(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xc00}, 0x0)

01:20:35 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x5a010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xf}, 0x0)

[ 3064.493153][T26612] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:35 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=[@rights={{0x10, 0x1, 0xa}}], 0x10}, 0x0)

01:20:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xae10020000000000)

01:20:35 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0xa, 0x0, &(0x7f0000000180))

[ 3064.647236][T26614] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:35 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x5a020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:35 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xe00}, 0x0)

01:20:35 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x34000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x10}, 0x0)

01:20:35 executing program 1:
socketpair(0xa, 0x6, 0x0, &(0x7f0000000140))

[ 3064.936602][T26625] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xaf10020000000000)

01:20:36 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x5a030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3065.054372][T26626] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:36 executing program 1:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x2, 0x6, 0x0, 0x0)

01:20:36 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf00}, 0x0)

01:20:36 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f00000036c0)=[{&(0x7f0000000240)="897a64b80ec66e456f6fa4a91a6017", 0xf}, {&(0x7f0000000280)="512d5e837039337883e20c6247abe273ad3d9c599e9fb6ce0380e81ee352dc7edeea1d46216050a213e9e782fe0deee29ac7c0bd71b76034a597ea6c2eddaec281fe8bd5227ab1fa2ba04b44cd9cbefacc332a38bdc0d222081ca76c38258e726e0e087b91ecb83f2195caa3820d44034929699a4f1c7063be3947139ea8", 0x7e}, {&(0x7f00000005c0)="43851289e1120619d7c5a2aea662b8b36c2aa2265a8babf9447d87f554505e3f926b7d8aade96e4e002c1f074412ec7231a01ec91b440246459cf4a414218811f5340f1f2a866bafe055825e993f77bddee56eda6a36a137a2ffa3670237eff5045f1bad3e2bdd648b25064ff205161109ed65c8d6d798f9cdf5f6c2a15f40b0d824575aa9a19ded6a67376b3d8b6e628664f1891f1474904698beaf8f5910246ee00fb51339eeb9cee03c7439487ce06daa1cb0081a498073ed3fbc101aa1fdf38b85ce8683be28262ad771b11a8465c6f4d8e3f6012adffe9b35f5ae3ab3c50a21f01c88610c64f9ba5d1bc3f557a16c81e9a06aef60617f16c1f4fe57b87efd5e14ce0723af94ef9e975c3a0c6fd568a85986ba1fae2ecf26bdf832da273ae1b288d20f798ccc1ebcec381b965d7e55b13263179f1895c15d8bf7ae7e326ee709032b28893f4239a293b50e9b6637735083a065f9a1d8184a660ca5f32dce0e084f2982001e8e21d8e751bcc460655916721b3fb954bb13b3fdb7f073dd449bab895b4992392b9a592d3864f85b05d7ca915acf31bd4e0c7e638f0b4961a1fcc4e27d8e5758b1e4a844d77f4f7c95561e63391432707b441535369e764841330b230d89cb4d6253bb4e4f458a7f590cb9f9cb3df52767438742fc642f6cb2c44a6512176e850dec61e3e0d822e8f06263bf90d357648d4d189eaff841d342bfb2a249f10d034a490115cee2e0f17f3ebbd0cc2f3cc9477e5bcd750afc8e6e603ecad438b44b4e7a13f359b62ca65a64196f48a43182a8748af412c78e056c87d0431f1b57c0ae5f65e0993cb1c75cd78258209c8c4778894d403bd1a4c9a9bc86da65b26b13789ebbf90d6f5da79af9b02faab42ef9620ca8ce3ba11b04f2d0d6a02005ae0754e732bb41c9dde60fe4b974a49f4bd97fc88ffe415aed095139e7eabce03be09da48fdcfcce830740866a9f4db32f8efbb18810470e6f4580f472cca164f296fba14a64283bb587522e98d3f9e521c41b584a7eefae863b577e6314a36cdae392cf7bf37f88d292f317b6d384278cfecba5aa10723ae94657d17218d3cac110326d898cd7f8742240ecdb62aa633a8e773888bd26e984dee50ac389564fed64f07256cc7e908f6255623822c0d662944aeaaf09a29469f2b07c5536f8a9b1967b63d1a6b7081f3071ed7071ae0f7cb840c5215adff0f42fc5baec5060444b20361721a97b4841793252160d9484619ae29f5bb32be79698884c81833e2340fa171ff9e1ead2ff995aa40339b8c01d43c9b2732a69bffc4bce18e8e49d2ddf8d12215c440ddcc1247da2bd874fb58114f9e70a9b82f0fc521549d594224dd1beb0d498d9cc0c6ed49e96678d0b5bb8aea9af9e01559c19fa23feb7f31c8c1f4d5f748582e2e7098c132210bde4d42a29f010320bfec9ea738eb7f93361db7f3de373ea818fc2b67e9c7534ac2d053a3c5447a3c02b4e40b5554c0fe8eb75b19de13286d703b068deeb9f048ec74c7755a878b45330aefc41269fc74b392f5b6f80accd90e1c47d5a55143ce5094f0e3ee49301819ff9db61ef238fb962bc12c60241dbf03cbfe2736d808bb87f9c0d939f91e496b377d7b0d9701cea4549d0b014f693b569588df1fca2bcca2770a5e96fa2140ca878d76c202ae722550f81cca32f930c661a875822507008812975581760629716b1a66be0037c223abac8f9b3b4e1180ae097964bc6797f49504634ca59a2d47be71061a574378893ba620d95dc6adfcb328228dedd735b9368659e16ee72c7dcd0f15ac6fa0ccc9d20b5c7cd7fed2eda82d02bfaf95747e6906a7aef6b84318fff0737720e41d611209c35dd9faccbfce0d593e4ee1f09cd0d3accf62bb175868aecc05d4eb3a8fba22f0925236b34db0341ef58dc724c73c62d26152bbc40caca0bd42bc72d0fb0cb6041ac6d20d979141c1c4eca863a1d9d4a89fe8aff01d9c19ec77e310ae1076d01fe05f55e632642da2c121292dcc0a8dd1b9ac4003549d34a3e6d52d8b473d907204d4148cc14c7a84859919b9631d2c8c191c48972fd5a4a4c130ea1d14ccd49ab6f3809dddf572bd9bdf61111a79b55ab990f680cffa17820e3cd49b8a38a4b5e53c43a8ca67b816a05a8aeef48b0fe2cbf0806d39fc87d5140c7c1108972f678bf72327fa49df46efd83825c811f34aeafd81b6f1ed6d4e574d08e7994b84e1a4e8845503dfed3a5cdda9c4d31cace45e47ca1016815daf9919be23c96ec5a99407bae945d9016ffe26d0c987d25cb1f1a572e6afdc677cfa7520fd328f2041199ffac4c028049a74960735b14ea08b588502e4b27bac971685eb372afce3b2bbc856203b2419f896683c0d12d7ec3a976ba488f12238400cbda5ecc0b1c185ec76854e2fac62e9f52a938e2048118ebb44ec2e8c6ef29976ce94afe524499ca036cb4c532dfceb8cc9fc6216e5a60e83d54cfbd55b707054ad9e1565a784b6aa12cc4d2648d9275c29f9771294874ba0068d0e3057ee7a295edcb03ffc97ca15b52156cee26219fa2b1d04339feca0dd8220948314b09d57279a5bd174a18e76390f0264fb66c1facee4fd7c9dbec1973f15dc1384e5f791a05622f0794d764214f5b6d34eb3eb9d605f675a4fb8b7087b3438a644eeaddfaef39aab832ed989e088608eccef171c9fe99f664926df37d1e313c4b0ab7bcb68b37857bb020e654351c2a2cfd4dad5f8867807fe99a31576dfae88e9e02fcd81a2bbb735d88e8cde1ef24925312dddd3e26d19239422d8984a81fad069a5a677fb8e8ad64c2c559d4273cfce20c7762f323679c9ccd9855026e8d87d0a64dead781ce8e6f5866dd9bb7f6002fe31a18ddb6a2fe3893e62ea2620ea6afcb00c79b540a4a3069c1fc4934e4abaec641333183fdd6c88b0e65e4c512c6397235ae43831d1083aa3a46e1ffe9a05d24c6cc838b4c586cf5b1f7cb9df0c7c8d650edf5a6f361153940ddae7e033dbab96421c8f5aae005c0976d2723fa35b13c7f81981580e89a734ae3ba33e82859bde8607d4bbac9ede09c70b977a5dfc0b3664157772eaeb3adbc7cc36f6e3a1faf859653d8684f4af60462f637844006f6df4941c4fd6dda83dbad05015879a49de469e4b2a9e13e7ca340fb4bedea0923ba30ed114ec4974bdc2d36d1aba0f6ade4bbdbdacdd2b5194b1587204ef6c65475d51565d336d7c8891db80620cf265a0dd0aaa8ae4d5218ce21262aca198530aff476a9c2be17965b4f83845dd4d44f1ea9ff7d588c621c1e0fbf31fad4d445332a7e30d5416f938e7b1aaaf7f195f23fd47564f177706be78e169f55a0a8636e9faddae5c4a4d697debb9d027d5a3d98ef8466cf3cd5cf3aa8ad928382255c4e51edccf5745da71bea829412215751de3151db4f7fb2a84b6dec036433312e3061063a6205e2d5442d60e0c75b4ce06055912f410a9acd21add985a7bd9998ca8bf883e0fc26af1854bd646b6f7ec0cce440b768f9f84b0b8ef09066a6638298d4a28f6adbced71babc60437bbdc7bedb8cae376e1318ac8fa5e731db558b2646ff260567ef29c6e8131b24c4c4474b4fd3d96e5bcd0081ff718a194bed2233227fc651c0cd63ae5b0104abd1e2c630ded1b483cfc014520dff7a231636f2fb79e62e72bbc4f2776f337fb2edde04ca8264de5cc720e07e891e9a831c798e2dc165543f360d0d74983460d9f8484c27b4b5650d91d588b053940c943b1495a0433438fb100a596cc83dd923d3248669080d4eaa2bdff6b0dffaf945a4b938cff22b46eebd229edef2d6dd6a4c158f8fbb4ec5393cffa94cc0fca51a790329ccd55fb84905644dbaad02cddc26276feba9280a363e6bdbe1c4077b8991cacfe4165fac09f036c432ec6c1d9b9bf644be2151f5d5858bc6b47d5236be3f86f43bc452ff9922a8fee078b69cdad3c65de48b8485aafa175f7fe65b8b6f2534224bdf5c13b03c040acb524f9701a395cb68d17daa5475a89797ae1fbfe34c742e693fbff6a0cd347dd7256b1a343271154ea92792fbae1d69b3dfe1386f2f4315521bd8c201ca33a9825a19709785721a6b386be049145799ef86fae102724b534b7f2f5180ef0b4b3da88bd9d9e1801680304b19b1c141dc4a68bb5d86612777c910eb0aa2b12518ee627a9a686f03ed2607586a5e55b3e117b05ccc2774c24c797a88ed21837a5927287adcdcf01cdcb8b52bccbc066267e835862af5fe8bfc550a75f7617c18dd8a89ed489d9f06e8b2f9240493f52abb7b01bc9260ceaee94ade94f82633a2d0099a8b5ebc72fd8cf984d7470032cf7b09be011118a47d52f69413b2857d6508d4bbcc9242671130f09fdad2934fc0c4c3ba6b45f167ebbf48a30a644811532a42540e633b911422f9f5edf764b3e5e0fd8d0c9ce589bda75c4dcf3cfaeac7d441c6fb060d23768e5535f5371ddedac5a8f3d422cc74a7b54cdb0ecdb1067805f4f09ba6b2e5388c322d33a32140f35d493d12bef000e47b80666ebdc586b3b93b7de87e3b5475e20a2dff47c1d3a1a3a20d0d0da6e1ed21ae8b5b87a06b6338894c1126b46fc0fa013eef867f070c2aaccb251f17f185cd2ffcfe16dcb66fcf20261eaa0e1a84f4f4525910233172d9ad757322fd56d7c6dade4012b1c693f9ae41ef16ee865e3e9489a3ce2515ecff91063f95d7bf9cba62593d204c74708a280c7bed47300458fc2eae49f0f14946ccdc3746241d26f557403bd4d2ca0403b12fc7f6d1e7bca9e0aaa8eff9d3d81797a48acc92b2954fe74ce5771a0da2c659b419d770bbd79222e0c37a37023a47ba9d525a3b3155c25db149a57321e99617e88ad5c652401086ba755333599e0fa404a07ee32703a1bbe213d47065beda72b44746e161162314b7f96a5be2e067991cb647ad8e79d80dd2f00102057d23fdbb7d9483290c486a0a7b94abf7f552bf742d13990fc30c79308060757a4249c338950ef0a808160d6b06bfd81e82ba37db83951b25924e05df5cfbd1485a614c280feb81f133fdde2348ae7875a7abba0b1e069bb0d2c7a92d76c541af7f04181be31c85f49c457f8e15f936aedc68cfbe3771dbc33c595372160fc609dec3c0aa24c4e53af5d9fe8b54dfda0d858f156dc238c580d107787592df13aca3e1a222f3473f904f8ec4ce93f5b9e988bc846ac5327bfe0ece26469358e79c1b1f03772f94b14c7246522883dcf533e6ad40833e8c4db21198c3812ecd749683e063b277ec10075a0d9799d978985656bc578f412cd09f087270d3f4f44523b7323e8422b37b140ccf0df31a0defdccb1627c1de4a192ade492368d82cab13fdfa434b2ae008d18bf529bcd3b1b178c78b86e5e7850fe513987c6c28dc469bd7ce281059cef98117ac7c05272ecf72fbfc6e4925b6cd7f22d28929bae909dbae20e7cb31d2765caad3f698b3e5dc5dda2bcf4d2afb0e1bb1cc327da4f2bf967dfc8ede68359c60b820abac92394138e38c4943dd122bbd01c0a83e9e16966df733d0f484a0bf13bf65912c33c7e4f09c44e7e1c8cb06dc5aa1d801eed07a2a63a0c900480c6280470aecc480944a30e", 0xf74}], 0x3}, 0x0)
recvfrom$unix(r1, &(0x7f0000000000)=""/222, 0xde, 0x0, 0x0, 0x0)

01:20:36 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x12}, 0x0)

01:20:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb00b000000000000)

[ 3065.410248][T26635] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:36 executing program 1:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000100), &(0x7f00000000c0)=0xffffffffffffff32)

01:20:36 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x16, 0x0, 0x1, 0xfff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4}, 0x48)

[ 3065.650492][T26647] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3065.739074][T26643] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3065.800909][T26643] CPU: 1 PID: 26643 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3065.811381][T26643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3065.821459][T26643] Call Trace:
[ 3065.824747][T26643]  <TASK>
[ 3065.827692][T26643]  dump_stack_lvl+0xd1/0x138
[ 3065.832313][T26643]  dump_header+0x10b/0x85f
[ 3065.836770][T26643]  oom_kill_process.cold+0x10/0x15
[ 3065.841927][T26643]  out_of_memory+0x35c/0x14a0
[ 3065.846641][T26643]  ? find_held_lock+0x2d/0x110
[ 3065.851453][T26643]  ? oom_killer_disable+0x280/0x280
[ 3065.856691][T26643]  ? find_held_lock+0x2d/0x110
[ 3065.861492][T26643]  mem_cgroup_out_of_memory+0x206/0x270
[ 3065.867072][T26643]  ? mem_cgroup_margin+0x130/0x130
[ 3065.872213][T26643]  ? lock_downgrade+0x6e0/0x6e0
[ 3065.877121][T26643]  try_charge_memcg+0xef8/0x12f0
[ 3065.882097][T26643]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3065.888121][T26643]  ? rcu_read_unlock+0x9/0x60
[ 3065.892830][T26643]  ? lock_downgrade+0x6e0/0x6e0
[ 3065.897732][T26643]  charge_memcg+0x99/0x3b0
[ 3065.902183][T26643]  __mem_cgroup_charge+0x2b/0x90
[ 3065.907156][T26643]  wp_page_copy+0x2bf/0x1ca0
[ 3065.911781][T26643]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3065.918398][T26643]  ? lock_downgrade+0x6e0/0x6e0
[ 3065.923289][T26643]  ? vm_normal_page+0x14a/0x2a0
[ 3065.928193][T26643]  do_wp_page+0x1d1/0x1930
[ 3065.932657][T26643]  __handle_mm_fault+0x181b/0x3a40
[ 3065.938067][T26643]  ? vm_iomap_memory+0x190/0x190
[ 3065.943064][T26643]  handle_mm_fault+0x1cc/0x780
[ 3065.947860][T26643]  do_user_addr_fault+0x475/0x1210
[ 3065.953016][T26643]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3065.958600][T26643]  exc_page_fault+0x98/0x170
[ 3065.963239][T26643]  asm_exc_page_fault+0x26/0x30
[ 3065.968116][T26643] RIP: 0033:0x7f4487439580
[ 3065.972550][T26643] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3065.992272][T26643] RSP: 002b:00007fffd90bacf0 EFLAGS: 00010246
[ 3065.998370][T26643] RAX: 000000004db354e7 RBX: 00007f44875ac0e8 RCX: 0000001b30820000
[ 3066.006363][T26643] RDX: 0000000000000000 RSI: 0000001b30820018 RDI: 000000000c507200
[ 3066.014359][T26643] RBP: 000000004db354e7 R08: 00000000000014e7 R09: 000000004db354eb
[ 3066.022352][T26643] R10: 00007fffd90baeb0 R11: 0000000000000246 R12: 00007f44875a0000
[ 3066.030349][T26643] R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff87abf176
[ 3066.038345][T26643]  ? __sys_sendmsg+0x86/0x1c0
[ 3066.043076][T26643]  </TASK>
[ 3066.082996][T26643] memory: usage 307200kB, limit 307200kB, failcnt 10113
[ 3066.089984][T26643] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
01:20:37 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x400300}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:37 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x5e030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:37 executing program 1:
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001b00)={0xffffffffffffffff}, 0xc)

01:20:37 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf02}, 0x0)

[ 3066.155350][T26643] Memory cgroup stats for /syz4:
[ 3066.155518][T26643] anon 110592
[ 3066.155518][T26643] file 348160
[ 3066.155518][T26643] kernel 314114048
[ 3066.155518][T26643] kernel_stack 98304
[ 3066.155518][T26643] pagetables 86016
[ 3066.155518][T26643] sec_pagetables 0
[ 3066.155518][T26643] percpu 5432192
[ 3066.155518][T26643] sock 0
[ 3066.155518][T26643] vmalloc 0
[ 3066.155518][T26643] shmem 331776
[ 3066.155518][T26643] zswap 0
[ 3066.155518][T26643] zswapped 0
[ 3066.155518][T26643] file_mapped 286720
01:20:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb010020000000000)

[ 3066.155518][T26643] file_dirty 0
[ 3066.155518][T26643] file_writeback 0
[ 3066.155518][T26643] swapcached 0
[ 3066.155518][T26643] anon_thp 0
[ 3066.155518][T26643] file_thp 0
[ 3066.155518][T26643] shmem_thp 0
[ 3066.155518][T26643] inactive_anon 139264
[ 3066.155518][T26643] active_anon 303104
[ 3066.155518][T26643] inactive_file 8192
[ 3066.155518][T26643] active_file 8192
[ 3066.155518][T26643] unevictable 0
[ 3066.155518][T26643] slab_reclaimable 19680
[ 3066.155518][T26643] slab_unreclaimable 308449000
01:20:37 executing program 1:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f00000011c0)={&(0x7f00000000c0)=@id, 0x10, &(0x7f0000001140)=[{&(0x7f0000001200)="d3", 0x1}, {0x0}], 0x2, &(0x7f0000001180)="eb", 0x1}, 0x0)

[ 3066.298324][T26662] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:37 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3066.465807][T26661] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:37 executing program 1:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
sendmsg$tipc(r0, 0x0, 0x0)

[ 3066.808175][T26643] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26643,uid=0
[ 3066.875376][T26643] Memory cgroup out of memory: Killed process 26643 (syz-executor.4) total-vm:54672kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000
01:20:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1a}, 0x0)

01:20:37 executing program 1:
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000880)={@map, 0xffffffffffffffff, 0x5}, 0x10)

01:20:37 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x1100}, 0x0)

01:20:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb110020000000000)

01:20:37 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xf0ffff}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:37 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x62010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:38 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000007c0)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000001e80)={&(0x7f0000000800)=@abs, 0x6e, &(0x7f0000001d40)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0)

01:20:38 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x62030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:38 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x1300}, 0x0)

01:20:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x24}, 0x0)

01:20:38 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb210020000000000)

01:20:38 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x64030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:38 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x3f00}, 0x0)

01:20:38 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x65580000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:38 executing program 1:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0)

[ 3068.017786][T26701] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3068.049900][T26701] CPU: 1 PID: 26701 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3068.060370][T26701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3068.070447][T26701] Call Trace:
[ 3068.073745][T26701]  <TASK>
[ 3068.076692][T26701]  dump_stack_lvl+0xd1/0x138
[ 3068.081312][T26701]  dump_header+0x10b/0x85f
[ 3068.085779][T26701]  oom_kill_process.cold+0x10/0x15
[ 3068.090943][T26701]  out_of_memory+0x35c/0x14a0
[ 3068.095672][T26701]  ? find_held_lock+0x2d/0x110
[ 3068.100474][T26701]  ? oom_killer_disable+0x280/0x280
[ 3068.105723][T26701]  ? find_held_lock+0x2d/0x110
[ 3068.110530][T26701]  mem_cgroup_out_of_memory+0x206/0x270
[ 3068.116111][T26701]  ? mem_cgroup_margin+0x130/0x130
[ 3068.121249][T26701]  ? lock_downgrade+0x6e0/0x6e0
[ 3068.126155][T26701]  try_charge_memcg+0xef8/0x12f0
[ 3068.131136][T26701]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3068.137147][T26701]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3068.142897][T26701]  ? lock_downgrade+0x6e0/0x6e0
[ 3068.147788][T26701]  ? lock_downgrade+0x6e0/0x6e0
[ 3068.152691][T26701]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3068.158274][T26701]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3068.164464][T26701]  copy_process+0x73e/0x7190
[ 3068.169081][T26701]  ? __lock_acquire+0xbc3/0x56d0
[ 3068.174069][T26701]  ? __cleanup_sighand+0xb0/0xb0
[ 3068.179032][T26701]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3068.185054][T26701]  ? psi_memstall_leave+0x174/0x250
[ 3068.190293][T26701]  kernel_clone+0xeb/0x980
[ 3068.194751][T26701]  ? create_io_thread+0xf0/0xf0
[ 3068.199636][T26701]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3068.205910][T26701]  ? lock_downgrade+0x6e0/0x6e0
[ 3068.210812][T26701]  __do_sys_clone+0xba/0x100
[ 3068.215431][T26701]  ? kernel_clone+0x980/0x980
[ 3068.220133][T26701]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3068.226049][T26701]  do_syscall_64+0x39/0xb0
[ 3068.230486][T26701]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3068.236382][T26701] RIP: 0033:0x7f448748d501
[ 3068.240799][T26701] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3068.260410][T26701] RSP: 002b:00007fffd90bac98 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
01:20:38 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x1000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:39 executing program 1:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000580)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000001b80)='%', 0x1}, {&(0x7f00000006c0)="a0", 0x1}], 0x2, &(0x7f0000001ec0)=ANY=[], 0xa0}, 0x0)

[ 3068.268826][T26701] RAX: ffffffffffffffda RBX: 00007f4488236700 RCX: 00007f448748d501
[ 3068.276794][T26701] RDX: 00007f44882369d0 RSI: 00007f44882362f0 RDI: 00000000003d0f00
[ 3068.284772][T26701] RBP: 00007fffd90baee0 R08: 00007f4488236700 R09: 00007f4488236700
[ 3068.292739][T26701] R10: 00007f44882369d0 R11: 0000000000000206 R12: 00007fffd90bad4e
[ 3068.300705][T26701] R13: 00007fffd90bad4f R14: 00007f4488236300 R15: 0000000000022000
[ 3068.308688][T26701]  </TASK>
01:20:39 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb310020000000000)

[ 3068.446580][T26701] memory: usage 307200kB, limit 307200kB, failcnt 10253
[ 3068.461963][T26701] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3068.479190][T26701] Memory cgroup stats for /syz4:
[ 3068.479378][T26701] anon 106496
[ 3068.479378][T26701] file 344064
[ 3068.479378][T26701] kernel 314122240
[ 3068.479378][T26701] kernel_stack 65536
[ 3068.479378][T26701] pagetables 86016
[ 3068.479378][T26701] sec_pagetables 0
[ 3068.479378][T26701] percpu 5432192
[ 3068.479378][T26701] sock 0
[ 3068.479378][T26701] vmalloc 0
[ 3068.479378][T26701] shmem 331776
[ 3068.479378][T26701] zswap 0
[ 3068.479378][T26701] zswapped 0
[ 3068.479378][T26701] file_mapped 286720
[ 3068.479378][T26701] file_dirty 4096
[ 3068.479378][T26701] file_writeback 0
[ 3068.479378][T26701] swapcached 0
[ 3068.479378][T26701] anon_thp 0
[ 3068.479378][T26701] file_thp 0
[ 3068.479378][T26701] shmem_thp 0
01:20:39 executing program 1:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000540)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[ 3068.479378][T26701] inactive_anon 135168
[ 3068.479378][T26701] active_anon 303104
[ 3068.479378][T26701] inactive_file 8192
[ 3068.479378][T26701] active_file 4096
[ 3068.479378][T26701] unevictable 0
[ 3068.479378][T26701] slab_reclaimable 19440
[ 3068.479378][T26701] slab_unreclaimable 308460072
01:20:39 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x68000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:39 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb410020000000000)

[ 3068.910935][T26701] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26701,uid=0
[ 3068.943482][T26725] __nla_validate_parse: 8 callbacks suppressed
[ 3068.943519][T26725] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3069.115636][T26701] Memory cgroup out of memory: Killed process 26701 (syz-executor.4) total-vm:54672kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000
01:20:40 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3a}, 0x0)

01:20:40 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x5865}, 0x0)

01:20:40 executing program 1:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001200)={0x9, 0x9, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

01:20:40 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x6a000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb500000000000000)

01:20:40 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x2000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:40 executing program 1:
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)={&(0x7f0000000540)='./file0\x00'}, 0x10)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)={&(0x7f0000000840)='./file0\x00'}, 0x10)

[ 3069.896883][T26736] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:40 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg$unix(r0, 0x0, 0x0)

01:20:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb510020000000000)

01:20:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3c}, 0x0)

[ 3070.090015][T26735] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:41 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000540)={<r0=>0xffffffffffffffff})
write$cgroup_pid(r0, &(0x7f0000000ac0), 0x12)

01:20:41 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x6a030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:41 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x6000}, 0x0)

01:20:41 executing program 1:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f0000000180)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1}}}, 0x10, 0x0}, 0x0)

01:20:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x48}, 0x0)

[ 3070.431606][T26755] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb610020000000000)

01:20:41 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x6c000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3070.577330][T26758] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:41 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x3000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:41 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f0000000040)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x3}, @exit, @generic, @generic, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @map_idx_val], &(0x7f00000000c0)='GPL\x00', 0x6, 0xe6, &(0x7f0000000100)=""/230, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

01:20:41 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x6558}, 0x0)

01:20:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4a}, 0x0)

01:20:41 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)="980d9d7c60fa1d369a901ca0974ca493ea4be267a1cc7861b7307e47269b98357670d017f2fbedf1956fdffc50e274c9b2dff2a02a40291bc73f67b4b432c9ca666214a5fcf09c8b299dd24ea62ee92daad13bb588a2bac8194938a0211ecca9978417dce8a4f26a11285d72e15d24", 0x6f}, {&(0x7f0000000740)="24eb588a8af0dfc2e89fe6b54c55f68ed89e1dfc10af0f5757ab9575e92284d1149262ec9279857412548437f998bcd91883e11c41b5b1c325d3666f5ab5a69f6623444d13b22da1dba254828c7e2b7c23f9bb03f59f1396c965beba36701e628faacfab22212b65e232e87123ccc6927aee372bc1f469062cb26d1fcd9bcbfd7902636059511980e2d9a77b3838b88c0d65a184c39ce868ed61f5beed450a83f7ac86d499d60b6c3408eafb2ef95abb7acba351e899cffed0ba35698961b5f8328db793d0a16fed79094f5d2fc993b43249d227d27868db15718fdb179f9125604e7550df34fe7ad5c692e808fc02bcefcdb05847f30bf1afcdf8f4ffbaf62fcb4a4f0d871567efcd951c317ba9f6db8489bea35388b9b7b5782d59fb13a208a9656bb9e55f9f3f471836a8db61198145da5f90a258269da255736d759ccd5d1822a332f765872f2818a5ef8d94015a261552169d17c31dd97c882a557aa9e460a6f9bce9bd9124d3300fad2aa916f883a9d6ddf49d35ec979d99dc6b77acbc85b11c76456f9c79b59209f270d117000cd414d7c619857cd8c81811e0545bb69ca1a801ca88dd834e3911e425785a7b8e0c11d7ab3c37d71d9f7233ca7fa2dd5d72093f8a2ba1948c946ba178e8ba3957031dadf2ca17a94613d07c80a9c1289d4a9ad2c9e3b55c954fce2d4ab0ad2fa2c14993877ac51a1b6c12377cf247e523909a29b9ff238a39d5699129752ac646be463cfe1c8446ec1e7791fb2d89e97caecae8bf1ac7206c69abf6236276b6ada55607440efc718eed4720d585325437cd7c1958bca25f3dc3733f170c21e43a00c6969d098de5a10a75c97eea3f26467f9fdc067cdaabbcc031d5804b0881837da20a6bf815e9cf68a6f9cfaf7b2a8be6966857791248401bd593752751c54066ce5e2cf632c14c1b0163a817707d2451222789f4bb611f2c4aa48f0bd17fb058a49ea0dd1ea7e80cf4485444dbe9255db733f8d6a2190a051195ff91121ccc949eca33f432ce47f9b4383c43e6333cbb6376fe0b4bfa83ed8e09b43836cf8e3ece5e6eb24ca3bd8b0ebb725534a5dc2895e36993e6f92306684131d7aec2b1c6e182c289fef3456e3ef3f3df6e5c54fe5217de6e0afe4f3c7ba75a8ee2bb324ed59c6127f5dc91fb45c396b587d60422f6363b4289d13820d64f1cd8422222e726c40c64ae512d36b872f90d3bec2f890e4eab05f95a7abe3bf17375c5c3b00523f265c0338f24e91a2de82254b1e7ee3787690a385c010610815ae930c105ea7739c17d16b49db4894b30428569e7e399c5c3b4255bd9f20b8ff8aa7197927667bf3e4c1195dda7579f1e39f03125a9148d5c3202f1d7f7b91ff26b3d5f93fb3babd12ec23ab7a4e27c0dac4e97cde80be339d06de76051ec250a5444f20850922a90848824c29bfe6e5d10efd270373f98e74c359addce6f3434cdd0c2b1ee004020a16a0499953a33c1d3b50b34ba066cae641d8a88b010b6dbae18c65f71ab44e2f618501120b8fb501cb77f05cd209f8016848b2c60298f7443e529974eb67db0015da43e4b57534264be65b2bd10e0c330eee72797c8e1e823d382aa75c60d6b304ce578f24f361efd5e42727bede20d2ce19ff9d0e03e8f5ed901573ef67c95667cc64a4826e5078c3e688f8203cff564dd547811f3a0585126bf6aae7a37ce5099c7654fbc8a7a37d0b81732536e3b18f8cd550f7dd8eb27bb73afc7b37f86721bd15a7df189ce6d95c94529649225e37603568d3757a45f728efe9b4737da6c91ba0362b4943c7bd269442a771c1e4ce6a7500c3f8e792e909f2b15d6df7605f31ea7d216c4790fb7f51f6921f917c2ba750aaa2b3ac4d3ef819fd3853a60e03365833ce94dfac1e25581c3e8aa502df09b3e9f296d3386eb46bdd42c8f51cdba41163a1b9be5a8e9c2522c311f1097fa80aaa68c882af0266f2c9440d369c2233456658abbc156802780fd8ca47b752e9c22f399a9c500b8919048184e0a0308739b3e9376f41734de244d7432bf1f38b4e7219743be49ae604fb5461034a3b60a8b3083ecad933d554978fc263dc7ab1485a1402fff40fb80bd3b25b82e6fa81db7703d65fa3fd9a362e74f1d8abece1cd76afe4b73fe2e9ab3bc6225103c9814b7dfd8679929c8597298610aec00c86bad0ef2ac3eae1265e0abeab66930e1c44fa8ab5ec76a60b5493fa3331178f7cb1661f10930b66e4af15b15f227dafd7219ec2739e6136bbd6aaab7bf0acec794b67062f4a13fb4eba514ee792ed851b2373d0d877e23595c7efc6d13db87679810856f5069b56b9ab0526d51c07b9b9316e4d94d5cdffb5b2a3301ee38874cabe5661c656ada1cdf992b416f9a94c63fbcdaefeac57d7fbe5fb1e798658e8e35d3c5ce08b9d940cc2cdaca24331cc376ff3f74d9a77caf611e60960a40238bdda253126c108115e8cb0f85675689ad2406d4d85f2c5e826efcaa1e32e50f0fa1ed97aeccc4d44030e15863e58306851964fe5006d8b167be1cb78c5889ed911025aa8030b8bfe93308ecd0305b85c82ebb69996ce40e662a98331926ce61fe37d3cc80968583dd0f7dfdbf29a52d4a524807ebbf76c57fb47455ed3ad69edd53ff5143cc9858a16a58b1e2912c9c89cbf66b049e6f74a8f8161d300dc51580a2be77cb87b60ec3847155dce419cfa50f6a264ae85f20ab8b03d24b84147bf0a63e421e9e214b619b2eaf6d62ce6becd0e8ceb317274c2f9ea382d6919c8b3004dfe6482371b1c43c938c40386520d0a470ef61b3b0a29c92f85dfadbbc2d9d6e1d8bc79fcaceecdcf65e34ffcc6457e1432c0fd3c390a996e558b401dd8525cf18a07e9e5fe5f013b614f92835ee83abe0810da2e3f9b2657e558a2204bbba6c3afc420e4f8712b67363c7c0fc3ff81c41a9972ec4f61533ab04120df707994dd0fc9998ade08f2465bdec4896777eb5a710327bd55f2640f6cc1a4ae8744922bc47535ebea5603370d77bfd766eb29533d8b8ddf561b21403babcce92f50736dae918424d82d989a400d3993da6d9cf4b6ad693f116c40cc41588ee5c119abb705b307a9fce6b9ce618c5735e11ee0992657b05b18d08cc46e66f773196ffa3404bc35557db38d4b291fb0469ee3d6741ec6ec746cb0d423900a01bbfcdb8e02adf3fca691b3d4ce566aeba5657c1b453f7d9247fc629160ff84c6c8719103c48609179ade07043c127c74f95a3c5e2aa078a441bdea450c49dac5fb7c3235670ae89c77b24c5de40497abd3fc832baabafd6ea8bffe93017096e08e4881d9a6f5315a8afdadfe042316b6997a52ca022a85bc6f72f4e8ccf83f0d158a5196b4c55ddf74f168f07995ab29e506e8dae210d4d2b0f25637deafd3004eb087ed740b308719ddf94ba00d3ea18545a23c3a07356fd51b4ac71bcbe26a2fb3bdeac9ccb015b16cf26410a843f2d1ba763e2c35b1aa6401f82dff2d3539b113c64ee5ad631135e53f7617d29789b14ba61f50f44e932c900d44ef1e39ec119e991fcde0d7324d5094f7f9816e4b9ea65dc220774c79eea14a6401e31eac23646fdfff67195fa6fe06258c67d5a1bd773e9f90bfb77b9c6dc7e13c597b864dac5a8a4c8f32afbf5df1b37dc04d6127f88689346d2623a6a18b6be3c3a2436ebdd364f46734ea1b877dbe08e4b093a6c3b6a60c67f27d9385870c438f63249eebd754440a146baabe74204a0c8ac26c0db51f9ed5af8c1f1027c0d5c237cb7590bdac8ab631b9db321dcd7e1b2be2c44e324bf80d8e1cd68b21240bf13e1e220eea8f3bf390b03dde1d8122fa906bc1979f085bdce47d7bb3c0f1d0e24ce28a165c9202a16b9d84ca152f2b76dd1ca09c3d297c613b327751167fa1b3af80a901bf13bdf278737b5a289784ec57cdc68f2b9dc67b4a0653b9a161494200441cb85204c7d37ef676d56b18d59e3a449d3245090647277478777aca93e36f58cb1d6172944ce51ce94feb131a5c19c2252172cea9036ba71c7032255377c1f96e037689272859ccb56a7649c24eaf57a8dac918a461f97cd67e28eebd8dbb790537c78b2c058f8d4b9a89b32ec0045c8edb39f1f4ccae56299503706a24d2764eae332c2a8762174e5b6e0bc57d6e1bc7f8bc58677814da79d9c52f3e14fbba2b4627e9413968091a7479355722b7d79874c8eca9c1aff02332c6da7961f7b5f6232e53ddb9bc697ee4a43a877c0c21e962f13ea2d7842c8fdb01e3df0e772bcd2889a124acf85500709cb68ce05534c65b4df91ae3524d9eb6214453775677717469f55a86810b63461db2098d44e20e82f67e4a897de2f86ef35a461ac7fb5863812ab669685d59a7fd92ad2b7d1094612cc266e2e011ace694ca3144383b60ce4140bf7045b907b1782ba6b1c360afbbc596f063a2487e0fde883cd0fad2bc18bab88fbdb1a07aec93a546833f68f043d7583ae3812bfb138bc61caa4641f8d9658681277c6db41b587140a785fa6ec527678940ab18b8c9c751df67b0ccd99b6da0bf9c623061f787ce13feb8927de1ec245133a6fb8ea180ccc4ca4746b36fc90ce6ce2d5abea75300d6f43463b3ab32cd297d35cb7996a58a0ccf4781c2a70f7be4e4916f5eada88fff0ae13b7a0f6481bea2c9ced031a498b7bb0e7733a0da89ecbba3802bac37443ef3d3181f108cb5d24ef40ccf2447fea4567fcf085b24f92fa61702bd0d8e2ed113276887958cfd8bf1abdfbe6027af465cac16225374dab4df565b6bc57e29b68911feba9c5c07bc09869962a912b17db705e018f1c09d6a7f5a191dd918a42667159814f111c10fa7323a27e5a73798b5dbfa7651b66b952ff06a6bd6369612367c6b637ba80e89fcde88dde640abf912a0e40dd55e4e9fe30d60733f0389a07ebf69a792b40202b91938ae8ad6455bcf77bdda356d1839e0c0f2861864af8cc916d611fd61cdd9951446efb217cd25b97a7301e6d76d449b947416e7926b077aeb0f7a8eff76f409bf0b3923cce6a4fab50c8191f8a5cb16bbe4434976fbcb6f82a6fbfc8d844b8cabc6b2e286a0b636a9d94b4d645a7f8ea862e1636ecf6ab0886921f999c7c0a3d2a6edbef16d2d484ef4811146b1aa8446bc504b26a48fab816261704c9fbe172ce5018d19d1910d0093731491b69e4d14e9ef806b2c4eb29914631f700b26e852528801335ebefe527e0b961bc83a78048be21578445305c6606ba3242d4e75319d5100a067ea5a61ed39a4cc678edfa5d63a4611f76dbc73509fd37c4eb2422b8b6041c7305aab516b72625b43cfc459841542302cc88b386801a19da7fbcb0cbc1601ee8159c30b1faf7783e2f54602d86238336874abb3d948395e60adefa45d3dde3961c2b847b4aae83fbf03563a10f2b0f1d0d55d9d22fe7dc649e962024a85c4063bb612a64606b509744278e76a6e15f36da4ea9a6d747e0a9dd7a54a11f986fd7b9ea2324b0031758eac62032144864ee0780e83b903f5a2f564744326fdf4e3ee6f9e12c5134bfa294b5197589148d148c574251fb3ffda63f58249d41e277f0f72be71a16f98089fb13deb0f5006200471e666ea138883a7b9d657b2fc09b4cea0ff2bf8c3d07de8fc94d0ad62df2a56f10", 0x192}, {0x0, 0x1200}, {&(0x7f0000000240)="a9", 0x1}], 0x4, &(0x7f0000000600)=[@ip_ttl={{0x14}}], 0x18}, 0x0)

01:20:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb710020000000000)

[ 3070.925794][T26767] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:41 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x74000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3071.023925][T26771] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:42 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x9, 0x1, &(0x7f0000000040)=@raw=[@exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

01:20:42 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x6a03}, 0x0)

01:20:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4c}, 0x0)

01:20:42 executing program 1:
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f0000000600)={&(0x7f0000000080)=@id, 0x10, 0x0}, 0x0)

[ 3071.343025][T26782] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:42 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb810020000000000)

[ 3071.478818][T26787] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:42 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x4000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:42 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x9, 0x0, 0x0, 0x0, 0x808}, 0x48)

01:20:42 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x78030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4e}, 0x0)

01:20:42 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x8100}, 0x0)

01:20:42 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xb910020000000000)

01:20:43 executing program 1:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x4, &(0x7f0000000000)=@framed={{}, [@kfunc]}, &(0x7f0000000080)='syzkaller\x00', 0x2, 0x99, &(0x7f00000000c0)=""/153, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[ 3072.111255][T26801] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:43 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x7a000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x60}, 0x0)

01:20:43 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000780)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="14000000000000000000000006000000040000000000000014000000000000000000000001000000779800000000000050000000000000000000000007000000863f000000030205cee57905049f6f060ba29f8d7110fae5db5d0705442830010e57b0113f38b1df41cbd6050a020785ea34e2330608a6afff2c02a302037c0014000000000000000000000007000000000000000000000014000000000000f6"], 0x138}, 0x0)

01:20:43 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf000}, 0x0)

01:20:43 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x7a020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:44 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x5000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:44 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xba10020000000000)

01:20:44 executing program 1:
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x240, 0x0)

01:20:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x64}, 0x0)

01:20:44 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x34000}, 0x0)

01:20:44 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x80020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x68}, 0x0)

01:20:44 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xbb10020000000000)

01:20:44 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x81000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:44 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x400300}, 0x0)

01:20:44 executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb01001800000000dd"], &(0x7f0000000480)=""/4096, 0x77, 0x1000, 0x1}, 0x20)

01:20:44 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x3)

[ 3074.098904][T26843] __nla_validate_parse: 6 callbacks suppressed
[ 3074.098925][T26843] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3074.280571][T26846] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:45 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x6000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x6a}, 0x0)

01:20:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xbc03000000000000)

01:20:45 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x0)

01:20:45 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x82020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:45 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf0ffff}, 0x0)

01:20:45 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000005780)=ANY=[@ANYBLOB="b702000010000000bfa300000000000007030000f0ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbf0000b4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6feb59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a08000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000001000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000000000000000000003ba34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89a00"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0xc0, &(0x7f0000000640)={0x0, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r1}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2f000000, 0x5ea, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

[ 3074.780436][T26859] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3074.914471][T26860] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:45 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x82030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x6c}, 0x0)

01:20:46 executing program 1:
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@map=0x1, 0xffffffffffffffff, 0x26}, 0x10)

01:20:46 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x1000000}, 0x0)

01:20:46 executing program 1:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002c40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2d, &(0x7f0000000000)=[@ip_tos_u8], 0x20}, 0x0)

[ 3075.356969][T26861] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=1, oom_score_adj=1000
[ 3075.460425][T26861] CPU: 0 PID: 26861 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3075.470894][T26861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3075.480983][T26861] Call Trace:
[ 3075.484281][T26861]  <TASK>
[ 3075.487233][T26861]  dump_stack_lvl+0xd1/0x138
[ 3075.491859][T26861]  dump_header+0x10b/0x85f
[ 3075.496317][T26861]  oom_kill_process.cold+0x10/0x15
[ 3075.501467][T26861]  out_of_memory+0x35c/0x14a0
[ 3075.506271][T26861]  ? find_held_lock+0x2d/0x110
[ 3075.511071][T26861]  ? oom_killer_disable+0x280/0x280
[ 3075.516315][T26861]  ? find_held_lock+0x2d/0x110
[ 3075.521120][T26861]  mem_cgroup_out_of_memory+0x206/0x270
[ 3075.526705][T26861]  ? mem_cgroup_margin+0x130/0x130
[ 3075.531858][T26861]  ? lock_downgrade+0x6e0/0x6e0
[ 3075.536768][T26861]  try_charge_memcg+0xef8/0x12f0
[ 3075.541751][T26861]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3075.547764][T26861]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3075.553516][T26861]  ? lock_downgrade+0x6e0/0x6e0
[ 3075.558438][T26861]  obj_cgroup_charge+0x2af/0x5e0
[ 3075.563424][T26861]  __kmem_cache_alloc_node+0xad/0x3e0
[ 3075.568827][T26861]  ? ipv6_add_dev+0xfe/0x1320
[ 3075.573596][T26861]  kmalloc_trace+0x26/0x60
[ 3075.578020][T26861]  ipv6_add_dev+0xfe/0x1320
[ 3075.582544][T26861]  addrconf_notify+0x874/0x1c80
[ 3075.587419][T26861]  ? clusterip_netdev_event+0x41d/0x650
[ 3075.593012][T26861]  ? __local_bh_enable_ip+0xa4/0x130
[ 3075.598301][T26861]  ? clusterip_netdev_event+0x41d/0x650
[ 3075.603857][T26861]  ? tee_netdev_event+0x3c0/0x5c0
[ 3075.608917][T26861]  ? ip6mr_device_event+0x1af/0x220
[ 3075.614152][T26861]  notifier_call_chain+0xb5/0x200
[ 3075.619193][T26861]  call_netdevice_notifiers_info+0xb5/0x130
[ 3075.625099][T26861]  register_netdevice+0xfb4/0x1640
[ 3075.630227][T26861]  ? unregister_netdevice_queue+0x3c0/0x3c0
[ 3075.636145][T26861]  br_dev_newlink+0x27/0x110
[ 3075.640743][T26861]  ? br_changelink+0x1620/0x1620
[ 3075.645689][T26861]  __rtnl_newlink+0x10c2/0x1840
[ 3075.650647][T26861]  ? rtnl_link_unregister+0x250/0x250
[ 3075.656060][T26861]  rtnl_newlink+0x68/0xa0
[ 3075.660393][T26861]  ? __rtnl_newlink+0x1840/0x1840
[ 3075.665420][T26861]  rtnetlink_rcv_msg+0x43e/0xca0
[ 3075.670365][T26861]  ? rtnl_getlink+0xae0/0xae0
[ 3075.675050][T26861]  ? __dev_queue_xmit+0xb54/0x3ba0
[ 3075.680191][T26861]  netlink_rcv_skb+0x165/0x440
[ 3075.684968][T26861]  ? rtnl_getlink+0xae0/0xae0
[ 3075.689650][T26861]  ? netlink_ack+0x1370/0x1370
[ 3075.694441][T26861]  ? netlink_deliver_tap+0x1b1/0xc50
[ 3075.699739][T26861]  netlink_unicast+0x547/0x7f0
[ 3075.704516][T26861]  ? netlink_attachskb+0x890/0x890
[ 3075.709635][T26861]  ? security_netlink_send+0x32/0xa0
[ 3075.714974][T26861]  ? security_netlink_send+0x41/0xa0
[ 3075.720272][T26861]  netlink_sendmsg+0x91b/0xe10
[ 3075.725049][T26861]  ? netlink_unicast+0x7f0/0x7f0
[ 3075.730002][T26861]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 3075.735303][T26861]  ? netlink_unicast+0x7f0/0x7f0
[ 3075.740248][T26861]  sock_sendmsg+0xd3/0x120
[ 3075.744680][T26861]  ____sys_sendmsg+0x712/0x8c0
[ 3075.749447][T26861]  ? copy_msghdr_from_user+0xfc/0x150
[ 3075.754825][T26861]  ? kernel_sendmsg+0x50/0x50
[ 3075.759523][T26861]  ___sys_sendmsg+0x110/0x1b0
[ 3075.764210][T26861]  ? do_recvmmsg+0x6e0/0x6e0
[ 3075.768809][T26861]  ? __fget_files+0x248/0x440
[ 3075.773496][T26861]  ? lock_downgrade+0x6e0/0x6e0
[ 3075.778367][T26861]  ? futex_wake_mark+0x1a0/0x1a0
[ 3075.783321][T26861]  ? __fget_files+0x26a/0x440
[ 3075.788017][T26861]  ? __fget_light+0xe5/0x270
[ 3075.792623][T26861]  __sys_sendmsg+0xf7/0x1c0
[ 3075.797135][T26861]  ? __sys_sendmsg_sock+0x40/0x40
[ 3075.802166][T26861]  ? restore_fpregs_from_fpstate+0xc1/0x1c0
[ 3075.808090][T26861]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3075.814008][T26861]  ? lockdep_hardirqs_on+0x7d/0x100
[ 3075.819221][T26861]  do_syscall_64+0x39/0xb0
[ 3075.823646][T26861]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3075.829542][T26861] RIP: 0033:0x7f228be8c0d9
[ 3075.833959][T26861] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 3075.853568][T26861] RSP: 002b:00007f228cb2c168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3075.861988][T26861] RAX: ffffffffffffffda RBX: 00007f228bfabf80 RCX: 00007f228be8c0d9
[ 3075.869963][T26861] RDX: bc03000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 3075.877932][T26861] RBP: 00007f228bee7ae9 R08: 0000000000000000 R09: 0000000000000000
[ 3075.885906][T26861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3075.893877][T26861] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3075.901866][T26861]  </TASK>
[ 3076.149040][T26861] memory: usage 307164kB, limit 307200kB, failcnt 143
[ 3076.169346][T26861] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3076.189705][T26861] Memory cgroup stats for /syz5:
[ 3076.189935][T26861] anon 139264
[ 3076.189935][T26861] file 155648
[ 3076.189935][T26861] kernel 314241024
[ 3076.189935][T26861] kernel_stack 32768
[ 3076.189935][T26861] pagetables 81920
[ 3076.189935][T26861] sec_pagetables 0
[ 3076.189935][T26861] percpu 5435744
[ 3076.189935][T26861] sock 0
[ 3076.189935][T26861] vmalloc 0
[ 3076.189935][T26861] shmem 155648
[ 3076.189935][T26861] zswap 0
[ 3076.189935][T26861] zswapped 0
[ 3076.189935][T26861] file_mapped 155648
[ 3076.189935][T26861] file_dirty 0
[ 3076.189935][T26861] file_writeback 0
[ 3076.189935][T26861] swapcached 0
[ 3076.189935][T26861] anon_thp 0
[ 3076.189935][T26861] file_thp 0
[ 3076.189935][T26861] shmem_thp 0
[ 3076.189935][T26861] inactive_anon 143360
[ 3076.189935][T26861] active_anon 151552
[ 3076.189935][T26861] inactive_file 0
[ 3076.189935][T26861] active_file 0
[ 3076.189935][T26861] unevictable 0
[ 3076.189935][T26861] slab_reclaimable 15344
[ 3076.189935][T26861] slab_unreclaimable 308645920
[ 3076.737461][T26861] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26855,uid=0
[ 3076.772969][T26861] Memory cgroup out of memory: Killed process 26861 (syz-executor.5) total-vm:54540kB, anon-rss:508kB, file-rss:8948kB, shmem-rss:32kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 3076.906306][T26869] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:47 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x7000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x72}, 0x0)

01:20:47 executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd, 0xd, 0x2, [@datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], 'h'}]}}, &(0x7f0000000240)=""/240, 0x2a, 0xf0, 0x1}, 0x20)

01:20:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xbc10020000000000)

01:20:47 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x88020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3076.985369][T26877] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:48 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x0, 0x0, 0x0, 0x0, 0x1844, 0x1, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2}, 0x48)

01:20:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x74}, 0x0)

01:20:48 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x2000000}, 0x0)

[ 3077.245868][T26890] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3077.302176][T26885] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3077.338623][T26885] CPU: 1 PID: 26885 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3077.349090][T26885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3077.359339][T26885] Call Trace:
[ 3077.362632][T26885]  <TASK>
[ 3077.365592][T26885]  dump_stack_lvl+0xd1/0x138
[ 3077.370215][T26885]  dump_header+0x10b/0x85f
[ 3077.374674][T26885]  oom_kill_process.cold+0x10/0x15
[ 3077.379830][T26885]  out_of_memory+0x35c/0x14a0
[ 3077.384543][T26885]  ? find_held_lock+0x2d/0x110
[ 3077.389349][T26885]  ? oom_killer_disable+0x280/0x280
[ 3077.394596][T26885]  ? find_held_lock+0x2d/0x110
[ 3077.399400][T26885]  mem_cgroup_out_of_memory+0x206/0x270
[ 3077.404981][T26885]  ? mem_cgroup_margin+0x130/0x130
[ 3077.410118][T26885]  ? lock_downgrade+0x6e0/0x6e0
[ 3077.415024][T26885]  try_charge_memcg+0xef8/0x12f0
[ 3077.420010][T26885]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3077.426032][T26885]  ? rcu_read_unlock+0x9/0x60
[ 3077.430731][T26885]  ? lock_downgrade+0x6e0/0x6e0
[ 3077.435625][T26885]  charge_memcg+0x99/0x3b0
[ 3077.440081][T26885]  __mem_cgroup_charge+0x2b/0x90
[ 3077.445060][T26885]  wp_page_copy+0x2bf/0x1ca0
[ 3077.449694][T26885]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3077.456306][T26885]  ? lock_downgrade+0x6e0/0x6e0
[ 3077.461176][T26885]  ? vm_normal_page+0x14a/0x2a0
[ 3077.466046][T26885]  do_wp_page+0x1d1/0x1930
[ 3077.470491][T26885]  __handle_mm_fault+0x181b/0x3a40
[ 3077.475622][T26885]  ? vm_iomap_memory+0x190/0x190
[ 3077.480590][T26885]  handle_mm_fault+0x1cc/0x780
[ 3077.485367][T26885]  do_user_addr_fault+0x475/0x1210
[ 3077.490490][T26885]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3077.496052][T26885]  exc_page_fault+0x98/0x170
[ 3077.500658][T26885]  asm_exc_page_fault+0x26/0x30
[ 3077.505510][T26885] RIP: 0033:0x7f228be39580
[ 3077.509925][T26885] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3077.529537][T26885] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3077.535607][T26885] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3077.543580][T26885] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
01:20:48 executing program 1:
syz_emit_ethernet(0x4f, &(0x7f0000000180)={@local, @broadcast, @val, {@ipv4}}, 0x0)

01:20:48 executing program 1:
socket(0x21, 0x0, 0x6)

[ 3077.551553][T26885] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3077.559525][T26885] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3077.567494][T26885] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3077.575468][T26885]  ? __x64_sys_socket+0x11/0xb0
[ 3077.580341][T26885]  </TASK>
01:20:48 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f0000000440), 0x10, 0x0, &(0x7f0000000480)={0x0, 0x7f})

01:20:48 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x88a8ffff, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3077.750379][T26898] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3077.975331][T26908] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x7a}, 0x0)

01:20:49 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x3000000}, 0x0)

01:20:49 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x8000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3078.334875][T26912] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3078.422740][T26885] memory: usage 307200kB, limit 307200kB, failcnt 234
[ 3078.470054][T26885] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3078.528429][T26885] Memory cgroup stats for /syz5:
[ 3078.528636][T26885] anon 102400
[ 3078.528636][T26885] file 155648
[ 3078.528636][T26885] kernel 314314752
[ 3078.528636][T26885] kernel_stack 65536
[ 3078.528636][T26885] pagetables 73728
[ 3078.528636][T26885] sec_pagetables 0
[ 3078.528636][T26885] percpu 5436928
[ 3078.528636][T26885] sock 0
[ 3078.528636][T26885] vmalloc 0
[ 3078.528636][T26885] shmem 155648
[ 3078.528636][T26885] zswap 0
[ 3078.528636][T26885] zswapped 0
[ 3078.528636][T26885] file_mapped 155648
[ 3078.528636][T26885] file_dirty 0
[ 3078.528636][T26885] file_writeback 0
[ 3078.528636][T26885] swapcached 0
[ 3078.528636][T26885] anon_thp 0
[ 3078.528636][T26885] file_thp 0
[ 3078.528636][T26885] shmem_thp 0
[ 3078.528636][T26885] inactive_anon 106496
[ 3078.528636][T26885] active_anon 151552
[ 3078.528636][T26885] inactive_file 0
[ 3078.528636][T26885] active_file 0
[ 3078.528636][T26885] unevictable 0
[ 3078.528636][T26885] slab_reclaimable 15344
[ 3078.528636][T26885] slab_unreclaimable 308687952
[ 3078.744011][T26885] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26885,uid=0
[ 3079.126360][T26885] Memory cgroup out of memory: Killed process 26885 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:20:50 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xbd10020000000000)

01:20:50 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x8a030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:50 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x86}, 0x0)

01:20:50 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x4000000}, 0x0)

01:20:50 executing program 1:
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0xfffffffffffff801})

01:20:50 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000380)="9c70943cc6d7fc4fd3d15556a3182b5181b5c14e04755322c3db76a9fe6c9addae4f509a24404d546026564ebb46ac838536647656800c092fb3e340471ccc9058343f22e12d3437c9da801436b303197fad1430750977a4caf13126d7f09d63f2493c32ccc40b8d3609c830e46d94130d0c432384d17feaeb3e78327caff75e971777affe4c2497f9baa029a5cbd3a1f03c42f9f0419b87a1c882abe90ee9aa90be304f0196b96a72657de9e73bca1ad6c65922942d5cc5a3bc4a8087e063436c5c324a6c233d483e12ffaa5bbf197e57fc78dda16eb3fb0181d1939b537ce00c0e1070294d8784", 0xe8}, {&(0x7f0000000480)="368e43b56cfb4aa37f8065ce25421f7bec36ada1652d5350343ddef07651e0d4793e6e20b8bce0bd95af710946b90164c9a7f13bc622d2c568e85ab9248c315bdc617e7b9acd9860e72db7ef383e6c2bd75e3b11fa7b87b3aba25c430a6bb5548080c704fc509cd7b7c9f2a9d4590004ca47a21fed3f035992fa14590a35cc883885463f5c46e9cf", 0x88}, {0x0}, {&(0x7f0000001480)="b3", 0x1}], 0x4, 0x0, 0xb0}, 0x0)

[ 3079.394479][T26922] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:50 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x8e000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:50 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x9000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3079.499103][T26921] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:50 executing program 1:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
bind$unix(r0, 0x0, 0x0)

[ 3079.664077][T26929] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:50 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x5000000}, 0x0)

01:20:50 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x8d}, 0x0)

01:20:50 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x32, &(0x7f00000004c0)={0x0, 0x5e9}, 0x8)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)

[ 3079.826520][T26930] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3079.901967][T26935] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3079.954601][T26930] CPU: 1 PID: 26930 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3079.965065][T26930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3079.975141][T26930] Call Trace:
[ 3079.978480][T26930]  <TASK>
[ 3079.981431][T26930]  dump_stack_lvl+0xd1/0x138
[ 3079.986052][T26930]  dump_header+0x10b/0x85f
[ 3079.990519][T26930]  oom_kill_process.cold+0x10/0x15
[ 3079.995667][T26930]  out_of_memory+0x35c/0x14a0
[ 3080.000387][T26930]  ? find_held_lock+0x2d/0x110
[ 3080.005192][T26930]  ? oom_killer_disable+0x280/0x280
[ 3080.010428][T26930]  ? find_held_lock+0x2d/0x110
[ 3080.015230][T26930]  mem_cgroup_out_of_memory+0x206/0x270
[ 3080.020806][T26930]  ? mem_cgroup_margin+0x130/0x130
[ 3080.025940][T26930]  ? lock_downgrade+0x6e0/0x6e0
[ 3080.030842][T26930]  try_charge_memcg+0xef8/0x12f0
[ 3080.035822][T26930]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3080.041844][T26930]  ? rcu_read_unlock+0x9/0x60
[ 3080.046543][T26930]  ? lock_downgrade+0x6e0/0x6e0
[ 3080.051442][T26930]  charge_memcg+0x99/0x3b0
[ 3080.055894][T26930]  __mem_cgroup_charge+0x2b/0x90
[ 3080.060874][T26930]  wp_page_copy+0x2bf/0x1ca0
[ 3080.065505][T26930]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3080.072118][T26930]  ? lock_downgrade+0x6e0/0x6e0
[ 3080.077005][T26930]  ? vm_normal_page+0x14a/0x2a0
[ 3080.081879][T26930]  do_wp_page+0x1d1/0x1930
[ 3080.086309][T26930]  __handle_mm_fault+0x181b/0x3a40
[ 3080.091451][T26930]  ? vm_iomap_memory+0x190/0x190
[ 3080.096430][T26930]  handle_mm_fault+0x1cc/0x780
[ 3080.101221][T26930]  do_user_addr_fault+0x475/0x1210
[ 3080.106342][T26930]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3080.111899][T26930]  exc_page_fault+0x98/0x170
[ 3080.116505][T26930]  asm_exc_page_fault+0x26/0x30
[ 3080.121360][T26930] RIP: 0033:0x7f228be39580
[ 3080.125775][T26930] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3080.145383][T26930] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3080.151454][T26930] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3080.159425][T26930] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3080.167392][T26930] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3080.175360][T26930] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3080.183331][T26930] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3080.191316][T26930]  ? __x64_sys_socket+0x11/0xb0
[ 3080.196195][T26930]  </TASK>
[ 3080.221544][T26930] memory: usage 307200kB, limit 307200kB, failcnt 335
[ 3080.297500][T26930] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3080.376068][T26930] Memory cgroup stats for /syz5:
[ 3080.376263][T26930] anon 102400
[ 3080.376263][T26930] file 155648
[ 3080.376263][T26930] kernel 314314752
[ 3080.376263][T26930] kernel_stack 65536
[ 3080.376263][T26930] pagetables 73728
[ 3080.376263][T26930] sec_pagetables 0
[ 3080.376263][T26930] percpu 5436928
[ 3080.376263][T26930] sock 0
[ 3080.376263][T26930] vmalloc 0
[ 3080.376263][T26930] shmem 155648
[ 3080.376263][T26930] zswap 0
[ 3080.376263][T26930] zswapped 0
[ 3080.376263][T26930] file_mapped 155648
[ 3080.376263][T26930] file_dirty 0
[ 3080.376263][T26930] file_writeback 0
[ 3080.376263][T26930] swapcached 0
[ 3080.376263][T26930] anon_thp 0
[ 3080.376263][T26930] file_thp 0
[ 3080.376263][T26930] shmem_thp 0
[ 3080.376263][T26930] inactive_anon 106496
[ 3080.376263][T26930] active_anon 151552
[ 3080.376263][T26930] inactive_file 0
[ 3080.376263][T26930] active_file 0
[ 3080.376263][T26930] unevictable 0
[ 3080.376263][T26930] slab_reclaimable 15344
[ 3080.376263][T26930] slab_unreclaimable 308687952
[ 3081.202995][T26930] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26930,uid=0
[ 3081.229621][T26930] Memory cgroup out of memory: Killed process 26930 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:20:52 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x1a, &(0x7f0000000080), &(0x7f0000000300)=0x8)

01:20:52 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xa000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:52 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x6000000}, 0x0)

01:20:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x8e}, 0x0)

01:20:52 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x92010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xbe10020000000000)

[ 3081.381791][T26951] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:52 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
connect$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0x3}, 0x1c)
connect$inet6(r0, &(0x7f00000000c0)={0x1c, 0x1c, 0x1}, 0x1c)

01:20:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xaa}, 0x0)

[ 3081.555602][T26953] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3081.645700][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[ 3081.652403][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
01:20:52 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x92030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:52 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x7000000}, 0x0)

[ 3081.832563][T26956] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3081.884687][T26956] CPU: 0 PID: 26956 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3081.895242][T26956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3081.901981][T26968] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3081.905293][T26956] Call Trace:
[ 3081.905306][T26956]  <TASK>
[ 3081.905316][T26956]  dump_stack_lvl+0xd1/0x138
[ 3081.905347][T26956]  dump_header+0x10b/0x85f
[ 3081.929801][T26956]  oom_kill_process.cold+0x10/0x15
[ 3081.934937][T26956]  out_of_memory+0x35c/0x14a0
[ 3081.939630][T26956]  ? find_held_lock+0x2d/0x110
[ 3081.944410][T26956]  ? oom_killer_disable+0x280/0x280
[ 3081.949637][T26956]  ? find_held_lock+0x2d/0x110
[ 3081.954417][T26956]  mem_cgroup_out_of_memory+0x206/0x270
[ 3081.960003][T26956]  ? mem_cgroup_margin+0x130/0x130
[ 3081.965132][T26956]  ? lock_downgrade+0x6e0/0x6e0
[ 3081.970020][T26956]  try_charge_memcg+0xef8/0x12f0
[ 3081.974983][T26956]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3081.980991][T26956]  ? rcu_read_unlock+0x9/0x60
[ 3081.985685][T26956]  ? lock_downgrade+0x6e0/0x6e0
[ 3081.990575][T26956]  charge_memcg+0x99/0x3b0
[ 3081.995009][T26956]  __mem_cgroup_charge+0x2b/0x90
[ 3081.999963][T26956]  wp_page_copy+0x2bf/0x1ca0
[ 3082.004567][T26956]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3082.011162][T26956]  ? lock_downgrade+0x6e0/0x6e0
[ 3082.016034][T26956]  ? vm_normal_page+0x14a/0x2a0
[ 3082.020903][T26956]  do_wp_page+0x1d1/0x1930
[ 3082.025335][T26956]  __handle_mm_fault+0x181b/0x3a40
[ 3082.030466][T26956]  ? vm_iomap_memory+0x190/0x190
[ 3082.035436][T26956]  handle_mm_fault+0x1cc/0x780
[ 3082.040214][T26956]  do_user_addr_fault+0x475/0x1210
[ 3082.045379][T26956]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3082.050937][T26956]  exc_page_fault+0x98/0x170
[ 3082.055544][T26956]  asm_exc_page_fault+0x26/0x30
[ 3082.060398][T26956] RIP: 0033:0x7f228be39580
[ 3082.064816][T26956] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3082.084512][T26956] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3082.090582][T26956] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3082.098555][T26956] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3082.106540][T26956] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3082.114544][T26956] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3082.122549][T26956] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3082.130524][T26956]  ? __x64_sys_socket+0x11/0xb0
[ 3082.135402][T26956]  </TASK>
01:20:53 executing program 1:
syz_emit_ethernet(0x10a8, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa52375fd1fe6686dd6f7e319410723afffc000000000000000000000000000000ff020000000000000000000000000001"], 0x0)

