file_mapped 135168
[ 1597.688035][T18393] file_dirty 0
[ 1597.688035][T18393] file_writeback 0
[ 1597.688035][T18393] anon_thp 0
[ 1597.688035][T18393] inactive_anon 135168
[ 1597.688035][T18393] active_anon 0
[ 1597.688035][T18393] inactive_file 135168
[ 1597.688035][T18393] active_file 0
[ 1597.688035][T18393] unevictable 0
[ 1597.688035][T18393] slab_reclaimable 405504
[ 1597.688035][T18393] slab_unreclaimable 544768
[ 1597.688035][T18393] pgfault 355179
[ 1597.688035][T18393] pgmajfault 0
[ 1597.688035][T18393] workingset_refault 0
[ 1597.688035][T18393] workingset_activate 0
[ 1597.688035][T18393] workingset_nodereclaim 0
[ 1597.688035][T18393] pgrefill 0
[ 1597.688035][T18393] pgscan 0
[ 1597.688035][T18393] pgsteal 0
14:32:32 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\'})

[ 1597.688035][T18393] pgactivate 0
[ 1597.782792][T18393] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18393,uid=0
[ 1597.798826][T18393] Memory cgroup out of memory: Killed process 18393 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1597.815937][ T1056] oom_reaper: reaped process 18393 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:32:32 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x0, 0x80000)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080))
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:32:32 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

[ 1599.695000][T18434] IPVS: ftp: loaded support on port[0] = 21
[ 1599.984404][T18436] IPVS: ftp: loaded support on port[0] = 21
[ 1600.230985][T18434] chnl_net:caif_netlink_parms(): no params data found
[ 1600.264805][T18434] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1600.272012][T18434] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1600.280531][T18434] device bridge_slave_0 entered promiscuous mode
[ 1600.294670][T18434] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1600.301847][T18434] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1600.309895][T18434] device bridge_slave_1 entered promiscuous mode
[ 1600.330389][T18434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1600.542174][T18434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1600.791706][T18434] team0: Port device team_slave_0 added
[ 1600.800847][T18434] team0: Port device team_slave_1 added
[ 1600.813092][T18436] chnl_net:caif_netlink_parms(): no params data found
[ 1600.860483][T18434] device hsr_slave_0 entered promiscuous mode
[ 1600.898076][T18434] device hsr_slave_1 entered promiscuous mode
[ 1600.937793][T18434] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1601.181189][T18436] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1601.188358][T18436] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1601.196397][T18436] device bridge_slave_0 entered promiscuous mode
[ 1601.206854][T18434] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1601.213919][T18434] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1601.221312][T18434] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1601.228381][T18434] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1601.236951][T18436] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1601.244265][T18436] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1601.252232][T18436] device bridge_slave_1 entered promiscuous mode
[ 1601.259798][T17835] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1601.267324][T17835] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1601.497497][T18436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1601.509630][  T788] device bridge_slave_1 left promiscuous mode
[ 1601.515871][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1601.559621][  T788] device bridge_slave_0 left promiscuous mode
[ 1601.565777][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1601.610699][  T788] device bridge_slave_1 left promiscuous mode
[ 1601.616932][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1601.658601][  T788] device bridge_slave_0 left promiscuous mode
[ 1601.664784][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1601.698931][  T788] device bridge_slave_1 left promiscuous mode
[ 1601.705074][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1601.748718][  T788] device bridge_slave_0 left promiscuous mode
[ 1601.754899][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1607.218429][  T788] device hsr_slave_0 left promiscuous mode
[ 1607.278297][  T788] device hsr_slave_1 left promiscuous mode
[ 1607.327840][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1607.338593][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1607.350725][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1607.402643][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1607.491389][  T788] bond0 (unregistering): Released all slaves
[ 1607.618680][  T788] device hsr_slave_0 left promiscuous mode
[ 1607.658342][  T788] device hsr_slave_1 left promiscuous mode
[ 1607.707619][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1607.720512][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1607.730826][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1607.771444][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1607.838693][  T788] bond0 (unregistering): Released all slaves
[ 1607.968190][  T788] device hsr_slave_0 left promiscuous mode
[ 1608.007811][  T788] device hsr_slave_1 left promiscuous mode
[ 1608.068462][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1608.079773][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1608.090691][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1608.153526][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1608.230653][  T788] bond0 (unregistering): Released all slaves
[ 1608.306180][T18436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1608.353344][T18436] team0: Port device team_slave_0 added
[ 1608.360829][T18436] team0: Port device team_slave_1 added
[ 1608.369044][T18434] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1608.391447][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1608.399675][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1608.439743][T18436] device hsr_slave_0 entered promiscuous mode
[ 1608.488156][T18436] device hsr_slave_1 entered promiscuous mode
[ 1608.538079][T18436] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1608.547823][T18434] 8021q: adding VLAN 0 to HW filter on device team0
[ 1608.558620][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1608.567312][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1608.575768][T17581] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1608.582870][T17581] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1608.609962][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1608.618911][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1608.627228][T17581] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1608.634389][T17581] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1608.642467][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1608.651245][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1608.659984][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1608.668714][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1608.676994][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1608.685638][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1608.694006][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1608.702455][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1608.716666][T18434] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1608.728333][T18434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1608.738532][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1608.746289][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1608.754807][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1608.954482][T18434] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1608.994523][T18436] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1609.008542][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1609.016517][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1609.036036][T18436] 8021q: adding VLAN 0 to HW filter on device team0
[ 1609.054014][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1609.062974][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1609.072001][T17583] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1609.079131][T17583] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1609.126304][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1609.134589][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1609.143308][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1609.151767][T17583] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1609.158887][T17583] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1609.177702][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1609.186821][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1609.195896][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1609.207439][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1609.217002][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1609.234002][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1609.246955][T18436] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1609.258489][T18436] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1609.266890][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1609.290462][T18436] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1609.323933][T18445] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1609.334333][T18445] CPU: 0 PID: 18445 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1609.341973][T18445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1609.352034][T18445] Call Trace:
[ 1609.355341][T18445]  dump_stack+0x1d8/0x2f8
[ 1609.359679][T18445]  dump_header+0xd8/0x970
[ 1609.364020][T18445]  oom_kill_process+0xcd/0x320
[ 1609.368785][T18445]  out_of_memory+0x5e1/0x8a0
[ 1609.373378][T18445]  ? unregister_oom_notifier+0x20/0x20
[ 1609.378834][T18445]  ? trace_hardirqs_on+0x74/0x80
[ 1609.383791][T18445]  memory_max_write+0x537/0x6a0
[ 1609.388641][T18445]  ? lock_acquire+0x158/0x250
[ 1609.393329][T18445]  ? memory_max_show+0xa0/0xa0
[ 1609.398109][T18445]  ? trace_lock_acquire+0x154/0x1b0
[ 1609.403327][T18445]  ? lock_acquire+0x158/0x250
[ 1609.408029][T18445]  ? kernfs_fop_write+0x22e/0x4f0
[ 1609.413239][T18445]  ? memory_max_show+0xa0/0xa0
[ 1609.418006][T18445]  cgroup_file_write+0x27b/0x6e0
[ 1609.422952][T18445]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1609.428076][T18445]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1609.433188][T18445]  kernfs_fop_write+0x3e4/0x4f0
[ 1609.438047][T18445]  ? kernfs_fop_read+0x580/0x580
[ 1609.442993][T18445]  __vfs_write+0xf9/0x7d0
[ 1609.447330][T18445]  ? __lock_acquire+0x4750/0x4750
[ 1609.452361][T18445]  ? __kernel_write+0x350/0x350
[ 1609.457215][T18445]  ? trace_lock_acquire+0x154/0x1b0
[ 1609.462440][T18445]  ? __sb_start_write+0x39c/0x440
[ 1609.467482][T18445]  ? __kasan_check_read+0x11/0x20
[ 1609.472542][T18445]  vfs_write+0x275/0x590
[ 1609.476805][T18445]  ksys_write+0x16b/0x2a0
[ 1609.481238][T18445]  ? __ia32_sys_read+0x90/0x90
[ 1609.486008][T18445]  ? do_syscall_64+0xc0/0x140
[ 1609.490686][T18445]  __x64_sys_write+0x7b/0x90
[ 1609.495284][T18445]  do_syscall_64+0xfe/0x140
[ 1609.499815][T18445]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1609.505736][T18445] RIP: 0033:0x459829
[ 1609.509629][T18445] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1609.529242][T18445] RSP: 002b:00007f9545cf3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1609.537673][T18445] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1609.545668][T18445] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1609.553742][T18445] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1609.561734][T18445] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9545cf46d4
[ 1609.569725][T18445] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1609.577893][T18445] memory: usage 3264kB, limit 0kB, failcnt 149
[ 1609.584197][T18445] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1609.591208][T18445] Memory cgroup stats for /syz3:
[ 1609.593338][T18445] anon 2056192
[ 1609.593338][T18445] file 0
[ 1609.593338][T18445] kernel_stack 65536
[ 1609.593338][T18445] slab 856064
[ 1609.593338][T18445] sock 0
[ 1609.593338][T18445] shmem 0
[ 1609.593338][T18445] file_mapped 0
[ 1609.593338][T18445] file_dirty 0
[ 1609.593338][T18445] file_writeback 0
[ 1609.593338][T18445] anon_thp 2097152
[ 1609.593338][T18445] inactive_anon 0
[ 1609.593338][T18445] active_anon 2056192
[ 1609.593338][T18445] inactive_file 0
[ 1609.593338][T18445] active_file 0
[ 1609.593338][T18445] unevictable 0
[ 1609.593338][T18445] slab_reclaimable 270336
[ 1609.593338][T18445] slab_unreclaimable 585728
[ 1609.593338][T18445] pgfault 251790
[ 1609.593338][T18445] pgmajfault 0
[ 1609.593338][T18445] workingset_refault 0
[ 1609.593338][T18445] workingset_activate 0
[ 1609.593338][T18445] workingset_nodereclaim 0
[ 1609.593338][T18445] pgrefill 0
[ 1609.593338][T18445] pgscan 0
[ 1609.593338][T18445] pgsteal 0
[ 1609.593338][T18445] pgactivate 0
[ 1609.687286][T18445] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18444,uid=0
[ 1609.703320][T18445] Memory cgroup out of memory: Killed process 18444 (syz-executor.3) total-vm:72840kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1609.728935][ T1056] oom_reaper: reaped process 18444 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1609.873153][T18451] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1609.883768][T18451] CPU: 0 PID: 18451 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1609.891505][T18451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1609.901977][T18451] Call Trace:
[ 1609.905279][T18451]  dump_stack+0x1d8/0x2f8
[ 1609.909612][T18451]  dump_header+0xd8/0x970
[ 1609.913952][T18451]  oom_kill_process+0xcd/0x320
[ 1609.918923][T18451]  out_of_memory+0x5e1/0x8a0
[ 1609.923516][T18451]  ? unregister_oom_notifier+0x20/0x20
[ 1609.928973][T18451]  ? __kasan_check_read+0x11/0x20
[ 1609.934008][T18451]  try_charge+0x134a/0x17b0
[ 1609.938564][T18451]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1609.944378][T18451]  ? __lock_acquire+0x4750/0x4750
[ 1609.949408][T18451]  ? rcu_lock_release+0x15/0x20
[ 1609.954259][T18451]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1609.959801][T18451]  mem_cgroup_try_charge+0x216/0x560
[ 1609.965698][T18451]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1609.971331][T18451]  handle_mm_fault+0x31f3/0x6080
[ 1609.976388][T18451]  ? finish_fault+0x230/0x230
[ 1609.981176][T18451]  ? vmacache_find+0x566/0x5b0
[ 1609.985944][T18451]  ? vmacache_update+0xb7/0x120
[ 1609.990818][T18451]  do_user_addr_fault+0x589/0xaf0
[ 1609.995851][T18451]  __do_page_fault+0xd3/0x1f0
[ 1610.000523][T18451]  do_page_fault+0x99/0xb0
[ 1610.004935][T18451]  page_fault+0x39/0x40
[ 1610.009090][T18451] RIP: 0033:0x41116f
[ 1610.012978][T18451] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1610.032591][T18451] RSP: 002b:00007ffea419d240 EFLAGS: 00010206
[ 1610.038686][T18451] RAX: 00007f04e1628000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1610.046661][T18451] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1610.054635][T18451] RBP: 00007ffea419d320 R08: ffffffffffffffff R09: 0000000000000000
[ 1610.062606][T18451] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffea419d410
[ 1610.070606][T18451] R13: 00007f04e1648700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1610.078681][T18451] memory: usage 3288kB, limit 0kB, failcnt 489431
[ 1610.085104][T18451] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1610.092065][T18451] Memory cgroup stats for /syz2:
[ 1610.092225][T18451] anon 2174976
[ 1610.092225][T18451] file 274432
[ 1610.092225][T18451] kernel_stack 65536
[ 1610.092225][T18451] slab 831488
[ 1610.092225][T18451] sock 0
[ 1610.092225][T18451] shmem 172032
[ 1610.092225][T18451] file_mapped 135168
[ 1610.092225][T18451] file_dirty 135168
[ 1610.092225][T18451] file_writeback 135168
[ 1610.092225][T18451] anon_thp 2097152
[ 1610.092225][T18451] inactive_anon 135168
[ 1610.092225][T18451] active_anon 2174976
[ 1610.092225][T18451] inactive_file 135168
[ 1610.092225][T18451] active_file 135168
[ 1610.092225][T18451] unevictable 0
[ 1610.092225][T18451] slab_reclaimable 270336
[ 1610.092225][T18451] slab_unreclaimable 561152
[ 1610.092225][T18451] pgfault 191961
[ 1610.092225][T18451] pgmajfault 0
[ 1610.092225][T18451] workingset_refault 0
[ 1610.092225][T18451] workingset_activate 0
[ 1610.092225][T18451] workingset_nodereclaim 0
[ 1610.092225][T18451] pgrefill 0
[ 1610.092225][T18451] pgscan 0
[ 1610.092225][T18451] pgsteal 0
[ 1610.186245][T18451] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18451,uid=0
[ 1610.201912][T18451] Memory cgroup out of memory: Killed process 18451 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1610.220515][ T1056] oom_reaper: reaped process 18451 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
14:32:45 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:45 executing program 5:
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0x5452, &(0x7f0000000040)={0x9})
r0 = getpgid(0xffffffffffffffff)
sched_getparam(r0, &(0x7f0000000100))

14:32:45 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:32:45 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x2})

14:32:45 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

[ 1610.561860][T18434] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1610.572188][T18434] CPU: 0 PID: 18434 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1610.579849][T18434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1610.589909][T18434] Call Trace:
[ 1610.593223][T18434]  dump_stack+0x1d8/0x2f8
[ 1610.597574][T18434]  dump_header+0xd8/0x970
[ 1610.601914][T18434]  oom_kill_process+0xcd/0x320
[ 1610.606681][T18434]  out_of_memory+0x5e1/0x8a0
14:32:45 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r2, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r3, 0x0, 0x0)
r4 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r4, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r2, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r4, &(0x7f00000003c0)=0x100, 0x12)

14:32:45 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

[ 1610.611279][T18434]  ? unregister_oom_notifier+0x20/0x20
[ 1610.616747][T18434]  ? __kasan_check_read+0x11/0x20
[ 1610.621787][T18434]  try_charge+0x134a/0x17b0
[ 1610.626322][T18434]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1610.632145][T18434]  ? __lock_acquire+0x4750/0x4750
[ 1610.637183][T18434]  ? rcu_lock_release+0x15/0x20
[ 1610.642047][T18434]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1610.647608][T18434]  mem_cgroup_try_charge+0x216/0x560
[ 1610.652896][T18434]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1610.659006][T18434]  wp_page_copy+0x367/0x18c0
[ 1610.659027][T18434]  ? rcu_lock_release+0x30/0x30
[ 1610.659040][T18434]  ? __lock_acquire+0x4750/0x4750
[ 1610.659055][T18434]  ? __kasan_check_read+0x11/0x20
[ 1610.659079][T18434]  ? do_raw_spin_unlock+0x49/0x260
[ 1610.687311][T18434]  do_wp_page+0x2c9/0x1ce0
[ 1610.691931][T18434]  ? __rwlock_init+0x130/0x130
[ 1610.696704][T18434]  ? count_memcg_event_mm+0x300/0x300
[ 1610.702098][T18434]  handle_mm_fault+0x2bcf/0x6080
[ 1610.707064][T18434]  ? finish_fault+0x230/0x230
[ 1610.711776][T18434]  ? vmacache_find+0x50f/0x5b0
[ 1610.716548][T18434]  ? vmacache_update+0xb7/0x120
[ 1610.721414][T18434]  do_user_addr_fault+0x589/0xaf0
[ 1610.726482][T18434]  __do_page_fault+0xd3/0x1f0
[ 1610.731171][T18434]  do_page_fault+0x99/0xb0
[ 1610.735603][T18434]  page_fault+0x39/0x40
[ 1610.739765][T18434] RIP: 0033:0x430906
[ 1610.743665][T18434] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1610.763354][T18434] RSP: 002b:00007ffc50c868e0 EFLAGS: 00010206
[ 1610.763361][T18434] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1610.763365][T18434] RDX: 00005555567a1930 RSI: 00005555567a9970 RDI: 0000000000000003
[ 1610.763371][T18434] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555567a0940
[ 1610.763374][T18434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1610.763377][T18434] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
14:32:45 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

[ 1610.763442][T18434] memory: usage 884kB, limit 0kB, failcnt 170
[ 1610.763447][T18434] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1610.763451][T18434] Memory cgroup stats for /syz3:
[ 1610.763497][T18434] anon 8192
[ 1610.763497][T18434] file 0
[ 1610.763497][T18434] kernel_stack 65536
[ 1610.763497][T18434] slab 856064
[ 1610.763497][T18434] sock 0
[ 1610.763497][T18434] shmem 0
[ 1610.763497][T18434] file_mapped 0
[ 1610.763497][T18434] file_dirty 0
[ 1610.763497][T18434] file_writeback 0
[ 1610.763497][T18434] anon_thp 0
[ 1610.763497][T18434] inactive_anon 0
[ 1610.763497][T18434] active_anon 8192
[ 1610.763497][T18434] inactive_file 0
[ 1610.763497][T18434] active_file 0
[ 1610.763497][T18434] unevictable 0
[ 1610.763497][T18434] slab_reclaimable 270336
[ 1610.763497][T18434] slab_unreclaimable 585728
[ 1610.763497][T18434] pgfault 251790
[ 1610.763497][T18434] pgmajfault 0
[ 1610.763497][T18434] workingset_refault 0
[ 1610.763497][T18434] workingset_activate 0
[ 1610.763497][T18434] workingset_nodereclaim 0
[ 1610.763497][T18434] pgrefill 0
[ 1610.763497][T18434] pgscan 0
[ 1610.763497][T18434] pgsteal 0
[ 1610.763497][T18434] pgactivate 0
[ 1610.763497][T18434] pgdeactivate 0
[ 1610.763508][T18434] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18434,uid=0
[ 1610.763560][T18434] Memory cgroup out of memory: Killed process 18434 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
[ 1610.798463][ T1056] oom_reaper: reaped process 18434 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:32:46 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x24)
ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xe)
ioctl$SIOCAX25DELFWD(r1, 0x89eb, &(0x7f0000000080)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}})
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x40000})

[ 1610.810831][T18436] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1610.950912][T18436] CPU: 0 PID: 18436 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1610.971760][T18436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1610.971766][T18436] Call Trace:
[ 1610.971788][T18436]  dump_stack+0x1d8/0x2f8
[ 1610.971801][T18436]  dump_header+0xd8/0x970
[ 1610.971813][T18436]  oom_kill_process+0xcd/0x320
[ 1610.971824][T18436]  out_of_memory+0x5e1/0x8a0
[ 1610.971842][T18436]  ? unregister_oom_notifier+0x20/0x20
[ 1611.016267][T18436]  ? __kasan_check_read+0x11/0x20
[ 1611.021305][T18436]  try_charge+0x134a/0x17b0
[ 1611.025845][T18436]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1611.031672][T18436]  ? __lock_acquire+0x4750/0x4750
[ 1611.036711][T18436]  ? rcu_lock_release+0x15/0x20
[ 1611.041569][T18436]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1611.047124][T18436]  mem_cgroup_try_charge+0x216/0x560
[ 1611.052421][T18436]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1611.058065][T18436]  wp_page_copy+0x367/0x18c0
14:32:46 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x2, 0x100)
r2 = syz_genetlink_get_family_id$fou(&(0x7f00000001c0)='fou\x00')
sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x12004}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r2, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @remote}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
ioctl$TCXONC(r0, 0x540a, 0x9de1)
r3 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x102)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000000)={0x9, 0x1, 0x0, 0x7})
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101000, 0x0)
ioctl$SG_SET_COMMAND_Q(r4, 0x2271, &(0x7f0000000100))
ioctl$void(r3, 0xc0045c79)

[ 1611.062696][T18436]  ? rcu_lock_release+0x30/0x30
[ 1611.067576][T18436]  ? __lock_acquire+0x4750/0x4750
[ 1611.072616][T18436]  ? __kasan_check_read+0x11/0x20
[ 1611.077678][T18436]  ? do_raw_spin_unlock+0x49/0x260
[ 1611.082814][T18436]  do_wp_page+0x2c9/0x1ce0
[ 1611.087242][T18436]  ? __rwlock_init+0x130/0x130
[ 1611.092020][T18436]  ? count_memcg_event_mm+0x300/0x300
[ 1611.097413][T18436]  handle_mm_fault+0x2bcf/0x6080
[ 1611.102364][T18436]  ? finish_fault+0x230/0x230
[ 1611.107085][T18436]  ? vmacache_find+0x251/0x5b0
[ 1611.111949][T18436]  do_user_addr_fault+0x589/0xaf0
[ 1611.116983][T18436]  __do_page_fault+0xd3/0x1f0
[ 1611.121668][T18436]  do_page_fault+0x99/0xb0
[ 1611.126101][T18436]  page_fault+0x39/0x40
[ 1611.130262][T18436] RIP: 0033:0x430906
[ 1611.134167][T18436] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1611.153785][T18436] RSP: 002b:00007ffea419c250 EFLAGS: 00010206
[ 1611.159868][T18436] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1611.167849][T18436] RDX: 00005555574c4930 RSI: 00005555574cc970 RDI: 0000000000000003
[ 1611.175835][T18436] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555574c3940
[ 1611.183810][T18436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1611.191791][T18436] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1611.199882][T18436] memory: usage 948kB, limit 0kB, failcnt 489440
[ 1611.206245][T18436] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
14:32:46 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

[ 1611.213175][T18436] Memory cgroup stats for /syz2:
[ 1611.213271][T18436] anon 77824
[ 1611.213271][T18436] file 274432
[ 1611.213271][T18436] kernel_stack 0
[ 1611.213271][T18436] slab 831488
[ 1611.213271][T18436] sock 0
[ 1611.213271][T18436] shmem 172032
[ 1611.213271][T18436] file_mapped 135168
[ 1611.213271][T18436] file_dirty 135168
[ 1611.213271][T18436] file_writeback 135168
[ 1611.213271][T18436] anon_thp 0
[ 1611.213271][T18436] inactive_anon 135168
[ 1611.213271][T18436] active_anon 77824
[ 1611.213271][T18436] inactive_file 135168
[ 1611.213271][T18436] active_file 135168
[ 1611.213271][T18436] unevictable 0
[ 1611.213271][T18436] slab_reclaimable 270336
[ 1611.213271][T18436] slab_unreclaimable 561152
[ 1611.213271][T18436] pgfault 191961
[ 1611.213271][T18436] pgmajfault 0
[ 1611.213271][T18436] workingset_refault 0
[ 1611.213271][T18436] workingset_activate 0
[ 1611.213271][T18436] workingset_nodereclaim 0
[ 1611.213271][T18436] pgrefill 0
[ 1611.213271][T18436] pgscan 0
[ 1611.213271][T18436] pgsteal 0
[ 1611.213271][T18436] pgactivate 0
[ 1611.309389][T18436] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18436,uid=0
[ 1611.309481][T18436] Memory cgroup out of memory: Killed process 18436 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
14:32:46 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x3})

[ 1611.368247][ T1056] oom_reaper: reaped process 18436 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:32:47 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:47 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:32:47 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x10000, 0x0)
ioctl$PPPIOCGDEBUG(r1, 0x80047441, &(0x7f0000000080))
connect$nfc_llcp(r1, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x5, 0x9, 0x80000001, "9d8cb22cfeddfa9bccb26a0c90d918d0ad9e2b777fcde22d250749a139ba805cdae76adee7674eab6a89d49154ac0cc149c40e89b93643e0617bce627c64cf", 0x26}, 0x60)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000100)={<r2=>0x0})
ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f0000000140)={r2, 0x2})
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
ioctl$SIOCAX25NOUID(r1, 0x89e3, &(0x7f0000000200))

14:32:47 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x4})

[ 1613.251145][T18498] IPVS: ftp: loaded support on port[0] = 21
[ 1613.391030][T18498] chnl_net:caif_netlink_parms(): no params data found
[ 1613.454612][T18498] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1613.461817][T18498] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1613.470017][T18498] device bridge_slave_0 entered promiscuous mode
[ 1613.489087][T18498] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1613.496178][T18498] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1613.504321][T18498] device bridge_slave_1 entered promiscuous mode
[ 1613.525198][T18498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1613.536207][T18498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1613.561399][T18498] team0: Port device team_slave_0 added
[ 1613.569472][T18498] team0: Port device team_slave_1 added
[ 1613.620559][T18498] device hsr_slave_0 entered promiscuous mode
[ 1613.647939][T18498] device hsr_slave_1 entered promiscuous mode
[ 1613.687693][T18498] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1613.740282][T18498] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1613.755495][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1613.774431][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1613.782702][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1613.797482][T18498] 8021q: adding VLAN 0 to HW filter on device team0
[ 1613.807039][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1613.815716][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1613.824141][T17896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1613.831257][T17896] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1613.839654][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1613.850394][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1613.859194][T17583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1613.867534][T17583] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1613.874678][T17583] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1613.892635][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1613.908397][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1613.916473][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1613.925355][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1613.937340][T18498] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1613.949366][T18498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1613.957442][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1613.976767][T18498] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1614.107423][T18510] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1614.121637][T18510] CPU: 0 PID: 18510 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1614.129275][T18510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1614.139309][T18510] Call Trace:
[ 1614.142595][T18510]  dump_stack+0x1d8/0x2f8
[ 1614.146925][T18510]  dump_header+0xd8/0x970
[ 1614.151242][T18510]  oom_kill_process+0xcd/0x320
[ 1614.156086][T18510]  out_of_memory+0x5e1/0x8a0
[ 1614.160674][T18510]  ? unregister_oom_notifier+0x20/0x20
[ 1614.166114][T18510]  ? trace_hardirqs_on+0x74/0x80
[ 1614.171066][T18510]  memory_max_write+0x537/0x6a0
[ 1614.175933][T18510]  ? lock_acquire+0x158/0x250
[ 1614.180618][T18510]  ? memory_max_show+0xa0/0xa0
[ 1614.185382][T18510]  ? trace_lock_acquire+0x154/0x1b0
[ 1614.190580][T18510]  ? lock_acquire+0x158/0x250
[ 1614.195247][T18510]  ? kernfs_fop_write+0x22e/0x4f0
[ 1614.200252][T18510]  ? memory_max_show+0xa0/0xa0
[ 1614.204996][T18510]  cgroup_file_write+0x27b/0x6e0
[ 1614.209917][T18510]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1614.215010][T18510]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1614.220106][T18510]  kernfs_fop_write+0x3e4/0x4f0
[ 1614.224955][T18510]  ? kernfs_fop_read+0x580/0x580
[ 1614.229884][T18510]  __vfs_write+0xf9/0x7d0
[ 1614.234199][T18510]  ? lockdep_hardirqs_on+0x3c5/0x7d0
[ 1614.239475][T18510]  ? __kernel_write+0x350/0x350
[ 1614.244321][T18510]  ? trace_lock_acquire+0x154/0x1b0
[ 1614.249531][T18510]  ? __sb_start_write+0x39c/0x440
[ 1614.254541][T18510]  vfs_write+0x275/0x590
[ 1614.258769][T18510]  ksys_write+0x16b/0x2a0
[ 1614.263145][T18510]  ? __ia32_sys_read+0x90/0x90
[ 1614.267914][T18510]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1614.273617][T18510]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1614.279329][T18510]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1614.284787][T18510]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1614.290599][T18510]  ? do_syscall_64+0x1d/0x140
[ 1614.295260][T18510]  __x64_sys_write+0x7b/0x90
[ 1614.299844][T18510]  do_syscall_64+0xfe/0x140
[ 1614.304353][T18510]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1614.310230][T18510] RIP: 0033:0x459829
[ 1614.314106][T18510] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1614.333693][T18510] RSP: 002b:00007f1818670c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1614.342169][T18510] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1614.350118][T18510] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1614.358067][T18510] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1614.366041][T18510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18186716d4
[ 1614.374014][T18510] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1614.382190][T18510] memory: usage 3396kB, limit 0kB, failcnt 263
[ 1614.388581][T18510] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1614.395544][T18510] Memory cgroup stats for /syz4:
[ 1614.396503][T18510] anon 2174976
[ 1614.396503][T18510] file 299008
[ 1614.396503][T18510] kernel_stack 65536
[ 1614.396503][T18510] slab 950272
[ 1614.396503][T18510] sock 0
[ 1614.396503][T18510] shmem 102400
[ 1614.396503][T18510] file_mapped 135168
[ 1614.396503][T18510] file_dirty 0
[ 1614.396503][T18510] file_writeback 0
[ 1614.396503][T18510] anon_thp 2097152
[ 1614.396503][T18510] inactive_anon 135168
[ 1614.396503][T18510] active_anon 2174976
[ 1614.396503][T18510] inactive_file 135168
[ 1614.396503][T18510] active_file 0
[ 1614.396503][T18510] unevictable 0
[ 1614.396503][T18510] slab_reclaimable 405504
[ 1614.396503][T18510] slab_unreclaimable 544768
[ 1614.396503][T18510] pgfault 355278
[ 1614.396503][T18510] pgmajfault 0
[ 1614.396503][T18510] workingset_refault 0
[ 1614.396503][T18510] workingset_activate 0
[ 1614.396503][T18510] workingset_nodereclaim 0
[ 1614.396503][T18510] pgrefill 0
[ 1614.396503][T18510] pgscan 0
[ 1614.396503][T18510] pgsteal 0
[ 1614.396503][T18510] pgactivate 0
[ 1614.492729][T18510] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18508,uid=0
[ 1614.508684][T18510] Memory cgroup out of memory: Killed process 18508 (syz-executor.4) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1614.526014][ T1056] oom_reaper: reaped process 18508 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
14:32:49 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:32:49 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x5})

14:32:49 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x1})
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x1ff, 0x103000)
getsockopt$inet6_opts(r1, 0x29, 0x3f, &(0x7f0000000100)=""/4096, &(0x7f0000000080)=0x1000)

14:32:49 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:49 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:32:49 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

[ 1614.673101][T18498] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1614.683930][T18498] CPU: 1 PID: 18498 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1614.694450][T18498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1614.704516][T18498] Call Trace:
[ 1614.707809][T18498]  dump_stack+0x1d8/0x2f8
[ 1614.712133][T18498]  dump_header+0xd8/0x970
[ 1614.716452][T18498]  oom_kill_process+0xcd/0x320
[ 1614.721205][T18498]  out_of_memory+0x5e1/0x8a0
[ 1614.725787][T18498]  ? unregister_oom_notifier+0x20/0x20
[ 1614.731260][T18498]  ? __kasan_check_read+0x11/0x20
[ 1614.736278][T18498]  try_charge+0x134a/0x17b0
[ 1614.740799][T18498]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1614.746604][T18498]  ? __lock_acquire+0x4750/0x4750
[ 1614.751625][T18498]  ? rcu_lock_release+0x15/0x20
[ 1614.756468][T18498]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1614.762004][T18498]  mem_cgroup_try_charge+0x216/0x560
[ 1614.767282][T18498]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1614.772926][T18498]  wp_page_copy+0x367/0x18c0
[ 1614.777518][T18498]  ? rcu_lock_release+0x30/0x30
[ 1614.782363][T18498]  ? __lock_acquire+0x4750/0x4750
[ 1614.787386][T18498]  ? __kasan_check_read+0x11/0x20
[ 1614.792403][T18498]  ? do_raw_spin_unlock+0x49/0x260
[ 1614.797512][T18498]  do_wp_page+0x2c9/0x1ce0
[ 1614.801955][T18498]  ? __rwlock_init+0x130/0x130
[ 1614.806713][T18498]  ? count_memcg_event_mm+0x300/0x300
[ 1614.812097][T18498]  handle_mm_fault+0x2bcf/0x6080
[ 1614.817039][T18498]  ? finish_fault+0x230/0x230
[ 1614.821736][T18498]  ? vmacache_find+0x566/0x5b0
[ 1614.826490][T18498]  ? vmacache_update+0xb7/0x120
[ 1614.831336][T18498]  do_user_addr_fault+0x589/0xaf0
[ 1614.836358][T18498]  __do_page_fault+0xd3/0x1f0
[ 1614.841027][T18498]  do_page_fault+0x99/0xb0
[ 1614.845431][T18498]  page_fault+0x39/0x40
[ 1614.849577][T18498] RIP: 0033:0x430906
[ 1614.853462][T18498] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1614.873069][T18498] RSP: 002b:00007ffe00c627b0 EFLAGS: 00010206
[ 1614.879130][T18498] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1614.887102][T18498] RDX: 0000555555d0d930 RSI: 0000555555d15970 RDI: 0000000000000003
[ 1614.895073][T18498] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555d0c940
[ 1614.903040][T18498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1614.911017][T18498] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1614.919107][T18498] memory: usage 1020kB, limit 0kB, failcnt 296
[ 1614.925291][T18498] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1614.932198][T18498] Memory cgroup stats for /syz4:
[ 1614.932271][T18498] anon 86016
[ 1614.932271][T18498] file 299008
[ 1614.932271][T18498] kernel_stack 0
[ 1614.932271][T18498] slab 950272
[ 1614.932271][T18498] sock 0
[ 1614.932271][T18498] shmem 102400
[ 1614.932271][T18498] file_mapped 135168
[ 1614.932271][T18498] file_dirty 0
[ 1614.932271][T18498] file_writeback 0
[ 1614.932271][T18498] anon_thp 0
[ 1614.932271][T18498] inactive_anon 135168
[ 1614.932271][T18498] active_anon 86016
[ 1614.932271][T18498] inactive_file 135168
[ 1614.932271][T18498] active_file 0
[ 1614.932271][T18498] unevictable 0
[ 1614.932271][T18498] slab_reclaimable 405504
[ 1614.932271][T18498] slab_unreclaimable 544768
[ 1614.932271][T18498] pgfault 355278
[ 1614.932271][T18498] pgmajfault 0
[ 1614.932271][T18498] workingset_refault 0
[ 1614.932271][T18498] workingset_activate 0
[ 1614.932271][T18498] workingset_nodereclaim 0
[ 1614.932271][T18498] pgrefill 0
[ 1614.932271][T18498] pgscan 0
[ 1614.932271][T18498] pgsteal 0
14:32:50 executing program 5:
set_robust_list(&(0x7f0000000180)={&(0x7f0000000080)={&(0x7f0000000000)}, 0x20, &(0x7f0000000140)={&(0x7f0000000100)}}, 0x18)
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
io_setup(0x7fffffff, &(0x7f00000001c0)=<r1=>0x0)
r2 = syz_open_dev$sndpcmc(&(0x7f00000002c0)='/dev/snd/pcmC#D#c\x00', 0x8, 0x0)
r3 = syz_open_dev$adsp(&(0x7f0000000400)='/dev/adsp#\x00', 0x1, 0x200001)
r4 = creat(&(0x7f0000000540)='./file0\x00', 0x71)
r5 = openat$vsock(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/vsock\x00', 0x400000, 0x0)
io_submit(r1, 0x4, &(0x7f0000000740)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x5, r0, &(0x7f0000000200)="79244960f11f5549a998c1e3f9a56e48d38a867cce2997f7d0de297975b31e10a0cb8a40b6b527be4bcf4e2d7be9f471cac8cfcad3f8564d282231f596b0845dfd4191e8273875fee2bd84f60f7dea0e6f5509560aaff9066c810386e9b51c6a9150ad97a11eb236b523ce564d92a17aeb4a595dadd899bd8356b7ac45e0892c32edac70f120a1a6bea14921affd99d6fe7da36ee85e338cbf", 0x99, 0x80000001, 0x0, 0x2, r2}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0xb, 0x100000000, r0, &(0x7f0000000340)="557763e6dcec699aca091be3c78fd109951b7e6adf261d275b05517d168dfbb6536c2a1fcf33471622df61c133d3372aefe0d108aafc82423bfb16965c3d23abe1437ef4acf2e624de002f34eaf3951258122f29180cdf674171aa10daa4c24ff4e7032c33f0df72d9e887b9fc3fc1b271568ac3f1cb27bac4e038cd7b057c0f4bc1e6cad636b8096a02976b8fbf1e0bf57781576431c301061eaa5f109743b87ac2bd8a886f35ad3f575282c146b3ce183b46ba4c9f", 0xb6, 0x1, 0x0, 0x0, r3}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x5, 0x5, r0, &(0x7f0000000480)="8998ed0c1b35828622acc4b3caa33223a80720e09f68b14144768ebfecb005e87e329b0a0717f25ef8f1c83a6619f5bab21e0e91a50d7897b4fbebe953e01ee11ab7c8a718f7d3fc1d234c3afd8d4ea7ea72e4d5f4fbdddfdbd71a0fc57af6197e7f6d3dd9299c2b899d2012bad59bddebf8105e4d07c00ff4a56cbee76a36a6e8c162ce949233af4df209047d7f887f98d5915abd4fe605d8849ef72044db2923b3da3a6d9c3ba22d3d74bc485d6cc063076aa5beecd835", 0xb8, 0x80, 0x0, 0x1, r4}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x7, 0x1ff, r0, &(0x7f00000005c0)="c788f9853afdd9c0c69b980c26856bb58af4e2cfdca8b9b6e09850fb933943855f663735ecbcc181ad5ab28f056e0fa21e37a28d3d1561614451d6dfbd43aef5b643e2bf61d8184a5edd823bb6f1c2b35dd2e72523b5e7d60a165b58ddb0dbc7bd75318afa688cc2c87d14a6762343343b9859824285e34da4011bbe5004c327b69a3657e36999e096ac51ba501cd6a585671966e5ef21a48d5232635bf63b3a715ad9fec04f85763b403c033fccadbbaf5b0b5244861b0b7b3fd30400b129f197fd27b7e6602af37b06190484e3e56a1f7dde29540b19868117a2a7865e51b0d2fc1411d21811", 0xe7, 0x2, 0x0, 0x0, r5}])

[ 1614.932271][T18498] pgactivate 0
[ 1615.026974][T18498] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18498,uid=0
[ 1615.042491][T18498] Memory cgroup out of memory: Killed process 18498 (syz-executor.4) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
[ 1615.050102][ T1056] oom_reaper: reaped process 18498 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:32:50 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:32:50 executing program 5:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0)
setsockopt$packet_buf(r0, 0x107, 0x6, &(0x7f0000000100)="600f824cd9bd0879de3dd6e65af3f15ba26d945fe567483778d4ec8dc77ceb9d7449616c55e04bcc58c566d5754d90f67fd8cc77fadfbfd6a7151369112577904efacab417c857cbbb8b1ddce57575e50612cfb14e4cf16e47b108c7d7186d00c414e4f19842250b367a521602b29258c5ba5e441e360c2915714c093c9fef6c7468fb11c516cf1a9ec814deecc55734c8037e58e2a04c09165e3f7141f50104b3d12556c4e71430a45855f704ab58c480b7cc7f588d41136ab265b1b8daf4ac07d073d542c7acda200dfa8586425e0c8296a81bff3b0fe0b4636d10b205d46512bfc7a281cfba82487b49549854185a5cff68b821a8726a0c563703", 0xffffff16)
r1 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000080)={0x0, 0x1, 0xaf, 0x394e331f, 0xffffffffffffffe0, 0x1, 0x40}, 0xc)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0x5452, &(0x7f0000000040)={0x9})

14:32:50 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x6})

14:32:50 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:32:50 executing program 5:
r0 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x3, 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000100)={0x2, 0x1be}, 0x2)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x10000000000000)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0x5452, &(0x7f0000000040)={0x9})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000001c0)=0xee4e, 0x4)
listen(r2, 0x5)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffb000/0x3000)=nil, 0x3000}, &(0x7f0000000180)=0x10)

14:32:51 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:32:51 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000000))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000001c0)={&(0x7f0000ff5000/0x9000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff5000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff2000/0xe000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)="4d946501d30ab70bbafca7c47de54b2a3b03f7466260b80573dafb5e5a59015fac612b52f0e3b5e26613cbae8ce6fd414764af5262b031ed8f0a5c1d1d764b8ccdc5f5011041c1631fa03182e8c5d9cf62c999eb0c79649f68cff13cd807781223b8f4181a6fd923ce0ef78e8055673c7e1ef4c68298045ada06d52e7e7c3c6dc98045add03cc097a2fb29215d6d1f66a32fab67420d437458cb410a3e8381d059513f0f9de0ee6c6384ca69e9a5965830c50ac48d1d61", 0xb7, r0}, 0x68)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:32:51 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:32:51 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x7})

[ 1616.904529][T18547] IPVS: ftp: loaded support on port[0] = 21
[ 1617.876785][T18559] IPVS: ftp: loaded support on port[0] = 21
[ 1618.579525][T18559] chnl_net:caif_netlink_parms(): no params data found
[ 1618.594538][T18547] chnl_net:caif_netlink_parms(): no params data found
[ 1618.627083][T18559] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1618.634276][T18559] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1618.642310][T18559] device bridge_slave_0 entered promiscuous mode
[ 1618.654051][T18559] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1618.662726][T18559] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1618.670789][T18559] device bridge_slave_1 entered promiscuous mode
[ 1618.709114][T18559] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1618.720106][T18559] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1618.940093][T18547] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1618.947298][T18547] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1618.955434][T18547] device bridge_slave_0 entered promiscuous mode
[ 1619.166186][T18547] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1619.173350][T18547] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1619.181236][T18547] device bridge_slave_1 entered promiscuous mode
[ 1619.189911][T18559] team0: Port device team_slave_0 added
[ 1619.207304][T18559] team0: Port device team_slave_1 added
[ 1619.215623][T18547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1619.238809][T18547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1619.309339][T18559] device hsr_slave_0 entered promiscuous mode
[ 1619.347931][T18559] device hsr_slave_1 entered promiscuous mode
[ 1619.397933][T18559] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1619.406739][T18547] team0: Port device team_slave_0 added
[ 1619.626018][T18547] team0: Port device team_slave_1 added
[ 1619.646847][  T788] device bridge_slave_1 left promiscuous mode
[ 1619.653184][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1619.698892][  T788] device bridge_slave_0 left promiscuous mode
[ 1619.705047][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1619.739749][  T788] device bridge_slave_1 left promiscuous mode
[ 1619.745902][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1619.778648][  T788] device bridge_slave_0 left promiscuous mode
[ 1619.784830][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1619.818952][  T788] device bridge_slave_1 left promiscuous mode
[ 1619.825148][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1619.879204][  T788] device bridge_slave_0 left promiscuous mode
[ 1619.885402][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1625.387981][  T788] device hsr_slave_0 left promiscuous mode
[ 1625.447904][  T788] device hsr_slave_1 left promiscuous mode
[ 1625.494416][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1625.507363][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1625.520068][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1625.563484][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1625.632605][  T788] bond0 (unregistering): Released all slaves
[ 1625.768215][  T788] device hsr_slave_0 left promiscuous mode
[ 1625.827866][  T788] device hsr_slave_1 left promiscuous mode
[ 1625.890946][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1625.903913][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1625.915422][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1625.952274][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1626.029690][  T788] bond0 (unregistering): Released all slaves
[ 1626.159106][  T788] device hsr_slave_0 left promiscuous mode
[ 1626.197747][  T788] device hsr_slave_1 left promiscuous mode
[ 1626.246117][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1626.259351][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1626.271239][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1626.341443][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1626.410805][  T788] bond0 (unregistering): Released all slaves
[ 1626.560508][T18547] device hsr_slave_0 entered promiscuous mode
[ 1626.618122][T18547] device hsr_slave_1 entered promiscuous mode
[ 1626.657722][T18547] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1626.723779][T18547] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1626.737145][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1626.745391][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1626.761260][T18547] 8021q: adding VLAN 0 to HW filter on device team0
[ 1626.779185][T18559] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1626.786096][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1626.795104][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1626.803568][T17896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1626.810648][T17896] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1626.818365][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1626.826972][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1626.835492][T17896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1626.842608][T17896] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1626.851797][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1626.869145][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1626.878215][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1626.887117][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1626.895963][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1626.916305][T18547] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1626.926791][T18547] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1626.942919][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1626.950947][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1626.960723][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1626.969362][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1626.977763][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1626.986299][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1626.994943][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1627.011699][T18559] 8021q: adding VLAN 0 to HW filter on device team0
[ 1627.041397][T18559] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1627.051847][T18559] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1627.142050][T18547] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1627.149995][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1627.157994][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1627.165837][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1627.173779][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1627.183217][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1627.191707][T17834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1627.198829][T17834] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1627.206500][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1627.215268][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1627.223558][T17834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1627.230663][T17834] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1627.238361][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1627.246892][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1627.255512][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1627.263945][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1627.272437][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1627.280876][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1627.289373][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1627.297685][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1627.305979][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1627.314354][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1627.356757][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1627.364820][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1627.372835][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1627.388761][T18559] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1627.669794][T18570] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1627.680183][T18570] CPU: 0 PID: 18570 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1627.687840][T18570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1627.697907][T18570] Call Trace:
[ 1627.701211][T18570]  dump_stack+0x1d8/0x2f8
[ 1627.705542][T18570]  dump_header+0xd8/0x970
[ 1627.709874][T18570]  oom_kill_process+0xcd/0x320
[ 1627.714635][T18570]  out_of_memory+0x5e1/0x8a0
[ 1627.719225][T18570]  ? unregister_oom_notifier+0x20/0x20
[ 1627.724683][T18570]  ? __kasan_check_read+0x11/0x20
[ 1627.729712][T18570]  try_charge+0x134a/0x17b0
[ 1627.734238][T18570]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1627.740051][T18570]  ? __lock_acquire+0x4750/0x4750
[ 1627.745091][T18570]  ? rcu_lock_release+0x15/0x20
[ 1627.749945][T18570]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1627.755497][T18570]  mem_cgroup_try_charge+0x216/0x560
[ 1627.760792][T18570]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1627.766903][T18570]  handle_mm_fault+0x31f3/0x6080
[ 1627.771866][T18570]  ? finish_fault+0x230/0x230
[ 1627.776550][T18570]  ? vmacache_find+0x566/0x5b0
[ 1627.781305][T18570]  ? vmacache_update+0xb7/0x120
[ 1627.786160][T18570]  do_user_addr_fault+0x589/0xaf0
[ 1627.791197][T18570]  __do_page_fault+0xd3/0x1f0
[ 1627.795869][T18570]  do_page_fault+0x99/0xb0
[ 1627.800285][T18570]  page_fault+0x39/0x40
[ 1627.804432][T18570] RIP: 0033:0x41116f
[ 1627.808323][T18570] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1627.827936][T18570] RSP: 002b:00007fff5c5b81a0 EFLAGS: 00010206
[ 1627.834039][T18570] RAX: 00007fd793a49000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1627.842008][T18570] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1627.849983][T18570] RBP: 00007fff5c5b8280 R08: ffffffffffffffff R09: 0000000000000000
[ 1627.857953][T18570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff5c5b8370
[ 1627.865953][T18570] R13: 00007fd793a69700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1627.875068][T18570] memory: usage 3284kB, limit 0kB, failcnt 489449
[ 1627.881556][T18570] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1627.888451][T18570] Memory cgroup stats for /syz2:
[ 1627.888552][T18570] anon 2134016
[ 1627.888552][T18570] file 274432
[ 1627.888552][T18570] kernel_stack 0
[ 1627.888552][T18570] slab 831488
[ 1627.888552][T18570] sock 0
[ 1627.888552][T18570] shmem 172032
[ 1627.888552][T18570] file_mapped 135168
[ 1627.888552][T18570] file_dirty 135168
[ 1627.888552][T18570] file_writeback 0
[ 1627.888552][T18570] anon_thp 2097152
[ 1627.888552][T18570] inactive_anon 135168
[ 1627.888552][T18570] active_anon 2134016
[ 1627.888552][T18570] inactive_file 135168
[ 1627.888552][T18570] active_file 135168
[ 1627.888552][T18570] unevictable 0
[ 1627.888552][T18570] slab_reclaimable 270336
[ 1627.888552][T18570] slab_unreclaimable 561152
[ 1627.888552][T18570] pgfault 192027
[ 1627.888552][T18570] pgmajfault 0
[ 1627.888552][T18570] workingset_refault 0
[ 1627.888552][T18570] workingset_activate 0
[ 1627.888552][T18570] workingset_nodereclaim 0
[ 1627.888552][T18570] pgrefill 0
[ 1627.888552][T18570] pgscan 0
[ 1627.888552][T18570] pgsteal 0
[ 1627.982112][T18570] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18570,uid=0
[ 1627.997642][T18570] Memory cgroup out of memory: Killed process 18570 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[ 1628.012824][ T1056] oom_reaper: reaped process 18570 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
[ 1628.019089][T18576] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1628.034171][T18576] CPU: 0 PID: 18576 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1628.041806][T18576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1628.051869][T18576] Call Trace:
[ 1628.055176][T18576]  dump_stack+0x1d8/0x2f8
[ 1628.059513][T18576]  dump_header+0xd8/0x970
[ 1628.063847][T18576]  oom_kill_process+0xcd/0x320
[ 1628.068611][T18576]  out_of_memory+0x5e1/0x8a0
[ 1628.073206][T18576]  ? unregister_oom_notifier+0x20/0x20
[ 1628.078668][T18576]  ? __kasan_check_read+0x11/0x20
[ 1628.083702][T18576]  try_charge+0x134a/0x17b0
[ 1628.088225][T18576]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1628.094035][T18576]  ? __lock_acquire+0x4750/0x4750
[ 1628.099065][T18576]  ? rcu_lock_release+0x15/0x20
[ 1628.103937][T18576]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1628.109484][T18576]  mem_cgroup_try_charge+0x216/0x560
[ 1628.114775][T18576]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1628.120409][T18576]  handle_mm_fault+0x31f3/0x6080
[ 1628.125360][T18576]  ? finish_fault+0x230/0x230
[ 1628.130039][T18576]  ? vmacache_find+0x566/0x5b0
[ 1628.134880][T18576]  ? vmacache_update+0xb7/0x120
[ 1628.139752][T18576]  do_user_addr_fault+0x589/0xaf0
[ 1628.144782][T18576]  __do_page_fault+0xd3/0x1f0
[ 1628.149469][T18576]  do_page_fault+0x99/0xb0
[ 1628.153887][T18576]  page_fault+0x39/0x40
[ 1628.158031][T18576] RIP: 0033:0x41116f
[ 1628.161925][T18576] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1628.181710][T18576] RSP: 002b:00007ffdd3a6cc50 EFLAGS: 00010206
[ 1628.187787][T18576] RAX: 00007f7f03303000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1628.195763][T18576] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1628.203741][T18576] RBP: 00007ffdd3a6cd30 R08: ffffffffffffffff R09: 0000000000000000
[ 1628.211711][T18576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdd3a6ce20
[ 1628.219682][T18576] R13: 00007f7f03323700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1628.229094][T18576] memory: usage 3140kB, limit 0kB, failcnt 179
[ 1628.235259][T18576] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1628.242174][T18576] Memory cgroup stats for /syz3:
[ 1628.242273][T18576] anon 2183168
[ 1628.242273][T18576] file 0
[ 1628.242273][T18576] kernel_stack 65536
[ 1628.242273][T18576] slab 856064
[ 1628.242273][T18576] sock 0
[ 1628.242273][T18576] shmem 0
[ 1628.242273][T18576] file_mapped 0
[ 1628.242273][T18576] file_dirty 0
[ 1628.242273][T18576] file_writeback 0
[ 1628.242273][T18576] anon_thp 2097152
[ 1628.242273][T18576] inactive_anon 0
[ 1628.242273][T18576] active_anon 2183168
[ 1628.242273][T18576] inactive_file 0
[ 1628.242273][T18576] active_file 0
[ 1628.242273][T18576] unevictable 0
[ 1628.242273][T18576] slab_reclaimable 270336
[ 1628.242273][T18576] slab_unreclaimable 585728
[ 1628.242273][T18576] pgfault 251856
[ 1628.242273][T18576] pgmajfault 0
[ 1628.242273][T18576] workingset_refault 0
[ 1628.242273][T18576] workingset_activate 0
[ 1628.242273][T18576] workingset_nodereclaim 0
[ 1628.242273][T18576] pgrefill 0
[ 1628.242273][T18576] pgscan 0
[ 1628.242273][T18576] pgsteal 0
[ 1628.242273][T18576] pgactivate 0
[ 1628.336002][T18576] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18576,uid=0
[ 1628.351626][T18576] Memory cgroup out of memory: Killed process 18576 (syz-executor.3) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1628.366848][ T1056] oom_reaper: reaped process 18576 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
[ 1628.415884][T18547] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1628.425964][T18547] CPU: 0 PID: 18547 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1628.433606][T18547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1628.443669][T18547] Call Trace:
[ 1628.446969][T18547]  dump_stack+0x1d8/0x2f8
[ 1628.451305][T18547]  dump_header+0xd8/0x970
[ 1628.455632][T18547]  oom_kill_process+0xcd/0x320
[ 1628.460391][T18547]  out_of_memory+0x5e1/0x8a0
[ 1628.464981][T18547]  ? unregister_oom_notifier+0x20/0x20
[ 1628.470443][T18547]  ? __kasan_check_read+0x11/0x20
[ 1628.475566][T18547]  try_charge+0x134a/0x17b0
[ 1628.480102][T18547]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1628.485919][T18547]  ? __lock_acquire+0x4750/0x4750
[ 1628.490956][T18547]  ? rcu_lock_release+0x15/0x20
[ 1628.495812][T18547]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1628.501350][T18547]  mem_cgroup_try_charge+0x216/0x560
[ 1628.506628][T18547]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1628.512253][T18547]  wp_page_copy+0x367/0x18c0
[ 1628.516839][T18547]  ? rcu_lock_release+0x30/0x30
[ 1628.521683][T18547]  ? __lock_acquire+0x4750/0x4750
[ 1628.526702][T18547]  ? __kasan_check_read+0x11/0x20
[ 1628.531729][T18547]  ? do_raw_spin_unlock+0x49/0x260
[ 1628.536830][T18547]  do_wp_page+0x2c9/0x1ce0
[ 1628.541256][T18547]  ? __rwlock_init+0x130/0x130
[ 1628.546011][T18547]  ? count_memcg_event_mm+0x300/0x300
[ 1628.551381][T18547]  handle_mm_fault+0x2bcf/0x6080
[ 1628.556322][T18547]  ? finish_fault+0x230/0x230
[ 1628.560996][T18547]  ? vmacache_find+0x51b/0x5b0
[ 1628.566101][T18547]  ? vmacache_update+0xb7/0x120
[ 1628.570960][T18547]  do_user_addr_fault+0x589/0xaf0
[ 1628.575985][T18547]  __do_page_fault+0xd3/0x1f0
[ 1628.580658][T18547]  do_page_fault+0x99/0xb0
[ 1628.585241][T18547]  page_fault+0x39/0x40
[ 1628.589399][T18547] RIP: 0033:0x430906
[ 1628.593289][T18547] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1628.612902][T18547] RSP: 002b:00007fff5c5b71b0 EFLAGS: 00010206
[ 1628.618982][T18547] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1628.626954][T18547] RDX: 0000555555aac930 RSI: 0000555555ab4970 RDI: 0000000000000003
[ 1628.634928][T18547] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555aab940
[ 1628.642912][T18547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1628.650972][T18547] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
14:33:03 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1628.661523][T18547] memory: usage 956kB, limit 0kB, failcnt 489462
[ 1628.667921][T18547] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1628.674770][T18547] Memory cgroup stats for /syz2:
[ 1628.674878][T18547] anon 0
[ 1628.674878][T18547] file 274432
[ 1628.674878][T18547] kernel_stack 0
[ 1628.674878][T18547] slab 831488
[ 1628.674878][T18547] sock 0
[ 1628.674878][T18547] shmem 172032
[ 1628.674878][T18547] file_mapped 135168
[ 1628.674878][T18547] file_dirty 135168
[ 1628.674878][T18547] file_writeback 0
[ 1628.674878][T18547] anon_thp 0
[ 1628.674878][T18547] inactive_anon 135168
[ 1628.674878][T18547] active_anon 0
[ 1628.674878][T18547] inactive_file 135168
[ 1628.674878][T18547] active_file 135168
[ 1628.674878][T18547] unevictable 0
[ 1628.674878][T18547] slab_reclaimable 270336
[ 1628.674878][T18547] slab_unreclaimable 561152
[ 1628.674878][T18547] pgfault 192060
[ 1628.674878][T18547] pgmajfault 0
[ 1628.674878][T18547] workingset_refault 0
[ 1628.674878][T18547] workingset_activate 0
[ 1628.674878][T18547] workingset_nodereclaim 0
[ 1628.674878][T18547] pgrefill 0
[ 1628.674878][T18547] pgscan 0
[ 1628.674878][T18547] pgsteal 0
14:33:03 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:33:03 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:33:03 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x8000)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:33:03 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:03 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x8})