01:20:53 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xb000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xac}, 0x0)

[ 3082.326051][T26971] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3082.529579][T26956] memory: usage 307200kB, limit 307200kB, failcnt 426
[ 3082.564693][T26956] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3082.685271][T26956] Memory cgroup stats for /syz5:
[ 3082.685492][T26956] anon 102400
[ 3082.685492][T26956] file 155648
[ 3082.685492][T26956] kernel 314314752
[ 3082.685492][T26956] kernel_stack 65536
[ 3082.685492][T26956] pagetables 73728
[ 3082.685492][T26956] sec_pagetables 0
[ 3082.685492][T26956] percpu 5436928
[ 3082.685492][T26956] sock 0
[ 3082.685492][T26956] vmalloc 0
[ 3082.685492][T26956] shmem 155648
[ 3082.685492][T26956] zswap 0
[ 3082.685492][T26956] zswapped 0
[ 3082.685492][T26956] file_mapped 155648
[ 3082.685492][T26956] file_dirty 0
[ 3082.685492][T26956] file_writeback 0
[ 3082.685492][T26956] swapcached 0
[ 3082.685492][T26956] anon_thp 0
[ 3082.685492][T26956] file_thp 0
[ 3082.685492][T26956] shmem_thp 0
[ 3082.685492][T26956] inactive_anon 106496
[ 3082.685492][T26956] active_anon 151552
[ 3082.685492][T26956] inactive_file 0
[ 3082.685492][T26956] active_file 0
[ 3082.685492][T26956] unevictable 0
[ 3082.685492][T26956] slab_reclaimable 15344
[ 3082.685492][T26956] slab_unreclaimable 308687952
[ 3082.934793][T26956] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26956,uid=0
[ 3083.011752][T26956] Memory cgroup out of memory: Killed process 26956 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:20:54 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xbf10020000000000)

01:20:54 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x901, &(0x7f0000000400), &(0x7f0000000440)=0x8)

01:20:54 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x9a010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xc2}, 0x0)

01:20:54 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x8000000}, 0x0)

01:20:54 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r0, &(0x7f0000000040)="13", 0x1, 0x0, &(0x7f0000000100)={0x10, 0x2}, 0x10)

[ 3083.235346][T26988] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xc8}, 0x0)

01:20:54 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xc000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:54 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000), 0x4)

[ 3083.481365][T26989] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3083.487014][T26982] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3083.584589][T26989] CPU: 0 PID: 26989 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3083.595055][T26989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3083.605133][T26989] Call Trace:
[ 3083.608426][T26989]  <TASK>
[ 3083.611378][T26989]  dump_stack_lvl+0xd1/0x138
[ 3083.616006][T26989]  dump_header+0x10b/0x85f
[ 3083.620460][T26989]  oom_kill_process.cold+0x10/0x15
[ 3083.625612][T26989]  out_of_memory+0x35c/0x14a0
[ 3083.630334][T26989]  ? find_held_lock+0x2d/0x110
[ 3083.635128][T26989]  ? oom_killer_disable+0x280/0x280
[ 3083.640367][T26989]  ? find_held_lock+0x2d/0x110
[ 3083.645172][T26989]  mem_cgroup_out_of_memory+0x206/0x270
[ 3083.650744][T26989]  ? mem_cgroup_margin+0x130/0x130
[ 3083.655881][T26989]  ? lock_downgrade+0x6e0/0x6e0
[ 3083.660786][T26989]  try_charge_memcg+0xef8/0x12f0
[ 3083.665761][T26989]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3083.672041][T26989]  ? rcu_read_unlock+0x9/0x60
[ 3083.676739][T26989]  ? lock_downgrade+0x6e0/0x6e0
[ 3083.681638][T26989]  charge_memcg+0x99/0x3b0
[ 3083.686090][T26989]  __mem_cgroup_charge+0x2b/0x90
[ 3083.691060][T26989]  wp_page_copy+0x2bf/0x1ca0
[ 3083.695685][T26989]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3083.702301][T26989]  ? lock_downgrade+0x6e0/0x6e0
[ 3083.707192][T26989]  ? vm_normal_page+0x14a/0x2a0
[ 3083.712082][T26989]  do_wp_page+0x1d1/0x1930
[ 3083.716529][T26989]  __handle_mm_fault+0x181b/0x3a40
[ 3083.721679][T26989]  ? vm_iomap_memory+0x190/0x190
[ 3083.726674][T26989]  handle_mm_fault+0x1cc/0x780
[ 3083.731652][T26989]  do_user_addr_fault+0x475/0x1210
[ 3083.736797][T26989]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3083.742382][T26989]  exc_page_fault+0x98/0x170
[ 3083.747007][T26989]  asm_exc_page_fault+0x26/0x30
[ 3083.751882][T26989] RIP: 0033:0x7f228be39580
[ 3083.756336][T26989] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3083.776495][T26989] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
01:20:54 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="0a012ed1a3"], 0xa)

[ 3083.782589][T26989] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3083.790579][T26989] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3083.798571][T26989] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3083.806563][T26989] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3083.814557][T26989] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3083.822548][T26989]  ? __x64_sys_socket+0x11/0xb0
[ 3083.827448][T26989]  </TASK>
01:20:54 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x9000000}, 0x0)

01:20:54 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x9a030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3084.454729][T26989] memory: usage 307200kB, limit 307200kB, failcnt 532
[ 3084.472676][T26989] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3084.501735][T26989] Memory cgroup stats for /syz5:
[ 3084.501976][T26989] anon 102400
[ 3084.501976][T26989] file 155648
[ 3084.501976][T26989] kernel 314314752
[ 3084.501976][T26989] kernel_stack 65536
[ 3084.501976][T26989] pagetables 73728
[ 3084.501976][T26989] sec_pagetables 0
[ 3084.501976][T26989] percpu 5436928
[ 3084.501976][T26989] sock 0
[ 3084.501976][T26989] vmalloc 0
[ 3084.501976][T26989] shmem 155648
[ 3084.501976][T26989] zswap 0
[ 3084.501976][T26989] zswapped 0
[ 3084.501976][T26989] file_mapped 155648
[ 3084.501976][T26989] file_dirty 0
[ 3084.501976][T26989] file_writeback 0
[ 3084.501976][T26989] swapcached 0
[ 3084.501976][T26989] anon_thp 0
[ 3084.501976][T26989] file_thp 0
[ 3084.501976][T26989] shmem_thp 0
[ 3084.501976][T26989] inactive_anon 106496
[ 3084.501976][T26989] active_anon 151552
[ 3084.501976][T26989] inactive_file 0
[ 3084.501976][T26989] active_file 0
[ 3084.501976][T26989] unevictable 0
[ 3084.501976][T26989] slab_reclaimable 15344
[ 3084.501976][T26989] slab_unreclaimable 308687952
[ 3084.691737][T26989] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26989,uid=0
[ 3084.772558][T26989] Memory cgroup out of memory: Killed process 26989 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:20:55 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc010020000000000)

01:20:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xf0}, 0x0)

01:20:55 executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x104, &(0x7f0000000040), &(0x7f0000000080)=0x4)

01:20:55 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x9effffff, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:55 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xa000000}, 0x0)

01:20:55 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xd300000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3084.923801][T27015] __nla_validate_parse: 2 callbacks suppressed
[ 3084.923822][T27015] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:55 executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r0, &(0x7f0000000240)={&(0x7f0000000100)=@in6={0x1c, 0x1c, 0x1}, 0x1c, 0x0}, 0x0)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000000), 0xc)

01:20:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xf1}, 0x0)

01:20:56 executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x28, &(0x7f0000000280), &(0x7f0000000040)=0x4)

[ 3085.110961][T27018] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 3085.175381][T27017] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3085.231047][T27018] CPU: 0 PID: 27018 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3085.241515][T27018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3085.251588][T27018] Call Trace:
[ 3085.254868][T27018]  <TASK>
[ 3085.257799][T27018]  dump_stack_lvl+0xd1/0x138
[ 3085.262397][T27018]  dump_header+0x10b/0x85f
[ 3085.266829][T27018]  oom_kill_process.cold+0x10/0x15
[ 3085.271956][T27018]  out_of_memory+0x35c/0x14a0
[ 3085.276645][T27018]  ? find_held_lock+0x2d/0x110
[ 3085.281420][T27018]  ? oom_killer_disable+0x280/0x280
[ 3085.286723][T27018]  ? find_held_lock+0x2d/0x110
[ 3085.291500][T27018]  mem_cgroup_out_of_memory+0x206/0x270
[ 3085.297052][T27018]  ? mem_cgroup_margin+0x130/0x130
[ 3085.302168][T27018]  ? lock_downgrade+0x6e0/0x6e0
[ 3085.307047][T27018]  try_charge_memcg+0xef8/0x12f0
[ 3085.312003][T27018]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3085.317992][T27018]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3085.323806][T27018]  ? lock_downgrade+0x6e0/0x6e0
[ 3085.328675][T27018]  ? lock_downgrade+0x6e0/0x6e0
[ 3085.333542][T27018]  ? rcu_read_unlock+0x9/0x60
[ 3085.338239][T27018]  obj_cgroup_charge+0x2af/0x5e0
[ 3085.343192][T27018]  __kmem_cache_alloc_node+0xad/0x3e0
[ 3085.348574][T27018]  ? copy_semundo+0x18b/0x300
[ 3085.353343][T27018]  kmalloc_trace+0x26/0x60
[ 3085.357851][T27018]  copy_semundo+0x18b/0x300
[ 3085.362365][T27018]  copy_process+0x23f4/0x7190
[ 3085.367069][T27018]  ? __cleanup_sighand+0xb0/0xb0
[ 3085.372011][T27018]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3085.378005][T27018]  ? psi_memstall_leave+0x174/0x250
[ 3085.383225][T27018]  kernel_clone+0xeb/0x980
[ 3085.387647][T27018]  ? create_io_thread+0xf0/0xf0
[ 3085.392502][T27018]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3085.398754][T27018]  ? lock_downgrade+0x6e0/0x6e0
[ 3085.403629][T27018]  __do_sys_clone+0xba/0x100
[ 3085.408224][T27018]  ? kernel_clone+0x980/0x980
[ 3085.412921][T27018]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3085.418833][T27018]  do_syscall_64+0x39/0xb0
[ 3085.423256][T27018]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3085.429154][T27018] RIP: 0033:0x7f228be8d501
[ 3085.433570][T27018] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3085.453178][T27018] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3085.461594][T27018] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3085.469564][T27018] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
01:20:56 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xa0000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:56 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000040), &(0x7f0000000180)=0x90)

[ 3085.477536][T27018] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3085.485507][T27018] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3085.493563][T27018] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3085.501550][T27018]  </TASK>
01:20:56 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xb000000}, 0x0)

[ 3085.666709][T27032] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3085.850750][T27037] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3086.414380][T27018] memory: usage 307184kB, limit 307200kB, failcnt 616
[ 3086.433382][T27018] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3086.460356][T27018] Memory cgroup stats for /syz5:
[ 3086.460573][T27018] anon 90112
[ 3086.460573][T27018] file 155648
[ 3086.460573][T27018] kernel 314310656
[ 3086.460573][T27018] kernel_stack 65536
[ 3086.460573][T27018] pagetables 73728
[ 3086.460573][T27018] sec_pagetables 0
[ 3086.460573][T27018] percpu 5436928
[ 3086.460573][T27018] sock 0
[ 3086.460573][T27018] vmalloc 0
[ 3086.460573][T27018] shmem 155648
[ 3086.460573][T27018] zswap 0
[ 3086.460573][T27018] zswapped 0
[ 3086.460573][T27018] file_mapped 155648
[ 3086.460573][T27018] file_dirty 0
[ 3086.460573][T27018] file_writeback 0
[ 3086.460573][T27018] swapcached 0
[ 3086.460573][T27018] anon_thp 0
[ 3086.460573][T27018] file_thp 0
[ 3086.460573][T27018] shmem_thp 0
[ 3086.460573][T27018] inactive_anon 94208
[ 3086.460573][T27018] active_anon 151552
[ 3086.460573][T27018] inactive_file 0
[ 3086.460573][T27018] active_file 0
[ 3086.460573][T27018] unevictable 0
[ 3086.460573][T27018] slab_reclaimable 13416
[ 3086.460573][T27018] slab_unreclaimable 308686840
[ 3086.635443][T27018] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27018,uid=0
[ 3086.681565][T27018] Memory cgroup out of memory: Killed process 27018 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:20:57 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc100000000000000)

01:20:57 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1d, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48)

01:20:57 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x120}, 0x0)

01:20:57 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xa2010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:57 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xc000000}, 0x0)

01:20:57 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xe000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3086.866217][T27042] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:57 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r0, &(0x7f00000004c0)={&(0x7f0000000000)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0, 0xe, &(0x7f00000009c0)=[@flowinfo={{0x14}}], 0x18}, 0x0)

01:20:57 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xa2030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3087.008080][T27047] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:58 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x8910, &(0x7f0000000100)={'ip6tnl0\x00', 0x0})

01:20:58 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x137}, 0x0)

01:20:58 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xe000000}, 0x0)

[ 3087.212066][T27058] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3087.234313][T27054] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:20:58 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)

[ 3087.309753][T27054] CPU: 1 PID: 27054 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3087.320306][T27054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3087.330383][T27054] Call Trace:
[ 3087.333680][T27054]  <TASK>
[ 3087.336632][T27054]  dump_stack_lvl+0xd1/0x138
[ 3087.341255][T27054]  dump_header+0x10b/0x85f
[ 3087.345715][T27054]  oom_kill_process.cold+0x10/0x15
[ 3087.350871][T27054]  out_of_memory+0x35c/0x14a0
[ 3087.355585][T27054]  ? find_held_lock+0x2d/0x110
[ 3087.360375][T27054]  ? oom_killer_disable+0x280/0x280
[ 3087.365605][T27054]  ? find_held_lock+0x2d/0x110
[ 3087.370411][T27054]  mem_cgroup_out_of_memory+0x206/0x270
[ 3087.375992][T27054]  ? mem_cgroup_margin+0x130/0x130
[ 3087.381128][T27054]  ? lock_downgrade+0x6e0/0x6e0
[ 3087.386034][T27054]  try_charge_memcg+0xef8/0x12f0
[ 3087.391015][T27054]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3087.397040][T27054]  ? rcu_read_unlock+0x9/0x60
[ 3087.401741][T27054]  ? lock_downgrade+0x6e0/0x6e0
[ 3087.406642][T27054]  charge_memcg+0x99/0x3b0
[ 3087.411095][T27054]  __mem_cgroup_charge+0x2b/0x90
[ 3087.416062][T27054]  wp_page_copy+0x2bf/0x1ca0
[ 3087.420668][T27054]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3087.427261][T27054]  ? lock_downgrade+0x6e0/0x6e0
[ 3087.432127][T27054]  ? vm_normal_page+0x14a/0x2a0
[ 3087.436998][T27054]  do_wp_page+0x1d1/0x1930
[ 3087.441435][T27054]  __handle_mm_fault+0x181b/0x3a40
[ 3087.446573][T27054]  ? vm_iomap_memory+0x190/0x190
[ 3087.451548][T27054]  handle_mm_fault+0x1cc/0x780
[ 3087.456330][T27054]  do_user_addr_fault+0x475/0x1210
[ 3087.461453][T27054]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3087.467019][T27054]  exc_page_fault+0x98/0x170
[ 3087.471620][T27054]  asm_exc_page_fault+0x26/0x30
[ 3087.476475][T27054] RIP: 0033:0x7f228be39580
[ 3087.480890][T27054] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3087.500507][T27054] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3087.506576][T27054] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3087.514545][T27054] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3087.522514][T27054] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3087.530483][T27054] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3087.538453][T27054] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3087.546427][T27054]  ? __x64_sys_socket+0x11/0xb0
[ 3087.551301][T27054]  </TASK>
[ 3087.616791][T27066] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3087.630965][T27054] memory: usage 307200kB, limit 307200kB, failcnt 713
[ 3087.638822][T27054] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3087.666692][T27054] Memory cgroup stats for /syz5:
[ 3087.666894][T27054] anon 102400
[ 3087.666894][T27054] file 155648
[ 3087.666894][T27054] kernel 314314752
[ 3087.666894][T27054] kernel_stack 65536
[ 3087.666894][T27054] pagetables 73728
[ 3087.666894][T27054] sec_pagetables 0
[ 3087.666894][T27054] percpu 5436928
[ 3087.666894][T27054] sock 0
[ 3087.666894][T27054] vmalloc 0
[ 3087.666894][T27054] shmem 155648
[ 3087.666894][T27054] zswap 0
[ 3087.666894][T27054] zswapped 0
[ 3087.666894][T27054] file_mapped 155648
[ 3087.666894][T27054] file_dirty 0
[ 3087.666894][T27054] file_writeback 0
[ 3087.666894][T27054] swapcached 0
[ 3087.666894][T27054] anon_thp 0
[ 3087.666894][T27054] file_thp 0
[ 3087.666894][T27054] shmem_thp 0
[ 3087.666894][T27054] inactive_anon 106496
[ 3087.666894][T27054] active_anon 151552
[ 3087.666894][T27054] inactive_file 0
[ 3087.666894][T27054] active_file 0
[ 3087.666894][T27054] unevictable 0
[ 3087.666894][T27054] slab_reclaimable 15344
[ 3087.666894][T27054] slab_unreclaimable 308687952
[ 3087.957567][T27054] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27054,uid=0
[ 3088.025268][T27054] Memory cgroup out of memory: Killed process 27054 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:20:59 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc103000000000000)

01:20:59 executing program 1:
bpf$MAP_CREATE(0x1d, &(0x7f0000000000)=@bloom_filter, 0x48)

01:20:59 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xa8030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:20:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x13c}, 0x0)

01:20:59 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf000000}, 0x0)

01:20:59 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xf000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:20:59 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r0, &(0x7f00000004c0)={&(0x7f0000000000)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@dstopts_2292={{0x0, 0x29, 0x4, {0x0, 0x0, '\x00', [@enc_lim, @generic={0x0, 0x0, "6613593733f0fe9e3b75a74264ab3a6964289b6e3ddc7dc2f0c1537f288ce79a421cba385cd54e1eda71c414cf8c8e30fc7aa4f26abd"}, @hao={0xc9, 0x0, @remote}, @jumbo]}}}], 0xfffffffffffffe0c}, 0x0)

[ 3088.160444][T27074] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:20:59 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xaa000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3088.296940][T27075] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:20:59 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x5452, &(0x7f0000000100)={'ip6tnl0\x00', 0x0})

01:20:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x142}, 0x0)

[ 3088.416800][T27081] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3088.489624][T27081] CPU: 0 PID: 27081 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3088.500093][T27081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3088.510169][T27081] Call Trace:
[ 3088.513467][T27081]  <TASK>
[ 3088.516416][T27081]  dump_stack_lvl+0xd1/0x138
[ 3088.521031][T27081]  dump_header+0x10b/0x85f
[ 3088.525486][T27081]  oom_kill_process.cold+0x10/0x15
[ 3088.530636][T27081]  out_of_memory+0x35c/0x14a0
[ 3088.535351][T27081]  ? find_held_lock+0x2d/0x110
[ 3088.540148][T27081]  ? oom_killer_disable+0x280/0x280
[ 3088.545376][T27081]  ? find_held_lock+0x2d/0x110
[ 3088.550169][T27081]  mem_cgroup_out_of_memory+0x206/0x270
[ 3088.555740][T27081]  ? mem_cgroup_margin+0x130/0x130
[ 3088.560878][T27081]  ? lock_downgrade+0x6e0/0x6e0
[ 3088.565787][T27081]  try_charge_memcg+0xef8/0x12f0
[ 3088.570768][T27081]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3088.576790][T27081]  ? rcu_read_unlock+0x9/0x60
[ 3088.581493][T27081]  ? lock_downgrade+0x6e0/0x6e0
[ 3088.586409][T27081]  charge_memcg+0x99/0x3b0
[ 3088.590854][T27081]  __mem_cgroup_charge+0x2b/0x90
[ 3088.595825][T27081]  wp_page_copy+0x2bf/0x1ca0
[ 3088.600438][T27081]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3088.607045][T27081]  ? lock_downgrade+0x6e0/0x6e0
[ 3088.611937][T27081]  ? vm_normal_page+0x14a/0x2a0
[ 3088.616836][T27081]  do_wp_page+0x538/0x1930
[ 3088.621283][T27081]  __handle_mm_fault+0x181b/0x3a40
[ 3088.626426][T27081]  ? vm_iomap_memory+0x190/0x190
[ 3088.631420][T27081]  handle_mm_fault+0x1cc/0x780
[ 3088.636210][T27081]  do_user_addr_fault+0x475/0x1210
[ 3088.641344][T27081]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3088.646921][T27081]  exc_page_fault+0x98/0x170
[ 3088.651545][T27081]  asm_exc_page_fault+0x26/0x30
[ 3088.656418][T27081] RIP: 0033:0x7f228be36eee
[ 3088.660907][T27081] Code: 10 4c 89 35 a4 50 17 00 89 78 28 8b 7c 24 18 89 78 2c 8b 7c 24 54 89 78 78 48 8b 3c 24 88 4c 3a 04 8b 7c 24 4c 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08
[ 3088.680538][T27081] RSP: 002b:00007ffd261093d0 EFLAGS: 00010246
[ 3088.686632][T27081] RAX: 00007f228bfabf80 RBX: 00007f228bfabf8c RCX: 0000000000000000
[ 3088.694620][T27081] RDX: 0000000000000000 RSI: 00007f228bfabf88 RDI: 0000000000000000
[ 3088.702609][T27081] RBP: 00007f228bfabf80 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3088.710603][T27081] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007f228bfabf8c
[ 3088.718608][T27081] R13: 00007f228ba00060 R14: 00007f228bfabf80 R15: 0000000000000000
[ 3088.726622][T27081]  </TASK>
01:20:59 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48)

01:20:59 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xaa010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3088.887453][T27081] memory: usage 307184kB, limit 307200kB, failcnt 825
[ 3088.894486][T27081] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3088.941606][T27081] Memory cgroup stats for /syz5:
[ 3088.941806][T27081] anon 90112
[ 3088.941806][T27081] file 155648
[ 3088.941806][T27081] kernel 314310656
[ 3088.941806][T27081] kernel_stack 65536
[ 3088.941806][T27081] pagetables 73728
[ 3088.941806][T27081] sec_pagetables 0
[ 3088.941806][T27081] percpu 5436928
[ 3088.941806][T27081] sock 0
[ 3088.941806][T27081] vmalloc 0
[ 3088.941806][T27081] shmem 155648
[ 3088.941806][T27081] zswap 0
[ 3088.941806][T27081] zswapped 0
[ 3088.941806][T27081] file_mapped 155648
[ 3088.941806][T27081] file_dirty 0
[ 3088.941806][T27081] file_writeback 0
[ 3088.941806][T27081] swapcached 0
[ 3088.941806][T27081] anon_thp 0
[ 3088.941806][T27081] file_thp 0
[ 3088.941806][T27081] shmem_thp 0
[ 3088.941806][T27081] inactive_anon 94208
[ 3088.941806][T27081] active_anon 151552
[ 3088.941806][T27081] inactive_file 0
[ 3088.941806][T27081] active_file 0
[ 3088.941806][T27081] unevictable 0
[ 3088.941806][T27081] slab_reclaimable 13416
[ 3088.941806][T27081] slab_unreclaimable 308687304
[ 3089.599587][T27081] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27081,uid=0
[ 3089.665711][T27081] Memory cgroup out of memory: Killed process 27081 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:00 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc110020000000000)

01:21:00 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf020000}, 0x0)

01:21:00 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet(r0, &(0x7f0000000800)=[{{&(0x7f0000000000)={0x2, 0x4e23, @dev}, 0x10, 0x0}}], 0x1, 0x40800)

01:21:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x157}, 0x0)

01:21:00 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x10000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:00 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xaa030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:00 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000300)={@remote}, 0x14)

01:21:00 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x10000000}, 0x0)

01:21:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x15f}, 0x0)

01:21:00 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r0, &(0x7f00000004c0)={&(0x7f0000000000)={0xa, 0x4e24, 0x0, @local}, 0x1b, 0x0, 0x0, &(0x7f00000009c0)=[@flowinfo={{0x14}}], 0x18}, 0x0)

[ 3090.034887][T27110] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 3090.097681][T27117] __nla_validate_parse: 3 callbacks suppressed
[ 3090.097701][T27117] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:01 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xb2000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3090.141131][T27110] CPU: 0 PID: 27110 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3090.151591][T27110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3090.161665][T27110] Call Trace:
[ 3090.164965][T27110]  <TASK>
[ 3090.167919][T27110]  dump_stack_lvl+0xd1/0x138
[ 3090.172549][T27110]  dump_header+0x10b/0x85f
[ 3090.177007][T27110]  oom_kill_process.cold+0x10/0x15
[ 3090.182169][T27110]  out_of_memory+0x35c/0x14a0
[ 3090.186885][T27110]  ? find_held_lock+0x2d/0x110
[ 3090.191683][T27110]  ? oom_killer_disable+0x280/0x280
[ 3090.196909][T27110]  ? find_held_lock+0x2d/0x110
[ 3090.201701][T27110]  mem_cgroup_out_of_memory+0x206/0x270
[ 3090.207261][T27110]  ? mem_cgroup_margin+0x130/0x130
[ 3090.212382][T27110]  ? lock_downgrade+0x6e0/0x6e0
[ 3090.217266][T27110]  try_charge_memcg+0xef8/0x12f0
[ 3090.222226][T27110]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3090.228219][T27110]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3090.233954][T27110]  ? lock_downgrade+0x6e0/0x6e0
[ 3090.238828][T27110]  ? lock_downgrade+0x6e0/0x6e0
[ 3090.243781][T27110]  ? rcu_read_unlock+0x9/0x60
[ 3090.248482][T27110]  obj_cgroup_charge+0x2af/0x5e0
[ 3090.253442][T27110]  __kmem_cache_alloc_node+0xad/0x3e0
[ 3090.258834][T27110]  ? copy_semundo+0x18b/0x300
[ 3090.263528][T27110]  kmalloc_trace+0x26/0x60
[ 3090.267965][T27110]  copy_semundo+0x18b/0x300
[ 3090.272478][T27110]  copy_process+0x23f4/0x7190
[ 3090.277179][T27110]  ? wp_page_copy+0x311/0x1ca0
[ 3090.281969][T27110]  ? __cleanup_sighand+0xb0/0xb0
[ 3090.286924][T27110]  ? do_wp_page+0x1d9/0x1930
[ 3090.291534][T27110]  kernel_clone+0xeb/0x980
[ 3090.296138][T27110]  ? create_io_thread+0xf0/0xf0
[ 3090.301004][T27110]  ? find_held_lock+0x2d/0x110
[ 3090.305804][T27110]  __do_sys_clone+0xba/0x100
[ 3090.310424][T27110]  ? kernel_clone+0x980/0x980
[ 3090.315137][T27110]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3090.321063][T27110]  do_syscall_64+0x39/0xb0
[ 3090.325501][T27110]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3090.331405][T27110] RIP: 0033:0x7f228be8d501
[ 3090.335829][T27110] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3090.355440][T27110] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3090.363856][T27110] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3090.371826][T27110] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3090.379806][T27110] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3090.387781][T27110] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3090.395756][T27110] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3090.403753][T27110]  </TASK>
01:21:01 executing program 1:
bpf$MAP_CREATE(0x23, &(0x7f0000000000)=@bloom_filter, 0x48)

[ 3090.584541][T27110] memory: usage 307184kB, limit 307200kB, failcnt 931
[ 3090.605566][T27110] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3090.620117][T27122] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3090.653566][T27110] Memory cgroup stats for /syz5:
[ 3090.653857][T27110] anon 90112
[ 3090.653857][T27110] file 155648
[ 3090.653857][T27110] kernel 314310656
[ 3090.653857][T27110] kernel_stack 65536
[ 3090.653857][T27110] pagetables 73728
[ 3090.653857][T27110] sec_pagetables 0
[ 3090.653857][T27110] percpu 5436928
[ 3090.653857][T27110] sock 0
[ 3090.653857][T27110] vmalloc 0
[ 3090.653857][T27110] shmem 155648
[ 3090.653857][T27110] zswap 0
[ 3090.653857][T27110] zswapped 0
[ 3090.653857][T27110] file_mapped 155648
[ 3090.653857][T27110] file_dirty 0
[ 3090.653857][T27110] file_writeback 0
[ 3090.653857][T27110] swapcached 0
[ 3090.653857][T27110] anon_thp 0
[ 3090.653857][T27110] file_thp 0
[ 3090.653857][T27110] shmem_thp 0
[ 3090.653857][T27110] inactive_anon 94208
[ 3090.653857][T27110] active_anon 151552
[ 3090.653857][T27110] inactive_file 0
[ 3090.653857][T27110] active_file 0
[ 3090.653857][T27110] unevictable 0
[ 3090.653857][T27110] slab_reclaimable 13416
[ 3090.653857][T27110] slab_unreclaimable 308686840
[ 3090.997517][T27110] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27110,uid=0
[ 3091.044767][T27110] Memory cgroup out of memory: Killed process 27110 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:02 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc210020000000000)

01:21:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x165}, 0x0)

01:21:02 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x11000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:02 executing program 1:
bpf$MAP_CREATE(0x14, &(0x7f0000000000)=@bloom_filter, 0x48)

01:21:02 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x11000000}, 0x0)

01:21:02 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xb2020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:02 executing program 1:
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x5452, &(0x7f0000000000)={'ip6tnl0\x00', 0x0})

[ 3091.412363][T27135] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:02 executing program 1:
bpf$MAP_CREATE(0x13, &(0x7f00000002c0)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48)

[ 3091.596234][T27136] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:02 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xb2030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x168}, 0x0)

01:21:02 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x13000000}, 0x0)

[ 3091.675178][T27137] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3091.795187][T27137] CPU: 0 PID: 27137 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3091.805653][T27137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3091.815729][T27137] Call Trace:
[ 3091.819024][T27137]  <TASK>
[ 3091.821976][T27137]  dump_stack_lvl+0xd1/0x138
[ 3091.826598][T27137]  dump_header+0x10b/0x85f
[ 3091.831064][T27137]  oom_kill_process.cold+0x10/0x15
[ 3091.836216][T27137]  out_of_memory+0x35c/0x14a0
[ 3091.840931][T27137]  ? find_held_lock+0x2d/0x110
[ 3091.845731][T27137]  ? oom_killer_disable+0x280/0x280
[ 3091.850969][T27137]  ? find_held_lock+0x2d/0x110
[ 3091.855776][T27137]  mem_cgroup_out_of_memory+0x206/0x270
[ 3091.861355][T27137]  ? mem_cgroup_margin+0x130/0x130
[ 3091.866490][T27137]  ? lock_downgrade+0x6e0/0x6e0
[ 3091.871395][T27137]  try_charge_memcg+0xef8/0x12f0
[ 3091.876377][T27137]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3091.882389][T27137]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3091.888141][T27137]  ? lock_downgrade+0x6e0/0x6e0
[ 3091.893029][T27137]  ? lock_downgrade+0x6e0/0x6e0
[ 3091.897940][T27137]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3091.903548][T27137]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3091.909739][T27137]  copy_process+0x15ed/0x7190
[ 3091.914456][T27137]  ? __lock_acquire+0xbc3/0x56d0
[ 3091.919453][T27137]  ? __cleanup_sighand+0xb0/0xb0
[ 3091.924423][T27137]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3091.930449][T27137]  ? psi_memstall_leave+0x174/0x250
[ 3091.935695][T27137]  kernel_clone+0xeb/0x980
[ 3091.940141][T27137]  ? create_io_thread+0xf0/0xf0
01:21:02 executing program 1:
socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x200080c0)

[ 3091.945024][T27137]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3091.951306][T27137]  ? lock_downgrade+0x6e0/0x6e0
[ 3091.956204][T27137]  __do_sys_clone+0xba/0x100
[ 3091.960828][T27137]  ? kernel_clone+0x980/0x980
[ 3091.965557][T27137]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3091.971502][T27137]  do_syscall_64+0x39/0xb0
[ 3091.975957][T27137]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3091.981880][T27137] RIP: 0033:0x7f228be8d501
[ 3091.986323][T27137] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3092.005964][T27137] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3092.014410][T27137] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3092.022407][T27137] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3092.030403][T27137] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3092.038406][T27137] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3092.046406][T27137] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3092.054439][T27137]  </TASK>
[ 3092.111887][T27150] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3092.240966][T27151] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3092.598193][T27137] memory: usage 307180kB, limit 307200kB, failcnt 1010
[ 3092.624127][T27137] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3092.653854][T27137] Memory cgroup stats for /syz5:
[ 3092.654064][T27137] anon 90112
[ 3092.654064][T27137] file 155648
[ 3092.654064][T27137] kernel 314306560
[ 3092.654064][T27137] kernel_stack 32768
[ 3092.654064][T27137] pagetables 73728
[ 3092.654064][T27137] sec_pagetables 0
[ 3092.654064][T27137] percpu 5436928
[ 3092.654064][T27137] sock 0
[ 3092.654064][T27137] vmalloc 0
[ 3092.654064][T27137] shmem 155648
[ 3092.654064][T27137] zswap 0
[ 3092.654064][T27137] zswapped 0
[ 3092.654064][T27137] file_mapped 155648
[ 3092.654064][T27137] file_dirty 0
[ 3092.654064][T27137] file_writeback 0
[ 3092.654064][T27137] swapcached 0
[ 3092.654064][T27137] anon_thp 0
[ 3092.654064][T27137] file_thp 0
[ 3092.654064][T27137] shmem_thp 0
[ 3092.654064][T27137] inactive_anon 94208
[ 3092.654064][T27137] active_anon 151552
[ 3092.654064][T27137] inactive_file 0
[ 3092.654064][T27137] active_file 0
[ 3092.654064][T27137] unevictable 0
[ 3092.654064][T27137] slab_reclaimable 13416
[ 3092.654064][T27137] slab_unreclaimable 308686840
[ 3093.021475][T27137] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27137,uid=0
[ 3093.076487][T27137] Memory cgroup out of memory: Killed process 27137 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:04 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc310020000000000)

01:21:04 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)=ANY=[@ANYBLOB="68010000", @ANYRES16=r1, @ANYBLOB="e9e42dbd7000fddbdf25010000000d0003"], 0x168}}, 0x0)

01:21:04 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xba000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:04 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x13000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x190}, 0x0)

01:21:04 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x3f000000}, 0x0)

01:21:04 executing program 1:
bpf$MAP_CREATE(0xe, &(0x7f0000000000)=@bloom_filter, 0x48)

[ 3093.262342][T27163] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x196}, 0x0)

01:21:04 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0x23, 0x0, 0x0)

[ 3093.376997][T27166] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 3093.463053][T27166] CPU: 1 PID: 27166 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3093.473524][T27166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3093.483603][T27166] Call Trace:
[ 3093.486905][T27166]  <TASK>
[ 3093.489853][T27166]  dump_stack_lvl+0xd1/0x138
[ 3093.494477][T27166]  dump_header+0x10b/0x85f
[ 3093.498913][T27166]  oom_kill_process.cold+0x10/0x15
[ 3093.504038][T27166]  out_of_memory+0x35c/0x14a0
[ 3093.508727][T27166]  ? find_held_lock+0x2d/0x110
[ 3093.513499][T27166]  ? oom_killer_disable+0x280/0x280
[ 3093.518709][T27166]  ? find_held_lock+0x2d/0x110
[ 3093.523486][T27166]  mem_cgroup_out_of_memory+0x206/0x270
[ 3093.529038][T27166]  ? mem_cgroup_margin+0x130/0x130
[ 3093.534154][T27166]  ? lock_downgrade+0x6e0/0x6e0
[ 3093.539034][T27166]  try_charge_memcg+0xef8/0x12f0
[ 3093.543987][T27166]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3093.549978][T27166]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3093.555704][T27166]  ? lock_downgrade+0x6e0/0x6e0
[ 3093.560570][T27166]  ? lock_downgrade+0x6e0/0x6e0
[ 3093.565443][T27166]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3093.571089][T27166]  __alloc_pages+0x1f3/0x5b0
[ 3093.575683][T27166]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 3093.582449][T27166]  ? find_held_lock+0x2d/0x110
[ 3093.587229][T27166]  ? lock_downgrade+0x6e0/0x6e0
[ 3093.592095][T27166]  ? do_raw_spin_lock+0x124/0x2b0
[ 3093.597131][T27166]  alloc_pages+0x1aa/0x270
[ 3093.601560][T27166]  __pmd_alloc+0x3f/0x5d0
[ 3093.605979][T27166]  ? __pud_alloc+0xe4/0x180
[ 3093.610488][T27166]  __handle_mm_fault+0x8c8/0x3a40
[ 3093.615522][T27166]  ? vm_iomap_memory+0x190/0x190
[ 3093.620490][T27166]  handle_mm_fault+0x1cc/0x780
[ 3093.625266][T27166]  do_user_addr_fault+0x475/0x1210
[ 3093.630391][T27166]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3093.635947][T27166]  exc_page_fault+0x98/0x170
[ 3093.640547][T27166]  asm_exc_page_fault+0x26/0x30
[ 3093.645399][T27166] RIP: 0033:0x7f228be276c6
[ 3093.649821][T27166] Code: ff ff 66 90 48 8b 0d 29 e0 ca 00 4c 63 05 12 e0 ca 00 48 8b 05 13 e0 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 f9 df ca 00 c3 52 48 8d 35 ca f0 0b 00 48 89 c2 48
[ 3093.669432][T27166] RSP: 002b:00007ffd261093c8 EFLAGS: 00010287
[ 3093.675501][T27166] RAX: 0000001b30420000 RBX: 0000000000000003 RCX: 0000001b30420000
[ 3093.683470][T27166] RDX: 0000001b30420004 RSI: 00000000003c0000 RDI: 0000000000000000
[ 3093.691442][T27166] RBP: 0000000000000000 R08: 0000001b30820000 R09: 0000000000040000
[ 3093.699413][T27166] R10: 0000000000000011 R11: 0000000000000000 R12: 0000000000000001
[ 3093.707380][T27166] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd26109670
[ 3093.715369][T27166]  </TASK>
[ 3093.736457][T27164] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:04 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000b00)=ANY=[@ANYBLOB="f40100002500b5572bbd7000fedbdf2500000000", @ANYBLOB="06"], 0x1f4}}, 0x0)

[ 3093.851476][T27166] memory: usage 307180kB, limit 307200kB, failcnt 1083
[ 3093.858376][T27166] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3093.908027][T27166] Memory cgroup stats for /syz5:
[ 3093.908192][T27166] anon 77824
[ 3093.908192][T27166] file 155648
[ 3093.908192][T27166] kernel 314277888
[ 3093.908192][T27166] kernel_stack 32768
[ 3093.908192][T27166] pagetables 61440
[ 3093.908192][T27166] sec_pagetables 0
[ 3093.908192][T27166] percpu 5436928
[ 3093.908192][T27166] sock 0
[ 3093.908192][T27166] vmalloc 0
[ 3093.908192][T27166] shmem 155648
[ 3093.908192][T27166] zswap 0
[ 3093.908192][T27166] zswapped 0
[ 3093.908192][T27166] file_mapped 155648
[ 3093.908192][T27166] file_dirty 0
[ 3093.908192][T27166] file_writeback 0
[ 3093.908192][T27166] swapcached 0
[ 3093.908192][T27166] anon_thp 0
[ 3093.908192][T27166] file_thp 0
[ 3093.908192][T27166] shmem_thp 0
[ 3093.908192][T27166] inactive_anon 81920
[ 3093.908192][T27166] active_anon 151552
[ 3093.908192][T27166] inactive_file 0
[ 3093.908192][T27166] active_file 0
[ 3093.908192][T27166] unevictable 0
[ 3093.908192][T27166] slab_reclaimable 29888
[ 3093.908192][T27166] slab_unreclaimable 308681392
01:21:05 executing program 1:
bpf$BPF_GET_MAP_INFO(0x10, &(0x7f00000001c0)={0xffffffffffffffff, 0xe, 0x0}, 0x10)

01:21:05 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xba020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3094.384309][T27182] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3094.415871][T27166] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27166,uid=0
01:21:05 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc3ffffff00000000)

01:21:05 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x60000000}, 0x0)

01:21:05 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x6c81, 0x6}, 0x48)
bpf$BPF_GET_MAP_INFO(0x15, &(0x7f00000001c0)={r0, 0x0, 0x0}, 0x10)

01:21:05 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x60000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3094.507188][T27166] Memory cgroup out of memory: Killed process 27166 (syz-executor.5) total-vm:54408kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000
01:21:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x19e}, 0x0)

01:21:05 executing program 1:
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff})
unshare(0x20060400)
getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, 0x0, 0x0)

[ 3094.764105][T27192] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3094.883779][T27192] CPU: 0 PID: 27192 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3094.894251][T27192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3094.904338][T27192] Call Trace:
[ 3094.907639][T27192]  <TASK>
[ 3094.910591][T27192]  dump_stack_lvl+0xd1/0x138
[ 3094.915215][T27192]  dump_header+0x10b/0x85f
[ 3094.919677][T27192]  oom_kill_process.cold+0x10/0x15
[ 3094.924840][T27192]  out_of_memory+0x35c/0x14a0
[ 3094.929558][T27192]  ? find_held_lock+0x2d/0x110
[ 3094.934360][T27192]  ? oom_killer_disable+0x280/0x280
[ 3094.939595][T27192]  ? find_held_lock+0x2d/0x110
[ 3094.944401][T27192]  mem_cgroup_out_of_memory+0x206/0x270
[ 3094.949978][T27192]  ? mem_cgroup_margin+0x130/0x130
[ 3094.955151][T27192]  ? lock_downgrade+0x6e0/0x6e0
[ 3094.960066][T27192]  try_charge_memcg+0xef8/0x12f0
[ 3094.965053][T27192]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3094.971071][T27192]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3094.976831][T27192]  ? lock_downgrade+0x6e0/0x6e0
[ 3094.981749][T27192]  obj_cgroup_charge+0x2af/0x5e0
[ 3094.986728][T27192]  ? vm_area_alloc+0x20/0x100
[ 3094.991425][T27192]  kmem_cache_alloc+0xa3/0x3d0
[ 3094.996228][T27192]  vm_area_alloc+0x20/0x100
[ 3095.000741][T27192]  mmap_region+0x44c/0x1dd0
[ 3095.005272][T27192]  ? validate_mm+0x1d8/0x270
[ 3095.009874][T27192]  ? do_munmap+0x100/0x100
[ 3095.014308][T27192]  ? security_mmap_addr+0x77/0xa0
[ 3095.019346][T27192]  ? get_unmapped_area+0x1e8/0x3d0
[ 3095.024479][T27192]  do_mmap+0x831/0xf60
[ 3095.028566][T27192]  vm_mmap_pgoff+0x1af/0x280
[ 3095.033174][T27192]  ? randomize_page+0xb0/0xb0
[ 3095.037948][T27192]  ? __x64_sys_futex+0x1d3/0x4d0
[ 3095.042911][T27192]  ksys_mmap_pgoff+0x7d/0x5a0
[ 3095.047600][T27192]  ? lockdep_hardirqs_on+0x7d/0x100
[ 3095.052812][T27192]  do_syscall_64+0x39/0xb0
[ 3095.057232][T27192]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3095.063136][T27192] RIP: 0033:0x7f228be8c122
[ 3095.067551][T27192] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 b8 ff ff ff 64
[ 3095.087172][T27192] RSP: 002b:00007ffd261092d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 3095.095587][T27192] RAX: ffffffffffffffda RBX: 0000000000020022 RCX: 00007f228be8c122
[ 3095.103667][T27192] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000
[ 3095.111653][T27192] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
[ 3095.119632][T27192] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffd261094e0
01:21:06 executing program 1:
bpf$BPF_GET_MAP_INFO(0x23, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)

[ 3095.127604][T27192] R13: 00007f228b000700 R14: 0000000000000000 R15: 0000000000022000
[ 3095.135610][T27192]  </TASK>
[ 3095.174184][T27186] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:06 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xc2010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:06 executing program 1:
bpf$BPF_GET_MAP_INFO(0xd, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)

01:21:06 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x65580000}, 0x0)

[ 3095.451408][T27202] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:06 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x65580000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:06 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f00000045c0)=[{{&(0x7f0000000200)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x200080d0)

[ 3095.733518][T27207] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3095.951047][T27192] memory: usage 307136kB, limit 307200kB, failcnt 1160
[ 3095.958022][T27192] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3096.061469][T27192] Memory cgroup stats for /syz5:
[ 3096.062109][T27192] anon 81920
[ 3096.062109][T27192] file 155648
[ 3096.062109][T27192] kernel 314269696
[ 3096.062109][T27192] kernel_stack 32768
[ 3096.062109][T27192] pagetables 73728
[ 3096.062109][T27192] sec_pagetables 0
[ 3096.062109][T27192] percpu 5436928
[ 3096.062109][T27192] sock 0
[ 3096.062109][T27192] vmalloc 0
[ 3096.062109][T27192] shmem 155648
[ 3096.062109][T27192] zswap 0
[ 3096.062109][T27192] zswapped 0
[ 3096.062109][T27192] file_mapped 155648
[ 3096.062109][T27192] file_dirty 0
[ 3096.062109][T27192] file_writeback 0
[ 3096.062109][T27192] swapcached 0
[ 3096.062109][T27192] anon_thp 0
[ 3096.062109][T27192] file_thp 0
[ 3096.062109][T27192] shmem_thp 0
[ 3096.062109][T27192] inactive_anon 86016
[ 3096.062109][T27192] active_anon 151552
[ 3096.062109][T27192] inactive_file 0
[ 3096.062109][T27192] active_file 0
[ 3096.062109][T27192] unevictable 0
[ 3096.062109][T27192] slab_reclaimable 13416
[ 3096.062109][T27192] slab_unreclaimable 308678496
[ 3096.451467][T27192] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27192,uid=0
[ 3096.496927][T27192] Memory cgroup out of memory: Killed process 27192 (syz-executor.5) total-vm:54408kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:07 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc410020000000000)

01:21:07 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xc2020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:07 executing program 1:
unshare(0x20060400)
unshare(0x60000)

01:21:07 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x6a030000}, 0x0)

[ 3096.597062][T27197] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3096.628261][T27218] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3096.646377][T27197] CPU: 1 PID: 27197 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3096.656839][T27197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3096.666911][T27197] Call Trace:
[ 3096.670195][T27197]  <TASK>
[ 3096.673128][T27197]  dump_stack_lvl+0xd1/0x138
[ 3096.677725][T27197]  dump_header+0x10b/0x85f
[ 3096.682152][T27197]  oom_kill_process.cold+0x10/0x15
[ 3096.687273][T27197]  out_of_memory+0x35c/0x14a0
[ 3096.691965][T27197]  ? oom_killer_disable+0x280/0x280
[ 3096.697171][T27197]  ? find_held_lock+0x2d/0x110
[ 3096.701949][T27197]  mem_cgroup_out_of_memory+0x206/0x270
[ 3096.707496][T27197]  ? mem_cgroup_margin+0x130/0x130
[ 3096.712613][T27197]  ? lock_downgrade+0x6e0/0x6e0
[ 3096.717484][T27197]  try_charge_memcg+0xef8/0x12f0
[ 3096.722434][T27197]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3096.728425][T27197]  ? rcu_read_unlock+0x9/0x60
[ 3096.733102][T27197]  ? lock_downgrade+0x6e0/0x6e0
[ 3096.737978][T27197]  charge_memcg+0x99/0x3b0
[ 3096.742405][T27197]  __mem_cgroup_charge+0x2b/0x90
[ 3096.747350][T27197]  wp_page_copy+0x2bf/0x1ca0
[ 3096.751947][T27197]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3096.758540][T27197]  ? lock_downgrade+0x6e0/0x6e0
[ 3096.763405][T27197]  ? vm_normal_page+0x14a/0x2a0
[ 3096.768267][T27197]  do_wp_page+0x1d1/0x1930
[ 3096.772688][T27197]  __handle_mm_fault+0x181b/0x3a40
[ 3096.777807][T27197]  ? vm_iomap_memory+0x190/0x190
[ 3096.782765][T27197]  handle_mm_fault+0x1cc/0x780
[ 3096.787539][T27197]  do_user_addr_fault+0x475/0x1210
[ 3096.792655][T27197]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3096.798209][T27197]  exc_page_fault+0x98/0x170
[ 3096.802808][T27197]  asm_exc_page_fault+0x26/0x30
[ 3096.807659][T27197] RIP: 0033:0x7f4487439580
[ 3096.812070][T27197] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3096.831674][T27197] RSP: 002b:00007fffd90bacf0 EFLAGS: 00010246
[ 3096.837739][T27197] RAX: 00000000c46cc886 RBX: 00007f44875ac018 RCX: 0000001b30820000
[ 3096.845795][T27197] RDX: 0000000000000000 RSI: 0000001b30820018 RDI: 000000000c503bf0
[ 3096.853759][T27197] RBP: 00000000c46cc886 R08: 0000000000000886 R09: 00000000c46cc88a
[ 3096.861725][T27197] R10: 00007fffd90f1090 R11: 0000000000093662 R12: 00007f44875a0000
[ 3096.869692][T27197] R13: 0000000000000001 R14: 0000000000000002 R15: ffffffff87ab92fb
[ 3096.877659][T27197]  ? __sys_socket+0xcb/0x250
[ 3096.882264][T27197]  </TASK>
[ 3097.069311][T27197] memory: usage 307200kB, limit 307200kB, failcnt 11854
[ 3097.090534][T27197] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3097.104590][T27197] Memory cgroup stats for /syz4:
[ 3097.104774][T27197] anon 118784
[ 3097.104774][T27197] file 339968
[ 3097.104774][T27197] kernel 314114048
[ 3097.104774][T27197] kernel_stack 98304
[ 3097.104774][T27197] pagetables 86016
[ 3097.104774][T27197] sec_pagetables 0
[ 3097.104774][T27197] percpu 5432192
[ 3097.104774][T27197] sock 0
[ 3097.104774][T27197] vmalloc 0
[ 3097.104774][T27197] shmem 331776
[ 3097.104774][T27197] zswap 0
[ 3097.104774][T27197] zswapped 0
[ 3097.104774][T27197] file_mapped 286720
[ 3097.104774][T27197] file_dirty 0
[ 3097.104774][T27197] file_writeback 0
[ 3097.104774][T27197] swapcached 0
[ 3097.104774][T27197] anon_thp 0
[ 3097.104774][T27197] file_thp 0
[ 3097.104774][T27197] shmem_thp 0
[ 3097.104774][T27197] inactive_anon 147456
[ 3097.104774][T27197] active_anon 303104
[ 3097.104774][T27197] inactive_file 4096
[ 3097.104774][T27197] active_file 4096
[ 3097.104774][T27197] unevictable 0
[ 3097.104774][T27197] slab_reclaimable 19200
[ 3097.104774][T27197] slab_unreclaimable 308449000
[ 3097.358874][T27197] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27197,uid=0
01:21:08 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1a6}, 0x0)

01:21:08 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x81000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:08 executing program 1:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x38}}, 0x0)

[ 3097.454421][T27197] Memory cgroup out of memory: Killed process 27197 (syz-executor.4) total-vm:54672kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000
[ 3097.481125][T27219] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:08 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x6b1, &(0x7f0000000040), 0x4)

[ 3097.536944][T27221] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3097.617664][T27221] CPU: 1 PID: 27221 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3097.628135][T27221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3097.638210][T27221] Call Trace:
[ 3097.641502][T27221]  <TASK>
[ 3097.644448][T27221]  dump_stack_lvl+0xd1/0x138
[ 3097.649075][T27221]  dump_header+0x10b/0x85f
[ 3097.653531][T27221]  oom_kill_process.cold+0x10/0x15
[ 3097.658682][T27221]  out_of_memory+0x35c/0x14a0
[ 3097.663395][T27221]  ? find_held_lock+0x2d/0x110
[ 3097.668194][T27221]  ? oom_killer_disable+0x280/0x280
[ 3097.673430][T27221]  ? find_held_lock+0x2d/0x110
[ 3097.678239][T27221]  mem_cgroup_out_of_memory+0x206/0x270
[ 3097.683818][T27221]  ? mem_cgroup_margin+0x130/0x130
[ 3097.688967][T27221]  ? lock_downgrade+0x6e0/0x6e0
[ 3097.693889][T27221]  try_charge_memcg+0xef8/0x12f0
[ 3097.698876][T27221]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3097.704898][T27221]  ? rcu_read_unlock+0x9/0x60
[ 3097.709687][T27221]  ? lock_downgrade+0x6e0/0x6e0
[ 3097.714592][T27221]  charge_memcg+0x99/0x3b0
[ 3097.719044][T27221]  __mem_cgroup_charge+0x2b/0x90
[ 3097.724017][T27221]  wp_page_copy+0x2bf/0x1ca0
[ 3097.728641][T27221]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3097.735258][T27221]  ? lock_downgrade+0x6e0/0x6e0
[ 3097.740137][T27221]  ? vm_normal_page+0x14a/0x2a0
[ 3097.745038][T27221]  do_wp_page+0x1d1/0x1930
[ 3097.749486][T27221]  __handle_mm_fault+0x181b/0x3a40
[ 3097.754640][T27221]  ? vm_iomap_memory+0x190/0x190
[ 3097.759636][T27221]  handle_mm_fault+0x1cc/0x780
[ 3097.764434][T27221]  do_user_addr_fault+0x475/0x1210
[ 3097.769576][T27221]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3097.775161][T27221]  exc_page_fault+0x98/0x170
[ 3097.779785][T27221]  asm_exc_page_fault+0x26/0x30
[ 3097.784662][T27221] RIP: 0033:0x7f228be39580
[ 3097.789093][T27221] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3097.808722][T27221] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
01:21:08 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xc2030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3097.814814][T27221] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3097.822814][T27221] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3097.830808][T27221] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3097.838886][T27221] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3097.846884][T27221] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3097.854873][T27221]  ? __x64_sys_socket+0x11/0xb0
[ 3097.859774][T27221]  </TASK>
01:21:08 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x81000000}, 0x0)

01:21:08 executing program 1:
unshare(0x20060400)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_mreqn(r0, 0x0, 0x0, 0x0, 0x0)

[ 3097.958631][T27233] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:09 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x20}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000011}, 0x4000880)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f00000016c0)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0xfffe})

[ 3098.933313][T27221] memory: usage 307184kB, limit 307200kB, failcnt 1275
[ 3098.940498][T27221] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3098.956478][T27221] Memory cgroup stats for /syz5:
[ 3098.956689][T27221] anon 102400
[ 3098.956689][T27221] file 155648
[ 3098.956689][T27221] kernel 314298368
[ 3098.956689][T27221] kernel_stack 65536
[ 3098.956689][T27221] pagetables 73728
[ 3098.956689][T27221] sec_pagetables 0
[ 3098.956689][T27221] percpu 5436928
[ 3098.956689][T27221] sock 0
[ 3098.956689][T27221] vmalloc 0
[ 3098.956689][T27221] shmem 155648
[ 3098.956689][T27221] zswap 0
[ 3098.956689][T27221] zswapped 0
[ 3098.956689][T27221] file_mapped 155648
[ 3098.956689][T27221] file_dirty 0
[ 3098.956689][T27221] file_writeback 0
[ 3098.956689][T27221] swapcached 0
[ 3098.956689][T27221] anon_thp 0
[ 3098.956689][T27221] file_thp 0
[ 3098.956689][T27221] shmem_thp 0
[ 3098.956689][T27221] inactive_anon 106496
[ 3098.956689][T27221] active_anon 151552
[ 3098.956689][T27221] inactive_file 0
[ 3098.956689][T27221] active_file 0
[ 3098.956689][T27221] unevictable 0
[ 3098.956689][T27221] slab_reclaimable 15344
[ 3098.956689][T27221] slab_unreclaimable 308676856
[ 3099.591574][T27221] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27221,uid=0
[ 3099.677604][T27221] Memory cgroup out of memory: Killed process 27221 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:10 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc510020000000000)

01:21:10 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x88a8ffff}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1d6}, 0x0)

[ 3100.119320][T27244] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3100.186719][T27244] CPU: 1 PID: 27244 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3100.197186][T27244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3100.207273][T27244] Call Trace:
[ 3100.210580][T27244]  <TASK>
[ 3100.213528][T27244]  dump_stack_lvl+0xd1/0x138
[ 3100.218144][T27244]  dump_header+0x10b/0x85f
[ 3100.222605][T27244]  oom_kill_process.cold+0x10/0x15
[ 3100.227755][T27244]  out_of_memory+0x35c/0x14a0
[ 3100.232473][T27244]  ? find_held_lock+0x2d/0x110
[ 3100.237273][T27244]  ? oom_killer_disable+0x280/0x280
[ 3100.242516][T27244]  ? find_held_lock+0x2d/0x110
[ 3100.247321][T27244]  mem_cgroup_out_of_memory+0x206/0x270
[ 3100.252899][T27244]  ? mem_cgroup_margin+0x130/0x130
[ 3100.258043][T27244]  ? lock_downgrade+0x6e0/0x6e0
[ 3100.262952][T27244]  try_charge_memcg+0xef8/0x12f0
[ 3100.267935][T27244]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3100.273955][T27244]  ? rcu_read_unlock+0x9/0x60
[ 3100.278659][T27244]  ? lock_downgrade+0x6e0/0x6e0
[ 3100.283571][T27244]  charge_memcg+0x99/0x3b0
[ 3100.288026][T27244]  __mem_cgroup_charge+0x2b/0x90
[ 3100.293000][T27244]  wp_page_copy+0x2bf/0x1ca0
[ 3100.297631][T27244]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3100.304246][T27244]  ? lock_downgrade+0x6e0/0x6e0
[ 3100.309133][T27244]  ? vm_normal_page+0x14a/0x2a0
[ 3100.314033][T27244]  do_wp_page+0x1d1/0x1930
[ 3100.318488][T27244]  __handle_mm_fault+0x181b/0x3a40
[ 3100.323636][T27244]  ? vm_iomap_memory+0x190/0x190
[ 3100.328632][T27244]  handle_mm_fault+0x1cc/0x780
[ 3100.333446][T27244]  do_user_addr_fault+0x475/0x1210
[ 3100.338593][T27244]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3100.344179][T27244]  exc_page_fault+0x98/0x170
[ 3100.348804][T27244]  asm_exc_page_fault+0x26/0x30
[ 3100.353663][T27244] RIP: 0033:0x7f4487439580
[ 3100.358080][T27244] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3100.377692][T27244] RSP: 002b:00007fffd90bacf0 EFLAGS: 00010246
[ 3100.383763][T27244] RAX: 00000000c46cc886 RBX: 00007f44875ac018 RCX: 0000001b30820000
[ 3100.391737][T27244] RDX: 0000000000000000 RSI: 0000001b30820018 RDI: 000000000c503bf0
[ 3100.399707][T27244] RBP: 00000000c46cc886 R08: 0000000000000886 R09: 00000000c46cc88a
[ 3100.407678][T27244] R10: 00007fffd90baeb0 R11: 0000000000000246 R12: 00007f44875a0000
[ 3100.415650][T27244] R13: 0000000000000001 R14: 0000000000000002 R15: ffffffff87ab92fb
[ 3100.423622][T27244]  ? __sys_socket+0xcb/0x250
[ 3100.428322][T27244]  </TASK>
01:21:11 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xc8000000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3100.498293][T27237] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:11 executing program 1:
pipe(&(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getsockname$unix(r0, 0x0, 0x0)

01:21:11 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x88a8ffff}, 0x0)

[ 3100.690166][T27244] memory: usage 307200kB, limit 307200kB, failcnt 12025
[ 3100.704235][T27244] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3100.727492][T27244] Memory cgroup stats for /syz4:
[ 3100.727709][T27244] anon 110592
[ 3100.727709][T27244] file 335872
[ 3100.727709][T27244] kernel 314126336
[ 3100.727709][T27244] kernel_stack 65536
[ 3100.727709][T27244] pagetables 77824
[ 3100.727709][T27244] sec_pagetables 0
[ 3100.727709][T27244] percpu 5432192
[ 3100.727709][T27244] sock 0
[ 3100.727709][T27244] vmalloc 0
[ 3100.727709][T27244] shmem 331776
[ 3100.727709][T27244] zswap 0
[ 3100.727709][T27244] zswapped 0
[ 3100.727709][T27244] file_mapped 286720
[ 3100.727709][T27244] file_dirty 4096
[ 3100.727709][T27244] file_writeback 0
[ 3100.727709][T27244] swapcached 0
[ 3100.727709][T27244] anon_thp 0
[ 3100.727709][T27244] file_thp 0
[ 3100.727709][T27244] shmem_thp 0
[ 3100.727709][T27244] inactive_anon 139264
[ 3100.727709][T27244] active_anon 303104
[ 3100.727709][T27244] inactive_file 0
[ 3100.727709][T27244] active_file 4096
[ 3100.727709][T27244] unevictable 0
[ 3100.727709][T27244] slab_reclaimable 57224
[ 3100.727709][T27244] slab_unreclaimable 308463104
[ 3100.815186][T27251] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:11 executing program 1:
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0)

01:21:11 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x9effffff}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:11 executing program 1:
pipe(&(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
accept$packet(r0, 0x0, 0x0)

01:21:12 executing program 1:
r0 = socket(0x200000100000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4)
sendmsg$netlink(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)={0x102, 0x21, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@empty}, @nested={0xbd, 0x0, 0x0, 0x1, [@generic="2741ab112c06df88bf1e6464041f3591e1fa55de0e29675042169f2ed5ea744cb52a0b735298284a4936c476eb449c343a78598d15eeb6364d2c520c8ba4653c59484fd1298be1dc60817d038fd578af8655b67b94507f7ba87676fb1dad8ad5c656bbf5f2560e8a8a08e2", @typed={0x8, 0x0, 0x0, 0x0, @uid=0xffffffffffffffff}, @generic="9ad57b477877a00059d730f9945bb02a54ed44adc60878a15a026fc80cf84839e0c96b49f4107b00bded19f625a75a16ba80eefbcc58", @typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x4}]}, @nested={0x25, 0x0, 0x0, 0x1, [@generic="de72f4227a660e09226d17f42f47c459f17f1f3a84ec6ba08c29b1b31c664f0fcd"]}]}, 0x100}], 0x1}, 0x0)