[ 1628.674878][T18547] pgactivate 0
[ 1628.770494][T18547] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18547,uid=0
[ 1628.785984][T18547] Memory cgroup out of memory: Killed process 18547 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB
[ 1628.800488][ T1056] oom_reaper: reaped process 18547 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
[ 1628.831174][T18559] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1628.841386][T18559] CPU: 0 PID: 18559 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1628.849025][T18559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1628.859433][T18559] Call Trace:
[ 1628.862733][T18559]  dump_stack+0x1d8/0x2f8
[ 1628.867073][T18559]  dump_header+0xd8/0x970
[ 1628.871410][T18559]  oom_kill_process+0xcd/0x320
[ 1628.876170][T18559]  out_of_memory+0x5e1/0x8a0
[ 1628.880758][T18559]  ? unregister_oom_notifier+0x20/0x20
[ 1628.886214][T18559]  ? __kasan_check_read+0x11/0x20
[ 1628.891254][T18559]  try_charge+0x134a/0x17b0
[ 1628.895801][T18559]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1628.901616][T18559]  ? __lock_acquire+0x4750/0x4750
[ 1628.906648][T18559]  ? rcu_lock_release+0x15/0x20
[ 1628.911501][T18559]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1628.917050][T18559]  mem_cgroup_try_charge+0x216/0x560
[ 1628.922344][T18559]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1628.928159][T18559]  wp_page_copy+0x367/0x18c0
[ 1628.932764][T18559]  ? rcu_lock_release+0x30/0x30
[ 1628.937636][T18559]  ? __lock_acquire+0x4750/0x4750
[ 1628.942679][T18559]  ? __kasan_check_read+0x11/0x20
[ 1628.947710][T18559]  ? do_raw_spin_unlock+0x49/0x260
[ 1628.952907][T18559]  do_wp_page+0x2c9/0x1ce0
[ 1628.957322][T18559]  ? __rwlock_init+0x130/0x130
[ 1628.962088][T18559]  ? count_memcg_event_mm+0x300/0x300
[ 1628.967459][T18559]  handle_mm_fault+0x2bcf/0x6080
[ 1628.972399][T18559]  ? finish_fault+0x230/0x230
[ 1628.977078][T18559]  ? vmacache_find+0x51b/0x5b0
[ 1628.981851][T18559]  ? vmacache_update+0xb7/0x120
[ 1628.986712][T18559]  do_user_addr_fault+0x589/0xaf0
[ 1628.991750][T18559]  __do_page_fault+0xd3/0x1f0
[ 1628.996439][T18559]  do_page_fault+0x99/0xb0
[ 1629.000875][T18559]  page_fault+0x39/0x40
[ 1629.005026][T18559] RIP: 0033:0x4034f2
[ 1629.008919][T18559] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1629.029058][T18559] RSP: 002b:00007ffdd3a6be00 EFLAGS: 00010246
[ 1629.035128][T18559] RAX: 0000000000000000 RBX: 000000000018d70a RCX: 0000000000413430
[ 1629.043106][T18559] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdd3a6cf30
[ 1629.051083][T18559] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556ec3940
[ 1629.059061][T18559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdd3a6cf30
[ 1629.067042][T18559] R13: 00007ffdd3a6cf20 R14: 0000000000000000 R15: 00007ffdd3a6cf30
[ 1629.075168][T18559] memory: usage 812kB, limit 0kB, failcnt 188
[ 1629.081301][T18559] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1629.088210][T18559] Memory cgroup stats for /syz3:
[ 1629.088295][T18559] anon 40960
[ 1629.088295][T18559] file 0
[ 1629.088295][T18559] kernel_stack 65536
[ 1629.088295][T18559] slab 856064
[ 1629.088295][T18559] sock 0
[ 1629.088295][T18559] shmem 0
[ 1629.088295][T18559] file_mapped 0
[ 1629.088295][T18559] file_dirty 0
[ 1629.088295][T18559] file_writeback 0
[ 1629.088295][T18559] anon_thp 0
[ 1629.088295][T18559] inactive_anon 0
[ 1629.088295][T18559] active_anon 40960
[ 1629.088295][T18559] inactive_file 0
[ 1629.088295][T18559] active_file 0
[ 1629.088295][T18559] unevictable 0
[ 1629.088295][T18559] slab_reclaimable 270336
[ 1629.088295][T18559] slab_unreclaimable 585728
[ 1629.088295][T18559] pgfault 251856
[ 1629.088295][T18559] pgmajfault 0
[ 1629.088295][T18559] workingset_refault 0
[ 1629.088295][T18559] workingset_activate 0
[ 1629.088295][T18559] workingset_nodereclaim 0
[ 1629.088295][T18559] pgrefill 0
[ 1629.088295][T18559] pgscan 0
[ 1629.088295][T18559] pgsteal 0
[ 1629.088295][T18559] pgactivate 0
14:33:04 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x40, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000180)=""/55, &(0x7f00000001c0)=0x37)
r2 = fcntl$getown(r0, 0x9)
r3 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x0, 0x6000)
perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x4, 0x663, 0x9, 0x400, 0x0, 0x75, 0x860, 0x3, 0xd1, 0x0, 0x0, 0x2, 0x3, 0x5, 0x3f, 0x561, 0x9, 0x20, 0x100, 0x3, 0x9, 0xff, 0x3, 0x1, 0x10001, 0x5, 0x6, 0x6f, 0x7, 0x101, 0x6, 0x7, 0x1, 0x5, 0x9, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffff, 0x4}, 0x2000, 0x5, 0x8, 0xf, 0x1, 0x1000, 0xffffffffffffff81}, r2, 0x9, r3, 0xb)

14:33:04 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

[ 1629.088295][T18559] pgdeactivate 0
[ 1629.093260][T18559] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18559,uid=0
[ 1629.200013][T18559] Memory cgroup out of memory: Killed process 18559 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
14:33:04 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x800, 0x0)
write$P9_RREADDIR(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="2a0000002902008cf2ffff200400000007000000000000000300000000000047ecd0ba3e373fb5f59dee510d000807151b002e2f66696c"], 0x2a)

14:33:04 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:04 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:04 executing program 5:
r0 = open(&(0x7f0000000000)='./file0\x00', 0x82, 0x20)
write$P9_RVERSION(r0, &(0x7f0000000080)={0x15, 0x65, 0xffff, 0x100, 0x8, '9P2000.L'}, 0x15)
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x8})

14:33:05 executing program 5:
r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x581080, 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x2, 0x2974, 0x4, 'queue0\x00', 0x3})
r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x9, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0x5452, &(0x7f0000000040)={0x9})
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
setsockopt$inet6_dccp_int(r0, 0x21, 0x15, &(0x7f00000001c0)=0x1, 0x4)
ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000240)={0x0, &(0x7f0000000200)})
ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000180))

14:33:05 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1631.245030][T18612] IPVS: ftp: loaded support on port[0] = 21
[ 1631.305474][T18612] chnl_net:caif_netlink_parms(): no params data found
[ 1631.329465][T18612] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1631.336545][T18612] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1631.344332][T18612] device bridge_slave_0 entered promiscuous mode
[ 1631.352498][T18612] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1631.359654][T18612] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1631.367291][T18612] device bridge_slave_1 entered promiscuous mode
[ 1631.383016][T18612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1631.394113][T18612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1631.416186][T18612] team0: Port device team_slave_0 added
[ 1631.423274][T18612] team0: Port device team_slave_1 added
[ 1631.469399][T18612] device hsr_slave_0 entered promiscuous mode
[ 1631.507931][T18612] device hsr_slave_1 entered promiscuous mode
[ 1631.567674][T18612] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1631.955968][T18612] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1631.963109][T18612] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1631.970527][T18612] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1631.977641][T18612] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1632.010814][T18612] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1632.220021][T17356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1632.227932][T17356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1632.242415][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1632.250370][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1632.462679][T18612] 8021q: adding VLAN 0 to HW filter on device team0
[ 1632.475546][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1632.484306][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1632.493229][T17836] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1632.500370][T17836] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1632.519312][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1632.528206][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1632.536643][T17836] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1632.543793][T17836] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1632.551373][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1632.560264][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1632.569055][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1632.577823][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1632.586125][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1632.594821][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1632.797373][T18612] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1632.807841][T18612] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1632.821131][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1632.828962][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1632.837233][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1632.845948][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1632.854302][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1632.866457][T17558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1633.076509][T18612] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1633.251330][T18618] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1633.261818][T18618] CPU: 1 PID: 18618 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1633.269450][T18618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1633.279513][T18618] Call Trace:
[ 1633.282826][T18618]  dump_stack+0x1d8/0x2f8
[ 1633.287191][T18618]  dump_header+0xd8/0x970
[ 1633.291528][T18618]  oom_kill_process+0xcd/0x320
[ 1633.296293][T18618]  out_of_memory+0x5e1/0x8a0
[ 1633.300882][T18618]  ? unregister_oom_notifier+0x20/0x20
[ 1633.306435][T18618]  ? __kasan_check_read+0x11/0x20
[ 1633.311477][T18618]  try_charge+0x134a/0x17b0
[ 1633.316012][T18618]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1633.321831][T18618]  ? __lock_acquire+0x4750/0x4750
[ 1633.326869][T18618]  ? rcu_lock_release+0x15/0x20
[ 1633.331890][T18618]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1633.337540][T18618]  mem_cgroup_try_charge+0x216/0x560
[ 1633.342835][T18618]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1633.348467][T18618]  handle_mm_fault+0x31f3/0x6080
[ 1633.353422][T18618]  ? finish_fault+0x230/0x230
[ 1633.358108][T18618]  ? vmacache_find+0x566/0x5b0
[ 1633.362871][T18618]  ? vmacache_update+0xb7/0x120
[ 1633.367720][T18618]  do_user_addr_fault+0x589/0xaf0
[ 1633.372749][T18618]  __do_page_fault+0xd3/0x1f0
[ 1633.377450][T18618]  do_page_fault+0x99/0xb0
[ 1633.381869][T18618]  page_fault+0x39/0x40
[ 1633.386025][T18618] RIP: 0033:0x41116f
[ 1633.389944][T18618] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1633.409559][T18618] RSP: 002b:00007ffcb3668950 EFLAGS: 00010206
[ 1633.415641][T18618] RAX: 00007fe44b756000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1633.423623][T18618] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1633.431609][T18618] RBP: 00007ffcb3668a30 R08: ffffffffffffffff R09: 0000000000000000
[ 1633.439588][T18618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcb3668b20
[ 1633.447560][T18618] R13: 00007fe44b776700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1633.456184][T18618] memory: usage 3288kB, limit 0kB, failcnt 305
[ 1633.462402][T18618] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1633.469292][T18618] Memory cgroup stats for /syz4:
[ 1633.469390][T18618] anon 2174976
[ 1633.469390][T18618] file 299008
[ 1633.469390][T18618] kernel_stack 0
[ 1633.469390][T18618] slab 950272
[ 1633.469390][T18618] sock 0
[ 1633.469390][T18618] shmem 102400
[ 1633.469390][T18618] file_mapped 135168
[ 1633.469390][T18618] file_dirty 0
[ 1633.469390][T18618] file_writeback 0
[ 1633.469390][T18618] anon_thp 2097152
[ 1633.469390][T18618] inactive_anon 135168
[ 1633.469390][T18618] active_anon 2174976
[ 1633.469390][T18618] inactive_file 135168
[ 1633.469390][T18618] active_file 0
[ 1633.469390][T18618] unevictable 0
[ 1633.469390][T18618] slab_reclaimable 405504
[ 1633.469390][T18618] slab_unreclaimable 544768
[ 1633.469390][T18618] pgfault 355344
[ 1633.469390][T18618] pgmajfault 0
[ 1633.469390][T18618] workingset_refault 0
[ 1633.469390][T18618] workingset_activate 0
[ 1633.469390][T18618] workingset_nodereclaim 0
[ 1633.469390][T18618] pgrefill 0
[ 1633.469390][T18618] pgscan 0
[ 1633.469390][T18618] pgsteal 0
[ 1633.469390][T18618] pgactivate 0
[ 1633.564942][T18618] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18618,uid=0
[ 1633.580485][T18618] Memory cgroup out of memory: Killed process 18618 (syz-executor.4) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1633.596384][ T1056] oom_reaper: reaped process 18618 (syz-executor.4), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
14:33:08 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:33:08 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:33:08 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:08 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x9})

14:33:08 executing program 5:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000600)='/dev/snd/pcmC#D#p\x00', 0x5, 0xc0200)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000680)='TIPCv2\x00')
sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x78, r1, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x64, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xa41}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x58}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3ff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xff}, @TIPC_NLA_NET_ADDR={0x8}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x81)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x18000)
ioctl$BLKALIGNOFF(r2, 0x127a, &(0x7f0000000080))
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000100)={{0x7, 0x3, 0x8000, 0x200, 'syz1\x00', 0x1}, 0x0, [0x1, 0xffffffffffffff8a, 0xd1, 0x3, 0x0, 0x8000, 0x1, 0x3, 0x7, 0x5a5a, 0x5cc9, 0x1, 0x100000000, 0x3, 0x7, 0xb5, 0x800, 0x28580, 0x4, 0x5, 0x8, 0xffffffff, 0x0, 0x5, 0x7, 0x5, 0xfffffffffffffffc, 0x822, 0x2, 0xfffffffffffffff9, 0x1, 0x1ff, 0x8, 0x9, 0x14, 0x3, 0x3, 0x1, 0x1, 0xd5, 0x9, 0x100, 0x6, 0x4, 0x8, 0x1, 0x48e3, 0x3, 0x3ff, 0x8, 0x4, 0x0, 0x8000, 0x6, 0xffffffffffffffce, 0x0, 0x3f, 0x3ff, 0x7, 0x0, 0x1ff, 0x58b7, 0x800, 0x2, 0xdac3, 0x5589, 0x200, 0x6, 0x7, 0xffffffff, 0x7, 0x7, 0x9, 0x8, 0x7ff, 0xfff, 0xb83, 0xfffffffffffffff8, 0x100, 0x800, 0xcc03, 0xac, 0x1, 0x4, 0x3, 0x2, 0x6, 0x9, 0xad, 0x7, 0xe21, 0xfffffffffffffffb, 0x20, 0x8, 0x2, 0x5, 0x0, 0x7ff, 0x0, 0x7, 0x8, 0x2, 0x1, 0xffffffffffffff80, 0xbcd, 0x3, 0x9, 0x9, 0x5, 0x5, 0x5, 0x401, 0x1, 0x2, 0x0, 0x2, 0x3, 0x800, 0x3, 0x0, 0x81, 0x4, 0x1, 0x9, 0x9bf, 0x80, 0x9]})
r3 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r3, 0x5452, &(0x7f0000000040)={0x9})

14:33:08 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1633.772542][T18612] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0
[ 1633.783739][T18612] CPU: 0 PID: 18612 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1633.791382][T18612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1633.801450][T18612] Call Trace:
[ 1633.804848][T18612]  dump_stack+0x1d8/0x2f8
[ 1633.809277][T18612]  dump_header+0xd8/0x970
[ 1633.813624][T18612]  oom_kill_process+0xcd/0x320
[ 1633.818404][T18612]  out_of_memory+0x5e1/0x8a0
[ 1633.823097][T18612]  ? unregister_oom_notifier+0x20/0x20
[ 1633.828642][T18612]  ? __kasan_check_read+0x11/0x20
[ 1633.828660][T18612]  try_charge+0x134a/0x17b0
[ 1633.828690][T18612]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1633.828706][T18612]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1633.838234][T18612]  ? rcu_lock_acquire+0x30/0x30
[ 1633.838248][T18612]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1633.838259][T18612]  ? __lock_acquire+0x4750/0x4750
[ 1633.838269][T18612]  ? memcg_kmem_put_cache+0x50/0x50
[ 1633.838291][T18612]  kmem_getpages+0x411/0x970
[ 1633.874951][T18612]  cache_grow_begin+0x7e/0x2c0
[ 1633.879725][T18612]  ? __cpuset_node_allowed+0x198/0x530
[ 1633.885189][T18612]  fallback_alloc+0x134/0x1c0
[ 1633.889877][T18612]  ____cache_alloc_node+0x22a/0x250
[ 1633.895077][T18612]  kmem_cache_alloc+0x157/0x2e0
[ 1633.900056][T18612]  ? __alloc_file+0x29/0x350
[ 1633.904652][T18612]  __alloc_file+0x29/0x350
[ 1633.909064][T18612]  ? alloc_empty_file+0x4c/0x1b0
[ 1633.914010][T18612]  alloc_empty_file+0xac/0x1b0
[ 1633.918785][T18612]  path_openat+0x12b/0x4440
[ 1633.923307][T18612]  ? trace_lock_acquire+0x1b0/0x1b0
[ 1633.928621][T18612]  ? do_filp_open+0x430/0x430
[ 1633.933306][T18612]  ? __kasan_kmalloc+0x178/0x1b0
[ 1633.938242][T18612]  ? __kasan_kmalloc+0x11c/0x1b0
[ 1633.943205][T18612]  ? kasan_slab_alloc+0xf/0x20
[ 1633.947973][T18612]  ? kmem_cache_alloc+0x1e9/0x2e0
[ 1633.953004][T18612]  ? getname_flags+0xba/0x640
[ 1633.957688][T18612]  ? getname+0x19/0x20
[ 1633.961756][T18612]  ? do_sys_open+0x2fc/0x620
[ 1633.966345][T18612]  ? __x64_sys_open+0x87/0x90
[ 1633.971016][T18612]  ? do_syscall_64+0xfe/0x140
[ 1633.975690][T18612]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1633.981774][T18612]  do_filp_open+0x1f7/0x430
[ 1633.986297][T18612]  ? vfs_tmpfile+0x230/0x230
[ 1633.990893][T18612]  ? __lock_acquire+0x4750/0x4750
[ 1633.995931][T18612]  ? do_raw_spin_unlock+0x49/0x260
[ 1634.001073][T18612]  ? _raw_spin_unlock+0x22/0x30
[ 1634.005936][T18612]  ? __alloc_fd+0x58f/0x630
[ 1634.010456][T18612]  ? get_unused_fd_flags+0x97/0xb0
[ 1634.015578][T18612]  do_sys_open+0x343/0x620
[ 1634.020004][T18612]  ? file_open_root+0x440/0x440
[ 1634.024885][T18612]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1634.030625][T18612]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1634.036372][T18612]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1634.041833][T18612]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1634.047611][T18612]  ? do_syscall_64+0x1d/0x140
[ 1634.052951][T18612]  __x64_sys_open+0x87/0x90
[ 1634.057470][T18612]  do_syscall_64+0xfe/0x140
[ 1634.061987][T18612]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1634.067881][T18612] RIP: 0033:0x4577a0
[ 1634.071782][T18612] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00
[ 1634.091827][T18612] RSP: 002b:00007ffcb3667a50 EFLAGS: 00000206 ORIG_RAX: 0000000000000002
[ 1634.100329][T18612] RAX: ffffffffffffffda RBX: 000000000018ebba RCX: 00000000004577a0
[ 1634.108306][T18612] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffcb3668c30
[ 1634.116277][T18612] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556e88940
[ 1634.124253][T18612] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffcb3668c30
[ 1634.132233][T18612] R13: 00007ffcb3668c20 R14: 0000000000000000 R15: 00007ffcb3668c30
[ 1634.142135][T18612] memory: usage 960kB, limit 0kB, failcnt 322
[ 1634.148276][T18612] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1634.155209][T18612] Memory cgroup stats for /syz4:
[ 1634.155308][T18612] anon 77824
[ 1634.155308][T18612] file 299008
[ 1634.155308][T18612] kernel_stack 0
[ 1634.155308][T18612] slab 950272
[ 1634.155308][T18612] sock 0
[ 1634.155308][T18612] shmem 102400
[ 1634.155308][T18612] file_mapped 135168
[ 1634.155308][T18612] file_dirty 0
[ 1634.155308][T18612] file_writeback 0
[ 1634.155308][T18612] anon_thp 0
[ 1634.155308][T18612] inactive_anon 135168
[ 1634.155308][T18612] active_anon 77824
[ 1634.155308][T18612] inactive_file 135168
[ 1634.155308][T18612] active_file 0
[ 1634.155308][T18612] unevictable 0
[ 1634.155308][T18612] slab_reclaimable 405504
[ 1634.155308][T18612] slab_unreclaimable 544768
[ 1634.155308][T18612] pgfault 355344
[ 1634.155308][T18612] pgmajfault 0
[ 1634.155308][T18612] workingset_refault 0
[ 1634.155308][T18612] workingset_activate 0
[ 1634.155308][T18612] workingset_nodereclaim 0
[ 1634.155308][T18612] pgrefill 0
[ 1634.155308][T18612] pgscan 0
[ 1634.155308][T18612] pgsteal 0
[ 1634.155308][T18612] pgactivate 0
[ 1634.250337][T18612] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=
[ 1634.250355][T18612] syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18612,uid=0
14:33:09 executing program 5:
r0 = openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x400, 0x8)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000280)={0x9, 0x0, 0x2})
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x400, 0x0)
ioctl$SIOCX25GSUBSCRIP(r1, 0x89e0, &(0x7f0000000080)={'bridge_slave_0\x00', 0x6, 0xfa})
prctl$PR_SET_UNALIGN(0x6, 0x3)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000180)={'bpq0\x00'})

14:33:09 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

[ 1634.268261][T18612] Memory cgroup out of memory: Killed process 18612 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
[ 1634.308459][ T1056] oom_reaper: reaped process 18612 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
[ 1634.354983][T18631] Unknown ioctl 35296
[ 1634.372483][T18631] Unknown ioctl 35092
14:33:09 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:09 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:33:09 executing program 5:
mlock(&(0x7f0000d2f000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000cd2000/0x3000)=nil, 0x3000)
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000440)='/dev/dlm-monitor\x00', 0x109000, 0x0)
syz_kvm_setup_cpu$x86(r0, r0, &(0x7f0000d26000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000380)="6767f30fb8c40f080fc71f66b91808000066b80f98000066ba000000000f3064da41ef0f01c4baf80c66b854e2e88c66efbafc0c66ed3e64f30f2cc4baf80c66b8108ca08866efbafc0c66b8333b000066ef260fc72f", 0x56}], 0x1, 0x2, &(0x7f0000000400)=[@cr4={0x1, 0x100}], 0x1)
r1 = accept4$inet(r0, 0x0, &(0x7f00000004c0), 0x80800)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000500)=ANY=[@ANYRES32=<r2=>0x0, @ANYBLOB="040004b918b3bd64fd6bf18b3a4a063e3cd4847ba2fe50080b3c35f39eaef981b0c641b1581be1a072be43aa4d78b32e396fadbae08922d976d7f85d17645adb14b7edb34e6076eb3a6e919d92d793a8be103739d6d520ed36e982d99a41b2aa36920ac5f952326ff5506c561fddcd3db0f3d807f2ac22c14edb07279a8d0d0426fa963c64fff0546f5ce744b5c7795c88bdfdb19b1c24dbcb41167d24335cc7a2f39f709d31d8109ed15d167428f3dc3242df44f6964a3676b15972b509806caaa03179bce9664c0000000000"], &(0x7f00000002c0)=0x10)
setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000300)=@assoc_value={r2, 0x9}, 0x8)
r3 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x800, 0x0)
ioctl$KVM_GET_MP_STATE(r4, 0x8004ae98, &(0x7f0000000340))
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x12001, 0x0)
ioctl$GIO_FONTX(r5, 0x4b6b, &(0x7f0000000180)=""/135)
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000100)={&(0x7f0000000080)=[0x7], 0x1, 0x80, 0x2c9, 0x100000001, 0x8, 0x3, {0x2, 0x401, 0x1, 0x9, 0x100, 0x2, 0x6bb5, 0xffff, 0x3, 0x4, 0x1, 0x318, 0x2, 0x1, "2acacb30ab1c16f977359b7da2cbb02925ca1a3348e25c599f7fcf25bc10e6f4"}})
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r3, 0x5452, &(0x7f0000000040)={0x9})
mmap$binder(&(0x7f0000d31000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
mlock(&(0x7f0000d2f000/0x3000)=nil, 0x3000)

14:33:09 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:10 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0x2, 0x12)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

[ 1635.889895][  T788] device bridge_slave_1 left promiscuous mode
[ 1635.896123][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1635.938628][  T788] device bridge_slave_0 left promiscuous mode
[ 1635.944813][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1635.990551][  T788] device bridge_slave_1 left promiscuous mode
[ 1635.996716][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1636.039212][  T788] device bridge_slave_0 left promiscuous mode
[ 1636.045365][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1636.095528][  T788] device bridge_slave_1 left promiscuous mode
[ 1636.101859][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1636.141987][  T788] device bridge_slave_0 left promiscuous mode
[ 1636.148273][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1641.388048][  T788] device hsr_slave_0 left promiscuous mode
[ 1641.427783][  T788] device hsr_slave_1 left promiscuous mode
[ 1641.488142][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1641.500099][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1641.511342][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1641.562172][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1641.627109][  T788] bond0 (unregistering): Released all slaves
[ 1641.758212][  T788] device hsr_slave_0 left promiscuous mode
[ 1641.818166][  T788] device hsr_slave_1 left promiscuous mode
[ 1641.884610][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1641.898626][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1641.910737][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1641.961581][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1642.036565][  T788] bond0 (unregistering): Released all slaves
[ 1642.179122][  T788] device hsr_slave_0 left promiscuous mode
[ 1642.218330][  T788] device hsr_slave_1 left promiscuous mode
[ 1642.278455][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1642.290149][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1642.300765][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1642.361301][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1642.435051][  T788] bond0 (unregistering): Released all slaves
[ 1642.528776][T18654] IPVS: ftp: loaded support on port[0] = 21
[ 1642.564390][T18656] IPVS: ftp: loaded support on port[0] = 21
[ 1642.625254][T18654] chnl_net:caif_netlink_parms(): no params data found
[ 1642.663470][T18654] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1642.678401][T18654] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1642.686041][T18654] device bridge_slave_0 entered promiscuous mode
[ 1642.694979][T18654] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1642.702134][T18654] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1642.710147][T18654] device bridge_slave_1 entered promiscuous mode
[ 1642.729372][T18654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1642.740527][T18654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1642.762785][T18654] team0: Port device team_slave_0 added
[ 1642.769891][T18654] team0: Port device team_slave_1 added
[ 1642.831708][T18654] device hsr_slave_0 entered promiscuous mode
[ 1642.868185][T18654] device hsr_slave_1 entered promiscuous mode
[ 1642.927685][T18654] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1642.976690][T18654] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1642.983903][T18654] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1642.991340][T18654] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1642.998441][T18654] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1643.177788][T18656] chnl_net:caif_netlink_parms(): no params data found
[ 1643.230921][T18656] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1643.238153][T18656] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1643.246156][T18656] device bridge_slave_0 entered promiscuous mode
[ 1643.256612][T18656] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1643.263769][T18656] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1643.271840][T18656] device bridge_slave_1 entered promiscuous mode
[ 1643.290398][T18654] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1643.305222][T18656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1643.321127][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1643.329828][T13658] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1643.343341][T13658] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1643.357263][T18654] 8021q: adding VLAN 0 to HW filter on device team0
[ 1643.370521][T13658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1643.379240][T13658] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1643.386306][T13658] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1643.395527][T18656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1643.426329][T18656] team0: Port device team_slave_0 added
[ 1643.439879][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1643.448707][T17896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1643.455789][T17896] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1643.464823][T18656] team0: Port device team_slave_1 added
[ 1643.481725][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1643.510765][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1643.519672][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1643.528494][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1643.536748][T17581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1643.547442][T18654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1643.629668][T18656] device hsr_slave_0 entered promiscuous mode
[ 1643.658191][T18656] device hsr_slave_1 entered promiscuous mode
[ 1643.757951][T18656] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1643.788885][T18654] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1643.856902][T18656] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1643.883771][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1643.891832][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1643.902319][T18656] 8021q: adding VLAN 0 to HW filter on device team0
[ 1643.928179][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1643.936885][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1643.945490][T17896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1643.952580][T17896] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1643.960230][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1643.968931][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1643.977374][T17896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1643.984583][T17896] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1643.992265][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1644.001016][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1644.012704][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1644.020675][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1644.029405][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1644.039692][T17896] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1644.055225][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1644.064281][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1644.097671][T18656] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1644.108150][T18656] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1644.129190][T18666] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1644.133973][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1644.139441][T18666] CPU: 1 PID: 18666 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1644.139450][T18666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1644.139455][T18666] Call Trace:
[ 1644.139478][T18666]  dump_stack+0x1d8/0x2f8
[ 1644.139496][T18666]  dump_header+0xd8/0x970
[ 1644.139516][T18666]  oom_kill_process+0xcd/0x320
[ 1644.148075][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1644.154944][T18666]  out_of_memory+0x5e1/0x8a0
[ 1644.165997][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1644.168294][T18666]  ? unregister_oom_notifier+0x20/0x20
[ 1644.168305][T18666]  ? trace_hardirqs_on+0x74/0x80
[ 1644.168323][T18666]  memory_max_write+0x537/0x6a0
[ 1644.168334][T18666]  ? lock_acquire+0x158/0x250
[ 1644.168355][T18666]  ? memory_max_show+0xa0/0xa0
[ 1644.173224][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1644.176988][T18666]  ? trace_lock_acquire+0x154/0x1b0
[ 1644.231294][T18656] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1644.234209][T18666]  ? lock_acquire+0x158/0x250
[ 1644.246141][T18666]  ? kernfs_fop_write+0x22e/0x4f0
[ 1644.255811][T18666]  ? memory_max_show+0xa0/0xa0
[ 1644.260574][T18666]  cgroup_file_write+0x27b/0x6e0
[ 1644.265518][T18666]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1644.270631][T18666]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1644.275740][T18666]  kernfs_fop_write+0x3e4/0x4f0
[ 1644.280587][T18666]  ? kernfs_fop_read+0x580/0x580
[ 1644.285529][T18666]  __vfs_write+0xf9/0x7d0
[ 1644.289859][T18666]  ? __lock_acquire+0x4750/0x4750
[ 1644.294883][T18666]  ? __kernel_write+0x350/0x350
[ 1644.299732][T18666]  ? trace_lock_acquire+0x154/0x1b0
[ 1644.302700][T17836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1644.304948][T18666]  ? __sb_start_write+0x39c/0x440
[ 1644.304961][T18666]  ? __kasan_check_read+0x11/0x20
[ 1644.304975][T18666]  vfs_write+0x275/0x590
[ 1644.326346][T18666]  ksys_write+0x16b/0x2a0
[ 1644.330697][T18666]  ? __ia32_sys_read+0x90/0x90
[ 1644.335464][T18666]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1644.341186][T18666]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1644.346911][T18666]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1644.352375][T18666]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1644.358098][T18666]  ? do_syscall_64+0x1d/0x140
[ 1644.362779][T18666]  __x64_sys_write+0x7b/0x90
[ 1644.367383][T18666]  do_syscall_64+0xfe/0x140
[ 1644.371887][T18666]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1644.377787][T18666] RIP: 0033:0x459829
[ 1644.381683][T18666] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1644.401292][T18666] RSP: 002b:00007fd0e2922c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1644.409707][T18666] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1644.417774][T18666] RDX: 0000000000000012 RSI: 00000000200003c0 RDI: 0000000000000008
[ 1644.425753][T18666] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[ 1644.433727][T18666] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0e29236d4
[ 1644.441709][T18666] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1644.452441][T18666] memory: usage 3184kB, limit 0kB, failcnt 189
[ 1644.458688][T18666] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1644.465584][T18666] Memory cgroup stats for /syz3:
[ 1644.465674][T18666] anon 2146304
[ 1644.465674][T18666] file 0
[ 1644.465674][T18666] kernel_stack 65536
[ 1644.465674][T18666] slab 856064
[ 1644.465674][T18666] sock 0
[ 1644.465674][T18666] shmem 0
[ 1644.465674][T18666] file_mapped 0
[ 1644.465674][T18666] file_dirty 0
[ 1644.465674][T18666] file_writeback 0
[ 1644.465674][T18666] anon_thp 2097152
[ 1644.465674][T18666] inactive_anon 0
[ 1644.465674][T18666] active_anon 2146304
[ 1644.465674][T18666] inactive_file 0
[ 1644.465674][T18666] active_file 0
[ 1644.465674][T18666] unevictable 0
[ 1644.465674][T18666] slab_reclaimable 270336
[ 1644.465674][T18666] slab_unreclaimable 585728
[ 1644.465674][T18666] pgfault 251922
[ 1644.465674][T18666] pgmajfault 0
[ 1644.465674][T18666] workingset_refault 0
[ 1644.465674][T18666] workingset_activate 0
[ 1644.465674][T18666] workingset_nodereclaim 0
[ 1644.465674][T18666] pgrefill 0
[ 1644.465674][T18666] pgscan 0
[ 1644.465674][T18666] pgsteal 0
[ 1644.465674][T18666] pgactivate 0
[ 1644.559518][T18666] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18663,uid=0
[ 1644.575092][T18666] Memory cgroup out of memory: Killed process 18663 (syz-executor.3) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1644.598633][ T1056] oom_reaper: reaped process 18663 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1644.724006][T18654] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1644.734018][T18654] CPU: 1 PID: 18654 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1644.741653][T18654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1644.751739][T18654] Call Trace:
[ 1644.755075][T18654]  dump_stack+0x1d8/0x2f8
[ 1644.759419][T18654]  dump_header+0xd8/0x970
[ 1644.764282][T18654]  oom_kill_process+0xcd/0x320
[ 1644.769052][T18654]  out_of_memory+0x5e1/0x8a0
[ 1644.773646][T18654]  ? unregister_oom_notifier+0x20/0x20
[ 1644.779113][T18654]  ? __kasan_check_read+0x11/0x20
[ 1644.784138][T18654]  try_charge+0x134a/0x17b0
[ 1644.788653][T18654]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1644.794459][T18654]  ? __lock_acquire+0x4750/0x4750
[ 1644.799469][T18654]  ? rcu_lock_release+0x15/0x20
[ 1644.804332][T18654]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1644.809902][T18654]  mem_cgroup_try_charge+0x216/0x560
[ 1644.815210][T18654]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1644.820861][T18654]  wp_page_copy+0x367/0x18c0
[ 1644.825535][T18654]  ? rcu_lock_release+0x30/0x30
[ 1644.830389][T18654]  ? __lock_acquire+0x4750/0x4750
[ 1644.835413][T18654]  ? __kasan_check_read+0x11/0x20
[ 1644.840427][T18654]  ? do_raw_spin_unlock+0x49/0x260
[ 1644.845526][T18654]  do_wp_page+0x2c9/0x1ce0
[ 1644.849942][T18654]  ? __rwlock_init+0x130/0x130
[ 1644.854703][T18654]  ? count_memcg_event_mm+0x300/0x300
[ 1644.860058][T18654]  handle_mm_fault+0x2bcf/0x6080
[ 1644.864995][T18654]  ? finish_fault+0x230/0x230
[ 1644.869669][T18654]  ? vmacache_find+0x251/0x5b0
[ 1644.874425][T18654]  do_user_addr_fault+0x589/0xaf0
[ 1644.879436][T18654]  __do_page_fault+0xd3/0x1f0
[ 1644.884098][T18654]  do_page_fault+0x99/0xb0
[ 1644.888506][T18654]  page_fault+0x39/0x40
[ 1644.892661][T18654] RIP: 0033:0x430906
[ 1644.896564][T18654] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84
[ 1644.916173][T18654] RSP: 002b:00007ffc101f5910 EFLAGS: 00010206
[ 1644.922236][T18654] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041
[ 1644.930222][T18654] RDX: 000055555656f930 RSI: 0000555556577970 RDI: 0000000000000003
[ 1644.938215][T18654] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555656e940
[ 1644.946171][T18654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698
[ 1644.954147][T18654] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710
[ 1644.962991][T18654] memory: usage 812kB, limit 0kB, failcnt 197
[ 1644.969112][T18654] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1644.975947][T18654] Memory cgroup stats for /syz3:
[ 1644.975996][T18654] anon 53248
[ 1644.975996][T18654] file 0
[ 1644.975996][T18654] kernel_stack 0
[ 1644.975996][T18654] slab 856064
[ 1644.975996][T18654] sock 0
[ 1644.975996][T18654] shmem 0
[ 1644.975996][T18654] file_mapped 0
[ 1644.975996][T18654] file_dirty 0
[ 1644.975996][T18654] file_writeback 0
[ 1644.975996][T18654] anon_thp 0
[ 1644.975996][T18654] inactive_anon 0
[ 1644.975996][T18654] active_anon 53248
[ 1644.975996][T18654] inactive_file 0
[ 1644.975996][T18654] active_file 0
[ 1644.975996][T18654] unevictable 0
[ 1644.975996][T18654] slab_reclaimable 270336
[ 1644.975996][T18654] slab_unreclaimable 585728
[ 1644.975996][T18654] pgfault 251922
[ 1644.975996][T18654] pgmajfault 0
[ 1644.975996][T18654] workingset_refault 0
[ 1644.975996][T18654] workingset_activate 0
[ 1644.975996][T18654] workingset_nodereclaim 0
[ 1644.975996][T18654] pgrefill 0
[ 1644.975996][T18654] pgscan 0
[ 1644.975996][T18654] pgsteal 0
[ 1644.975996][T18654] pgactivate 0
[ 1644.975996][T18654] pgdeactivate 0
[ 1645.072022][T18654] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18654,uid=0
[ 1645.087566][T18654] Memory cgroup out of memory: Killed process 18654 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
[ 1645.101896][ T1056] oom_reaper: reaped process 18654 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
[ 1645.106913][T18672] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1645.123401][T18672] CPU: 1 PID: 18672 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1645.131049][T18672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1645.141100][T18672] Call Trace:
[ 1645.144395][T18672]  dump_stack+0x1d8/0x2f8
[ 1645.148733][T18672]  dump_header+0xd8/0x970
[ 1645.153062][T18672]  oom_kill_process+0xcd/0x320
[ 1645.157839][T18672]  out_of_memory+0x5e1/0x8a0
[ 1645.162423][T18672]  ? unregister_oom_notifier+0x20/0x20
[ 1645.167899][T18672]  ? __kasan_check_read+0x11/0x20
[ 1645.172923][T18672]  try_charge+0x134a/0x17b0
[ 1645.177438][T18672]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1645.183346][T18672]  ? __lock_acquire+0x4750/0x4750
[ 1645.188379][T18672]  ? rcu_lock_release+0x15/0x20
[ 1645.193224][T18672]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1645.198787][T18672]  mem_cgroup_try_charge+0x216/0x560
[ 1645.204065][T18672]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1645.209691][T18672]  handle_mm_fault+0x31f3/0x6080
[ 1645.214634][T18672]  ? finish_fault+0x230/0x230
[ 1645.219313][T18672]  ? vmacache_find+0x566/0x5b0
[ 1645.224631][T18672]  ? vmacache_update+0xb7/0x120
[ 1645.229480][T18672]  do_user_addr_fault+0x589/0xaf0
[ 1645.234503][T18672]  __do_page_fault+0xd3/0x1f0
[ 1645.239174][T18672]  do_page_fault+0x99/0xb0
[ 1645.243577][T18672]  page_fault+0x39/0x40
[ 1645.247723][T18672] RIP: 0033:0x41116f
[ 1645.251609][T18672] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1645.271401][T18672] RSP: 002b:00007fffb44aba10 EFLAGS: 00010206
[ 1645.277468][T18672] RAX: 00007f8f2395b000 RBX: 0000000000020000 RCX: 000000000045987a
[ 1645.285467][T18672] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1645.293436][T18672] RBP: 00007fffb44abaf0 R08: ffffffffffffffff R09: 0000000000000000
[ 1645.301401][T18672] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb44abbe0
[ 1645.309364][T18672] R13: 00007f8f2397b700 R14: 0000000000000001 R15: 000000000075bfd4
[ 1645.317440][T18672] memory: usage 3300kB, limit 0kB, failcnt 489471
[ 1645.323892][T18672] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1645.330797][T18672] Memory cgroup stats for /syz2:
[ 1645.330877][T18672] anon 2211840
[ 1645.330877][T18672] file 274432
[ 1645.330877][T18672] kernel_stack 65536
[ 1645.330877][T18672] slab 831488
[ 1645.330877][T18672] sock 0
[ 1645.330877][T18672] shmem 172032
[ 1645.330877][T18672] file_mapped 135168
[ 1645.330877][T18672] file_dirty 135168
[ 1645.330877][T18672] file_writeback 0
[ 1645.330877][T18672] anon_thp 2097152
[ 1645.330877][T18672] inactive_anon 135168
[ 1645.330877][T18672] active_anon 2211840
[ 1645.330877][T18672] inactive_file 135168
[ 1645.330877][T18672] active_file 135168
[ 1645.330877][T18672] unevictable 0
[ 1645.330877][T18672] slab_reclaimable 270336
[ 1645.330877][T18672] slab_unreclaimable 561152
[ 1645.330877][T18672] pgfault 192093
[ 1645.330877][T18672] pgmajfault 0
[ 1645.330877][T18672] workingset_refault 0
[ 1645.330877][T18672] workingset_activate 0
[ 1645.330877][T18672] workingset_nodereclaim 0
[ 1645.330877][T18672] pgrefill 0
[ 1645.330877][T18672] pgscan 0
[ 1645.330877][T18672] pgsteal 0
[ 1645.424603][T18672] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18672,uid=0
[ 1645.440100][T18672] Memory cgroup out of memory: Killed process 18672 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1645.455761][ T1056] oom_reaper: reaped process 18672 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
14:33:20 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0xa})