[ 3101.051005][T27255] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:12 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xca010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:12 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x88a8ffff}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3101.239737][T27267] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3101.605709][T27244] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27244,uid=0
[ 3101.657134][T27244] Memory cgroup out of memory: Killed process 27244 (syz-executor.4) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000
[ 3101.770688][T27247] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3101.852976][T27247] CPU: 0 PID: 27247 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3101.863456][T27247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3101.873538][T27247] Call Trace:
[ 3101.876832][T27247]  <TASK>
[ 3101.879786][T27247]  dump_stack_lvl+0xd1/0x138
[ 3101.884413][T27247]  dump_header+0x10b/0x85f
[ 3101.888876][T27247]  oom_kill_process.cold+0x10/0x15
[ 3101.894031][T27247]  out_of_memory+0x35c/0x14a0
[ 3101.898748][T27247]  ? find_held_lock+0x2d/0x110
[ 3101.903546][T27247]  ? oom_killer_disable+0x280/0x280
[ 3101.908779][T27247]  ? find_held_lock+0x2d/0x110
[ 3101.913582][T27247]  mem_cgroup_out_of_memory+0x206/0x270
[ 3101.919159][T27247]  ? mem_cgroup_margin+0x130/0x130
[ 3101.924300][T27247]  ? lock_downgrade+0x6e0/0x6e0
[ 3101.929207][T27247]  try_charge_memcg+0xef8/0x12f0
[ 3101.934190][T27247]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3101.940230][T27247]  ? rcu_read_unlock+0x9/0x60
[ 3101.944941][T27247]  ? lock_downgrade+0x6e0/0x6e0
[ 3101.949843][T27247]  charge_memcg+0x99/0x3b0
[ 3101.954289][T27247]  __mem_cgroup_charge+0x2b/0x90
[ 3101.959260][T27247]  wp_page_copy+0x2bf/0x1ca0
[ 3101.963891][T27247]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3101.970520][T27247]  ? lock_downgrade+0x6e0/0x6e0
[ 3101.975391][T27247]  ? vm_normal_page+0x14a/0x2a0
[ 3101.980283][T27247]  do_wp_page+0x1d1/0x1930
[ 3101.984718][T27247]  __handle_mm_fault+0x181b/0x3a40
[ 3101.989852][T27247]  ? vm_iomap_memory+0x190/0x190
[ 3101.994826][T27247]  handle_mm_fault+0x1cc/0x780
[ 3101.999600][T27247]  do_user_addr_fault+0x475/0x1210
[ 3102.004733][T27247]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3102.010294][T27247]  exc_page_fault+0x98/0x170
[ 3102.014900][T27247]  asm_exc_page_fault+0x26/0x30
[ 3102.019757][T27247] RIP: 0033:0x7f228be39580
[ 3102.024176][T27247] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3102.043788][T27247] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3102.049858][T27247] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3102.057833][T27247] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3102.065805][T27247] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3102.073792][T27247] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3102.081771][T27247] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3102.089753][T27247]  ? __x64_sys_socket+0x11/0xb0
[ 3102.094638][T27247]  </TASK>
[ 3102.218006][T27247] memory: usage 307184kB, limit 307200kB, failcnt 1397
[ 3102.291671][T27247] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3102.321698][T27247] Memory cgroup stats for /syz5:
[ 3102.321909][T27247] anon 102400
[ 3102.321909][T27247] file 155648
[ 3102.321909][T27247] kernel 314298368
[ 3102.321909][T27247] kernel_stack 65536
[ 3102.321909][T27247] pagetables 73728
[ 3102.321909][T27247] sec_pagetables 0
[ 3102.321909][T27247] percpu 5436928
[ 3102.321909][T27247] sock 0
[ 3102.321909][T27247] vmalloc 0
[ 3102.321909][T27247] shmem 155648
[ 3102.321909][T27247] zswap 0
[ 3102.321909][T27247] zswapped 0
[ 3102.321909][T27247] file_mapped 155648
[ 3102.321909][T27247] file_dirty 0
[ 3102.321909][T27247] file_writeback 0
[ 3102.321909][T27247] swapcached 0
[ 3102.321909][T27247] anon_thp 0
[ 3102.321909][T27247] file_thp 0
[ 3102.321909][T27247] shmem_thp 0
[ 3102.321909][T27247] inactive_anon 106496
[ 3102.321909][T27247] active_anon 151552
[ 3102.321909][T27247] inactive_file 0
[ 3102.321909][T27247] active_file 0
[ 3102.321909][T27247] unevictable 0
[ 3102.321909][T27247] slab_reclaimable 15344
[ 3102.321909][T27247] slab_unreclaimable 308676552
[ 3103.104450][T27247] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27247,uid=0
[ 3103.169288][T27247] Memory cgroup out of memory: Killed process 27247 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:14 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc610020000000000)

01:21:14 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x9effffff}, 0x0)

01:21:14 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xca020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:14 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x203}, 0x0)

01:21:14 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xf0ffffff}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:14 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x81000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3103.274919][T27277] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:14 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xca030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3103.383053][T27281] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3103.471623][T27276] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3103.565681][T27276] CPU: 0 PID: 27276 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3103.576321][T27276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3103.586496][T27276] Call Trace:
[ 3103.589781][T27276]  <TASK>
[ 3103.592721][T27276]  dump_stack_lvl+0xd1/0x138
[ 3103.597350][T27276]  dump_header+0x10b/0x85f
[ 3103.601798][T27276]  oom_kill_process.cold+0x10/0x15
[ 3103.606939][T27276]  out_of_memory+0x35c/0x14a0
[ 3103.611632][T27276]  ? find_held_lock+0x2d/0x110
[ 3103.616412][T27276]  ? oom_killer_disable+0x280/0x280
[ 3103.621632][T27276]  ? find_held_lock+0x2d/0x110
[ 3103.626413][T27276]  mem_cgroup_out_of_memory+0x206/0x270
[ 3103.631974][T27276]  ? mem_cgroup_margin+0x130/0x130
[ 3103.637129][T27276]  ? lock_downgrade+0x6e0/0x6e0
[ 3103.642010][T27276]  try_charge_memcg+0xef8/0x12f0
[ 3103.646983][T27276]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3103.652975][T27276]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3103.658703][T27276]  ? lock_downgrade+0x6e0/0x6e0
[ 3103.663572][T27276]  ? lock_downgrade+0x6e0/0x6e0
[ 3103.668434][T27276]  ? rcu_read_unlock+0x9/0x60
[ 3103.673128][T27276]  obj_cgroup_charge+0x2af/0x5e0
[ 3103.678085][T27276]  ? alloc_pid+0xd3/0xd70
[ 3103.682424][T27276]  kmem_cache_alloc+0xa3/0x3d0
[ 3103.687196][T27276]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3103.692757][T27276]  alloc_pid+0xd3/0xd70
[ 3103.696928][T27276]  ? copy_thread+0x5e0/0xa00
[ 3103.701527][T27276]  ? copy_namespaces+0x1c5/0x450
[ 3103.706515][T27276]  copy_process+0x3cf4/0x7190
[ 3103.711218][T27276]  ? __cleanup_sighand+0xb0/0xb0
[ 3103.716161][T27276]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3103.722159][T27276]  ? psi_memstall_leave+0x174/0x250
[ 3103.727378][T27276]  kernel_clone+0xeb/0x980
[ 3103.731806][T27276]  ? create_io_thread+0xf0/0xf0
[ 3103.736665][T27276]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3103.742916][T27276]  ? lock_downgrade+0x6e0/0x6e0
[ 3103.747796][T27276]  __do_sys_clone+0xba/0x100
[ 3103.752489][T27276]  ? kernel_clone+0x980/0x980
[ 3103.757195][T27276]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3103.763108][T27276]  do_syscall_64+0x39/0xb0
[ 3103.767533][T27276]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3103.773519][T27276] RIP: 0033:0x7f448748d501
[ 3103.777936][T27276] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3103.797550][T27276] RSP: 002b:00007fffd90bac98 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3103.805975][T27276] RAX: ffffffffffffffda RBX: 00007f4488236700 RCX: 00007f448748d501
[ 3103.813955][T27276] RDX: 00007f44882369d0 RSI: 00007f44882362f0 RDI: 00000000003d0f00
[ 3103.821927][T27276] RBP: 00007fffd90baee0 R08: 00007f4488236700 R09: 00007f4488236700
[ 3103.829900][T27276] R10: 00007f44882369d0 R11: 0000000000000206 R12: 00007fffd90bad4e
[ 3103.837888][T27276] R13: 00007fffd90bad4f R14: 00007f4488236300 R15: 0000000000022000
[ 3103.845892][T27276]  </TASK>
01:21:14 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xcf3446e2}, 0x0)

[ 3103.938800][T27292] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:14 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xce785e2a, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3104.098434][T27294] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3104.115331][T27276] memory: usage 307184kB, limit 307200kB, failcnt 12095
01:21:15 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xf1ffffff}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3104.148572][T27276] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3104.198966][T27276] Memory cgroup stats for /syz4:
[ 3104.199180][T27276] anon 106496
[ 3104.199180][T27276] file 335872
[ 3104.199180][T27276] kernel 314114048
[ 3104.199180][T27276] kernel_stack 98304
[ 3104.199180][T27276] pagetables 86016
[ 3104.199180][T27276] sec_pagetables 0
[ 3104.199180][T27276] percpu 5432192
[ 3104.199180][T27276] sock 0
[ 3104.199180][T27276] vmalloc 0
[ 3104.199180][T27276] shmem 331776
[ 3104.199180][T27276] zswap 0
[ 3104.199180][T27276] zswapped 0
[ 3104.199180][T27276] file_mapped 286720
[ 3104.199180][T27276] file_dirty 4096
[ 3104.199180][T27276] file_writeback 0
[ 3104.199180][T27276] swapcached 0
[ 3104.199180][T27276] anon_thp 0
[ 3104.199180][T27276] file_thp 0
[ 3104.199180][T27276] shmem_thp 0
[ 3104.199180][T27276] inactive_anon 135168
[ 3104.199180][T27276] active_anon 303104
[ 3104.199180][T27276] inactive_file 0
[ 3104.199180][T27276] active_file 4096
[ 3104.199180][T27276] unevictable 0
[ 3104.199180][T27276] slab_reclaimable 18960
[ 3104.199180][T27276] slab_unreclaimable 308448672
01:21:15 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xe24634cf}, 0x0)

[ 3104.353540][T27297] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:15 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xd2020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3104.527041][T27304] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3104.716041][T27276] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27276,uid=0
[ 3104.789085][T27276] Memory cgroup out of memory: Killed process 27276 (syz-executor.4) total-vm:54672kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000
[ 3104.855184][T27283] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3104.876357][T27283] CPU: 1 PID: 27283 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3104.886826][T27283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3104.896904][T27283] Call Trace:
[ 3104.900210][T27283]  <TASK>
[ 3104.903166][T27283]  dump_stack_lvl+0xd1/0x138
[ 3104.907789][T27283]  dump_header+0x10b/0x85f
[ 3104.912247][T27283]  oom_kill_process.cold+0x10/0x15
[ 3104.917405][T27283]  out_of_memory+0x35c/0x14a0
[ 3104.922130][T27283]  ? oom_killer_disable+0x280/0x280
[ 3104.927359][T27283]  ? find_held_lock+0x2d/0x110
[ 3104.932150][T27283]  mem_cgroup_out_of_memory+0x206/0x270
[ 3104.937726][T27283]  ? mem_cgroup_margin+0x130/0x130
[ 3104.942865][T27283]  ? lock_downgrade+0x6e0/0x6e0
[ 3104.947771][T27283]  try_charge_memcg+0xef8/0x12f0
[ 3104.952752][T27283]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3104.958771][T27283]  ? rcu_read_unlock+0x9/0x60
[ 3104.963474][T27283]  ? lock_downgrade+0x6e0/0x6e0
[ 3104.968366][T27283]  charge_memcg+0x99/0x3b0
[ 3104.972803][T27283]  __mem_cgroup_charge+0x2b/0x90
[ 3104.977754][T27283]  wp_page_copy+0x2bf/0x1ca0
[ 3104.982359][T27283]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3104.988961][T27283]  ? lock_downgrade+0x6e0/0x6e0
[ 3104.993822][T27283]  ? vm_normal_page+0x14a/0x2a0
[ 3104.998692][T27283]  do_wp_page+0x1d1/0x1930
[ 3105.003120][T27283]  __handle_mm_fault+0x181b/0x3a40
[ 3105.008245][T27283]  ? vm_iomap_memory+0x190/0x190
[ 3105.013215][T27283]  handle_mm_fault+0x1cc/0x780
[ 3105.017993][T27283]  do_user_addr_fault+0x475/0x1210
[ 3105.023287][T27283]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3105.028849][T27283]  exc_page_fault+0x98/0x170
[ 3105.033452][T27283]  asm_exc_page_fault+0x26/0x30
[ 3105.038307][T27283] RIP: 0033:0x7f228be39580
[ 3105.042722][T27283] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3105.062338][T27283] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3105.068409][T27283] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3105.076382][T27283] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3105.084538][T27283] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3105.092519][T27283] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3105.100498][T27283] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3105.108488][T27283]  ? __x64_sys_socket+0x11/0xb0
[ 3105.113376][T27283]  </TASK>
[ 3105.186333][T27283] memory: usage 307200kB, limit 307200kB, failcnt 1502
[ 3105.209683][T27283] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3105.231599][T27283] Memory cgroup stats for /syz5:
[ 3105.231827][T27283] anon 102400
[ 3105.231827][T27283] file 155648
[ 3105.231827][T27283] kernel 314314752
[ 3105.231827][T27283] kernel_stack 65536
[ 3105.231827][T27283] pagetables 73728
[ 3105.231827][T27283] sec_pagetables 0
[ 3105.231827][T27283] percpu 5436928
[ 3105.231827][T27283] sock 0
[ 3105.231827][T27283] vmalloc 0
[ 3105.231827][T27283] shmem 155648
[ 3105.231827][T27283] zswap 0
[ 3105.231827][T27283] zswapped 0
[ 3105.231827][T27283] file_mapped 155648
[ 3105.231827][T27283] file_dirty 0
[ 3105.231827][T27283] file_writeback 0
[ 3105.231827][T27283] swapcached 0
[ 3105.231827][T27283] anon_thp 0
[ 3105.231827][T27283] file_thp 0
[ 3105.231827][T27283] shmem_thp 0
[ 3105.231827][T27283] inactive_anon 106496
[ 3105.231827][T27283] active_anon 151552
[ 3105.231827][T27283] inactive_file 0
[ 3105.231827][T27283] active_file 0
[ 3105.231827][T27283] unevictable 0
[ 3105.231827][T27283] slab_reclaimable 15344
[ 3105.231827][T27283] slab_unreclaimable 308687952
[ 3105.583346][T27283] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27283,uid=0
[ 3105.631610][T27283] Memory cgroup out of memory: Killed process 27283 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:16 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc710020000000000)

01:21:16 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xd2030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:16 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf0ffffff}, 0x0)

01:21:16 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x9effffff}, 0x0)

01:21:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x204}, 0x0)

01:21:16 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xfcffffff}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3105.797060][T27313] __nla_validate_parse: 1 callbacks suppressed
[ 3105.797079][T27313] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x21a}, 0x0)

01:21:16 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xda030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3105.965717][T27314] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
01:21:17 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x21f}, 0x0)

[ 3106.068998][T27317] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3106.085415][T27315] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3106.179818][T27317] CPU: 0 PID: 27317 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3106.190291][T27317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3106.200372][T27317] Call Trace:
[ 3106.203673][T27317]  <TASK>
[ 3106.206633][T27317]  dump_stack_lvl+0xd1/0x138
[ 3106.211255][T27317]  dump_header+0x10b/0x85f
[ 3106.215721][T27317]  oom_kill_process.cold+0x10/0x15
[ 3106.220875][T27317]  out_of_memory+0x35c/0x14a0
[ 3106.225766][T27317]  ? find_held_lock+0x2d/0x110
[ 3106.230568][T27317]  ? oom_killer_disable+0x280/0x280
[ 3106.235804][T27317]  ? find_held_lock+0x2d/0x110
[ 3106.240609][T27317]  mem_cgroup_out_of_memory+0x206/0x270
[ 3106.246191][T27317]  ? mem_cgroup_margin+0x130/0x130
[ 3106.251331][T27317]  ? lock_downgrade+0x6e0/0x6e0
[ 3106.256243][T27317]  try_charge_memcg+0xef8/0x12f0
[ 3106.261226][T27317]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3106.267252][T27317]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3106.273005][T27317]  ? lock_downgrade+0x6e0/0x6e0
[ 3106.277929][T27317]  obj_cgroup_charge+0x2af/0x5e0
[ 3106.282905][T27317]  ? __anon_vma_prepare+0x64/0x580
[ 3106.288048][T27317]  kmem_cache_alloc+0xa3/0x3d0
[ 3106.292865][T27317]  __anon_vma_prepare+0x64/0x580
[ 3106.297833][T27317]  ? __pmd_alloc+0x30c/0x5d0
[ 3106.302452][T27317]  __handle_mm_fault+0x35bc/0x3a40
[ 3106.307693][T27317]  ? vm_iomap_memory+0x190/0x190
[ 3106.312693][T27317]  handle_mm_fault+0x1cc/0x780
[ 3106.317501][T27317]  do_user_addr_fault+0x475/0x1210
[ 3106.322646][T27317]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3106.328236][T27317]  exc_page_fault+0x98/0x170
[ 3106.332879][T27317]  asm_exc_page_fault+0x26/0x30
[ 3106.337757][T27317] RIP: 0033:0x7f228be2bd79
[ 3106.342192][T27317] Code: 48 8b 04 24 48 85 c0 74 17 48 8b 54 24 18 48 0f ca 48 89 54 24 18 48 83 f8 01 0f 85 9b 02 00 00 48 8b 44 24 10 48 8b 54 24 18 <48> 89 10 e9 c2 fd ff ff 48 8b 44 24 10 0f b7 10 48 8b 04 24 48 85
[ 3106.362094][T27317] RSP: 002b:00007ffd26109390 EFLAGS: 00010246
[ 3106.368196][T27317] RAX: 0000000020000280 RBX: 0000000000000000 RCX: 0000000000000000
[ 3106.376194][T27317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555556db62e8
[ 3106.384192][T27317] RBP: 00007ffd26109488 R08: 0000000000000000 R09: 0000000000000000
[ 3106.392189][T27317] R10: 00007f228ba00068 R11: 0000000000093da6 R12: 00000000002f647b
[ 3106.400187][T27317] R13: 00007ffd261094b0 R14: 00007ffd261094d0 R15: 0000000000000032
[ 3106.408296][T27317]  </TASK>
01:21:17 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xffffa888}, 0x0)

01:21:17 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x190}, 0x0)

01:21:17 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x228}, 0x0)

[ 3106.562412][T27317] memory: usage 307200kB, limit 307200kB, failcnt 1610
[ 3106.580015][T27317] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3106.601172][T27327] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3106.785711][T27333] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3106.804722][T27317] Memory cgroup stats for /syz5:
[ 3106.804921][T27317] anon 98304
[ 3106.804921][T27317] file 155648
[ 3106.804921][T27317] kernel 314318848
[ 3106.804921][T27317] kernel_stack 65536
[ 3106.804921][T27317] pagetables 81920
[ 3106.804921][T27317] sec_pagetables 0
[ 3106.804921][T27317] percpu 5436928
[ 3106.804921][T27317] sock 0
[ 3106.804921][T27317] vmalloc 0
[ 3106.804921][T27317] shmem 155648
[ 3106.804921][T27317] zswap 0
[ 3106.804921][T27317] zswapped 0
[ 3106.804921][T27317] file_mapped 155648
[ 3106.804921][T27317] file_dirty 0
[ 3106.804921][T27317] file_writeback 0
[ 3106.804921][T27317] swapcached 0
[ 3106.804921][T27317] anon_thp 0
[ 3106.804921][T27317] file_thp 0
[ 3106.804921][T27317] shmem_thp 0
[ 3106.804921][T27317] inactive_anon 102400
[ 3106.804921][T27317] active_anon 151552
[ 3106.804921][T27317] inactive_file 0
[ 3106.804921][T27317] active_file 0
[ 3106.804921][T27317] unevictable 0
[ 3106.804921][T27317] slab_reclaimable 13416
[ 3106.804921][T27317] slab_unreclaimable 308687304
[ 3107.331296][T27317] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27317,uid=0
[ 3107.384411][T27317] Memory cgroup out of memory: Killed process 27317 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
01:21:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc803000000000000)

01:21:18 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xffffa888}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:18 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xe2030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:18 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xf0}, 0x0)

01:21:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x22a}, 0x0)

01:21:18 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xfffff000}, 0x0)

[ 3107.500387][T27321] socket: no more sockets
01:21:18 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x2000000}, 0x0)

01:21:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x22c}, 0x0)

[ 3107.556040][T27346] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3107.689871][T27344] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x232}, 0x0)

01:21:18 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xffffff7f}, 0x0)

01:21:18 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xe4030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3107.845349][T27353] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3107.961258][T27347] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3107.974671][T27362] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:19 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x23c}, 0x0)

[ 3108.119832][T27347] CPU: 1 PID: 27347 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3108.130307][T27347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3108.140394][T27347] Call Trace:
[ 3108.143687][T27347]  <TASK>
[ 3108.146633][T27347]  dump_stack_lvl+0xd1/0x138
[ 3108.151259][T27347]  dump_header+0x10b/0x85f
[ 3108.155727][T27347]  oom_kill_process.cold+0x10/0x15
[ 3108.160889][T27347]  out_of_memory+0x35c/0x14a0
[ 3108.165608][T27347]  ? find_held_lock+0x2d/0x110
[ 3108.170440][T27347]  ? oom_killer_disable+0x280/0x280
[ 3108.175689][T27347]  ? find_held_lock+0x2d/0x110
[ 3108.180496][T27347]  mem_cgroup_out_of_memory+0x206/0x270
[ 3108.186081][T27347]  ? mem_cgroup_margin+0x130/0x130
[ 3108.191226][T27347]  ? lock_downgrade+0x6e0/0x6e0
[ 3108.196134][T27347]  try_charge_memcg+0xef8/0x12f0
[ 3108.201118][T27347]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3108.207146][T27347]  ? rcu_read_unlock+0x9/0x60
[ 3108.211858][T27347]  ? lock_downgrade+0x6e0/0x6e0
[ 3108.216850][T27347]  charge_memcg+0x99/0x3b0
[ 3108.221305][T27347]  __mem_cgroup_charge+0x2b/0x90
[ 3108.226287][T27347]  wp_page_copy+0x2bf/0x1ca0
[ 3108.230917][T27347]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3108.237536][T27347]  ? lock_downgrade+0x6e0/0x6e0
[ 3108.242430][T27347]  ? vm_normal_page+0x14a/0x2a0
[ 3108.247321][T27347]  do_wp_page+0x1d1/0x1930
[ 3108.251775][T27347]  __handle_mm_fault+0x181b/0x3a40
[ 3108.256922][T27347]  ? vm_iomap_memory+0x190/0x190
[ 3108.261916][T27347]  handle_mm_fault+0x1cc/0x780
[ 3108.266714][T27347]  do_user_addr_fault+0x475/0x1210
[ 3108.271863][T27347]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3108.277459][T27347]  exc_page_fault+0x98/0x170
[ 3108.282091][T27347]  asm_exc_page_fault+0x26/0x30
[ 3108.286968][T27347] RIP: 0033:0x7f228be39580
[ 3108.291414][T27347] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3108.311055][T27347] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3108.317156][T27347] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3108.325157][T27347] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3108.333156][T27347] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3108.341156][T27347] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3108.349159][T27347] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3108.357162][T27347]  ? __x64_sys_socket+0x11/0xb0
[ 3108.362069][T27347]  </TASK>
[ 3108.381354][T27361] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:19 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xfffff000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3109.142769][T27347] memory: usage 307200kB, limit 307200kB, failcnt 1771
[ 3109.149714][T27347] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3109.163456][T27347] Memory cgroup stats for /syz5:
[ 3109.163645][T27347] anon 102400
[ 3109.163645][T27347] file 155648
[ 3109.163645][T27347] kernel 314314752
[ 3109.163645][T27347] kernel_stack 65536
[ 3109.163645][T27347] pagetables 73728
[ 3109.163645][T27347] sec_pagetables 0
[ 3109.163645][T27347] percpu 5436928
[ 3109.163645][T27347] sock 0
[ 3109.163645][T27347] vmalloc 0
[ 3109.163645][T27347] shmem 155648
[ 3109.163645][T27347] zswap 0
[ 3109.163645][T27347] zswapped 0
[ 3109.163645][T27347] file_mapped 155648
[ 3109.163645][T27347] file_dirty 0
[ 3109.163645][T27347] file_writeback 0
[ 3109.163645][T27347] swapcached 0
[ 3109.163645][T27347] anon_thp 0
[ 3109.163645][T27347] file_thp 0
[ 3109.163645][T27347] shmem_thp 0
[ 3109.163645][T27347] inactive_anon 106496
[ 3109.163645][T27347] active_anon 151552
[ 3109.163645][T27347] inactive_file 0
[ 3109.163645][T27347] active_file 0
[ 3109.163645][T27347] unevictable 0
[ 3109.163645][T27347] slab_reclaimable 15344
[ 3109.163645][T27347] slab_unreclaimable 308687952
[ 3109.548282][T27347] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27347,uid=0
[ 3109.598711][T27347] Memory cgroup out of memory: Killed process 27347 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc810020000000000)

01:21:20 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x6c}, 0x0)

01:21:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x243}, 0x0)

01:21:20 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xffffff9e}, 0x0)

01:21:20 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xea030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:20 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xffffff7f}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:20 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0xffffffff8a400000}, 0x0)

[ 3109.866233][T27377] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3109.887240][T27377] CPU: 1 PID: 27377 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3109.897714][T27377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3109.907799][T27377] Call Trace:
[ 3109.911102][T27377]  <TASK>
[ 3109.914053][T27377]  dump_stack_lvl+0xd1/0x138
[ 3109.918684][T27377]  dump_header+0x10b/0x85f
[ 3109.923148][T27377]  oom_kill_process.cold+0x10/0x15
[ 3109.928309][T27377]  out_of_memory+0x35c/0x14a0
[ 3109.933034][T27377]  ? oom_killer_disable+0x280/0x280
[ 3109.938270][T27377]  ? io_schedule_timeout+0x150/0x150
[ 3109.943593][T27377]  mem_cgroup_out_of_memory+0x206/0x270
[ 3109.949170][T27377]  ? mem_cgroup_margin+0x130/0x130
[ 3109.954311][T27377]  ? preempt_schedule_thunk+0x1a/0x1c
[ 3109.959726][T27377]  ? preempt_schedule_thunk+0x1a/0x1c
[ 3109.965152][T27377]  try_charge_memcg+0xef8/0x12f0
[ 3109.970145][T27377]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3109.976177][T27377]  ? rcu_read_unlock+0x9/0x60
[ 3109.980889][T27377]  ? lock_downgrade+0x6e0/0x6e0
[ 3109.985793][T27377]  charge_memcg+0x99/0x3b0
[ 3109.990264][T27377]  __mem_cgroup_charge+0x2b/0x90
[ 3109.995237][T27377]  wp_page_copy+0x2bf/0x1ca0
[ 3109.999864][T27377]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3110.006491][T27377]  ? lock_downgrade+0x6e0/0x6e0
[ 3110.011378][T27377]  ? vm_normal_page+0x14a/0x2a0
[ 3110.016271][T27377]  do_wp_page+0x1d1/0x1930
[ 3110.020711][T27377]  __handle_mm_fault+0x181b/0x3a40
[ 3110.025845][T27377]  ? vm_iomap_memory+0x190/0x190
[ 3110.030838][T27377]  handle_mm_fault+0x1cc/0x780
[ 3110.035645][T27377]  do_user_addr_fault+0x475/0x1210
[ 3110.040796][T27377]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3110.046371][T27377]  exc_page_fault+0x98/0x170
[ 3110.050982][T27377]  asm_exc_page_fault+0x26/0x30
[ 3110.055854][T27377] RIP: 0033:0x7f228be39580
[ 3110.060272][T27377] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3110.079889][T27377] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3110.085972][T27377] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3110.093953][T27377] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3110.102360][T27377] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3110.110340][T27377] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3110.118317][T27377] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3110.126291][T27377]  ? __x64_sys_socket+0x11/0xb0
[ 3110.131169][T27377]  </TASK>
01:21:21 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xfffffff0}, 0x0)

01:21:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x246}, 0x0)

01:21:21 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x60}, 0x0)

01:21:21 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x40030000000000}, 0x0)

01:21:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x250}, 0x0)

[ 3111.079729][T27377] memory: usage 307200kB, limit 307200kB, failcnt 1879
[ 3111.087125][T27377] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3111.104771][T27377] Memory cgroup stats for /syz5:
[ 3111.104970][T27377] anon 102400
[ 3111.104970][T27377] file 155648
[ 3111.104970][T27377] kernel 314314752
[ 3111.104970][T27377] kernel_stack 65536
[ 3111.104970][T27377] pagetables 73728
[ 3111.104970][T27377] sec_pagetables 0
[ 3111.104970][T27377] percpu 5436928
[ 3111.104970][T27377] sock 0
[ 3111.104970][T27377] vmalloc 0
[ 3111.104970][T27377] shmem 155648
[ 3111.104970][T27377] zswap 0
[ 3111.104970][T27377] zswapped 0
[ 3111.104970][T27377] file_mapped 155648
[ 3111.104970][T27377] file_dirty 0
[ 3111.104970][T27377] file_writeback 0
[ 3111.104970][T27377] swapcached 0
[ 3111.104970][T27377] anon_thp 0
[ 3111.104970][T27377] file_thp 0
[ 3111.104970][T27377] shmem_thp 0
[ 3111.104970][T27377] inactive_anon 106496
[ 3111.104970][T27377] active_anon 151552
[ 3111.104970][T27377] inactive_file 0
[ 3111.104970][T27377] active_file 0
[ 3111.104970][T27377] unevictable 0
[ 3111.104970][T27377] slab_reclaimable 15344
[ 3111.104970][T27377] slab_unreclaimable 308687952
[ 3111.510022][T27377] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27377,uid=0
[ 3111.575480][T27377] Memory cgroup out of memory: Killed process 27377 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:22 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xc910020000000000)

01:21:22 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xec030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:22 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0xff7f000000000000}, 0x0)

01:21:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x262}, 0x0)

01:21:22 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf0ffffffffffff}, 0x0)

01:21:22 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xffffff9e}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3111.745159][T27406] __nla_validate_parse: 5 callbacks suppressed
[ 3111.745180][T27406] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x26a}, 0x0)

[ 3111.927666][T27408] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3112.021945][T27408] CPU: 0 PID: 27408 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3112.027736][T27403] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3112.032400][T27408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3112.032418][T27408] Call Trace:
[ 3112.032426][T27408]  <TASK>
[ 3112.032437][T27408]  dump_stack_lvl+0xd1/0x138
[ 3112.032471][T27408]  dump_header+0x10b/0x85f
[ 3112.032508][T27408]  oom_kill_process.cold+0x10/0x15
[ 3112.032544][T27408]  out_of_memory+0x35c/0x14a0
[ 3112.032580][T27408]  ? find_held_lock+0x2d/0x110
[ 3112.032615][T27408]  ? oom_killer_disable+0x280/0x280
[ 3112.032650][T27408]  ? find_held_lock+0x2d/0x110
[ 3112.032686][T27408]  mem_cgroup_out_of_memory+0x206/0x270
[ 3112.032717][T27408]  ? mem_cgroup_margin+0x130/0x130
[ 3112.032742][T27408]  ? lock_downgrade+0x6e0/0x6e0
[ 3112.032795][T27408]  try_charge_memcg+0xef8/0x12f0
01:21:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x28a}, 0x0)

[ 3112.032837][T27408]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3112.032877][T27408]  ? rcu_read_unlock+0x9/0x60
[ 3112.032902][T27408]  ? lock_downgrade+0x6e0/0x6e0
[ 3112.032953][T27408]  charge_memcg+0x99/0x3b0
[ 3112.032995][T27408]  __mem_cgroup_charge+0x2b/0x90
[ 3112.033034][T27408]  wp_page_copy+0x2bf/0x1ca0
[ 3112.033071][T27408]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3112.033098][T27408]  ? lock_downgrade+0x6e0/0x6e0
[ 3112.033131][T27408]  ? vm_normal_page+0x14a/0x2a0
[ 3112.033173][T27408]  do_wp_page+0x1d1/0x1930
[ 3112.033207][T27408]  __handle_mm_fault+0x181b/0x3a40
[ 3112.033244][T27408]  ? vm_iomap_memory+0x190/0x190
[ 3112.033300][T27408]  handle_mm_fault+0x1cc/0x780
[ 3112.033334][T27408]  do_user_addr_fault+0x475/0x1210
[ 3112.033371][T27408]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3112.033408][T27408]  exc_page_fault+0x98/0x170
[ 3112.033443][T27408]  asm_exc_page_fault+0x26/0x30
[ 3112.033467][T27408] RIP: 0033:0x7f228be39580
[ 3112.033487][T27408] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3112.033509][T27408] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3112.033531][T27408] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3112.033548][T27408] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3112.033564][T27408] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
01:21:23 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0xf100000000000000}, 0x0)

[ 3112.033580][T27408] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3112.033596][T27408] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3112.033612][T27408]  ? __x64_sys_socket+0x11/0xb0
[ 3112.033657][T27408]  </TASK>
[ 3112.153494][T27408] memory: usage 307200kB, limit 307200kB, failcnt 1988
01:21:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x28e}, 0x0)

01:21:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x294}, 0x0)

01:21:23 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xee010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3112.972286][T27427] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3113.181993][T27408] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3113.188899][T27408] Memory cgroup stats for /syz5:
[ 3113.189107][T27408] anon 102400
[ 3113.189107][T27408] file 155648
[ 3113.189107][T27408] kernel 314314752
[ 3113.189107][T27408] kernel_stack 65536
[ 3113.189107][T27408] pagetables 73728
[ 3113.189107][T27408] sec_pagetables 0
[ 3113.189107][T27408] percpu 5436928
[ 3113.189107][T27408] sock 0
[ 3113.189107][T27408] vmalloc 0
[ 3113.189107][T27408] shmem 155648
[ 3113.189107][T27408] zswap 0
[ 3113.189107][T27408] zswapped 0
[ 3113.189107][T27408] file_mapped 155648
[ 3113.189107][T27408] file_dirty 0
[ 3113.189107][T27408] file_writeback 0
[ 3113.189107][T27408] swapcached 0
[ 3113.189107][T27408] anon_thp 0
[ 3113.189107][T27408] file_thp 0
[ 3113.189107][T27408] shmem_thp 0
[ 3113.189107][T27408] inactive_anon 106496
[ 3113.189107][T27408] active_anon 151552
[ 3113.189107][T27408] inactive_file 0
[ 3113.189107][T27408] active_file 0
[ 3113.189107][T27408] unevictable 0
[ 3113.189107][T27408] slab_reclaimable 15344
[ 3113.189107][T27408] slab_unreclaimable 308687952
[ 3113.417330][T27408] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27408,uid=0
[ 3113.433504][T27408] Memory cgroup out of memory: Killed process 27408 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xca10020000000000)

01:21:24 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x100000000000000}, 0x0)

01:21:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x29c}, 0x0)

01:21:24 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xfffffff0}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:24 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x10}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:24 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xf0ffffff, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3113.629549][T27435] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2a3}, 0x0)

01:21:24 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xf2030000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3113.758914][T27433] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3113.888885][T27441] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3113.961036][T27449] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2ce}, 0x0)

[ 3114.005897][T27441] CPU: 0 PID: 27441 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3114.016359][T27441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3114.026434][T27441] Call Trace:
[ 3114.029730][T27441]  <TASK>
[ 3114.032676][T27441]  dump_stack_lvl+0xd1/0x138
[ 3114.037299][T27441]  dump_header+0x10b/0x85f
[ 3114.041753][T27441]  oom_kill_process.cold+0x10/0x15
[ 3114.046953][T27441]  out_of_memory+0x35c/0x14a0
[ 3114.051676][T27441]  ? find_held_lock+0x2d/0x110
[ 3114.056478][T27441]  ? oom_killer_disable+0x280/0x280
[ 3114.061712][T27441]  ? find_held_lock+0x2d/0x110
[ 3114.066516][T27441]  mem_cgroup_out_of_memory+0x206/0x270
[ 3114.072095][T27441]  ? mem_cgroup_margin+0x130/0x130
[ 3114.077235][T27441]  ? lock_downgrade+0x6e0/0x6e0
[ 3114.082138][T27441]  try_charge_memcg+0xef8/0x12f0
[ 3114.087118][T27441]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3114.093138][T27441]  ? rcu_read_unlock+0x9/0x60
[ 3114.097839][T27441]  ? lock_downgrade+0x6e0/0x6e0
[ 3114.102740][T27441]  charge_memcg+0x99/0x3b0
[ 3114.107195][T27441]  __mem_cgroup_charge+0x2b/0x90
[ 3114.112175][T27441]  wp_page_copy+0x2bf/0x1ca0
[ 3114.116798][T27441]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3114.123417][T27441]  ? lock_downgrade+0x6e0/0x6e0
[ 3114.128308][T27441]  ? vm_normal_page+0x14a/0x2a0
[ 3114.133207][T27441]  do_wp_page+0x1d1/0x1930
[ 3114.137659][T27441]  __handle_mm_fault+0x181b/0x3a40
[ 3114.142804][T27441]  ? vm_iomap_memory+0x190/0x190
[ 3114.147798][T27441]  handle_mm_fault+0x1cc/0x780
[ 3114.152599][T27441]  do_user_addr_fault+0x475/0x1210
[ 3114.157740][T27441]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3114.163322][T27441]  exc_page_fault+0x98/0x170
[ 3114.167949][T27441]  asm_exc_page_fault+0x26/0x30
[ 3114.172878][T27441] RIP: 0033:0x7f228be39580
[ 3114.177317][T27441] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3114.196952][T27441] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3114.203046][T27441] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3114.211042][T27441] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3114.219034][T27441] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3114.227033][T27441] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3114.235035][T27441] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3114.243030][T27441]  ? __x64_sys_socket+0x11/0xb0
[ 3114.247930][T27441]  </TASK>
01:21:25 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfa010000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:25 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x200000000000000}, 0x0)

01:21:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2d0}, 0x0)

[ 3114.472600][T27441] memory: usage 307200kB, limit 307200kB, failcnt 2095
[ 3114.509262][T27441] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3114.540316][T27454] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3114.613039][T27458] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3114.631604][T27441] Memory cgroup stats for /syz5:
[ 3114.631805][T27441] anon 102400
[ 3114.631805][T27441] file 155648
[ 3114.631805][T27441] kernel 314314752
[ 3114.631805][T27441] kernel_stack 65536
[ 3114.631805][T27441] pagetables 73728
[ 3114.631805][T27441] sec_pagetables 0
[ 3114.631805][T27441] percpu 5436928
[ 3114.631805][T27441] sock 0
[ 3114.631805][T27441] vmalloc 0
[ 3114.631805][T27441] shmem 155648
[ 3114.631805][T27441] zswap 0
[ 3114.631805][T27441] zswapped 0
[ 3114.631805][T27441] file_mapped 155648
[ 3114.631805][T27441] file_dirty 0
[ 3114.631805][T27441] file_writeback 0
[ 3114.631805][T27441] swapcached 0
[ 3114.631805][T27441] anon_thp 0
[ 3114.631805][T27441] file_thp 0
[ 3114.631805][T27441] shmem_thp 0
[ 3114.631805][T27441] inactive_anon 106496
[ 3114.631805][T27441] active_anon 151552
[ 3114.631805][T27441] inactive_file 0
[ 3114.631805][T27441] active_file 0
[ 3114.631805][T27441] unevictable 0
[ 3114.631805][T27441] slab_reclaimable 15344
[ 3114.631805][T27441] slab_unreclaimable 308687952
[ 3115.031244][T27441] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27441,uid=0
[ 3115.085920][T27441] Memory cgroup out of memory: Killed process 27441 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:26 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xcb10020000000000)

01:21:26 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xfffffff1}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:26 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfa020000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2e0}, 0x0)

01:21:26 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2ce}, 0x0)

01:21:26 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x300000000000000}, 0x0)

01:21:26 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x2100}, 0x0)

[ 3115.258305][T27466] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x300}, 0x0)

01:21:26 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfa1e0000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3115.388170][T27463] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:26 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x400000000000000}, 0x0)

01:21:26 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfebff057, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x302}, 0x0)

[ 3115.866653][T27469] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3115.954239][T27469] CPU: 0 PID: 27469 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3115.964715][T27469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3115.974800][T27469] Call Trace:
[ 3115.978102][T27469]  <TASK>
[ 3115.981098][T27469]  dump_stack_lvl+0xd1/0x138
[ 3115.985718][T27469]  dump_header+0x10b/0x85f
[ 3115.990174][T27469]  oom_kill_process.cold+0x10/0x15
[ 3115.995325][T27469]  out_of_memory+0x35c/0x14a0
[ 3116.000045][T27469]  ? find_held_lock+0x2d/0x110
[ 3116.004852][T27469]  ? oom_killer_disable+0x280/0x280
[ 3116.010090][T27469]  ? find_held_lock+0x2d/0x110
[ 3116.014888][T27469]  mem_cgroup_out_of_memory+0x206/0x270
[ 3116.020460][T27469]  ? mem_cgroup_margin+0x130/0x130
[ 3116.025596][T27469]  ? lock_downgrade+0x6e0/0x6e0
[ 3116.030586][T27469]  try_charge_memcg+0xef8/0x12f0
[ 3116.035574][T27469]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3116.041680][T27469]  ? rcu_read_unlock+0x9/0x60
[ 3116.046382][T27469]  ? lock_downgrade+0x6e0/0x6e0
[ 3116.051283][T27469]  charge_memcg+0x99/0x3b0
[ 3116.055730][T27469]  __mem_cgroup_charge+0x2b/0x90
[ 3116.060878][T27469]  wp_page_copy+0x2bf/0x1ca0
[ 3116.065505][T27469]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3116.072116][T27469]  ? lock_downgrade+0x6e0/0x6e0
[ 3116.077000][T27469]  ? vm_normal_page+0x14a/0x2a0
[ 3116.081894][T27469]  do_wp_page+0x1d1/0x1930
[ 3116.086435][T27469]  __handle_mm_fault+0x181b/0x3a40
[ 3116.091586][T27469]  ? vm_iomap_memory+0x190/0x190
[ 3116.096596][T27469]  handle_mm_fault+0x1cc/0x780
[ 3116.101396][T27469]  do_user_addr_fault+0x475/0x1210
[ 3116.106538][T27469]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3116.112124][T27469]  exc_page_fault+0x98/0x170
[ 3116.116751][T27469]  asm_exc_page_fault+0x26/0x30
[ 3116.121625][T27469] RIP: 0033:0x7f228be39580
[ 3116.126057][T27469] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3116.145694][T27469] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3116.151796][T27469] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3116.159797][T27469] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3116.167794][T27469] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3116.175790][T27469] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3116.183788][T27469] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3116.191801][T27469]  ? __x64_sys_socket+0x11/0xb0
[ 3116.196703][T27469]  </TASK>
[ 3116.637589][T27469] memory: usage 307200kB, limit 307200kB, failcnt 2197
[ 3116.656094][T27469] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3116.663216][T27469] Memory cgroup stats for /syz5:
[ 3116.663420][T27469] anon 102400
[ 3116.663420][T27469] file 155648
[ 3116.663420][T27469] kernel 314314752
[ 3116.663420][T27469] kernel_stack 65536
[ 3116.663420][T27469] pagetables 73728
[ 3116.663420][T27469] sec_pagetables 0
[ 3116.663420][T27469] percpu 5436928
[ 3116.663420][T27469] sock 0
[ 3116.663420][T27469] vmalloc 0
[ 3116.663420][T27469] shmem 155648
[ 3116.663420][T27469] zswap 0
[ 3116.663420][T27469] zswapped 0
[ 3116.663420][T27469] file_mapped 155648
[ 3116.663420][T27469] file_dirty 0
[ 3116.663420][T27469] file_writeback 0
[ 3116.663420][T27469] swapcached 0
[ 3116.663420][T27469] anon_thp 0
[ 3116.663420][T27469] file_thp 0
[ 3116.663420][T27469] shmem_thp 0
[ 3116.663420][T27469] inactive_anon 106496
[ 3116.663420][T27469] active_anon 151552
[ 3116.663420][T27469] inactive_file 0
[ 3116.663420][T27469] active_file 0
[ 3116.663420][T27469] unevictable 0
[ 3116.663420][T27469] slab_reclaimable 15344
[ 3116.663420][T27469] slab_unreclaimable 308687952
[ 3116.959470][T27469] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27469,uid=0
[ 3116.996326][T27469] Memory cgroup out of memory: Killed process 27469 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:28 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xcc03000000000000)

01:21:28 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0x2400000000000000)

01:21:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x312}, 0x0)

01:21:28 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfeff0000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:28 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x500000000000000}, 0x0)

01:21:28 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xfffffffc}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3117.168407][T27496] __nla_validate_parse: 4 callbacks suppressed
[ 3117.168428][T27496] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3117.313630][T27497] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:21:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x31a}, 0x0)

[ 3117.426296][T27497] CPU: 0 PID: 27497 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3117.436771][T27497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3117.446852][T27497] Call Trace:
[ 3117.450158][T27497]  <TASK>
[ 3117.453110][T27497]  dump_stack_lvl+0xd1/0x138
[ 3117.457736][T27497]  dump_header+0x10b/0x85f
[ 3117.462282][T27497]  oom_kill_process.cold+0x10/0x15
[ 3117.467448][T27497]  out_of_memory+0x35c/0x14a0
[ 3117.472171][T27497]  ? find_held_lock+0x2d/0x110
[ 3117.476965][T27497]  ? oom_killer_disable+0x280/0x280
[ 3117.482197][T27497]  ? find_held_lock+0x2d/0x110
[ 3117.486993][T27497]  mem_cgroup_out_of_memory+0x206/0x270
[ 3117.492551][T27497]  ? mem_cgroup_margin+0x130/0x130
[ 3117.497669][T27497]  ? lock_downgrade+0x6e0/0x6e0
[ 3117.502548][T27497]  try_charge_memcg+0xef8/0x12f0
[ 3117.507503][T27497]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3117.513498][T27497]  ? rcu_read_unlock+0x9/0x60
[ 3117.518179][T27497]  ? lock_downgrade+0x6e0/0x6e0
[ 3117.523057][T27497]  charge_memcg+0x99/0x3b0
[ 3117.527485][T27497]  __mem_cgroup_charge+0x2b/0x90
[ 3117.532439][T27497]  wp_page_copy+0x2bf/0x1ca0
[ 3117.537041][T27497]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3117.543655][T27497]  ? lock_downgrade+0x6e0/0x6e0
[ 3117.548521][T27497]  ? vm_normal_page+0x14a/0x2a0
[ 3117.553394][T27497]  do_wp_page+0x1d1/0x1930
[ 3117.557822][T27497]  __handle_mm_fault+0x181b/0x3a40
[ 3117.562946][T27497]  ? vm_iomap_memory+0x190/0x190
[ 3117.567944][T27497]  handle_mm_fault+0x1cc/0x780
[ 3117.572719][T27497]  do_user_addr_fault+0x475/0x1210
[ 3117.577844][T27497]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3117.583406][T27497]  exc_page_fault+0x98/0x170
[ 3117.588009][T27497]  asm_exc_page_fault+0x26/0x30
[ 3117.592866][T27497] RIP: 0033:0x7f228be39580
[ 3117.597286][T27497] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3117.616897][T27497] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3117.622971][T27497] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3117.630944][T27497] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3117.638915][T27497] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3117.646888][T27497] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3117.654863][T27497] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3117.662834][T27497]  ? __x64_sys_socket+0x11/0xb0
[ 3117.667708][T27497]  </TASK>
[ 3117.747001][T27499] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:28 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x600000000000000}, 0x0)

01:21:28 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xc}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:28 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfeffffff, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3117.964295][T27497] memory: usage 307200kB, limit 307200kB, failcnt 2281
[ 3117.971339][T27497] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3118.037858][T27497] Memory cgroup stats for /syz5:
[ 3118.038044][T27497] anon 102400
[ 3118.038044][T27497] file 155648
[ 3118.038044][T27497] kernel 314314752
[ 3118.038044][T27497] kernel_stack 65536
[ 3118.038044][T27497] pagetables 73728
[ 3118.038044][T27497] sec_pagetables 0
[ 3118.038044][T27497] percpu 5436928
[ 3118.038044][T27497] sock 0
[ 3118.038044][T27497] vmalloc 0
[ 3118.038044][T27497] shmem 155648
[ 3118.038044][T27497] zswap 0
[ 3118.038044][T27497] zswapped 0
[ 3118.038044][T27497] file_mapped 155648
01:21:29 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x10002e3c7}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3118.038044][T27497] file_dirty 0
[ 3118.038044][T27497] file_writeback 0
[ 3118.038044][T27497] swapcached 0
[ 3118.038044][T27497] anon_thp 0
[ 3118.038044][T27497] file_thp 0
[ 3118.038044][T27497] shmem_thp 0
[ 3118.038044][T27497] inactive_anon 106496
[ 3118.038044][T27497] active_anon 151552
[ 3118.038044][T27497] inactive_file 0
[ 3118.038044][T27497] active_file 0
[ 3118.038044][T27497] unevictable 0
[ 3118.038044][T27497] slab_reclaimable 15344
[ 3118.038044][T27497] slab_unreclaimable 308687952
[ 3118.130077][T27512] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x31e}, 0x0)

[ 3118.325584][T27516] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3118.655922][T27497] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27497,uid=0
[ 3118.700695][T27497] Memory cgroup out of memory: Killed process 27497 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:29 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xcc10020000000000)

01:21:29 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x700000000000000}, 0x0)

01:21:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x324}, 0x0)

01:21:29 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xff0f0000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3118.854902][T27526] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3119.022292][T27527] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x326}, 0x0)

01:21:30 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x324}, 0x0)

01:21:30 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xff7f0000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:30 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x800000000000000}, 0x0)

01:21:30 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x1000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3119.253188][T27531] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3119.285606][T27535] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x334}, 0x0)

[ 3119.371323][T27531] CPU: 0 PID: 27531 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3119.381886][T27531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3119.391968][T27531] Call Trace:
[ 3119.395268][T27531]  <TASK>
[ 3119.398216][T27531]  dump_stack_lvl+0xd1/0x138
[ 3119.402845][T27531]  dump_header+0x10b/0x85f
[ 3119.407293][T27531]  oom_kill_process.cold+0x10/0x15
[ 3119.412441][T27531]  out_of_memory+0x35c/0x14a0
[ 3119.417158][T27531]  ? find_held_lock+0x2d/0x110
[ 3119.421955][T27531]  ? oom_killer_disable+0x280/0x280
[ 3119.427198][T27531]  ? find_held_lock+0x2d/0x110
[ 3119.432003][T27531]  mem_cgroup_out_of_memory+0x206/0x270
[ 3119.437581][T27531]  ? mem_cgroup_margin+0x130/0x130
[ 3119.442719][T27531]  ? lock_downgrade+0x6e0/0x6e0
[ 3119.447611][T27531]  try_charge_memcg+0xef8/0x12f0
[ 3119.452586][T27531]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3119.458653][T27531]  ? rcu_read_unlock+0x9/0x60
[ 3119.463356][T27531]  ? lock_downgrade+0x6e0/0x6e0
[ 3119.468259][T27531]  charge_memcg+0x99/0x3b0
[ 3119.472717][T27531]  __mem_cgroup_charge+0x2b/0x90
[ 3119.477691][T27531]  wp_page_copy+0x2bf/0x1ca0
[ 3119.482319][T27531]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3119.488944][T27531]  ? lock_downgrade+0x6e0/0x6e0
[ 3119.493835][T27531]  ? vm_normal_page+0x14a/0x2a0
[ 3119.498731][T27531]  do_wp_page+0x1d1/0x1930
[ 3119.503181][T27531]  __handle_mm_fault+0x181b/0x3a40
[ 3119.504332][T27537] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3119.508314][T27531]  ? vm_iomap_memory+0x190/0x190
[ 3119.508370][T27531]  handle_mm_fault+0x1cc/0x780
[ 3119.527259][T27531]  do_user_addr_fault+0x475/0x1210
[ 3119.532397][T27531]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3119.537981][T27531]  exc_page_fault+0x98/0x170
[ 3119.542612][T27531]  asm_exc_page_fault+0x26/0x30
[ 3119.547487][T27531] RIP: 0033:0x7f228be39580
[ 3119.551922][T27531] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3119.571730][T27531] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3119.577819][T27531] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3119.585800][T27531] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3119.593773][T27531] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3119.601740][T27531] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3119.609707][T27531] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3119.617674][T27531]  ? __x64_sys_socket+0x11/0xb0
[ 3119.622544][T27531]  </TASK>
01:21:30 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xa}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:30 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfffc5b38, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3119.975202][T27553] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3120.135385][T27531] memory: usage 307200kB, limit 307200kB, failcnt 2405
[ 3120.151606][T27531] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3120.193574][T27531] Memory cgroup stats for /syz5:
[ 3120.193799][T27531] anon 102400
[ 3120.193799][T27531] file 155648
[ 3120.193799][T27531] kernel 314314752
[ 3120.193799][T27531] kernel_stack 65536
[ 3120.193799][T27531] pagetables 73728
[ 3120.193799][T27531] sec_pagetables 0
[ 3120.193799][T27531] percpu 5436928
[ 3120.193799][T27531] sock 0
[ 3120.193799][T27531] vmalloc 0
[ 3120.193799][T27531] shmem 155648
[ 3120.193799][T27531] zswap 0
[ 3120.193799][T27531] zswapped 0
[ 3120.193799][T27531] file_mapped 155648
[ 3120.193799][T27531] file_dirty 0
[ 3120.193799][T27531] file_writeback 0
[ 3120.193799][T27531] swapcached 0
[ 3120.193799][T27531] anon_thp 0
[ 3120.193799][T27531] file_thp 0
[ 3120.193799][T27531] shmem_thp 0
[ 3120.193799][T27531] inactive_anon 106496
[ 3120.193799][T27531] active_anon 151552
[ 3120.193799][T27531] inactive_file 0
[ 3120.193799][T27531] active_file 0
[ 3120.193799][T27531] unevictable 0
[ 3120.193799][T27531] slab_reclaimable 15344
[ 3120.193799][T27531] slab_unreclaimable 308687952
[ 3120.943407][T27531] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27531,uid=0
[ 3121.021648][T27531] Memory cgroup out of memory: Killed process 27531 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:32 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xcd10020000000000)

01:21:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x33e}, 0x0)

01:21:32 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x900000000000000}, 0x0)

01:21:32 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfffc5b46, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:32 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x40030000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:32 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xa}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3121.451322][T27560] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x341}, 0x0)

[ 3121.637163][T27564] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:21:32 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xffffa888, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3121.714322][T27564] CPU: 1 PID: 27564 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3121.724786][T27564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3121.734865][T27564] Call Trace:
[ 3121.738166][T27564]  <TASK>
[ 3121.741143][T27564]  dump_stack_lvl+0xd1/0x138
[ 3121.745763][T27564]  dump_header+0x10b/0x85f
[ 3121.750224][T27564]  oom_kill_process.cold+0x10/0x15
[ 3121.755379][T27564]  out_of_memory+0x35c/0x14a0
[ 3121.760094][T27564]  ? find_held_lock+0x2d/0x110
[ 3121.764897][T27564]  ? oom_killer_disable+0x280/0x280
[ 3121.770138][T27564]  ? find_held_lock+0x2d/0x110
[ 3121.774950][T27564]  mem_cgroup_out_of_memory+0x206/0x270
[ 3121.780575][T27564]  ? mem_cgroup_margin+0x130/0x130
[ 3121.785709][T27564]  ? lock_downgrade+0x6e0/0x6e0
[ 3121.790614][T27564]  try_charge_memcg+0xef8/0x12f0
[ 3121.795593][T27564]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3121.801614][T27564]  ? rcu_read_unlock+0x9/0x60
[ 3121.806323][T27564]  ? lock_downgrade+0x6e0/0x6e0
[ 3121.811228][T27564]  charge_memcg+0x99/0x3b0
[ 3121.815690][T27564]  __mem_cgroup_charge+0x2b/0x90
[ 3121.820663][T27564]  wp_page_copy+0x2bf/0x1ca0
[ 3121.825295][T27564]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3121.831910][T27564]  ? lock_downgrade+0x6e0/0x6e0
[ 3121.836793][T27564]  ? vm_normal_page+0x14a/0x2a0
[ 3121.841685][T27564]  do_wp_page+0x1d1/0x1930
[ 3121.846137][T27564]  __handle_mm_fault+0x181b/0x3a40
[ 3121.851284][T27564]  ? vm_iomap_memory+0x190/0x190
[ 3121.856279][T27564]  handle_mm_fault+0x1cc/0x780
[ 3121.861075][T27564]  do_user_addr_fault+0x475/0x1210
[ 3121.866224][T27564]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3121.871811][T27564]  exc_page_fault+0x98/0x170
[ 3121.876446][T27564]  asm_exc_page_fault+0x26/0x30
[ 3121.881322][T27564] RIP: 0033:0x7f228be39580
[ 3121.885757][T27564] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3121.905396][T27564] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3121.911610][T27564] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3121.919607][T27564] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3121.927606][T27564] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3121.935598][T27564] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3121.943594][T27564] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3121.951597][T27564]  ? __x64_sys_socket+0x11/0xb0
[ 3121.956497][T27564]  </TASK>
01:21:32 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xa00000000000000}, 0x0)

01:21:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x34a}, 0x0)

[ 3122.064004][T27564] memory: usage 307200kB, limit 307200kB, failcnt 2493
[ 3122.073614][T27564] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3122.106469][T27564] Memory cgroup stats for /syz5:
[ 3122.106762][T27564] anon 102400
[ 3122.106762][T27564] file 155648
[ 3122.106762][T27564] kernel 314314752
[ 3122.106762][T27564] kernel_stack 65536
[ 3122.106762][T27564] pagetables 73728
[ 3122.106762][T27564] sec_pagetables 0
[ 3122.106762][T27564] percpu 5436928
[ 3122.106762][T27564] sock 0
[ 3122.106762][T27564] vmalloc 0
[ 3122.106762][T27564] shmem 155648
[ 3122.106762][T27564] zswap 0
[ 3122.106762][T27564] zswapped 0
01:21:33 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xffffe000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3122.106762][T27564] file_mapped 155648
[ 3122.106762][T27564] file_dirty 0
[ 3122.106762][T27564] file_writeback 0
[ 3122.106762][T27564] swapcached 0
[ 3122.106762][T27564] anon_thp 0
[ 3122.106762][T27564] file_thp 0
[ 3122.106762][T27564] shmem_thp 0
[ 3122.106762][T27564] inactive_anon 106496
[ 3122.106762][T27564] active_anon 151552
[ 3122.106762][T27564] inactive_file 0
[ 3122.106762][T27564] active_file 0
[ 3122.106762][T27564] unevictable 0
[ 3122.106762][T27564] slab_reclaimable 15344
[ 3122.106762][T27564] slab_unreclaimable 308687952
[ 3122.234164][T27581] __nla_validate_parse: 2 callbacks suppressed
[ 3122.234184][T27581] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x362}, 0x0)

[ 3122.527188][T27582] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3122.905299][T27564] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27564,uid=0
[ 3122.972628][T27564] Memory cgroup out of memory: Killed process 27564 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xce10020000000000)

01:21:34 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xf0ffffffffffff}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:34 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x9}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:34 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x36a}, 0x0)

01:21:34 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xb00000000000000}, 0x0)

01:21:34 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfffff000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3123.157063][T27593] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3123.208749][T27594] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3123.251102][T27594] CPU: 0 PID: 27594 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3123.261571][T27594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3123.271646][T27594] Call Trace:
[ 3123.274940][T27594]  <TASK>
[ 3123.277889][T27594]  dump_stack_lvl+0xd1/0x138
[ 3123.282518][T27594]  dump_header+0x10b/0x85f
[ 3123.286982][T27594]  oom_kill_process.cold+0x10/0x15
[ 3123.292142][T27594]  out_of_memory+0x35c/0x14a0
[ 3123.296854][T27594]  ? find_held_lock+0x2d/0x110
[ 3123.301651][T27594]  ? oom_killer_disable+0x280/0x280
[ 3123.306891][T27594]  ? find_held_lock+0x2d/0x110
[ 3123.311695][T27594]  mem_cgroup_out_of_memory+0x206/0x270
[ 3123.317274][T27594]  ? mem_cgroup_margin+0x130/0x130
[ 3123.322498][T27594]  ? lock_downgrade+0x6e0/0x6e0
[ 3123.327405][T27594]  try_charge_memcg+0xef8/0x12f0
[ 3123.332392][T27594]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3123.338494][T27594]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3123.344252][T27594]  ? lock_downgrade+0x6e0/0x6e0
[ 3123.349224][T27594]  ? lock_downgrade+0x6e0/0x6e0
[ 3123.354117][T27594]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3123.359690][T27594]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3123.365858][T27594]  copy_process+0x15ed/0x7190
[ 3123.370559][T27594]  ? __lock_acquire+0xbc3/0x56d0
[ 3123.375521][T27594]  ? __cleanup_sighand+0xb0/0xb0
[ 3123.380471][T27594]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3123.386467][T27594]  ? psi_memstall_leave+0x174/0x250
[ 3123.391696][T27594]  kernel_clone+0xeb/0x980
[ 3123.396134][T27594]  ? create_io_thread+0xf0/0xf0
[ 3123.400993][T27594]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3123.407334][T27594]  ? lock_downgrade+0x6e0/0x6e0
[ 3123.412214][T27594]  __do_sys_clone+0xba/0x100
[ 3123.416807][T27594]  ? kernel_clone+0x980/0x980
[ 3123.421500][T27594]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3123.427411][T27594]  do_syscall_64+0x39/0xb0
[ 3123.431833][T27594]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3123.437729][T27594] RIP: 0033:0x7f228be8d501
[ 3123.442146][T27594] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3123.461755][T27594] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3123.470172][T27594] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3123.478144][T27594] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3123.486115][T27594] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3123.494084][T27594] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3123.502053][T27594] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3123.510043][T27594]  </TASK>
01:21:34 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x36c}, 0x0)

01:21:34 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xffffff7f, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3123.585605][T27588] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:34 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xc00000000000000}, 0x0)

[ 3123.934923][T27605] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:35 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x100000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x36f}, 0x0)

[ 3124.052544][T27594] memory: usage 307176kB, limit 307200kB, failcnt 2573
[ 3124.060786][T27594] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
01:21:35 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xffffff9e, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3124.155178][T27609] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3124.307195][T27613] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3124.593844][T27594] Memory cgroup stats for /syz5:
[ 3124.594046][T27594] anon 90112
[ 3124.594046][T27594] file 155648
[ 3124.594046][T27594] kernel 314302464
[ 3124.594046][T27594] kernel_stack 32768
[ 3124.594046][T27594] pagetables 73728
[ 3124.594046][T27594] sec_pagetables 0
[ 3124.594046][T27594] percpu 5436928
[ 3124.594046][T27594] sock 0
[ 3124.594046][T27594] vmalloc 0
[ 3124.594046][T27594] shmem 155648
[ 3124.594046][T27594] zswap 0
[ 3124.594046][T27594] zswapped 0
[ 3124.594046][T27594] file_mapped 155648
[ 3124.594046][T27594] file_dirty 0
[ 3124.594046][T27594] file_writeback 0
[ 3124.594046][T27594] swapcached 0
[ 3124.594046][T27594] anon_thp 0
[ 3124.594046][T27594] file_thp 0
[ 3124.594046][T27594] shmem_thp 0
[ 3124.594046][T27594] inactive_anon 94208
[ 3124.594046][T27594] active_anon 151552
[ 3124.594046][T27594] inactive_file 0
[ 3124.594046][T27594] active_file 0
[ 3124.594046][T27594] unevictable 0
[ 3124.594046][T27594] slab_reclaimable 13416
[ 3124.594046][T27594] slab_unreclaimable 308686840
[ 3125.057168][T27594] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27594,uid=0
[ 3125.100571][T27594] Memory cgroup out of memory: Killed process 27594 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xcf10020000000000)

01:21:36 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x9}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:36 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xe00000000000000}, 0x0)

01:21:36 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x37a}, 0x0)

01:21:36 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfffffff0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3125.257151][T27622] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:36 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x200000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:36 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x388}, 0x0)

[ 3125.378711][T27623] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:36 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfffffffe, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3125.455153][T27627] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3125.545396][T27627] CPU: 0 PID: 27627 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3125.555866][T27627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3125.565939][T27627] Call Trace:
[ 3125.569289][T27627]  <TASK>
[ 3125.572239][T27627]  dump_stack_lvl+0xd1/0x138
[ 3125.576858][T27627]  dump_header+0x10b/0x85f
[ 3125.581314][T27627]  oom_kill_process.cold+0x10/0x15
[ 3125.586476][T27627]  out_of_memory+0x35c/0x14a0
[ 3125.591196][T27627]  ? find_held_lock+0x2d/0x110
[ 3125.595993][T27627]  ? oom_killer_disable+0x280/0x280
[ 3125.601233][T27627]  ? find_held_lock+0x2d/0x110
[ 3125.606038][T27627]  mem_cgroup_out_of_memory+0x206/0x270
[ 3125.611617][T27627]  ? mem_cgroup_margin+0x130/0x130
[ 3125.616758][T27627]  ? lock_downgrade+0x6e0/0x6e0
[ 3125.621666][T27627]  try_charge_memcg+0xef8/0x12f0
[ 3125.626638][T27627]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3125.632643][T27627]  ? rcu_read_unlock+0x9/0x60
[ 3125.637336][T27627]  ? lock_downgrade+0x6e0/0x6e0
[ 3125.642218][T27627]  charge_memcg+0x99/0x3b0
[ 3125.646649][T27627]  __mem_cgroup_charge+0x2b/0x90
[ 3125.651603][T27627]  wp_page_copy+0x2bf/0x1ca0
[ 3125.656219][T27627]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3125.662821][T27627]  ? lock_downgrade+0x6e0/0x6e0
[ 3125.667693][T27627]  ? vm_normal_page+0x14a/0x2a0
[ 3125.672604][T27627]  do_wp_page+0x1d1/0x1930
[ 3125.677034][T27627]  __handle_mm_fault+0x181b/0x3a40
[ 3125.682165][T27627]  ? vm_iomap_memory+0x190/0x190
[ 3125.687135][T27627]  handle_mm_fault+0x1cc/0x780
[ 3125.691914][T27627]  do_user_addr_fault+0x475/0x1210
[ 3125.697036][T27627]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3125.702601][T27627]  exc_page_fault+0x98/0x170
[ 3125.707209][T27627]  asm_exc_page_fault+0x26/0x30
[ 3125.712063][T27627] RIP: 0033:0x7f228be39580
[ 3125.716477][T27627] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3125.736084][T27627] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
01:21:36 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf00000000000000}, 0x0)