14:33:20 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:20 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$VIDIOC_RESERVED(r1, 0x5601, 0x0)
write$binfmt_misc(r0, &(0x7f0000000100)={'syz1', "f56be28795c6b076b4a99706b892f73997a5bf49298fb9bbd8cb8dbd90328c914826ec617a77c9f5baa45f51601f3b4db9938813842b28ad1f5b2fcdfbf3431c530c0ce625dae98e3bb51440cb704450d652627d4caa990ed130689dab7bd2b925bbe58e54692dc29360f23fe5e64a7bfd616a5c8bd955dcd4b4d224ab5cac8073215e1b87fe82221aef2101200a7cf62faf88604765a6b7b338a40f852b4d426ff614a9294fa68cd278c20d1995330b86b3f8891ac2329cdb169833f62e35d74b24f372d265a0830909d389c14731e658dd4477d4a15a6c1b0ec4f55d75289abc9c1daea47d49"}, 0xeb)

14:33:20 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:33:20 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:33:20 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1645.536756][T18656] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1645.546849][T18656] CPU: 1 PID: 18656 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1645.554485][T18656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1645.564540][T18656] Call Trace:
[ 1645.567844][T18656]  dump_stack+0x1d8/0x2f8
[ 1645.572312][T18656]  dump_header+0xd8/0x970
[ 1645.576640][T18656]  oom_kill_process+0xcd/0x320
[ 1645.581405][T18656]  out_of_memory+0x5e1/0x8a0
[ 1645.586023][T18656]  ? unregister_oom_notifier+0x20/0x20
[ 1645.591478][T18656]  ? __kasan_check_read+0x11/0x20
[ 1645.596508][T18656]  try_charge+0x134a/0x17b0
[ 1645.601039][T18656]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1645.606856][T18656]  ? __lock_acquire+0x4750/0x4750
[ 1645.611886][T18656]  ? rcu_lock_release+0x15/0x20
[ 1645.616734][T18656]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1645.622299][T18656]  mem_cgroup_try_charge+0x216/0x560
[ 1645.627586][T18656]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1645.633237][T18656]  wp_page_copy+0x367/0x18c0
[ 1645.637842][T18656]  ? rcu_lock_release+0x30/0x30
[ 1645.642697][T18656]  ? __lock_acquire+0x4750/0x4750
[ 1645.647722][T18656]  ? __kasan_check_read+0x11/0x20
[ 1645.652747][T18656]  ? do_raw_spin_unlock+0x49/0x260
[ 1645.657885][T18656]  do_wp_page+0x2c9/0x1ce0
[ 1645.662304][T18656]  ? __rwlock_init+0x130/0x130
[ 1645.667071][T18656]  ? count_memcg_event_mm+0x300/0x300
[ 1645.672447][T18656]  handle_mm_fault+0x2bcf/0x6080
[ 1645.677414][T18656]  ? finish_fault+0x230/0x230
[ 1645.682099][T18656]  ? vmacache_find+0x251/0x5b0
[ 1645.686871][T18656]  do_user_addr_fault+0x589/0xaf0
[ 1645.691902][T18656]  __do_page_fault+0xd3/0x1f0
[ 1645.696576][T18656]  do_page_fault+0x99/0xb0
[ 1645.701172][T18656]  page_fault+0x39/0x40
[ 1645.705323][T18656] RIP: 0033:0x4034f2
[ 1645.709215][T18656] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1645.728830][T18656] RSP: 002b:00007fffb44aabc0 EFLAGS: 00010246
[ 1645.734895][T18656] RAX: 0000000000000000 RBX: 000000000019187a RCX: 0000000000413430
[ 1645.742884][T18656] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffb44abcf0
[ 1645.750858][T18656] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555c8f940
[ 1645.758919][T18656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb44abcf0
[ 1645.767395][T18656] R13: 00007fffb44abce0 R14: 0000000000000000 R15: 00007fffb44abcf0
[ 1645.776056][T18656] memory: usage 976kB, limit 0kB, failcnt 489480
[ 1645.782428][T18656] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1645.789301][T18656] Memory cgroup stats for /syz2:
[ 1645.789412][T18656] anon 106496
[ 1645.789412][T18656] file 274432
[ 1645.789412][T18656] kernel_stack 65536
[ 1645.789412][T18656] slab 831488
[ 1645.789412][T18656] sock 0
[ 1645.789412][T18656] shmem 172032
[ 1645.789412][T18656] file_mapped 135168
[ 1645.789412][T18656] file_dirty 135168
[ 1645.789412][T18656] file_writeback 0
[ 1645.789412][T18656] anon_thp 0
[ 1645.789412][T18656] inactive_anon 135168
[ 1645.789412][T18656] active_anon 106496
[ 1645.789412][T18656] inactive_file 135168
[ 1645.789412][T18656] active_file 135168
[ 1645.789412][T18656] unevictable 0
[ 1645.789412][T18656] slab_reclaimable 270336
[ 1645.789412][T18656] slab_unreclaimable 561152
[ 1645.789412][T18656] pgfault 192093
[ 1645.789412][T18656] pgmajfault 0
[ 1645.789412][T18656] workingset_refault 0
[ 1645.789412][T18656] workingset_activate 0
[ 1645.789412][T18656] workingset_nodereclaim 0
[ 1645.789412][T18656] pgrefill 0
[ 1645.789412][T18656] pgscan 0
[ 1645.789412][T18656] pgsteal 0
[ 1645.789412][T18656] pgactivate 0
[ 1645.885609][T18656] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18656,uid=0
[ 1645.901172][T18656] Memory cgroup out of memory: Killed process 18656 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB
14:33:21 executing program 5:
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000001c0)={<r0=>0x0, @in={{0x2, 0x4e20, @multicast1}}, [0x3, 0x7, 0xe9d, 0x7fffffff, 0x140, 0x80000000, 0x0, 0x6, 0xfffffffffffff801, 0x58, 0x10000, 0x6, 0x8, 0xfff, 0xfffffffffffffffc]}, &(0x7f00000002c0)=0x100)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000300)={0xffffffff, 0x200, 0x80000001, 0x0, r0}, &(0x7f0000000340)=0x10)
r1 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000380)={0x15, 0x2, 0x7, 0x2, 0x200, 0x5, 0x7, 0x60, 0x81, 0x5, 0x1000000000000000}, 0xb)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0x5452, &(0x7f0000000040)={0x9})
setsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f00000003c0)=0x50, 0x4)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x400, 0x0)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f0000000400)="15f0fa80e8db53d8381b56fa7ea0d44c836b2c341acaf953e2f137ba09ff3b2d7dfcd8f2bf8c7dac20e1ea3cfdd6b3d2e0cfd381dc3755fde1f5813519f34ddbec517d40e19e78668215a3cd6f2ce1487d167b5151dc7ce79228cb6205b46600d707990dcd852e20d35d6b035c03c77526111d0f9594ded7")
ioctl$SCSI_IOCTL_SYNC(r2, 0x4)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000080)={0x7, 0x800a, 0x90, 0x200, <r3=>0x0}, &(0x7f0000000100)=0xffffffffffffffe1)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={r3, 0x5180}, 0x8)

14:33:21 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:21 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:21 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@empty, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@mcast1}, 0x0, @in=@initdev}}, &(0x7f0000000200)=0xe8)
setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f0000000240)=@v3={0x3000000, [{0x101, 0x9}, {0xffffffff}], r1}, 0x18, 0x3)

14:33:21 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0xb})

14:33:21 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x8000, 0x0)
ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000180)={0x0, {0xffffffffffffe7d1, 0x10000}})
r2 = getpid()
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f00000001c0)=0xffffffff, 0x8)
ptrace$setregset(0x4205, r2, 0x200, &(0x7f0000000000)={&(0x7f0000000100)="1c5d706a5d1d4d31794d9297702e27079f97d363cce4df42452186e30960a6ff68a6411e76b30d84a94108c43a82a58e4e5655045e4f74a0f186e5749e6281f7f38c", 0x42})
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:33:21 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:21 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f0000002540)='/dev/snd/controlC#\x00', 0x4, 0x2000)
r1 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
r2 = dup3(r0, r1, 0x80000)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r1, 0xc0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=0x7fff, 0x0, <r3=>0x0, 0x0, &(0x7f0000000100)={0xa, 0x4}, 0x0, 0x0, &(0x7f00000002c0)={0x1, 0x1, 0x0, 0x54d2}, &(0x7f0000000300)=0xcbca, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=0x7}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000004c0)={r2, 0x10, &(0x7f0000000480)={&(0x7f0000000240)=""/72, 0x48, r3}}, 0x10)
mq_notify(r2, &(0x7f0000002500)={0x0, 0x18, 0x1, @thr={&(0x7f0000000500)="d48648c85ef3e968f60a24e940fbd65f8a60577405b866d11b01e3963c793bc906e5c1c64a2a8275e3df7ac156052eab961d957b1507c3072e88b3fa4bc207ecc39ef031ea460ca5c0d4ce02b04d4bc7704984e6bad0ab1b4430f17e1dc6917e0f0adf927e4cbf0aba97bd123a1fa6d79323fff6807d957dc909eadda0a10b0bc3bdd7696c80449d355236b4a0e7403583d6c88bd58f1319bdf3015d2cf4ddebdc859e9ab9b8cb87c6ca3890504ff3fc18f918fd69941ac369988373223546f041620431728cc51c9cbfd7c2722bfee3356e606e91f5db175d78da1b523b3535d9dd62ecd27152022617254d6f3bd7aaebad9c73bf54f185693b1f9b0262081b5b07ce4b432261199059c8731bca384c23f2eb30bb936da955ef0036c4831833d0f4bd74c23632b464b27212be4418d29d6ab1a5a58d70a4fbc6e9db68556dd5edb594498899b0040ff3c236a0d9105e42c8fd40a58a38928b35733183a841d8c2de4da957d798b3a454c0363c212e9fb96b3a5db00a6942c853380fa53fffca9cec27421ed33091f709796f65aacc0dd6c01097ddad9468d2ff0c2a8852678f3982b5455eb8b8ed0fbc70f3a22797bb965439f206e1812b8acf051c09aae63f084fec18e6c67c3872496370ab4d293046ce972e772ecc951c376d7126bc5e586bdfa5771b279d2b4a4c78edb0c0003f8121bb9ed0c70f51d8b2b40e40944b38b51b90026daf601e04805a8d6dcd934c0ff7e57c3881b73a7b1b4fb766e83b1aca2f1c4252864c38689515d7c8be9984936e8d6731d28bb6bdb00374bacd21ec657ee69bef20e826ef7892ccc95fc64489a79bc64e5949b6c4c0822b442ba7e5e58a915b338ef32f9db01fb42c5907cc3819535261bea8b4b587ebfdaf77eb34857a318588337f4c2243158f15d4eb96e732673d4ae1da5e19ab04c4326d9790abc6f1fbdee952553da101bd77d319d7d8be6970160ad3fc1e003a8eba34a6a6c675e7b73ec5eb3bc347e1403cb081796308466c957b4446415d270312b758eced1d3804aebbcb01e752ec0e5866f1e22f346b7b072e405a1f4baaa4e18eabddc420bb74569c4fd61c1143045d34906431ce18f9968773cab788f37dc2b4bed4af13285808fd9d53f953ddc2e364cb71882b9ead372e9daab042b16712fef37262f65a5fd984d4b2cee2fe72b091780d9a01f2a5efe1a552620e13952ed17b224c57f2dfe8af73da0f8d339df67d77cad8d0bb4defa137481e9de6e337458dd7c0f68d158993720d67279aa942c84a899f3720d712f8d77b130b1e7de582a9d84b7b7cf0d6fae5ea52dce1a49d43cbda59a9069786177cdd8ab1d38565b9acdbb62668c148afbe7751df3777b0e8d35f1201d398c1a808b48ffc57877f3b7a1e658a4b6440c50c3b4fbacc8caedfc42eacfeb515b143249e00f47c7460bff62b64e57aca33c01c4f178f3f4dcc79494232fe12c156d7c8daa6222d4caf447399b31ee6fec013bfe5131af99fcaece404a347419f86d493b98b66c4047e41bd37502da3b9d5d45ae8f628306128133d75941d942b27e9d5ad6482f13f06fcc92e282a045f554fffaad3bd9c8062c11e8a1932d42b60a0e9eff55f449986329742faf4120dd33bd9a0de3374afa1d0c921464e5dbfe8154a2fbe6a9c547664b5b00786d210f7fa1ec7f3a5d7e7ddacc73280e742ca4920b0aaaad40826cf4428b064eb053a257946198ea965ffde6d85e4f40979c97ff16373ff3cdde6ef9b1d59da44865bcb41f52af7a58b6c5b6bd26150cdc795461b2426e7537ffef946706ff59efa94ff0398624002b2f4487997cfeace5690d406bd3a50511ef98172200fb719b5518741128b22886269fc30bdd6a1f98b7c7a045901423b1e0b5623d9d222db4bf05a52d67b0c77751d6b6f24ec6bbca8aae8152e7933a1cd12f0d4f002954f91eac777bff2bea7874e749760fbfc41249ae6c919b732c63a5e352096ce9d428adc29fef4e342d32127fe51a3206d98a14a3b71e58ae38f9b87ad95422c17a0ae3643bdc71812bcdd4ce6ef714fb2fa2bc1f19c4d80d6073b05b958ce138a72c62b7abdfac037de72ffa3460f00812039f4db5dc264b6748d9d456c4546da821f025df1feca9b99e51faf3a24bc90fa1b9853a2bd0935162271ef05441dddccbd9e902c057703c8f71c41c420ca19fb3580ab7ce12313138718aef4554ef5528f9e40927e0e1a87c9cee155d132118bb176fa90f6a2877a0fe2a5764e2361ed5ecb428740a8bc0fc7cdeb1a5186d1d8f1fc347ff1d76f89ecd5dd619b89d2e586dc6a0465450973ee998b39162300a811e7c28f526614ecf43692e730141ae340e5ada6ae2dd22b66054b1a253915dfe111b1bcb87f4a07d7a069bc88f44d1052771e9659dcb213f1c49beb0bd749acccd520186a2b9a03fce449b01d9a7ab6598111f146203e72889dc7d8e2e8465e9d26cb64acf01f7b77f8313a8809f4932d0c30b4fda1982b242f6d0f8d8b9538410717a721bc3537ee5c8464ea2c42630b1293726ab0ae0dfe001db637c404209707be41d6af4b0beec7616a7585b61e355bfaf1956fcd7913658533d84a586f1b0e8fa4057e4af76eb869ffaeab7697e67db7efbaed4713e66b4d77d89ff02982a4e666ad27fb3b0dc1135b8a4724cc6cf100cce132d9227d344f7530855728755ae3283fb697276c6f0cab49ce3cb5f99929d41b74ee7756f06650bed20ea65fbae907a7f169f136bd2924ec481561d03c648837c4f7bf2542108da8f3b0f6bb3a8d4d0f8d7d7f25e1988beda126db97934ddf0b29d32152707ba9ab19dc9f51404a2ba978e778d1bdbe5ea6802ad13bc725c047efc341a3764ad45af5a296dd697d153ee13034b2d2c4b03ba52c436e85c4dfc033791284d44bf6b49c266e25fcafe0f340b8e913b758eccac237ca4b11c4b9010e8dbe0a920d716af6a5ef1311b8bd564ce45a1659d2cb7ab3cd777279008d6fa1172f171df28ebb3fa692303a1f75f8f0046a84d5709295b66badc812d1ecddb0f0f3584f863326a342594c176de1f0f446603a2b28a4c426d7e6c6b6ec6236593d60f54ec5ddde5a59ee2cf3291f76a2eefe59fc67b57420bf6c72a1422aaf640030be22d77aaabe21075d04bb565fa74ee39402a4ab167bd936d3263ef39218006c19b11bafafee4938c359239f461f15c758e558abbdc6fd1c84ffe6f9597ba44d7e1cd7e497bb600ce2ed83dd4092f69be10c32d2c9a806f40dfcffd7f2f1f422f84dbdcf878452f8198e9e2e0b5a3775f6cd8468902e5280ef37edf60031b24087da8f3bd51020d5f1177670a9218a05b63ccd967b5f8ad3fb43c6b65eee780889846860570feb0f7e8a21214aa4d8068c9c82dcbafea2b1a5c3ad8a25a7fd026aa18ca85699d603b58753a79b29bcdfbab9b9fbb9dcc278b447090351bd6e59c6bf5f01ef1c95f3f5565af2e08051ab195f4d748955f2406be4e3e40dbdb5d569a7733f54644a41115908ef52ab9f0ef2d27d62c2ce8a8df85ed19c8838c9cc18e478d5306da34f90b64e7da92a3f6ddc255d657deca443d1ec2e3e1334976bb8be36167dcb6c5cd76d068eebc26ddb0aa741c42cad1c31494775bba137511bddf199dbc6799fc12e9a490f646f711a0491d9aa71ae5fe98c676ea958de7c8ae572772f826dcea3c03a62966fe7aa84fe463836bc00e25c9c16d7bd5f6c622d7c0011288c1df5673d795905988f222bda4e34a30584535a944269e155c3b75ddad7923679e16cc7ae54a4a0cade9110bac38e576b8d642115794055b529e7c771c82b23f25ecbd58a6d045f50361884b2988bdab4bc93076cf5e3ca93f8b069c90bed09b330e7227a8b59dbd511273aaada3909f5c0121254e245e6a0429ff75e7806a3060428d7a56640c191ce9903f840893cfb08546a057d1884d7e68b35bca1033bc0d7dad036fb0ca4e00232f0681f74aa373c38defe1998b5f2ebf32bfde222eb824eb57a35049ed462f01be61e829db0569fb072e76d8ddc2764dc8bcc20408999bae72243af06b4c86da6d56f3d1d35f67f8a52a2a733bc12133529a0d62ad0f11c0cc5491ff318505608433aaed3dad0921203633d504cf68cb11b79971ebc28587c6de93271743c8d39ae2b5e402365cb615cff9b4ba5d27d1f19eb4afe63688c6356398beaea76402e9e043e5ea6837c31c7195024624ec83ea1091bf8e2ea9fcb12918e172e6f6cfe3c054be8a80756e18de627157f83d31492dc378390a3ccc3c79aa88ae0105d2259b11774bf80c87ddd1eaf69917f00285fc35742785991fc4ac06070f9042992a49409158d91b21746b519df1a6296d79c98db5ec80f817e4a370709ea6191fae5fe7a44e4ba0ddcadd806a1270d2cbc33cb9757ce1dfaee412935eb370667d1b8b02985be753dfdb90f71ee1ae95fd95e94a5549a0162dc61c0a9351e7e7fee3fd1e19a577e0e4e550cbedb954fa272e535d38a9a547054419ead4cb4bc68a7b6ac53428f6a884109d457dbc953b9171e20a38ec390336f21966132ba8c7c011d5f2480bb634ae8ff6d11494a57d96daa9f1566eac378e46f417355bcf170f419f03dbefe663dfa5f55fb6f6df227cad8139782618a741e8fe18ac8e05d15e4cf556a8eee1d07eed841dafe4009f8259321dc3b671d4b9e074b230ebac79785dbf84f32f735ed996940a42a03f1b4925bb08213c9bd78d492d20ef5b42c8ad18276d2e554882194d32d7cedaa2c0089585e041e4ae9e3e4821418c833f6a730b47454d353d67264f4be41b9c21d929c8d59b4654596500d34b41b15ce1d1b50417d08508cd73940db7b585f280a72abeb22f3cd1da53389835aaa933e856b889068d283e03904e23bae2c89741998f373d6eddcdc4952aa84b9da0ca437f98e875c3ed884421a8512c8c91e45cdc2a6a2f489f472d86f0f311f602999a05f1da75972ef377cd57c48ac92bf4c49a38b6db10efae756e3abe392c670abfa2bd6f53654bbe72debd11d2b2d2f9b5d7d2ecf1954cdf67a805e27642bc57480389629d28082bee34f13b85870855d8206398ef6f0311c9700ff2bf757d39a70eff198a7992b1b1f9e05bbbae88e7987401dadbafa6288204be92e7bb75dfd074e5a3a70d3c39e1367c103317daa47331e06f40cb7cc2de4d2bc25542f3abeecb03630976f41f6f8ad97c24e94357865f4b7e91ddcd05f0e568377e28542c0ba0558a96666d8882b81e0618afcd1a16a429e5327bfa0a1da28450c71996390dbeb50a49d5cac5119470bbaf6a7f4f5041157222db1d8d9e61f7c46bbfee89dc5bc0277848fe0738026c51cf0faf6793b1245527be30c44a7d0171af5f9467bb5f15938c0f49d656f98ec7f3a6d90c365124af698c5174b1a9c0d677f5ee7bc185f9b8df49a0f30416280cb39ad751c4deee2353e396a4637c7bf542bad2c77cd771f29ccb5ee985a9160542666c4c5c13ac8042f29fab5903e2ee74583c8eb8e6b0f721749e880900e242a0979f866f62ce27c16ac3ae1eab26e0c26403772dfb8fafe433eae011a7e3bfcca7f332c737e0be7b3ab38fe6ecd4069d14448610337772ebb02315881a229b1f4cf2f6fc1435eb7ad84b1c26b1003f57a522fc8489bf613a8fb1277133f1c044d2b5c81227779a95802a242a2277bbfd60c7611115553d52a7d3db01327faf79e1a27f30f70a7246b52ad85a60aa91fc783387ce4c4a3ad25ffc446488a0cc5477f6d6013a96530259dd0e7b71a1da5594712c7bdf399a73571495a65a0", &(0x7f0000001500)="9da4b57ebe028f16e90ce7a050949f2c6246167b6a953ba82e71e71cb40f6be6ebfa761a59e4d137c69c457b0574f31b9612bff09730ff59eb1028a1615b5a14751e2669bc3b29c7e5406301ee368856cfee789f8c56b5fc996b1e30fe6ac77cac9dba791846f1ef755b450219a933549d19a31c6416b280dec6589d7488fa515fbdd0a220e432281d8b51a46ad1a46851cd37bd1b7ecf8b7123c5292c133472259a62e64f8f02ca7428f74ad065713388e9483159a8101999f89af039eac9530c84db06c83e70b1fadc4b06979fdc7de0dbe1f8681a0e8a43dad807876b341b9925a3be8318cb6dc6a09e6f8e967d5faa0f494b644d028dd1efea2ec2d4134d4e3d16d91416c7580e4a3079e2e66ad51a3b69718035861ef75c8d0e656c849923db8228c1bd111fb57219b833cf05642d66b0677491a5c5d52b0cdd6884af61ab5a77d13a8ec9c470362bc4afc8dbb9fc31368504492fc3d61581c681ba6f36cbeb3c6781c294ef66dfa2e5ef529675a9236b31984212a6de0db5d6636ecf991962dbdee46946db7b935796cb5ccd7d1a4b4c3cb293fc7b109d1b60c895db1e61b8c464a097957bc5520e7798383a75aa98791be14ed3417876427586cd2ff166b55dc73c415bbc5197676730a2bb0d9c6e88137ef7f973e2535dee2f4893acac4f9c25561fc8923c0545e80a7ce6874b616e3eb597c0c6803db4de8c92e4a8bc2b32c0c40da6042f149111a981ab1fc3604e6c2cea404596be5e5873da8585fc0d4ada19a4a0d8cc7d0297b7853408d29fc046cc6ee210e3fcbba4c4f91684d28e7a59cda5b74296bce326fa0edef67373176b6be1c33a0eca9ccc7485fa795db1b0f487946018d0beb6d15a20e6d27ce267a7fdbd6bc3604efc57f55b39826f203ec4166a7ad9432389ba4a568966acd852730ee4c231eca335b8f22670429b40b40877dc5ae2bb749e0a9751ecaa0dda5750ba56932ee6e4830ce25fb5e61265119261d23e489cbe795c1fb921cc0b0ad1c2deefc13982a935dbef2bf41bcb6c11a8f7b01f17ff34f7c8c0d4b1e47ae40db7a325aa39b6012f71fc3fee0c21ad48bdceb86235ef77878543fdc66d92055c8b69d5263ffdca04cafb73d5b7a49e6717aa9d9c3b22e1c5f5f750576660de05b2f4272fe4b2a4848903eca1cd2d755e445e97dba8b1826b493b4258c1931bd9dea6cf32883180eba5fb0d5b2d338a4c2c81323ad1853f437eb3de5b14b4c623312a0eb257745ecc1b3edfba09aefe0b28650edd213579062f26fac066e91f88b356bc2f4f044f01f13ffab734c023a98d01d8a932681768e481cddf6d74d1c6b952a7a031f83c3a20c40687b8964a41d8134f45fa0e89ca735e79d45f0a7d97aad474781c565294dccaee523a2ee6e8b62b25ca3dcdd9400037bda80f6717a9c33cf42c30b51a95bf5e9cf3129c3e48ae4f38a1708cc579c7aa36b499a49ac9290ca2fadaab32ed0e5273ee2c22f0cd99ccc59178d76432346db78171262cb1e60ea4117e8e7fd0f43d8afd03b5fc045cd2bdba6ceaf88d8f05ea73ec2e9bb414db1f5e5be66660f8db1feb15ecc6dc9eec4cd3629dc2919527a62d1e8e82f67916c277d090e397b75838635821fea03cd6cbe77fd576f684a173e78ca96e45d797481fc01df01dca283c7f93f4637855580dfec50ce775fc001ef02aa8d78f146fc513b7fd04e3dc6a7b463c1e24c64e4db2bf70f0ae0e9440abd9049afef13e967f12a5480ae0c0ce98fb447f4942ae144e4dbc40df0ddf325355ff138159f79aee57b7e002923226a800444f1b20209f96d6e7a454242c114a4600ecf38f0304e36787540fd15b26601dc7ffb52d2bfb4aea9699248e0cc7743ff937f4b2ab888eff14220c40216062d34cde37d4a9972ebb10b3854890c9ee6f78e8c3b4a8817cf6716d196a89cef4f6949a765982cc3d544ed36eeca4f5a18d7e1a49514574138cd02ca18d8d08fc5ed1bdf699a016b2fd99b255d98e08af9ec33727b1956405af9a235900f9714240140208b3a46f72f1d142893a580d81fd13aece421f248b963046f78d710a5b4c24b5f5031047a99798f6418396bbc590fa024255f05d000a34cfbdca4d74fbb58703a526564d73a0481f4e3906ba8ffee46308fc986a439e520b42d04cd9ea881522bc0f5bd04421bfce49e713000515741616d572c740c7cf24df74e9339802dd4b2ecca35249dd75111f8330d4fbc02844965f019f746740e92d0159fb1aaf6ee020abded153cbccee620d77df08713a6487fa119ec35e712a4945a72dbd010bb7307103e022ed8336e6e115c0838d9b2f639f6525c6180080c07c3e17e4ceb06ee7e21e0b058c64355ed6fa458a6e84fd6fdca84527318b19824a161806b354c03b8384521e719a92b1e805e4e42e6eb0b61d8ec3cdced738a3811578f896ead98b6d2f6cf8ed33f3d78cb418377adaa6ab6e19d2be79277c8ef9dccf1e1db1f9a37e2cbb447fdfabc5426bc05b875ef6487cbe9e6d34be393d1962433a22f348dc5d55a66909aa3a813ed06bca1531edb2d17e20e3fb1ec4b225518f46423499dc65222587b1b77d3274b4940d9c9cdb3c6c632265ef267ff1df52c8cf3f3f718645734fed30a71ff60d34ac5019c2f0391846cc280aaccf80943420df4dc15685a89aa775ab03c54f7656f173beeeff463475e648aa429207420775de4a8d505c8e9baf0f5db1240fcd43b357de06a521936bad0a1aae717580365c19d74dbbd21974d60137e41162131405887e9c1774e30500498fdfb3fc3ab7f9da78c9e50939eacc181ba145244877b70676b0332bd1e142f9c91ad5806595b1760837d0404b84ccd0582c7d551c018c6de254d8ab39e3316bdfa339abbfb3ad00708967a9eceb318f3e7748739626e3414dd1c28afc82e03c994fa2c7f2482cb7eeca26f0c31827b77cf2604848e1171f414476efcdc22230bb80754780e8b049949f420293bad7c3ad0f74b9f89ae1c7b4a2486e1fafb7ed3f3be9f043e71e35663c7fff94e88aeee8d9f5b794943a365463d72bf770da6f44cfe23938a9eff451091cccea86bfc3bdbb611638160235068e24b05e2e0f165046df2568c95d62c6bf2650ff64be78d709107fed603fcd533bd5b6e3b7373572622e560940d1069335cc8877c427eecdc6c69511fb3a8775a82c846f5eb1e4189c62c263605c86b6e5981649dce7ce5efe79ab7bab1f20fb06a7ade990acfd5c72aec86c350840c1a3905b2f8c01a305715422b0a397dc6f203f8538b0b9ff67771aca880f1f792c265c2fb9697ace708d272f7c0b80a6919575940a95d6a1dff880592418ff34d03be8f51b8806a2106645b7b3414337a88be8bec032270b82e64c8e1c3bd403bbfc7fa5c3c518c1987abd28c1aeb1346753ee507db5cb860dad8b1b0823db7c6bee403c4e1df78c27c10256eecdb78c912c46882f0debaeea3dad406801e6427578156923ad1b40be703ded5915197725b6f93e96cc8dc925a689a4b40e408c8eaac07d518b2ce33937b2a4adfbb48ff5937c00fe5d0cd23060ce089d87d98414c605bb201f6e0e963cab300616b83b8c5b062b81f7e6017ccf74fae1d7c4f66eb7d9c021c091e4e26dd4c2dc72bd86dcd917736030d59183b96e8fd9aa7e10a5542a796f04c8d5a1ad9b63424015962a5f512d10fc6244e9450e8dc42d8289de62d6c119d6662fcd5d4e9d5bb085e289a9e721d84df3e5454911056a6141b3c11034d5aaf1c26582ca59e2b5ff7d21d57d877c27a401b2113a41b071ed65a0fe8d43b168a56d47786df6d4fc1f421dc1e2dd0dff714eb30c9c09833e9e164b2cd32fd94306d099bd5ff7a5da49c89be5bde73418db9b5b7ba86180d4784a7fb3a4b68d2620ba76a21a5d1e39ee4494f066d5b8ee2cfa71b21b70eb4e9cef0699115f6687bd21ca8e9176061fa0bde013397663e92f36bf55766213f964797efab2ab0690406fbd0a8c4f615a20a51732436ebc7759f5044710c4de03ad7951bca9618f37881ea258494e808a1431f4b9d2d999d720e9e072036ffec39ec7cb7bc2769b09f8cbc04362f08938e34e7d8f8510bf52c6d3c2a17c25bbd363f047861a0516aedaf1f8579a6cc2a8013db1d401956c8564f12adc9d94e2f1d479a94831ac40e5a27271403869bdbbf194f73674224e473f464d40f9c61aecfc541359aad7f99505135e1a5253bcc482d6bed61492f00c6a11527f0aed13e1ae4d83976463aaf9319d33d539d0222e86acb2d3a1f43343f2a6c8242d366642156bb08230a324d6e5b82133b5725eb805298132df9a8f73736c0b073bd1de0705e2335828a29a11056ff42f9363bc2812db9e35f3f042d21d0995649431036f9aad34c1f2c0bf47a43c2f3bfab471d9b83d6ee538aa60ed445b4e032652eb08649846babe8ef9b8452f7f1d1d3375157cda532782eef892effa4790b75cd261fcdabc356845317fe4abb52f753f012d90eacd209d8d6647846c75b2c62a456c2712e306fe7a04714e3a92d77800d622076aa409995ebd3d48e75bb64ec52eeb3d7a725a0c353c24ad6e14aa8f9722cb71dfdebd40ccb04789eb59a82c57bd1d053697cf0bea3ce1ced0941dd8eda2135ed022011ee18b4ffbe3ae6e17e941109426ab3f17535cd8b1391f351a01338685332c92603da2952499c5bd3c38b0fdcf51555462b8dd95440c2a6bffe0ac27d0a0c7f13f5dba76ac60eb9d9113373473928e43eb8117638d94acb0c2b36bf1b42f9d9b97abaeec4216ef4aace5030ec9bed67f449f311e0e0ee9e0792c718bc544ac7f31217729ee0485f57f302dd98efad506d3887e3802ad04d4df18b7f306140cffa325bd8b75e8f2c6f45342afa6e2a676822dc5ef6527c4be0046b45a9e1bcbb6df9851255a2eac964777c475ead2e5677f3567b608082abea7d7fe123abb0af76acc8702f8700f91cf4a6a85bcb965f8c2577a8b388243f415efffbf5bb70a9964786fa1d2f9ad31b2bbdf778d081853ae5fc62ec16d23e7d8d5a533a48c5c1f62659a9b1ffe7a19fc35ed2fda988cd76a5ad3a8a983b41711f9fc33d38e286ae652c547a7978b345813c25a7554382c54ea57eb13e036256db342bee1256630371ec5090955b8d9e628f5805d64b1cd3ebc8194a56349a5bc0a9e08384af1b519d313a48a1a1524b15733776df99dd522cc327d99e33418583c593fb52d2fc8f7155b9c4297119906e38751a03ad6ffc0636d62c8a423ec7b652dfaed14c7df20e21a094ab42aea11ec4f19f3e5d68944d9509754d94cc9cabc8c40503dfa685577c757b04f99e11b7a38faecf6f0733d9c4b6caeaea085d0d178fb6f89d90386299efef7ad34091e5b5b26d13fbd091369e9bddb65d0253289dee6e13211b2b26c9c0e151d2472ad06c1e2ae16e669549e89480a34a809b01e005f0fb856cca31aa15d94022ce16ece1702696b5d3354233494183cb46422fb27202b9855570ddf3953cfc14f4d0eafc3d7e48c657d8494f77643298bd3db1aae7ab389f6120be151a62e6a2186dd6d086d5a8d9e536ef66957b0b58515055d7f041834eadc32dc42dfdd8580c52c9070cdd243701a4a0e78e931ef47d44c71d53b803ed56daa6f50af78b7efcfd27e74f6b9c4940c7f520129173494a3178277155d9f6507abbc023f9bdacfcbfaf7961b3b2543cdf0d4b0c904b52479fad26d3f0ef8f69499fa27c154a07494d913811edd16005c304b180425bc6c3550d3b5fa429cf59da1658e44ec88fb179df6fec8b9c79991e7"}})
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000140)={<r4=>0x0, 0x2ed}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f00000001c0)=@sack_info={r4, 0x10000, 0x8}, &(0x7f0000000200)=0xc)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0xfffffffffffffffc})