[ 3125.742159][T27627] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3125.750132][T27627] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3125.758110][T27627] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3125.766083][T27627] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3125.774056][T27627] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3125.782026][T27627]  ? __x64_sys_socket+0x11/0xb0
[ 3125.786903][T27627]  </TASK>
[ 3125.847768][T27635] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3125.981829][T27627] memory: usage 307200kB, limit 307200kB, failcnt 2673
[ 3125.988846][T27627] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3126.011626][T27627] Memory cgroup stats for /syz5:
[ 3126.011832][T27627] anon 102400
[ 3126.011832][T27627] file 155648
[ 3126.011832][T27627] kernel 314314752
[ 3126.011832][T27627] kernel_stack 65536
[ 3126.011832][T27627] pagetables 73728
[ 3126.011832][T27627] sec_pagetables 0
[ 3126.011832][T27627] percpu 5436928
[ 3126.011832][T27627] sock 0
[ 3126.011832][T27627] vmalloc 0
[ 3126.011832][T27627] shmem 155648
[ 3126.011832][T27627] zswap 0
[ 3126.011832][T27627] zswapped 0
[ 3126.011832][T27627] file_mapped 155648
[ 3126.011832][T27627] file_dirty 0
[ 3126.011832][T27627] file_writeback 0
[ 3126.011832][T27627] swapcached 0
[ 3126.011832][T27627] anon_thp 0
[ 3126.011832][T27627] file_thp 0
[ 3126.011832][T27627] shmem_thp 0
01:21:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x38a}, 0x0)

01:21:37 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xffffffff, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3126.011832][T27627] inactive_anon 106496
[ 3126.011832][T27627] active_anon 151552
[ 3126.011832][T27627] inactive_file 0
[ 3126.011832][T27627] active_file 0
[ 3126.011832][T27627] unevictable 0
[ 3126.011832][T27627] slab_reclaimable 15344
[ 3126.011832][T27627] slab_unreclaimable 308687952
01:21:37 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x300000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3126.811495][T27627] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27627,uid=0
[ 3126.905197][T27627] Memory cgroup out of memory: Killed process 27627 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd003000000000000)

01:21:37 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf02000000000000}, 0x0)

01:21:37 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x6}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x38e}, 0x0)

01:21:37 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="09000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:38 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="0a000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:38 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="0f000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x398}, 0x0)

[ 3127.216823][T27659] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3127.274859][T27659] CPU: 1 PID: 27659 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3127.285351][T27659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3127.295429][T27659] Call Trace:
[ 3127.298818][T27659]  <TASK>
[ 3127.301767][T27659]  dump_stack_lvl+0xd1/0x138
[ 3127.306389][T27659]  dump_header+0x10b/0x85f
[ 3127.310842][T27659]  oom_kill_process.cold+0x10/0x15
[ 3127.315998][T27659]  out_of_memory+0x35c/0x14a0
[ 3127.320719][T27659]  ? find_held_lock+0x2d/0x110
[ 3127.325520][T27659]  ? oom_killer_disable+0x280/0x280
[ 3127.330756][T27659]  ? find_held_lock+0x2d/0x110
[ 3127.335555][T27659]  mem_cgroup_out_of_memory+0x206/0x270
[ 3127.341132][T27659]  ? mem_cgroup_margin+0x130/0x130
[ 3127.346271][T27659]  ? lock_downgrade+0x6e0/0x6e0
[ 3127.351174][T27659]  try_charge_memcg+0xef8/0x12f0
[ 3127.356154][T27659]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3127.362168][T27659]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3127.367918][T27659]  ? lock_downgrade+0x6e0/0x6e0
[ 3127.372811][T27659]  ? lock_downgrade+0x6e0/0x6e0
[ 3127.377726][T27659]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3127.383315][T27659]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3127.389502][T27659]  copy_process+0x73e/0x7190
[ 3127.394128][T27659]  ? __lock_acquire+0xbc3/0x56d0
[ 3127.399117][T27659]  ? __cleanup_sighand+0xb0/0xb0
[ 3127.404089][T27659]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3127.410110][T27659]  ? psi_memstall_leave+0x174/0x250
[ 3127.415354][T27659]  kernel_clone+0xeb/0x980
[ 3127.419805][T27659]  ? create_io_thread+0xf0/0xf0
[ 3127.424684][T27659]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3127.430963][T27659]  ? lock_downgrade+0x6e0/0x6e0
[ 3127.435865][T27659]  __do_sys_clone+0xba/0x100
[ 3127.440484][T27659]  ? kernel_clone+0x980/0x980
[ 3127.445203][T27659]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3127.451142][T27659]  do_syscall_64+0x39/0xb0
[ 3127.455590][T27659]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3127.461507][T27659] RIP: 0033:0x7f228be8d501
[ 3127.465950][T27659] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3127.485589][T27659] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3127.494036][T27659] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3127.502031][T27659] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3127.510023][T27659] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3127.518015][T27659] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
01:21:38 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x1000000000000000}, 0x0)

01:21:38 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x400000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:38 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="10000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3127.526009][T27659] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3127.534023][T27659]  </TASK>
[ 3127.544362][T27659] memory: usage 307180kB, limit 307200kB, failcnt 2767
[ 3127.552772][T27670] __nla_validate_parse: 3 callbacks suppressed
[ 3127.552788][T27670] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3127.566844][T27659] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
01:21:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3b2}, 0x0)

[ 3128.062024][T27659] Memory cgroup stats for /syz5:
[ 3128.062222][T27659] anon 90112
[ 3128.062222][T27659] file 155648
[ 3128.062222][T27659] kernel 314306560
[ 3128.062222][T27659] kernel_stack 32768
[ 3128.062222][T27659] pagetables 73728
[ 3128.062222][T27659] sec_pagetables 0
[ 3128.062222][T27659] percpu 5436928
[ 3128.062222][T27659] sock 0
[ 3128.062222][T27659] vmalloc 0
[ 3128.062222][T27659] shmem 155648
[ 3128.062222][T27659] zswap 0
[ 3128.062222][T27659] zswapped 0
[ 3128.062222][T27659] file_mapped 155648
[ 3128.062222][T27659] file_dirty 0
[ 3128.062222][T27659] file_writeback 0
[ 3128.062222][T27659] swapcached 0
[ 3128.062222][T27659] anon_thp 0
[ 3128.062222][T27659] file_thp 0
[ 3128.062222][T27659] shmem_thp 0
[ 3128.062222][T27659] inactive_anon 94208
[ 3128.062222][T27659] active_anon 151552
[ 3128.062222][T27659] inactive_file 0
[ 3128.062222][T27659] active_file 0
[ 3128.062222][T27659] unevictable 0
[ 3128.062222][T27659] slab_reclaimable 13416
[ 3128.062222][T27659] slab_unreclaimable 308686840
[ 3128.537117][T27659] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27659,uid=0
01:21:39 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd010020000000000)

01:21:39 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="25000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:39 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x1100000000000000}, 0x0)

01:21:39 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x300000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3b8}, 0x0)

[ 3128.630164][T27659] Memory cgroup out of memory: Killed process 27659 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
[ 3128.691516][T27683] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:39 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x500000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3bf}, 0x0)

01:21:39 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x1300000000000000}, 0x0)

[ 3128.867383][T27687] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:39 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="2d000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3129.069702][T27700] netlink: 13 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3129.106102][T27690] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:21:40 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3c1}, 0x0)

01:21:40 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="30000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3129.165162][T27698] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3129.233148][T27690] CPU: 1 PID: 27690 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3129.243617][T27690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3129.253781][T27690] Call Trace:
[ 3129.257077][T27690]  <TASK>
[ 3129.260026][T27690]  dump_stack_lvl+0xd1/0x138
[ 3129.264644][T27690]  dump_header+0x10b/0x85f
[ 3129.269101][T27690]  oom_kill_process.cold+0x10/0x15
[ 3129.274251][T27690]  out_of_memory+0x35c/0x14a0
[ 3129.278966][T27690]  ? find_held_lock+0x2d/0x110
[ 3129.283766][T27690]  ? oom_killer_disable+0x280/0x280
[ 3129.289176][T27690]  ? find_held_lock+0x2d/0x110
[ 3129.293977][T27690]  mem_cgroup_out_of_memory+0x206/0x270
[ 3129.299566][T27690]  ? mem_cgroup_margin+0x130/0x130
[ 3129.304708][T27690]  ? lock_downgrade+0x6e0/0x6e0
[ 3129.309614][T27690]  try_charge_memcg+0xef8/0x12f0
[ 3129.314596][T27690]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3129.320610][T27690]  ? rcu_read_unlock+0x9/0x60
[ 3129.325299][T27690]  ? lock_downgrade+0x6e0/0x6e0
[ 3129.330184][T27690]  charge_memcg+0x99/0x3b0
[ 3129.334617][T27690]  __mem_cgroup_charge+0x2b/0x90
[ 3129.339568][T27690]  wp_page_copy+0x2bf/0x1ca0
[ 3129.344175][T27690]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3129.350770][T27690]  ? lock_downgrade+0x6e0/0x6e0
[ 3129.355635][T27690]  ? vm_normal_page+0x14a/0x2a0
[ 3129.360503][T27690]  do_wp_page+0x1d1/0x1930
[ 3129.364935][T27690]  __handle_mm_fault+0x181b/0x3a40
[ 3129.370060][T27690]  ? vm_iomap_memory+0x190/0x190
[ 3129.375027][T27690]  handle_mm_fault+0x1cc/0x780
[ 3129.379802][T27690]  do_user_addr_fault+0x475/0x1210
[ 3129.384926][T27690]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3129.390489][T27690]  exc_page_fault+0x98/0x170
[ 3129.395092][T27690]  asm_exc_page_fault+0x26/0x30
[ 3129.399951][T27690] RIP: 0033:0x7f228be39580
[ 3129.404370][T27690] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3129.423980][T27690] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3129.430050][T27690] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3129.438031][T27690] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3129.446007][T27690] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3129.453979][T27690] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3129.461951][T27690] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3129.469923][T27690]  ? __x64_sys_socket+0x11/0xb0
[ 3129.474802][T27690]  </TASK>
[ 3129.512660][T27706] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
01:21:40 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x3f00000000000000}, 0x0)

[ 3129.805336][T27712] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3129.981488][T27690] memory: usage 307200kB, limit 307200kB, failcnt 2877
[ 3129.988513][T27690] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3130.069504][T27690] Memory cgroup stats for /syz5:
[ 3130.081120][T27690] anon 102400
[ 3130.081120][T27690] file 155648
[ 3130.081120][T27690] kernel 314314752
[ 3130.081120][T27690] kernel_stack 65536
[ 3130.081120][T27690] pagetables 73728
[ 3130.081120][T27690] sec_pagetables 0
[ 3130.081120][T27690] percpu 5436928
[ 3130.081120][T27690] sock 0
[ 3130.081120][T27690] vmalloc 0
[ 3130.081120][T27690] shmem 155648
[ 3130.081120][T27690] zswap 0
[ 3130.081120][T27690] zswapped 0
[ 3130.081120][T27690] file_mapped 155648
[ 3130.081120][T27690] file_dirty 0
[ 3130.081120][T27690] file_writeback 0
[ 3130.081120][T27690] swapcached 0
[ 3130.081120][T27690] anon_thp 0
[ 3130.081120][T27690] file_thp 0
[ 3130.081120][T27690] shmem_thp 0
[ 3130.081120][T27690] inactive_anon 106496
[ 3130.081120][T27690] active_anon 151552
[ 3130.081120][T27690] inactive_file 0
[ 3130.081120][T27690] active_file 0
[ 3130.081120][T27690] unevictable 0
[ 3130.081120][T27690] slab_reclaimable 15344
[ 3130.081120][T27690] slab_unreclaimable 308687952
[ 3130.541464][T27690] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27690,uid=0
[ 3130.612379][T27690] Memory cgroup out of memory: Killed process 27690 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd110020000000000)

01:21:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3c8}, 0x0)

01:21:41 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="37000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:41 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3c1}, 0x0)

01:21:41 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x6000000000000000}, 0x0)

01:21:41 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x600000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:41 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0x1611020000000000)

01:21:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3ca}, 0x0)

[ 3130.772811][T27722] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:41 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="63000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3130.904775][T27724] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3130.994779][T27724] CPU: 0 PID: 27724 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3131.005253][T27724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3131.015331][T27724] Call Trace:
[ 3131.018635][T27724]  <TASK>
[ 3131.021596][T27724]  dump_stack_lvl+0xd1/0x138
[ 3131.026304][T27724]  dump_header+0x10b/0x85f
[ 3131.030762][T27724]  oom_kill_process.cold+0x10/0x15
[ 3131.035913][T27724]  out_of_memory+0x35c/0x14a0
[ 3131.040623][T27724]  ? find_held_lock+0x2d/0x110
[ 3131.045409][T27724]  ? oom_killer_disable+0x280/0x280
[ 3131.050625][T27724]  ? find_held_lock+0x2d/0x110
[ 3131.055405][T27724]  mem_cgroup_out_of_memory+0x206/0x270
[ 3131.060960][T27724]  ? mem_cgroup_margin+0x130/0x130
[ 3131.066089][T27724]  ? lock_downgrade+0x6e0/0x6e0
[ 3131.071020][T27724]  try_charge_memcg+0xef8/0x12f0
[ 3131.075993][T27724]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3131.082003][T27724]  ? rcu_read_unlock+0x9/0x60
[ 3131.086704][T27724]  ? lock_downgrade+0x6e0/0x6e0
[ 3131.091593][T27724]  charge_memcg+0x99/0x3b0
[ 3131.096040][T27724]  __mem_cgroup_charge+0x2b/0x90
[ 3131.101005][T27724]  wp_page_copy+0x2bf/0x1ca0
[ 3131.105616][T27724]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3131.112222][T27724]  ? lock_downgrade+0x6e0/0x6e0
[ 3131.117096][T27724]  ? vm_normal_page+0x14a/0x2a0
[ 3131.121969][T27724]  do_wp_page+0x1d1/0x1930
[ 3131.126486][T27724]  __handle_mm_fault+0x181b/0x3a40
[ 3131.131619][T27724]  ? vm_iomap_memory+0x190/0x190
[ 3131.136596][T27724]  handle_mm_fault+0x1cc/0x780
[ 3131.141374][T27724]  do_user_addr_fault+0x475/0x1210
[ 3131.146501][T27724]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3131.152150][T27724]  exc_page_fault+0x98/0x170
[ 3131.156756][T27724]  asm_exc_page_fault+0x26/0x30
[ 3131.161610][T27724] RIP: 0033:0x7f228be39580
[ 3131.166030][T27724] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3131.185645][T27724] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3131.191728][T27724] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3131.199710][T27724] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3131.207860][T27724] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3131.215841][T27724] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3131.223821][T27724] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3131.231795][T27724]  ? __x64_sys_socket+0x11/0xb0
[ 3131.236673][T27724]  </TASK>
01:21:42 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x6558000000000000}, 0x0)

01:21:42 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="c0000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3d2}, 0x0)

[ 3131.431503][T27724] memory: usage 307200kB, limit 307200kB, failcnt 2976
[ 3131.488190][T27740] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3131.692788][T27724] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3131.700950][T27724] Memory cgroup stats for /syz5:
[ 3131.701163][T27724] anon 102400
[ 3131.701163][T27724] file 155648
[ 3131.701163][T27724] kernel 314314752
[ 3131.701163][T27724] kernel_stack 65536
[ 3131.701163][T27724] pagetables 73728
[ 3131.701163][T27724] sec_pagetables 0
[ 3131.701163][T27724] percpu 5436928
[ 3131.701163][T27724] sock 0
[ 3131.701163][T27724] vmalloc 0
[ 3131.701163][T27724] shmem 155648
[ 3131.701163][T27724] zswap 0
[ 3131.701163][T27724] zswapped 0
[ 3131.701163][T27724] file_mapped 155648
[ 3131.701163][T27724] file_dirty 0
[ 3131.701163][T27724] file_writeback 0
[ 3131.701163][T27724] swapcached 0
[ 3131.701163][T27724] anon_thp 0
[ 3131.701163][T27724] file_thp 0
[ 3131.701163][T27724] shmem_thp 0
[ 3131.701163][T27724] inactive_anon 106496
[ 3131.701163][T27724] active_anon 151552
[ 3131.701163][T27724] inactive_file 0
[ 3131.701163][T27724] active_file 0
[ 3131.701163][T27724] unevictable 0
[ 3131.701163][T27724] slab_reclaimable 15344
[ 3131.701163][T27724] slab_unreclaimable 308687952
[ 3132.027665][T27724] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27724,uid=0
[ 3132.115119][T27724] Memory cgroup out of memory: Killed process 27724 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:43 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd210020000000000)

01:21:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3da}, 0x0)

01:21:43 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="c00e0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:43 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x700000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:43 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x6a03000000000000}, 0x0)

01:21:43 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1700}, 0x0)

01:21:43 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="e03f0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3132.341340][T27748] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
01:21:43 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="ffe0f505100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3132.527146][T27746] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:21:43 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1500}, 0x0)

01:21:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3e2}, 0x0)

01:21:43 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="00f0ff7f100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3132.676388][T27746] CPU: 0 PID: 27746 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3132.686869][T27746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3132.696944][T27746] Call Trace:
[ 3132.700253][T27746]  <TASK>
[ 3132.703227][T27746]  dump_stack_lvl+0xd1/0x138
[ 3132.707846][T27746]  dump_header+0x10b/0x85f
[ 3132.712301][T27746]  oom_kill_process.cold+0x10/0x15
[ 3132.717456][T27746]  out_of_memory+0x35c/0x14a0
[ 3132.722173][T27746]  ? find_held_lock+0x2d/0x110
[ 3132.726970][T27746]  ? oom_killer_disable+0x280/0x280
[ 3132.732206][T27746]  ? find_held_lock+0x2d/0x110
[ 3132.737006][T27746]  mem_cgroup_out_of_memory+0x206/0x270
[ 3132.742582][T27746]  ? mem_cgroup_margin+0x130/0x130
[ 3132.747726][T27746]  ? lock_downgrade+0x6e0/0x6e0
[ 3132.752630][T27746]  try_charge_memcg+0xef8/0x12f0
[ 3132.757612][T27746]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3132.763626][T27746]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3132.769374][T27746]  ? lock_downgrade+0x6e0/0x6e0
[ 3132.774271][T27746]  ? lock_downgrade+0x6e0/0x6e0
[ 3132.779171][T27746]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3132.784758][T27746]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3132.790944][T27746]  copy_process+0x15ed/0x7190
[ 3132.791314][T27764] __nla_validate_parse: 1 callbacks suppressed
[ 3132.791329][T27764] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3132.795637][T27746]  ? __lock_acquire+0xbc3/0x56d0
[ 3132.795689][T27746]  ? __cleanup_sighand+0xb0/0xb0
[ 3132.795715][T27746]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3132.795754][T27746]  ? psi_memstall_leave+0x174/0x250
[ 3132.795794][T27746]  kernel_clone+0xeb/0x980
[ 3132.795823][T27746]  ? create_io_thread+0xf0/0xf0
[ 3132.795853][T27746]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3132.795885][T27746]  ? lock_downgrade+0x6e0/0x6e0
[ 3132.795934][T27746]  __do_sys_clone+0xba/0x100
[ 3132.795959][T27746]  ? kernel_clone+0x980/0x980
[ 3132.796002][T27746]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3132.796044][T27746]  do_syscall_64+0x39/0xb0
[ 3132.796070][T27746]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3132.796095][T27746] RIP: 0033:0x7f228be8d501
[ 3132.796116][T27746] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3132.796138][T27746] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3132.796164][T27746] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
01:21:43 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x8100000000000000}, 0x0)

[ 3132.796182][T27746] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3132.796198][T27746] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3132.796214][T27746] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3132.796231][T27746] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3132.796267][T27746]  </TASK>
[ 3132.969072][T27746] memory: usage 307172kB, limit 307200kB, failcnt 3076
[ 3133.047282][T27746] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3133.197830][T27746] Memory cgroup stats for /syz5:
[ 3133.197986][T27746] anon 90112
[ 3133.197986][T27746] file 155648
[ 3133.197986][T27746] kernel 314298368
[ 3133.197986][T27746] kernel_stack 32768
[ 3133.197986][T27746] pagetables 73728
[ 3133.197986][T27746] sec_pagetables 0
[ 3133.197986][T27746] percpu 5436928
[ 3133.197986][T27746] sock 0
[ 3133.197986][T27746] vmalloc 0
[ 3133.197986][T27746] shmem 155648
[ 3133.197986][T27746] zswap 0
[ 3133.197986][T27746] zswapped 0
[ 3133.197986][T27746] file_mapped 155648
[ 3133.197986][T27746] file_dirty 0
[ 3133.197986][T27746] file_writeback 0
[ 3133.197986][T27746] swapcached 0
[ 3133.197986][T27746] anon_thp 0
[ 3133.197986][T27746] file_thp 0
[ 3133.197986][T27746] shmem_thp 0
[ 3133.197986][T27746] inactive_anon 94208
[ 3133.197986][T27746] active_anon 151552
[ 3133.197986][T27746] inactive_file 0
[ 3133.197986][T27746] active_file 0
[ 3133.197986][T27746] unevictable 0
[ 3133.197986][T27746] slab_reclaimable 13416
[ 3133.197986][T27746] slab_unreclaimable 308686840
[ 3133.264424][T27769] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3133.873625][T27746] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27746,uid=0
[ 3133.967579][T27746] Memory cgroup out of memory: Killed process 27746 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd310020000000000)

01:21:45 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="effdffff100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3ea}, 0x0)

01:21:45 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x800000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:45 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x88a8ffff00000000}, 0x0)

01:21:45 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x3}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:45 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000010081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3134.153614][T27783] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3ee}, 0x0)

01:21:45 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000020081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3134.283491][T27777] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3134.347738][T27777] CPU: 1 PID: 27777 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3134.358213][T27777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3134.368307][T27777] Call Trace:
[ 3134.371610][T27777]  <TASK>
[ 3134.374562][T27777]  dump_stack_lvl+0xd1/0x138
[ 3134.379185][T27777]  dump_header+0x10b/0x85f
[ 3134.383647][T27777]  oom_kill_process.cold+0x10/0x15
[ 3134.388802][T27777]  out_of_memory+0x35c/0x14a0
[ 3134.393516][T27777]  ? find_held_lock+0x2d/0x110
[ 3134.398304][T27777]  ? oom_killer_disable+0x280/0x280
[ 3134.403519][T27777]  ? find_held_lock+0x2d/0x110
[ 3134.408307][T27777]  mem_cgroup_out_of_memory+0x206/0x270
[ 3134.413865][T27777]  ? mem_cgroup_margin+0x130/0x130
[ 3134.418983][T27777]  ? lock_downgrade+0x6e0/0x6e0
[ 3134.423870][T27777]  try_charge_memcg+0xef8/0x12f0
[ 3134.428830][T27777]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3134.434819][T27777]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3134.440550][T27777]  ? lock_downgrade+0x6e0/0x6e0
[ 3134.445423][T27777]  ? lock_downgrade+0x6e0/0x6e0
[ 3134.450297][T27777]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3134.455856][T27777]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3134.462020][T27777]  copy_process+0x15ed/0x7190
[ 3134.466703][T27777]  ? wp_page_copy+0x311/0x1ca0
[ 3134.471487][T27777]  ? __cleanup_sighand+0xb0/0xb0
[ 3134.476438][T27777]  ? do_wp_page+0x1d9/0x1930
[ 3134.481040][T27777]  kernel_clone+0xeb/0x980
[ 3134.485466][T27777]  ? create_io_thread+0xf0/0xf0
[ 3134.490329][T27777]  ? find_held_lock+0x2d/0x110
[ 3134.495114][T27777]  __do_sys_clone+0xba/0x100
[ 3134.499710][T27777]  ? kernel_clone+0x980/0x980
[ 3134.504419][T27777]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3134.510332][T27777]  do_syscall_64+0x39/0xb0
[ 3134.514765][T27777]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3134.520670][T27777] RIP: 0033:0x7f228be8d501
[ 3134.525087][T27777] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3134.544783][T27777] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3134.553201][T27777] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3134.561173][T27777] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3134.569148][T27777] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3134.577121][T27777] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3134.585100][T27777] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3134.593094][T27777]  </TASK>
01:21:45 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000030081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3134.711671][T27777] memory: usage 307200kB, limit 307200kB, failcnt 3163
[ 3134.718675][T27777] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
01:21:45 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x9effffff00000000}, 0x0)

[ 3134.760206][T27777] Memory cgroup stats for /syz5:
[ 3134.760451][T27777] anon 90112
[ 3134.760451][T27777] file 155648
[ 3134.760451][T27777] kernel 314277888
[ 3134.760451][T27777] kernel_stack 32768
[ 3134.760451][T27777] pagetables 73728
[ 3134.760451][T27777] sec_pagetables 0
[ 3134.760451][T27777] percpu 5436928
[ 3134.760451][T27777] sock 0
[ 3134.760451][T27777] vmalloc 0
[ 3134.760451][T27777] shmem 155648
[ 3134.760451][T27777] zswap 0
[ 3134.760451][T27777] zswapped 0
[ 3134.760451][T27777] file_mapped 155648
[ 3134.760451][T27777] file_dirty 0
[ 3134.760451][T27777] file_writeback 0
[ 3134.760451][T27777] swapcached 0
[ 3134.760451][T27777] anon_thp 0
[ 3134.760451][T27777] file_thp 0
[ 3134.760451][T27777] shmem_thp 0
[ 3134.760451][T27777] inactive_anon 94208
[ 3134.760451][T27777] active_anon 151552
[ 3134.760451][T27777] inactive_file 0
[ 3134.760451][T27777] active_file 0
[ 3134.760451][T27777] unevictable 0
[ 3134.760451][T27777] slab_reclaimable 13416
[ 3134.760451][T27777] slab_unreclaimable 308686840
01:21:45 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000040081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3134.886138][T27801] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3135.139577][T27777] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27777,uid=0
01:21:46 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd410020000000000)

01:21:46 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xe24634cf00000000}, 0x0)

01:21:46 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x900000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:46 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000050081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:46 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3ea}, 0x0)

[ 3135.231537][T27777] Memory cgroup out of memory: Killed process 27777 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
[ 3135.271162][T27793] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:21:46 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000060081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3135.313568][T27809] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3135.344632][T27793] CPU: 1 PID: 27793 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3135.355096][T27793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3135.365175][T27793] Call Trace:
[ 3135.368478][T27793]  <TASK>
[ 3135.371429][T27793]  dump_stack_lvl+0xd1/0x138
[ 3135.376055][T27793]  dump_header+0x10b/0x85f
[ 3135.380512][T27793]  oom_kill_process.cold+0x10/0x15
[ 3135.385666][T27793]  out_of_memory+0x35c/0x14a0
[ 3135.390385][T27793]  ? find_held_lock+0x2d/0x110
[ 3135.395186][T27793]  ? oom_killer_disable+0x280/0x280
[ 3135.400422][T27793]  ? find_held_lock+0x2d/0x110
[ 3135.405219][T27793]  mem_cgroup_out_of_memory+0x206/0x270
[ 3135.410800][T27793]  ? mem_cgroup_margin+0x130/0x130
[ 3135.415935][T27793]  ? lock_downgrade+0x6e0/0x6e0
[ 3135.420839][T27793]  try_charge_memcg+0xef8/0x12f0
[ 3135.425816][T27793]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3135.431826][T27793]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3135.437579][T27793]  ? lock_downgrade+0x6e0/0x6e0
[ 3135.442472][T27793]  ? lock_downgrade+0x6e0/0x6e0
[ 3135.447550][T27793]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3135.453131][T27793]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3135.459306][T27793]  copy_process+0x73e/0x7190
[ 3135.464103][T27793]  ? __lock_acquire+0xbc3/0x56d0
[ 3135.469088][T27793]  ? __cleanup_sighand+0xb0/0xb0
[ 3135.474057][T27793]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3135.480078][T27793]  ? psi_memstall_leave+0x174/0x250
[ 3135.485318][T27793]  kernel_clone+0xeb/0x980
[ 3135.489780][T27793]  ? create_io_thread+0xf0/0xf0
[ 3135.494664][T27793]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3135.500949][T27793]  ? lock_downgrade+0x6e0/0x6e0
[ 3135.505849][T27793]  __do_sys_clone+0xba/0x100
01:21:46 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000070081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3135.510467][T27793]  ? kernel_clone+0x980/0x980
[ 3135.515190][T27793]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3135.521127][T27793]  do_syscall_64+0x39/0xb0
[ 3135.525576][T27793]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3135.531505][T27793] RIP: 0033:0x7f448748d501
[ 3135.535947][T27793] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3135.555582][T27793] RSP: 002b:00007fffd90bac98 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3135.564112][T27793] RAX: ffffffffffffffda RBX: 00007f4488236700 RCX: 00007f448748d501
[ 3135.572110][T27793] RDX: 00007f44882369d0 RSI: 00007f44882362f0 RDI: 00000000003d0f00
[ 3135.580105][T27793] RBP: 00007fffd90baee0 R08: 00007f4488236700 R09: 00007f4488236700
[ 3135.588099][T27793] R10: 00007f44882369d0 R11: 0000000000000206 R12: 00007fffd90bad4e
[ 3135.596093][T27793] R13: 00007fffd90bad4f R14: 00007f4488236300 R15: 0000000000022000
[ 3135.604108][T27793]  </TASK>
[ 3135.693314][T27793] memory: usage 307180kB, limit 307200kB, failcnt 14465
[ 3135.704959][T27793] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3135.735064][T27793] Memory cgroup stats for /syz4:
[ 3135.735282][T27793] anon 106496
[ 3135.735282][T27793] file 335872
[ 3135.735282][T27793] kernel 314109952
[ 3135.735282][T27793] kernel_stack 65536
[ 3135.735282][T27793] pagetables 86016
[ 3135.735282][T27793] sec_pagetables 0
[ 3135.735282][T27793] percpu 5432192
[ 3135.735282][T27793] sock 0
[ 3135.735282][T27793] vmalloc 0
[ 3135.735282][T27793] shmem 331776
[ 3135.735282][T27793] zswap 0
[ 3135.735282][T27793] zswapped 0
[ 3135.735282][T27793] file_mapped 286720
[ 3135.735282][T27793] file_dirty 4096
[ 3135.735282][T27793] file_writeback 0
[ 3135.735282][T27793] swapcached 0
[ 3135.735282][T27793] anon_thp 0
[ 3135.735282][T27793] file_thp 0
[ 3135.735282][T27793] shmem_thp 0
[ 3135.735282][T27793] inactive_anon 135168
[ 3135.735282][T27793] active_anon 303104
[ 3135.735282][T27793] inactive_file 0
[ 3135.735282][T27793] active_file 4096
[ 3135.735282][T27793] unevictable 0
[ 3135.735282][T27793] slab_reclaimable 18960
[ 3135.735282][T27793] slab_unreclaimable 308448976
[ 3136.077941][T27793] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27793,uid=0
[ 3136.203637][T27793] Memory cgroup out of memory: Killed process 27793 (syz-executor.4) total-vm:54672kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000
01:21:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3f0}, 0x0)

01:21:47 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000080081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:47 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xf0ffffff00000000}, 0x0)

01:21:47 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1200}, 0x0)

01:21:47 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xa00000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3136.485178][T27811] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3136.487026][T27828] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3136.541506][T27811] CPU: 0 PID: 27811 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3136.551974][T27811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3136.562055][T27811] Call Trace:
[ 3136.565362][T27811]  <TASK>
[ 3136.568311][T27811]  dump_stack_lvl+0xd1/0x138
[ 3136.572931][T27811]  dump_header+0x10b/0x85f
[ 3136.577385][T27811]  oom_kill_process.cold+0x10/0x15
[ 3136.582532][T27811]  out_of_memory+0x35c/0x14a0
[ 3136.587245][T27811]  ? find_held_lock+0x2d/0x110
[ 3136.592044][T27811]  ? oom_killer_disable+0x280/0x280
[ 3136.597285][T27811]  ? find_held_lock+0x2d/0x110
[ 3136.602091][T27811]  mem_cgroup_out_of_memory+0x206/0x270
[ 3136.607664][T27811]  ? mem_cgroup_margin+0x130/0x130
[ 3136.612801][T27811]  ? lock_downgrade+0x6e0/0x6e0
[ 3136.617708][T27811]  try_charge_memcg+0xef8/0x12f0
[ 3136.622690][T27811]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3136.628705][T27811]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3136.634460][T27811]  ? lock_downgrade+0x6e0/0x6e0
[ 3136.637397][T27829] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3136.639340][T27811]  ? lock_downgrade+0x6e0/0x6e0
[ 3136.639396][T27811]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3136.659004][T27811]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3136.665372][T27811]  copy_process+0x73e/0x7190
[ 3136.670000][T27811]  ? __lock_acquire+0xbc3/0x56d0
[ 3136.674991][T27811]  ? __cleanup_sighand+0xb0/0xb0
[ 3136.679964][T27811]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3136.686078][T27811]  ? psi_memstall_leave+0x174/0x250
[ 3136.691406][T27811]  kernel_clone+0xeb/0x980
[ 3136.695851][T27811]  ? create_io_thread+0xf0/0xf0
[ 3136.700734][T27811]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3136.707007][T27811]  ? lock_downgrade+0x6e0/0x6e0
[ 3136.711918][T27811]  __do_sys_clone+0xba/0x100
[ 3136.716537][T27811]  ? kernel_clone+0x980/0x980
[ 3136.721258][T27811]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3136.727199][T27811]  do_syscall_64+0x39/0xb0
[ 3136.731645][T27811]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3136.737561][T27811] RIP: 0033:0x7f228be8d501
[ 3136.742001][T27811] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3136.761642][T27811] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3136.770089][T27811] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3136.778089][T27811] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3136.786084][T27811] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3136.794345][T27811] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3136.802337][T27811] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3136.810345][T27811]  </TASK>
[ 3137.620678][T27811] memory: usage 307144kB, limit 307200kB, failcnt 3269
[ 3137.628373][T27811] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3137.701462][T27811] Memory cgroup stats for /syz5:
[ 3137.701680][T27811] anon 90112
[ 3137.701680][T27811] file 155648
[ 3137.701680][T27811] kernel 314269696
[ 3137.701680][T27811] kernel_stack 32768
[ 3137.701680][T27811] pagetables 73728
[ 3137.701680][T27811] sec_pagetables 0
[ 3137.701680][T27811] percpu 5436928
[ 3137.701680][T27811] sock 0
[ 3137.701680][T27811] vmalloc 0
[ 3137.701680][T27811] shmem 155648
[ 3137.701680][T27811] zswap 0
[ 3137.701680][T27811] zswapped 0
[ 3137.701680][T27811] file_mapped 155648
[ 3137.701680][T27811] file_dirty 0
[ 3137.701680][T27811] file_writeback 0
[ 3137.701680][T27811] swapcached 0
[ 3137.701680][T27811] anon_thp 0
[ 3137.701680][T27811] file_thp 0
[ 3137.701680][T27811] shmem_thp 0
[ 3137.701680][T27811] inactive_anon 94208
[ 3137.701680][T27811] active_anon 151552
[ 3137.701680][T27811] inactive_file 0
[ 3137.701680][T27811] active_file 0
[ 3137.701680][T27811] unevictable 0
[ 3137.701680][T27811] slab_reclaimable 13416
[ 3137.701680][T27811] slab_unreclaimable 308675440
[ 3137.940070][T27811] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27811,uid=0
[ 3138.041499][T27811] Memory cgroup out of memory: Killed process 27811 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:49 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd510020000000000)

01:21:49 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000090081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3f2}, 0x0)

01:21:49 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xffffff7f00000000}, 0x0)

01:21:49 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0xffffff1f}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:49 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xb00000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3138.192945][T27842] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:49 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000000a0081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3138.307684][T27845] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3138.363442][T27845] CPU: 0 PID: 27845 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3138.373915][T27845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3138.384000][T27845] Call Trace:
[ 3138.387297][T27845]  <TASK>
[ 3138.390245][T27845]  dump_stack_lvl+0xd1/0x138
[ 3138.394870][T27845]  dump_header+0x10b/0x85f
[ 3138.399325][T27845]  oom_kill_process.cold+0x10/0x15
[ 3138.404480][T27845]  out_of_memory+0x35c/0x14a0
[ 3138.409196][T27845]  ? find_held_lock+0x2d/0x110
[ 3138.414020][T27845]  ? oom_killer_disable+0x280/0x280
[ 3138.419254][T27845]  ? find_held_lock+0x2d/0x110
[ 3138.424056][T27845]  mem_cgroup_out_of_memory+0x206/0x270
[ 3138.429632][T27845]  ? mem_cgroup_margin+0x130/0x130
[ 3138.434768][T27845]  ? lock_downgrade+0x6e0/0x6e0
[ 3138.439677][T27845]  try_charge_memcg+0xef8/0x12f0
[ 3138.444660][T27845]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3138.450689][T27845]  ? rcu_read_unlock+0x9/0x60
[ 3138.455477][T27845]  ? lock_downgrade+0x6e0/0x6e0
[ 3138.460383][T27845]  charge_memcg+0x99/0x3b0
[ 3138.464854][T27845]  __mem_cgroup_charge+0x2b/0x90
[ 3138.469829][T27845]  wp_page_copy+0x2bf/0x1ca0
[ 3138.474463][T27845]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3138.481080][T27845]  ? lock_downgrade+0x6e0/0x6e0
[ 3138.485969][T27845]  ? vm_normal_page+0x14a/0x2a0
[ 3138.490869][T27845]  do_wp_page+0x538/0x1930
[ 3138.495320][T27845]  __handle_mm_fault+0x181b/0x3a40
[ 3138.500476][T27845]  ? vm_iomap_memory+0x190/0x190
[ 3138.505475][T27845]  handle_mm_fault+0x1cc/0x780
[ 3138.510276][T27845]  do_user_addr_fault+0x475/0x1210
[ 3138.515427][T27845]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3138.521009][T27845]  exc_page_fault+0x98/0x170
[ 3138.525639][T27845]  asm_exc_page_fault+0x26/0x30
[ 3138.530520][T27845] RIP: 0033:0x7f228be36cd0
[ 3138.534962][T27845] Code: 0f 84 b4 00 00 00 80 3d f9 e9 c9 00 00 75 1b 80 3d f1 e9 c9 00 00 75 12 80 3d e3 e9 c9 00 00 0f 84 95 00 00 00 0f 1f 44 00 00 <41> c6 44 24 f8 01 45 89 6c 24 f4 41 c6 44 24 14 00 8b 93 8c 00 00
[ 3138.554608][T27845] RSP: 002b:00007ffd261093d0 EFLAGS: 00010202
01:21:49 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xffffffff00000000}, 0x0)

[ 3138.560707][T27845] RAX: 0000000000000000 RBX: 00007f228bfabf8c RCX: 0000000000000000
[ 3138.568701][T27845] RDX: 00007ffd26109538 RSI: ffff80dd74054074 RDI: 00007ffd26109568
[ 3138.576694][T27845] RBP: 00007ffd26109488 R08: 0000000000000000 R09: 0000000000000000
[ 3138.584684][T27845] R10: 00007f228ba00010 R11: 0000000000095478 R12: 00007f228bfabf8c
[ 3138.592684][T27845] R13: 0000000000000000 R14: 00007f228bfabf80 R15: 00007ffd26109670
[ 3138.600703][T27845]  </TASK>
01:21:49 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000000b0081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:49 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000000c0081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3138.756332][T27859] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:49 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000000d0081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:49 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0xfffffffffffff000}, 0x0)

[ 3139.096974][T27867] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3139.538554][T27845] memory: usage 307132kB, limit 307200kB, failcnt 3352
[ 3139.561481][T27845] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3139.571832][T27845] Memory cgroup stats for /syz5:
[ 3139.572044][T27845] anon 77824
[ 3139.572044][T27845] file 155648
[ 3139.572044][T27845] kernel 314269696
[ 3139.572044][T27845] kernel_stack 32768
[ 3139.572044][T27845] pagetables 73728
[ 3139.572044][T27845] sec_pagetables 0
[ 3139.572044][T27845] percpu 5436928
[ 3139.572044][T27845] sock 0
[ 3139.572044][T27845] vmalloc 0
[ 3139.572044][T27845] shmem 155648
[ 3139.572044][T27845] zswap 0
[ 3139.572044][T27845] zswapped 0
[ 3139.572044][T27845] file_mapped 155648
[ 3139.572044][T27845] file_dirty 0
[ 3139.572044][T27845] file_writeback 0
[ 3139.572044][T27845] swapcached 0
[ 3139.572044][T27845] anon_thp 0
[ 3139.572044][T27845] file_thp 0
[ 3139.572044][T27845] shmem_thp 0
[ 3139.572044][T27845] inactive_anon 81920
[ 3139.572044][T27845] active_anon 151552
[ 3139.572044][T27845] inactive_file 0
[ 3139.572044][T27845] active_file 0
[ 3139.572044][T27845] unevictable 0
[ 3139.572044][T27845] slab_reclaimable 13416
[ 3139.572044][T27845] slab_unreclaimable 308678496
[ 3139.881439][T27845] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27845,uid=0
[ 3139.909303][T27845] Memory cgroup out of memory: Killed process 27845 (syz-executor.5) total-vm:54408kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:50 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd610020000000000)

01:21:50 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000000e0081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:51 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3f6}, 0x0)

01:21:51 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xc00000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:51 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x2}, 0x0)

01:21:51 executing program 1:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000000d0081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:51 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000000f0081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3140.126300][T27871] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 3140.139981][T27875] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3140.174550][T27871] CPU: 0 PID: 27871 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3140.185103][T27871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3140.195182][T27871] Call Trace:
[ 3140.198489][T27871]  <TASK>
[ 3140.201436][T27871]  dump_stack_lvl+0xd1/0x138
[ 3140.206061][T27871]  dump_header+0x10b/0x85f
[ 3140.210522][T27871]  oom_kill_process.cold+0x10/0x15
[ 3140.215681][T27871]  out_of_memory+0x35c/0x14a0
[ 3140.220488][T27871]  ? find_held_lock+0x2d/0x110
[ 3140.225290][T27871]  ? oom_killer_disable+0x280/0x280
[ 3140.230608][T27871]  ? find_held_lock+0x2d/0x110
[ 3140.235416][T27871]  mem_cgroup_out_of_memory+0x206/0x270
[ 3140.240993][T27871]  ? mem_cgroup_margin+0x130/0x130
[ 3140.246126][T27871]  ? lock_downgrade+0x6e0/0x6e0
[ 3140.251020][T27871]  try_charge_memcg+0xef8/0x12f0
[ 3140.256000][T27871]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3140.262013][T27871]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3140.267763][T27871]  ? lock_downgrade+0x6e0/0x6e0
[ 3140.272659][T27871]  ? lock_downgrade+0x6e0/0x6e0
[ 3140.277561][T27871]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3140.283146][T27871]  __alloc_pages+0x1f3/0x5b0
[ 3140.287763][T27871]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 3140.294550][T27871]  ? __lock_acquire+0xbc3/0x56d0
[ 3140.299541][T27871]  ? mark_lock.part.0+0xee/0x1910
[ 3140.304612][T27871]  alloc_pages+0x1aa/0x270
[ 3140.309068][T27871]  pte_alloc_one+0x1a/0x230
[ 3140.313604][T27871]  __handle_mm_fault+0x3151/0x3a40
[ 3140.318757][T27871]  ? vm_iomap_memory+0x190/0x190
01:21:51 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xa00000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3140.323757][T27871]  handle_mm_fault+0x1cc/0x780
[ 3140.328553][T27871]  do_user_addr_fault+0x475/0x1210
[ 3140.333696][T27871]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3140.339283][T27871]  exc_page_fault+0x98/0x170
[ 3140.343911][T27871]  asm_exc_page_fault+0x26/0x30
[ 3140.348789][T27871] RIP: 0033:0x7f228be368cf
[ 3140.353226][T27871] Code: 24 2c 00 00 00 00 4c 8b 0d ce 70 17 00 48 8b 94 24 b8 00 00 00 4d 8d 81 00 00 40 00 4c 39 c2 0f 83 64 0f 00 00 48 8b 44 24 58 <48> 8b 32 4c 8d 52 08 4c 89 94 24 b8 00 00 00 48 89 74 24 10 48 83
01:21:51 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34020000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3140.373034][T27871] RSP: 002b:00007ffd261093d0 EFLAGS: 00010287
[ 3140.379132][T27871] RAX: 00000000002fe9d1 RBX: 0000000000000000 RCX: 00000000002fe9a0
[ 3140.387130][T27871] RDX: 00007f228ba00000 RSI: 00007ffd261093b0 RDI: 0000000000000001
[ 3140.395126][T27871] RBP: 0000000000000000 R08: 00007f228be00000 R09: 00007f228ba00000
[ 3140.403124][T27871] R10: 00007ffd261b5090 R11: 00000000000955d8 R12: 0000000000000001
[ 3140.411128][T27871] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd26109670
[ 3140.419146][T27871]  </TASK>
01:21:51 executing program 1:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xf000, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:51 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x3}, 0x0)

01:21:51 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34030000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3140.608480][T27889] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3141.173235][T27871] memory: usage 307172kB, limit 307200kB, failcnt 3425
[ 3141.187017][T27871] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3141.201933][T27871] Memory cgroup stats for /syz5:
[ 3141.202175][T27871] anon 77824
[ 3141.202175][T27871] file 155648
[ 3141.202175][T27871] kernel 314310656
[ 3141.202175][T27871] kernel_stack 32768
[ 3141.202175][T27871] pagetables 69632
[ 3141.202175][T27871] sec_pagetables 0
[ 3141.202175][T27871] percpu 5436928
[ 3141.202175][T27871] sock 0
[ 3141.202175][T27871] vmalloc 0
[ 3141.202175][T27871] shmem 155648
[ 3141.202175][T27871] zswap 0
[ 3141.202175][T27871] zswapped 0
[ 3141.202175][T27871] file_mapped 155648
[ 3141.202175][T27871] file_dirty 0
[ 3141.202175][T27871] file_writeback 0
[ 3141.202175][T27871] swapcached 0
[ 3141.202175][T27871] anon_thp 0
[ 3141.202175][T27871] file_thp 0
[ 3141.202175][T27871] shmem_thp 0
[ 3141.202175][T27871] inactive_anon 81920
[ 3141.202175][T27871] active_anon 151552
[ 3141.202175][T27871] inactive_file 0
[ 3141.202175][T27871] active_file 0
[ 3141.202175][T27871] unevictable 0
[ 3141.202175][T27871] slab_reclaimable 52968
[ 3141.202175][T27871] slab_unreclaimable 308681720
[ 3141.562702][T27871] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27871,uid=0
[ 3141.666479][T27871] Memory cgroup out of memory: Killed process 27871 (syz-executor.5) total-vm:54408kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000
01:21:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd710020000000000)

01:21:52 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34040000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3141.750316][T27881] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3141.806328][T27881] CPU: 0 PID: 27881 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3141.816797][T27881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3141.827050][T27881] Call Trace:
[ 3141.830348][T27881]  <TASK>
[ 3141.833298][T27881]  dump_stack_lvl+0xd1/0x138
[ 3141.838265][T27881]  dump_header+0x10b/0x85f
[ 3141.842719][T27881]  oom_kill_process.cold+0x10/0x15
[ 3141.847878][T27881]  out_of_memory+0x35c/0x14a0
[ 3141.852605][T27881]  ? find_held_lock+0x2d/0x110
[ 3141.857407][T27881]  ? oom_killer_disable+0x280/0x280
[ 3141.862641][T27881]  ? find_held_lock+0x2d/0x110
[ 3141.867442][T27881]  mem_cgroup_out_of_memory+0x206/0x270
[ 3141.873020][T27881]  ? mem_cgroup_margin+0x130/0x130
[ 3141.878159][T27881]  ? lock_downgrade+0x6e0/0x6e0
[ 3141.883061][T27881]  try_charge_memcg+0xef8/0x12f0
[ 3141.888039][T27881]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3141.894080][T27881]  ? rcu_read_unlock+0x9/0x60
[ 3141.898790][T27881]  ? lock_downgrade+0x6e0/0x6e0
[ 3141.903693][T27881]  charge_memcg+0x99/0x3b0
[ 3141.908153][T27881]  __mem_cgroup_charge+0x2b/0x90
[ 3141.913216][T27881]  wp_page_copy+0x2bf/0x1ca0
[ 3141.917842][T27881]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3141.924460][T27881]  ? lock_downgrade+0x6e0/0x6e0
[ 3141.929416][T27881]  ? vm_normal_page+0x14a/0x2a0
[ 3141.934310][T27881]  do_wp_page+0x1d1/0x1930
[ 3141.938763][T27881]  __handle_mm_fault+0x181b/0x3a40
[ 3141.944002][T27881]  ? vm_iomap_memory+0x190/0x190
[ 3141.949094][T27881]  handle_mm_fault+0x1cc/0x780
[ 3141.953924][T27881]  do_user_addr_fault+0x475/0x1210
[ 3141.959086][T27881]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3141.964674][T27881]  exc_page_fault+0x98/0x170
[ 3141.969301][T27881]  asm_exc_page_fault+0x26/0x30
[ 3141.974184][T27881] RIP: 0033:0x7f4487439580
[ 3141.978714][T27881] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3141.998351][T27881] RSP: 002b:00007fffd90bacf0 EFLAGS: 00010246
[ 3142.004463][T27881] RAX: 0000000003e7b25d RBX: 00007f44875ac018 RCX: 0000001b30820000
[ 3142.012455][T27881] RDX: 0000000000000000 RSI: 0000001b30820018 RDI: 000000000c50b38a
[ 3142.020453][T27881] RBP: 0000000003e7b25d R08: 000000000000125d R09: 0000000003e7b261
[ 3142.028450][T27881] R10: 00007fffd90baeb0 R11: 0000000000000246 R12: 00007f44875a0000
[ 3142.036446][T27881] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff87ab6e66
[ 3142.044621][T27881]  ? __sock_create+0x46/0x790
[ 3142.049349][T27881]  </TASK>
[ 3142.332207][T27881] memory: usage 307200kB, limit 307200kB, failcnt 14728
[ 3142.339695][T27881] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3142.361497][T27881] Memory cgroup stats for /syz4:
[ 3142.361701][T27881] anon 118784
[ 3142.361701][T27881] file 335872
[ 3142.361701][T27881] kernel 314118144
[ 3142.361701][T27881] kernel_stack 65536
[ 3142.361701][T27881] pagetables 77824
[ 3142.361701][T27881] sec_pagetables 0
[ 3142.361701][T27881] percpu 5432192
[ 3142.361701][T27881] sock 0
[ 3142.361701][T27881] vmalloc 0
[ 3142.361701][T27881] shmem 331776
[ 3142.361701][T27881] zswap 0
[ 3142.361701][T27881] zswapped 0
[ 3142.361701][T27881] file_mapped 286720
[ 3142.361701][T27881] file_dirty 4096
[ 3142.361701][T27881] file_writeback 0
[ 3142.361701][T27881] swapcached 0
[ 3142.361701][T27881] anon_thp 0
[ 3142.361701][T27881] file_thp 0
[ 3142.361701][T27881] shmem_thp 0
[ 3142.361701][T27881] inactive_anon 147456
[ 3142.361701][T27881] active_anon 303104
[ 3142.361701][T27881] inactive_file 4096
[ 3142.361701][T27881] active_file 0
[ 3142.361701][T27881] unevictable 0
[ 3142.361701][T27881] slab_reclaimable 48344
[ 3142.361701][T27881] slab_unreclaimable 308462152
[ 3142.661529][T27881] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27881,uid=0
[ 3142.701568][T27881] Memory cgroup out of memory: Killed process 27881 (syz-executor.4) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000
01:21:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3fa}, 0x0)

01:21:53 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xd30000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:53 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34050000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3142.753514][T27898] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3142.777419][T27898] CPU: 0 PID: 27898 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3142.787981][T27898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3142.798062][T27898] Call Trace:
[ 3142.801358][T27898]  <TASK>
[ 3142.804306][T27898]  dump_stack_lvl+0xd1/0x138
[ 3142.808929][T27898]  dump_header+0x10b/0x85f
[ 3142.813389][T27898]  oom_kill_process.cold+0x10/0x15
[ 3142.818549][T27898]  out_of_memory+0x35c/0x14a0
[ 3142.823266][T27898]  ? find_held_lock+0x2d/0x110
[ 3142.828073][T27898]  ? oom_killer_disable+0x280/0x280
[ 3142.833309][T27898]  ? find_held_lock+0x2d/0x110
[ 3142.838114][T27898]  mem_cgroup_out_of_memory+0x206/0x270
[ 3142.843695][T27898]  ? mem_cgroup_margin+0x130/0x130
[ 3142.848835][T27898]  ? lock_downgrade+0x6e0/0x6e0
[ 3142.853739][T27898]  try_charge_memcg+0xef8/0x12f0
[ 3142.858718][T27898]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3142.864739][T27898]  ? rcu_read_unlock+0x9/0x60
[ 3142.869444][T27898]  ? lock_downgrade+0x6e0/0x6e0
[ 3142.874348][T27898]  charge_memcg+0x99/0x3b0
[ 3142.878800][T27898]  __mem_cgroup_charge+0x2b/0x90
[ 3142.883772][T27898]  wp_page_copy+0x2bf/0x1ca0
[ 3142.888400][T27898]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3142.895025][T27898]  ? lock_downgrade+0x6e0/0x6e0
[ 3142.899909][T27898]  ? vm_normal_page+0x14a/0x2a0
[ 3142.904802][T27898]  do_wp_page+0x538/0x1930
[ 3142.909249][T27898]  __handle_mm_fault+0x181b/0x3a40
[ 3142.914394][T27898]  ? vm_iomap_memory+0x190/0x190
[ 3142.919388][T27898]  handle_mm_fault+0x1cc/0x780
[ 3142.924181][T27898]  do_user_addr_fault+0x475/0x1210
[ 3142.929329][T27898]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3142.934912][T27898]  exc_page_fault+0x98/0x170
[ 3142.939541][T27898]  asm_exc_page_fault+0x26/0x30
[ 3142.944418][T27898] RIP: 0033:0x7f228be36cd0
[ 3142.948860][T27898] Code: 0f 84 b4 00 00 00 80 3d f9 e9 c9 00 00 75 1b 80 3d f1 e9 c9 00 00 75 12 80 3d e3 e9 c9 00 00 0f 84 95 00 00 00 0f 1f 44 00 00 <41> c6 44 24 f8 01 45 89 6c 24 f4 41 c6 44 24 14 00 8b 93 8c 00 00
[ 3142.968666][T27898] RSP: 002b:00007ffd261093d0 EFLAGS: 00010202
[ 3142.974761][T27898] RAX: 0000000000000000 RBX: 00007f228bfabf8c RCX: 0000000000000000
[ 3142.982755][T27898] RDX: 00007ffd26109538 RSI: ffff80dd74054074 RDI: 00007ffd26109568
[ 3142.990745][T27898] RBP: 00007ffd26109488 R08: 0000000000000000 R09: 0000000000000000
01:21:53 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34060000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3142.998735][T27898] R10: 00007f228ba00010 R11: 00000000000957a6 R12: 00007f228bfabf8c
[ 3143.006731][T27898] R13: 0000000000000000 R14: 00007f228bfabf80 R15: 00007ffd26109670
[ 3143.014745][T27898]  </TASK>
01:21:54 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34070000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3143.234686][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[ 3143.241035][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[ 3143.242105][T27898] memory: usage 307144kB, limit 307200kB, failcnt 3508
[ 3143.294089][T27898] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3143.339819][T27898] Memory cgroup stats for /syz5:
[ 3143.340046][T27898] anon 77824
[ 3143.340046][T27898] file 155648
[ 3143.340046][T27898] kernel 314281984
[ 3143.340046][T27898] kernel_stack 32768
[ 3143.340046][T27898] pagetables 73728
[ 3143.340046][T27898] sec_pagetables 0
[ 3143.340046][T27898] percpu 5436928
[ 3143.340046][T27898] sock 0
[ 3143.340046][T27898] vmalloc 0
[ 3143.340046][T27898] shmem 155648
[ 3143.340046][T27898] zswap 0
[ 3143.340046][T27898] zswapped 0
[ 3143.340046][T27898] file_mapped 155648
01:21:54 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34080000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3143.340046][T27898] file_dirty 0
[ 3143.340046][T27898] file_writeback 0
[ 3143.340046][T27898] swapcached 0
[ 3143.340046][T27898] anon_thp 0
[ 3143.340046][T27898] file_thp 0
[ 3143.340046][T27898] shmem_thp 0
[ 3143.340046][T27898] inactive_anon 81920
[ 3143.340046][T27898] active_anon 151552
[ 3143.340046][T27898] inactive_file 0
[ 3143.340046][T27898] active_file 0
[ 3143.340046][T27898] unevictable 0
[ 3143.340046][T27898] slab_reclaimable 25256
[ 3143.340046][T27898] slab_unreclaimable 308679448
01:21:54 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34090000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:54 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0xf}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3143.601994][T27892] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:54 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340a0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:54 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x4}, 0x0)

[ 3143.859306][T27898] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27898,uid=0
[ 3143.914251][T27898] Memory cgroup out of memory: Killed process 27898 (syz-executor.5) total-vm:54408kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
[ 3143.930529][T27921] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:54 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd810020000000000)

01:21:54 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340c0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x402}, 0x0)

01:21:55 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xe00000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:55 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x5}, 0x0)

[ 3144.202773][T27928] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:55 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340e0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:55 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340f0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3144.337964][T27925] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3144.404189][T27925] CPU: 1 PID: 27925 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3144.414667][T27925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3144.424765][T27925] Call Trace:
[ 3144.428154][T27925]  <TASK>
[ 3144.431106][T27925]  dump_stack_lvl+0xd1/0x138
[ 3144.435736][T27925]  dump_header+0x10b/0x85f
[ 3144.440196][T27925]  oom_kill_process.cold+0x10/0x15
[ 3144.445349][T27925]  out_of_memory+0x35c/0x14a0
[ 3144.450073][T27925]  ? find_held_lock+0x2d/0x110
[ 3144.454873][T27925]  ? oom_killer_disable+0x280/0x280
[ 3144.460110][T27925]  ? find_held_lock+0x2d/0x110
[ 3144.464929][T27925]  mem_cgroup_out_of_memory+0x206/0x270
[ 3144.470511][T27925]  ? mem_cgroup_margin+0x130/0x130
[ 3144.475651][T27925]  ? lock_downgrade+0x6e0/0x6e0
[ 3144.481430][T27925]  try_charge_memcg+0xef8/0x12f0
[ 3144.486420][T27925]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3144.492443][T27925]  ? rcu_read_unlock+0x9/0x60
[ 3144.497164][T27925]  ? lock_downgrade+0x6e0/0x6e0
[ 3144.502069][T27925]  charge_memcg+0x99/0x3b0
[ 3144.506522][T27925]  __mem_cgroup_charge+0x2b/0x90
[ 3144.511500][T27925]  wp_page_copy+0x2bf/0x1ca0
[ 3144.516130][T27925]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3144.522748][T27925]  ? lock_downgrade+0x6e0/0x6e0
[ 3144.527637][T27925]  ? vm_normal_page+0x14a/0x2a0
[ 3144.532530][T27925]  do_wp_page+0x538/0x1930
[ 3144.536980][T27925]  __handle_mm_fault+0x181b/0x3a40
[ 3144.542128][T27925]  ? vm_iomap_memory+0x190/0x190
[ 3144.547122][T27925]  handle_mm_fault+0x1cc/0x780
[ 3144.551919][T27925]  do_user_addr_fault+0x475/0x1210
[ 3144.557074][T27925]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3144.562660][T27925]  exc_page_fault+0x98/0x170
[ 3144.567277][T27925]  asm_exc_page_fault+0x26/0x30
[ 3144.572137][T27925] RIP: 0033:0x7f4487436f4d
[ 3144.576554][T27925] Code: e0 04 8b 44 02 08 85 c0 0f 85 3e 0a 00 00 31 c0 b9 40 42 0f 00 ba 81 00 00 00 c7 06 01 00 00 00 bf ca 00 00 00 e8 73 51 05 00 <83> 05 34 6a 17 00 01 80 bc 24 d8 00 00 00 00 0f b6 05 47 e7 c9 00
[ 3144.596169][T27925] RSP: 002b:00007fffd90badd0 EFLAGS: 00010207
[ 3144.602247][T27925] RAX: 0000000000000001 RBX: 00007f44875abf8c RCX: 00007f448748c0d9
[ 3144.610307][T27925] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f44875abf88
[ 3144.618298][T27925] RBP: 00007f44875abf80 R08: 00007f4488257700 R09: 0000000000000000
[ 3144.626287][T27925] R10: 00007f4488257700 R11: 0000000000000246 R12: 00007f44875abf8c
[ 3144.634273][T27925] R13: 00007f4487000060 R14: 00007f44875abf80 R15: 0000000000000000
[ 3144.642275][T27925]  </TASK>
01:21:55 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34100000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:55 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x6}, 0x0)

[ 3144.843980][T27942] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:55 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x4}, 0x0)

01:21:55 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34120000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:55 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34320000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3145.126380][T27925] memory: usage 307184kB, limit 307200kB, failcnt 14927
[ 3145.148350][T27925] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3145.168969][T27925] Memory cgroup stats for /syz4:
[ 3145.169184][T27925] anon 94208
[ 3145.169184][T27925] file 335872
[ 3145.169184][T27925] kernel 314126336
[ 3145.169184][T27925] kernel_stack 65536
[ 3145.169184][T27925] pagetables 77824
[ 3145.169184][T27925] sec_pagetables 0
[ 3145.169184][T27925] percpu 5432192
[ 3145.169184][T27925] sock 0
[ 3145.169184][T27925] vmalloc 0
[ 3145.169184][T27925] shmem 331776
[ 3145.169184][T27925] zswap 0
[ 3145.169184][T27925] zswapped 0
[ 3145.169184][T27925] file_mapped 286720
[ 3145.169184][T27925] file_dirty 4096
[ 3145.169184][T27925] file_writeback 0
[ 3145.169184][T27925] swapcached 0
[ 3145.169184][T27925] anon_thp 0
[ 3145.169184][T27925] file_thp 0
[ 3145.169184][T27925] shmem_thp 0
[ 3145.169184][T27925] inactive_anon 122880
[ 3145.169184][T27925] active_anon 303104
[ 3145.169184][T27925] inactive_file 0
[ 3145.169184][T27925] active_file 4096
[ 3145.169184][T27925] unevictable 0
[ 3145.169184][T27925] slab_reclaimable 58256
[ 3145.169184][T27925] slab_unreclaimable 308462456
[ 3145.293655][T27949] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3145.442251][T27925] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27925,uid=0
[ 3145.551553][T27925] Memory cgroup out of memory: Killed process 27925 (syz-executor.4) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000
[ 3145.591147][T27926] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3145.692814][T27926] CPU: 1 PID: 27926 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3145.703285][T27926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3145.713366][T27926] Call Trace:
[ 3145.716667][T27926]  <TASK>
[ 3145.719614][T27926]  dump_stack_lvl+0xd1/0x138
[ 3145.724236][T27926]  dump_header+0x10b/0x85f
[ 3145.728693][T27926]  oom_kill_process.cold+0x10/0x15
[ 3145.733841][T27926]  out_of_memory+0x35c/0x14a0
[ 3145.738580][T27926]  ? find_held_lock+0x2d/0x110
[ 3145.743379][T27926]  ? oom_killer_disable+0x280/0x280
[ 3145.748611][T27926]  ? find_held_lock+0x2d/0x110
[ 3145.753410][T27926]  mem_cgroup_out_of_memory+0x206/0x270
[ 3145.758985][T27926]  ? mem_cgroup_margin+0x130/0x130
[ 3145.764125][T27926]  ? lock_downgrade+0x6e0/0x6e0
[ 3145.769032][T27926]  try_charge_memcg+0xef8/0x12f0
[ 3145.774012][T27926]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3145.780034][T27926]  ? rcu_read_unlock+0x9/0x60
[ 3145.784741][T27926]  ? lock_downgrade+0x6e0/0x6e0
[ 3145.789665][T27926]  charge_memcg+0x99/0x3b0
[ 3145.794295][T27926]  __mem_cgroup_charge+0x2b/0x90
[ 3145.799269][T27926]  wp_page_copy+0x2bf/0x1ca0
[ 3145.803901][T27926]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3145.810514][T27926]  ? lock_downgrade+0x6e0/0x6e0
[ 3145.815390][T27926]  ? vm_normal_page+0x14a/0x2a0
[ 3145.820277][T27926]  do_wp_page+0x538/0x1930
[ 3145.824724][T27926]  __handle_mm_fault+0x181b/0x3a40
[ 3145.829868][T27926]  ? vm_iomap_memory+0x190/0x190
[ 3145.834859][T27926]  handle_mm_fault+0x1cc/0x780
[ 3145.840088][T27926]  do_user_addr_fault+0x475/0x1210
[ 3145.845238][T27926]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3145.850822][T27926]  exc_page_fault+0x98/0x170
[ 3145.855445][T27926]  asm_exc_page_fault+0x26/0x30
[ 3145.860317][T27926] RIP: 0033:0x7f228be36f4d
[ 3145.864751][T27926] Code: e0 04 8b 44 02 08 85 c0 0f 85 3e 0a 00 00 31 c0 b9 40 42 0f 00 ba 81 00 00 00 c7 06 01 00 00 00 bf ca 00 00 00 e8 73 51 05 00 <83> 05 34 6a 17 00 01 80 bc 24 d8 00 00 00 00 0f b6 05 47 e7 c9 00
[ 3145.884380][T27926] RSP: 002b:00007ffd261093d0 EFLAGS: 00010217
[ 3145.890473][T27926] RAX: 0000000000000000 RBX: 00007f228bfabf8c RCX: 00007f228be8c0d9
[ 3145.898465][T27926] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f228bfabf88
[ 3145.906452][T27926] RBP: 00007f228bfabf80 R08: 00007f228cb2c700 R09: 0000000000000000
[ 3145.914432][T27926] R10: 00007f228cb2c700 R11: 0000000000000246 R12: 00007f228bfabf8c
[ 3145.922406][T27926] R13: 00007f228ba00060 R14: 00007f228bfabf80 R15: 0000000000000000
[ 3145.930406][T27926]  </TASK>
[ 3146.384451][T27926] memory: usage 307176kB, limit 307200kB, failcnt 3619
[ 3146.451517][T27926] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3146.463693][T27926] Memory cgroup stats for /syz5:
[ 3146.463864][T27926] anon 94208
[ 3146.463864][T27926] file 155648
[ 3146.463864][T27926] kernel 314298368
[ 3146.463864][T27926] kernel_stack 65536
[ 3146.463864][T27926] pagetables 73728
[ 3146.463864][T27926] sec_pagetables 0
[ 3146.463864][T27926] percpu 5436928
[ 3146.463864][T27926] sock 0
[ 3146.463864][T27926] vmalloc 0
[ 3146.463864][T27926] shmem 155648
[ 3146.463864][T27926] zswap 0
[ 3146.463864][T27926] zswapped 0
[ 3146.463864][T27926] file_mapped 155648
[ 3146.463864][T27926] file_dirty 0
[ 3146.463864][T27926] file_writeback 0
[ 3146.463864][T27926] swapcached 0
[ 3146.463864][T27926] anon_thp 0
[ 3146.463864][T27926] file_thp 0
[ 3146.463864][T27926] shmem_thp 0
[ 3146.463864][T27926] inactive_anon 94208
[ 3146.463864][T27926] active_anon 151552
[ 3146.463864][T27926] inactive_file 0
[ 3146.463864][T27926] active_file 0
[ 3146.463864][T27926] unevictable 0
[ 3146.463864][T27926] slab_reclaimable 15344
[ 3146.463864][T27926] slab_unreclaimable 308676856
[ 3146.671882][T27926] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27926,uid=0
[ 3146.711610][T27926] Memory cgroup out of memory: Killed process 27926 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:57 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xd910020000000000)