14:33:22 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:33:22 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x10000)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x10000, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000000c0)={{{@in6, @in=@dev}}, {{@in=@multicast1}, 0x0, @in6=@remote}}, &(0x7f00000001c0)=0xe8)

[ 1647.685899][T18722] IPVS: ftp: loaded support on port[0] = 21
[ 1647.748447][T18722] chnl_net:caif_netlink_parms(): no params data found
[ 1647.773415][T18722] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1647.780560][T18722] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1647.788782][T18722] device bridge_slave_0 entered promiscuous mode
[ 1647.796475][T18722] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1647.803915][T18722] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1647.812030][T18722] device bridge_slave_1 entered promiscuous mode
[ 1647.826945][T18722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1647.838376][T18722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1647.858257][T18722] team0: Port device team_slave_0 added
[ 1647.866285][T18722] team0: Port device team_slave_1 added
[ 1647.940569][T18722] device hsr_slave_0 entered promiscuous mode
[ 1647.978581][T18722] device hsr_slave_1 entered promiscuous mode
[ 1648.017863][T18722] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1648.033992][T18722] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1648.041108][T18722] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1648.048504][T18722] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1648.055561][T18722] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1648.090485][T18722] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1648.103308][T18722] 8021q: adding VLAN 0 to HW filter on device team0
[ 1648.110653][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1648.120388][T17835] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1648.129949][T17835] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1648.157745][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1648.166287][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1648.174905][T10635] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1648.182019][T10635] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1648.189544][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1648.198213][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1648.206507][T10635] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1648.213623][T10635] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1648.221312][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1648.229944][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1648.238571][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1648.246978][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1648.256729][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1648.267873][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1648.276590][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1648.292627][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1648.301131][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1648.315350][T18722] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1648.326668][T18722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1648.334839][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1648.343502][T10635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1648.364042][T18722] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1648.976962][T18730] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1648.987876][T18730] CPU: 0 PID: 18730 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1648.995533][T18730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1649.005604][T18730] Call Trace:
[ 1649.008918][T18730]  dump_stack+0x1d8/0x2f8
[ 1649.013266][T18730]  dump_header+0xd8/0x970
[ 1649.017613][T18730]  oom_kill_process+0xcd/0x320
[ 1649.022388][T18730]  out_of_memory+0x5e1/0x8a0
[ 1649.027014][T18730]  ? unregister_oom_notifier+0x20/0x20
[ 1649.032482][T18730]  ? trace_hardirqs_on+0x74/0x80
[ 1649.037442][T18730]  memory_max_write+0x537/0x6a0
[ 1649.042330][T18730]  ? memory_max_show+0xa0/0xa0
[ 1649.047118][T18730]  ? trace_lock_acquire+0x154/0x1b0
[ 1649.052326][T18730]  ? lock_acquire+0x158/0x250
[ 1649.057004][T18730]  ? kernfs_fop_write+0x22e/0x4f0
[ 1649.062034][T18730]  ? memory_max_show+0xa0/0xa0
[ 1649.066807][T18730]  cgroup_file_write+0x27b/0x6e0
[ 1649.071761][T18730]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1649.076892][T18730]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1649.082040][T18730]  kernfs_fop_write+0x3e4/0x4f0
[ 1649.086900][T18730]  ? kernfs_fop_read+0x580/0x580
[ 1649.091859][T18730]  __vfs_write+0xf9/0x7d0
[ 1649.096222][T18730]  ? __kernel_write+0x350/0x350
[ 1649.101096][T18730]  ? __sb_start_write+0x39c/0x440
[ 1649.106133][T18730]  vfs_write+0x275/0x590
[ 1649.110405][T18730]  ksys_write+0x16b/0x2a0
[ 1649.114747][T18730]  ? __ia32_sys_read+0x90/0x90
[ 1649.119499][T18730]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1649.125288][T18730]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1649.131019][T18730]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1649.136488][T18730]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1649.142254][T18730]  ? do_syscall_64+0x1d/0x140
[ 1649.147012][T18730]  __x64_sys_write+0x7b/0x90
[ 1649.151600][T18730]  do_syscall_64+0xfe/0x140
[ 1649.156132][T18730]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1649.162014][T18730] RIP: 0033:0x459829
[ 1649.165894][T18730] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1649.185490][T18730] RSP: 002b:00007fbcf95bdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1649.193890][T18730] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1649.201847][T18730] RDX: 0000000000000012 RSI: 00000000200003c0 RDI: 0000000000000008
[ 1649.209821][T18730] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1649.217799][T18730] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbcf95be6d4
[ 1649.225756][T18730] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1649.233927][T18730] memory: usage 5400kB, limit 0kB, failcnt 323
[ 1649.240249][T18730] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1649.247258][T18730] Memory cgroup stats for /syz4:
[ 1649.247605][T18730] anon 4386816
[ 1649.247605][T18730] file 299008
[ 1649.247605][T18730] kernel_stack 65536
[ 1649.247605][T18730] slab 950272
[ 1649.247605][T18730] sock 0
[ 1649.247605][T18730] shmem 102400
[ 1649.247605][T18730] file_mapped 135168
[ 1649.247605][T18730] file_dirty 0
[ 1649.247605][T18730] file_writeback 0
[ 1649.247605][T18730] anon_thp 4194304
[ 1649.247605][T18730] inactive_anon 135168
[ 1649.247605][T18730] active_anon 4386816
[ 1649.247605][T18730] inactive_file 135168
[ 1649.247605][T18730] active_file 0
[ 1649.247605][T18730] unevictable 0
[ 1649.247605][T18730] slab_reclaimable 405504
[ 1649.247605][T18730] slab_unreclaimable 544768
[ 1649.247605][T18730] pgfault 355410
[ 1649.247605][T18730] pgmajfault 0
[ 1649.247605][T18730] workingset_refault 0
[ 1649.247605][T18730] workingset_activate 0
[ 1649.247605][T18730] workingset_nodereclaim 0
[ 1649.247605][T18730] pgrefill 0
[ 1649.247605][T18730] pgscan 0
[ 1649.247605][T18730] pgsteal 0
[ 1649.247605][T18730] pgactivate 0
[ 1649.343864][T18730] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18729,uid=0
[ 1649.360564][T18730] Memory cgroup out of memory: Killed process 18729 (syz-executor.4) total-vm:72708kB, anon-rss:4244kB, file-rss:35792kB, shmem-rss:0kB
[ 1649.380151][ T1056] oom_reaper: reaped process 18729 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB
[ 1649.752144][T18722] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1649.762214][T18722] CPU: 0 PID: 18722 Comm: syz-executor.4 Not tainted 5.2.0+ #37
[ 1649.770474][T18722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1649.780542][T18722] Call Trace:
[ 1649.783887][T18722]  dump_stack+0x1d8/0x2f8
[ 1649.788231][T18722]  dump_header+0xd8/0x970
[ 1649.792911][T18722]  oom_kill_process+0xcd/0x320
[ 1649.797679][T18722]  out_of_memory+0x5e1/0x8a0
[ 1649.802267][T18722]  ? unregister_oom_notifier+0x20/0x20
[ 1649.807738][T18722]  ? __kasan_check_read+0x11/0x20
[ 1649.812782][T18722]  try_charge+0x134a/0x17b0
[ 1649.817328][T18722]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1649.823166][T18722]  ? __lock_acquire+0x4750/0x4750
[ 1649.828203][T18722]  ? rcu_lock_release+0x15/0x20
[ 1649.833053][T18722]  ? get_mem_cgroup_from_mm+0x15e/0x170
[ 1649.838617][T18722]  mem_cgroup_try_charge+0x216/0x560
[ 1649.843902][T18722]  mem_cgroup_try_charge_delay+0x25/0xa0
[ 1649.849555][T18722]  wp_page_copy+0x367/0x18c0
[ 1649.854153][T18722]  ? rcu_lock_release+0x30/0x30
[ 1649.859012][T18722]  ? __lock_acquire+0x4750/0x4750
[ 1649.864038][T18722]  ? __kasan_check_read+0x11/0x20
[ 1649.869063][T18722]  ? do_raw_spin_unlock+0x49/0x260
[ 1649.874175][T18722]  do_wp_page+0x2c9/0x1ce0
[ 1649.878596][T18722]  ? __rwlock_init+0x130/0x130
[ 1649.883356][T18722]  ? count_memcg_event_mm+0x300/0x300
[ 1649.888731][T18722]  handle_mm_fault+0x2bcf/0x6080
[ 1649.893679][T18722]  ? finish_fault+0x230/0x230
[ 1649.898359][T18722]  ? vmacache_find+0x251/0x5b0
[ 1649.903139][T18722]  do_user_addr_fault+0x589/0xaf0
[ 1649.908186][T18722]  __do_page_fault+0xd3/0x1f0
[ 1649.912917][T18722]  do_page_fault+0x99/0xb0
[ 1649.917334][T18722]  page_fault+0x39/0x40
[ 1649.921517][T18722] RIP: 0033:0x4034f2
[ 1649.925409][T18722] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48
[ 1649.946294][T18722] RSP: 002b:00007fff5e833df0 EFLAGS: 00010246
[ 1649.952362][T18722] RAX: 0000000000000000 RBX: 0000000000192922 RCX: 0000000000413430
[ 1649.960334][T18722] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff5e834f20
[ 1649.968316][T18722] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556a2e940
[ 1649.976294][T18722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff5e834f20
[ 1649.984274][T18722] R13: 00007fff5e834f10 R14: 0000000000000000 R15: 00007fff5e834f20
[ 1649.992999][T18722] memory: usage 980kB, limit 0kB, failcnt 335
14:33:25 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:33:25 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc})

14:33:25 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0xc})

14:33:25 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000003c0)=0x100, 0x12)

14:33:25 executing program 5:
mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffb000/0x3000)=nil)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0xfffffffffffffffc, 0x100000005)
r1 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x3, 0x2)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000000c0)=ANY=[@ANYRES32=<r2=>0x0, @ANYBLOB="780000006e4e52f2380c14292c04f513c25cacda7087ac40aa7aade092f68b442d592afa4bdae50efb7487d4dd399c22cff2280854374b496aee3ae24c71f360164e2b5c82230e79e4f8b6f7065cef66788df0fa060e6f33a5f6203e4a5463b84fa67d21a0eca8df18253a7600"/124], &(0x7f0000000140)=0x80)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={r2, 0x7}, &(0x7f00000001c0)=0x8)
ioctl$TCFLSH(r1, 0x540b, 0xeaa)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000300))
set_tid_address(&(0x7f0000000200))
ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000480)=ANY=[@ANYBLOB="ffff000041000000c9425ea4794f121af8dfa76416bd1721a3951eb978210a8fba8539495b35a2e2a8ea9b9d32bea44cfcc733c7b1755240746c974c00000000000000000000000000f44a32e85225d7fba7141f7db9da6e2968758897eec6a01b80cbddb892f6f963e155f5b1ae0046df34498c9bdfdc08ed205411951b0d4ac542cef382302221e91cf5f499945e8f09960d4c04112778b15e412cfd9d8abe37856d80a4a9748a1f98176e49fa18ee52c56e9235cfe61df6b2f77e76fc16e067c814bbbed9633364a31ce35bd9e42ba86b265c6ea7637b369f312c6b7d2bcc910e8d08cb13430363bf4861dd748cabd6e7dd90645ed758637cce2a3dc997040223"])
ioctl$CAPI_GET_MANUFACTURER(r1, 0xc0044306, &(0x7f0000000240)=0x2)
ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f00000002c0))
r3 = semget(0x2, 0x4, 0x20)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x4e21, 0x5, @loopback, 0xffffffff}], 0x1c)
semctl$SETVAL(r3, 0x6, 0x10, &(0x7f0000000280)=0x7ff)
ioctl$TCXONC(r1, 0x540a, 0x9)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

14:33:25 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

[ 1649.999129][T18722] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1650.005974][T18722] Memory cgroup stats for /syz4:
[ 1650.006062][T18722] anon 122880
[ 1650.006062][T18722] file 299008
[ 1650.006062][T18722] kernel_stack 0
[ 1650.006062][T18722] slab 950272
[ 1650.006062][T18722] sock 0
[ 1650.006062][T18722] shmem 102400
[ 1650.006062][T18722] file_mapped 135168
[ 1650.006062][T18722] file_dirty 0
[ 1650.006062][T18722] file_writeback 0
[ 1650.006062][T18722] anon_thp 0
[ 1650.006062][T18722] inactive_anon 135168
[ 1650.006062][T18722] active_anon 122880
[ 1650.006062][T18722] inactive_file 135168
[ 1650.006062][T18722] active_file 0
[ 1650.006062][T18722] unevictable 0
[ 1650.006062][T18722] slab_reclaimable 405504
[ 1650.006062][T18722] slab_unreclaimable 544768
[ 1650.006062][T18722] pgfault 355410
[ 1650.006062][T18722] pgmajfault 0
[ 1650.006062][T18722] workingset_refault 0
[ 1650.006062][T18722] workingset_activate 0
[ 1650.006062][T18722] workingset_nodereclaim 0
[ 1650.006062][T18722] pgrefill 0
[ 1650.006062][T18722] pgscan 0
[ 1650.006062][T18722] pgsteal 0
[ 1650.006062][T18722] pgactivate 0
[ 1650.101132][T18722] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18722,uid=0
[ 1650.116662][T18722] Memory cgroup out of memory: Killed process 18722 (syz-executor.4) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB
[ 1650.131689][ T1056] oom_reaper: reaped process 18722 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB
14:33:25 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'})

14:33:25 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})
r1 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x2, 0x2)
ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000080))
syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x2241, 0x400000)
r2 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x5, 0x2000)
getsockopt$inet_dccp_int(r2, 0x21, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4)

14:33:25 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'})

14:33:25 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'})

14:33:25 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'})

14:33:25 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'})

14:33:26 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r6, &(0x7f00000003c0)=0x100, 0x12)

14:33:26 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00'})

14:33:26 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0xd})

[ 1653.328987][  T788] device bridge_slave_1 left promiscuous mode
[ 1653.335208][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1653.388633][  T788] device bridge_slave_0 left promiscuous mode
[ 1653.394797][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1653.440178][  T788] device bridge_slave_1 left promiscuous mode
[ 1653.446352][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1653.499382][  T788] device bridge_slave_0 left promiscuous mode
[ 1653.505573][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1653.549002][  T788] device bridge_slave_1 left promiscuous mode
[ 1653.555182][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1653.588668][  T788] device bridge_slave_0 left promiscuous mode
[ 1653.594827][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1658.768591][  T788] device hsr_slave_0 left promiscuous mode
[ 1658.828264][  T788] device hsr_slave_1 left promiscuous mode
[ 1658.876808][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1658.887146][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1658.898593][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1658.941421][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1659.012799][  T788] bond0 (unregistering): Released all slaves
[ 1659.168239][  T788] device hsr_slave_0 left promiscuous mode
[ 1659.218319][  T788] device hsr_slave_1 left promiscuous mode
[ 1659.266967][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1659.277494][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1659.288107][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1659.324041][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1659.412313][  T788] bond0 (unregistering): Released all slaves
[ 1659.558657][  T788] device hsr_slave_0 left promiscuous mode
[ 1659.598227][  T788] device hsr_slave_1 left promiscuous mode
[ 1659.647872][  T788] team0 (unregistering): Port device team_slave_1 removed
[ 1659.661945][  T788] team0 (unregistering): Port device team_slave_0 removed
[ 1659.672844][  T788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1659.731168][  T788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1659.798932][  T788] bond0 (unregistering): Released all slaves
[ 1661.553204][T18773] IPVS: ftp: loaded support on port[0] = 21
[ 1661.553377][T18777] IPVS: ftp: loaded support on port[0] = 21
[ 1661.705639][T18777] chnl_net:caif_netlink_parms(): no params data found
[ 1661.727070][T18773] chnl_net:caif_netlink_parms(): no params data found
[ 1661.750123][T18777] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1661.757209][T18777] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1661.765523][T18777] device bridge_slave_0 entered promiscuous mode
[ 1661.782629][T18777] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1661.789859][T18777] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1661.797813][T18777] device bridge_slave_1 entered promiscuous mode
[ 1661.821213][T18777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1661.837332][T18777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1661.846544][T18773] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1661.853760][T18773] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1661.861707][T18773] device bridge_slave_0 entered promiscuous mode
[ 1661.881825][T18777] team0: Port device team_slave_0 added
[ 1661.888356][T18773] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1661.895416][T18773] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1661.903401][T18773] device bridge_slave_1 entered promiscuous mode
[ 1661.911479][T18777] team0: Port device team_slave_1 added
[ 1661.929924][T18773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1661.941397][T18773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1662.130177][T18777] device hsr_slave_0 entered promiscuous mode
[ 1662.168007][T18777] device hsr_slave_1 entered promiscuous mode
[ 1662.217734][T18777] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1662.226842][T18773] team0: Port device team_slave_0 added
[ 1662.234186][T18773] team0: Port device team_slave_1 added
[ 1662.320585][T18777] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1662.327732][T18777] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1662.335028][T18777] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1662.343008][T18777] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1662.369263][T18773] device hsr_slave_0 entered promiscuous mode
[ 1662.427932][T18773] device hsr_slave_1 entered promiscuous mode
[ 1662.487716][T18773] debugfs: Directory 'hsr0' with parent '/' already present!
[ 1662.579630][T18773] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1662.586699][T18773] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1662.594093][T18773] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1662.601245][T18773] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1662.701325][T17356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1662.709423][T17356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1662.717484][T17356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1662.725430][T17356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1662.745095][T18777] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1662.827630][T18773] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1662.834611][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1662.842494][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1662.855074][T18777] 8021q: adding VLAN 0 to HW filter on device team0
[ 1662.863922][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1662.872545][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1662.883848][T18773] 8021q: adding VLAN 0 to HW filter on device team0
[ 1662.968324][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1662.976945][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1662.985400][T17834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1662.992508][T17834] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1663.000423][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1663.009291][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1663.017830][T17834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1663.024906][T17834] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1663.032699][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1663.041510][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1663.049999][T17834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1663.057078][T17834] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1663.064859][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1663.074201][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1663.082822][T17834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1663.089926][T17834] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1663.097788][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1663.106699][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1663.125467][T18773] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1663.136049][T18773] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1663.149087][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1663.158035][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1663.166815][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1663.175547][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1663.184553][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1663.192982][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1663.201467][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1663.209990][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1663.218384][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1663.227775][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1663.235692][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1663.261723][T18773] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1663.268890][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1663.279578][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1663.288351][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1663.296819][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1663.306969][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1663.315262][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1663.323681][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1663.334174][T17474] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1663.433278][T18777] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1663.444823][T18777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1663.453498][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1663.462198][T17834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1663.488172][T18777] 8021q: adding VLAN 0 to HW filter on device batadv0
14:33:38 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000003c0)=0x100, 0x12)

14:33:38 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'})

14:33:38 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r5, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r4, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000003c0)=0x100, 0x12)

14:33:38 executing program 5:
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000200)=<r1=>0x0)
lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
r3 = getegid()
r4 = gettid()
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in=@local, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0}}, {{@in6=@mcast2}, 0x0, @in6=@mcast2}}, &(0x7f0000000400)=0xe8)
fstat(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
sendmsg$xdp(r0, &(0x7f0000001d40)={&(0x7f0000001c80)={0x2c, 0x1, r5, 0x1d}, 0x10, &(0x7f0000001d00)=[{&(0x7f0000001cc0)="aaa7ca824ff120b6872b7d20f475b26891badf5a9a9acac4fab433958d4420543d9100ec3e9068de58e5be3d894f054f14649d6caaca28202c5757", 0x3b}], 0x1, 0x0, 0x0, 0x8891}, 0x4000000)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000004c0)={0x0, <r8=>0x0})
r9 = getuid()
r10 = getgid()
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000001a00)=<r11=>0x0)
stat(&(0x7f0000001a40)='./file0\x00', &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
stat(&(0x7f0000001b00)='./file0\x00', &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0})
sendmmsg$unix(r0, &(0x7f0000001c00)=[{&(0x7f0000000040)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000100)="eb7739f32171c1349c7354dad0695ff1c5053219800c7de43aa87d853782bb0e40fb540be955a00ec3818d8d852e4ad23ba96bf8fca0f1cebc883e4a501f939a3620f41d7058f8a15e9cfedf3e1d06aed8561c6f9619dbf2100d82dc4f3767570c99bb1d62300b6b4737f7fdcece85c2fe4648639ccdbea2d88f827772e1b85d910e8aeb98c5618277abff5dde02567b7e6fe54996d9cd", 0x97}], 0x1, &(0x7f0000000500)=[@cred={{0x1c, 0x1, 0x2, {r1, r2, r3}}}, @cred={{0x1c, 0x1, 0x2, {r4, r6, r7}}}, @cred={{0x1c, 0x1, 0x2, {r8, r9, r10}}}], 0x60, 0x1}, {&(0x7f0000000580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001980)=[{&(0x7f0000000600)="e98495bc6b17fbd0b3a71db30b349d15ac49375aae8efe668ef09efea7adfbee4393d9ba6bbc244392aa519268ed6f2ff9688843504d7b917a5e395664884544cebf1f687406692b819dac4d40c413f3aeef7cb0338b91130f3ac9d477910fbeb1c86a1d3debcf67d76e9e747d66a853d8c4883b898012b3fd37ccf5382a477594d5ff6f14f2bd945c76e97203890b5cd750d6414aac22e52f9c16643b585e50721cbb6967ed6767f09f4c0eaf0280aef971b8f01d5adb9e439920dd465f70c76c844a64fd16069f0719997b0afbb86adf6c861e169a38d8693cde2ec2495a40a26c2df23f5aff08bea14cd7c7544deb09e7", 0xf2}, {&(0x7f0000000700)="ba11e385de38101ad8e8dbc682ebbc0a43ac2d5b9bcaaab4e37242c12750e908dcec88fa1893c738f82bcebbf81bfad085175e8be70d18f24f8de312a29f0e0196811781511b826972232f22e824953fb392732489acec5ebf8204396fab6b868b271a4fd1b42f3c55297cf6c0116fcfbd129492b8cfe1b4588add559d40a4115f5d919b74e2f24f4ed007459dcaba55098d909837df4a7a70ad0383d5d1547bfe475da220f7760089b7562e12fa423a464c14b4eb2555af8b78f2eaa83cb086d7465f084f3b4beeee1f865cd1c7d45fb374b79154a6a2b99696d71f791e06826047110b4e509179d9ca3e2ddeb2cf81b367f77b42cc60a5342b129e347bb8ddd820618b364c4b34a557a3668756d6f84093de4bc8340393d84aed63e6c435cefc1bb0716ff5b0567dce273902da66be74107b8d9b04979adaadd6c11442d6df0ca2b4014d30ce7e5ea03ab6282bf291f044a1d0016a81fe7264ab16eed286b75a94914527c16115eeb26c88cf2c1782815bdbc16c84c063da6ad6c62e1abffecd24a18531b7778eaf46cd712f58ab6035a3ef3bec064adfbe7dc970cde11a07d09a07eed28e44d3bfb57cc3a33d455ae429c9fb4e6e383a137c6645aac32ececb5a5b4e7dbf9ce6be4a2aba55c67a9c563f1ecda6c3b9b19741f74be40d5055716771ee5e49dfcd010b2bad1ee932f83ff4a387f4c1541a8535a18f0320fc7ba498969391a707b904849d2f5a9ee2a6443f1100d745fb4db55351151f787331d4dfd6786ba57b6304a0b772ae4ac14cd49b22ca0beb00ac0fe7ad93c020f100f74d7ab76bcac7e0f51a5043ef078230de1460554e24f723cc49a922a8d7d5aca2d4c97f09118459e74e2b2d01aaddca6487f02d10d1754587307393d9b934f36e0a56f35533bdb88ea925cee229eb45152cb0889349a9c61c935870113d5942e14d2541576f6fbd02eea0b2946220cd9a44bf919bbfec0356c4eeeb6e0fc3d181fe789aaf7dab8d64907326561a92ece060ec141e5e74f4709ca0c8faf9d8daf9e7db92b0991207829f8695169f625ae20200a8cea8c34f7a048f007e726431409d97c47f6ac1ded2db63b489465a43c8b84c82b8e6569331f76f466b0a24baeca448603b2334e96c3cb022ddf3d727a58c702b1f0d5f11f9dcc03190b4cd2293e6a7711a9c64d9764e158c468fa2a468eec8bc83cc70fb0c07b984bea7e45a5040a097a199599c7a70b031797ed01640811f92b40da55da4d5b111f13778d9e515f95f22c128f213af6a766e3f77a903ea97f2f7ecce9765646b3a11b809f7e7c92efdb861c708665749819b04cf4a86831e26acd86ee222ad048e841b1a7a622b8ae652fcd4dbb6c24dbe188591452d5cc0e41f6fe085f73a57a2411618601082e61dcb95ed233b3e0dcf20a65a0d7de923c898fa78d1844c10537630a733f4eaf1d236127b8304f6c7333dc3cd485a0998e532b8a5d55b38210e77b815269d2306ca4154cc14dd5cb1c50ce6a77bf90a72ef23f4d4cb2b6488952f2e49498f167ace74fedb601d2489de1ac3ac0c17376e9b326fb6ea0e18dd19ac430b463cff8159638b867480a9361322a04d299a614077dc9de70ff0cc85cfa9edb0a4f517f98b382f70a9fe5b475f5cb3844d7508df054b226d37dac1432b965f406ef77da103bcbfcdc3b2b5a75a4193e8e80c481f7c22b08493521079f15971b0711e50032737313256304ddb063962e57f0253589bb8c8415c0c2a5526774c78004f83501517dc276f2f1d0839cb2c5c2d8dc00a7967755b0ab794ae1e0d79e83c5ba22a7a3808b87bc024fea4b696fe4178b47c8c912316d147f3e2364201954e47d3a44863dd450966ce5f78290aa4f5878a382528b5483db07e24acbee4c0a062d59d228836fc576ab1f99e3592882c4b8fbe4977374e5565ad2407517ff4eda9aefced06f44d89c572cc675f0686d3fe89813a40b91fb86bf0efa21e475b3acde2c17b9a1187534ba1ee63c3801555306542199997416985be8dd81429d618331c79faa1affce485ef4d89ba3803a85dbf3925d02cbadacb6b3a660225ee3928acdfc0167c4dff040241f2702987f1f33ee3b734dd8fd62be25fcd3eb23bca95fcb27b5ce0bb550c77a0c466eff67ceae7764802e5738dd49b571af2d52444f7bbbec3db2e7dc26101154922dcc36fbf79c9d752a6eada29c4b383c0d111616d029bce8966ffcd9494b2fabbd446c2ab07b8c3b844633d43be71a18f416ab4776da804ba16d9837bbe4d445318f23e89859d351d010880a37b056fcedcc67d173c62f55cf2ba534b2de162cb1ec74ff642942ea6accaa9c2e781441f742d24f70553c28e0dcdfd141db5fc89c5c2554540d2e5706fdcb2b8d3371e910ccaa46bab34b71774f85f8e0f9da79bc135ee50a2b8ac6958990afd6308f9cdc57f40a7de199db056a13b83027e5d07504e899a6824bc5efd8b3ecb8ad1ebe021cd7c09ecc91be7a4868d327342bc81c2ffb0d27401fd9eca1896164fa23623a65eedfa8cea3307d0a926437cf698addbbd318c1638e1735fc2cfd3daf36ebbd34de2bfc2a1000884fd1a2804cbece5a55114b4c69d5397cac30bf7eabb294734d59646fc1dd0a0e0b3925a4cf73dceeb6ff77582e70f79162091172adc5bbe3c544de1b400d53dd57cc8a5a120bc06cd1d3e3193c9f41873c402472d632363606d0f239b8af80bebb53178215faa4ec36ab4af2f2a7c78d74a7e7b38ca74e14a65252ae2625a1c6cc64764b1716cb11a3915342af5abee66c95d0cb317ee2690aedf9d4c8fbea0b7e15f7ccaca680054987eca28185a56cf0e0d2b72a59ca5628b1c6c5be4bfcde551d6dfbaed956cf576fee24c0662b3280e0c4cbf4b56e557da33cd4c6ea3ad9aae9e8563d95d6f274fbbad33b1bb60c2aa74917ee2f8bd9c14e5de6cd74f5dc05fc6d115cd639742c54020a279d5de975b28fd87d1099f2070e6106642fa345220cf8397ae22183db1c07dbc4420b6146e882db166e912f32f66b33345c23df6d981922d74ff3782ab14c7aa8b537c28b0a58d5825e08d182e8b41cc62525b18405996f9281ff8aa231917db5f433c6f29f9efe9c2eeecb978e2225733e592525bc63cc97c1d8cd389efabc818805b24ed6ac269214049779750529720519ea9b9158aed15e30deedfa521317b356b6b60a347fd0eeadd2e7890831deba76723cd222be16f2e6268b7d15c3e41542faa9709aa17d87fa2369ae2aa16031ed6ac879d1ce966e7171b462bd585f8d8fb47a5ab028e5da623ef68f69ac6d1621102fd2d760fdbe9490c25ae4d0328354ce9fe2b51a300ad8565bfce2deabe617a64258d9b3f4453cb9fd1425a1264e0c44de8361f25ced2c8772aab4d68f04cf05f3ab104234a14c4cf24bc7dec15b82200c6ac5c859c2fd285646bd668ab94d87943d8aa58450a85df2ce251df1ff91d1e23384352226f54ce40691534acff23f0018446e62690da5bb1ed640966adfcb2e373f019243a59e1216aa3ab9d5655d7ed920ce226270e67b6c8e31b8b39c562ab0143ee1178447bfd0340ac2a8621209cd8c5a6a75dae47e227bfae99647eb2a2485af6555078c78de1b3bf985dc1f6f1fcba1c848a99db4cce0d9fc1f284a00a945033d88d77c5fbe37765449990dda72175ccf75efabc6d321fb32027321f0f29a01bac814cd529910a32c2f61a9ec0dee53e396da2fb64a11b344c72898971714ce69529aba6d29f8fc9b5127b73eb6e9af8833ef91832d7dffe23500e9bd4cb30e61c08b0d9b50328543b727981c797c129e9347198c5850d503e892c33a240607c61e42bf5c53c4993d9544c3deea6cff1743bac058ebd265a54621391782f36add0398309c26521aacba4a4d63476a065185bbc05f6e8142fff1a7e067d7aeb31c3b43f3cf2f794466de65106bc42fa6b0d0a22679514de9ff067f54b1a8bc2889493162629057ff3942bb7da79de11d713e22301b739aacc3ff481ae60b466db5ccd01302b9f652df15f9b3eb695826516e57c576a1c15f29baf04f080ee1e84b7d48c734cf04f0a5a884bff423b0a0f4a0ee903a685cf4b86f1a0b2a76af5bebddba33cde0eb81e52231e11268d5ab3ceac45f1d2a82587a1b05a201fedfdf89fa62d620ecd9eb06035520cc94adb0bd06614d58703065189885c77ad183bc2d76e9a3167f36fccb1b8ee51c03d7fa4cf2d83fd38204eae749ea135730dcc9ec33cb2d7b0db2616a645c14d437d5380c19509a8c53f513663eea46a8290fb3d94ebe02170cd51c0c3d794c1de27d3303b48936b1f43d6b43f8a04743eff941dda61d863d0ab498a9f1458f7cf6072e9186eefc8148e0ee5a190de9b4d6af736126dc3456c5be5482395cc6f416c978c036b35b8f80fbaf166b6c2463ff98394de5a61795aabc93f79bdd0a0c94694c6e1651c6f9b0c9fe96fd93bed479d31605fc3d676e55a4468a848e892af6286794856b6f00bebad7a10d6c428a677c13241457140d4490e6920318d014295baf5569a629a942d80bfd7935462356a66888d1c3b3d679135c948a4261c569257742f796afed38228bc3f3b425fc30d2414ce7ad4569cc8e903c1f0128da40e064fdcbd54e5af90da4a66b4e1951973647088726ebeacee938da9dc706c0144b9e5710683a6a67e1d8f49ef0a36023fa33515673e59a869d7b0088cc8f31b0ef0085987676721f6059eedb2a5d027050e42229c78b12d3639da8945661211eecf1091cf73ba2e818ae462a19b49ea2d9e5a4043a827af8d5528d7b7bd7e883a65919f01c1f68e394ab9a66f08ea2b8bce2959f88c46741aff331526b3b4cc5975454283c58eb08f26845c2af74847153ee3474a87e28f71189fdaac157abd28ddd718bd9ddc5de93caa1925220ef0601a71c9e20eaf8be438db482392979e4079b0967620e2c337ddbcbbe857ce864b51144fd3b6480c8ba17ae05d4d69ed1ec0f2c1136ba6ffc14f8bb41b11327ba206a6f60a1f63b24d403b7fb9c0aae0f47f34d79d48f6c1b2401d1605541d853d0791530b37ea9a164acf483841cb7481e3726298647779f7184b4faac13b00e8acb4450c5e1843470cace4af00e94e7b86cfd82c453ef17f6d9cc82eafe9a20d2b63fb72f1e3877f414ebbf7637a70bd5ddaa3d3afc76b864195b3dc2cfb7e1c573ff2776492a1d8c4e9cefe67d84b9d75e79849c0a0d48300a1c4f4c1011ec48f87b306c931e995d74a19289939b5dea1414e7c037ff24a627f569df2557341bdbc327a37f7872629b668eac5ec558526fcd7e551aabb2acda7b58310da34cfa0d9736ded063c089f8504a37b06300dc59a6b06c3c234ba06b251a486f3e0ae510238335340f00d2b70bd421d53c736975c4059a4b491330d18ced31cf614477c0c5112dbaf88f77c88c23d21aab0dcb2370abd090b6dc2d3890b8a9805d89996b2ed37ef013f63fbda3c6238654a0738897299f10ea81e917360c545195db2ec0f4247eaf12d850d1678399bb12e5cf29c697f189861a50e8b3dc52e66b914f37341e12d573143374a217bcf48096f24b0c75adf8688a676b19c73cf8fde59e0978411fbedd70d5e8ae62b06d3efedd4215726c0f7b273793aecb57283665339e285f6a4b30c47723937131c7b8fd8d25cbdf370c631d2e0d02671d4f17823ae80f4632bc6c4bb5ee3ce6837dd33a915e35d38fb9d96638cfcb0fcebc31b6ef10de5f2e952334d5ae05e661e441cbd866abfd50fb12a2db84595e0510db4e1a8613f4f083098c9", 0x1000}, {&(0x7f0000001700)="616bbb378ef7138272f49fe665b33771190ba8f601f1010ac10616970e3cb3e758f38523998c57c559ddeec28fefb0f54d94b30850ad2e9391fda4", 0x3b}, {&(0x7f0000001740)="102d2170250ddce6c3ad8a3eaca46da3231ccd5620ee36ed45a8a169b3aeac7556c37f90a2e79d86560ba659a64f4a8f87f4e3b7d030b62369bc267223cd95535b619c5d1e0b6429b9c3ca4fec6d44aa27b89515a9e01b51d0", 0x59}, {&(0x7f00000017c0)="4776f4c234324f2fe241", 0xa}, {&(0x7f0000001800)="b634be10394edd2616630e9a97e618c5d42285119ef6bcaecf8e49208eed0b47cab504004ac55c22d78f6a56a1c331c9e9266ae4326eada6254935a1a1bdb0408ae872db9c95ccb07d51bb9185d979b8e4f6cd97d853e3202f5bcca693dade7f4691f9c45a6671c3d84c3ba08bd8686b806f7831a786ebb8daed203bb6bc9c5c08cd833ad19dc18d576e4bd334759bc48a1999cdfcee00acf213a05be99fadee8838458ed7690128e44a18856d8ae938d68939c6a320f565603d7806fca06df803b1acd775823680e05b84693c7e4f748dfaa799094b24cbe92c4901", 0xdc}, {&(0x7f0000001900)="9503ae341a415e08b421a6b5bad0f7746b00aebb7c727a5a226053474306d3b7bb4face16bec857ffffa60b6e9f734376fbee38cf0537198fea1e6ab1809bc", 0x3f}, {&(0x7f0000001940)="b4a80eb815a759229f1d27796f858f58c5a3db0ea84f434ddd63594476e489", 0x1f}], 0x8, &(0x7f0000001bc0)=[@cred={{0x1c, 0x1, 0x2, {r11, r12, r13}}}], 0x20, 0x200000c0}], 0x2, 0x1)
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x400000000000, 0x100000000000000)

14:33:38 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0xe})

14:33:38 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000140)=0x2)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
socket$kcm(0xa, 0x1, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12)

14:33:39 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
clock_gettime(0x7, &(0x7f0000000000))
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9, 0x0, 0x0, 0x40})

14:33:39 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'})

[ 1664.035594][  T788] device bridge_slave_1 left promiscuous mode
[ 1664.042358][  T788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1664.048653][T18796] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000
[ 1664.060895][T18796] CPU: 0 PID: 18796 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1664.068529][T18796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1664.078706][T18796] Call Trace:
[ 1664.082040][T18796]  dump_stack+0x1d8/0x2f8
[ 1664.086374][T18796]  dump_header+0xd8/0x970
[ 1664.090710][T18796]  oom_kill_process+0xcd/0x320
[ 1664.095486][T18796]  out_of_memory+0x5e1/0x8a0
[ 1664.100082][T18796]  ? unregister_oom_notifier+0x20/0x20
[ 1664.105544][T18796]  ? __kasan_check_read+0x11/0x20
[ 1664.110582][T18796]  try_charge+0x134a/0x17b0
[ 1664.115113][T18796]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1664.120944][T18796]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1664.126684][T18796]  ? rcu_lock_acquire+0x30/0x30
[ 1664.131547][T18796]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1664.137124][T18796]  ? __lock_acquire+0x4750/0x4750
[ 1664.142151][T18796]  ? memcg_kmem_put_cache+0x50/0x50
[ 1664.147363][T18796]  kmem_getpages+0x411/0x970
[ 1664.151953][T18796]  cache_grow_begin+0x7e/0x2c0
[ 1664.157240][T18796]  ? __cpuset_node_allowed+0x198/0x530
[ 1664.162708][T18796]  fallback_alloc+0x134/0x1c0
[ 1664.167410][T18796]  ____cache_alloc_node+0x22a/0x250
[ 1664.172616][T18796]  kmem_cache_alloc+0x157/0x2e0
[ 1664.177649][T18796]  ? vm_area_alloc+0x24/0xf0
[ 1664.182246][T18796]  vm_area_alloc+0x24/0xf0
[ 1664.186663][T18796]  mmap_region+0xaaf/0x1d80
[ 1664.191188][T18796]  ? find_vma+0x150/0x150
[ 1664.195523][T18796]  ? get_unmapped_area+0x31c/0x380
[ 1664.200637][T18796]  do_mmap+0x9ef/0x1020
[ 1664.204797][T18796]  vm_mmap_pgoff+0x190/0x240
[ 1664.209394][T18796]  ? account_locked_vm+0x250/0x250
[ 1664.214515][T18796]  ksys_mmap_pgoff+0x144/0x5f0
[ 1664.219278][T18796]  ? __kasan_check_read+0x11/0x20
[ 1664.224301][T18796]  ? fpregs_assert_state_consistent+0xb7/0xe0
[ 1664.230366][T18796]  ? mmap_region+0x1d80/0x1d80
[ 1664.235137][T18796]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1664.240858][T18796]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1664.246595][T18796]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1664.252055][T18796]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1664.257777][T18796]  __x64_sys_mmap+0x103/0x120
[ 1664.262458][T18796]  do_syscall_64+0xfe/0x140
[ 1664.266969][T18796]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1664.272855][T18796] RIP: 0033:0x45987a
[ 1664.276745][T18796] Code: 89 f5 41 54 49 89 fc 55 53 74 35 49 63 e8 48 63 da 4d 89 f9 49 89 e8 4d 63 d6 48 89 da 4c 89 ee 4c 89 e7 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4e 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 00
[ 1664.296353][T18796] RSP: 002b:00007ffe4835ff88 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1664.304761][T18796] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045987a
[ 1664.312760][T18796] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000000000
[ 1664.320729][T18796] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000
[ 1664.328724][T18796] R10: 0000000000020022 R11: 0000000000000246 R12: 0000000000000000
14:33:39 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
sendmsg(r4, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000003c0)=0x100, 0x12)

[ 1664.336689][T18796] R13: 0000000000021000 R14: 0000000000020022 R15: 0000000000000000
[ 1664.345159][T18796] memory: usage 3452kB, limit 0kB, failcnt 489493
[ 1664.351633][T18796] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1664.358508][T18796] Memory cgroup stats for /syz2:
[ 1664.358597][T18796] anon 2252800
[ 1664.358597][T18796] file 274432
[ 1664.358597][T18796] kernel_stack 0
[ 1664.358597][T18796] slab 831488
[ 1664.358597][T18796] sock 0
[ 1664.358597][T18796] shmem 172032
[ 1664.358597][T18796] file_mapped 135168
14:33:39 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600))
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8a, 0x0, 0x0, 0x0, 0x3})
r1 = syz_open_pts(r0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x100000175)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x10})