01:21:57 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x7}, 0x0)

01:21:57 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="343c0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:57 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0xc800000000000000}, 0x0)

01:21:57 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xf00000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:57 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x500}, 0x0)

[ 3147.009913][T27962] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3147.052297][T27956] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3147.082639][T27956] CPU: 0 PID: 27956 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3147.093107][T27956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3147.103195][T27956] Call Trace:
[ 3147.106498][T27956]  <TASK>
[ 3147.109447][T27956]  dump_stack_lvl+0xd1/0x138
[ 3147.114060][T27956]  dump_header+0x10b/0x85f
[ 3147.118507][T27956]  oom_kill_process.cold+0x10/0x15
[ 3147.123756][T27956]  out_of_memory+0x35c/0x14a0
[ 3147.128474][T27956]  ? find_held_lock+0x2d/0x110
[ 3147.133445][T27956]  ? oom_killer_disable+0x280/0x280
[ 3147.138681][T27956]  ? find_held_lock+0x2d/0x110
[ 3147.143483][T27956]  mem_cgroup_out_of_memory+0x206/0x270
01:21:57 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34480000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:58 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0x500000000000000)

[ 3147.149061][T27956]  ? mem_cgroup_margin+0x130/0x130
[ 3147.154196][T27956]  ? lock_downgrade+0x6e0/0x6e0
[ 3147.159097][T27956]  try_charge_memcg+0xef8/0x12f0
[ 3147.164080][T27956]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3147.170099][T27956]  ? rcu_read_unlock+0x9/0x60
[ 3147.174800][T27956]  ? lock_downgrade+0x6e0/0x6e0
[ 3147.179709][T27956]  charge_memcg+0x99/0x3b0
[ 3147.184248][T27956]  __mem_cgroup_charge+0x2b/0x90
[ 3147.189219][T27956]  wp_page_copy+0x2bf/0x1ca0
[ 3147.193843][T27956]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
01:21:58 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x8}, 0x0)

[ 3147.200458][T27956]  ? lock_downgrade+0x6e0/0x6e0
[ 3147.205347][T27956]  ? vm_normal_page+0x14a/0x2a0
[ 3147.210238][T27956]  do_wp_page+0x538/0x1930
[ 3147.214691][T27956]  __handle_mm_fault+0x181b/0x3a40
[ 3147.219841][T27956]  ? vm_iomap_memory+0x190/0x190
[ 3147.224839][T27956]  handle_mm_fault+0x1cc/0x780
[ 3147.229637][T27956]  do_user_addr_fault+0x475/0x1210
[ 3147.234779][T27956]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3147.240360][T27956]  exc_page_fault+0x98/0x170
[ 3147.244985][T27956]  asm_exc_page_fault+0x26/0x30
[ 3147.249857][T27956] RIP: 0033:0x7f228be36cd0
[ 3147.254291][T27956] Code: 0f 84 b4 00 00 00 80 3d f9 e9 c9 00 00 75 1b 80 3d f1 e9 c9 00 00 75 12 80 3d e3 e9 c9 00 00 0f 84 95 00 00 00 0f 1f 44 00 00 <41> c6 44 24 f8 01 45 89 6c 24 f4 41 c6 44 24 14 00 8b 93 8c 00 00
[ 3147.273920][T27956] RSP: 002b:00007ffd261093d0 EFLAGS: 00010202
[ 3147.280011][T27956] RAX: 0000000000000000 RBX: 00007f228bfabf8c RCX: 0000000000000000
[ 3147.288005][T27956] RDX: 00007ffd26109538 RSI: ffff80dd74054074 RDI: 00007ffd26109568
01:21:58 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="344a0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3147.296001][T27956] RBP: 00007ffd26109488 R08: 0000000000000000 R09: 0000000000000000
[ 3147.303992][T27956] R10: 00007f228ba00010 R11: 0000000000095a50 R12: 00007f228bfabf8c
[ 3147.312076][T27956] R13: 0000000000000000 R14: 00007f228bfabf80 R15: 00007ffd26109670
[ 3147.320092][T27956]  </TASK>
[ 3147.327721][T27972] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:58 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x9}, 0x0)

01:21:58 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0xbf03030000000000}, 0x0)

01:21:58 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="344c0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3147.624683][T27978] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3148.061436][T27956] memory: usage 307140kB, limit 307200kB, failcnt 3694
[ 3148.081437][T27956] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3148.088418][T27956] Memory cgroup stats for /syz5:
[ 3148.088622][T27956] anon 77824
[ 3148.088622][T27956] file 155648
[ 3148.088622][T27956] kernel 314269696
[ 3148.088622][T27956] kernel_stack 32768
[ 3148.088622][T27956] pagetables 73728
[ 3148.088622][T27956] sec_pagetables 0
[ 3148.088622][T27956] percpu 5436928
[ 3148.088622][T27956] sock 0
[ 3148.088622][T27956] vmalloc 0
[ 3148.088622][T27956] shmem 155648
[ 3148.088622][T27956] zswap 0
[ 3148.088622][T27956] zswapped 0
[ 3148.088622][T27956] file_mapped 155648
[ 3148.088622][T27956] file_dirty 0
[ 3148.088622][T27956] file_writeback 0
[ 3148.088622][T27956] swapcached 0
[ 3148.088622][T27956] anon_thp 0
[ 3148.088622][T27956] file_thp 0
[ 3148.088622][T27956] shmem_thp 0
[ 3148.088622][T27956] inactive_anon 81920
[ 3148.088622][T27956] active_anon 151552
[ 3148.088622][T27956] inactive_file 0
[ 3148.088622][T27956] active_file 0
[ 3148.088622][T27956] unevictable 0
[ 3148.088622][T27956] slab_reclaimable 16376
[ 3148.088622][T27956] slab_unreclaimable 308679144
[ 3148.387067][T27956] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27956,uid=0
[ 3148.431562][T27956] Memory cgroup out of memory: Killed process 27956 (syz-executor.5) total-vm:54408kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:21:59 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xda10020000000000)

01:21:59 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34600000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:21:59 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xa}, 0x0)

01:21:59 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x1000000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:21:59 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0xbc03030000000000}, 0x0)

01:21:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x600}, 0x0)

01:21:59 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34680000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3148.672144][T27991] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:21:59 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0xba03030000000000}, 0x0)

[ 3148.740021][T27992] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
01:21:59 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="346a0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3148.798830][T27992] CPU: 0 PID: 27992 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3148.809294][T27992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3148.819372][T27992] Call Trace:
[ 3148.822668][T27992]  <TASK>
[ 3148.825618][T27992]  dump_stack_lvl+0xd1/0x138
[ 3148.830239][T27992]  dump_header+0x10b/0x85f
[ 3148.834696][T27992]  oom_kill_process.cold+0x10/0x15
[ 3148.839845][T27992]  out_of_memory+0x35c/0x14a0
[ 3148.844557][T27992]  ? find_held_lock+0x2d/0x110
[ 3148.849355][T27992]  ? oom_killer_disable+0x280/0x280
[ 3148.854591][T27992]  ? find_held_lock+0x2d/0x110
[ 3148.859392][T27992]  mem_cgroup_out_of_memory+0x206/0x270
[ 3148.864966][T27992]  ? mem_cgroup_margin+0x130/0x130
[ 3148.870097][T27992]  ? lock_downgrade+0x6e0/0x6e0
[ 3148.874986][T27992]  try_charge_memcg+0xef8/0x12f0
[ 3148.879953][T27992]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3148.885954][T27992]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3148.891700][T27992]  ? lock_downgrade+0x6e0/0x6e0
[ 3148.896575][T27992]  ? lock_downgrade+0x6e0/0x6e0
[ 3148.901444][T27992]  ? rcu_read_unlock+0x9/0x60
[ 3148.906146][T27992]  obj_cgroup_charge+0x2af/0x5e0
[ 3148.911105][T27992]  __kmem_cache_alloc_node+0xad/0x3e0
[ 3148.916508][T27992]  ? copy_semundo+0x18b/0x300
[ 3148.921224][T27992]  kmalloc_trace+0x26/0x60
[ 3148.925652][T27992]  copy_semundo+0x18b/0x300
[ 3148.930168][T27992]  copy_process+0x23f4/0x7190
[ 3148.934877][T27992]  ? __cleanup_sighand+0xb0/0xb0
[ 3148.939828][T27992]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3148.945847][T27992]  ? psi_memstall_leave+0x174/0x250
[ 3148.951085][T27992]  kernel_clone+0xeb/0x980
[ 3148.955514][T27992]  ? create_io_thread+0xf0/0xf0
[ 3148.960383][T27992]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3148.966633][T27992]  ? lock_downgrade+0x6e0/0x6e0
[ 3148.971507][T27992]  __do_sys_clone+0xba/0x100
[ 3148.976100][T27992]  ? kernel_clone+0x980/0x980
[ 3148.980793][T27992]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3148.986705][T27992]  do_syscall_64+0x39/0xb0
[ 3148.991126][T27992]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3148.997022][T27992] RIP: 0033:0x7f228be8d501
[ 3149.001451][T27992] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3149.021081][T27992] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3149.029516][T27992] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3149.037495][T27992] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3149.045474][T27992] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3149.053450][T27992] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3149.061425][T27992] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3149.069428][T27992]  </TASK>
01:22:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x700}, 0x0)

01:22:00 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="346c0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:00 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34740000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3149.622018][T27992] memory: usage 307184kB, limit 307200kB, failcnt 3784
[ 3149.629017][T27992] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3149.655463][T27992] Memory cgroup stats for /syz5:
[ 3149.655668][T27992] anon 90112
[ 3149.655668][T27992] file 155648
[ 3149.655668][T27992] kernel 314310656
[ 3149.655668][T27992] kernel_stack 65536
[ 3149.655668][T27992] pagetables 73728
[ 3149.655668][T27992] sec_pagetables 0
[ 3149.655668][T27992] percpu 5436928
[ 3149.655668][T27992] sock 0
[ 3149.655668][T27992] vmalloc 0
[ 3149.655668][T27992] shmem 155648
[ 3149.655668][T27992] zswap 0
[ 3149.655668][T27992] zswapped 0
[ 3149.655668][T27992] file_mapped 155648
[ 3149.655668][T27992] file_dirty 0
[ 3149.655668][T27992] file_writeback 0
[ 3149.655668][T27992] swapcached 0
[ 3149.655668][T27992] anon_thp 0
[ 3149.655668][T27992] file_thp 0
[ 3149.655668][T27992] shmem_thp 0
[ 3149.655668][T27992] inactive_anon 94208
[ 3149.655668][T27992] active_anon 151552
[ 3149.655668][T27992] inactive_file 0
[ 3149.655668][T27992] active_file 0
[ 3149.655668][T27992] unevictable 0
[ 3149.655668][T27992] slab_reclaimable 13416
[ 3149.655668][T27992] slab_unreclaimable 308686840
[ 3150.021516][T27992] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27992,uid=0
[ 3150.124620][T27992] Memory cgroup out of memory: Killed process 27992 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:01 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xdb01000000000000)

01:22:01 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xb}, 0x0)

01:22:01 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x70f}, 0x0)

01:22:01 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x1100000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:01 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0xb403030000000000}, 0x0)

01:22:01 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="347a0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:01 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="348e0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3150.279335][T28015] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:01 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x710}, 0x0)

01:22:01 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34a00000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:01 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xc}, 0x0)

01:22:01 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x600}}}]}, 0x38}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3150.599490][T28025] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3150.625696][T28033] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3150.646049][T28025] CPU: 1 PID: 28025 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3150.656512][T28025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3150.666589][T28025] Call Trace:
[ 3150.669886][T28025]  <TASK>
[ 3150.672836][T28025]  dump_stack_lvl+0xd1/0x138
[ 3150.677457][T28025]  dump_header+0x10b/0x85f
[ 3150.681926][T28025]  oom_kill_process.cold+0x10/0x15
[ 3150.687080][T28025]  out_of_memory+0x35c/0x14a0
[ 3150.691796][T28025]  ? find_held_lock+0x2d/0x110
[ 3150.696595][T28025]  ? oom_killer_disable+0x280/0x280
[ 3150.701833][T28025]  ? find_held_lock+0x2d/0x110
[ 3150.706638][T28025]  mem_cgroup_out_of_memory+0x206/0x270
[ 3150.712217][T28025]  ? mem_cgroup_margin+0x130/0x130
[ 3150.717360][T28025]  ? lock_downgrade+0x6e0/0x6e0
[ 3150.722269][T28025]  try_charge_memcg+0xef8/0x12f0
[ 3150.727250][T28025]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3150.733272][T28025]  ? rcu_read_unlock+0x9/0x60
[ 3150.737973][T28025]  ? lock_downgrade+0x6e0/0x6e0
[ 3150.742944][T28025]  charge_memcg+0x99/0x3b0
[ 3150.747399][T28025]  __mem_cgroup_charge+0x2b/0x90
[ 3150.752374][T28025]  wp_page_copy+0x2bf/0x1ca0
[ 3150.756994][T28025]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3150.763591][T28025]  ? lock_downgrade+0x6e0/0x6e0
[ 3150.768454][T28025]  ? vm_normal_page+0x14a/0x2a0
[ 3150.773324][T28025]  do_wp_page+0x1d1/0x1930
[ 3150.777759][T28025]  __handle_mm_fault+0x181b/0x3a40
[ 3150.782885][T28025]  ? vm_iomap_memory+0x190/0x190
[ 3150.787854][T28025]  handle_mm_fault+0x1cc/0x780
[ 3150.792629][T28025]  do_user_addr_fault+0x475/0x1210
[ 3150.797753][T28025]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3150.803316][T28025]  exc_page_fault+0x98/0x170
[ 3150.807924][T28025]  asm_exc_page_fault+0x26/0x30
[ 3150.812780][T28025] RIP: 0033:0x7f228be39580
[ 3150.817198][T28025] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3150.836807][T28025] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
01:22:01 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34aa0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3150.842877][T28025] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3150.850847][T28025] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3150.858817][T28025] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3150.866787][T28025] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3150.874757][T28025] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3150.882728][T28025]  ? __x64_sys_socket+0x11/0xb0
[ 3150.887601][T28025]  </TASK>
[ 3151.027231][T28025] memory: usage 307200kB, limit 307200kB, failcnt 3883
[ 3151.034287][T28025] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3151.101550][T28025] Memory cgroup stats for /syz5:
[ 3151.101769][T28025] anon 102400
[ 3151.101769][T28025] file 155648
[ 3151.101769][T28025] kernel 314314752
[ 3151.101769][T28025] kernel_stack 65536
[ 3151.101769][T28025] pagetables 73728
[ 3151.101769][T28025] sec_pagetables 0
[ 3151.101769][T28025] percpu 5436928
[ 3151.101769][T28025] sock 0
[ 3151.101769][T28025] vmalloc 0
[ 3151.101769][T28025] shmem 155648
[ 3151.101769][T28025] zswap 0
[ 3151.101769][T28025] zswapped 0
[ 3151.101769][T28025] file_mapped 155648
[ 3151.101769][T28025] file_dirty 0
[ 3151.101769][T28025] file_writeback 0
[ 3151.101769][T28025] swapcached 0
[ 3151.101769][T28025] anon_thp 0
[ 3151.101769][T28025] file_thp 0
[ 3151.101769][T28025] shmem_thp 0
[ 3151.101769][T28025] inactive_anon 106496
[ 3151.101769][T28025] active_anon 151552
[ 3151.101769][T28025] inactive_file 0
[ 3151.101769][T28025] active_file 0
[ 3151.101769][T28025] unevictable 0
[ 3151.101769][T28025] slab_reclaimable 15344
[ 3151.101769][T28025] slab_unreclaimable 308687952
[ 3151.861473][T28025] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28025,uid=0
[ 3151.910368][T28025] Memory cgroup out of memory: Killed process 28025 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:02 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xdb10020000000000)

01:22:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x900}, 0x0)

01:22:02 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34b20000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:02 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xe}, 0x0)

01:22:02 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x1300000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:02 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x60}}}]}, 0x38}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3152.063792][T28047] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:03 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34ba0000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:03 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xa00}, 0x0)

[ 3152.218372][T28053] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 3152.296123][T28053] CPU: 1 PID: 28053 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3152.306597][T28053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3152.316677][T28053] Call Trace:
[ 3152.319980][T28053]  <TASK>
[ 3152.322927][T28053]  dump_stack_lvl+0xd1/0x138
[ 3152.327546][T28053]  dump_header+0x10b/0x85f
[ 3152.332006][T28053]  oom_kill_process.cold+0x10/0x15
[ 3152.337158][T28053]  out_of_memory+0x35c/0x14a0
[ 3152.341870][T28053]  ? find_held_lock+0x2d/0x110
[ 3152.346670][T28053]  ? oom_killer_disable+0x280/0x280
[ 3152.351908][T28053]  ? find_held_lock+0x2d/0x110
[ 3152.356709][T28053]  mem_cgroup_out_of_memory+0x206/0x270
[ 3152.362287][T28053]  ? mem_cgroup_margin+0x130/0x130
[ 3152.367423][T28053]  ? lock_downgrade+0x6e0/0x6e0
[ 3152.372331][T28053]  try_charge_memcg+0xef8/0x12f0
[ 3152.377306][T28053]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3152.383302][T28053]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3152.389116][T28053]  ? lock_downgrade+0x6e0/0x6e0
[ 3152.394070][T28053]  ? lock_downgrade+0x6e0/0x6e0
[ 3152.398930][T28053]  ? rcu_read_unlock+0x9/0x60
[ 3152.403628][T28053]  obj_cgroup_charge+0x2af/0x5e0
[ 3152.408580][T28053]  __kmem_cache_alloc_node+0xad/0x3e0
[ 3152.413960][T28053]  ? copy_semundo+0x18b/0x300
[ 3152.418670][T28053]  kmalloc_trace+0x26/0x60
[ 3152.423095][T28053]  copy_semundo+0x18b/0x300
[ 3152.427610][T28053]  copy_process+0x23f4/0x7190
[ 3152.432312][T28053]  ? __cleanup_sighand+0xb0/0xb0
[ 3152.437259][T28053]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3152.443252][T28053]  ? psi_memstall_leave+0x174/0x250
[ 3152.448469][T28053]  kernel_clone+0xeb/0x980
[ 3152.452915][T28053]  ? create_io_thread+0xf0/0xf0
[ 3152.457862][T28053]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3152.464109][T28053]  ? lock_downgrade+0x6e0/0x6e0
[ 3152.468982][T28053]  __do_sys_clone+0xba/0x100
[ 3152.473598][T28053]  ? kernel_clone+0x980/0x980
[ 3152.478296][T28053]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3152.484228][T28053]  do_syscall_64+0x39/0xb0
[ 3152.488652][T28053]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3152.494548][T28053] RIP: 0033:0x7f228be8d501
[ 3152.498979][T28053] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3152.518605][T28053] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3152.527027][T28053] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3152.535001][T28053] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
01:22:03 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34c80000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3152.542969][T28053] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3152.550940][T28053] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3152.558908][T28053] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3152.566903][T28053]  </TASK>
01:22:03 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xf}, 0x0)

01:22:03 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34f00000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3152.827053][T28072] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:03 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340a0100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3153.481468][T28053] memory: usage 307184kB, limit 307200kB, failcnt 3977
[ 3153.488520][T28053] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3153.561729][T28053] Memory cgroup stats for /syz5:
[ 3153.561954][T28053] anon 90112
[ 3153.561954][T28053] file 155648
[ 3153.561954][T28053] kernel 314310656
[ 3153.561954][T28053] kernel_stack 65536
[ 3153.561954][T28053] pagetables 73728
[ 3153.561954][T28053] sec_pagetables 0
[ 3153.561954][T28053] percpu 5436928
[ 3153.561954][T28053] sock 0
[ 3153.561954][T28053] vmalloc 0
[ 3153.561954][T28053] shmem 155648
[ 3153.561954][T28053] zswap 0
[ 3153.561954][T28053] zswapped 0
[ 3153.561954][T28053] file_mapped 155648
[ 3153.561954][T28053] file_dirty 0
[ 3153.561954][T28053] file_writeback 0
[ 3153.561954][T28053] swapcached 0
[ 3153.561954][T28053] anon_thp 0
[ 3153.561954][T28053] file_thp 0
[ 3153.561954][T28053] shmem_thp 0
[ 3153.561954][T28053] inactive_anon 94208
[ 3153.561954][T28053] active_anon 151552
[ 3153.561954][T28053] inactive_file 0
[ 3153.561954][T28053] active_file 0
[ 3153.561954][T28053] unevictable 0
[ 3153.561954][T28053] slab_reclaimable 13416
[ 3153.561954][T28053] slab_unreclaimable 308686840
[ 3153.925055][T28053] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28053,uid=0
[ 3153.995436][T28053] Memory cgroup out of memory: Killed process 28053 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:05 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xdc10020000000000)

01:22:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xbb0}, 0x0)

01:22:05 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34200100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:05 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x6000000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:05 executing program 1:
shutdown(0xffffffffffffffff, 0x1)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x40000000000009c, 0x4004004)

01:22:05 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x10}, 0x0)

01:22:05 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34220100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:05 executing program 1:
shutdown(0xffffffffffffffff, 0x1)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x40000000000009c, 0x4004004)
shutdown(0xffffffffffffffff, 0x1) (async)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) (async)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) (async)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x40000000000009c, 0x4004004) (async)

[ 3154.193384][T28086] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:05 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="343a0100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3154.340568][T28084] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:22:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xc00}, 0x0)

[ 3154.407983][T28084] CPU: 1 PID: 28084 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3154.418454][T28084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3154.428539][T28084] Call Trace:
[ 3154.431834][T28084]  <TASK>
[ 3154.434822][T28084]  dump_stack_lvl+0xd1/0x138
[ 3154.439437][T28084]  dump_header+0x10b/0x85f
[ 3154.443891][T28084]  oom_kill_process.cold+0x10/0x15
[ 3154.449049][T28084]  out_of_memory+0x35c/0x14a0
01:22:05 executing program 1:
shutdown(0xffffffffffffffff, 0x1) (async)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) (async)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) (async)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x40000000000009c, 0x4004004)

[ 3154.453767][T28084]  ? find_held_lock+0x2d/0x110
[ 3154.458567][T28084]  ? oom_killer_disable+0x280/0x280
[ 3154.463805][T28084]  ? find_held_lock+0x2d/0x110
[ 3154.468608][T28084]  mem_cgroup_out_of_memory+0x206/0x270
[ 3154.474184][T28084]  ? mem_cgroup_margin+0x130/0x130
[ 3154.479330][T28084]  ? lock_downgrade+0x6e0/0x6e0
[ 3154.484241][T28084]  try_charge_memcg+0xef8/0x12f0
[ 3154.489230][T28084]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3154.495260][T28084]  ? rcu_read_unlock+0x9/0x60
[ 3154.499962][T28084]  ? lock_downgrade+0x6e0/0x6e0
[ 3154.504867][T28084]  charge_memcg+0x99/0x3b0
[ 3154.509323][T28084]  __mem_cgroup_charge+0x2b/0x90
[ 3154.514302][T28084]  wp_page_copy+0x2bf/0x1ca0
[ 3154.518933][T28084]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3154.525555][T28084]  ? lock_downgrade+0x6e0/0x6e0
[ 3154.530442][T28084]  ? vm_normal_page+0x14a/0x2a0
[ 3154.535343][T28084]  do_wp_page+0x1d1/0x1930
[ 3154.539797][T28084]  __handle_mm_fault+0x181b/0x3a40
[ 3154.544953][T28084]  ? vm_iomap_memory+0x190/0x190
[ 3154.549954][T28084]  handle_mm_fault+0x1cc/0x780
[ 3154.554755][T28084]  do_user_addr_fault+0x475/0x1210
[ 3154.559901][T28084]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3154.565498][T28084]  exc_page_fault+0x98/0x170
[ 3154.570120][T28084]  asm_exc_page_fault+0x26/0x30
[ 3154.575005][T28084] RIP: 0033:0x7f228be39580
[ 3154.579445][T28084] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3154.599083][T28084] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3154.605184][T28084] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3154.613193][T28084] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3154.621199][T28084] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3154.629203][T28084] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3154.637215][T28084] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3154.645219][T28084]  ? __x64_sys_socket+0x11/0xb0
[ 3154.650131][T28084]  </TASK>
01:22:05 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34420100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3154.741527][T28084] memory: usage 307200kB, limit 307200kB, failcnt 4069
[ 3154.759146][T28084] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3154.813227][T28084] Memory cgroup stats for /syz5:
[ 3154.813439][T28084] anon 102400
[ 3154.813439][T28084] file 155648
[ 3154.813439][T28084] kernel 314314752
[ 3154.813439][T28084] kernel_stack 65536
[ 3154.813439][T28084] pagetables 73728
[ 3154.813439][T28084] sec_pagetables 0
[ 3154.813439][T28084] percpu 5436928
[ 3154.813439][T28084] sock 0
[ 3154.813439][T28084] vmalloc 0
[ 3154.813439][T28084] shmem 155648
[ 3154.813439][T28084] zswap 0
[ 3154.813439][T28084] zswapped 0
[ 3154.813439][T28084] file_mapped 155648
[ 3154.813439][T28084] file_dirty 0
[ 3154.813439][T28084] file_writeback 0
[ 3154.813439][T28084] swapcached 0
[ 3154.813439][T28084] anon_thp 0
[ 3154.813439][T28084] file_thp 0
[ 3154.813439][T28084] shmem_thp 0
[ 3154.813439][T28084] inactive_anon 106496
[ 3154.813439][T28084] active_anon 151552
[ 3154.813439][T28084] inactive_file 0
[ 3154.813439][T28084] active_file 0
[ 3154.813439][T28084] unevictable 0
[ 3154.813439][T28084] slab_reclaimable 15344
[ 3154.813439][T28084] slab_unreclaimable 308687952
[ 3155.361541][T28084] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28084,uid=0
[ 3155.391786][T28084] Memory cgroup out of memory: Killed process 28084 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:06 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xdd10020000000000)

01:22:06 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x11}, 0x0)

01:22:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xc85}, 0x0)

01:22:06 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="6e79b2ef00000000080000000000e50b00000000000000006ff5296f41ee262f315605a76886172588e2ba95fbbba283e939383560710337f8f241dc04e481af5612"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r3, 0x116, 0x80, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r4, &(0x7f0000000000), 0x248800)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0)
r6 = socket$kcm(0x29, 0x2, 0x0)
sendfile(r6, r5, 0x0, 0x100000004)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r7, &(0x7f0000000000), 0x248800)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r8, &(0x7f0000000000), 0x248800)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x19, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000000)='GPL\x00', 0x9, 0x1d, &(0x7f00000002c0)=""/29, 0x41100, 0x2, '\x00', 0x0, 0x18, r4, 0x8, &(0x7f0000000300)={0x9, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x3, 0xb, 0x20, 0x401}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000380)=[0xffffffffffffffff, 0x1, 0x1, r5, r7, r8]}, 0x80)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r9=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)

01:22:06 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="344a0100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:06 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x6558000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:06 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="6e79b2ef00000000080000000000e50b00000000000000006ff5296f41ee262f315605a76886172588e2ba95fbbba283e939383560710337f8f241dc04e481af5612"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r3, 0x116, 0x80, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r4, &(0x7f0000000000), 0x248800)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0)
r6 = socket$kcm(0x29, 0x2, 0x0)
sendfile(r6, r5, 0x0, 0x100000004)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r7, &(0x7f0000000000), 0x248800)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r8, &(0x7f0000000000), 0x248800)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x19, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000000)='GPL\x00', 0x9, 0x1d, &(0x7f00000002c0)=""/29, 0x41100, 0x2, '\x00', 0x0, 0x18, r4, 0x8, &(0x7f0000000300)={0x9, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x3, 0xb, 0x20, 0x401}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000380)=[0xffffffffffffffff, 0x1, 0x1, r5, r7, r8]}, 0x80)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r9=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="6e79b2ef00000000080000000000e50b00000000000000006ff5296f41ee262f315605a76886172588e2ba95fbbba283e939383560710337f8f241dc04e481af5612"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) (async)
socket(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) (async)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) (async)
setsockopt$CAIFSO_REQ_PARAM(r3, 0x116, 0x80, 0x0, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async)
write$cgroup_type(r4, &(0x7f0000000000), 0x248800) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) (async)
socket$kcm(0x29, 0x2, 0x0) (async)
sendfile(r6, r5, 0x0, 0x100000004) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async)
write$cgroup_type(r7, &(0x7f0000000000), 0x248800) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async)
write$cgroup_type(r8, &(0x7f0000000000), 0x248800) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x19, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000000)='GPL\x00', 0x9, 0x1d, &(0x7f00000002c0)=""/29, 0x41100, 0x2, '\x00', 0x0, 0x18, r4, 0x8, &(0x7f0000000300)={0x9, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x3, 0xb, 0x20, 0x401}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000380)=[0xffffffffffffffff, 0x1, 0x1, r5, r7, r8]}, 0x80) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00'}) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) (async)

01:22:06 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="345a0100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3155.638185][T28118] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xc86}, 0x0)

01:22:06 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34620100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:06 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34920100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xe00}, 0x0)

[ 3156.034392][T28133] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 3156.159391][T28133] CPU: 0 PID: 28133 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3156.169865][T28133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3156.179971][T28133] Call Trace:
[ 3156.183331][T28133]  <TASK>
[ 3156.186295][T28133]  dump_stack_lvl+0xd1/0x138
[ 3156.190924][T28133]  dump_header+0x10b/0x85f
[ 3156.195380][T28133]  oom_kill_process.cold+0x10/0x15
[ 3156.200533][T28133]  out_of_memory+0x35c/0x14a0
[ 3156.205247][T28133]  ? find_held_lock+0x2d/0x110
[ 3156.210047][T28133]  ? oom_killer_disable+0x280/0x280
[ 3156.215296][T28133]  ? find_held_lock+0x2d/0x110
[ 3156.220101][T28133]  mem_cgroup_out_of_memory+0x206/0x270
[ 3156.225682][T28133]  ? mem_cgroup_margin+0x130/0x130
[ 3156.230819][T28133]  ? lock_downgrade+0x6e0/0x6e0
[ 3156.235897][T28133]  try_charge_memcg+0xef8/0x12f0
[ 3156.240874][T28133]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3156.246958][T28133]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3156.252708][T28133]  ? lock_downgrade+0x6e0/0x6e0
[ 3156.257604][T28133]  ? lock_downgrade+0x6e0/0x6e0
[ 3156.262486][T28133]  ? rcu_read_unlock+0x9/0x60
[ 3156.267188][T28133]  obj_cgroup_charge+0x2af/0x5e0
[ 3156.272143][T28133]  __kmem_cache_alloc_node+0xad/0x3e0
[ 3156.277525][T28133]  ? copy_semundo+0x18b/0x300
[ 3156.282223][T28133]  kmalloc_trace+0x26/0x60
[ 3156.286647][T28133]  copy_semundo+0x18b/0x300
[ 3156.291165][T28133]  copy_process+0x23f4/0x7190
[ 3156.295868][T28133]  ? __cleanup_sighand+0xb0/0xb0
[ 3156.300809][T28133]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3156.306810][T28133]  ? psi_memstall_leave+0x174/0x250
[ 3156.312025][T28133]  kernel_clone+0xeb/0x980
[ 3156.316456][T28133]  ? create_io_thread+0xf0/0xf0
[ 3156.321313][T28133]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3156.327560][T28133]  ? lock_downgrade+0x6e0/0x6e0
[ 3156.332437][T28133]  __do_sys_clone+0xba/0x100
[ 3156.337032][T28133]  ? kernel_clone+0x980/0x980
[ 3156.341732][T28133]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3156.347643][T28133]  do_syscall_64+0x39/0xb0
[ 3156.352070][T28133]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3156.357968][T28133] RIP: 0033:0x7f228be8d501
[ 3156.362387][T28133] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3156.382001][T28133] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3156.390420][T28133] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3156.398391][T28133] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3156.406363][T28133] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3156.414334][T28133] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3156.422303][T28133] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3156.430295][T28133]  </TASK>
[ 3156.793334][T28133] memory: usage 307184kB, limit 307200kB, failcnt 4190
[ 3156.800317][T28133] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3156.821521][T28133] Memory cgroup stats for /syz5:
[ 3156.821730][T28133] anon 90112
[ 3156.821730][T28133] file 155648
[ 3156.821730][T28133] kernel 314310656
[ 3156.821730][T28133] kernel_stack 65536
[ 3156.821730][T28133] pagetables 73728
[ 3156.821730][T28133] sec_pagetables 0
[ 3156.821730][T28133] percpu 5436928
[ 3156.821730][T28133] sock 0
[ 3156.821730][T28133] vmalloc 0
[ 3156.821730][T28133] shmem 155648
[ 3156.821730][T28133] zswap 0
[ 3156.821730][T28133] zswapped 0
[ 3156.821730][T28133] file_mapped 155648
[ 3156.821730][T28133] file_dirty 0
[ 3156.821730][T28133] file_writeback 0
[ 3156.821730][T28133] swapcached 0
[ 3156.821730][T28133] anon_thp 0
[ 3156.821730][T28133] file_thp 0
[ 3156.821730][T28133] shmem_thp 0
[ 3156.821730][T28133] inactive_anon 94208
[ 3156.821730][T28133] active_anon 151552
[ 3156.821730][T28133] inactive_file 0
[ 3156.821730][T28133] active_file 0
[ 3156.821730][T28133] unevictable 0
[ 3156.821730][T28133] slab_reclaimable 13416
[ 3156.821730][T28133] slab_unreclaimable 308686840
[ 3157.201454][T28133] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28133,uid=0
[ 3157.284938][T28133] Memory cgroup out of memory: Killed process 28133 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:08 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xde10020000000000)

01:22:08 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x13}, 0x0)

01:22:08 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="6e79b2ef00000000080000000000e50b00000000000000006ff5296f41ee262f315605a76886172588e2ba95fbbba283e939383560710337f8f241dc04e481af5612"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) (async)
r1 = socket(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff}) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r3, 0x116, 0x80, 0x0, 0x0) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r4, &(0x7f0000000000), 0x248800) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0)
r6 = socket$kcm(0x29, 0x2, 0x0)
sendfile(r6, r5, 0x0, 0x100000004) (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r7, &(0x7f0000000000), 0x248800) (async)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r8, &(0x7f0000000000), 0x248800)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x19, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000000)='GPL\x00', 0x9, 0x1d, &(0x7f00000002c0)=""/29, 0x41100, 0x2, '\x00', 0x0, 0x18, r4, 0x8, &(0x7f0000000300)={0x9, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x3, 0xb, 0x20, 0x401}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000380)=[0xffffffffffffffff, 0x1, 0x1, r5, r7, r8]}, 0x80) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r9=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)

01:22:08 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="349a0100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:08 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xf00}, 0x0)

01:22:08 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x8100000000000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:08 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={<r1=>0x0, <r2=>0x0})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
socket(0x0, 0xa, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000009c0)={0x0}, 0x1, 0x0, 0x0, 0x48011}, 0x40000850)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000480)='rcu_utilization\x00', r3}, 0x10)
sendfile(r2, r0, 0x0, 0x7fffffff)
recvmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x80, &(0x7f0000001480)=[{&(0x7f00000013c0)=""/162, 0xa2}, {&(0x7f0000001300)=""/105, 0x69}], 0x2, &(0x7f00000001c0)=""/17, 0x11, 0x6e01}, 0x3f00)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xf)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r5, 0x8983, &(0x7f0000000040))
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r5, 0x8982, &(0x7f0000000000)={0x1, 'vlan1\x00', {}, 0xfe01})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f0000000100)={<r6=>0x0})
ioctl$BTRFS_IOC_TREE_SEARCH(r5, 0xd0009411, &(0x7f0000000300)={{r6, 0x0, 0x1000, 0x3, 0x1, 0x8, 0x1f, 0x3, 0x6, 0x40000000, 0x100, 0x1, 0x3, 0xcc}})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000002a40)=ANY=[@ANYRES64=r6, @ANYBLOB="0100000000000000d5090000000000000700000000000000080027a0000000000100008000000000040000000000000000020000ff0700000100010001040000050000000000000040000000000000000900000000000000050000000000000040000000000000000000000000001200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000006367b46abbcf99536de54c2257792c0000000000000000628d1c360c310fe6ff663d3bccb664a61389cd9d92f28a92b77b1977f6e5c6c77a1af29c1b5025aa0942c12270eb59965d2b16d608a0c7b68ee84bdc54845682f9b57615865da8830fbcaf3805c3eb7d045649d1ac4c7f6a87443df4b4ad0f99287358ca2121ad172cdf7f0f85df59bfabf119588077580ef6dba20449611fcd41ae817cab75f21fcc4cd624452c15e5eb6b1031b9485050f46010915eabcff9c9372795bbe4184b937ab0a52aa0ea181828a534665f0b71528e0412e302415b85bdac261be66a0cbe7c2752cc98b7d3f03468a44c7aba09ee5eb525b451e84553dc82ee427aaa638ca3285ef07672797690332b2862a5a8f64b231f789d05e2fe33663f3ad84064f1abfc22d29d95199805733012d70116ba8a0ff698664bcad931cb3e808d0e09f20615f0bcb155431563d164dd67989d62cad1fc4db9662ea8159638c9ae9e9d2cae7b26a2d1c5f1910e8bc427ae5edd02679660f485d5dfa90360adc87a87521eda2cbf561db0f6008b3317154088024478088200841ed7040339c7680379341600"])
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000001800)={0x0, r6, "02b66c11beed7c64705a2327ec95767e4393a580b2c3043a2fcfb08839b8897467f4a525091f0f7d2480b2fbdcfd2a3924b674e8aed38628fb035a463934e151ef7c0289d4fd7b308135026f77657ca78a849330727be579703bef5f51cf16a7198f8eb8e962cc55e47a88645dc99b6e4dfd15399b64e979124ef3a9120208d05d9de3ff1ce9cc9e6353b97b13c914e3530a6ec5b967674f3cbc69538c66356f6777af618dd96e1730048727e1752cc8139776c1e5061154ffe7838008ce90ccbf0827c03a28016d5f3bdabbc98bee9c405509e3e094ba1677d6b347061c346722828810ba1b68424c585770f6527f3856630aedb97f2ed5ff2e013d5d412046", "e26481ed1e7c639b5947fa03672a9556f2d9c88f35f8f8b62d6b01c1aef3d08f4ee43881217f959db47d280e8448925694f755ec0256840e58a31c14f0d78d223c58da8e0bd812fb893403e655823624c9e0581484207a6d914ad9befaa148971274f98aa0b753b38761ffcd20135aa09bee95ffc38cfb410de6eb0b1c0eaf69af8375bb982d21281acaa2966378f31ed037b8789d3bf55cda6f1fdefac7c7d4eec101525b850f72c5d3515de41ea6c4cc0a1d4c9d0e83fe98d8baa6325482d6270833cf890aba6768abf6a6ac45c0268bac824f692a521bf8500ce437d7bd4ecafbf918c063d8af3d110e24ddc569f535794d4c8c4ab3897b27310c8d39efca731b7a22caf0ec5f2df04ce6b496582e72b5cbb10480d59c191cd3eca3d3a973fe653216cd08c8de4098133f85da499af2f6a6c7513755f40d13810388f5476a67bb722dc832e4af4c76fda32aa9699c8191a644df90df4b2b2e7993e90bee48e3b65cbc84de44a15926c157018e46c849d57933b96f67dcec40eb733515b880aabbfd1324433ef61e0a112430d3829717820a9eb79c8767614facf386e07a7df2ceb2e9f9d33d65d33fecc7697f5bf74769a67ac297756ec495eaf87674ad5fae2fd772301896e85c617328f32f69bb718bf1ade1d8fd637a6bb4c7044929bf43757821b2bde4ce2ec164ef3841458207326249547ccd2c3ca3467e8c5474cb820ee8647c90d2da6af054fa1f25afb1b0792dcf21b2736c67fc8119a6bdbe19689bb639113f5b9165a50b6f2df8dd8c549220488da3bb10e45dcc7a6207635a550e5ee913aa8ec6ea5f92ba59eb003424e6ea472df633220c8e9644d5bf2f4b01027fc5c0422c39932531e1be7e62e021ac4592b57d95720d5ae86f4bd11d95ad82569ab24e0d1b5a144e6fbcc76c4d7800a70069a852979a3a1f02fcbef6bfeff2101576c998109c65350175bd05435d4be236097340cfafadfde768b1176e6c40f34731164afcd0c3620a0cd015494e432e9aff2c59a4cf476d9037a398183fe74789da0300172e1c02173ff867faf6fbed165ca819be3e4ea05fb6ff1633430984bece64ef93ff8d012b9c321941d59f5b8572008f6bb22597864ea1fbd6b9e349b6d9dc1adc185ea32d5e67e44ac5ebea2063635a53e1718a4246ea47a8874daae0ac6653f821f381a940cbfc98d4a25aea33c63309ee1c6c20f349b673509f09b5381956611359754bdb2eeda100ccb4834596de45556611d5b568f2604653c2129a7d5bd50a209a6d4a956c108b5349a8d208431a2edb17d7650332d308ea2e6f324e589f0e98de49ab655a77509637f0a65614c33f16f91e0d6305e8f9ba0766154e1599f67005ff75af7a6143e574acb799f2363dbb37971fc451c0054b5753de3e2278afe06b9e64b93ab09b4985fe26626a6266da1088f7b9755ac8a9e4e6e99a0dedfe2b1509de12f75d9dea83475543d2b328e986779f4992c870ad128b9d09e8ebcc264e8bb5b85d6d62ab902b8ed7409448cc26a777882627bf3e0c9cdd473289154560c2838c6d4fdaea97ff5d7992909c67710dfeb4977ea7bc06d77b06a19efa42178c46a3fa66ed7d6e2b67ab86be5d94721b099947563db706c5c3a12744ea61d63fce93f546f2669c50b6568e3f32d79bfc75adefc21ee93c5c5360cf2e7ac19571c3663857baf3325b666570642da4dcb309dab05b7ad05bf832d28fa8e871f7b89d6f4327953f4dbde3aac022f4dfe050d0924427e39a8027fbc4b54c4a8c2bf35f8c11c9c0ac4bc1fc31d6bdb2cee2675c5a782aa3ab5ffcc7be7207c89cdb8546fcfdd3a5aadfee5a296abd9afc127ebbf580649e9132b55d9f40a3778af49248b593e00c9f4812b8f7adb7323ab7852e4ed09c55aa356b2e8fee6eb14be3659fdf821d23ac556845f70670d8b6a417c29ac0b1585ea865634c0c921e9d930d4018f66d1e024179d80a7154c491c8662d427ab44a3633480782889f1d00c1d182ede30d4127d769291ef408b574a41c29153b7d949d4648b60a4faf32b380dbc87146c36479d47023876abd4ae7e289ba79d988f6c3a86a75bdc784bea2f0b7e2f77cb1282f54a18e1117e50ffa46ac208fcf8a7b5751e83b3e80cb428e4c2ae63ca3cf7b2c4353303edfe328626391f7925f1ab4ef1c7d0f54d0e45590188ecdb6d2c9c0db9b0552dc81b21dc1bbe9e94be5f78dad11f53d6fc3602e9ffb872d3557c44a133ee94e50d57d5eae2214569975982c63f22750db6f5c979ed81b3f68fe6be6daa85bcd98f25548c1d4db1f15394bc708933e0352e4059bedbf832abaf75e9bdca6fea93600357ca4153357d2e0661a308edf82c0f53e7a121c7e1e8bafdc5fdb61c21f4716d06b43a8395aa915a34c4dc4b5b15ba70a4e163728a9966515682b9ca3c2499aeb17a3c17f905fefed806b504f77c52564006273282db5e0c70565ee1016fc7c241830bef951294db9682ef41742b6550246e539143f15d6c2f017a8083ec97eb3a2de8bc2d8d5fec2b9b88996b3ff6c5aa5bed326f72fe9190de74a83e380b9fe89324421697d124d9a1bd3ced8e1856923147958582d737a36da6af4a0fd92b83f0ef0cb1a725d3a5ecb3a39ad039d200989a281a0686336457824ef582698222b7a063475b793a21745d6701940a0baf124461ad71de8dff6a6f7ed676d107e01ae6b7b79aa1f96efce91039dead977bf70365de8ebb3ec06634246d62f78287831984accef27048794468f520db5c71b4fa94818ddc7394fa1b609adb8cc80c0f32efac26a47bd74119100f0cfdcb889aab1019786cc0eefc1e4295ae919e9f6c8c8a16aa76a2bfe39adf5929e9b9925da0241e734378fe140981e3536bf0b77eb0263297a936a5f37605f128d79b16723b953331f99633b8d29ad1d1dbdb74188488ea0d1b7e0ddb652c040aa0477a079e92618e52f3b7ceebd62e0f0c6946469c19ae828b7eed288c3a53320c9d5468c39d608bd42d967a21e6b788de7c6826d1b99130083182562f63443290aeeb24308d3eb4881547db34b284d9af2bd7cac0d2f66bd14758c079c345d2bce3e1efc3599b0d06e69a92db7e05473673726e1848df75e83df50f98a9321468c10c6514dd7b3cb5b0ddf2fef13284463fe88ef2bc95d51288e41e3e0ba5c91bd686d7f7658b5bac8e3991a0f3b36f004585d9edd09d478ede73e7da067ea502894fc1247e62c1a84c9065ffccc3da96f07ddce135ceafdd784dda6f64a7add400d21ae13abf98e90fb96fcda23a8ad79905428a349b2230c19cf8cdca1724382bd19b4b075438098bd46cbc668bcbdcf1da85f733a50669f976a7106ff1936f20d799e7d01b0beeba7057a90016fb2d36bb3d14e11ac077ffb91f139d16ae5e78d84559312c9fd1a91ff70e5d9b4fd279420f7647151fe951b705082230ad20415d2f605665cd9374a50f7fc3c32efe30e4c0fc84f0c0e0bcd35e46665e4f29371c1c96324f65a94c85874e8e3baba68b88acc85c38f466d7353b5a00953c8ff5522cf0903e646301e3539d047286d10be16d9fbef02d450b7b12b1ead250f68c4c893fbc6f48765f34a81c477966278a1c6945d14d6531f0b5e4cef4edaf3708a5787162c39b236272694b0a302465d01004fa9d516414c040c27fccbf38466023b06293bd07f31fcdbb3b5378a8b2c7886e1551b1caeab96f7f3c159075756f5f8aaa05b6f87f581d802903c36d84169f87c01a77c43284adf66daa38fe8633a8f6d258231466aba89bb9e56ef289d2815cde433e381ddf74852302684b974c80d0a1d7d578039120a2db36213d167687e9390ed8f14c709d3149d2f5cfbc42a9b85e6d10c4ee77270534fdff2ccb816dedc6377257a73ba2a4ea82c0cc4a81bfb939f710b109beb279edeeda345867c0130ff6fc0fbbbbd25d16d2e73f6ab2fbb4c72abc0713ef9e4690b72208c468fa64c21f2247867b5edd514e5be23733ef2136b10e03161fe3b4e6018933df1f97a8250747e6140780a064e0c35bfafcb8177a75e8fde25e61e1c6332bbf7ddc3a11910feb3bd66707a7c1a9f87b320298acec88135a177b2f6f3c0ff02765f34c30b078b58470cd227ce4c0a1a77e662180b28fb360c3fbf47ba8982510979b86332b6d8a53d5f3947665c119a71e5b6ddc64228b47c3e23c30ebbede354d71d2780456de3f717a384112ccc9805dfe107fc9440ab7abccd8463150ce1306778fbea9793d88c4a7864a925bac5da593d6b72ee2c743f0b732a10285d293359c8126004f06fa12c0b3ca9c1e9c0a75b587207965c49f7450cb4210da01e5604f83f849b7eb9cb3f73de4bcff064b4fe08580971184db940bf29d6b8cea027dbfe0b78d6fa574da4b5b4db57b4e1939213c9848537baaf8076b1db4e767a467ec6a47c67aa33df96d7113cc9884124bca5579ce0058618b1b1f13ff3b102ff54e6bde7e29fd555acd6ffe6429af27301b6bbda38403d8f6f3266d7724f517778e7b2c1e13e3d83104ce743857c07b70cb5be8d6d8757d63a3bedfc9de79cc7e96c9833e15fd65f1336178568c2453a49cfc8c8dcb4f5d978f0a6144d62a5da6fd75d08a41084d4c59b345e07a5f4446af6e5216cc8d94347d333030015e262036f0a4fa6d2ae523654c55b37ac179efb66d230de5c70a9b33738ef0cd4ba2710d9ec03f426701101182051516a9be380a07e2555a8cda03eafc72d2bc2bc1dcadde4bb819692c1736b0ed203c4934842d791aae9e10bf239cc5393c9faf967109444c8f44532766ca5481f0ac16d25753a121727271c71d97b401dafe91588b362f2798f047deece9f860624b2d5753e46f929f8c2d03753e7245ffed6d8e36c7b380c4fb6a27e087a38b5e4a80f0043f95e5a20701c62692e684a764074e47badcecf8b2145be47b5b7089c249abcf0743a61b517004d120929d7846a39a46e0ddbcf5334fc01aca0bff31e67da8b3c88e38504db1dc3940c55bee158ae6dfcce289cf91106397d8e3990149a86c819e0354d785a4eed76fa6380491b01efbc23e7189ec253884d384865bca5da9a0917d68144a0a02cde867c365d339a025b7c8a16b82e341719a259ede8f09c165a354fd3e8f5d59e349e7c36302cf8ed115537969b598337fe7575157c89a254c0829cdb243d3d788321c756bf2817721db4bead96e1f25be5b8c7100d149d13900b6c6491ddbdbeaef7753ed5c5d9b07449bfd023501075ec08c37c13df696bf73500bd440a6522f5b955862c5eee8dc6e875c5055350b3397a6b31d2b764308ad24aafd4113af76f38f4aaba9e24efa3ad5b1c008a6cad2411ef6c7276dd3a5a2ae8130f91c36c34137731426fdf5272ef4ac5c4415e2d0f7b50da3ae910ba22bb5b962351e841746b"})
write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x208e29c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r4, 0x0)

01:22:08 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34a20100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3157.483574][T28154] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3157.511000][T28150] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3157.555534][T28150] CPU: 0 PID: 28150 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3157.565998][T28150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3157.576074][T28150] Call Trace:
[ 3157.579368][T28150]  <TASK>
[ 3157.582313][T28150]  dump_stack_lvl+0xd1/0x138
[ 3157.586937][T28150]  dump_header+0x10b/0x85f
[ 3157.591403][T28150]  oom_kill_process.cold+0x10/0x15
[ 3157.596569][T28150]  out_of_memory+0x35c/0x14a0
[ 3157.601283][T28150]  ? find_held_lock+0x2d/0x110
[ 3157.606084][T28150]  ? oom_killer_disable+0x280/0x280
[ 3157.611317][T28150]  ? find_held_lock+0x2d/0x110
[ 3157.616112][T28150]  mem_cgroup_out_of_memory+0x206/0x270
[ 3157.621672][T28150]  ? mem_cgroup_margin+0x130/0x130
[ 3157.626800][T28150]  ? lock_downgrade+0x6e0/0x6e0
[ 3157.631691][T28150]  try_charge_memcg+0xef8/0x12f0
[ 3157.636744][T28150]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3157.642747][T28150]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3157.648480][T28150]  ? lock_downgrade+0x6e0/0x6e0
[ 3157.653350][T28150]  ? lock_downgrade+0x6e0/0x6e0
[ 3157.658228][T28150]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3157.663789][T28150]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3157.669958][T28150]  copy_process+0x73e/0x7190
[ 3157.674559][T28150]  ? __lock_acquire+0xbc3/0x56d0
[ 3157.679520][T28150]  ? __cleanup_sighand+0xb0/0xb0
[ 3157.684467][T28150]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3157.690467][T28150]  ? psi_memstall_leave+0x174/0x250
[ 3157.695691][T28150]  kernel_clone+0xeb/0x980
[ 3157.700120][T28150]  ? create_io_thread+0xf0/0xf0
[ 3157.704980][T28150]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3157.711229][T28150]  ? lock_downgrade+0x6e0/0x6e0
[ 3157.716104][T28150]  __do_sys_clone+0xba/0x100
[ 3157.720701][T28150]  ? kernel_clone+0x980/0x980
[ 3157.725398][T28150]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3157.731318][T28150]  do_syscall_64+0x39/0xb0
[ 3157.735740][T28150]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3157.741638][T28150] RIP: 0033:0x7f228be8d501
[ 3157.746054][T28150] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3157.765753][T28150] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3157.774168][T28150] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3157.782139][T28150] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3157.790112][T28150] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3157.798083][T28150] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3157.806053][T28150] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3157.814044][T28150]  </TASK>
01:22:08 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34aa0100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:08 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x60}, 0x0)

[ 3158.048354][T28168] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:09 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34c20100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:09 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34ca0100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3158.544782][T28150] memory: usage 307176kB, limit 307200kB, failcnt 4279
[ 3158.558210][T28150] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3158.590331][T28150] Memory cgroup stats for /syz5:
[ 3158.590549][T28150] anon 90112
[ 3158.590549][T28150] file 155648
[ 3158.590549][T28150] kernel 314302464
[ 3158.590549][T28150] kernel_stack 32768
[ 3158.590549][T28150] pagetables 73728
[ 3158.590549][T28150] sec_pagetables 0
[ 3158.590549][T28150] percpu 5436928
[ 3158.590549][T28150] sock 0
[ 3158.590549][T28150] vmalloc 0
[ 3158.590549][T28150] shmem 155648
[ 3158.590549][T28150] zswap 0
[ 3158.590549][T28150] zswapped 0
[ 3158.590549][T28150] file_mapped 155648
[ 3158.590549][T28150] file_dirty 0
[ 3158.590549][T28150] file_writeback 0
[ 3158.590549][T28150] swapcached 0
[ 3158.590549][T28150] anon_thp 0
[ 3158.590549][T28150] file_thp 0
[ 3158.590549][T28150] shmem_thp 0
[ 3158.590549][T28150] inactive_anon 94208
[ 3158.590549][T28150] active_anon 151552
[ 3158.590549][T28150] inactive_file 0
[ 3158.590549][T28150] active_file 0
[ 3158.590549][T28150] unevictable 0
[ 3158.590549][T28150] slab_reclaimable 13416
[ 3158.590549][T28150] slab_unreclaimable 308686840
[ 3158.812710][T28150] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28150,uid=0
[ 3159.007705][T28150] Memory cgroup out of memory: Killed process 28150 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
[ 3159.129464][T28152] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3159.183070][T28152] CPU: 1 PID: 28152 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3159.193544][T28152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3159.203629][T28152] Call Trace:
[ 3159.206930][T28152]  <TASK>
[ 3159.209886][T28152]  dump_stack_lvl+0xd1/0x138
[ 3159.214524][T28152]  dump_header+0x10b/0x85f
[ 3159.218984][T28152]  oom_kill_process.cold+0x10/0x15
[ 3159.224129][T28152]  out_of_memory+0x35c/0x14a0
[ 3159.228862][T28152]  ? oom_killer_disable+0x280/0x280
[ 3159.234104][T28152]  ? find_held_lock+0x2d/0x110
[ 3159.238906][T28152]  mem_cgroup_out_of_memory+0x206/0x270
[ 3159.244482][T28152]  ? mem_cgroup_margin+0x130/0x130
[ 3159.249620][T28152]  ? lock_downgrade+0x6e0/0x6e0
[ 3159.254620][T28152]  try_charge_memcg+0xef8/0x12f0
[ 3159.259604][T28152]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3159.265626][T28152]  ? rcu_read_unlock+0x9/0x60
[ 3159.270328][T28152]  ? lock_downgrade+0x6e0/0x6e0
[ 3159.275233][T28152]  charge_memcg+0x99/0x3b0
[ 3159.279691][T28152]  __mem_cgroup_charge+0x2b/0x90
[ 3159.284751][T28152]  wp_page_copy+0x2bf/0x1ca0
[ 3159.289377][T28152]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3159.295983][T28152]  ? lock_downgrade+0x6e0/0x6e0
[ 3159.300876][T28152]  ? vm_normal_page+0x14a/0x2a0
[ 3159.305772][T28152]  do_wp_page+0x1d1/0x1930
[ 3159.310225][T28152]  __handle_mm_fault+0x181b/0x3a40
[ 3159.315508][T28152]  ? vm_iomap_memory+0x190/0x190
[ 3159.320504][T28152]  handle_mm_fault+0x1cc/0x780
[ 3159.325319][T28152]  do_user_addr_fault+0x475/0x1210
[ 3159.330468][T28152]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3159.336049][T28152]  exc_page_fault+0x98/0x170
[ 3159.340677][T28152]  asm_exc_page_fault+0x26/0x30
[ 3159.345553][T28152] RIP: 0033:0x7f4487439580
[ 3159.349989][T28152] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3159.369624][T28152] RSP: 002b:00007fffd90bacf0 EFLAGS: 00010246
[ 3159.375719][T28152] RAX: 00000000f93167f3 RBX: 00007f44875ac0e8 RCX: 0000001b30820000
[ 3159.383714][T28152] RDX: 0000000000000000 RSI: 0000001b30820018 RDI: 000000000910c864
[ 3159.391700][T28152] RBP: 00000000f93167f3 R08: 00000000000007f3 R09: 00000000f93167f7
[ 3159.399861][T28152] R10: 00007fffd90baeb0 R11: 0000000000000246 R12: 00007f44875a0000
[ 3159.407866][T28152] R13: 0000000000000001 R14: 0000000000000008 R15: ffffffff81e46e4e
[ 3159.415865][T28152]  ? __fget_files+0x1e/0x440
[ 3159.420514][T28152]  </TASK>
01:22:10 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xdf10020000000000)

01:22:10 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xf0}, 0x0)

01:22:10 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x88a8ffff00000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:10 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34ee0100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3159.526939][T28184] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3159.543164][T28152] memory: usage 307200kB, limit 307200kB, failcnt 15535
[ 3159.550704][T28152] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3159.565745][T28152] Memory cgroup stats for /syz4:
[ 3159.565942][T28152] anon 122880
[ 3159.565942][T28152] file 335872
[ 3159.565942][T28152] kernel 314114048
[ 3159.565942][T28152] kernel_stack 98304
[ 3159.565942][T28152] pagetables 86016
[ 3159.565942][T28152] sec_pagetables 0
[ 3159.565942][T28152] percpu 5432192
[ 3159.565942][T28152] sock 0
[ 3159.565942][T28152] vmalloc 0
[ 3159.565942][T28152] shmem 331776
[ 3159.565942][T28152] zswap 0
[ 3159.565942][T28152] zswapped 0
[ 3159.565942][T28152] file_mapped 286720
[ 3159.565942][T28152] file_dirty 4096
[ 3159.565942][T28152] file_writeback 0
[ 3159.565942][T28152] swapcached 0
[ 3159.565942][T28152] anon_thp 0
[ 3159.565942][T28152] file_thp 0
[ 3159.565942][T28152] shmem_thp 0
[ 3159.565942][T28152] inactive_anon 151552
[ 3159.565942][T28152] active_anon 303104
[ 3159.565942][T28152] inactive_file 0
[ 3159.565942][T28152] active_file 4096
[ 3159.565942][T28152] unevictable 0
[ 3159.565942][T28152] slab_reclaimable 18960
[ 3159.565942][T28152] slab_unreclaimable 308449000
[ 3160.305374][T28152] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=28152,uid=0
[ 3160.322956][T28152] Memory cgroup out of memory: Killed process 28152 (syz-executor.4) total-vm:54672kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000
01:22:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0xf07}, 0x0)

01:22:11 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={<r1=>0x0, <r2=>0x0})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
socket(0x0, 0xa, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000009c0)={0x0}, 0x1, 0x0, 0x0, 0x48011}, 0x40000850) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000480)='rcu_utilization\x00', r3}, 0x10) (async)
sendfile(r2, r0, 0x0, 0x7fffffff) (async)
recvmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x80, &(0x7f0000001480)=[{&(0x7f00000013c0)=""/162, 0xa2}, {&(0x7f0000001300)=""/105, 0x69}], 0x2, &(0x7f00000001c0)=""/17, 0x11, 0x6e01}, 0x3f00) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0xf)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r5, 0x8983, &(0x7f0000000040)) (async)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r5, 0x8982, &(0x7f0000000000)={0x1, 'vlan1\x00', {}, 0xfe01})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f0000000100)={<r6=>0x0})
ioctl$BTRFS_IOC_TREE_SEARCH(r5, 0xd0009411, &(0x7f0000000300)={{r6, 0x0, 0x1000, 0x3, 0x1, 0x8, 0x1f, 0x3, 0x6, 0x40000000, 0x100, 0x1, 0x3, 0xcc}}) (async)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000002a40)=ANY=[@ANYRES64=r6, @ANYBLOB="0100000000000000d5090000000000000700000000000000080027a0000000000100008000000000040000000000000000020000ff0700000100010001040000050000000000000040000000000000000900000000000000050000000000000040000000000000000000000000001200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000006367b46abbcf99536de54c2257792c0000000000000000628d1c360c310fe6ff663d3bccb664a61389cd9d92f28a92b77b1977f6e5c6c77a1af29c1b5025aa0942c12270eb59965d2b16d608a0c7b68ee84bdc54845682f9b57615865da8830fbcaf3805c3eb7d045649d1ac4c7f6a87443df4b4ad0f99287358ca2121ad172cdf7f0f85df59bfabf119588077580ef6dba20449611fcd41ae817cab75f21fcc4cd624452c15e5eb6b1031b9485050f46010915eabcff9c9372795bbe4184b937ab0a52aa0ea181828a534665f0b71528e0412e302415b85bdac261be66a0cbe7c2752cc98b7d3f03468a44c7aba09ee5eb525b451e84553dc82ee427aaa638ca3285ef07672797690332b2862a5a8f64b231f789d05e2fe33663f3ad84064f1abfc22d29d95199805733012d70116ba8a0ff698664bcad931cb3e808d0e09f20615f0bcb155431563d164dd67989d62cad1fc4db9662ea8159638c9ae9e9d2cae7b26a2d1c5f1910e8bc427ae5edd02679660f485d5dfa90360adc87a87521eda2cbf561db0f6008b3317154088024478088200841ed7040339c7680379341600"]) (async)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000001800)={0x0, r6, "02b66c11beed7c64705a2327ec95767e4393a580b2c3043a2fcfb08839b8897467f4a525091f0f7d2480b2fbdcfd2a3924b674e8aed38628fb035a463934e151ef7c0289d4fd7b308135026f77657ca78a849330727be579703bef5f51cf16a7198f8eb8e962cc55e47a88645dc99b6e4dfd15399b64e979124ef3a9120208d05d9de3ff1ce9cc9e6353b97b13c914e3530a6ec5b967674f3cbc69538c66356f6777af618dd96e1730048727e1752cc8139776c1e5061154ffe7838008ce90ccbf0827c03a28016d5f3bdabbc98bee9c405509e3e094ba1677d6b347061c346722828810ba1b68424c585770f6527f3856630aedb97f2ed5ff2e013d5d412046", "e26481ed1e7c639b5947fa03672a9556f2d9c88f35f8f8b62d6b01c1aef3d08f4ee43881217f959db47d280e8448925694f755ec0256840e58a31c14f0d78d223c58da8e0bd812fb893403e655823624c9e0581484207a6d914ad9befaa148971274f98aa0b753b38761ffcd20135aa09bee95ffc38cfb410de6eb0b1c0eaf69af8375bb982d21281acaa2966378f31ed037b8789d3bf55cda6f1fdefac7c7d4eec101525b850f72c5d3515de41ea6c4cc0a1d4c9d0e83fe98d8baa6325482d6270833cf890aba6768abf6a6ac45c0268bac824f692a521bf8500ce437d7bd4ecafbf918c063d8af3d110e24ddc569f535794d4c8c4ab3897b27310c8d39efca731b7a22caf0ec5f2df04ce6b496582e72b5cbb10480d59c191cd3eca3d3a973fe653216cd08c8de4098133f85da499af2f6a6c7513755f40d13810388f5476a67bb722dc832e4af4c76fda32aa9699c8191a644df90df4b2b2e7993e90bee48e3b65cbc84de44a15926c157018e46c849d57933b96f67dcec40eb733515b880aabbfd1324433ef61e0a112430d3829717820a9eb79c8767614facf386e07a7df2ceb2e9f9d33d65d33fecc7697f5bf74769a67ac297756ec495eaf87674ad5fae2fd772301896e85c617328f32f69bb718bf1ade1d8fd637a6bb4c7044929bf43757821b2bde4ce2ec164ef3841458207326249547ccd2c3ca3467e8c5474cb820ee8647c90d2da6af054fa1f25afb1b0792dcf21b2736c67fc8119a6bdbe19689bb639113f5b9165a50b6f2df8dd8c549220488da3bb10e45dcc7a6207635a550e5ee913aa8ec6ea5f92ba59eb003424e6ea472df633220c8e9644d5bf2f4b01027fc5c0422c39932531e1be7e62e021ac4592b57d95720d5ae86f4bd11d95ad82569ab24e0d1b5a144e6fbcc76c4d7800a70069a852979a3a1f02fcbef6bfeff2101576c998109c65350175bd05435d4be236097340cfafadfde768b1176e6c40f34731164afcd0c3620a0cd015494e432e9aff2c59a4cf476d9037a398183fe74789da0300172e1c02173ff867faf6fbed165ca819be3e4ea05fb6ff1633430984bece64ef93ff8d012b9c321941d59f5b8572008f6bb22597864ea1fbd6b9e349b6d9dc1adc185ea32d5e67e44ac5ebea2063635a53e1718a4246ea47a8874daae0ac6653f821f381a940cbfc98d4a25aea33c63309ee1c6c20f349b673509f09b5381956611359754bdb2eeda100ccb4834596de45556611d5b568f2604653c2129a7d5bd50a209a6d4a956c108b5349a8d208431a2edb17d7650332d308ea2e6f324e589f0e98de49ab655a77509637f0a65614c33f16f91e0d6305e8f9ba0766154e1599f67005ff75af7a6143e574acb799f2363dbb37971fc451c0054b5753de3e2278afe06b9e64b93ab09b4985fe26626a6266da1088f7b9755ac8a9e4e6e99a0dedfe2b1509de12f75d9dea83475543d2b328e986779f4992c870ad128b9d09e8ebcc264e8bb5b85d6d62ab902b8ed7409448cc26a777882627bf3e0c9cdd473289154560c2838c6d4fdaea97ff5d7992909c67710dfeb4977ea7bc06d77b06a19efa42178c46a3fa66ed7d6e2b67ab86be5d94721b099947563db706c5c3a12744ea61d63fce93f546f2669c50b6568e3f32d79bfc75adefc21ee93c5c5360cf2e7ac19571c3663857baf3325b666570642da4dcb309dab05b7ad05bf832d28fa8e871f7b89d6f4327953f4dbde3aac022f4dfe050d0924427e39a8027fbc4b54c4a8c2bf35f8c11c9c0ac4bc1fc31d6bdb2cee2675c5a782aa3ab5ffcc7be7207c89cdb8546fcfdd3a5aadfee5a296abd9afc127ebbf580649e9132b55d9f40a3778af49248b593e00c9f4812b8f7adb7323ab7852e4ed09c55aa356b2e8fee6eb14be3659fdf821d23ac556845f70670d8b6a417c29ac0b1585ea865634c0c921e9d930d4018f66d1e024179d80a7154c491c8662d427ab44a3633480782889f1d00c1d182ede30d4127d769291ef408b574a41c29153b7d949d4648b60a4faf32b380dbc87146c36479d47023876abd4ae7e289ba79d988f6c3a86a75bdc784bea2f0b7e2f77cb1282f54a18e1117e50ffa46ac208fcf8a7b5751e83b3e80cb428e4c2ae63ca3cf7b2c4353303edfe328626391f7925f1ab4ef1c7d0f54d0e45590188ecdb6d2c9c0db9b0552dc81b21dc1bbe9e94be5f78dad11f53d6fc3602e9ffb872d3557c44a133ee94e50d57d5eae2214569975982c63f22750db6f5c979ed81b3f68fe6be6daa85bcd98f25548c1d4db1f15394bc708933e0352e4059bedbf832abaf75e9bdca6fea93600357ca4153357d2e0661a308edf82c0f53e7a121c7e1e8bafdc5fdb61c21f4716d06b43a8395aa915a34c4dc4b5b15ba70a4e163728a9966515682b9ca3c2499aeb17a3c17f905fefed806b504f77c52564006273282db5e0c70565ee1016fc7c241830bef951294db9682ef41742b6550246e539143f15d6c2f017a8083ec97eb3a2de8bc2d8d5fec2b9b88996b3ff6c5aa5bed326f72fe9190de74a83e380b9fe89324421697d124d9a1bd3ced8e1856923147958582d737a36da6af4a0fd92b83f0ef0cb1a725d3a5ecb3a39ad039d200989a281a0686336457824ef582698222b7a063475b793a21745d6701940a0baf124461ad71de8dff6a6f7ed676d107e01ae6b7b79aa1f96efce91039dead977bf70365de8ebb3ec06634246d62f78287831984accef27048794468f520db5c71b4fa94818ddc7394fa1b609adb8cc80c0f32efac26a47bd74119100f0cfdcb889aab1019786cc0eefc1e4295ae919e9f6c8c8a16aa76a2bfe39adf5929e9b9925da0241e734378fe140981e3536bf0b77eb0263297a936a5f37605f128d79b16723b953331f99633b8d29ad1d1dbdb74188488ea0d1b7e0ddb652c040aa0477a079e92618e52f3b7ceebd62e0f0c6946469c19ae828b7eed288c3a53320c9d5468c39d608bd42d967a21e6b788de7c6826d1b99130083182562f63443290aeeb24308d3eb4881547db34b284d9af2bd7cac0d2f66bd14758c079c345d2bce3e1efc3599b0d06e69a92db7e05473673726e1848df75e83df50f98a9321468c10c6514dd7b3cb5b0ddf2fef13284463fe88ef2bc95d51288e41e3e0ba5c91bd686d7f7658b5bac8e3991a0f3b36f004585d9edd09d478ede73e7da067ea502894fc1247e62c1a84c9065ffccc3da96f07ddce135ceafdd784dda6f64a7add400d21ae13abf98e90fb96fcda23a8ad79905428a349b2230c19cf8cdca1724382bd19b4b075438098bd46cbc668bcbdcf1da85f733a50669f976a7106ff1936f20d799e7d01b0beeba7057a90016fb2d36bb3d14e11ac077ffb91f139d16ae5e78d84559312c9fd1a91ff70e5d9b4fd279420f7647151fe951b705082230ad20415d2f605665cd9374a50f7fc3c32efe30e4c0fc84f0c0e0bcd35e46665e4f29371c1c96324f65a94c85874e8e3baba68b88acc85c38f466d7353b5a00953c8ff5522cf0903e646301e3539d047286d10be16d9fbef02d450b7b12b1ead250f68c4c893fbc6f48765f34a81c477966278a1c6945d14d6531f0b5e4cef4edaf3708a5787162c39b236272694b0a302465d01004fa9d516414c040c27fccbf38466023b06293bd07f31fcdbb3b5378a8b2c7886e1551b1caeab96f7f3c159075756f5f8aaa05b6f87f581d802903c36d84169f87c01a77c43284adf66daa38fe8633a8f6d258231466aba89bb9e56ef289d2815cde433e381ddf74852302684b974c80d0a1d7d578039120a2db36213d167687e9390ed8f14c709d3149d2f5cfbc42a9b85e6d10c4ee77270534fdff2ccb816dedc6377257a73ba2a4ea82c0cc4a81bfb939f710b109beb279edeeda345867c0130ff6fc0fbbbbd25d16d2e73f6ab2fbb4c72abc0713ef9e4690b72208c468fa64c21f2247867b5edd514e5be23733ef2136b10e03161fe3b4e6018933df1f97a8250747e6140780a064e0c35bfafcb8177a75e8fde25e61e1c6332bbf7ddc3a11910feb3bd66707a7c1a9f87b320298acec88135a177b2f6f3c0ff02765f34c30b078b58470cd227ce4c0a1a77e662180b28fb360c3fbf47ba8982510979b86332b6d8a53d5f3947665c119a71e5b6ddc64228b47c3e23c30ebbede354d71d2780456de3f717a384112ccc9805dfe107fc9440ab7abccd8463150ce1306778fbea9793d88c4a7864a925bac5da593d6b72ee2c743f0b732a10285d293359c8126004f06fa12c0b3ca9c1e9c0a75b587207965c49f7450cb4210da01e5604f83f849b7eb9cb3f73de4bcff064b4fe08580971184db940bf29d6b8cea027dbfe0b78d6fa574da4b5b4db57b4e1939213c9848537baaf8076b1db4e767a467ec6a47c67aa33df96d7113cc9884124bca5579ce0058618b1b1f13ff3b102ff54e6bde7e29fd555acd6ffe6429af27301b6bbda38403d8f6f3266d7724f517778e7b2c1e13e3d83104ce743857c07b70cb5be8d6d8757d63a3bedfc9de79cc7e96c9833e15fd65f1336178568c2453a49cfc8c8dcb4f5d978f0a6144d62a5da6fd75d08a41084d4c59b345e07a5f4446af6e5216cc8d94347d333030015e262036f0a4fa6d2ae523654c55b37ac179efb66d230de5c70a9b33738ef0cd4ba2710d9ec03f426701101182051516a9be380a07e2555a8cda03eafc72d2bc2bc1dcadde4bb819692c1736b0ed203c4934842d791aae9e10bf239cc5393c9faf967109444c8f44532766ca5481f0ac16d25753a121727271c71d97b401dafe91588b362f2798f047deece9f860624b2d5753e46f929f8c2d03753e7245ffed6d8e36c7b380c4fb6a27e087a38b5e4a80f0043f95e5a20701c62692e684a764074e47badcecf8b2145be47b5b7089c249abcf0743a61b517004d120929d7846a39a46e0ddbcf5334fc01aca0bff31e67da8b3c88e38504db1dc3940c55bee158ae6dfcce289cf91106397d8e3990149a86c819e0354d785a4eed76fa6380491b01efbc23e7189ec253884d384865bca5da9a0917d68144a0a02cde867c365d339a025b7c8a16b82e341719a259ede8f09c165a354fd3e8f5d59e349e7c36302cf8ed115537969b598337fe7575157c89a254c0829cdb243d3d788321c756bf2817721db4bead96e1f25be5b8c7100d149d13900b6c6491ddbdbeaef7753ed5c5d9b07449bfd023501075ec08c37c13df696bf73500bd440a6522f5b955862c5eee8dc6e875c5055350b3397a6b31d2b764308ad24aafd4113af76f38f4aaba9e24efa3ad5b1c008a6cad2411ef6c7276dd3a5a2ae8130f91c36c34137731426fdf5272ef4ac5c4415e2d0f7b50da3ae910ba22bb5b962351e841746b"})
write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x208e29c) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r4, 0x0)

01:22:11 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34fa0100100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:11 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x20f}, 0x0)

01:22:11 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x9effffff00000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:11 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34020200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3160.483068][T28195] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3160.485655][T28179] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3160.525198][T28179] CPU: 1 PID: 28179 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3160.535660][T28179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3160.545736][T28179] Call Trace:
[ 3160.549036][T28179]  <TASK>
[ 3160.551996][T28179]  dump_stack_lvl+0xd1/0x138
[ 3160.556615][T28179]  dump_header+0x10b/0x85f
[ 3160.561076][T28179]  oom_kill_process.cold+0x10/0x15
[ 3160.566229][T28179]  out_of_memory+0x35c/0x14a0
[ 3160.570950][T28179]  ? find_held_lock+0x2d/0x110
[ 3160.575747][T28179]  ? oom_killer_disable+0x280/0x280
[ 3160.580982][T28179]  ? find_held_lock+0x2d/0x110
[ 3160.585784][T28179]  mem_cgroup_out_of_memory+0x206/0x270
[ 3160.591363][T28179]  ? mem_cgroup_margin+0x130/0x130
[ 3160.596501][T28179]  ? lock_downgrade+0x6e0/0x6e0
[ 3160.601407][T28179]  try_charge_memcg+0xef8/0x12f0
[ 3160.606387][T28179]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3160.612414][T28179]  ? rcu_read_unlock+0x9/0x60
[ 3160.617115][T28179]  ? lock_downgrade+0x6e0/0x6e0
[ 3160.622016][T28179]  charge_memcg+0x99/0x3b0
[ 3160.626466][T28179]  __mem_cgroup_charge+0x2b/0x90
[ 3160.631441][T28179]  wp_page_copy+0x2bf/0x1ca0
[ 3160.636076][T28179]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3160.642727][T28179]  ? lock_downgrade+0x6e0/0x6e0
[ 3160.647609][T28179]  ? vm_normal_page+0x14a/0x2a0
[ 3160.652502][T28179]  do_wp_page+0x1d1/0x1930
[ 3160.656962][T28179]  __handle_mm_fault+0x181b/0x3a40
[ 3160.662105][T28179]  ? vm_iomap_memory+0x190/0x190
[ 3160.667081][T28179]  handle_mm_fault+0x1cc/0x780
[ 3160.671860][T28179]  do_user_addr_fault+0x475/0x1210
[ 3160.676986][T28179]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3160.682548][T28179]  exc_page_fault+0x98/0x170
[ 3160.687157][T28179]  asm_exc_page_fault+0x26/0x30
[ 3160.692023][T28179] RIP: 0033:0x7f228be39580
[ 3160.696439][T28179] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3160.716226][T28179] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3160.722471][T28179] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
01:22:11 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340a0200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3160.730444][T28179] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3160.738415][T28179] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3160.746387][T28179] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3160.754368][T28179] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3160.762339][T28179]  ? __x64_sys_socket+0x11/0xb0
[ 3160.767214][T28179]  </TASK>
[ 3160.884248][T28179] memory: usage 307200kB, limit 307200kB, failcnt 4399
01:22:11 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34120200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3160.930337][T28179] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3160.983671][T28179] Memory cgroup stats for /syz5:
[ 3160.983861][T28179] anon 102400
[ 3160.983861][T28179] file 155648
[ 3160.983861][T28179] kernel 314314752
[ 3160.983861][T28179] kernel_stack 65536
[ 3160.983861][T28179] pagetables 73728
[ 3160.983861][T28179] sec_pagetables 0
[ 3160.983861][T28179] percpu 5436928
[ 3160.983861][T28179] sock 0
[ 3160.983861][T28179] vmalloc 0
[ 3160.983861][T28179] shmem 155648
[ 3160.983861][T28179] zswap 0
[ 3160.983861][T28179] zswapped 0
[ 3160.983861][T28179] file_mapped 155648
[ 3160.983861][T28179] file_dirty 0
[ 3160.983861][T28179] file_writeback 0
[ 3160.983861][T28179] swapcached 0
[ 3160.983861][T28179] anon_thp 0
[ 3160.983861][T28179] file_thp 0
[ 3160.983861][T28179] shmem_thp 0
[ 3160.983861][T28179] inactive_anon 106496
[ 3160.983861][T28179] active_anon 151552
[ 3160.983861][T28179] inactive_file 0
[ 3160.983861][T28179] active_file 0
[ 3160.983861][T28179] unevictable 0
[ 3160.983861][T28179] slab_reclaimable 15344
[ 3160.983861][T28179] slab_unreclaimable 308687952
[ 3161.421461][T28179] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28179,uid=0
[ 3161.511035][T28179] Memory cgroup out of memory: Killed process 28179 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:12 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe010020000000000)

01:22:12 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x300}, 0x0)

01:22:12 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="341a0200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:12 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1007}, 0x0)

01:22:12 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) (async)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={<r1=>0x0, <r2=>0x0})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
socket(0x0, 0xa, 0x0) (async)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4) (async, rerun: 64)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) (async, rerun: 64)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000009c0)={0x0}, 0x1, 0x0, 0x0, 0x48011}, 0x40000850)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000480)='rcu_utilization\x00', r3}, 0x10) (async)
sendfile(r2, r0, 0x0, 0x7fffffff) (async, rerun: 32)
recvmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x80, &(0x7f0000001480)=[{&(0x7f00000013c0)=""/162, 0xa2}, {&(0x7f0000001300)=""/105, 0x69}], 0x2, &(0x7f00000001c0)=""/17, 0x11, 0x6e01}, 0x3f00) (async, rerun: 32)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 64)
r5 = socket$netlink(0x10, 0x3, 0xf)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r5, 0x8983, &(0x7f0000000040)) (async)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r5, 0x8982, &(0x7f0000000000)={0x1, 'vlan1\x00', {}, 0xfe01}) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f0000000100)={<r6=>0x0})
ioctl$BTRFS_IOC_TREE_SEARCH(r5, 0xd0009411, &(0x7f0000000300)={{r6, 0x0, 0x1000, 0x3, 0x1, 0x8, 0x1f, 0x3, 0x6, 0x40000000, 0x100, 0x1, 0x3, 0xcc}}) (async)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000002a40)=ANY=[@ANYRES64=r6, @ANYBLOB="0100000000000000d5090000000000000700000000000000080027a0000000000100008000000000040000000000000000020000ff0700000100010001040000050000000000000040000000000000000900000000000000050000000000000040000000000000000000000000001200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000006367b46abbcf99536de54c2257792c0000000000000000628d1c360c310fe6ff663d3bccb664a61389cd9d92f28a92b77b1977f6e5c6c77a1af29c1b5025aa0942c12270eb59965d2b16d608a0c7b68ee84bdc54845682f9b57615865da8830fbcaf3805c3eb7d045649d1ac4c7f6a87443df4b4ad0f99287358ca2121ad172cdf7f0f85df59bfabf119588077580ef6dba20449611fcd41ae817cab75f21fcc4cd624452c15e5eb6b1031b9485050f46010915eabcff9c9372795bbe4184b937ab0a52aa0ea181828a534665f0b71528e0412e302415b85bdac261be66a0cbe7c2752cc98b7d3f03468a44c7aba09ee5eb525b451e84553dc82ee427aaa638ca3285ef07672797690332b2862a5a8f64b231f789d05e2fe33663f3ad84064f1abfc22d29d95199805733012d70116ba8a0ff698664bcad931cb3e808d0e09f20615f0bcb155431563d164dd67989d62cad1fc4db9662ea8159638c9ae9e9d2cae7b26a2d1c5f1910e8bc427ae5edd02679660f485d5dfa90360adc87a87521eda2cbf561db0f6008b3317154088024478088200841ed7040339c7680379341600"]) (async)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000001800)={0x0, r6, "02b66c11beed7c64705a2327ec95767e4393a580b2c3043a2fcfb08839b8897467f4a525091f0f7d2480b2fbdcfd2a3924b674e8aed38628fb035a463934e151ef7c0289d4fd7b308135026f77657ca78a849330727be579703bef5f51cf16a7198f8eb8e962cc55e47a88645dc99b6e4dfd15399b64e979124ef3a9120208d05d9de3ff1ce9cc9e6353b97b13c914e3530a6ec5b967674f3cbc69538c66356f6777af618dd96e1730048727e1752cc8139776c1e5061154ffe7838008ce90ccbf0827c03a28016d5f3bdabbc98bee9c405509e3e094ba1677d6b347061c346722828810ba1b68424c585770f6527f3856630aedb97f2ed5ff2e013d5d412046", "e26481ed1e7c639b5947fa03672a9556f2d9c88f35f8f8b62d6b01c1aef3d08f4ee43881217f959db47d280e8448925694f755ec0256840e58a31c14f0d78d223c58da8e0bd812fb893403e655823624c9e0581484207a6d914ad9befaa148971274f98aa0b753b38761ffcd20135aa09bee95ffc38cfb410de6eb0b1c0eaf69af8375bb982d21281acaa2966378f31ed037b8789d3bf55cda6f1fdefac7c7d4eec101525b850f72c5d3515de41ea6c4cc0a1d4c9d0e83fe98d8baa6325482d6270833cf890aba6768abf6a6ac45c0268bac824f692a521bf8500ce437d7bd4ecafbf918c063d8af3d110e24ddc569f535794d4c8c4ab3897b27310c8d39efca731b7a22caf0ec5f2df04ce6b496582e72b5cbb10480d59c191cd3eca3d3a973fe653216cd08c8de4098133f85da499af2f6a6c7513755f40d13810388f5476a67bb722dc832e4af4c76fda32aa9699c8191a644df90df4b2b2e7993e90bee48e3b65cbc84de44a15926c157018e46c849d57933b96f67dcec40eb733515b880aabbfd1324433ef61e0a112430d3829717820a9eb79c8767614facf386e07a7df2ceb2e9f9d33d65d33fecc7697f5bf74769a67ac297756ec495eaf87674ad5fae2fd772301896e85c617328f32f69bb718bf1ade1d8fd637a6bb4c7044929bf43757821b2bde4ce2ec164ef3841458207326249547ccd2c3ca3467e8c5474cb820ee8647c90d2da6af054fa1f25afb1b0792dcf21b2736c67fc8119a6bdbe19689bb639113f5b9165a50b6f2df8dd8c549220488da3bb10e45dcc7a6207635a550e5ee913aa8ec6ea5f92ba59eb003424e6ea472df633220c8e9644d5bf2f4b01027fc5c0422c39932531e1be7e62e021ac4592b57d95720d5ae86f4bd11d95ad82569ab24e0d1b5a144e6fbcc76c4d7800a70069a852979a3a1f02fcbef6bfeff2101576c998109c65350175bd05435d4be236097340cfafadfde768b1176e6c40f34731164afcd0c3620a0cd015494e432e9aff2c59a4cf476d9037a398183fe74789da0300172e1c02173ff867faf6fbed165ca819be3e4ea05fb6ff1633430984bece64ef93ff8d012b9c321941d59f5b8572008f6bb22597864ea1fbd6b9e349b6d9dc1adc185ea32d5e67e44ac5ebea2063635a53e1718a4246ea47a8874daae0ac6653f821f381a940cbfc98d4a25aea33c63309ee1c6c20f349b673509f09b5381956611359754bdb2eeda100ccb4834596de45556611d5b568f2604653c2129a7d5bd50a209a6d4a956c108b5349a8d208431a2edb17d7650332d308ea2e6f324e589f0e98de49ab655a77509637f0a65614c33f16f91e0d6305e8f9ba0766154e1599f67005ff75af7a6143e574acb799f2363dbb37971fc451c0054b5753de3e2278afe06b9e64b93ab09b4985fe26626a6266da1088f7b9755ac8a9e4e6e99a0dedfe2b1509de12f75d9dea83475543d2b328e986779f4992c870ad128b9d09e8ebcc264e8bb5b85d6d62ab902b8ed7409448cc26a777882627bf3e0c9cdd473289154560c2838c6d4fdaea97ff5d7992909c67710dfeb4977ea7bc06d77b06a19efa42178c46a3fa66ed7d6e2b67ab86be5d94721b099947563db706c5c3a12744ea61d63fce93f546f2669c50b6568e3f32d79bfc75adefc21ee93c5c5360cf2e7ac19571c3663857baf3325b666570642da4dcb309dab05b7ad05bf832d28fa8e871f7b89d6f4327953f4dbde3aac022f4dfe050d0924427e39a8027fbc4b54c4a8c2bf35f8c11c9c0ac4bc1fc31d6bdb2cee2675c5a782aa3ab5ffcc7be7207c89cdb8546fcfdd3a5aadfee5a296abd9afc127ebbf580649e9132b55d9f40a3778af49248b593e00c9f4812b8f7adb7323ab7852e4ed09c55aa356b2e8fee6eb14be3659fdf821d23ac556845f70670d8b6a417c29ac0b1585ea865634c0c921e9d930d4018f66d1e024179d80a7154c491c8662d427ab44a3633480782889f1d00c1d182ede30d4127d769291ef408b574a41c29153b7d949d4648b60a4faf32b380dbc87146c36479d47023876abd4ae7e289ba79d988f6c3a86a75bdc784bea2f0b7e2f77cb1282f54a18e1117e50ffa46ac208fcf8a7b5751e83b3e80cb428e4c2ae63ca3cf7b2c4353303edfe328626391f7925f1ab4ef1c7d0f54d0e45590188ecdb6d2c9c0db9b0552dc81b21dc1bbe9e94be5f78dad11f53d6fc3602e9ffb872d3557c44a133ee94e50d57d5eae2214569975982c63f22750db6f5c979ed81b3f68fe6be6daa85bcd98f25548c1d4db1f15394bc708933e0352e4059bedbf832abaf75e9bdca6fea93600357ca4153357d2e0661a308edf82c0f53e7a121c7e1e8bafdc5fdb61c21f4716d06b43a8395aa915a34c4dc4b5b15ba70a4e163728a9966515682b9ca3c2499aeb17a3c17f905fefed806b504f77c52564006273282db5e0c70565ee1016fc7c241830bef951294db9682ef41742b6550246e539143f15d6c2f017a8083ec97eb3a2de8bc2d8d5fec2b9b88996b3ff6c5aa5bed326f72fe9190de74a83e380b9fe89324421697d124d9a1bd3ced8e1856923147958582d737a36da6af4a0fd92b83f0ef0cb1a725d3a5ecb3a39ad039d200989a281a0686336457824ef582698222b7a063475b793a21745d6701940a0baf124461ad71de8dff6a6f7ed676d107e01ae6b7b79aa1f96efce91039dead977bf70365de8ebb3ec06634246d62f78287831984accef27048794468f520db5c71b4fa94818ddc7394fa1b609adb8cc80c0f32efac26a47bd74119100f0cfdcb889aab1019786cc0eefc1e4295ae919e9f6c8c8a16aa76a2bfe39adf5929e9b9925da0241e734378fe140981e3536bf0b77eb0263297a936a5f37605f128d79b16723b953331f99633b8d29ad1d1dbdb74188488ea0d1b7e0ddb652c040aa0477a079e92618e52f3b7ceebd62e0f0c6946469c19ae828b7eed288c3a53320c9d5468c39d608bd42d967a21e6b788de7c6826d1b99130083182562f63443290aeeb24308d3eb4881547db34b284d9af2bd7cac0d2f66bd14758c079c345d2bce3e1efc3599b0d06e69a92db7e05473673726e1848df75e83df50f98a9321468c10c6514dd7b3cb5b0ddf2fef13284463fe88ef2bc95d51288e41e3e0ba5c91bd686d7f7658b5bac8e3991a0f3b36f004585d9edd09d478ede73e7da067ea502894fc1247e62c1a84c9065ffccc3da96f07ddce135ceafdd784dda6f64a7add400d21ae13abf98e90fb96fcda23a8ad79905428a349b2230c19cf8cdca1724382bd19b4b075438098bd46cbc668bcbdcf1da85f733a50669f976a7106ff1936f20d799e7d01b0beeba7057a90016fb2d36bb3d14e11ac077ffb91f139d16ae5e78d84559312c9fd1a91ff70e5d9b4fd279420f7647151fe951b705082230ad20415d2f605665cd9374a50f7fc3c32efe30e4c0fc84f0c0e0bcd35e46665e4f29371c1c96324f65a94c85874e8e3baba68b88acc85c38f466d7353b5a00953c8ff5522cf0903e646301e3539d047286d10be16d9fbef02d450b7b12b1ead250f68c4c893fbc6f48765f34a81c477966278a1c6945d14d6531f0b5e4cef4edaf3708a5787162c39b236272694b0a302465d01004fa9d516414c040c27fccbf38466023b06293bd07f31fcdbb3b5378a8b2c7886e1551b1caeab96f7f3c159075756f5f8aaa05b6f87f581d802903c36d84169f87c01a77c43284adf66daa38fe8633a8f6d258231466aba89bb9e56ef289d2815cde433e381ddf74852302684b974c80d0a1d7d578039120a2db36213d167687e9390ed8f14c709d3149d2f5cfbc42a9b85e6d10c4ee77270534fdff2ccb816dedc6377257a73ba2a4ea82c0cc4a81bfb939f710b109beb279edeeda345867c0130ff6fc0fbbbbd25d16d2e73f6ab2fbb4c72abc0713ef9e4690b72208c468fa64c21f2247867b5edd514e5be23733ef2136b10e03161fe3b4e6018933df1f97a8250747e6140780a064e0c35bfafcb8177a75e8fde25e61e1c6332bbf7ddc3a11910feb3bd66707a7c1a9f87b320298acec88135a177b2f6f3c0ff02765f34c30b078b58470cd227ce4c0a1a77e662180b28fb360c3fbf47ba8982510979b86332b6d8a53d5f3947665c119a71e5b6ddc64228b47c3e23c30ebbede354d71d2780456de3f717a384112ccc9805dfe107fc9440ab7abccd8463150ce1306778fbea9793d88c4a7864a925bac5da593d6b72ee2c743f0b732a10285d293359c8126004f06fa12c0b3ca9c1e9c0a75b587207965c49f7450cb4210da01e5604f83f849b7eb9cb3f73de4bcff064b4fe08580971184db940bf29d6b8cea027dbfe0b78d6fa574da4b5b4db57b4e1939213c9848537baaf8076b1db4e767a467ec6a47c67aa33df96d7113cc9884124bca5579ce0058618b1b1f13ff3b102ff54e6bde7e29fd555acd6ffe6429af27301b6bbda38403d8f6f3266d7724f517778e7b2c1e13e3d83104ce743857c07b70cb5be8d6d8757d63a3bedfc9de79cc7e96c9833e15fd65f1336178568c2453a49cfc8c8dcb4f5d978f0a6144d62a5da6fd75d08a41084d4c59b345e07a5f4446af6e5216cc8d94347d333030015e262036f0a4fa6d2ae523654c55b37ac179efb66d230de5c70a9b33738ef0cd4ba2710d9ec03f426701101182051516a9be380a07e2555a8cda03eafc72d2bc2bc1dcadde4bb819692c1736b0ed203c4934842d791aae9e10bf239cc5393c9faf967109444c8f44532766ca5481f0ac16d25753a121727271c71d97b401dafe91588b362f2798f047deece9f860624b2d5753e46f929f8c2d03753e7245ffed6d8e36c7b380c4fb6a27e087a38b5e4a80f0043f95e5a20701c62692e684a764074e47badcecf8b2145be47b5b7089c249abcf0743a61b517004d120929d7846a39a46e0ddbcf5334fc01aca0bff31e67da8b3c88e38504db1dc3940c55bee158ae6dfcce289cf91106397d8e3990149a86c819e0354d785a4eed76fa6380491b01efbc23e7189ec253884d384865bca5da9a0917d68144a0a02cde867c365d339a025b7c8a16b82e341719a259ede8f09c165a354fd3e8f5d59e349e7c36302cf8ed115537969b598337fe7575157c89a254c0829cdb243d3d788321c756bf2817721db4bead96e1f25be5b8c7100d149d13900b6c6491ddbdbeaef7753ed5c5d9b07449bfd023501075ec08c37c13df696bf73500bd440a6522f5b955862c5eee8dc6e875c5055350b3397a6b31d2b764308ad24aafd4113af76f38f4aaba9e24efa3ad5b1c008a6cad2411ef6c7276dd3a5a2ae8130f91c36c34137731426fdf5272ef4ac5c4415e2d0f7b50da3ae910ba22bb5b962351e841746b"})
write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x208e29c) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r4, 0x0)

01:22:12 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1200}, 0x0)

[ 3161.648354][T28222] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:12 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34320200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:12 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34420200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3161.985364][T28225] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:22:13 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x36a}, 0x0)

01:22:13 executing program 1:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newqdisc={0x58, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x58}}, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
r1 = socket(0x10, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)=@getnetconf={0x14, 0x52, 0x0, 0x70bd2b, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x4000)
socketpair(0x25, 0x6, 0xb2, &(0x7f0000000180)={<r3=>0xffffffffffffffff})
bind$bt_hci(r3, &(0x7f00000001c0)={0x1f, 0x3, 0x4}, 0x6)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x36d602, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12})
ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f00000000c0)=0x1)
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_CTL(r4, 0x40049421, 0x1)
getsockopt$sock_cred(r3, 0x1, 0x11, 0xffffffffffffffff, &(0x7f0000cab000))
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={<r5=>r1, 0xa63, 0xffff, 0x3000})
sendmsg$AUDIT_DEL_RULE(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x460, 0x3f4, 0x20, 0x70bd29, 0x25dfdbfb, {0x4, 0x0, 0x3, [0x7b3, 0x0, 0x4, 0x694f, 0x800, 0xaa, 0x6, 0x8, 0x9, 0x8, 0x200, 0x7, 0x4, 0x1, 0xfff, 0x10000000, 0x3f, 0xffff, 0x7fff, 0x7, 0x7fffffff, 0xfff, 0x7, 0x4, 0x2, 0x4aae, 0xfff, 0x8, 0x0, 0x0, 0x80, 0x119, 0x1000, 0x5c4, 0x6, 0xfa, 0x7, 0x7a, 0x9, 0x9, 0x20, 0x3, 0xe81, 0x80, 0xff, 0xffff, 0xcb8, 0x8, 0x6, 0x800, 0x80, 0x7fff, 0x400, 0x0, 0x8, 0x33c73ef7, 0x6, 0x5c, 0x1000, 0x3ff, 0x7fff, 0x6, 0x6, 0x4eea], [0x7fffffff, 0x5, 0x3, 0x5, 0x7fffffff, 0x1, 0x1, 0x80, 0x0, 0x7, 0x7, 0x7, 0x7, 0x8, 0xeb61, 0x3, 0x200, 0x8, 0xffff0001, 0x5, 0xd12, 0x8, 0x0, 0x0, 0xffff, 0x8, 0xb25b, 0x8, 0x9, 0x6, 0x9, 0x5, 0x80, 0x3, 0x8000, 0x3f, 0x2, 0x5b, 0x5, 0x4000000, 0xffffffc1, 0x7, 0x9, 0x97b1, 0xfffffffe, 0x4, 0x6, 0x3ff, 0x1, 0x8, 0x6f, 0x8, 0x2b, 0x431, 0x400, 0xb4f, 0x0, 0x10001, 0x401, 0x5, 0x1d5c, 0x6, 0x6, 0x1], [0x10000, 0x3, 0x100, 0x6d7, 0x1ff, 0x7fffffff, 0x7f, 0x3, 0xffffffff, 0x0, 0x6, 0x5, 0xffffffff, 0x80000001, 0x5b9, 0x7, 0x10000, 0xaf, 0x8, 0x7, 0xfffffff8, 0x9, 0x7, 0x3, 0xffffff18, 0x7ff, 0xaaa, 0x3f, 0x8, 0xb79, 0x0, 0x5, 0x2b79f275, 0x5, 0x1, 0x6, 0x0, 0x85d, 0x800, 0x3, 0x401, 0x1, 0xff, 0x2, 0xffffff57, 0x2, 0x3, 0x5, 0x80, 0x4, 0x1b7f4c10, 0xc0000, 0x5, 0x9, 0xbe, 0x77b, 0xffffff18, 0x0, 0x78, 0x10000, 0x7, 0x1, 0xfffffffe, 0x6], [0x5, 0x6, 0x7fffffff, 0x8, 0x80, 0x7ff, 0x87, 0x80, 0x9, 0x869, 0x1, 0x0, 0x5, 0x7, 0x20, 0x8, 0x3, 0xee6, 0x4f, 0x1f9, 0x2c, 0x4, 0x0, 0x8, 0x4, 0x2, 0xfbf, 0x3, 0x80000001, 0x400, 0x100, 0x0, 0x3, 0x32, 0xffffffff, 0xfffffffc, 0xfff, 0x47b2, 0x9, 0x8, 0x90, 0x1ff, 0x10000, 0x9, 0x2, 0xac, 0xfff, 0x3, 0x0, 0x81, 0x0, 0x1, 0x1, 0x10001, 0x6f3, 0x1ff, 0xe48a, 0x0, 0x54, 0x80000000, 0x97, 0x5, 0x7, 0x80000000], 0x3f, ['\x00', 'ingress\x00', ':\x89\x00', 'ingress\x00', 'ingress\x00', '&%\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00']}, ["", "", "", ""]}, 0x460}, 0x1, 0x0, 0x0, 0x4040005}, 0xb0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r6, 0x116, 0x80, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4)
write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="3400030007", @ANYRES16], 0xd)

01:22:13 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xc7e3020001000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:13 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="345a0200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3162.142805][T28225] CPU: 0 PID: 28225 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3162.153278][T28225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3162.163577][T28225] Call Trace:
[ 3162.166878][T28225]  <TASK>
[ 3162.169829][T28225]  dump_stack_lvl+0xd1/0x138
[ 3162.174456][T28225]  dump_header+0x10b/0x85f
[ 3162.178917][T28225]  oom_kill_process.cold+0x10/0x15
[ 3162.184071][T28225]  out_of_memory+0x35c/0x14a0
[ 3162.188797][T28225]  ? find_held_lock+0x2d/0x110
[ 3162.193596][T28225]  ? oom_killer_disable+0x280/0x280
[ 3162.198827][T28225]  ? find_held_lock+0x2d/0x110
[ 3162.203630][T28225]  mem_cgroup_out_of_memory+0x206/0x270
[ 3162.209300][T28225]  ? mem_cgroup_margin+0x130/0x130
[ 3162.214440][T28225]  ? lock_downgrade+0x6e0/0x6e0
[ 3162.219341][T28225]  try_charge_memcg+0xef8/0x12f0
[ 3162.224333][T28225]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3162.230355][T28225]  ? rcu_read_unlock+0x9/0x60
[ 3162.235066][T28225]  ? lock_downgrade+0x6e0/0x6e0
[ 3162.239976][T28225]  charge_memcg+0x99/0x3b0
[ 3162.244424][T28225]  __mem_cgroup_charge+0x2b/0x90
[ 3162.249398][T28225]  wp_page_copy+0x2bf/0x1ca0
[ 3162.254027][T28225]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3162.260640][T28225]  ? lock_downgrade+0x6e0/0x6e0
[ 3162.265520][T28225]  ? vm_normal_page+0x14a/0x2a0
[ 3162.270414][T28225]  do_wp_page+0x1d1/0x1930
[ 3162.274940][T28225]  __handle_mm_fault+0x181b/0x3a40
[ 3162.280095][T28225]  ? vm_iomap_memory+0x190/0x190
[ 3162.285103][T28225]  handle_mm_fault+0x1cc/0x780
[ 3162.289903][T28225]  do_user_addr_fault+0x475/0x1210
[ 3162.295049][T28225]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3162.300723][T28225]  exc_page_fault+0x98/0x170
[ 3162.305354][T28225]  asm_exc_page_fault+0x26/0x30
[ 3162.310229][T28225] RIP: 0033:0x7f228be39580
[ 3162.314662][T28225] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3162.334297][T28225] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3162.340393][T28225] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3162.348389][T28225] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3162.356383][T28225] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3162.364379][T28225] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3162.368419][T28243] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3162.372353][T28225] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3162.372374][T28225]  ? __x64_sys_socket+0x11/0xb0
[ 3162.372419][T28225]  </TASK>
[ 3162.799576][T28225] memory: usage 307200kB, limit 307200kB, failcnt 4494
[ 3162.821094][T28225] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3162.845442][T28225] Memory cgroup stats for /syz5:
[ 3162.845662][T28225] anon 102400
[ 3162.845662][T28225] file 155648
[ 3162.845662][T28225] kernel 314314752
[ 3162.845662][T28225] kernel_stack 65536
[ 3162.845662][T28225] pagetables 73728
[ 3162.845662][T28225] sec_pagetables 0
[ 3162.845662][T28225] percpu 5436928
[ 3162.845662][T28225] sock 0
[ 3162.845662][T28225] vmalloc 0
[ 3162.845662][T28225] shmem 155648
[ 3162.845662][T28225] zswap 0
[ 3162.845662][T28225] zswapped 0
[ 3162.845662][T28225] file_mapped 155648
[ 3162.845662][T28225] file_dirty 0
[ 3162.845662][T28225] file_writeback 0
[ 3162.845662][T28225] swapcached 0
[ 3162.845662][T28225] anon_thp 0
[ 3162.845662][T28225] file_thp 0
[ 3162.845662][T28225] shmem_thp 0
[ 3162.845662][T28225] inactive_anon 106496
[ 3162.845662][T28225] active_anon 151552
[ 3162.845662][T28225] inactive_file 0
[ 3162.845662][T28225] active_file 0
[ 3162.845662][T28225] unevictable 0
[ 3162.845662][T28225] slab_reclaimable 15344
[ 3162.845662][T28225] slab_unreclaimable 308687952
[ 3163.378414][T28225] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28225,uid=0
[ 3163.479680][T28225] Memory cgroup out of memory: Killed process 28225 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:14 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe110020000000000)

01:22:14 executing program 1:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newqdisc={0x58, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x58}}, 0x0) (async)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
r1 = socket(0x10, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)=@getnetconf={0x14, 0x52, 0x0, 0x70bd2b, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x4000) (async, rerun: 32)
socketpair(0x25, 0x6, 0xb2, &(0x7f0000000180)={<r3=>0xffffffffffffffff}) (rerun: 32)
bind$bt_hci(r3, &(0x7f00000001c0)={0x1f, 0x3, 0x4}, 0x6) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x36d602, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12}) (async)
ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f00000000c0)=0x1) (async)
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0) (async)
ioctl$BTRFS_IOC_BALANCE_CTL(r4, 0x40049421, 0x1)
getsockopt$sock_cred(r3, 0x1, 0x11, 0xffffffffffffffff, &(0x7f0000cab000))
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={<r5=>r1, 0xa63, 0xffff, 0x3000})
sendmsg$AUDIT_DEL_RULE(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x460, 0x3f4, 0x20, 0x70bd29, 0x25dfdbfb, {0x4, 0x0, 0x3, [0x7b3, 0x0, 0x4, 0x694f, 0x800, 0xaa, 0x6, 0x8, 0x9, 0x8, 0x200, 0x7, 0x4, 0x1, 0xfff, 0x10000000, 0x3f, 0xffff, 0x7fff, 0x7, 0x7fffffff, 0xfff, 0x7, 0x4, 0x2, 0x4aae, 0xfff, 0x8, 0x0, 0x0, 0x80, 0x119, 0x1000, 0x5c4, 0x6, 0xfa, 0x7, 0x7a, 0x9, 0x9, 0x20, 0x3, 0xe81, 0x80, 0xff, 0xffff, 0xcb8, 0x8, 0x6, 0x800, 0x80, 0x7fff, 0x400, 0x0, 0x8, 0x33c73ef7, 0x6, 0x5c, 0x1000, 0x3ff, 0x7fff, 0x6, 0x6, 0x4eea], [0x7fffffff, 0x5, 0x3, 0x5, 0x7fffffff, 0x1, 0x1, 0x80, 0x0, 0x7, 0x7, 0x7, 0x7, 0x8, 0xeb61, 0x3, 0x200, 0x8, 0xffff0001, 0x5, 0xd12, 0x8, 0x0, 0x0, 0xffff, 0x8, 0xb25b, 0x8, 0x9, 0x6, 0x9, 0x5, 0x80, 0x3, 0x8000, 0x3f, 0x2, 0x5b, 0x5, 0x4000000, 0xffffffc1, 0x7, 0x9, 0x97b1, 0xfffffffe, 0x4, 0x6, 0x3ff, 0x1, 0x8, 0x6f, 0x8, 0x2b, 0x431, 0x400, 0xb4f, 0x0, 0x10001, 0x401, 0x5, 0x1d5c, 0x6, 0x6, 0x1], [0x10000, 0x3, 0x100, 0x6d7, 0x1ff, 0x7fffffff, 0x7f, 0x3, 0xffffffff, 0x0, 0x6, 0x5, 0xffffffff, 0x80000001, 0x5b9, 0x7, 0x10000, 0xaf, 0x8, 0x7, 0xfffffff8, 0x9, 0x7, 0x3, 0xffffff18, 0x7ff, 0xaaa, 0x3f, 0x8, 0xb79, 0x0, 0x5, 0x2b79f275, 0x5, 0x1, 0x6, 0x0, 0x85d, 0x800, 0x3, 0x401, 0x1, 0xff, 0x2, 0xffffff57, 0x2, 0x3, 0x5, 0x80, 0x4, 0x1b7f4c10, 0xc0000, 0x5, 0x9, 0xbe, 0x77b, 0xffffff18, 0x0, 0x78, 0x10000, 0x7, 0x1, 0xfffffffe, 0x6], [0x5, 0x6, 0x7fffffff, 0x8, 0x80, 0x7ff, 0x87, 0x80, 0x9, 0x869, 0x1, 0x0, 0x5, 0x7, 0x20, 0x8, 0x3, 0xee6, 0x4f, 0x1f9, 0x2c, 0x4, 0x0, 0x8, 0x4, 0x2, 0xfbf, 0x3, 0x80000001, 0x400, 0x100, 0x0, 0x3, 0x32, 0xffffffff, 0xfffffffc, 0xfff, 0x47b2, 0x9, 0x8, 0x90, 0x1ff, 0x10000, 0x9, 0x2, 0xac, 0xfff, 0x3, 0x0, 0x81, 0x0, 0x1, 0x1, 0x10001, 0x6f3, 0x1ff, 0xe48a, 0x0, 0x54, 0x80000000, 0x97, 0x5, 0x7, 0x80000000], 0x3f, ['\x00', 'ingress\x00', ':\x89\x00', 'ingress\x00', 'ingress\x00', '&%\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00']}, ["", "", "", ""]}, 0x460}, 0x1, 0x0, 0x0, 0x4040005}, 0xb0) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r6, 0x116, 0x80, 0x0, 0x0) (async)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4) (async)
write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="3400030007", @ANYRES16], 0xd)

01:22:14 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="347a0200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:14 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x500}, 0x0)

01:22:14 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xf0ffffff00000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3163.548617][T28227] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3163.624668][T28257] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3163.685648][T28227] CPU: 1 PID: 28227 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3163.696117][T28227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3163.706291][T28227] Call Trace:
[ 3163.709588][T28227]  <TASK>
[ 3163.712541][T28227]  dump_stack_lvl+0xd1/0x138
[ 3163.717162][T28227]  dump_header+0x10b/0x85f
[ 3163.721629][T28227]  oom_kill_process.cold+0x10/0x15
[ 3163.726787][T28227]  out_of_memory+0x35c/0x14a0
[ 3163.731508][T28227]  ? find_held_lock+0x2d/0x110
[ 3163.736306][T28227]  ? oom_killer_disable+0x280/0x280
[ 3163.741541][T28227]  ? find_held_lock+0x2d/0x110
[ 3163.746345][T28227]  mem_cgroup_out_of_memory+0x206/0x270
[ 3163.751927][T28227]  ? mem_cgroup_margin+0x130/0x130
[ 3163.757063][T28227]  ? lock_downgrade+0x6e0/0x6e0
[ 3163.761974][T28227]  try_charge_memcg+0xef8/0x12f0
[ 3163.766949][T28227]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3163.772973][T28227]  ? rcu_read_unlock+0x9/0x60
[ 3163.777675][T28227]  ? lock_downgrade+0x6e0/0x6e0
[ 3163.782579][T28227]  charge_memcg+0x99/0x3b0
[ 3163.787028][T28227]  __mem_cgroup_charge+0x2b/0x90
[ 3163.792095][T28227]  wp_page_copy+0x2bf/0x1ca0
[ 3163.796724][T28227]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3163.803343][T28227]  ? lock_downgrade+0x6e0/0x6e0
[ 3163.808230][T28227]  ? vm_normal_page+0x14a/0x2a0
[ 3163.813135][T28227]  do_wp_page+0x1d1/0x1930
[ 3163.817579][T28227]  __handle_mm_fault+0x181b/0x3a40
[ 3163.822705][T28227]  ? vm_iomap_memory+0x190/0x190
[ 3163.827677][T28227]  handle_mm_fault+0x1cc/0x780
[ 3163.832460][T28227]  do_user_addr_fault+0x475/0x1210
[ 3163.837582][T28227]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3163.843145][T28227]  exc_page_fault+0x98/0x170
[ 3163.847748][T28227]  asm_exc_page_fault+0x26/0x30
[ 3163.852605][T28227] RIP: 0033:0x7f4487439580
[ 3163.857020][T28227] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3163.876716][T28227] RSP: 002b:00007fffd90bacf0 EFLAGS: 00010246
[ 3163.882843][T28227] RAX: 00000000f93167f3 RBX: 00007f44875ac0e8 RCX: 0000001b30820000
[ 3163.890816][T28227] RDX: 0000000000000000 RSI: 0000001b30820018 RDI: 000000000910c864
[ 3163.898792][T28227] RBP: 00000000f93167f3 R08: 00000000000007f3 R09: 00000000f93167f7
[ 3163.906802][T28227] R10: 00007fffd90baeb0 R11: 0000000000000246 R12: 00007f44875a0000
[ 3163.914775][T28227] R13: 0000000000000001 R14: 0000000000000008 R15: ffffffff81e46e4e
[ 3163.922745][T28227]  ? __fget_files+0x1e/0x440
[ 3163.927363][T28227]  </TASK>
[ 3164.911101][T28227] memory: usage 307136kB, limit 307200kB, failcnt 15735
[ 3164.931479][T28227] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3164.964974][T28227] Memory cgroup stats for /syz4:
[ 3164.965195][T28227] anon 122880
[ 3164.965195][T28227] file 335872
[ 3164.965195][T28227] kernel 314032128
[ 3164.965195][T28227] kernel_stack 32768
[ 3164.965195][T28227] pagetables 86016
[ 3164.965195][T28227] sec_pagetables 0
[ 3164.965195][T28227] percpu 5432192
[ 3164.965195][T28227] sock 0
[ 3164.965195][T28227] vmalloc 0
[ 3164.965195][T28227] shmem 331776
[ 3164.965195][T28227] zswap 0
[ 3164.965195][T28227] zswapped 0
[ 3164.965195][T28227] file_mapped 286720
[ 3164.965195][T28227] file_dirty 4096
[ 3164.965195][T28227] file_writeback 0
[ 3164.965195][T28227] swapcached 0
[ 3164.965195][T28227] anon_thp 0
[ 3164.965195][T28227] file_thp 0
[ 3164.965195][T28227] shmem_thp 0
[ 3164.965195][T28227] inactive_anon 151552
[ 3164.965195][T28227] active_anon 303104
[ 3164.965195][T28227] inactive_file 0
[ 3164.965195][T28227] active_file 4096
[ 3164.965195][T28227] unevictable 0
[ 3164.965195][T28227] slab_reclaimable 18960
[ 3164.965195][T28227] slab_unreclaimable 308433352
[ 3165.231536][T28227] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=28227,uid=0
[ 3165.267122][T28227] Memory cgroup out of memory: Killed process 28227 (syz-executor.4) total-vm:54672kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000
01:22:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1203}, 0x0)

01:22:16 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34800200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:16 executing program 1:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newqdisc={0x58, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x58}}, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
r1 = socket(0x10, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)=@getnetconf={0x14, 0x52, 0x0, 0x70bd2b, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x4000)
socketpair(0x25, 0x6, 0xb2, &(0x7f0000000180)={<r3=>0xffffffffffffffff})
bind$bt_hci(r3, &(0x7f00000001c0)={0x1f, 0x3, 0x4}, 0x6)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x36d602, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12})
ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f00000000c0)=0x1)
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_CTL(r4, 0x40049421, 0x1)
getsockopt$sock_cred(r3, 0x1, 0x11, 0xffffffffffffffff, &(0x7f0000cab000))
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={<r5=>r1, 0xa63, 0xffff, 0x3000})
sendmsg$AUDIT_DEL_RULE(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x460, 0x3f4, 0x20, 0x70bd29, 0x25dfdbfb, {0x4, 0x0, 0x3, [0x7b3, 0x0, 0x4, 0x694f, 0x800, 0xaa, 0x6, 0x8, 0x9, 0x8, 0x200, 0x7, 0x4, 0x1, 0xfff, 0x10000000, 0x3f, 0xffff, 0x7fff, 0x7, 0x7fffffff, 0xfff, 0x7, 0x4, 0x2, 0x4aae, 0xfff, 0x8, 0x0, 0x0, 0x80, 0x119, 0x1000, 0x5c4, 0x6, 0xfa, 0x7, 0x7a, 0x9, 0x9, 0x20, 0x3, 0xe81, 0x80, 0xff, 0xffff, 0xcb8, 0x8, 0x6, 0x800, 0x80, 0x7fff, 0x400, 0x0, 0x8, 0x33c73ef7, 0x6, 0x5c, 0x1000, 0x3ff, 0x7fff, 0x6, 0x6, 0x4eea], [0x7fffffff, 0x5, 0x3, 0x5, 0x7fffffff, 0x1, 0x1, 0x80, 0x0, 0x7, 0x7, 0x7, 0x7, 0x8, 0xeb61, 0x3, 0x200, 0x8, 0xffff0001, 0x5, 0xd12, 0x8, 0x0, 0x0, 0xffff, 0x8, 0xb25b, 0x8, 0x9, 0x6, 0x9, 0x5, 0x80, 0x3, 0x8000, 0x3f, 0x2, 0x5b, 0x5, 0x4000000, 0xffffffc1, 0x7, 0x9, 0x97b1, 0xfffffffe, 0x4, 0x6, 0x3ff, 0x1, 0x8, 0x6f, 0x8, 0x2b, 0x431, 0x400, 0xb4f, 0x0, 0x10001, 0x401, 0x5, 0x1d5c, 0x6, 0x6, 0x1], [0x10000, 0x3, 0x100, 0x6d7, 0x1ff, 0x7fffffff, 0x7f, 0x3, 0xffffffff, 0x0, 0x6, 0x5, 0xffffffff, 0x80000001, 0x5b9, 0x7, 0x10000, 0xaf, 0x8, 0x7, 0xfffffff8, 0x9, 0x7, 0x3, 0xffffff18, 0x7ff, 0xaaa, 0x3f, 0x8, 0xb79, 0x0, 0x5, 0x2b79f275, 0x5, 0x1, 0x6, 0x0, 0x85d, 0x800, 0x3, 0x401, 0x1, 0xff, 0x2, 0xffffff57, 0x2, 0x3, 0x5, 0x80, 0x4, 0x1b7f4c10, 0xc0000, 0x5, 0x9, 0xbe, 0x77b, 0xffffff18, 0x0, 0x78, 0x10000, 0x7, 0x1, 0xfffffffe, 0x6], [0x5, 0x6, 0x7fffffff, 0x8, 0x80, 0x7ff, 0x87, 0x80, 0x9, 0x869, 0x1, 0x0, 0x5, 0x7, 0x20, 0x8, 0x3, 0xee6, 0x4f, 0x1f9, 0x2c, 0x4, 0x0, 0x8, 0x4, 0x2, 0xfbf, 0x3, 0x80000001, 0x400, 0x100, 0x0, 0x3, 0x32, 0xffffffff, 0xfffffffc, 0xfff, 0x47b2, 0x9, 0x8, 0x90, 0x1ff, 0x10000, 0x9, 0x2, 0xac, 0xfff, 0x3, 0x0, 0x81, 0x0, 0x1, 0x1, 0x10001, 0x6f3, 0x1ff, 0xe48a, 0x0, 0x54, 0x80000000, 0x97, 0x5, 0x7, 0x80000000], 0x3f, ['\x00', 'ingress\x00', ':\x89\x00', 'ingress\x00', 'ingress\x00', '&%\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00']}, ["", "", "", ""]}, 0x460}, 0x1, 0x0, 0x0, 0x4040005}, 0xb0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r6, 0x116, 0x80, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4)
write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="3400030007", @ANYRES16], 0xd)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newqdisc={0x58, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x58}}, 0x0) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) (async)
socket(0x10, 0x2, 0x0) (async)
socket$netlink(0x10, 0x3, 0x12) (async)
sendmsg$nl_route(r2, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)=@getnetconf={0x14, 0x52, 0x0, 0x70bd2b, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x4000) (async)
socketpair(0x25, 0x6, 0xb2, &(0x7f0000000180)) (async)
bind$bt_hci(r3, &(0x7f00000001c0)={0x1f, 0x3, 0x4}, 0x6) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x36d602, 0x0) (async)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12}) (async)
ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f00000000c0)=0x1) (async)
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0) (async)
ioctl$BTRFS_IOC_BALANCE_CTL(r4, 0x40049421, 0x1) (async)
getsockopt$sock_cred(r3, 0x1, 0x11, 0xffffffffffffffff, &(0x7f0000cab000)) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r1, 0xa63, 0xffff, 0x3000}) (async)
sendmsg$AUDIT_DEL_RULE(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x460, 0x3f4, 0x20, 0x70bd29, 0x25dfdbfb, {0x4, 0x0, 0x3, [0x7b3, 0x0, 0x4, 0x694f, 0x800, 0xaa, 0x6, 0x8, 0x9, 0x8, 0x200, 0x7, 0x4, 0x1, 0xfff, 0x10000000, 0x3f, 0xffff, 0x7fff, 0x7, 0x7fffffff, 0xfff, 0x7, 0x4, 0x2, 0x4aae, 0xfff, 0x8, 0x0, 0x0, 0x80, 0x119, 0x1000, 0x5c4, 0x6, 0xfa, 0x7, 0x7a, 0x9, 0x9, 0x20, 0x3, 0xe81, 0x80, 0xff, 0xffff, 0xcb8, 0x8, 0x6, 0x800, 0x80, 0x7fff, 0x400, 0x0, 0x8, 0x33c73ef7, 0x6, 0x5c, 0x1000, 0x3ff, 0x7fff, 0x6, 0x6, 0x4eea], [0x7fffffff, 0x5, 0x3, 0x5, 0x7fffffff, 0x1, 0x1, 0x80, 0x0, 0x7, 0x7, 0x7, 0x7, 0x8, 0xeb61, 0x3, 0x200, 0x8, 0xffff0001, 0x5, 0xd12, 0x8, 0x0, 0x0, 0xffff, 0x8, 0xb25b, 0x8, 0x9, 0x6, 0x9, 0x5, 0x80, 0x3, 0x8000, 0x3f, 0x2, 0x5b, 0x5, 0x4000000, 0xffffffc1, 0x7, 0x9, 0x97b1, 0xfffffffe, 0x4, 0x6, 0x3ff, 0x1, 0x8, 0x6f, 0x8, 0x2b, 0x431, 0x400, 0xb4f, 0x0, 0x10001, 0x401, 0x5, 0x1d5c, 0x6, 0x6, 0x1], [0x10000, 0x3, 0x100, 0x6d7, 0x1ff, 0x7fffffff, 0x7f, 0x3, 0xffffffff, 0x0, 0x6, 0x5, 0xffffffff, 0x80000001, 0x5b9, 0x7, 0x10000, 0xaf, 0x8, 0x7, 0xfffffff8, 0x9, 0x7, 0x3, 0xffffff18, 0x7ff, 0xaaa, 0x3f, 0x8, 0xb79, 0x0, 0x5, 0x2b79f275, 0x5, 0x1, 0x6, 0x0, 0x85d, 0x800, 0x3, 0x401, 0x1, 0xff, 0x2, 0xffffff57, 0x2, 0x3, 0x5, 0x80, 0x4, 0x1b7f4c10, 0xc0000, 0x5, 0x9, 0xbe, 0x77b, 0xffffff18, 0x0, 0x78, 0x10000, 0x7, 0x1, 0xfffffffe, 0x6], [0x5, 0x6, 0x7fffffff, 0x8, 0x80, 0x7ff, 0x87, 0x80, 0x9, 0x869, 0x1, 0x0, 0x5, 0x7, 0x20, 0x8, 0x3, 0xee6, 0x4f, 0x1f9, 0x2c, 0x4, 0x0, 0x8, 0x4, 0x2, 0xfbf, 0x3, 0x80000001, 0x400, 0x100, 0x0, 0x3, 0x32, 0xffffffff, 0xfffffffc, 0xfff, 0x47b2, 0x9, 0x8, 0x90, 0x1ff, 0x10000, 0x9, 0x2, 0xac, 0xfff, 0x3, 0x0, 0x81, 0x0, 0x1, 0x1, 0x10001, 0x6f3, 0x1ff, 0xe48a, 0x0, 0x54, 0x80000000, 0x97, 0x5, 0x7, 0x80000000], 0x3f, ['\x00', 'ingress\x00', ':\x89\x00', 'ingress\x00', 'ingress\x00', '&%\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00']}, ["", "", "", ""]}, 0x460}, 0x1, 0x0, 0x0, 0x4040005}, 0xb0) (async)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) (async)
setsockopt$CAIFSO_REQ_PARAM(r6, 0x116, 0x80, 0x0, 0x0) (async)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4) (async)
write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="3400030007", @ANYRES16], 0xd) (async)

01:22:16 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x600}, 0x0)

01:22:16 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xf1ffffff00000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3165.431565][T28260] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:22:16 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xf0ffffff00000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:16 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34820200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3165.502374][T28280] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3165.519638][T28260] CPU: 1 PID: 28260 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3165.530099][T28260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3165.540176][T28260] Call Trace:
[ 3165.543470][T28260]  <TASK>
[ 3165.546424][T28260]  dump_stack_lvl+0xd1/0x138
[ 3165.551049][T28260]  dump_header+0x10b/0x85f
[ 3165.555515][T28260]  oom_kill_process.cold+0x10/0x15
[ 3165.560756][T28260]  out_of_memory+0x35c/0x14a0
[ 3165.565481][T28260]  ? oom_killer_disable+0x280/0x280
[ 3165.570714][T28260]  ? io_schedule_timeout+0x150/0x150
[ 3165.576038][T28260]  mem_cgroup_out_of_memory+0x206/0x270
[ 3165.581606][T28260]  ? mem_cgroup_margin+0x130/0x130
[ 3165.586725][T28260]  ? preempt_schedule_thunk+0x1a/0x1c
[ 3165.592120][T28260]  ? preempt_schedule_thunk+0x1a/0x1c
[ 3165.597513][T28260]  try_charge_memcg+0xef8/0x12f0
[ 3165.602471][T28260]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3165.608467][T28260]  ? rcu_read_unlock+0x9/0x60
[ 3165.613151][T28260]  ? lock_downgrade+0x6e0/0x6e0
[ 3165.618035][T28260]  charge_memcg+0x99/0x3b0
[ 3165.622465][T28260]  __mem_cgroup_charge+0x2b/0x90
[ 3165.627417][T28260]  wp_page_copy+0x2bf/0x1ca0
[ 3165.632023][T28260]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3165.638614][T28260]  ? lock_downgrade+0x6e0/0x6e0
[ 3165.643475][T28260]  ? vm_normal_page+0x14a/0x2a0
[ 3165.648351][T28260]  do_wp_page+0x1d1/0x1930
[ 3165.652779][T28260]  __handle_mm_fault+0x181b/0x3a40
[ 3165.658000][T28260]  ? vm_iomap_memory+0x190/0x190
[ 3165.662985][T28260]  handle_mm_fault+0x1cc/0x780
[ 3165.667760][T28260]  do_user_addr_fault+0x475/0x1210
[ 3165.672970][T28260]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3165.678532][T28260]  exc_page_fault+0x98/0x170
[ 3165.683135][T28260]  asm_exc_page_fault+0x26/0x30
[ 3165.687987][T28260] RIP: 0033:0x7f228be39580
[ 3165.692409][T28260] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3165.712019][T28260] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3165.718089][T28260] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3165.726149][T28260] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3165.734118][T28260] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3165.742091][T28260] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3165.750061][T28260] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3165.758033][T28260]  ? __x64_sys_socket+0x11/0xb0
[ 3165.762907][T28260]  </TASK>
[ 3166.111636][T28260] memory: usage 307184kB, limit 307200kB, failcnt 4609
[ 3166.118543][T28260] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3166.219352][T28260] Memory cgroup stats for /syz5:
[ 3166.219560][T28260] anon 102400
[ 3166.219560][T28260] file 155648
[ 3166.219560][T28260] kernel 314298368
[ 3166.219560][T28260] kernel_stack 65536
[ 3166.219560][T28260] pagetables 73728
[ 3166.219560][T28260] sec_pagetables 0
[ 3166.219560][T28260] percpu 5436928
[ 3166.219560][T28260] sock 0
[ 3166.219560][T28260] vmalloc 0
[ 3166.219560][T28260] shmem 155648
[ 3166.219560][T28260] zswap 0
[ 3166.219560][T28260] zswapped 0
[ 3166.219560][T28260] file_mapped 155648
[ 3166.219560][T28260] file_dirty 0
[ 3166.219560][T28260] file_writeback 0
[ 3166.219560][T28260] swapcached 0
[ 3166.219560][T28260] anon_thp 0
[ 3166.219560][T28260] file_thp 0
[ 3166.219560][T28260] shmem_thp 0
[ 3166.219560][T28260] inactive_anon 106496
[ 3166.219560][T28260] active_anon 151552
[ 3166.219560][T28260] inactive_file 0
[ 3166.219560][T28260] active_file 0
[ 3166.219560][T28260] unevictable 0
[ 3166.219560][T28260] slab_reclaimable 15344
[ 3166.219560][T28260] slab_unreclaimable 308676552
[ 3166.955072][T28260] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28260,uid=0
[ 3167.022314][T28260] Memory cgroup out of memory: Killed process 28260 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe210020000000000)

01:22:18 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34880200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1a00}, 0x0)

01:22:18 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x700}, 0x0)

01:22:18 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xfcffffff00000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:18 executing program 1:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newqdisc={0x58, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x58}}, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
r1 = socket(0x10, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x12)
sendmsg$nl_route(r2, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)=@getnetconf={0x14, 0x52, 0x0, 0x70bd2b, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x4000)
socketpair(0x25, 0x6, 0xb2, &(0x7f0000000180)={<r3=>0xffffffffffffffff})
bind$bt_hci(r3, &(0x7f00000001c0)={0x1f, 0x3, 0x4}, 0x6)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x36d602, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12})
ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f00000000c0)=0x1)
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_CTL(r4, 0x40049421, 0x1)
getsockopt$sock_cred(r3, 0x1, 0x11, 0xffffffffffffffff, &(0x7f0000cab000))
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={<r5=>r1, 0xa63, 0xffff, 0x3000})
sendmsg$AUDIT_DEL_RULE(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x460, 0x3f4, 0x20, 0x70bd29, 0x25dfdbfb, {0x4, 0x0, 0x3, [0x7b3, 0x0, 0x4, 0x694f, 0x800, 0xaa, 0x6, 0x8, 0x9, 0x8, 0x200, 0x7, 0x4, 0x1, 0xfff, 0x10000000, 0x3f, 0xffff, 0x7fff, 0x7, 0x7fffffff, 0xfff, 0x7, 0x4, 0x2, 0x4aae, 0xfff, 0x8, 0x0, 0x0, 0x80, 0x119, 0x1000, 0x5c4, 0x6, 0xfa, 0x7, 0x7a, 0x9, 0x9, 0x20, 0x3, 0xe81, 0x80, 0xff, 0xffff, 0xcb8, 0x8, 0x6, 0x800, 0x80, 0x7fff, 0x400, 0x0, 0x8, 0x33c73ef7, 0x6, 0x5c, 0x1000, 0x3ff, 0x7fff, 0x6, 0x6, 0x4eea], [0x7fffffff, 0x5, 0x3, 0x5, 0x7fffffff, 0x1, 0x1, 0x80, 0x0, 0x7, 0x7, 0x7, 0x7, 0x8, 0xeb61, 0x3, 0x200, 0x8, 0xffff0001, 0x5, 0xd12, 0x8, 0x0, 0x0, 0xffff, 0x8, 0xb25b, 0x8, 0x9, 0x6, 0x9, 0x5, 0x80, 0x3, 0x8000, 0x3f, 0x2, 0x5b, 0x5, 0x4000000, 0xffffffc1, 0x7, 0x9, 0x97b1, 0xfffffffe, 0x4, 0x6, 0x3ff, 0x1, 0x8, 0x6f, 0x8, 0x2b, 0x431, 0x400, 0xb4f, 0x0, 0x10001, 0x401, 0x5, 0x1d5c, 0x6, 0x6, 0x1], [0x10000, 0x3, 0x100, 0x6d7, 0x1ff, 0x7fffffff, 0x7f, 0x3, 0xffffffff, 0x0, 0x6, 0x5, 0xffffffff, 0x80000001, 0x5b9, 0x7, 0x10000, 0xaf, 0x8, 0x7, 0xfffffff8, 0x9, 0x7, 0x3, 0xffffff18, 0x7ff, 0xaaa, 0x3f, 0x8, 0xb79, 0x0, 0x5, 0x2b79f275, 0x5, 0x1, 0x6, 0x0, 0x85d, 0x800, 0x3, 0x401, 0x1, 0xff, 0x2, 0xffffff57, 0x2, 0x3, 0x5, 0x80, 0x4, 0x1b7f4c10, 0xc0000, 0x5, 0x9, 0xbe, 0x77b, 0xffffff18, 0x0, 0x78, 0x10000, 0x7, 0x1, 0xfffffffe, 0x6], [0x5, 0x6, 0x7fffffff, 0x8, 0x80, 0x7ff, 0x87, 0x80, 0x9, 0x869, 0x1, 0x0, 0x5, 0x7, 0x20, 0x8, 0x3, 0xee6, 0x4f, 0x1f9, 0x2c, 0x4, 0x0, 0x8, 0x4, 0x2, 0xfbf, 0x3, 0x80000001, 0x400, 0x100, 0x0, 0x3, 0x32, 0xffffffff, 0xfffffffc, 0xfff, 0x47b2, 0x9, 0x8, 0x90, 0x1ff, 0x10000, 0x9, 0x2, 0xac, 0xfff, 0x3, 0x0, 0x81, 0x0, 0x1, 0x1, 0x10001, 0x6f3, 0x1ff, 0xe48a, 0x0, 0x54, 0x80000000, 0x97, 0x5, 0x7, 0x80000000], 0x3f, ['\x00', 'ingress\x00', ':\x89\x00', 'ingress\x00', 'ingress\x00', '&%\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00', 'ingress\x00']}, ["", "", "", ""]}, 0x460}, 0x1, 0x0, 0x0, 0x4040005}, 0xb0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r6, 0x116, 0x80, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4)
write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="3400030007", @ANYRES16], 0xd)

01:22:18 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34b20200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3167.158267][T28300] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1a02}, 0x0)

01:22:18 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x900}, 0x0)

01:22:18 executing program 1:
syz_genetlink_get_family_id$tipc2(&(0x7f0000000a80), 0xffffffffffffffff)
socketpair(0x11, 0x1, 0x7, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0xf0ffffff00000000}, 0x0)
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000090)

01:22:18 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34ba0200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1a03}, 0x0)

[ 3167.432429][T28309] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3167.514421][T28322] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3167.547735][T28309] CPU: 1 PID: 28309 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3167.558298][T28309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3167.568379][T28309] Call Trace:
[ 3167.571676][T28309]  <TASK>
[ 3167.574624][T28309]  dump_stack_lvl+0xd1/0x138
[ 3167.579252][T28309]  dump_header+0x10b/0x85f
[ 3167.583711][T28309]  oom_kill_process.cold+0x10/0x15
[ 3167.588868][T28309]  out_of_memory+0x35c/0x14a0
[ 3167.593583][T28309]  ? find_held_lock+0x2d/0x110
[ 3167.598381][T28309]  ? oom_killer_disable+0x280/0x280
[ 3167.603619][T28309]  ? find_held_lock+0x2d/0x110
[ 3167.608421][T28309]  mem_cgroup_out_of_memory+0x206/0x270
[ 3167.614013][T28309]  ? mem_cgroup_margin+0x130/0x130
[ 3167.619150][T28309]  ? lock_downgrade+0x6e0/0x6e0
[ 3167.624060][T28309]  try_charge_memcg+0xef8/0x12f0
[ 3167.629037][T28309]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3167.635060][T28309]  ? rcu_read_unlock+0x9/0x60
[ 3167.639760][T28309]  ? lock_downgrade+0x6e0/0x6e0
[ 3167.644663][T28309]  charge_memcg+0x99/0x3b0
[ 3167.649114][T28309]  __mem_cgroup_charge+0x2b/0x90
[ 3167.654091][T28309]  wp_page_copy+0x2bf/0x1ca0
[ 3167.658714][T28309]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3167.665326][T28309]  ? lock_downgrade+0x6e0/0x6e0
[ 3167.670211][T28309]  ? vm_normal_page+0x14a/0x2a0
[ 3167.675105][T28309]  do_wp_page+0x1d1/0x1930
[ 3167.679554][T28309]  __handle_mm_fault+0x181b/0x3a40
[ 3167.684700][T28309]  ? vm_iomap_memory+0x190/0x190
[ 3167.689694][T28309]  handle_mm_fault+0x1cc/0x780
[ 3167.694489][T28309]  do_user_addr_fault+0x475/0x1210
[ 3167.699630][T28309]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3167.705297][T28309]  exc_page_fault+0x98/0x170
[ 3167.709921][T28309]  asm_exc_page_fault+0x26/0x30
[ 3167.714798][T28309] RIP: 0033:0x7f228be39580
[ 3167.719230][T28309] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3167.738865][T28309] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3167.744966][T28309] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3167.752957][T28309] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3167.760948][T28309] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3167.768938][T28309] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3167.776932][T28309] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3167.785011][T28309]  ? __x64_sys_socket+0x11/0xb0
[ 3167.789915][T28309]  </TASK>
[ 3168.309378][T28309] memory: usage 307200kB, limit 307200kB, failcnt 4699
[ 3168.329995][T28309] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3168.337947][T28309] Memory cgroup stats for /syz5:
[ 3168.338146][T28309] anon 102400
[ 3168.338146][T28309] file 155648
[ 3168.338146][T28309] kernel 314314752
[ 3168.338146][T28309] kernel_stack 65536
[ 3168.338146][T28309] pagetables 73728
[ 3168.338146][T28309] sec_pagetables 0
[ 3168.338146][T28309] percpu 5436928
[ 3168.338146][T28309] sock 0
[ 3168.338146][T28309] vmalloc 0
[ 3168.338146][T28309] shmem 155648
[ 3168.338146][T28309] zswap 0
[ 3168.338146][T28309] zswapped 0
[ 3168.338146][T28309] file_mapped 155648
[ 3168.338146][T28309] file_dirty 0
[ 3168.338146][T28309] file_writeback 0
[ 3168.338146][T28309] swapcached 0
[ 3168.338146][T28309] anon_thp 0
[ 3168.338146][T28309] file_thp 0
[ 3168.338146][T28309] shmem_thp 0
[ 3168.338146][T28309] inactive_anon 106496
[ 3168.338146][T28309] active_anon 151552
[ 3168.338146][T28309] inactive_file 0
[ 3168.338146][T28309] active_file 0
[ 3168.338146][T28309] unevictable 0
[ 3168.338146][T28309] slab_reclaimable 15344
[ 3168.338146][T28309] slab_unreclaimable 308687952
[ 3168.759560][T28309] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28309,uid=0
[ 3168.801513][T28309] Memory cgroup out of memory: Killed process 28309 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe310020000000000)

01:22:20 executing program 1:
syz_genetlink_get_family_id$tipc2(&(0x7f0000000a80), 0xffffffffffffffff) (async)
socketpair(0x11, 0x1, 0x7, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0xf0ffffff00000000}, 0x0) (async)
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000090)

01:22:20 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34c20200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:20 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xa00}, 0x0)

01:22:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1e03}, 0x0)

01:22:20 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xffffff7f00000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:20 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34ca0200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3169.193006][T28337] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:20 executing program 1:
syz_genetlink_get_family_id$tipc2(&(0x7f0000000a80), 0xffffffffffffffff)
socketpair(0x11, 0x1, 0x7, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0xf0ffffff00000000}, 0x0)
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000090)

01:22:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1f00}, 0x0)

[ 3169.427151][T28340] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:22:20 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1e03}, 0x0)

[ 3169.522150][T28340] CPU: 1 PID: 28340 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3169.532615][T28340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3169.542691][T28340] Call Trace:
[ 3169.545991][T28340]  <TASK>
[ 3169.548941][T28340]  dump_stack_lvl+0xd1/0x138
[ 3169.553564][T28340]  dump_header+0x10b/0x85f
[ 3169.558025][T28340]  oom_kill_process.cold+0x10/0x15
[ 3169.563175][T28340]  out_of_memory+0x35c/0x14a0
[ 3169.567892][T28340]  ? find_held_lock+0x2d/0x110
[ 3169.572692][T28340]  ? oom_killer_disable+0x280/0x280
[ 3169.577936][T28340]  ? find_held_lock+0x2d/0x110
[ 3169.582742][T28340]  mem_cgroup_out_of_memory+0x206/0x270
[ 3169.588317][T28340]  ? mem_cgroup_margin+0x130/0x130
[ 3169.593454][T28340]  ? lock_downgrade+0x6e0/0x6e0
[ 3169.598377][T28340]  try_charge_memcg+0xef8/0x12f0
[ 3169.603365][T28340]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3169.609385][T28340]  ? rcu_read_unlock+0x9/0x60
[ 3169.614089][T28340]  ? lock_downgrade+0x6e0/0x6e0
[ 3169.618993][T28340]  charge_memcg+0x99/0x3b0
[ 3169.623449][T28340]  __mem_cgroup_charge+0x2b/0x90
[ 3169.628420][T28340]  wp_page_copy+0x2bf/0x1ca0
[ 3169.633048][T28340]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3169.639660][T28340]  ? lock_downgrade+0x6e0/0x6e0
[ 3169.644549][T28340]  ? vm_normal_page+0x14a/0x2a0
[ 3169.649442][T28340]  do_wp_page+0x1d1/0x1930
[ 3169.653904][T28340]  __handle_mm_fault+0x181b/0x3a40
[ 3169.659308][T28340]  ? vm_iomap_memory+0x190/0x190
[ 3169.664288][T28340]  handle_mm_fault+0x1cc/0x780
[ 3169.669067][T28340]  do_user_addr_fault+0x475/0x1210
[ 3169.674188][T28340]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3169.679750][T28340]  exc_page_fault+0x98/0x170
[ 3169.684439][T28340]  asm_exc_page_fault+0x26/0x30
[ 3169.689294][T28340] RIP: 0033:0x7f228be39580
[ 3169.693716][T28340] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3169.713326][T28340] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
01:22:20 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34d20200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x1f02}, 0x0)

[ 3169.719397][T28340] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3169.727368][T28340] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3169.735341][T28340] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3169.743322][T28340] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3169.751321][T28340] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3169.759293][T28340]  ? __x64_sys_socket+0x11/0xb0
[ 3169.764167][T28340]  </TASK>
[ 3170.376688][T28340] memory: usage 307200kB, limit 307200kB, failcnt 4814
[ 3170.389912][T28340] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3170.421491][T28340] Memory cgroup stats for /syz5:
[ 3170.421679][T28340] anon 102400
[ 3170.421679][T28340] file 155648
[ 3170.421679][T28340] kernel 314314752
[ 3170.421679][T28340] kernel_stack 65536
[ 3170.421679][T28340] pagetables 73728
[ 3170.421679][T28340] sec_pagetables 0
[ 3170.421679][T28340] percpu 5436928
[ 3170.421679][T28340] sock 0
[ 3170.421679][T28340] vmalloc 0
[ 3170.421679][T28340] shmem 155648
[ 3170.421679][T28340] zswap 0
[ 3170.421679][T28340] zswapped 0
[ 3170.421679][T28340] file_mapped 155648
[ 3170.421679][T28340] file_dirty 0
[ 3170.421679][T28340] file_writeback 0
[ 3170.421679][T28340] swapcached 0
[ 3170.421679][T28340] anon_thp 0
[ 3170.421679][T28340] file_thp 0
[ 3170.421679][T28340] shmem_thp 0
[ 3170.421679][T28340] inactive_anon 106496
[ 3170.421679][T28340] active_anon 151552
[ 3170.421679][T28340] inactive_file 0
[ 3170.421679][T28340] active_file 0
[ 3170.421679][T28340] unevictable 0
[ 3170.421679][T28340] slab_reclaimable 15344
[ 3170.421679][T28340] slab_unreclaimable 308687952
[ 3170.720196][T28340] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28340,uid=0
[ 3170.737125][T28340] Memory cgroup out of memory: Killed process 28340 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe410020000000000)

01:22:21 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xb00}, 0x0)

01:22:21 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34fa0200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:21 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r1=>0x0})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12})
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), r0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000240)={0x1d, r5}, 0x18)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000240)={0x1d, r7}, 0x18)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000004c0)={@initdev, <r8=>0x0}, &(0x7f0000000500)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000540)={'team0\x00', <r9=>0x0})
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r11=>0x0})
bind$can_j1939(r10, &(0x7f0000000240)={0x1d, r11}, 0x18)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000580)={<r12=>0x0, @dev, @initdev}, &(0x7f00000005c0)=0xc)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000800)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000007c0)={&(0x7f0000000600)={0x1b0, r3, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x88, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x480c0}, 0x4008010)
ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f00000000c0)=0x1)
preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0)
ioctl$FITHAW(r2, 0xc0045878)
sendmsg$nl_route(r0, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=@ipv4_getnexthop={0x20, 0x6a, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NHA_ID={0x8, 0x1, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x8054)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800377d7ab07eef8fcadefbe09cb5a418628c4b5d9fc86a7eb6c4962430fc81004a694e85db445ff8b2938f3bfeab19b7cc45c0e62a6be8a800698ff49029afb6b9ce233cbacec0f2731315b4aadd89b6e26b7e6f054b9619397c0cf63bf237a809d4bf03994b5d7234b54d967943a497d0d95f2367e9e4a19087768768d1766c4861f8aa992643ff5ae4873a828b6104f555c059", @ANYRES32=r1, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r1, @ANYBLOB="0a00412000007f9d00000000"], 0x48}}, 0x0)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r13, &(0x7f0000000000), 0x248800)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r13, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000b1", @ANYRES16=0x0, @ANYBLOB="200025bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008001}, 0x40000c5)

01:22:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2000}, 0x0)

01:22:21 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0xfffffffffffff000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3170.891268][T28366] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:21 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2001}, 0x0)

[ 3171.079125][T28369] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:22:22 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34120300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:22 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xc00}, 0x0)

[ 3171.152095][T28369] CPU: 1 PID: 28369 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3171.162576][T28369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3171.172656][T28369] Call Trace:
[ 3171.175954][T28369]  <TASK>
[ 3171.178907][T28369]  dump_stack_lvl+0xd1/0x138
[ 3171.183529][T28369]  dump_header+0x10b/0x85f
[ 3171.187999][T28369]  oom_kill_process.cold+0x10/0x15
[ 3171.193149][T28369]  out_of_memory+0x35c/0x14a0
01:22:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2400}, 0x0)

[ 3171.197864][T28369]  ? find_held_lock+0x2d/0x110
[ 3171.202662][T28369]  ? oom_killer_disable+0x280/0x280
[ 3171.207901][T28369]  ? find_held_lock+0x2d/0x110
[ 3171.212700][T28369]  mem_cgroup_out_of_memory+0x206/0x270
[ 3171.218276][T28369]  ? mem_cgroup_margin+0x130/0x130
[ 3171.223413][T28369]  ? lock_downgrade+0x6e0/0x6e0
[ 3171.228331][T28369]  try_charge_memcg+0xef8/0x12f0
[ 3171.233323][T28369]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3171.239350][T28369]  ? rcu_read_unlock+0x9/0x60
[ 3171.244053][T28369]  ? lock_downgrade+0x6e0/0x6e0
[ 3171.248958][T28369]  charge_memcg+0x99/0x3b0
[ 3171.253421][T28369]  __mem_cgroup_charge+0x2b/0x90
[ 3171.258401][T28369]  wp_page_copy+0x2bf/0x1ca0
[ 3171.263034][T28369]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3171.269650][T28369]  ? lock_downgrade+0x6e0/0x6e0
[ 3171.274535][T28369]  ? vm_normal_page+0x14a/0x2a0
[ 3171.279435][T28369]  do_wp_page+0x538/0x1930
[ 3171.283876][T28369]  __handle_mm_fault+0x181b/0x3a40
[ 3171.289008][T28369]  ? vm_iomap_memory+0x190/0x190
[ 3171.293980][T28369]  handle_mm_fault+0x1cc/0x780
[ 3171.298757][T28369]  do_user_addr_fault+0x475/0x1210
[ 3171.303881][T28369]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3171.309441][T28369]  exc_page_fault+0x98/0x170
[ 3171.314045][T28369]  asm_exc_page_fault+0x26/0x30
[ 3171.318901][T28369] RIP: 0033:0x7f228be36f4d
[ 3171.323345][T28369] Code: e0 04 8b 44 02 08 85 c0 0f 85 3e 0a 00 00 31 c0 b9 40 42 0f 00 ba 81 00 00 00 c7 06 01 00 00 00 bf ca 00 00 00 e8 73 51 05 00 <83> 05 34 6a 17 00 01 80 bc 24 d8 00 00 00 00 0f b6 05 47 e7 c9 00
[ 3171.342955][T28369] RSP: 002b:00007ffd261093d0 EFLAGS: 00010217
[ 3171.349026][T28369] RAX: 0000000000000000 RBX: 00007f228bfabf8c RCX: 00007f228be8c0d9
[ 3171.356999][T28369] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f228bfabf88
[ 3171.364969][T28369] RBP: 00007f228bfabf80 R08: 00007f228cb2c700 R09: 0000000000000000
[ 3171.372941][T28369] R10: 00007f228cb2c700 R11: 0000000000000246 R12: 00007f228bfabf8c
[ 3171.380914][T28369] R13: 00007f228ba00060 R14: 00007f228bfabf80 R15: 0000000000000000
[ 3171.388906][T28369]  </TASK>
[ 3171.417698][T28384] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:22 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="341a0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3171.731521][T28369] memory: usage 307192kB, limit 307200kB, failcnt 4903
[ 3171.747821][T28369] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3171.796428][T28369] Memory cgroup stats for /syz5:
[ 3171.796630][T28369] anon 94208
[ 3171.796630][T28369] file 155648
[ 3171.796630][T28369] kernel 314314752
[ 3171.796630][T28369] kernel_stack 65536
[ 3171.796630][T28369] pagetables 73728
[ 3171.796630][T28369] sec_pagetables 0
[ 3171.796630][T28369] percpu 5436928
[ 3171.796630][T28369] sock 0
[ 3171.796630][T28369] vmalloc 0
[ 3171.796630][T28369] shmem 155648
[ 3171.796630][T28369] zswap 0
[ 3171.796630][T28369] zswapped 0
[ 3171.796630][T28369] file_mapped 155648
[ 3171.796630][T28369] file_dirty 0
[ 3171.796630][T28369] file_writeback 0
[ 3171.796630][T28369] swapcached 0
[ 3171.796630][T28369] anon_thp 0
[ 3171.796630][T28369] file_thp 0
[ 3171.796630][T28369] shmem_thp 0
[ 3171.796630][T28369] inactive_anon 98304
[ 3171.796630][T28369] active_anon 151552
[ 3171.796630][T28369] inactive_file 0
[ 3171.796630][T28369] active_file 0
[ 3171.796630][T28369] unevictable 0
[ 3171.796630][T28369] slab_reclaimable 15344
[ 3171.796630][T28369] slab_unreclaimable 308687952
[ 3172.331471][T28369] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28369,uid=0
[ 3172.391734][T28369] Memory cgroup out of memory: Killed process 28369 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:23 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe4ffffff00000000)

01:22:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2403}, 0x0)

01:22:23 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xe00}, 0x0)

01:22:23 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:23 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x2}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:23 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r1=>0x0})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12}) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), r0) (async)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000240)={0x1d, r5}, 0x18)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000240)={0x1d, r7}, 0x18)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000004c0)={@initdev, <r8=>0x0}, &(0x7f0000000500)=0x14) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000540)={'team0\x00', <r9=>0x0}) (async)
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r11=>0x0})
bind$can_j1939(r10, &(0x7f0000000240)={0x1d, r11}, 0x18) (async)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000580)={<r12=>0x0, @dev, @initdev}, &(0x7f00000005c0)=0xc)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000800)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000007c0)={&(0x7f0000000600)={0x1b0, r3, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x88, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x480c0}, 0x4008010)
ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f00000000c0)=0x1)
preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0) (async)
ioctl$FITHAW(r2, 0xc0045878) (async)
sendmsg$nl_route(r0, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=@ipv4_getnexthop={0x20, 0x6a, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NHA_ID={0x8, 0x1, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x8054) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800377d7ab07eef8fcadefbe09cb5a418628c4b5d9fc86a7eb6c4962430fc81004a694e85db445ff8b2938f3bfeab19b7cc45c0e62a6be8a800698ff49029afb6b9ce233cbacec0f2731315b4aadd89b6e26b7e6f054b9619397c0cf63bf237a809d4bf03994b5d7234b54d967943a497d0d95f2367e9e4a19087768768d1766c4861f8aa992643ff5ae4873a828b6104f555c059", @ANYRES32=r1, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r1, @ANYBLOB="0a00412000007f9d00000000"], 0x48}}, 0x0)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r13, &(0x7f0000000000), 0x248800) (async)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r13, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000b1", @ANYRES16=0x0, @ANYBLOB="200025bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008001}, 0x40000c5)

01:22:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2603}, 0x0)

01:22:23 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34420300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3172.587763][T28401] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3172.702501][T28407] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:22:23 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="344a0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3172.789863][T28407] CPU: 0 PID: 28407 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3172.800512][T28407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3172.810592][T28407] Call Trace:
[ 3172.813894][T28407]  <TASK>
[ 3172.816846][T28407]  dump_stack_lvl+0xd1/0x138
[ 3172.821474][T28407]  dump_header+0x10b/0x85f
[ 3172.825933][T28407]  oom_kill_process.cold+0x10/0x15
[ 3172.831092][T28407]  out_of_memory+0x35c/0x14a0
01:22:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2802}, 0x0)

[ 3172.835808][T28407]  ? find_held_lock+0x2d/0x110
[ 3172.840612][T28407]  ? oom_killer_disable+0x280/0x280
[ 3172.845851][T28407]  ? find_held_lock+0x2d/0x110
[ 3172.850655][T28407]  mem_cgroup_out_of_memory+0x206/0x270
[ 3172.856228][T28407]  ? mem_cgroup_margin+0x130/0x130
[ 3172.861362][T28407]  ? lock_downgrade+0x6e0/0x6e0
[ 3172.866266][T28407]  try_charge_memcg+0xef8/0x12f0
[ 3172.871246][T28407]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3172.877259][T28407]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3172.883010][T28407]  ? lock_downgrade+0x6e0/0x6e0
[ 3172.887901][T28407]  ? lock_downgrade+0x6e0/0x6e0
[ 3172.892808][T28407]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3172.898392][T28407]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3172.904580][T28407]  copy_process+0x15ed/0x7190
[ 3172.909288][T28407]  ? __lock_acquire+0xbc3/0x56d0
[ 3172.914278][T28407]  ? __cleanup_sighand+0xb0/0xb0
[ 3172.919244][T28407]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3172.925268][T28407]  ? psi_memstall_leave+0x174/0x250
[ 3172.930516][T28407]  kernel_clone+0xeb/0x980
[ 3172.934965][T28407]  ? create_io_thread+0xf0/0xf0
01:22:23 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="345a0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:23 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xf00}, 0x0)

[ 3172.939851][T28407]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3172.946122][T28407]  ? lock_downgrade+0x6e0/0x6e0
[ 3172.951033][T28407]  __do_sys_clone+0xba/0x100
[ 3172.955652][T28407]  ? kernel_clone+0x980/0x980
[ 3172.960393][T28407]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3172.966331][T28407]  do_syscall_64+0x39/0xb0
[ 3172.970783][T28407]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3172.976708][T28407] RIP: 0033:0x7f228be8d501
[ 3172.981145][T28407] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3173.000778][T28407] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3173.009225][T28407] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3173.017232][T28407] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3173.025228][T28407] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3173.033225][T28407] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3173.041225][T28407] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3173.049244][T28407]  </TASK>
[ 3173.286667][T28420] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3173.571601][T28407] memory: usage 307172kB, limit 307200kB, failcnt 4979
[ 3173.593527][T28407] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3173.600483][T28407] Memory cgroup stats for /syz5:
[ 3173.600677][T28407] anon 90112
[ 3173.600677][T28407] file 155648
[ 3173.600677][T28407] kernel 314298368
[ 3173.600677][T28407] kernel_stack 32768
[ 3173.600677][T28407] pagetables 73728
[ 3173.600677][T28407] sec_pagetables 0
[ 3173.600677][T28407] percpu 5436928
[ 3173.600677][T28407] sock 0
[ 3173.600677][T28407] vmalloc 0
[ 3173.600677][T28407] shmem 155648
[ 3173.600677][T28407] zswap 0
[ 3173.600677][T28407] zswapped 0
[ 3173.600677][T28407] file_mapped 155648
[ 3173.600677][T28407] file_dirty 0
[ 3173.600677][T28407] file_writeback 0
[ 3173.600677][T28407] swapcached 0
[ 3173.600677][T28407] anon_thp 0
[ 3173.600677][T28407] file_thp 0
[ 3173.600677][T28407] shmem_thp 0
[ 3173.600677][T28407] inactive_anon 94208
[ 3173.600677][T28407] active_anon 151552
[ 3173.600677][T28407] inactive_file 0
[ 3173.600677][T28407] active_file 0
[ 3173.600677][T28407] unevictable 0
[ 3173.600677][T28407] slab_reclaimable 13416
[ 3173.600677][T28407] slab_unreclaimable 308686840
[ 3173.884433][T28407] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28407,uid=0
[ 3173.953991][T28407] Memory cgroup out of memory: Killed process 28407 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:25 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe510020000000000)

01:22:25 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x3}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:25 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r1=>0x0})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12}) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), r0) (async)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000240)={0x1d, r5}, 0x18)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000240)={0x1d, r7}, 0x18) (async)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000004c0)={@initdev, <r8=>0x0}, &(0x7f0000000500)=0x14) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000540)={'team0\x00', <r9=>0x0})
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r11=>0x0})
bind$can_j1939(r10, &(0x7f0000000240)={0x1d, r11}, 0x18)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000580)={<r12=>0x0, @dev, @initdev}, &(0x7f00000005c0)=0xc)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000800)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000007c0)={&(0x7f0000000600)={0x1b0, r3, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x88, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x480c0}, 0x4008010)
ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f00000000c0)=0x1)
preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0)
ioctl$FITHAW(r2, 0xc0045878)
sendmsg$nl_route(r0, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=@ipv4_getnexthop={0x20, 0x6a, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NHA_ID={0x8, 0x1, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x8054)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800377d7ab07eef8fcadefbe09cb5a418628c4b5d9fc86a7eb6c4962430fc81004a694e85db445ff8b2938f3bfeab19b7cc45c0e62a6be8a800698ff49029afb6b9ce233cbacec0f2731315b4aadd89b6e26b7e6f054b9619397c0cf63bf237a809d4bf03994b5d7234b54d967943a497d0d95f2367e9e4a19087768768d1766c4861f8aa992643ff5ae4873a828b6104f555c059", @ANYRES32=r1, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r1, @ANYBLOB="0a00412000007f9d00000000"], 0x48}}, 0x0) (async)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r13, &(0x7f0000000000), 0x248800) (async)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r13, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000b1", @ANYRES16=0x0, @ANYBLOB="200025bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008001}, 0x40000c5)

01:22:25 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xf02}, 0x0)

01:22:25 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="345e0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2a02}, 0x0)

01:22:25 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34620300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2c02}, 0x0)

[ 3174.238743][T28432] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:25 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x1100}, 0x0)

01:22:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3202}, 0x0)

01:22:25 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34640300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3174.397297][T28440] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 3174.493101][T28440] CPU: 1 PID: 28440 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3174.503656][T28440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3174.513738][T28440] Call Trace:
[ 3174.517048][T28440]  <TASK>
[ 3174.519997][T28440]  dump_stack_lvl+0xd1/0x138
[ 3174.524619][T28440]  dump_header+0x10b/0x85f
[ 3174.529076][T28440]  oom_kill_process.cold+0x10/0x15
[ 3174.534230][T28440]  out_of_memory+0x35c/0x14a0
[ 3174.538949][T28440]  ? find_held_lock+0x2d/0x110
[ 3174.543752][T28440]  ? oom_killer_disable+0x280/0x280
[ 3174.548985][T28440]  ? find_held_lock+0x2d/0x110
[ 3174.553788][T28440]  mem_cgroup_out_of_memory+0x206/0x270
[ 3174.559380][T28440]  ? mem_cgroup_margin+0x130/0x130
[ 3174.564521][T28440]  ? lock_downgrade+0x6e0/0x6e0
[ 3174.569424][T28440]  try_charge_memcg+0xef8/0x12f0
[ 3174.574492][T28440]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3174.580504][T28440]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3174.586262][T28440]  ? lock_downgrade+0x6e0/0x6e0
[ 3174.591158][T28440]  ? lock_downgrade+0x6e0/0x6e0
[ 3174.596046][T28440]  ? rcu_read_unlock+0x9/0x60
[ 3174.600772][T28440]  obj_cgroup_charge+0x2af/0x5e0
[ 3174.605751][T28440]  __kmem_cache_alloc_node+0xad/0x3e0
[ 3174.611161][T28440]  ? copy_semundo+0x18b/0x300
[ 3174.616148][T28440]  kmalloc_trace+0x26/0x60
[ 3174.620592][T28440]  copy_semundo+0x18b/0x300
[ 3174.625131][T28440]  copy_process+0x23f4/0x7190
[ 3174.629857][T28440]  ? __cleanup_sighand+0xb0/0xb0
[ 3174.634822][T28440]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3174.640844][T28440]  ? psi_memstall_leave+0x174/0x250
[ 3174.646081][T28440]  kernel_clone+0xeb/0x980
[ 3174.650534][T28440]  ? create_io_thread+0xf0/0xf0
[ 3174.655417][T28440]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3174.661686][T28440]  ? lock_downgrade+0x6e0/0x6e0
[ 3174.666590][T28440]  __do_sys_clone+0xba/0x100
[ 3174.671206][T28440]  ? kernel_clone+0x980/0x980
[ 3174.675929][T28440]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3174.681863][T28440]  do_syscall_64+0x39/0xb0
[ 3174.686307][T28440]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3174.692228][T28440] RIP: 0033:0x7f228be8d501
[ 3174.696664][T28440] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3174.716563][T28440] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3174.725018][T28440] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3174.733057][T28440] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
01:22:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3403}, 0x0)

[ 3174.741051][T28440] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3174.749046][T28440] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3174.757048][T28440] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3174.765070][T28440]  </TASK>
01:22:25 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="346a0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3174.945495][T28452] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3175.414264][T28440] memory: usage 307184kB, limit 307200kB, failcnt 5075
[ 3175.421185][T28440] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3175.449135][T28440] Memory cgroup stats for /syz5:
[ 3175.449341][T28440] anon 90112
[ 3175.449341][T28440] file 155648
[ 3175.449341][T28440] kernel 314310656
[ 3175.449341][T28440] kernel_stack 65536
[ 3175.449341][T28440] pagetables 73728
[ 3175.449341][T28440] sec_pagetables 0
[ 3175.449341][T28440] percpu 5436928
[ 3175.449341][T28440] sock 0
[ 3175.449341][T28440] vmalloc 0
[ 3175.449341][T28440] shmem 155648
[ 3175.449341][T28440] zswap 0
[ 3175.449341][T28440] zswapped 0
[ 3175.449341][T28440] file_mapped 155648
[ 3175.449341][T28440] file_dirty 0
[ 3175.449341][T28440] file_writeback 0
[ 3175.449341][T28440] swapcached 0
[ 3175.449341][T28440] anon_thp 0
[ 3175.449341][T28440] file_thp 0
[ 3175.449341][T28440] shmem_thp 0
[ 3175.449341][T28440] inactive_anon 94208
[ 3175.449341][T28440] active_anon 151552
[ 3175.449341][T28440] inactive_file 0
[ 3175.449341][T28440] active_file 0
[ 3175.449341][T28440] unevictable 0
[ 3175.449341][T28440] slab_reclaimable 13416
[ 3175.449341][T28440] slab_unreclaimable 308686840
[ 3175.707752][T28440] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28440,uid=0
[ 3176.115040][T28440] Memory cgroup out of memory: Killed process 28440 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:27 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe610020000000000)

01:22:27 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x2400}, 0x0)

01:22:27 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34780300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3701}, 0x0)

01:22:27 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x4}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:27 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x1300}, 0x0)

01:22:27 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34820300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:27 executing program 1:
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, 0x0, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
recvmsg(r1, &(0x7f0000000380)={&(0x7f0000000180)=@caif, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/39, 0x27}, {&(0x7f0000000280)=""/101, 0x65}], 0x2, &(0x7f0000000340)=""/14, 0xe}, 0x2002)

[ 3176.323022][T28465] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3a00}, 0x0)

01:22:27 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="348a0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:27 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x3f00}, 0x0)

[ 3176.663555][T28476] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3176.723302][T28476] CPU: 0 PID: 28476 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3176.733765][T28476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3176.743847][T28476] Call Trace:
[ 3176.747218][T28476]  <TASK>
[ 3176.750148][T28476]  dump_stack_lvl+0xd1/0x138
[ 3176.754753][T28476]  dump_header+0x10b/0x85f
[ 3176.759186][T28476]  oom_kill_process.cold+0x10/0x15
[ 3176.764320][T28476]  out_of_memory+0x35c/0x14a0
[ 3176.769012][T28476]  ? find_held_lock+0x2d/0x110
[ 3176.773791][T28476]  ? oom_killer_disable+0x280/0x280
[ 3176.779041][T28476]  ? find_held_lock+0x2d/0x110
[ 3176.783835][T28476]  mem_cgroup_out_of_memory+0x206/0x270
[ 3176.789392][T28476]  ? mem_cgroup_margin+0x130/0x130
[ 3176.794510][T28476]  ? lock_downgrade+0x6e0/0x6e0
[ 3176.799399][T28476]  try_charge_memcg+0xef8/0x12f0
[ 3176.804354][T28476]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3176.810350][T28476]  ? rcu_read_unlock+0x9/0x60
[ 3176.815034][T28476]  ? lock_downgrade+0x6e0/0x6e0
[ 3176.819911][T28476]  charge_memcg+0x99/0x3b0
[ 3176.824339][T28476]  __mem_cgroup_charge+0x2b/0x90
[ 3176.829288][T28476]  wp_page_copy+0x2bf/0x1ca0
[ 3176.833898][T28476]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3176.840490][T28476]  ? lock_downgrade+0x6e0/0x6e0
[ 3176.845353][T28476]  ? vm_normal_page+0x14a/0x2a0
[ 3176.850222][T28476]  do_wp_page+0x1d1/0x1930
[ 3176.854651][T28476]  __handle_mm_fault+0x181b/0x3a40
[ 3176.859781][T28476]  ? vm_iomap_memory+0x190/0x190
[ 3176.864749][T28476]  handle_mm_fault+0x1cc/0x780
[ 3176.869527][T28476]  do_user_addr_fault+0x475/0x1210
[ 3176.874654][T28476]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3176.880218][T28476]  exc_page_fault+0x98/0x170
[ 3176.884839][T28476]  asm_exc_page_fault+0x26/0x30
[ 3176.889707][T28476] RIP: 0033:0x7f228be39580
[ 3176.894127][T28476] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3176.913745][T28476] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3176.919845][T28476] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3176.927831][T28476] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3176.935824][T28476] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3176.943804][T28476] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3176.951791][T28476] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3176.959787][T28476]  ? __x64_sys_socket+0x11/0xb0
[ 3176.964665][T28476]  </TASK>
01:22:27 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34920300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3177.008336][T28486] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3177.142687][T28476] memory: usage 307200kB, limit 307200kB, failcnt 5190
[ 3177.150611][T28476] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3177.254745][T28476] Memory cgroup stats for /syz5:
[ 3177.254939][T28476] anon 102400
[ 3177.254939][T28476] file 155648
[ 3177.254939][T28476] kernel 314314752
[ 3177.254939][T28476] kernel_stack 65536
[ 3177.254939][T28476] pagetables 73728
[ 3177.254939][T28476] sec_pagetables 0
[ 3177.254939][T28476] percpu 5436928
[ 3177.254939][T28476] sock 0
[ 3177.254939][T28476] vmalloc 0
[ 3177.254939][T28476] shmem 155648
[ 3177.254939][T28476] zswap 0
[ 3177.254939][T28476] zswapped 0
[ 3177.254939][T28476] file_mapped 155648
[ 3177.254939][T28476] file_dirty 0
[ 3177.254939][T28476] file_writeback 0
[ 3177.254939][T28476] swapcached 0
[ 3177.254939][T28476] anon_thp 0
[ 3177.254939][T28476] file_thp 0
[ 3177.254939][T28476] shmem_thp 0
[ 3177.254939][T28476] inactive_anon 106496
[ 3177.254939][T28476] active_anon 151552
[ 3177.254939][T28476] inactive_file 0
[ 3177.254939][T28476] active_file 0
[ 3177.254939][T28476] unevictable 0
[ 3177.254939][T28476] slab_reclaimable 15344
[ 3177.254939][T28476] slab_unreclaimable 308687952
[ 3177.781550][T28476] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28476,uid=0
[ 3177.828236][T28476] Memory cgroup out of memory: Killed process 28476 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:28 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe710020000000000)

01:22:28 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x5}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3c00}, 0x0)

01:22:28 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x5865}, 0x0)

01:22:28 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="349a0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:28 executing program 1:
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
recvmsg(r1, &(0x7f0000000380)={&(0x7f0000000180)=@caif, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/39, 0x27}, {&(0x7f0000000280)=""/101, 0x65}], 0x2, &(0x7f0000000340)=""/14, 0xe}, 0x2002)

[ 3178.017635][T28497] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:29 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34a20300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3c01}, 0x0)

01:22:29 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34a80300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:29 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x6000}, 0x0)

01:22:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3c02}, 0x0)

[ 3178.384318][T28503] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:22:29 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34aa0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3178.486012][T28503] CPU: 0 PID: 28503 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3178.496473][T28503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3178.506546][T28503] Call Trace:
[ 3178.509841][T28503]  <TASK>
[ 3178.512788][T28503]  dump_stack_lvl+0xd1/0x138
[ 3178.517406][T28503]  dump_header+0x10b/0x85f
[ 3178.521863][T28503]  oom_kill_process.cold+0x10/0x15
[ 3178.527003][T28503]  out_of_memory+0x35c/0x14a0
[ 3178.531696][T28503]  ? find_held_lock+0x2d/0x110
[ 3178.536470][T28503]  ? oom_killer_disable+0x280/0x280
[ 3178.541686][T28503]  ? find_held_lock+0x2d/0x110
[ 3178.546461][T28503]  mem_cgroup_out_of_memory+0x206/0x270
[ 3178.552016][T28503]  ? mem_cgroup_margin+0x130/0x130
[ 3178.557136][T28503]  ? lock_downgrade+0x6e0/0x6e0
[ 3178.562012][T28503]  try_charge_memcg+0xef8/0x12f0
[ 3178.566967][T28503]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3178.572964][T28503]  ? rcu_read_unlock+0x9/0x60
[ 3178.577644][T28503]  ? lock_downgrade+0x6e0/0x6e0
[ 3178.582525][T28503]  charge_memcg+0x99/0x3b0
[ 3178.586954][T28503]  __mem_cgroup_charge+0x2b/0x90
[ 3178.591905][T28503]  wp_page_copy+0x2bf/0x1ca0
[ 3178.596510][T28503]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3178.603100][T28503]  ? lock_downgrade+0x6e0/0x6e0
[ 3178.607960][T28503]  ? vm_normal_page+0x14a/0x2a0
[ 3178.612836][T28503]  do_wp_page+0x1d1/0x1930
[ 3178.617262][T28503]  __handle_mm_fault+0x181b/0x3a40
[ 3178.622391][T28503]  ? vm_iomap_memory+0x190/0x190
[ 3178.627367][T28503]  handle_mm_fault+0x1cc/0x780
[ 3178.632142][T28503]  do_user_addr_fault+0x475/0x1210
[ 3178.637263][T28503]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3178.642826][T28503]  exc_page_fault+0x98/0x170
[ 3178.647429][T28503]  asm_exc_page_fault+0x26/0x30
[ 3178.652280][T28503] RIP: 0033:0x7f228be39580
[ 3178.656704][T28503] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3178.676310][T28503] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3178.682386][T28503] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3178.690360][T28503] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3178.698343][T28503] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3178.706319][T28503] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3178.714291][T28503] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3178.722278][T28503]  ? __x64_sys_socket+0x11/0xb0
[ 3178.727149][T28503]  </TASK>
[ 3178.760452][T28514] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3179.512646][T28503] memory: usage 307200kB, limit 307200kB, failcnt 5318
[ 3179.519561][T28503] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3179.544110][T28503] Memory cgroup stats for /syz5:
[ 3179.544329][T28503] anon 102400
[ 3179.544329][T28503] file 155648
[ 3179.544329][T28503] kernel 314314752
[ 3179.544329][T28503] kernel_stack 65536
[ 3179.544329][T28503] pagetables 73728
[ 3179.544329][T28503] sec_pagetables 0
[ 3179.544329][T28503] percpu 5436928
[ 3179.544329][T28503] sock 0
[ 3179.544329][T28503] vmalloc 0
[ 3179.544329][T28503] shmem 155648
[ 3179.544329][T28503] zswap 0
[ 3179.544329][T28503] zswapped 0
[ 3179.544329][T28503] file_mapped 155648
[ 3179.544329][T28503] file_dirty 0
[ 3179.544329][T28503] file_writeback 0
[ 3179.544329][T28503] swapcached 0
[ 3179.544329][T28503] anon_thp 0
[ 3179.544329][T28503] file_thp 0
[ 3179.544329][T28503] shmem_thp 0
[ 3179.544329][T28503] inactive_anon 106496
[ 3179.544329][T28503] active_anon 151552
[ 3179.544329][T28503] inactive_file 0
[ 3179.544329][T28503] active_file 0
[ 3179.544329][T28503] unevictable 0
[ 3179.544329][T28503] slab_reclaimable 15344
[ 3179.544329][T28503] slab_unreclaimable 308687952
[ 3179.859504][T28503] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28503,uid=0
01:22:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe810020000000000)

01:22:30 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34b20300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3e03}, 0x0)

01:22:30 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x6}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:30 executing program 1:
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
recvmsg(r1, &(0x7f0000000380)={&(0x7f0000000180)=@caif, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/39, 0x27}, {&(0x7f0000000280)=""/101, 0x65}], 0x2, &(0x7f0000000340)=""/14, 0xe}, 0x2002)

01:22:30 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x6558}, 0x0)

[ 3179.914160][T28503] Memory cgroup out of memory: Killed process 28503 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:30 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34c20300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3179.992057][T28527] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:31 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x3f00}, 0x0)

01:22:31 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34ca0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3180.238064][T28537] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:22:31 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x6a03}, 0x0)

[ 3180.304284][T28537] CPU: 1 PID: 28537 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3180.314750][T28537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3180.324824][T28537] Call Trace:
[ 3180.328118][T28537]  <TASK>
[ 3180.331067][T28537]  dump_stack_lvl+0xd1/0x138
[ 3180.335688][T28537]  dump_header+0x10b/0x85f
[ 3180.340147][T28537]  oom_kill_process.cold+0x10/0x15
[ 3180.345297][T28537]  out_of_memory+0x35c/0x14a0
[ 3180.350009][T28537]  ? find_held_lock+0x2d/0x110
[ 3180.354809][T28537]  ? oom_killer_disable+0x280/0x280
[ 3180.360040][T28537]  ? find_held_lock+0x2d/0x110
[ 3180.364840][T28537]  mem_cgroup_out_of_memory+0x206/0x270
[ 3180.370415][T28537]  ? mem_cgroup_margin+0x130/0x130
[ 3180.375549][T28537]  ? lock_downgrade+0x6e0/0x6e0
[ 3180.380450][T28537]  try_charge_memcg+0xef8/0x12f0
[ 3180.385426][T28537]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3180.391443][T28537]  ? rcu_read_unlock+0x9/0x60
[ 3180.396147][T28537]  ? lock_downgrade+0x6e0/0x6e0
[ 3180.401050][T28537]  charge_memcg+0x99/0x3b0
[ 3180.405511][T28537]  __mem_cgroup_charge+0x2b/0x90
[ 3180.410484][T28537]  wp_page_copy+0x2bf/0x1ca0
[ 3180.415112][T28537]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3180.421731][T28537]  ? lock_downgrade+0x6e0/0x6e0
[ 3180.426618][T28537]  ? vm_normal_page+0x14a/0x2a0
[ 3180.431526][T28537]  do_wp_page+0x1d1/0x1930
[ 3180.435971][T28537]  __handle_mm_fault+0x181b/0x3a40
[ 3180.441120][T28537]  ? vm_iomap_memory+0x190/0x190
[ 3180.446113][T28537]  handle_mm_fault+0x1cc/0x780
[ 3180.450910][T28537]  do_user_addr_fault+0x475/0x1210
[ 3180.456054][T28537]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3180.461644][T28537]  exc_page_fault+0x98/0x170
[ 3180.466267][T28537]  asm_exc_page_fault+0x26/0x30
[ 3180.471146][T28537] RIP: 0033:0x7f228be39580
[ 3180.475673][T28537] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3180.495300][T28537] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3180.501389][T28537] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3180.509380][T28537] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3180.517367][T28537] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3180.525357][T28537] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3180.533346][T28537] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3180.541333][T28537]  ? __x64_sys_socket+0x11/0xb0
[ 3180.546235][T28537]  </TASK>
01:22:31 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34d20300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3180.637236][T28542] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:31 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4000}, 0x0)

[ 3180.791565][T28537] memory: usage 307200kB, limit 307200kB, failcnt 5419
[ 3180.802092][T28537] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3180.835521][T28537] Memory cgroup stats for /syz5:
[ 3180.835708][T28537] anon 102400
[ 3180.835708][T28537] file 155648
[ 3180.835708][T28537] kernel 314314752
[ 3180.835708][T28537] kernel_stack 65536
[ 3180.835708][T28537] pagetables 73728
[ 3180.835708][T28537] sec_pagetables 0
[ 3180.835708][T28537] percpu 5436928
[ 3180.835708][T28537] sock 0
[ 3180.835708][T28537] vmalloc 0
[ 3180.835708][T28537] shmem 155648
[ 3180.835708][T28537] zswap 0
[ 3180.835708][T28537] zswapped 0
[ 3180.835708][T28537] file_mapped 155648
[ 3180.835708][T28537] file_dirty 0
[ 3180.835708][T28537] file_writeback 0
[ 3180.835708][T28537] swapcached 0
[ 3180.835708][T28537] anon_thp 0
[ 3180.835708][T28537] file_thp 0
[ 3180.835708][T28537] shmem_thp 0
[ 3180.835708][T28537] inactive_anon 106496
[ 3180.835708][T28537] active_anon 151552
[ 3180.835708][T28537] inactive_file 0
[ 3180.835708][T28537] active_file 0
[ 3180.835708][T28537] unevictable 0
[ 3180.835708][T28537] slab_reclaimable 15344
[ 3180.835708][T28537] slab_unreclaimable 308687952
[ 3181.354471][T28537] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28537,uid=0
[ 3181.401495][T28537] Memory cgroup out of memory: Killed process 28537 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
[ 3181.524696][T28547] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3181.544999][T28547] CPU: 0 PID: 28547 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3181.555460][T28547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3181.565535][T28547] Call Trace:
[ 3181.568816][T28547]  <TASK>
[ 3181.571747][T28547]  dump_stack_lvl+0xd1/0x138
[ 3181.576352][T28547]  dump_header+0x10b/0x85f
[ 3181.580802][T28547]  oom_kill_process.cold+0x10/0x15
[ 3181.585954][T28547]  out_of_memory+0x35c/0x14a0
[ 3181.590655][T28547]  ? oom_killer_disable+0x280/0x280
[ 3181.595879][T28547]  ? find_held_lock+0x2d/0x110
[ 3181.600683][T28547]  mem_cgroup_out_of_memory+0x206/0x270
[ 3181.606258][T28547]  ? mem_cgroup_margin+0x130/0x130
[ 3181.611381][T28547]  ? lock_downgrade+0x6e0/0x6e0
[ 3181.616267][T28547]  try_charge_memcg+0xef8/0x12f0
[ 3181.621228][T28547]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3181.627230][T28547]  ? rcu_read_unlock+0x9/0x60
[ 3181.631916][T28547]  ? lock_downgrade+0x6e0/0x6e0
[ 3181.636798][T28547]  charge_memcg+0x99/0x3b0
[ 3181.641234][T28547]  __mem_cgroup_charge+0x2b/0x90
[ 3181.646189][T28547]  wp_page_copy+0x2bf/0x1ca0
[ 3181.650793][T28547]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3181.657385][T28547]  ? lock_downgrade+0x6e0/0x6e0
[ 3181.662248][T28547]  ? vm_normal_page+0x14a/0x2a0
[ 3181.667115][T28547]  do_wp_page+0x1d1/0x1930
[ 3181.671544][T28547]  __handle_mm_fault+0x181b/0x3a40
[ 3181.676669][T28547]  ? vm_iomap_memory+0x190/0x190
[ 3181.681637][T28547]  handle_mm_fault+0x1cc/0x780
[ 3181.686411][T28547]  do_user_addr_fault+0x475/0x1210
[ 3181.691530][T28547]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3181.697090][T28547]  exc_page_fault+0x98/0x170
[ 3181.701693][T28547]  asm_exc_page_fault+0x26/0x30
[ 3181.706548][T28547] RIP: 0033:0x7f4487439580
[ 3181.710965][T28547] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3181.730576][T28547] RSP: 002b:00007fffd90bacf0 EFLAGS: 00010246
[ 3181.736644][T28547] RAX: 00000000f93167f3 RBX: 00007f44875ac0e8 RCX: 0000001b30820000
[ 3181.744615][T28547] RDX: 0000000000000000 RSI: 0000001b30820018 RDI: 000000000910c864
[ 3181.752590][T28547] RBP: 00000000f93167f3 R08: 00000000000007f3 R09: 00000000f93167f7
[ 3181.760562][T28547] R10: 00007fffd90baeb0 R11: 0000000000000246 R12: 00007f44875a0000
01:22:32 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xe910020000000000)

01:22:32 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x8100}, 0x0)

01:22:32 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x7}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:32 executing program 1:
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, 0x0, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
recvmsg(r1, &(0x7f0000000380)={&(0x7f0000000180)=@caif, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/39, 0x27}, {&(0x7f0000000280)=""/101, 0x65}], 0x2, &(0x7f0000000340)=""/14, 0xe}, 0x2002)

01:22:32 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34da0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3181.768534][T28547] R13: 0000000000000001 R14: 0000000000000008 R15: ffffffff81e46e4e
[ 3181.776507][T28547]  ? __fget_files+0x1e/0x440
[ 3181.781127][T28547]  </TASK>
01:22:32 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34e20300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3181.868201][T28558] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:32 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34e40300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:33 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xf000}, 0x0)

01:22:33 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34ea0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:33 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34ec0300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3182.236097][T28572] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3182.411852][T28547] memory: usage 307200kB, limit 307200kB, failcnt 16784
[ 3182.431560][T28547] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3182.460190][T28547] Memory cgroup stats for /syz4:
[ 3182.460411][T28547] anon 122880
[ 3182.460411][T28547] file 335872
[ 3182.460411][T28547] kernel 314114048
[ 3182.460411][T28547] kernel_stack 98304
[ 3182.460411][T28547] pagetables 86016
[ 3182.460411][T28547] sec_pagetables 0
[ 3182.460411][T28547] percpu 5432192
[ 3182.460411][T28547] sock 0
[ 3182.460411][T28547] vmalloc 0
[ 3182.460411][T28547] shmem 331776
[ 3182.460411][T28547] zswap 0
[ 3182.460411][T28547] zswapped 0
[ 3182.460411][T28547] file_mapped 286720
[ 3182.460411][T28547] file_dirty 0
01:22:33 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x34000}, 0x0)

[ 3182.460411][T28547] file_writeback 0
[ 3182.460411][T28547] swapcached 0
[ 3182.460411][T28547] anon_thp 0
[ 3182.460411][T28547] file_thp 0
[ 3182.460411][T28547] shmem_thp 0
[ 3182.460411][T28547] inactive_anon 151552
[ 3182.460411][T28547] active_anon 303104
[ 3182.460411][T28547] inactive_file 0
[ 3182.460411][T28547] active_file 4096
[ 3182.460411][T28547] unevictable 0
[ 3182.460411][T28547] slab_reclaimable 18960
[ 3182.460411][T28547] slab_unreclaimable 308449000
[ 3182.665738][T28579] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3182.949991][T28547] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=28547,uid=0
[ 3183.035480][T28547] Memory cgroup out of memory: Killed process 28547 (syz-executor.4) total-vm:54672kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000
01:22:34 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x408a}, 0x0)

01:22:34 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34f20300100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3183.109618][T28561] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3183.151816][T28561] CPU: 0 PID: 28561 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3183.162292][T28561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3183.172382][T28561] Call Trace:
[ 3183.175687][T28561]  <TASK>
[ 3183.178686][T28561]  dump_stack_lvl+0xd1/0x138
[ 3183.183308][T28561]  dump_header+0x10b/0x85f
[ 3183.187767][T28561]  oom_kill_process.cold+0x10/0x15
[ 3183.192920][T28561]  out_of_memory+0x35c/0x14a0
[ 3183.197640][T28561]  ? find_held_lock+0x2d/0x110
[ 3183.202436][T28561]  ? oom_killer_disable+0x280/0x280
[ 3183.207763][T28561]  ? find_held_lock+0x2d/0x110
[ 3183.212569][T28561]  mem_cgroup_out_of_memory+0x206/0x270
[ 3183.218149][T28561]  ? mem_cgroup_margin+0x130/0x130
[ 3183.223287][T28561]  ? lock_downgrade+0x6e0/0x6e0
[ 3183.228190][T28561]  try_charge_memcg+0xef8/0x12f0
[ 3183.233169][T28561]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3183.239191][T28561]  ? rcu_read_unlock+0x9/0x60
[ 3183.243893][T28561]  ? lock_downgrade+0x6e0/0x6e0
[ 3183.248822][T28561]  charge_memcg+0x99/0x3b0
[ 3183.253322][T28561]  __mem_cgroup_charge+0x2b/0x90
[ 3183.258298][T28561]  wp_page_copy+0x2bf/0x1ca0
[ 3183.262935][T28561]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3183.269547][T28561]  ? lock_downgrade+0x6e0/0x6e0
[ 3183.274433][T28561]  ? vm_normal_page+0x14a/0x2a0
[ 3183.279328][T28561]  do_wp_page+0x1d1/0x1930
[ 3183.283775][T28561]  __handle_mm_fault+0x181b/0x3a40
[ 3183.288934][T28561]  ? vm_iomap_memory+0x190/0x190
[ 3183.294023][T28561]  handle_mm_fault+0x1cc/0x780
[ 3183.298823][T28561]  do_user_addr_fault+0x475/0x1210
[ 3183.303965][T28561]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3183.309543][T28561]  exc_page_fault+0x98/0x170
[ 3183.314155][T28561]  asm_exc_page_fault+0x26/0x30
[ 3183.319034][T28561] RIP: 0033:0x7f228be39580
[ 3183.323456][T28561] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3183.343067][T28561] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3183.349139][T28561] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3183.357114][T28561] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3183.365085][T28561] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3183.373062][T28561] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3183.381034][T28561] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3183.389183][T28561]  ? __x64_sys_socket+0x11/0xb0
[ 3183.394066][T28561]  </TASK>
[ 3183.830943][T28561] memory: usage 307200kB, limit 307200kB, failcnt 5576
[ 3183.846042][T28561] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3183.853495][T28561] Memory cgroup stats for /syz5:
[ 3183.853692][T28561] anon 102400
[ 3183.853692][T28561] file 155648
[ 3183.853692][T28561] kernel 314298368
[ 3183.853692][T28561] kernel_stack 65536
[ 3183.853692][T28561] pagetables 73728
[ 3183.853692][T28561] sec_pagetables 0
[ 3183.853692][T28561] percpu 5436928
[ 3183.853692][T28561] sock 0
[ 3183.853692][T28561] vmalloc 0
[ 3183.853692][T28561] shmem 155648
[ 3183.853692][T28561] zswap 0
[ 3183.853692][T28561] zswapped 0
[ 3183.853692][T28561] file_mapped 155648
[ 3183.853692][T28561] file_dirty 0
[ 3183.853692][T28561] file_writeback 0
[ 3183.853692][T28561] swapcached 0
[ 3183.853692][T28561] anon_thp 0
[ 3183.853692][T28561] file_thp 0
[ 3183.853692][T28561] shmem_thp 0
[ 3183.853692][T28561] inactive_anon 106496
[ 3183.853692][T28561] active_anon 151552
[ 3183.853692][T28561] inactive_file 0
[ 3183.853692][T28561] active_file 0
[ 3183.853692][T28561] unevictable 0
[ 3183.853692][T28561] slab_reclaimable 15344
[ 3183.853692][T28561] slab_unreclaimable 308678720
[ 3184.241510][T28561] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28561,uid=0
[ 3184.580732][T28561] Memory cgroup out of memory: Killed process 28561 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xea10020000000000)

01:22:35 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x8}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:35 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x400300}, 0x0)

01:22:35 executing program 1:
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, 0x0, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
recvmsg(r1, &(0x7f0000000380)={&(0x7f0000000180)=@caif, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/39, 0x27}, {&(0x7f0000000280)=""/101, 0x65}], 0x2, &(0x7f0000000340)=""/14, 0xe}, 0x2002)

01:22:35 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000500100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4103}, 0x0)

01:22:35 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000600100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3184.805328][T28592] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4201}, 0x0)

[ 3184.989190][T28593] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
01:22:35 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000700100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3185.071570][T28593] CPU: 1 PID: 28593 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3185.082048][T28593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3185.092127][T28593] Call Trace:
[ 3185.095427][T28593]  <TASK>
[ 3185.098379][T28593]  dump_stack_lvl+0xd1/0x138
[ 3185.103006][T28593]  dump_header+0x10b/0x85f
[ 3185.107465][T28593]  oom_kill_process.cold+0x10/0x15
[ 3185.112627][T28593]  out_of_memory+0x35c/0x14a0
[ 3185.117339][T28593]  ? find_held_lock+0x2d/0x110
[ 3185.122139][T28593]  ? oom_killer_disable+0x280/0x280
[ 3185.127384][T28593]  ? find_held_lock+0x2d/0x110
[ 3185.132190][T28593]  mem_cgroup_out_of_memory+0x206/0x270
[ 3185.137772][T28593]  ? mem_cgroup_margin+0x130/0x130
[ 3185.142915][T28593]  ? lock_downgrade+0x6e0/0x6e0
[ 3185.147826][T28593]  try_charge_memcg+0xef8/0x12f0
[ 3185.152810][T28593]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3185.158841][T28593]  ? rcu_read_unlock+0x9/0x60
[ 3185.163548][T28593]  ? lock_downgrade+0x6e0/0x6e0
[ 3185.168452][T28593]  charge_memcg+0x99/0x3b0
[ 3185.172917][T28593]  __mem_cgroup_charge+0x2b/0x90
[ 3185.177901][T28593]  wp_page_copy+0x2bf/0x1ca0
[ 3185.182568][T28593]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3185.189199][T28593]  ? lock_downgrade+0x6e0/0x6e0
[ 3185.194105][T28593]  ? vm_normal_page+0x14a/0x2a0
[ 3185.199006][T28593]  do_wp_page+0x1d1/0x1930
[ 3185.203465][T28593]  __handle_mm_fault+0x181b/0x3a40
[ 3185.208640][T28593]  ? vm_iomap_memory+0x190/0x190
[ 3185.213639][T28593]  handle_mm_fault+0x1cc/0x780
[ 3185.218446][T28593]  do_user_addr_fault+0x475/0x1210
[ 3185.223605][T28593]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3185.229191][T28593]  exc_page_fault+0x98/0x170
[ 3185.233824][T28593]  asm_exc_page_fault+0x26/0x30
[ 3185.238701][T28593] RIP: 0033:0x7f228be39580
[ 3185.243138][T28593] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3185.262777][T28593] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
01:22:36 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xf0ffff}, 0x0)

[ 3185.268877][T28593] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3185.276970][T28593] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3185.284967][T28593] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3185.292969][T28593] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3185.300969][T28593] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3185.308971][T28593]  ? __x64_sys_socket+0x11/0xb0
[ 3185.313879][T28593]  </TASK>
[ 3185.333649][T28610] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:36 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="340a0800100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:36 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x1000000}, 0x0)

[ 3185.664795][T28615] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3186.431764][T28593] memory: usage 307200kB, limit 307200kB, failcnt 5694
[ 3186.438841][T28593] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3186.519139][T28593] Memory cgroup stats for /syz5:
[ 3186.519340][T28593] anon 102400
[ 3186.519340][T28593] file 155648
[ 3186.519340][T28593] kernel 314314752
[ 3186.519340][T28593] kernel_stack 65536
[ 3186.519340][T28593] pagetables 73728
[ 3186.519340][T28593] sec_pagetables 0
[ 3186.519340][T28593] percpu 5436928
[ 3186.519340][T28593] sock 0
[ 3186.519340][T28593] vmalloc 0
[ 3186.519340][T28593] shmem 155648
[ 3186.519340][T28593] zswap 0
[ 3186.519340][T28593] zswapped 0
[ 3186.519340][T28593] file_mapped 155648
[ 3186.519340][T28593] file_dirty 0
[ 3186.519340][T28593] file_writeback 0
[ 3186.519340][T28593] swapcached 0
[ 3186.519340][T28593] anon_thp 0
[ 3186.519340][T28593] file_thp 0
[ 3186.519340][T28593] shmem_thp 0
[ 3186.519340][T28593] inactive_anon 106496
[ 3186.519340][T28593] active_anon 151552
[ 3186.519340][T28593] inactive_file 0
[ 3186.519340][T28593] active_file 0
[ 3186.519340][T28593] unevictable 0
[ 3186.519340][T28593] slab_reclaimable 15344
[ 3186.519340][T28593] slab_unreclaimable 308687952
[ 3186.751470][T28593] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28593,uid=0
[ 3186.797581][T28593] Memory cgroup out of memory: Killed process 28593 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xeb10020000000000)

01:22:37 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000900100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:37 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x9}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:37 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x2000000}, 0x0)

01:22:37 executing program 1:
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, 0x0, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
recvmsg(r1, &(0x7f0000000380)={&(0x7f0000000180)=@caif, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/39, 0x27}, {&(0x7f0000000280)=""/101, 0x65}], 0x2, &(0x7f0000000340)=""/14, 0xe}, 0x2002)

01:22:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4302}, 0x0)

01:22:38 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3187.102261][T28626] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4602}, 0x0)

01:22:38 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34010a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:38 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x3000000}, 0x0)

01:22:38 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34020a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4800}, 0x0)

[ 3187.427733][T28631] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3187.488417][T28641] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3187.530926][T28631] CPU: 1 PID: 28631 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3187.541389][T28631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3187.551469][T28631] Call Trace:
[ 3187.554777][T28631]  <TASK>
[ 3187.557726][T28631]  dump_stack_lvl+0xd1/0x138
[ 3187.562345][T28631]  dump_header+0x10b/0x85f
[ 3187.566796][T28631]  oom_kill_process.cold+0x10/0x15
[ 3187.571947][T28631]  out_of_memory+0x35c/0x14a0
[ 3187.576664][T28631]  ? find_held_lock+0x2d/0x110
[ 3187.581459][T28631]  ? oom_killer_disable+0x280/0x280
[ 3187.586694][T28631]  ? find_held_lock+0x2d/0x110
[ 3187.591491][T28631]  mem_cgroup_out_of_memory+0x206/0x270
[ 3187.597063][T28631]  ? mem_cgroup_margin+0x130/0x130
[ 3187.602197][T28631]  ? lock_downgrade+0x6e0/0x6e0
[ 3187.607098][T28631]  try_charge_memcg+0xef8/0x12f0
[ 3187.612072][T28631]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3187.618092][T28631]  ? rcu_read_unlock+0x9/0x60
[ 3187.622794][T28631]  ? lock_downgrade+0x6e0/0x6e0
[ 3187.627696][T28631]  charge_memcg+0x99/0x3b0
[ 3187.632140][T28631]  __mem_cgroup_charge+0x2b/0x90
[ 3187.637103][T28631]  wp_page_copy+0x2bf/0x1ca0
[ 3187.641726][T28631]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3187.648341][T28631]  ? lock_downgrade+0x6e0/0x6e0
[ 3187.653222][T28631]  ? vm_normal_page+0x14a/0x2a0
[ 3187.658114][T28631]  do_wp_page+0x1d1/0x1930
[ 3187.662552][T28631]  __handle_mm_fault+0x181b/0x3a40
[ 3187.667688][T28631]  ? vm_iomap_memory+0x190/0x190
[ 3187.672679][T28631]  handle_mm_fault+0x1cc/0x780
[ 3187.677473][T28631]  do_user_addr_fault+0x475/0x1210
[ 3187.682621][T28631]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3187.688202][T28631]  exc_page_fault+0x98/0x170
[ 3187.692827][T28631]  asm_exc_page_fault+0x26/0x30
[ 3187.697698][T28631] RIP: 0033:0x7f228be39580
[ 3187.702131][T28631] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 3187.721760][T28631] RSP: 002b:00007ffd261092f0 EFLAGS: 00010246
[ 3187.727851][T28631] RAX: 000000004702ddfb RBX: 00007f228bfac018 RCX: 0000001b30420000
[ 3187.735846][T28631] RDX: 0000000000000000 RSI: 0000001b30420018 RDI: 0000000000000022
[ 3187.743842][T28631] RBP: 000000004702ddfb R08: 0000000000001dfb R09: 000000004702ddff
[ 3187.751918][T28631] R10: 00007ffd261094b0 R11: 0000000000000246 R12: 00007f228bfa0000
[ 3187.759908][T28631] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff87ab9491
[ 3187.767900][T28631]  ? __x64_sys_socket+0x11/0xb0
[ 3187.772796][T28631]  </TASK>
[ 3188.111478][T28631] memory: usage 307200kB, limit 307200kB, failcnt 5817
[ 3188.118475][T28631] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3188.201536][T28631] Memory cgroup stats for /syz5:
[ 3188.201722][T28631] anon 102400
[ 3188.201722][T28631] file 155648
[ 3188.201722][T28631] kernel 314314752
[ 3188.201722][T28631] kernel_stack 65536
[ 3188.201722][T28631] pagetables 73728
[ 3188.201722][T28631] sec_pagetables 0
[ 3188.201722][T28631] percpu 5436928
[ 3188.201722][T28631] sock 0
[ 3188.201722][T28631] vmalloc 0
[ 3188.201722][T28631] shmem 155648
[ 3188.201722][T28631] zswap 0
[ 3188.201722][T28631] zswapped 0
[ 3188.201722][T28631] file_mapped 155648
[ 3188.201722][T28631] file_dirty 0
[ 3188.201722][T28631] file_writeback 0
[ 3188.201722][T28631] swapcached 0
[ 3188.201722][T28631] anon_thp 0
[ 3188.201722][T28631] file_thp 0
[ 3188.201722][T28631] shmem_thp 0
[ 3188.201722][T28631] inactive_anon 106496
[ 3188.201722][T28631] active_anon 151552
[ 3188.201722][T28631] inactive_file 0
[ 3188.201722][T28631] active_file 0
[ 3188.201722][T28631] unevictable 0
[ 3188.201722][T28631] slab_reclaimable 15344
[ 3188.201722][T28631] slab_unreclaimable 308687952
[ 3188.503513][T28631] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28631,uid=0
[ 3188.520111][T28631] Memory cgroup out of memory: Killed process 28631 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:39 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xec10020000000000)

01:22:39 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34080a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:39 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x4000000}, 0x0)

01:22:39 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0xa}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4a00}, 0x0)

01:22:39 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
unshare(0x40000000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r1, &(0x7f0000000000), 0x248800)
write$cgroup_pressure(r1, &(0x7f0000000080)={'full', 0x20, 0x1, 0x20, 0x3}, 0x2f)
socket(0x2a, 0x2, 0x0)

01:22:39 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34580b00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3188.682281][T28650] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4a03}, 0x0)

[ 3188.838545][T28660] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3188.879394][T28660] CPU: 1 PID: 28660 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3188.889853][T28660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3188.899926][T28660] Call Trace:
[ 3188.903222][T28660]  <TASK>
[ 3188.906169][T28660]  dump_stack_lvl+0xd1/0x138
[ 3188.910785][T28660]  dump_header+0x10b/0x85f
[ 3188.915252][T28660]  oom_kill_process.cold+0x10/0x15
[ 3188.920405][T28660]  out_of_memory+0x35c/0x14a0
[ 3188.925120][T28660]  ? find_held_lock+0x2d/0x110
[ 3188.929918][T28660]  ? oom_killer_disable+0x280/0x280
[ 3188.935141][T28660]  ? find_held_lock+0x2d/0x110
[ 3188.939944][T28660]  mem_cgroup_out_of_memory+0x206/0x270
[ 3188.945519][T28660]  ? mem_cgroup_margin+0x130/0x130
[ 3188.950646][T28660]  ? lock_downgrade+0x6e0/0x6e0
[ 3188.955533][T28660]  try_charge_memcg+0xef8/0x12f0
[ 3188.960499][T28660]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3188.966508][T28660]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3188.972242][T28660]  ? lock_downgrade+0x6e0/0x6e0
[ 3188.977111][T28660]  ? lock_downgrade+0x6e0/0x6e0
[ 3188.981989][T28660]  __memcg_kmem_charge_page+0x16e/0x3b0
[ 3188.987551][T28660]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 3188.993715][T28660]  copy_process+0x15ed/0x7190
[ 3188.998402][T28660]  ? __lock_acquire+0xbc3/0x56d0
[ 3189.003367][T28660]  ? __cleanup_sighand+0xb0/0xb0
[ 3189.008306][T28660]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3189.014306][T28660]  ? psi_memstall_leave+0x174/0x250
[ 3189.019529][T28660]  kernel_clone+0xeb/0x980
[ 3189.023953][T28660]  ? create_io_thread+0xf0/0xf0
[ 3189.028811][T28660]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3189.035063][T28660]  ? lock_downgrade+0x6e0/0x6e0
[ 3189.039955][T28660]  __do_sys_clone+0xba/0x100
[ 3189.044574][T28660]  ? kernel_clone+0x980/0x980
[ 3189.049316][T28660]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3189.055278][T28660]  do_syscall_64+0x39/0xb0
[ 3189.059708][T28660]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3189.065610][T28660] RIP: 0033:0x7f228be8d501
[ 3189.070035][T28660] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3189.089648][T28660] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3189.098063][T28660] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3189.106038][T28660] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3189.114010][T28660] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3189.121979][T28660] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3189.129948][T28660] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3189.137939][T28660]  </TASK>
01:22:40 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x5000000}, 0x0)

01:22:40 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000c00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:40 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000e00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:40 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000f00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3189.384856][T28669] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3189.562048][T28660] memory: usage 307172kB, limit 307200kB, failcnt 5904
[ 3189.569055][T28660] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3189.651950][T28660] Memory cgroup stats for /syz5:
[ 3189.652183][T28660] anon 90112
[ 3189.652183][T28660] file 155648
[ 3189.652183][T28660] kernel 314298368
[ 3189.652183][T28660] kernel_stack 32768
[ 3189.652183][T28660] pagetables 73728
[ 3189.652183][T28660] sec_pagetables 0
[ 3189.652183][T28660] percpu 5436928
[ 3189.652183][T28660] sock 0
[ 3189.652183][T28660] vmalloc 0
[ 3189.652183][T28660] shmem 155648
[ 3189.652183][T28660] zswap 0
[ 3189.652183][T28660] zswapped 0
[ 3189.652183][T28660] file_mapped 155648
[ 3189.652183][T28660] file_dirty 0
[ 3189.652183][T28660] file_writeback 0
[ 3189.652183][T28660] swapcached 0
[ 3189.652183][T28660] anon_thp 0
[ 3189.652183][T28660] file_thp 0
[ 3189.652183][T28660] shmem_thp 0
[ 3189.652183][T28660] inactive_anon 94208
[ 3189.652183][T28660] active_anon 151552
[ 3189.652183][T28660] inactive_file 0
[ 3189.652183][T28660] active_file 0
[ 3189.652183][T28660] unevictable 0
[ 3189.652183][T28660] slab_reclaimable 13416
[ 3189.652183][T28660] slab_unreclaimable 308686840
[ 3190.013015][T28660] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28660,uid=0
[ 3190.229479][T28660] Memory cgroup out of memory: Killed process 28660 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xed10020000000000)

01:22:41 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0xb}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4c00}, 0x0)

01:22:41 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x6000000}, 0x0)

01:22:41 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34001200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:41 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
openat$cgroup_procs(r0, 0x0, 0x2, 0x0) (async)
openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) (async, rerun: 64)
unshare(0x40000000) (async, rerun: 64)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r1, &(0x7f0000000000), 0x248800) (async)
write$cgroup_pressure(r1, &(0x7f0000000080)={'full', 0x20, 0x1, 0x20, 0x3}, 0x2f) (async, rerun: 64)
socket(0x2a, 0x2, 0x0) (rerun: 64)

01:22:41 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34021200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3190.411878][T28685] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3190.432564][T28677] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3190.516168][T28677] CPU: 1 PID: 28677 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3190.526631][T28677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3190.536708][T28677] Call Trace:
[ 3190.540004][T28677]  <TASK>
[ 3190.542950][T28677]  dump_stack_lvl+0xd1/0x138
[ 3190.547573][T28677]  dump_header+0x10b/0x85f
[ 3190.552061][T28677]  oom_kill_process.cold+0x10/0x15
[ 3190.557216][T28677]  out_of_memory+0x35c/0x14a0
[ 3190.561933][T28677]  ? find_held_lock+0x2d/0x110
[ 3190.566732][T28677]  ? oom_killer_disable+0x280/0x280
[ 3190.571965][T28677]  ? find_held_lock+0x2d/0x110
[ 3190.576762][T28677]  mem_cgroup_out_of_memory+0x206/0x270
[ 3190.582337][T28677]  ? mem_cgroup_margin+0x130/0x130
[ 3190.587470][T28677]  ? lock_downgrade+0x6e0/0x6e0
[ 3190.592353][T28677]  try_charge_memcg+0xef8/0x12f0
[ 3190.597312][T28677]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3190.603308][T28677]  ? rcu_read_unlock+0x9/0x60
[ 3190.607991][T28677]  ? lock_downgrade+0x6e0/0x6e0
[ 3190.612873][T28677]  charge_memcg+0x99/0x3b0
[ 3190.617308][T28677]  __mem_cgroup_charge+0x2b/0x90
[ 3190.622261][T28677]  wp_page_copy+0x2bf/0x1ca0
[ 3190.626867][T28677]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3190.633464][T28677]  ? lock_downgrade+0x6e0/0x6e0
[ 3190.638328][T28677]  ? vm_normal_page+0x14a/0x2a0
[ 3190.643199][T28677]  do_wp_page+0x538/0x1930
[ 3190.647633][T28677]  __handle_mm_fault+0x181b/0x3a40
[ 3190.652786][T28677]  ? vm_iomap_memory+0x190/0x190
[ 3190.657859][T28677]  handle_mm_fault+0x1cc/0x780
[ 3190.662641][T28677]  do_user_addr_fault+0x475/0x1210
[ 3190.667765][T28677]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3190.673330][T28677]  exc_page_fault+0x98/0x170
[ 3190.677947][T28677]  asm_exc_page_fault+0x26/0x30
[ 3190.682810][T28677] RIP: 0033:0x7f228be36cd0
[ 3190.687237][T28677] Code: 0f 84 b4 00 00 00 80 3d f9 e9 c9 00 00 75 1b 80 3d f1 e9 c9 00 00 75 12 80 3d e3 e9 c9 00 00 0f 84 95 00 00 00 0f 1f 44 00 00 <41> c6 44 24 f8 01 45 89 6c 24 f4 41 c6 44 24 14 00 8b 93 8c 00 00
[ 3190.706847][T28677] RSP: 002b:00007ffd261093d0 EFLAGS: 00010202
01:22:41 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34031200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x4e00}, 0x0)

[ 3190.712916][T28677] RAX: 0000000000000000 RBX: 00007f228bfabf8c RCX: 0000000000000000
[ 3190.720886][T28677] RDX: 00007ffd26109538 RSI: ffff80dd74054074 RDI: 00007ffd26109568
[ 3190.728858][T28677] RBP: 00007ffd26109488 R08: 0000000000000000 R09: 0000000000000000
[ 3190.736826][T28677] R10: 00007f228ba00010 R11: 000000000009786e R12: 00007f228bfabf8c
[ 3190.744795][T28677] R13: 0000000000000000 R14: 00007f228bfabf80 R15: 00007ffd26109670
[ 3190.752784][T28677]  </TASK>
01:22:41 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x7000000}, 0x0)

01:22:41 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34021a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3191.012823][T28703] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:42 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34031a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3191.541491][T28677] memory: usage 307132kB, limit 307200kB, failcnt 5960
[ 3191.548538][T28677] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3191.561145][T28677] Memory cgroup stats for /syz5:
[ 3191.561360][T28677] anon 77824
[ 3191.561360][T28677] file 155648
[ 3191.561360][T28677] kernel 314269696
[ 3191.561360][T28677] kernel_stack 32768
[ 3191.561360][T28677] pagetables 73728
[ 3191.561360][T28677] sec_pagetables 0
[ 3191.561360][T28677] percpu 5436928
[ 3191.561360][T28677] sock 0
[ 3191.561360][T28677] vmalloc 0
[ 3191.561360][T28677] shmem 155648
[ 3191.561360][T28677] zswap 0
[ 3191.561360][T28677] zswapped 0
[ 3191.561360][T28677] file_mapped 155648
[ 3191.561360][T28677] file_dirty 0
[ 3191.561360][T28677] file_writeback 0
[ 3191.561360][T28677] swapcached 0
[ 3191.561360][T28677] anon_thp 0
[ 3191.561360][T28677] file_thp 0
[ 3191.561360][T28677] shmem_thp 0
[ 3191.561360][T28677] inactive_anon 81920
[ 3191.561360][T28677] active_anon 151552
[ 3191.561360][T28677] inactive_file 0
[ 3191.561360][T28677] active_file 0
[ 3191.561360][T28677] unevictable 0
[ 3191.561360][T28677] slab_reclaimable 13416
[ 3191.561360][T28677] slab_unreclaimable 308678496
[ 3191.778046][T28677] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28677,uid=0
[ 3191.800545][T28677] Memory cgroup out of memory: Killed process 28677 (syz-executor.5) total-vm:54408kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:42 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xee10020000000000)

01:22:42 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34fa1e00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:42 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x8000000}, 0x0)

01:22:42 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0xc}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x5002}, 0x0)

[ 3192.136352][T28716] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3192.160482][T28709] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000
[ 3192.205476][T28709] CPU: 0 PID: 28709 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3192.215951][T28709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3192.226026][T28709] Call Trace:
[ 3192.229324][T28709]  <TASK>
[ 3192.232275][T28709]  dump_stack_lvl+0xd1/0x138
[ 3192.236889][T28709]  dump_header+0x10b/0x85f
[ 3192.241345][T28709]  oom_kill_process.cold+0x10/0x15
[ 3192.246501][T28709]  out_of_memory+0x35c/0x14a0
[ 3192.251234][T28709]  ? find_held_lock+0x2d/0x110
[ 3192.256035][T28709]  ? oom_killer_disable+0x280/0x280
[ 3192.261270][T28709]  ? find_held_lock+0x2d/0x110
[ 3192.266072][T28709]  mem_cgroup_out_of_memory+0x206/0x270
[ 3192.271648][T28709]  ? mem_cgroup_margin+0x130/0x130
[ 3192.276781][T28709]  ? lock_downgrade+0x6e0/0x6e0
[ 3192.281683][T28709]  try_charge_memcg+0xef8/0x12f0
[ 3192.286657][T28709]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3192.292670][T28709]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3192.298418][T28709]  ? lock_downgrade+0x6e0/0x6e0
[ 3192.303319][T28709]  ? lock_downgrade+0x6e0/0x6e0
[ 3192.308200][T28709]  ? rcu_read_unlock+0x9/0x60
[ 3192.312922][T28709]  obj_cgroup_charge+0x2af/0x5e0
[ 3192.317905][T28709]  kmem_cache_alloc_node+0xa9/0x410
[ 3192.323131][T28709]  ? copy_process+0x5c2/0x7190
[ 3192.327919][T28709]  copy_process+0x5c2/0x7190
[ 3192.332567][T28709]  ? __lock_acquire+0xbc3/0x56d0
[ 3192.337541][T28709]  ? __cleanup_sighand+0xb0/0xb0
[ 3192.342498][T28709]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3192.348518][T28709]  ? psi_memstall_leave+0x174/0x250
[ 3192.353759][T28709]  kernel_clone+0xeb/0x980
[ 3192.358205][T28709]  ? create_io_thread+0xf0/0xf0
[ 3192.363087][T28709]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 3192.369360][T28709]  ? lock_downgrade+0x6e0/0x6e0
[ 3192.374261][T28709]  __do_sys_clone+0xba/0x100
[ 3192.378879][T28709]  ? kernel_clone+0x980/0x980
[ 3192.383601][T28709]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3192.389528][T28709]  do_syscall_64+0x39/0xb0
[ 3192.393960][T28709]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3192.399875][T28709] RIP: 0033:0x7f228be8d501
[ 3192.404308][T28709] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 3192.423940][T28709] RSP: 002b:00007ffd26109298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 3192.432388][T28709] RAX: ffffffffffffffda RBX: 00007f228cb2c700 RCX: 00007f228be8d501
[ 3192.440389][T28709] RDX: 00007f228cb2c9d0 RSI: 00007f228cb2c2f0 RDI: 00000000003d0f00
[ 3192.448386][T28709] RBP: 00007ffd261094e0 R08: 00007f228cb2c700 R09: 00007f228cb2c700
[ 3192.456379][T28709] R10: 00007f228cb2c9d0 R11: 0000000000000206 R12: 00007ffd2610934e
[ 3192.464371][T28709] R13: 00007ffd2610934f R14: 00007f228cb2c300 R15: 0000000000022000
[ 3192.472383][T28709]  </TASK>
[ 3193.451414][T28709] memory: usage 307144kB, limit 307200kB, failcnt 6023
[ 3193.458352][T28709] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3193.472692][T28709] Memory cgroup stats for /syz5:
[ 3193.472909][T28709] anon 90112
[ 3193.472909][T28709] file 155648
[ 3193.472909][T28709] kernel 314269696
[ 3193.472909][T28709] kernel_stack 32768
[ 3193.472909][T28709] pagetables 73728
[ 3193.472909][T28709] sec_pagetables 0
[ 3193.472909][T28709] percpu 5436928
[ 3193.472909][T28709] sock 0
[ 3193.472909][T28709] vmalloc 0
[ 3193.472909][T28709] shmem 155648
[ 3193.472909][T28709] zswap 0
[ 3193.472909][T28709] zswapped 0
[ 3193.472909][T28709] file_mapped 155648
[ 3193.472909][T28709] file_dirty 0
[ 3193.472909][T28709] file_writeback 0
[ 3193.472909][T28709] swapcached 0
[ 3193.472909][T28709] anon_thp 0
[ 3193.472909][T28709] file_thp 0
[ 3193.472909][T28709] shmem_thp 0
[ 3193.472909][T28709] inactive_anon 94208
[ 3193.472909][T28709] active_anon 151552
[ 3193.472909][T28709] inactive_file 0
[ 3193.472909][T28709] active_file 0
[ 3193.472909][T28709] unevictable 0
[ 3193.472909][T28709] slab_reclaimable 13416
[ 3193.472909][T28709] slab_unreclaimable 308679344
[ 3193.801421][T28709] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=28709,uid=0
[ 3193.911504][T28709] Memory cgroup out of memory: Killed process 28709 (syz-executor.5) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000
01:22:52 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
openat$cgroup_procs(r0, 0x0, 0x2, 0x0) (async, rerun: 64)
openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) (rerun: 64)
unshare(0x40000000) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r1, &(0x7f0000000000), 0x248800) (async)
write$cgroup_pressure(r1, &(0x7f0000000080)={'full', 0x20, 0x1, 0x20, 0x3}, 0x2f) (async)
socket(0x2a, 0x2, 0x0)

01:22:52 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34001f00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:52 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x9000000}, 0x0)

01:22:52 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0xe}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xef10020000000000)

01:22:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x5701}, 0x0)

[ 3201.581313][T28725] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 3201.597119][T28725] CPU: 1 PID: 28725 Comm: syz-executor.5 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3201.607611][T28725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3201.617687][T28725] Call Trace:
[ 3201.620980][T28725]  <TASK>
[ 3201.623921][T28725]  dump_stack_lvl+0xd1/0x138
[ 3201.628536][T28725]  dump_header+0x10b/0x85f
[ 3201.633003][T28725]  oom_kill_process.cold+0x10/0x15
[ 3201.638164][T28725]  out_of_memory+0x35c/0x14a0
[ 3201.642878][T28725]  ? find_held_lock+0x2d/0x110
[ 3201.647675][T28725]  ? oom_killer_disable+0x280/0x280
[ 3201.652908][T28725]  ? find_held_lock+0x2d/0x110
[ 3201.657705][T28725]  mem_cgroup_out_of_memory+0x206/0x270
[ 3201.663278][T28725]  ? mem_cgroup_margin+0x130/0x130
[ 3201.668412][T28725]  ? lock_downgrade+0x6e0/0x6e0
[ 3201.673316][T28725]  try_charge_memcg+0xef8/0x12f0
[ 3201.678292][T28725]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3201.684316][T28725]  ? rcu_read_unlock+0x9/0x60
[ 3201.689017][T28725]  ? lock_downgrade+0x6e0/0x6e0
[ 3201.693916][T28725]  charge_memcg+0x99/0x3b0
[ 3201.698352][T28725]  __mem_cgroup_charge+0x2b/0x90
[ 3201.703305][T28725]  wp_page_copy+0x2bf/0x1ca0
[ 3201.707909][T28725]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3201.714502][T28725]  ? lock_downgrade+0x6e0/0x6e0
[ 3201.719364][T28725]  ? vm_normal_page+0x14a/0x2a0
[ 3201.724234][T28725]  do_wp_page+0x538/0x1930
[ 3201.728660][T28725]  __handle_mm_fault+0x181b/0x3a40
[ 3201.733788][T28725]  ? vm_iomap_memory+0x190/0x190
[ 3201.738761][T28725]  handle_mm_fault+0x1cc/0x780
[ 3201.743538][T28725]  do_user_addr_fault+0x475/0x1210
[ 3201.748660][T28725]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3201.754218][T28725]  exc_page_fault+0x98/0x170
[ 3201.758821][T28725]  asm_exc_page_fault+0x26/0x30
[ 3201.763678][T28725] RIP: 0033:0x7f228be89e2e
[ 3201.768097][T28725] Code: b8 38 00 00 00 0f 05 48 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 00 48 8b 05 b7 09 c5 00 48 85 c0 74 04 <48> 83 00 04 49 8d 81 e0 02 00 00 48 83 3d 3f 81 0f 00 00 49 89 81
[ 3201.787793][T28725] RSP: 002b:00007ffd26109590 EFLAGS: 00010202
[ 3201.793863][T28725] RAX: 00007f228cad5720 RBX: 0000000000000000 RCX: 00007f228be89e0b
[ 3201.801834][T28725] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 3201.809807][T28725] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555556db6400
[ 3201.817779][T28725] R10: 0000555556db66d0 R11: 0000000000000246 R12: 0000000000000001
[ 3201.825750][T28725] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd26109670
[ 3201.833742][T28725]  </TASK>
01:22:52 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34002000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3201.904817][T28727] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x5865}, 0x0)

01:22:52 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34012000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:53 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xa000000}, 0x0)

[ 3202.151423][T28725] memory: usage 307080kB, limit 307200kB, failcnt 6063
[ 3202.158334][T28725] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3202.195141][T28725] Memory cgroup stats for /syz5:
[ 3202.195348][T28725] anon 61440
[ 3202.195348][T28725] file 155648
[ 3202.195348][T28725] kernel 314232832
[ 3202.195348][T28725] kernel_stack 32768
[ 3202.195348][T28725] pagetables 61440
[ 3202.195348][T28725] sec_pagetables 0
[ 3202.195348][T28725] percpu 5436928
[ 3202.195348][T28725] sock 0
[ 3202.195348][T28725] vmalloc 0
[ 3202.195348][T28725] shmem 155648
[ 3202.195348][T28725] zswap 0
[ 3202.195348][T28725] zswapped 0
[ 3202.195348][T28725] file_mapped 155648
[ 3202.195348][T28725] file_dirty 0
[ 3202.195348][T28725] file_writeback 0
[ 3202.195348][T28725] swapcached 0
[ 3202.195348][T28725] anon_thp 0
[ 3202.195348][T28725] file_thp 0
[ 3202.195348][T28725] shmem_thp 0
[ 3202.195348][T28725] inactive_anon 65536
[ 3202.195348][T28725] active_anon 151552
[ 3202.195348][T28725] inactive_file 0
[ 3202.195348][T28725] active_file 0
[ 3202.195348][T28725] unevictable 0
[ 3202.195348][T28725] slab_reclaimable 9512
[ 3202.195348][T28725] slab_unreclaimable 308667096
[ 3202.195348][T28725] slab 308676608
01:22:53 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34012200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3202.361306][T28746] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:53 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34032a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:53 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0xf}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:53 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xb000000}, 0x0)

01:22:53 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0x7000000}, 0x0)

01:22:53 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34003200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3202.882801][T28755] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3202.949339][T28758] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3203.407528][T28725] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3674,uid=0
[ 3203.488894][T28725] Memory cgroup out of memory: Killed process 3674 (syz-executor.5) total-vm:50568kB, anon-rss:468kB, file-rss:9116kB, shmem-rss:4kB, UID:0 pgtables:76kB oom_score_adj:0
[ 3204.552047][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[ 3204.558396][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
01:22:55 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xf010020000000000)

01:22:55 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34023200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:55 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xc000000}, 0x0)

01:22:55 executing program 1:
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000))
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12})
ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f00000000c0)=0x1)
preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, &(0x7f0000000200)={0x0, 0x80, [0x10001, 0x1, 0x7c72, 0x2, 0x2, 0x7fea]})
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="3401001d", @ANYRES16=0x0, @ANYBLOB="08002bbd7000fedbdf250300000008000500c1ffffff5c00038014000600ff02000000000000000000000000000108000500ffdfffff060007004e2200000600070000060000050008007b0000001400020064766d72703000000000000000000000050008000600000008000500ffffffff7000038014000600fc000000000000000000000000000000080005000000000005000800df00000008000100000000001400020076657468305f746f5f6873720000000006000400faff000014000600fe80000000000000000000000000003b0800010002000000080005000a01010208000600690a000008000400000100003c00038014000600fe88000000000000000000000000010108000500ffffffff14000600ff0100000000000000000000000000010800030001000000"], 0x134}, 0x1, 0x0, 0x0, 0x40805}, 0x4004814)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000008000000050000000000000c03000000000000000000000900000000000000000000000d000000000000005f005f3000dce593a24ed77d83b80b12007615142464832e10d54383a21638d30b09949084161784e5b7c195c63973ef89896705a561be636c66571c54bca3f3cdf5bfdf2d19fd199769c89f3d4f667f9a9886ae52532eafa5c31194f27619208092283b20dbcb99f09a8d7c"], &(0x7f0000000380)=""/222, 0x44, 0xde, 0x1}, 0x20)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0)
r4 = socket$kcm(0x29, 0x2, 0x0)
sendfile(r4, r3, 0x0, 0x100000004)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x6, 0x1, 0x1f, 0x1801, r2, 0x4ef, '\x00', 0x0, r3, 0x5, 0x4, 0x2, 0x5}, 0x48)

01:22:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x5f01}, 0x0)

01:22:55 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x10}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:56 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34013a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x6000}, 0x0)

01:22:56 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34003c00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3205.205873][T28769] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
01:22:56 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xe000000}, 0x0)

01:22:56 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34014200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3205.416617][T28783] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3205.487842][T28783] CPU: 1 PID: 28783 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3205.498312][T28783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3205.508388][T28783] Call Trace:
[ 3205.511685][T28783]  <TASK>
[ 3205.514631][T28783]  dump_stack_lvl+0xd1/0x138
[ 3205.519257][T28783]  dump_header+0x10b/0x85f
[ 3205.523712][T28783]  oom_kill_process.cold+0x10/0x15
[ 3205.528862][T28783]  out_of_memory+0x35c/0x14a0
[ 3205.533579][T28783]  ? find_held_lock+0x2d/0x110
[ 3205.538373][T28783]  ? oom_killer_disable+0x280/0x280
[ 3205.543608][T28783]  ? find_held_lock+0x2d/0x110
[ 3205.548407][T28783]  mem_cgroup_out_of_memory+0x206/0x270
[ 3205.553987][T28783]  ? mem_cgroup_margin+0x130/0x130
[ 3205.559133][T28783]  ? lock_downgrade+0x6e0/0x6e0
[ 3205.564047][T28783]  try_charge_memcg+0xef8/0x12f0
[ 3205.569023][T28783]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3205.575056][T28783]  ? rcu_read_unlock+0x9/0x60
[ 3205.579766][T28783]  ? lock_downgrade+0x6e0/0x6e0
[ 3205.584673][T28783]  charge_memcg+0x99/0x3b0
[ 3205.589128][T28783]  __mem_cgroup_charge+0x2b/0x90
[ 3205.594100][T28783]  wp_page_copy+0x2bf/0x1ca0
[ 3205.598726][T28783]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 3205.605345][T28783]  ? lock_downgrade+0x6e0/0x6e0
[ 3205.610231][T28783]  ? vm_normal_page+0x14a/0x2a0
[ 3205.615123][T28783]  do_wp_page+0x538/0x1930
[ 3205.619575][T28783]  __handle_mm_fault+0x181b/0x3a40
[ 3205.624720][T28783]  ? vm_iomap_memory+0x190/0x190
[ 3205.629715][T28783]  handle_mm_fault+0x1cc/0x780
[ 3205.634548][T28783]  do_user_addr_fault+0x475/0x1210
[ 3205.639696][T28783]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3205.645280][T28783]  exc_page_fault+0x98/0x170
[ 3205.649919][T28783]  asm_exc_page_fault+0x26/0x30
[ 3205.654793][T28783] RIP: 0033:0x7f4487436eee
[ 3205.659237][T28783] Code: 10 4c 89 35 a4 50 17 00 89 78 28 8b 7c 24 18 89 78 2c 8b 7c 24 54 89 78 78 48 8b 3c 24 88 4c 3a 04 8b 7c 24 4c 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08
[ 3205.678882][T28783] RSP: 002b:00007fffd90badd0 EFLAGS: 00010246
01:22:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}}, 0xf0ffffff00000000)

[ 3205.684983][T28783] RAX: 00007f44875abf80 RBX: 00007f44875abf8c RCX: 0000000000000000
[ 3205.692982][T28783] RDX: 0000000000000000 RSI: 00007f44875abf88 RDI: 0000000000000000
[ 3205.700956][T28783] RBP: 00007f44875abf80 R08: 00007f4488257700 R09: 00007f4488257700
[ 3205.708947][T28783] R10: 00007f44882579d0 R11: 0000000000000206 R12: 00007f44875abf8c
[ 3205.716947][T28783] R13: 00007f4487000060 R14: 00007f44875abf80 R15: 0000000000000000
[ 3205.724978][T28783]  </TASK>
01:22:56 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34024200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:56 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34034200100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:56 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x11}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

[ 3205.970497][T28791] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3206.676645][T28783] memory: usage 307120kB, limit 307200kB, failcnt 17758
[ 3206.730160][T28783] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3206.770989][T28783] Memory cgroup stats for /syz4:
[ 3206.771209][T28783] anon 90112
[ 3206.771209][T28783] file 335872
[ 3206.771209][T28783] kernel 314064896
[ 3206.771209][T28783] kernel_stack 65536
[ 3206.771209][T28783] pagetables 77824
[ 3206.771209][T28783] sec_pagetables 0
[ 3206.771209][T28783] percpu 5432192
[ 3206.771209][T28783] sock 0
[ 3206.771209][T28783] vmalloc 0
[ 3206.771209][T28783] shmem 331776
[ 3206.771209][T28783] zswap 0
[ 3206.771209][T28783] zswapped 0
[ 3206.771209][T28783] file_mapped 286720
[ 3206.771209][T28783] file_dirty 4096
[ 3206.771209][T28783] file_writeback 0
[ 3206.771209][T28783] swapcached 0
[ 3206.771209][T28783] anon_thp 0
[ 3206.771209][T28783] file_thp 0
[ 3206.771209][T28783] shmem_thp 0
[ 3206.771209][T28783] inactive_anon 118784
[ 3206.771209][T28783] active_anon 303104
[ 3206.771209][T28783] inactive_file 0
[ 3206.771209][T28783] active_file 4096
[ 3206.771209][T28783] unevictable 0
[ 3206.771209][T28783] slab_reclaimable 17032
[ 3206.771209][T28783] slab_unreclaimable 308439584
[ 3206.991460][T28783] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=28783,uid=0
[ 3207.031531][T28783] Memory cgroup out of memory: Killed process 28783 (syz-executor.4) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000
01:22:58 executing program 1:
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)) (async)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0xcb12})
ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f00000000c0)=0x1) (async)
preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000080)=""/41, 0x29}], 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, &(0x7f0000000200)={0x0, 0x80, [0x10001, 0x1, 0x7c72, 0x2, 0x2, 0x7fea]})
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="3401001d", @ANYRES16=0x0, @ANYBLOB="08002bbd7000fedbdf250300000008000500c1ffffff5c00038014000600ff02000000000000000000000000000108000500ffdfffff060007004e2200000600070000060000050008007b0000001400020064766d72703000000000000000000000050008000600000008000500ffffffff7000038014000600fc000000000000000000000000000000080005000000000005000800df00000008000100000000001400020076657468305f746f5f6873720000000006000400faff000014000600fe80000000000000000000000000003b0800010002000000080005000a01010208000600690a000008000400000100003c00038014000600fe88000000000000000000000000010108000500ffffffff14000600ff0100000000000000000000000000010800030001000000"], 0x134}, 0x1, 0x0, 0x0, 0x40805}, 0x4004814)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000008000000050000000000000c03000000000000000000000900000000000000000000000d000000000000005f005f3000dce593a24ed77d83b80b12007615142464832e10d54383a21638d30b09949084161784e5b7c195c63973ef89896705a561be636c66571c54bca3f3cdf5bfdf2d19fd199769c89f3d4f667f9a9886ae52532eafa5c31194f27619208092283b20dbcb99f09a8d7c"], &(0x7f0000000380)=""/222, 0x44, 0xde, 0x1}, 0x20) (async)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff}) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) (async)
r4 = socket$kcm(0x29, 0x2, 0x0)
sendfile(r4, r3, 0x0, 0x100000004)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x6, 0x1, 0x1f, 0x1801, r2, 0x4ef, '\x00', 0x0, r3, 0x5, 0x4, 0x2, 0x5}, 0x48)

01:22:58 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34004800100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:58 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xf000000}, 0x0)

01:22:58 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x210bc, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x6202}, 0x0)

01:22:58 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x13}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000400)={'ip_vti0\x00', 0x0})
sendmsg$nl_route(r0, 0x0, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
mkdirat$cgroup(r4, 0x0, 0x1ff)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

01:22:58 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34004a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

[ 3207.875544][T28802] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3207.969207][T28804] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 3207.998673][T28804] CPU: 0 PID: 28804 Comm: syz-executor.4 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3208.009139][T28804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3208.019217][T28804] Call Trace:
[ 3208.022518][T28804]  <TASK>
[ 3208.025555][T28804]  dump_stack_lvl+0xd1/0x138
[ 3208.030167][T28804]  dump_header+0x10b/0x85f
[ 3208.034614][T28804]  oom_kill_process.cold+0x10/0x15
[ 3208.039766][T28804]  out_of_memory+0x35c/0x14a0
[ 3208.044481][T28804]  ? find_held_lock+0x2d/0x110
[ 3208.049287][T28804]  ? oom_killer_disable+0x280/0x280
[ 3208.054526][T28804]  ? find_held_lock+0x2d/0x110
[ 3208.059334][T28804]  mem_cgroup_out_of_memory+0x206/0x270
[ 3208.065094][T28804]  ? mem_cgroup_margin+0x130/0x130
[ 3208.070233][T28804]  ? lock_downgrade+0x6e0/0x6e0
[ 3208.075142][T28804]  try_charge_memcg+0xef8/0x12f0
[ 3208.080128][T28804]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 3208.086145][T28804]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 3208.091899][T28804]  ? lock_downgrade+0x6e0/0x6e0
[ 3208.096814][T28804]  obj_cgroup_charge+0x2af/0x5e0
[ 3208.101793][T28804]  ? __anon_vma_prepare+0x64/0x580
[ 3208.106934][T28804]  kmem_cache_alloc+0xa3/0x3d0
[ 3208.111737][T28804]  __anon_vma_prepare+0x64/0x580
[ 3208.116698][T28804]  ? __pmd_alloc+0x30c/0x5d0
[ 3208.121319][T28804]  __handle_mm_fault+0x35bc/0x3a40
[ 3208.126468][T28804]  ? vm_iomap_memory+0x190/0x190
[ 3208.131463][T28804]  handle_mm_fault+0x1cc/0x780
[ 3208.136267][T28804]  do_user_addr_fault+0x475/0x1210
[ 3208.141408][T28804]  ? rcu_read_lock_sched_held+0x3e/0x70
[ 3208.146986][T28804]  exc_page_fault+0x98/0x170
[ 3208.151616][T28804]  asm_exc_page_fault+0x26/0x30
[ 3208.156498][T28804] RIP: 0033:0x7f448742bd79
[ 3208.160932][T28804] Code: 48 8b 04 24 48 85 c0 74 17 48 8b 54 24 18 48 0f ca 48 89 54 24 18 48 83 f8 01 0f 85 9b 02 00 00 48 8b 44 24 10 48 8b 54 24 18 <48> 89 10 e9 c2 fd ff ff 48 8b 44 24 10 0f b7 10 48 8b 04 24 48 85
[ 3208.180652][T28804] RSP: 002b:00007fffd90bad90 EFLAGS: 00010246
[ 3208.186746][T28804] RAX: 0000000020000280 RBX: 0000000000000000 RCX: 0000000000000000
[ 3208.194738][T28804] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005555561a62e8
[ 3208.202730][T28804] RBP: 00007fffd90bae88 R08: 0000000000000000 R09: 0000000000000000
[ 3208.210722][T28804] R10: 00007f4487000068 R11: 0000000000000246 R12: 000000000030f2a8
01:22:58 executing program 2:
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34014a00100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)

01:22:59 executing program 0:
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
gettid()
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x44e}]}, 0x34}, 0x1, 0x0, 0xf020000}, 0x0)

[ 3208.218715][T28804] R13: 00007fffd90baeb0 R14: 00007f44875abf80 R15: 0000000000000032
[ 3208.226733][T28804]  </TASK>
[ 3208.416124][T28820] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3209.073574][T28804] memory: usage 307188kB, limit 307200kB, failcnt 17821
[ 3209.080562][T28804] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 3209.201484][T28804] Memory cgroup stats for /syz4:
[ 3209.201703][T28804] anon 135168
[ 3209.201703][T28804] file 335872
[ 3209.201703][T28804] kernel 314089472
[ 3209.201703][T28804] kernel_stack 65536
[ 3209.201703][T28804] pagetables 86016
[ 3209.201703][T28804] sec_pagetables 0
[ 3209.201703][T28804] percpu 5432192
[ 3209.201703][T28804] sock 0
[ 3209.201703][T28804] vmalloc 0
[ 3209.201703][T28804] shmem 331776
[ 3209.201703][T28804] zswap 0
[ 3209.201703][T28804] zswapped 0
[ 3209.201703][T28804] file_mapped 286720
[ 3209.201703][T28804] file_dirty 4096
[ 3209.201703][T28804] file_writeback 0
[ 3209.201703][T28804] swapcached 0
[ 3209.201703][T28804] anon_thp 0
[ 3209.201703][T28804] file_thp 0
[ 3209.201703][T28804] shmem_thp 0
[ 3209.201703][T28804] inactive_anon 163840
[ 3209.201703][T28804] active_anon 303104
[ 3209.201703][T28804] inactive_file 0
[ 3209.201703][T28804] active_file 4096
[ 3209.201703][T28804] unevictable 0
[ 3209.201703][T28804] slab_reclaimable 18960
[ 3209.201703][T28804] slab_unreclaimable 308451328
[ 3209.531409][T28804] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=28804,uid=0
[ 3209.561436][T28804] Memory cgroup out of memory: Killed process 28804 (syz-executor.4) total-vm:54540kB, anon-rss:468kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000
[ 3209.612920][ T3665] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 3209.624496][ T3665] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 3209.646441][T28824] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 3209.692945][T28824] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 3209.701127][T28824] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 3209.709011][T28824] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 3209.718360][T28823] Bluetooth: hci3: HCI_REQ-0x0c1a
[ 3210.953606][T28823] chnl_net:caif_netlink_parms(): no params data found
[ 3211.555628][T28823] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3211.571475][T28823] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3211.637042][T28823] device bridge_slave_0 entered promiscuous mode
[ 3211.672422][T28823] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3211.679560][T28823] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3211.766071][T28823] device bridge_slave_1 entered promiscuous mode
[ 3211.821389][ T3671] Bluetooth: hci3: command 0x0409 tx timeout
[ 3212.124080][T28823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3212.176417][T28823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3212.534437][T28823] team0: Port device team_slave_0 added
[ 3212.600366][T28823] team0: Port device team_slave_1 added
[ 3212.880085][T28823] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 3212.887988][T28823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3212.941443][T28823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 3212.998241][T28823] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 3213.060534][T28823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3213.161546][T28823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 3213.661287][T28823] device hsr_slave_0 entered promiscuous mode
[ 3213.743939][T28823] device hsr_slave_1 entered promiscuous mode
[ 3213.810590][T28823] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 3213.833561][T28823] Cannot create hsr debugfs directory
[ 3213.907924][ T3671] Bluetooth: hci3: command 0x041b tx timeout
[ 3214.684040][T28823] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3214.939177][T28823] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3215.339990][T28823] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3215.636387][T28823] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3215.964324][ T3671] Bluetooth: hci3: command 0x040f tx timeout
[ 3216.169830][T28823] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 3216.257241][T28823] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 3216.574579][T28823] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 3216.664706][T28823] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 3217.118930][T28823] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3217.255238][T28823] 8021q: adding VLAN 0 to HW filter on device team0
[ 3217.272800][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3217.282412][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3217.320606][T16890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 3217.330832][T16890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 3217.390997][T16890] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3217.398195][T16890] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3217.407388][T16890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 3217.417298][T16890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 3217.426218][T16890] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3217.433737][T16890] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3217.446313][T16890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 3217.457436][T16890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 3217.701259][T28823] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 3217.712823][T28823] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 3217.750624][T19264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 3217.774803][T19264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 3217.786410][T19264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 3217.796364][T19264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 3217.808341][T19264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 3217.818283][T19264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 3217.828242][T19264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 3217.839708][T19264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 3217.849670][T19264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 3218.057773][T28824] Bluetooth: hci3: command 0x0419 tx timeout
[ 3218.068007][T16888] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 3218.078239][T16888] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 3219.333392][T24104] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 3219.344319][T24104] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 3219.547877][T28823] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 3233.868410][T30783] device hsr_slave_0 left promiscuous mode
[ 3234.023514][T30783] device hsr_slave_1 left promiscuous mode
[ 3234.093056][T30783] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 3234.130518][T30783] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 3234.229479][T30783] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 3234.266018][T30783] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 3234.362509][T30783] device bridge_slave_1 left promiscuous mode
[ 3234.369355][T30783] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3234.489555][T30783] device bridge_slave_0 left promiscuous mode
[ 3234.510110][T30783] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3234.705474][T30783] device veth1_macvtap left promiscuous mode
[ 3234.717469][T30783] device veth0_macvtap left promiscuous mode
[ 3234.738474][T30783] device veth1_vlan left promiscuous mode
[ 3234.790000][T30783] device veth0_vlan left promiscuous mode
[ 3265.996296][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[ 3266.002685][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[ 3276.297596][T28824] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 3276.309120][T28824] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 3276.317145][T28824] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 3276.325111][T28824] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 3276.332981][T28824] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 3276.340302][T28824] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 3276.349325][T28847] Bluetooth: hci6: HCI_REQ-0x0c1a
[ 3278.441594][T28824] Bluetooth: hci6: command 0x0409 tx timeout
[ 3280.525730][T28824] Bluetooth: hci6: command 0x041b tx timeout
[ 3282.612213][ T3671] Bluetooth: hci6: command 0x040f tx timeout
[ 3284.689075][ T3671] Bluetooth: hci6: command 0x0419 tx timeout
[ 3327.420044][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[ 3327.426449][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[ 3334.603609][ T3671] Bluetooth: hci3: command 0x0406 tx timeout
[ 3343.283474][ T3671] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 3343.293861][ T3671] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 3343.312823][ T3665] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 3343.324584][ T3665] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 3343.332755][ T3665] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[ 3343.340083][ T3665] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 3343.350117][T28857] Bluetooth: hci7: HCI_REQ-0x0c1a
[ 3345.413590][ T3665] Bluetooth: hci7: command 0x0409 tx timeout
[ 3347.484377][ T3665] Bluetooth: hci7: command 0x041b tx timeout
[ 3349.570102][T28824] Bluetooth: hci7: command 0x040f tx timeout
[ 3351.647385][T28824] Bluetooth: hci7: command 0x0419 tx timeout
[ 3373.518366][   T28] INFO: task kworker/0:1:7923 blocked for more than 143 seconds.
[ 3373.531321][   T28]       Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3373.538896][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3373.607964][   T28] task:kworker/0:1     state:D stack:26704 pid:7923  ppid:2      flags:0x00004000
[ 3373.617768][   T28] Workqueue: ipv6_addrconf addrconf_verify_work
[ 3373.635190][   T28] Call Trace:
[ 3373.638505][   T28]  <TASK>
[ 3373.661499][   T28]  __schedule+0xae9/0x53f0
[ 3373.665976][   T28]  ? io_schedule_timeout+0x150/0x150
[ 3373.720041][   T28]  ? preempt_schedule_thunk+0x1a/0x1c
[ 3373.725894][   T28]  ? preempt_schedule_common+0x59/0xc0
[ 3373.742527][   T28]  ? io_schedule_timeout+0x150/0x150
[ 3373.747873][   T28]  schedule+0xde/0x1b0
[ 3373.780193][   T28]  schedule_preempt_disabled+0x13/0x20
[ 3373.829509][   T28]  __mutex_lock+0xa48/0x1360
[ 3373.857503][   T28]  ? addrconf_verify_work+0x12/0x30
[ 3373.894758][   T28]  ? mutex_lock_io_nested+0x11a0/0x11a0
[ 3373.900386][   T28]  ? lock_release+0x810/0x810
[ 3373.951996][   T28]  addrconf_verify_work+0x12/0x30
[ 3373.957082][   T28]  process_one_work+0x9bf/0x1710
[ 3373.999901][   T28]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 3374.005704][   T28]  ? rwlock_bug.part.0+0x90/0x90
[ 3374.010675][   T28]  ? _raw_spin_lock_irq+0x45/0x50
[ 3374.035449][   T28]  worker_thread+0x669/0x1090
[ 3374.040199][   T28]  ? process_one_work+0x1710/0x1710
[ 3374.074851][   T28]  kthread+0x2e8/0x3a0
[ 3374.078986][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 3374.097085][   T28]  ret_from_fork+0x1f/0x30
[ 3374.111378][   T28]  </TASK>
[ 3374.136390][   T28] INFO: task kworker/1:7:16889 blocked for more than 144 seconds.
[ 3374.144379][   T28]       Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3374.171566][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3374.180272][   T28] task:kworker/1:7     state:D stack:26704 pid:16889 ppid:2      flags:0x00004000
[ 3374.243435][   T28] Workqueue: ipv6_addrconf addrconf_dad_work
[ 3374.249493][   T28] Call Trace:
[ 3374.261377][   T28]  <TASK>
[ 3374.264365][   T28]  __schedule+0xae9/0x53f0
[ 3374.269181][   T28]  ? io_schedule_timeout+0x150/0x150
[ 3374.306964][   T28]  ? preempt_schedule_thunk+0x1a/0x1c
[ 3374.324562][   T28]  ? preempt_schedule_common+0x59/0xc0
[ 3374.330088][   T28]  ? io_schedule_timeout+0x150/0x150
[ 3374.357377][   T28]  schedule+0xde/0x1b0
[ 3374.374425][   T28]  schedule_preempt_disabled+0x13/0x20
[ 3374.379941][   T28]  __mutex_lock+0xa48/0x1360
[ 3374.385026][   T28]  ? addrconf_dad_work+0xa7/0x12d0
[ 3374.390184][   T28]  ? mutex_lock_io_nested+0x11a0/0x11a0
[ 3374.414643][   T28]  ? lock_downgrade+0x6e0/0x6e0
[ 3374.419580][   T28]  addrconf_dad_work+0xa7/0x12d0
[ 3374.478547][   T28]  ? addrconf_dad_completed+0xd80/0xd80
[ 3374.484293][   T28]  process_one_work+0x9bf/0x1710
[ 3374.489278][   T28]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 3374.501429][   T28]  ? rwlock_bug.part.0+0x90/0x90
[ 3374.506409][   T28]  ? _raw_spin_lock_irq+0x45/0x50
[ 3374.540617][   T28]  worker_thread+0x669/0x1090
[ 3374.580140][   T28]  ? process_one_work+0x1710/0x1710
[ 3374.597766][   T28]  kthread+0x2e8/0x3a0
[ 3374.601991][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 3374.607654][   T28]  ret_from_fork+0x1f/0x30
[ 3374.661483][   T28]  </TASK>
[ 3374.664564][   T28] INFO: task syz-executor.5:28823 blocked for more than 144 seconds.
[ 3374.692627][   T28]       Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3374.700209][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3374.771369][   T28] task:syz-executor.5  state:D stack:24448 pid:28823 ppid:1      flags:0x00000004
[ 3374.781018][   T28] Call Trace:
[ 3374.820691][   T28]  <TASK>
[ 3374.833896][   T28]  __schedule+0xae9/0x53f0
[ 3374.838377][   T28]  ? io_schedule_timeout+0x150/0x150
[ 3374.851374][   T28]  schedule+0xde/0x1b0
[ 3374.855492][   T28]  schedule_preempt_disabled+0x13/0x20
[ 3374.860973][   T28]  __mutex_lock+0xa48/0x1360
[ 3374.911517][   T28]  ? rtnetlink_rcv_msg+0x3e9/0xca0
[ 3374.916704][   T28]  ? mutex_lock_io_nested+0x11a0/0x11a0
[ 3374.951142][   T28]  ? rtnetlink_rcv_msg+0x3b3/0xca0
[ 3374.956861][   T28]  rtnetlink_rcv_msg+0x3e9/0xca0
[ 3374.962037][   T28]  ? rtnl_getlink+0xae0/0xae0
[ 3374.971348][   T28]  ? __dev_queue_xmit+0xb54/0x3ba0
[ 3374.976538][   T28]  netlink_rcv_skb+0x165/0x440
[ 3375.001345][   T28]  ? rtnl_getlink+0xae0/0xae0
[ 3375.006082][   T28]  ? netlink_ack+0x1370/0x1370
[ 3375.010901][   T28]  ? netlink_deliver_tap+0x1b1/0xc50
[ 3375.072859][   T28]  netlink_unicast+0x547/0x7f0
[ 3375.077701][   T28]  ? netlink_attachskb+0x890/0x890
[ 3375.101316][   T28]  ? __virt_addr_valid+0x61/0x2e0
[ 3375.106414][   T28]  ? __phys_addr_symbol+0x30/0x70
[ 3375.141372][   T28]  ? __check_object_size+0x2e2/0x5a0
[ 3375.146724][   T28]  netlink_sendmsg+0x91b/0xe10
[ 3375.170428][   T28]  ? netlink_unicast+0x7f0/0x7f0
[ 3375.213244][   T28]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 3375.218622][   T28]  ? netlink_unicast+0x7f0/0x7f0
[ 3375.223631][   T28]  sock_sendmsg+0xd3/0x120
[ 3375.228078][   T28]  __sys_sendto+0x23a/0x340
[ 3375.241320][   T28]  ? __ia32_sys_getpeername+0xb0/0xb0
[ 3375.246737][   T28]  ? kmem_cache_free+0xee/0x5c0
[ 3375.311389][   T28]  ? blkcg_maybe_throttle_current+0x31f/0xc80
[ 3375.317582][   T28]  ? task_work_run+0x1fe/0x270
[ 3375.341384][   T28]  ? __blkcg_punt_bio_submit+0x1d0/0x1d0
[ 3375.347090][   T28]  __x64_sys_sendto+0xe1/0x1b0
[ 3375.405745][   T28]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 3375.411786][   T28]  do_syscall_64+0x39/0xb0
[ 3375.416282][   T28]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3375.441521][   T28] RIP: 0033:0x7f79f763e10c
[ 3375.445992][   T28] RSP: 002b:00007ffdb52472d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 3375.494384][   T28] RAX: ffffffffffffffda RBX: 00007f79f82d4620 RCX: 00007f79f763e10c
[ 3375.531543][   T28] RDX: 000000000000002c RSI: 00007f79f82d4670 RDI: 0000000000000003
[ 3375.539575][   T28] RBP: 0000000000000000 R08: 00007ffdb5247324 R09: 000000000000000c
[ 3375.561321][   T28] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 3375.569334][   T28] R13: 00007f79f82d4670 R14: 0000000000000003 R15: 0000000000000000
[ 3375.617608][   T28]  </TASK>
[ 3375.620740][   T28] 
[ 3375.620740][   T28] Showing all locks held in the system:
[ 3375.661342][   T28] 1 lock held by rcu_tasks_kthre/12:
[ 3375.666730][   T28]  #0: ffffffff8c58f270 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70
[ 3375.726337][   T28] 1 lock held by rcu_tasks_trace/13:
[ 3375.771427][   T28]  #0: ffffffff8c58ef70 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70
[ 3375.851321][   T28] 1 lock held by khungtaskd/28:
[ 3375.856221][   T28]  #0: ffffffff8c58fdc0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x264
[ 3375.921373][   T28] 2 locks held by getty/3303:
[ 3375.926096][   T28]  #0: ffff88802833b098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80
[ 3375.961314][   T28]  #1: ffffc900031262f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0
[ 3376.043211][   T28] 5 locks held by kworker/1:0/24104:
[ 3376.048548][   T28] 3 locks held by kworker/1:2/19264:
[ 3376.091710][   T28]  #0: ffff888012064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710
[ 3376.111319][   T28]  #1: ffffc9000420fda8 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710
[ 3376.143682][   T28]  #2: ffffffff8deb9d28 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[ 3376.185769][   T28] 3 locks held by kworker/u4:18/30776:
[ 3376.191632][   T28] 5 locks held by kworker/u4:21/30783:
[ 3376.197114][   T28]  #0: ffff8880121c6938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710
[ 3376.263444][   T28]  #1: ffffc90014887da8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710
[ 3376.281316][   T28]  #2: ffffffff8dea6090 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9f/0xb10
[ 3376.290700][   T28]  #3: ffffffff8deb9d28 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x92/0x590
[ 3376.353138][   T28]  #4: ffffffff8c59aa78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x5df/0x780
[ 3376.371337][   T28] 3 locks held by kworker/0:1/7923:
[ 3376.376569][   T28]  #0: ffff888027290538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710
[ 3376.416450][   T28]  #1: ffffc90015397da8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710
[ 3376.461317][   T28]  #2: ffffffff8deb9d28 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30
[ 3376.470896][   T28] 3 locks held by kworker/1:6/16888:
[ 3376.514153][   T28]  #0: ffff888012064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710
[ 3376.571324][   T28]  #1: ffffc9001545fda8 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710
[ 3376.611420][   T28]  #2: ffffffff8deb9d28 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xf/0x70
[ 3376.620466][   T28] 3 locks held by kworker/1:7/16889:
[ 3376.651337][   T28]  #0: ffff888027290538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710
[ 3376.691314][   T28]  #1: ffffc900153e7da8 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710
[ 3376.745771][   T28]  #2: ffffffff8deb9d28 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xa7/0x12d0
[ 3376.784295][   T28] 2 locks held by kworker/1:9/16890:
[ 3376.789627][   T28]  #0: ffff888012066538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710
[ 3376.839448][   T28]  #1: ffffc90014a2fda8 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710
[ 3376.871338][   T28] 1 lock held by syz-executor.5/28823:
[ 3376.876848][   T28]  #0: ffffffff8deb9d28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0
[ 3376.911322][   T28] 1 lock held by syz-executor.5/28847:
[ 3376.916825][   T28]  #0: ffffffff8deb9d28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0
[ 3376.964513][   T28] 1 lock held by syz-executor.5/28857:
[ 3376.970013][   T28]  #0: ffffffff8deb9d28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0
[ 3377.004580][   T28] 
[ 3377.006942][   T28] =============================================
[ 3377.006942][   T28] 
[ 3377.045476][   T28] NMI backtrace for cpu 0
[ 3377.049839][   T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3377.059665][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3377.069743][   T28] Call Trace:
[ 3377.073036][   T28]  <TASK>
[ 3377.075980][   T28]  dump_stack_lvl+0xd1/0x138
[ 3377.080596][   T28]  nmi_cpu_backtrace.cold+0x24/0x18a
[ 3377.085910][   T28]  nmi_trigger_cpumask_backtrace+0x333/0x3c0
[ 3377.091929][   T28]  ? lapic_can_unplug_cpu+0x80/0x80
[ 3377.097171][   T28]  watchdog+0xc75/0xfc0
[ 3377.101355][   T28]  ? proc_dohung_task_timeout_secs+0x80/0x80
[ 3377.107357][   T28]  kthread+0x2e8/0x3a0
[ 3377.111430][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 3377.117087][   T28]  ret_from_fork+0x1f/0x30
[ 3377.121553][   T28]  </TASK>
[ 3377.134513][   T28] Sending NMI from CPU 0 to CPUs 1:
[ 3377.139756][    C1] NMI backtrace for cpu 1
[ 3377.139766][    C1] CPU: 1 PID: 30781 Comm: kworker/u4:20 Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3377.139787][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3377.139799][    C1] Workqueue: events_unbound toggle_allocation_gate
[ 3377.139822][    C1] RIP: 0010:x2apic_send_IPI+0x97/0xe0
[ 3377.139845][    C1] Code: b7 13 0f ae f0 0f ae e8 b9 00 04 00 00 41 83 fc 02 44 89 e0 48 0f 44 c1 48 c1 e2 20 b9 30 08 00 00 48 09 d0 48 c1 ea 20 0f 30 <66> 90 5b 5d 41 5c c3 5b 31 d2 48 89 c6 bf 30 08 00 00 5d 41 5c e9
[ 3377.139863][    C1] RSP: 0018:ffffc900148778c8 EFLAGS: 00000246
[ 3377.139877][    C1] RAX: 00000000000000fb RBX: ffff8880b9a219f0 RCX: 0000000000000830
[ 3377.139889][    C1] RDX: 0000000000000000 RSI: 00000000000000fb RDI: ffffffff8c00a8e0
[ 3377.139901][    C1] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001
[ 3377.139913][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: 00000000000000fb
[ 3377.139924][    C1] R13: ffffc90014877908 R14: 0000000000000002 R15: dffffc0000000000
[ 3377.139936][    C1] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[ 3377.139952][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3377.139966][    C1] CR2: 00005592722ede78 CR3: 000000000c28e000 CR4: 00000000003506e0
[ 3377.139977][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3377.139988][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3377.140000][    C1] Call Trace:
[ 3377.140005][    C1]  <TASK>
[ 3377.140012][    C1]  send_call_function_single_ipi+0x1ed/0x3b0
[ 3377.140038][    C1]  ? sched_ttwu_pending+0x550/0x550
[ 3377.140054][    C1]  ? __bitmap_and+0x18c/0x210
[ 3377.140134][    C1]  ? _find_next_bit+0x11b/0x140
[ 3377.140157][    C1]  smp_call_function_many_cond+0xe64/0x10a0
[ 3377.140183][    C1]  ? optimize_nops+0x2d0/0x2d0
[ 3377.140205][    C1]  ? smp_call_on_cpu+0x250/0x250
[ 3377.140224][    C1]  ? perf_event_bpf_event+0x4d0/0x4d0
[ 3377.140253][    C1]  ? text_poke_memset+0x60/0x60
[ 3377.140272][    C1]  ? optimize_nops+0x2d0/0x2d0
[ 3377.140291][    C1]  on_each_cpu_cond_mask+0x5a/0xa0
[ 3377.140312][    C1]  ? __kmem_cache_alloc_node+0x128/0x3e0
[ 3377.140337][    C1]  text_poke_bp_batch+0x3f1/0x6b0
[ 3377.140360][    C1]  ? do_sync_core+0x30/0x30
[ 3377.140382][    C1]  ? __jump_label_update+0x296/0x410
[ 3377.140407][    C1]  text_poke_finish+0x1a/0x30
[ 3377.140426][    C1]  arch_jump_label_transform_apply+0x17/0x30
[ 3377.140454][    C1]  jump_label_update+0x32f/0x410
[ 3377.140478][    C1]  static_key_disable_cpuslocked+0x156/0x1b0
[ 3377.140502][    C1]  static_key_disable+0x1a/0x20
[ 3377.140523][    C1]  toggle_allocation_gate+0x187/0x390
[ 3377.140542][    C1]  ? lock_release+0x810/0x810
[ 3377.140567][    C1]  ? wake_up_kfence_timer+0x30/0x30
[ 3377.140587][    C1]  ? __switch_to+0x5d0/0x10e0
[ 3377.140610][    C1]  process_one_work+0x9bf/0x1710
[ 3377.140634][    C1]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 3377.140656][    C1]  ? rwlock_bug.part.0+0x90/0x90
[ 3377.140672][    C1]  ? _raw_spin_lock_irq+0x45/0x50
[ 3377.140702][    C1]  worker_thread+0x669/0x1090
[ 3377.140727][    C1]  ? process_one_work+0x1710/0x1710
[ 3377.140747][    C1]  kthread+0x2e8/0x3a0
[ 3377.140762][    C1]  ? kthread_complete_and_exit+0x40/0x40
[ 3377.140781][    C1]  ret_from_fork+0x1f/0x30
[ 3377.140811][    C1]  </TASK>
[ 3377.182778][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[ 3377.182793][   T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-rc7-syzkaller-01491-gf2bb566f5c97 #0
[ 3377.182817][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 3377.182829][   T28] Call Trace:
[ 3377.182835][   T28]  <TASK>
[ 3377.182844][   T28]  dump_stack_lvl+0xd1/0x138
[ 3377.182873][   T28]  panic+0x2cc/0x626
[ 3377.182901][   T28]  ? panic_print_sys_info.part.0+0x110/0x110
[ 3377.182934][   T28]  ? preempt_schedule_thunk+0x1a/0x1c
[ 3377.182969][   T28]  ? watchdog.cold+0x130/0x158
[ 3377.183000][   T28]  watchdog.cold+0x141/0x158
[ 3377.183027][   T28]  ? proc_dohung_task_timeout_secs+0x80/0x80
[ 3377.183061][   T28]  kthread+0x2e8/0x3a0
[ 3377.183079][   T28]  ? kthread_complete_and_exit+0x40/0x40
[ 3377.183103][   T28]  ret_from_fork+0x1f/0x30
[ 3377.183145][   T28]  </TASK>
[ 3377.197618][   T28] Kernel Offset: disabled
[ 3377.547538][   T28] Rebooting in 86400 seconds..