[ 1664.358597][T18796] file_dirty 135168
[ 1664.358597][T18796] file_writeback 0
[ 1664.358597][T18796] anon_thp 2097152
[ 1664.358597][T18796] inactive_anon 135168
[ 1664.358597][T18796] active_anon 2187264
[ 1664.358597][T18796] inactive_file 135168
[ 1664.358597][T18796] active_file 135168
[ 1664.358597][T18796] unevictable 0
[ 1664.358597][T18796] slab_reclaimable 270336
[ 1664.358597][T18796] slab_unreclaimable 561152
[ 1664.358597][T18796] pgfault 192225
[ 1664.358597][T18796] pgmajfault 0
[ 1664.358597][T18796] workingset_refault 0
[ 1664.358597][T18796] workingset_activate 0
[ 1664.358597][T18796] workingset_nodereclaim 0
[ 1664.358597][T18796] pgrefill 0
[ 1664.358597][T18796] pgscan 0
[ 1664.358597][T18796] pgsteal 0
[ 1664.451758][T18796] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18796,uid=0
[ 1664.467806][T18796] Memory cgroup out of memory: Killed process 18796 (syz-executor.2) total-vm:72572kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
14:33:39 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'})

[ 1664.484432][ T1056] oom_reaper: reaped process 18796 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
[ 1664.509808][  T788] device bridge_slave_0 left promiscuous mode
[ 1664.516053][  T788] bridge0: port 1(bridge_slave_0) entered disabled state
14:33:39 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r1 = gettid()
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce1e, 0xfffffffffffffffd, 0x40000000000000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x2, @perf_config_ext, 0x1024}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000300)='cpuacct.usage_user\x00', 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @volatile={0x0, 0x0, 0x0, 0x4}]}}, &(0x7f00000002c0)=""/245, 0x32, 0xf5, 0x1}, 0x20)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x42400)
openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x101, 0x5, 0x4}, 0x80, 0x0}, 0x0)
socket$kcm(0x11, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0x0, r0, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
write$cgroup_int(r4, &(0x7f0000000000)=0x2, 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={r3, 0x7, 0x1, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x310)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_int(r4, &(0x7f00000003c0)=0x100, 0x12)

14:33:39 executing program 5:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af25, &(0x7f0000000140))
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0x5452, &(0x7f0000000040)={0x9})

[ 1665.119236][T18829] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1665.129669][T18829] CPU: 1 PID: 18829 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1665.137311][T18829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1665.147368][T18829] Call Trace:
[ 1665.150672][T18829]  dump_stack+0x1d8/0x2f8
[ 1665.155009][T18829]  dump_header+0xd8/0x970
[ 1665.159350][T18829]  oom_kill_process+0xcd/0x320
[ 1665.164116][T18829]  out_of_memory+0x5e1/0x8a0
[ 1665.168721][T18829]  ? unregister_oom_notifier+0x20/0x20
[ 1665.174197][T18829]  memory_max_write+0x537/0x6a0
[ 1665.179063][T18829]  ? memory_max_show+0xa0/0xa0
[ 1665.183839][T18829]  ? memory_max_show+0xa0/0xa0
[ 1665.188613][T18829]  cgroup_file_write+0x27b/0x6e0
[ 1665.193557][T18829]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1665.198765][T18829]  ? cgroup_seqfile_stop+0xc0/0xc0
[ 1665.203882][T18829]  kernfs_fop_write+0x3e4/0x4f0
[ 1665.208740][T18829]  ? kernfs_fop_read+0x580/0x580
[ 1665.213718][T18829]  __vfs_write+0xf9/0x7d0
[ 1665.218055][T18829]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1665.223513][T18829]  ? __kernel_write+0x350/0x350
[ 1665.228359][T18829]  ? rcu_irq_exit+0xe3/0x260
[ 1665.232950][T18829]  ? retint_kernel+0x10/0x10
[ 1665.237563][T18829]  ? __sb_start_write+0x39c/0x440
[ 1665.242600][T18829]  ? __kasan_check_read+0x11/0x20
[ 1665.247636][T18829]  vfs_write+0x275/0x590
[ 1665.251889][T18829]  ksys_write+0x16b/0x2a0
[ 1665.256246][T18829]  ? __ia32_sys_read+0x90/0x90
[ 1665.261019][T18829]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1665.266741][T18829]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1665.272203][T18829]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1665.277927][T18829]  ? do_syscall_64+0x1d/0x140
[ 1665.282612][T18829]  __x64_sys_write+0x7b/0x90
[ 1665.287207][T18829]  do_syscall_64+0xfe/0x140
[ 1665.291724][T18829]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1665.297623][T18829] RIP: 0033:0x459829
[ 1665.301516][T18829] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1665.321122][T18829] RSP: 002b:00007fe17b7d3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1665.329539][T18829] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[ 1665.337521][T18829] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000008
[ 1665.345498][T18829] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1665.353473][T18829] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe17b7d46d4
[ 1665.361445][T18829] R13: 00000000004c9774 R14: 00000000004e0b70 R15: 00000000ffffffff
[ 1665.371052][T18829] memory: usage 3356kB, limit 0kB, failcnt 198
[ 1665.377319][T18829] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1665.384285][T18829] Memory cgroup stats for /syz3:
[ 1665.386634][T18829] anon 2248704
[ 1665.386634][T18829] file 0
[ 1665.386634][T18829] kernel_stack 65536
[ 1665.386634][T18829] slab 856064
[ 1665.386634][T18829] sock 0
[ 1665.386634][T18829] shmem 0
[ 1665.386634][T18829] file_mapped 0
[ 1665.386634][T18829] file_dirty 0
[ 1665.386634][T18829] file_writeback 0
14:33:40 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xc, 0x0, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'})

[ 1665.386634][T18829] anon_thp 2097152
[ 1665.386634][T18829] inactive_anon 0
[ 1665.386634][T18829] active_anon 2179072
[ 1665.386634][T18829] inactive_file 0
[ 1665.386634][T18829] active_file 0
[ 1665.386634][T18829] unevictable 0
[ 1665.386634][T18829] slab_reclaimable 270336
[ 1665.386634][T18829] slab_unreclaimable 585728
[ 1665.386634][T18829] pgfault 252153
[ 1665.386634][T18829] pgmajfault 0
[ 1665.386634][T18829] workingset_refault 0
[ 1665.386634][T18829] workingset_activate 0
[ 1665.386634][T18829] workingset_nodereclaim 0
[ 1665.386634][T18829] pgrefill 0
[ 1665.386634][T18829] pgscan 0
[ 1665.386634][T18829] pgsteal 0
[ 1665.386634][T18829] pgactivate 0
[ 1665.480607][T18829] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=18828,uid=0
[ 1665.497287][T18829] Memory cgroup out of memory: Killed process 18828 (syz-executor.3) total-vm:72572kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[ 1665.515593][ T1056] oom_reaper: reaped process 18828 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1665.903853][T18773] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0
[ 1665.915048][T18773] CPU: 0 PID: 18773 Comm: syz-executor.2 Not tainted 5.2.0+ #37
[ 1665.922683][T18773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1665.932744][T18773] Call Trace:
[ 1665.936049][T18773]  dump_stack+0x1d8/0x2f8
[ 1665.940416][T18773]  dump_header+0xd8/0x970
[ 1665.944751][T18773]  oom_kill_process+0xcd/0x320
[ 1665.949551][T18773]  out_of_memory+0x5e1/0x8a0
[ 1665.954150][T18773]  ? unregister_oom_notifier+0x20/0x20
[ 1665.959613][T18773]  ? __kasan_check_read+0x11/0x20
[ 1665.964644][T18773]  try_charge+0x134a/0x17b0
[ 1665.969169][T18773]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1665.974980][T18773]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1665.980713][T18773]  ? rcu_lock_acquire+0x30/0x30
[ 1665.985688][T18773]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1665.991239][T18773]  ? __lock_acquire+0x4750/0x4750
[ 1665.996270][T18773]  ? lock_acquire+0x158/0x250
[ 1666.000950][T18773]  ? memcg_kmem_put_cache+0x50/0x50
[ 1666.006161][T18773]  kmem_getpages+0x411/0x970
[ 1666.010758][T18773]  cache_grow_begin+0x7e/0x2c0
[ 1666.015523][T18773]  ? __cpuset_node_allowed+0x198/0x530
[ 1666.020994][T18773]  fallback_alloc+0x134/0x1c0
[ 1666.025761][T18773]  ____cache_alloc_node+0x22a/0x250
[ 1666.030962][T18773]  kmem_cache_alloc+0x157/0x2e0
[ 1666.035896][T18773]  ? __alloc_file+0x29/0x350
[ 1666.040499][T18773]  __alloc_file+0x29/0x350
[ 1666.044918][T18773]  ? alloc_empty_file+0x4c/0x1b0
[ 1666.044933][T18773]  alloc_empty_file+0xac/0x1b0
[ 1666.054637][T18773]  alloc_file+0x60/0x4c0
[ 1666.058886][T18773]  alloc_file_pseudo+0x25b/0x310
[ 1666.063829][T18773]  ? alloc_empty_file_noaccount+0x80/0x80
[ 1666.069545][T18773]  ? _raw_spin_unlock+0x22/0x30
[ 1666.074669][T18773]  ? __alloc_fd+0x58f/0x630
[ 1666.079187][T18773]  sock_alloc_file+0xbb/0x250
[ 1666.083879][T18773]  __sys_socket+0x17c/0x350
[ 1666.088392][T18773]  ? fpregs_assert_state_consistent+0xb7/0xe0
[ 1666.094461][T18773]  ? sock_create_kern+0x50/0x50
[ 1666.099324][T18773]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1666.105053][T18773]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1666.110561][T18773]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1666.116380][T18773]  ? do_syscall_64+0x1d/0x140
[ 1666.121059][T18773]  __x64_sys_socket+0x7a/0x90
[ 1666.125736][T18773]  do_syscall_64+0xfe/0x140
[ 1666.130240][T18773]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1666.136130][T18773] RIP: 0033:0x45c377
[ 1666.140026][T18773] Code: 00 00 00 49 89 ca b8 36 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1666.159633][T18773] RSP: 002b:00007ffe4835fb78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[ 1666.168057][T18773] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045c377
[ 1666.176036][T18773] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002
[ 1666.184011][T18773] RBP: 0000000000000004 R08: 0000000000000000 R09: 000000000000000a
[ 1666.191986][T18773] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[ 1666.200013][T18773] R13: 00007ffe48360290 R14: 0000000000196344 R15: 00007ffe483602a0
[ 1666.208560][T18773] memory: usage 1112kB, limit 0kB, failcnt 489510
[ 1666.214996][T18773] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1666.221929][T18773] Memory cgroup stats for /syz2:
[ 1666.222030][T18773] anon 20480
[ 1666.222030][T18773] file 274432
[ 1666.222030][T18773] kernel_stack 0
[ 1666.222030][T18773] slab 831488
[ 1666.222030][T18773] sock 0
[ 1666.222030][T18773] shmem 172032
[ 1666.222030][T18773] file_mapped 135168
[ 1666.222030][T18773] file_dirty 135168
[ 1666.222030][T18773] file_writeback 0
[ 1666.222030][T18773] anon_thp 0
[ 1666.222030][T18773] inactive_anon 135168
[ 1666.222030][T18773] active_anon 20480
[ 1666.222030][T18773] inactive_file 135168
[ 1666.222030][T18773] active_file 135168
[ 1666.222030][T18773] unevictable 0
[ 1666.222030][T18773] slab_reclaimable 270336
[ 1666.222030][T18773] slab_unreclaimable 561152
[ 1666.222030][T18773] pgfault 192258
[ 1666.222030][T18773] pgmajfault 0
[ 1666.222030][T18773] workingset_refault 0
[ 1666.222030][T18773] workingset_activate 0
[ 1666.222030][T18773] workingset_nodereclaim 0
[ 1666.222030][T18773] pgrefill 0
[ 1666.222030][T18773] pgscan 0
[ 1666.222030][T18773] pgsteal 0
[ 1666.222030][T18773] pgactivate 0
[ 1666.317576][T18773] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18773,uid=0
[ 1666.333092][T18773] Memory cgroup out of memory: Killed process 18773 (syz-executor.2) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB
[ 1666.348091][ T1056] oom_reaper: reaped process 18773 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[ 1771.397507][    C0] rcu: INFO: rcu_sched self-detected stall on CPU
[ 1771.404109][    C0] rcu: 	0-....: (10499 ticks this GP) idle=9aa/1/0x4000000000000002 softirq=228629/228629 fqs=5234 
[ 1771.415178][    C0] 	(t=10500 jiffies g=268537 q=551)
[ 1771.420368][    C0] NMI backtrace for cpu 0
[ 1771.424702][    C0] CPU: 0 PID: 18777 Comm: syz-executor.3 Not tainted 5.2.0+ #37
[ 1771.432324][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1771.442544][    C0] Call Trace:
[ 1771.445810][    C0]  <IRQ>
[ 1771.448756][    C0]  dump_stack+0x1d8/0x2f8
[ 1771.453087][    C0]  nmi_cpu_backtrace+0xb0/0x1a0
[ 1771.457924][    C0]  ? nmi_trigger_cpumask_backtrace+0x145/0x240
[ 1771.464062][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1771.470128][    C0]  nmi_trigger_cpumask_backtrace+0x14c/0x240
[ 1771.476093][    C0]  arch_trigger_cpumask_backtrace+0x10/0x20
[ 1771.481969][    C0]  rcu_dump_cpu_stacks+0x15a/0x220
[ 1771.487066][    C0]  rcu_sched_clock_irq+0x7e3/0xfb0
[ 1771.492162][    C0]  ? trace_hardirqs_off+0x74/0x80
[ 1771.497176][    C0]  update_process_times+0x114/0x170
[ 1771.502367][    C0]  tick_sched_timer+0x257/0x410
[ 1771.507219][    C0]  ? tick_setup_sched_timer+0x2b0/0x2b0
[ 1771.512766][    C0]  __hrtimer_run_queues+0x471/0x8c0
[ 1771.517968][    C0]  ? hrtimer_interrupt+0xd80/0xd80
[ 1771.523070][    C0]  ? ktime_get_update_offsets_now+0x234/0x250
[ 1771.529116][    C0]  hrtimer_interrupt+0x36c/0xd80
[ 1771.534069][    C0]  smp_apic_timer_interrupt+0xc2/0x220
[ 1771.539509][    C0]  apic_timer_interrupt+0xf/0x20
[ 1771.544433][    C0]  </IRQ>
[ 1771.547365][    C0] RIP: 0010:__sanitizer_cov_trace_cmp8+0x21/0x80
[ 1771.553671][    C0] Code: 2e 0f 1f 84 00 00 00 00 00 4c 8b 04 24 65 48 8b 14 25 40 fd 01 00 65 8b 05 e8 30 8b 7e a9 00 01 1f 00 75 61 8b 82 a8 12 00 00 <83> f8 03 75 56 48 8b 8a b0 12 00 00 44 8b 8a ac 12 00 00 49 c1 e1
[ 1771.573261][    C0] RSP: 0018:ffff88809877e680 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 1771.581654][    C0] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffff88809a240440
[ 1771.589617][    C0] RDX: ffff88809a240440 RSI: 0000000000000040 RDI: 0000000000000002
[ 1771.597589][    C0] RBP: ffff88809877e6b8 R08: ffffffff8362f4a7 R09: ffffffff819af834
[ 1771.605563][    C0] R10: ffff88809a240440 R11: 0000000000000004 R12: 0000000000000002
[ 1771.613543][    C0] R13: dffffc0000000000 R14: 0000000000000040 R15: ffffffff88fdcbf0
[ 1771.621519][    C0]  ? get_scan_count+0x3e4/0x14a0
[ 1771.626446][    C0]  ? find_next_bit+0x27/0x120
[ 1771.631109][    C0]  ? find_next_bit+0x27/0x120
[ 1771.635762][    C0]  ? cpumask_next+0x38/0x60
[ 1771.640255][    C0]  cpumask_next+0x4a/0x60
[ 1771.644570][    C0]  lruvec_lru_size+0xb1/0x400
[ 1771.649235][    C0]  get_scan_count+0x319/0x14a0
[ 1771.654002][    C0]  ? __kasan_check_write+0x14/0x20
[ 1771.659122][    C0]  ? shrink_node+0x17a0/0x17a0
[ 1771.663869][    C0]  shrink_node_memcg+0x1a1/0x1120
[ 1771.668888][    C0]  ? rcu_lock_release+0x4/0x20
[ 1771.673629][    C0]  ? __lock_acquire+0x4750/0x4750
[ 1771.678632][    C0]  ? trace_mm_vmscan_memcg_softlimit_reclaim_begin+0x250/0x250
[ 1771.686152][    C0]  ? rcu_read_lock_held+0xa7/0x130
[ 1771.691252][    C0]  ? rcu_lock_release+0x15/0x20
[ 1771.696085][    C0]  ? mem_cgroup_iter+0x94e/0xa70
[ 1771.701031][    C0]  ? memcg_expand_shrinker_maps+0x2e0/0x2e0
[ 1771.706908][    C0]  ? trace_lock_acquire+0x1b0/0x1b0
[ 1771.712093][    C0]  shrink_node+0x468/0x17a0
[ 1771.716611][    C0]  ? snapshot_refaults+0x2c0/0x2c0
[ 1771.721710][    C0]  shrink_zones+0x2d8/0x940
[ 1771.726209][    C0]  ? allow_direct_reclaim+0x4c0/0x4c0
[ 1771.731563][    C0]  ? ktime_get+0xf0/0x120
[ 1771.735872][    C0]  ? vmpressure_prio+0x31/0x120
[ 1771.740723][    C0]  do_try_to_free_pages+0x21e/0x930
[ 1771.745929][    C0]  try_to_free_mem_cgroup_pages+0x3d1/0x6c0
[ 1771.751817][    C0]  ? trace_mm_vmscan_memcg_softlimit_reclaim_end+0x240/0x240
[ 1771.759198][    C0]  ? trace_hardirqs_on+0x74/0x80
[ 1771.764118][    C0]  ? cgroup_file_notify+0x184/0x1a0
[ 1771.769797][    C0]  try_charge+0x6aa/0x17b0
[ 1771.774203][    C0]  ? __memcg_kmem_charge_memcg+0x180/0x180
[ 1771.779989][    C0]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1771.785692][    C0]  ? trace_mm_page_alloc+0x187/0x1d0
[ 1771.790960][    C0]  __memcg_kmem_charge_memcg+0x78/0x180
[ 1771.796499][    C0]  ? memcg_kmem_put_cache+0x50/0x50
[ 1771.801687][    C0]  kmem_getpages+0x411/0x970
[ 1771.806279][    C0]  cache_grow_begin+0x7e/0x2c0
[ 1771.811055][    C0]  ? __cpuset_node_allowed+0x198/0x530
[ 1771.816500][    C0]  fallback_alloc+0x134/0x1c0
[ 1771.821183][    C0]  ____cache_alloc_node+0x22a/0x250
[ 1771.826366][    C0]  kmem_cache_alloc+0x157/0x2e0
[ 1771.831197][    C0]  ? ext4_alloc_inode+0x1f/0x560
[ 1771.836134][    C0]  ? set_qf_name+0x3c0/0x3c0
[ 1771.840706][    C0]  ext4_alloc_inode+0x1f/0x560
[ 1771.845445][    C0]  ? set_qf_name+0x3c0/0x3c0
[ 1771.850037][    C0]  iget_locked+0x182/0x8a0
[ 1771.854964][    C0]  __ext4_iget+0x2f0/0x47b0
[ 1771.859454][    C0]  ? ext4_tmpfile+0x490/0x490
[ 1771.864107][    C0]  ? ext4_get_projid+0x140/0x140
[ 1771.869028][    C0]  ? ext4_lookup+0x8ac/0xd30
[ 1771.873596][    C0]  ? ext4_lookup+0x8ac/0xd30
[ 1771.878169][    C0]  ? rcu_read_lock_sched_held+0x127/0x1c0
[ 1771.883876][    C0]  ext4_lookup+0x61f/0xd30
[ 1771.888293][    C0]  ? ext4_orphan_del+0x780/0x780
[ 1771.893210][    C0]  ? d_alloc_parallel+0x1489/0x15a0
[ 1771.898398][    C0]  ? lockdep_init_map+0x2a/0x680
[ 1771.903320][    C0]  __lookup_slow+0x2d8/0x410
[ 1771.907894][    C0]  ? lookup_one_len+0x2a0/0x2a0
[ 1771.912721][    C0]  ? __down_read+0x192/0x3d0
[ 1771.917299][    C0]  path_mountpoint+0x29f/0x750
[ 1771.922048][    C0]  ? kmem_cache_alloc+0x1e9/0x2e0
[ 1771.927045][    C0]  ? getname_flags+0xba/0x640
[ 1771.931703][    C0]  ? rcu_lock_release+0x30/0x30
[ 1771.936537][    C0]  filename_mountpoint+0x221/0x670
[ 1771.941631][    C0]  ? cache_grow_end+0x4a/0x170
[ 1771.946379][    C0]  ? user_path_mountpoint_at+0x50/0x50
[ 1771.951821][    C0]  ? __phys_addr_symbol+0x2f/0x70
[ 1771.956821][    C0]  ? __check_object_size+0x313/0x400
[ 1771.962099][    C0]  ? getname_flags+0x214/0x640
[ 1771.966847][    C0]  user_path_mountpoint_at+0x39/0x50
[ 1771.972114][    C0]  ksys_umount+0x169/0x10a0
[ 1771.976599][    C0]  ? __kasan_check_read+0x11/0x20
[ 1771.981609][    C0]  ? fpregs_assert_state_consistent+0xb7/0xe0
[ 1771.987685][    C0]  ? namespace_unlock+0x4f0/0x4f0
[ 1771.992718][    C0]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1771.998422][    C0]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1772.004124][    C0]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1772.009562][    C0]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1772.015268][    C0]  ? do_syscall_64+0x1d/0x140
[ 1772.019924][    C0]  __x64_sys_umount+0x5a/0x70
[ 1772.024581][    C0]  do_syscall_64+0xfe/0x140
[ 1772.029067][    C0]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1772.034942][    C0] RIP: 0033:0x45c257
[ 1772.038820][    C0] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1772.058425][    C0] RSP: 002b:00007ffe85e54cf8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 1772.066844][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c257
[ 1772.074811][    C0] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffe85e54da0
[ 1772.082772][    C0] RBP: 0000000000000008 R08: 0000000000000000 R09: 000000000000000e
[ 1772.090747][    C0] R10: 000000000000000a R11: 0000000000000206 R12: 00007ffe85e55e30
[ 1772.098727][    C0] R13: 0000555556ab4940 R14: 0000000000000000 R15: 00007ffe85e55e30
[ 1775.958067][T17356] rcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 0-... } 10956 jiffies s: 14745 root: 0x1/.
[ 1775.970121][T17356] rcu: blocking rcu_node structures:
[ 1775.975421][T17356] Task dump for CPU 0:
[ 1775.979553][T17356] syz-executor.3  R  running task    19832 18777  18776 0x8000000a
[ 1775.987511][T17356] Call Trace:
[ 1775.990818][T17356]  ? path_mountpoint+0x29f/0x750
[ 1775.995769][T17356]  ? kmem_cache_alloc+0x1e9/0x2e0
[ 1776.000833][T17356]  ? getname_flags+0xba/0x640
[ 1776.005520][T17356]  ? rcu_lock_release+0x30/0x30
[ 1776.010433][T17356]  ? filename_mountpoint+0x221/0x670
[ 1776.015736][T17356]  ? cache_grow_end+0x4a/0x170
[ 1776.020555][T17356]  ? user_path_mountpoint_at+0x50/0x50
[ 1776.026027][T17356]  ? __phys_addr_symbol+0x2f/0x70
[ 1776.031102][T17356]  ? __check_object_size+0x313/0x400
[ 1776.036410][T17356]  ? getname_flags+0x214/0x640
[ 1776.041229][T17356]  ? user_path_mountpoint_at+0x39/0x50
[ 1776.046707][T17356]  ? ksys_umount+0x169/0x10a0
[ 1776.051436][T17356]  ? __kasan_check_read+0x11/0x20
[ 1776.056473][T17356]  ? fpregs_assert_state_consistent+0xb7/0xe0
[ 1776.062613][T17356]  ? namespace_unlock+0x4f0/0x4f0
[ 1776.067680][T17356]  ? prepare_exit_to_usermode+0x1f7/0x580
[ 1776.073407][T17356]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1776.079160][T17356]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1776.084648][T17356]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[ 1776.090426][T17356]  ? do_syscall_64+0x1d/0x140
[ 1776.095123][T17356]  ? __x64_sys_umount+0x5a/0x70
[ 1776.100021][T17356]  ? do_syscall_64+0xfe/0x140
[ 1776.104713][T17356]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe