72][T25910] ? find_held_lock+0x2d/0x110 [ 2643.602068][T25910] ? __ct_user_exit+0xff/0x150 [ 2643.606868][T25910] __do_sys_clone+0xba/0x100 [ 2643.611482][T25910] ? kernel_clone+0xab0/0xab0 [ 2643.617233][T25910] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2643.623160][T25910] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2643.629107][T25910] do_syscall_64+0x35/0xb0 [ 2643.633564][T25910] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2643.639495][T25910] RIP: 0033:0x7fa378a8c9d1 [ 2643.644035][T25910] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2643.663664][T25910] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2643.672093][T25910] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2643.680076][T25910] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2643.688059][T25910] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 11:15:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3e6) 11:15:58 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) [ 2643.696043][T25910] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2643.704033][T25910] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2643.712033][T25910] [ 2643.730790][T25910] memory: usage 307200kB, limit 307200kB, failcnt 53818 [ 2643.738513][T25910] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2643.748003][T25910] Memory cgroup stats for /syz4: [ 2643.748182][T25910] anon 90112 [ 2643.748182][T25910] file 372736 [ 2643.748182][T25910] kernel 314109952 [ 2643.748182][T25910] kernel_stack 65536 [ 2643.748182][T25910] pagetables 65536 [ 2643.748182][T25910] percpu 5624000 [ 2643.748182][T25910] sock 0 [ 2643.748182][T25910] vmalloc 0 [ 2643.748182][T25910] shmem 372736 [ 2643.748182][T25910] zswap 0 [ 2643.748182][T25910] zswapped 0 [ 2643.748182][T25910] file_mapped 372736 [ 2643.748182][T25910] file_dirty 0 [ 2643.748182][T25910] file_writeback 0 [ 2643.748182][T25910] swapcached 0 [ 2643.748182][T25910] anon_thp 0 [ 2643.748182][T25910] file_thp 0 [ 2643.748182][T25910] shmem_thp 0 [ 2643.748182][T25910] inactive_anon 139264 [ 2643.748182][T25910] active_anon 323584 [ 2643.748182][T25910] inactive_file 0 [ 2643.748182][T25910] active_file 0 [ 2643.748182][T25910] unevictable 0 [ 2643.748182][T25910] slab_reclaimable 17888 [ 2643.748182][T25910] slab_unreclaimable 308300256 [ 2643.748182][T25910] slab 308318144 [ 2643.865988][T25910] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=25910,uid=0 [ 2643.868056][T25916] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:15:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3ea) 11:15:58 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7be}]}}]}, 0x40}, 0x7}, 0x0) [ 2643.917298][T25910] Memory cgroup out of memory: Killed process 25910 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2643.924613][T25929] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2643.945176][T25915] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 11:15:58 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6f4}]}}]}, 0x40}, 0x7}, 0x0) [ 2643.972912][T25915] CPU: 1 PID: 25915 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2643.983048][T25915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2643.993137][T25915] Call Trace: [ 2643.996446][T25915] [ 2643.999411][T25915] dump_stack_lvl+0xcd/0x134 [ 2644.004047][T25915] dump_header+0x10b/0x7f9 [ 2644.008511][T25915] oom_kill_process.cold+0x10/0x15 [ 2644.013672][T25915] out_of_memory+0x358/0x14a0 [ 2644.018524][T25915] ? oom_killer_disable+0x270/0x270 [ 2644.023780][T25915] ? find_held_lock+0x2d/0x110 [ 2644.028601][T25915] mem_cgroup_out_of_memory+0x206/0x270 [ 2644.034189][T25915] ? mem_cgroup_margin+0x130/0x130 [ 2644.039329][T25915] ? lock_downgrade+0x6e0/0x6e0 [ 2644.044208][T25915] try_charge_memcg+0xf67/0x13f0 [ 2644.049173][T25915] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2644.055175][T25915] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2644.060909][T25915] ? lock_downgrade+0x6e0/0x6e0 [ 2644.065778][T25915] ? lock_downgrade+0x6e0/0x6e0 [ 2644.070653][T25915] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2644.076226][T25915] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2644.082412][T25915] copy_process+0x15f3/0x7090 [ 2644.087134][T25915] ? find_held_lock+0x2d/0x110 [ 2644.092050][T25915] ? __cleanup_sighand+0xb0/0xb0 [ 2644.097035][T25915] kernel_clone+0xe7/0xab0 [ 2644.101474][T25915] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2644.107473][T25915] ? create_io_thread+0xe0/0xe0 [ 2644.112443][T25915] ? find_held_lock+0x2d/0x110 [ 2644.117237][T25915] ? __ct_user_exit+0xff/0x150 [ 2644.122026][T25915] __do_sys_clone+0xba/0x100 [ 2644.126637][T25915] ? kernel_clone+0xab0/0xab0 [ 2644.131345][T25915] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2644.137265][T25915] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2644.143184][T25915] do_syscall_64+0x35/0xb0 [ 2644.147630][T25915] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2644.153544][T25915] RIP: 0033:0x7f89d288c9d1 [ 2644.157974][T25915] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2644.177593][T25915] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2644.186107][T25915] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2644.194086][T25915] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2644.202066][T25915] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2644.210061][T25915] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2644.218040][T25915] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2644.226041][T25915] [ 2644.253043][T25915] memory: usage 307200kB, limit 307200kB, failcnt 52563 [ 2644.261421][T25915] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2644.292575][T25915] Memory cgroup stats for /syz3: [ 2644.292765][T25915] anon 147456 [ 2644.292765][T25915] file 385024 [ 2644.292765][T25915] kernel 314040320 [ 2644.292765][T25915] kernel_stack 98304 [ 2644.292765][T25915] pagetables 81920 [ 2644.292765][T25915] percpu 5618080 [ 2644.292765][T25915] sock 0 [ 2644.292765][T25915] vmalloc 0 [ 2644.292765][T25915] shmem 385024 [ 2644.292765][T25915] zswap 0 [ 2644.292765][T25915] zswapped 0 [ 2644.292765][T25915] file_mapped 311296 [ 2644.292765][T25915] file_dirty 0 [ 2644.292765][T25915] file_writeback 0 [ 2644.292765][T25915] swapcached 0 [ 2644.292765][T25915] anon_thp 0 [ 2644.292765][T25915] file_thp 0 [ 2644.292765][T25915] shmem_thp 0 [ 2644.292765][T25915] inactive_anon 200704 [ 2644.292765][T25915] active_anon 331776 [ 2644.292765][T25915] inactive_file 0 [ 2644.292765][T25915] active_file 0 [ 2644.292765][T25915] unevictable 0 [ 2644.292765][T25915] slab_reclaimable 22760 [ 2644.292765][T25915] slab_unreclaimable 308177416 [ 2644.292765][T25915] slab 308200176 [ 2644.411104][T25915] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25915,uid=0 [ 2644.427443][T25933] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2644.439614][T25915] Memory cgroup out of memory: Killed process 25915 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 11:15:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x20c}]}}]}, 0x40}, 0x7}, 0x0) [ 2644.463276][T25923] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2644.486187][T25923] CPU: 1 PID: 25923 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2644.496336][T25923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2644.506513][T25923] Call Trace: [ 2644.509835][T25923] [ 2644.512793][T25923] dump_stack_lvl+0xcd/0x134 [ 2644.517430][T25923] dump_header+0x10b/0x7f9 [ 2644.521880][T25923] oom_kill_process.cold+0x10/0x15 [ 2644.527197][T25923] out_of_memory+0x358/0x14a0 [ 2644.531922][T25923] ? oom_killer_disable+0x270/0x270 [ 2644.537144][T25923] ? find_held_lock+0x2d/0x110 [ 2644.541969][T25923] mem_cgroup_out_of_memory+0x206/0x270 [ 2644.547533][T25923] ? mem_cgroup_margin+0x130/0x130 [ 2644.552755][T25923] ? lock_downgrade+0x6e0/0x6e0 [ 2644.557638][T25923] try_charge_memcg+0xef5/0x13f0 [ 2644.562591][T25923] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2644.568604][T25923] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2644.574342][T25923] ? lock_downgrade+0x6e0/0x6e0 [ 2644.579313][T25923] ? lock_downgrade+0x6e0/0x6e0 [ 2644.584198][T25923] obj_cgroup_charge+0x2ab/0x5e0 [ 2644.589686][T25923] kmem_cache_alloc_lru+0x13e/0x720 [ 2644.594906][T25923] ? sock_alloc_inode+0x23/0x1d0 [ 2644.599888][T25923] sock_alloc_inode+0x23/0x1d0 [ 2644.604705][T25923] ? sock_free_inode+0x20/0x20 [ 2644.609470][T25923] alloc_inode+0x61/0x230 [ 2644.613797][T25923] new_inode_pseudo+0x13/0x80 [ 2644.618472][T25923] sock_alloc+0x3c/0x260 [ 2644.622753][T25923] __sock_create+0xb9/0x790 [ 2644.627256][T25923] ? lock_downgrade+0x6e0/0x6e0 [ 2644.632115][T25923] __sys_socket+0x12f/0x240 [ 2644.636799][T25923] ? __sys_socket_file+0x1f0/0x1f0 [ 2644.642020][T25923] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2644.648037][T25923] __x64_sys_socket+0x6f/0xb0 [ 2644.652831][T25923] do_syscall_64+0x35/0xb0 [ 2644.657296][T25923] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2644.663207][T25923] RIP: 0033:0x7fefdee8b5a9 [ 2644.667628][T25923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2644.687255][T25923] RSP: 002b:00007fefe005a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 2644.695688][T25923] RAX: ffffffffffffffda RBX: 00007fefdefabf80 RCX: 00007fefdee8b5a9 [ 2644.703788][T25923] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 2644.711997][T25923] RBP: 00007fefdeee6580 R08: 0000000000000000 R09: 0000000000000000 [ 2644.719968][T25923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2644.727943][T25923] R13: 00007ffd4124e5bf R14: 00007fefe005a300 R15: 0000000000022000 [ 2644.735925][T25923] [ 2644.755475][T25923] memory: usage 307200kB, limit 307200kB, failcnt 52699 [ 2644.762655][T25923] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2644.774183][T25941] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2644.787759][T25923] Memory cgroup stats for /syz2: [ 2644.788110][T25923] anon 98304 [ 2644.788110][T25923] file 364544 [ 2644.788110][T25923] kernel 314109952 [ 2644.788110][T25923] kernel_stack 65536 [ 2644.788110][T25923] pagetables 73728 [ 2644.788110][T25923] percpu 5619264 [ 2644.788110][T25923] sock 0 [ 2644.788110][T25923] vmalloc 0 [ 2644.788110][T25923] shmem 364544 [ 2644.788110][T25923] zswap 0 [ 2644.788110][T25923] zswapped 0 [ 2644.788110][T25923] file_mapped 364544 [ 2644.788110][T25923] file_dirty 0 [ 2644.788110][T25923] file_writeback 0 [ 2644.788110][T25923] swapcached 0 [ 2644.788110][T25923] anon_thp 0 [ 2644.788110][T25923] file_thp 0 [ 2644.788110][T25923] shmem_thp 0 11:15:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3ee) 11:15:59 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7bf}]}}]}, 0x40}, 0x7}, 0x0) [ 2644.788110][T25923] inactive_anon 102400 [ 2644.788110][T25923] active_anon 360448 [ 2644.788110][T25923] inactive_file 0 [ 2644.788110][T25923] active_file 0 [ 2644.788110][T25923] unevictable 0 [ 2644.788110][T25923] slab_reclaimable 125104 [ 2644.788110][T25923] slab_unreclaimable 308189768 [ 2644.788110][T25923] slab 308314872 [ 2644.895393][T25923] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25920,uid=0 [ 2644.925108][T25923] Memory cgroup out of memory: Killed process 25920 (syz-executor.2) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2644.943297][T25926] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2644.953876][T25926] CPU: 0 PID: 25926 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2644.963980][T25926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2644.974166][T25926] Call Trace: [ 2644.977466][T25926] [ 2644.980406][T25926] dump_stack_lvl+0xcd/0x134 [ 2644.985010][T25926] dump_header+0x10b/0x7f9 [ 2644.989465][T25926] oom_kill_process.cold+0x10/0x15 [ 2644.994611][T25926] out_of_memory+0x358/0x14a0 [ 2644.999309][T25926] ? oom_killer_disable+0x270/0x270 [ 2645.004531][T25926] ? find_held_lock+0x2d/0x110 [ 2645.009357][T25926] mem_cgroup_out_of_memory+0x206/0x270 [ 2645.014939][T25926] ? mem_cgroup_margin+0x130/0x130 [ 2645.020076][T25926] ? lock_downgrade+0x6e0/0x6e0 [ 2645.024956][T25926] try_charge_memcg+0xf67/0x13f0 [ 2645.030022][T25926] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2645.036134][T25926] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2645.041889][T25926] ? lock_downgrade+0x6e0/0x6e0 [ 2645.046762][T25926] ? lock_downgrade+0x6e0/0x6e0 [ 2645.052110][T25926] ? rcu_read_unlock+0x9/0x60 [ 2645.057176][T25926] obj_cgroup_charge+0x2ab/0x5e0 [ 2645.062147][T25926] ? copy_process+0x5c2/0x7090 [ 2645.066929][T25926] kmem_cache_alloc_node+0x92/0x3f0 [ 2645.072153][T25926] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2645.077464][T25926] copy_process+0x5c2/0x7090 [ 2645.083038][T25926] ? find_held_lock+0x2d/0x110 [ 2645.087855][T25926] ? find_held_lock+0x2d/0x110 [ 2645.092760][T25926] ? __cleanup_sighand+0xb0/0xb0 [ 2645.097742][T25926] kernel_clone+0xe7/0xab0 [ 2645.102195][T25926] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2645.108645][T25926] ? create_io_thread+0xe0/0xe0 [ 2645.113552][T25926] ? find_held_lock+0x2d/0x110 [ 2645.118368][T25926] ? __ct_user_exit+0xff/0x150 [ 2645.123261][T25926] __do_sys_clone+0xba/0x100 [ 2645.127890][T25926] ? kernel_clone+0xab0/0xab0 [ 2645.132597][T25926] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2645.138594][T25926] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2645.144872][T25926] do_syscall_64+0x35/0xb0 [ 2645.149339][T25926] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2645.155498][T25926] RIP: 0033:0x7f542068c9d1 [ 2645.159943][T25926] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2645.179887][T25926] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2645.188404][T25926] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2645.196411][T25926] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 11:16:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x701}]}}]}, 0x40}, 0x7}, 0x0) [ 2645.204682][T25926] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2645.212696][T25926] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2645.220770][T25926] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2645.228849][T25926] [ 2645.250277][T25926] memory: usage 307192kB, limit 307200kB, failcnt 38245 [ 2645.262583][T25926] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2645.278168][T25926] Memory cgroup stats for /syz5: [ 2645.278365][T25926] anon 147456 [ 2645.278365][T25926] file 364544 [ 2645.278365][T25926] kernel 314044416 [ 2645.278365][T25926] kernel_stack 98304 [ 2645.278365][T25926] pagetables 81920 [ 2645.278365][T25926] percpu 5618080 [ 2645.278365][T25926] sock 0 [ 2645.278365][T25926] vmalloc 0 [ 2645.278365][T25926] shmem 356352 [ 2645.278365][T25926] zswap 0 [ 2645.278365][T25926] zswapped 0 [ 2645.278365][T25926] file_mapped 356352 [ 2645.278365][T25926] file_dirty 0 [ 2645.278365][T25926] file_writeback 0 [ 2645.278365][T25926] swapcached 0 [ 2645.278365][T25926] anon_thp 0 [ 2645.278365][T25926] file_thp 0 [ 2645.278365][T25926] shmem_thp 0 [ 2645.278365][T25926] inactive_anon 151552 [ 2645.278365][T25926] active_anon 352256 [ 2645.278365][T25926] inactive_file 4096 [ 2645.278365][T25926] active_file 4096 [ 2645.278365][T25926] unevictable 0 [ 2645.278365][T25926] slab_reclaimable 20960 [ 2645.278365][T25926] slab_unreclaimable 308194448 [ 2645.278365][T25926] slab 308215408 [ 2645.382937][T25926] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=25926,uid=0 [ 2645.399707][T25926] Memory cgroup out of memory: Killed process 25926 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2645.417810][T25934] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2645.436158][T25934] CPU: 1 PID: 25934 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2645.446338][T25934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2645.456428][T25934] Call Trace: [ 2645.459715][T25934] [ 2645.462639][T25934] dump_stack_lvl+0xcd/0x134 [ 2645.467347][T25934] dump_header+0x10b/0x7f9 [ 2645.471761][T25934] oom_kill_process.cold+0x10/0x15 [ 2645.476871][T25934] out_of_memory+0x358/0x14a0 [ 2645.481568][T25934] ? oom_killer_disable+0x270/0x270 [ 2645.486881][T25934] ? find_held_lock+0x2d/0x110 [ 2645.491690][T25934] mem_cgroup_out_of_memory+0x206/0x270 [ 2645.497273][T25934] ? mem_cgroup_margin+0x130/0x130 [ 2645.502504][T25934] ? lock_downgrade+0x6e0/0x6e0 [ 2645.507387][T25934] try_charge_memcg+0xf67/0x13f0 [ 2645.512386][T25934] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2645.518375][T25934] ? lock_downgrade+0x6e0/0x6e0 [ 2645.523229][T25934] charge_memcg+0x31/0x320 [ 2645.527654][T25934] __mem_cgroup_charge+0x27/0x90 [ 2645.532593][T25934] ? _compound_head+0x5d/0x150 [ 2645.537379][T25934] wp_page_copy+0x27c/0x1b10 [ 2645.541996][T25934] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2645.547451][T25934] ? lock_downgrade+0x6e0/0x6e0 [ 2645.552302][T25934] ? vm_normal_page+0x146/0x2a0 [ 2645.557240][T25934] do_wp_page+0x52c/0x1910 [ 2645.561780][T25934] __handle_mm_fault+0x1813/0x39b0 [ 2645.566910][T25934] ? vm_iomap_memory+0x190/0x190 [ 2645.571965][T25934] handle_mm_fault+0x1c8/0x780 [ 2645.576870][T25934] do_user_addr_fault+0x475/0x1210 [ 2645.582005][T25934] exc_page_fault+0x94/0x170 [ 2645.586655][T25934] asm_exc_page_fault+0x22/0x30 [ 2645.591568][T25934] RIP: 0033:0x7fa378a362de [ 2645.595979][T25934] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2645.615622][T25934] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2645.621698][T25934] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2645.629679][T25934] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2645.637662][T25934] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 11:16:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) [ 2645.645656][T25934] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2645.653627][T25934] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2645.661652][T25934] [ 2645.671740][T25934] memory: usage 307200kB, limit 307200kB, failcnt 53877 [ 2645.684386][T25934] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2645.697707][T25934] Memory cgroup stats for /syz4: [ 2645.697929][T25934] anon 90112 [ 2645.697929][T25934] file 372736 [ 2645.697929][T25934] kernel 314109952 [ 2645.697929][T25934] kernel_stack 65536 [ 2645.697929][T25934] pagetables 65536 [ 2645.697929][T25934] percpu 5624000 [ 2645.697929][T25934] sock 0 [ 2645.697929][T25934] vmalloc 0 [ 2645.697929][T25934] shmem 372736 [ 2645.697929][T25934] zswap 0 [ 2645.697929][T25934] zswapped 0 [ 2645.697929][T25934] file_mapped 372736 [ 2645.697929][T25934] file_dirty 0 [ 2645.697929][T25934] file_writeback 0 [ 2645.697929][T25934] swapcached 0 [ 2645.697929][T25934] anon_thp 0 [ 2645.697929][T25934] file_thp 0 [ 2645.697929][T25934] shmem_thp 0 [ 2645.697929][T25934] inactive_anon 139264 [ 2645.697929][T25934] active_anon 323584 [ 2645.697929][T25934] inactive_file 0 [ 2645.697929][T25934] active_file 0 [ 2645.697929][T25934] unevictable 0 [ 2645.697929][T25934] slab_reclaimable 17888 [ 2645.697929][T25934] slab_unreclaimable 308300720 [ 2645.697929][T25934] slab 308318608 11:16:00 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6f5}]}}]}, 0x40}, 0x7}, 0x0) [ 2645.796263][T25934] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=25934,uid=0 [ 2645.812089][T25934] Memory cgroup out of memory: Killed process 25934 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2645.830407][T25940] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2645.849071][T25940] CPU: 1 PID: 25940 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2645.859216][T25940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2645.869305][T25940] Call Trace: [ 2645.872606][T25940] [ 2645.875571][T25940] dump_stack_lvl+0xcd/0x134 [ 2645.880286][T25940] dump_header+0x10b/0x7f9 [ 2645.884755][T25940] oom_kill_process.cold+0x10/0x15 [ 2645.889918][T25940] out_of_memory+0x358/0x14a0 [ 2645.894651][T25940] ? oom_killer_disable+0x270/0x270 [ 2645.899902][T25940] ? find_held_lock+0x2d/0x110 [ 2645.904718][T25940] mem_cgroup_out_of_memory+0x206/0x270 [ 2645.910299][T25940] ? mem_cgroup_margin+0x130/0x130 [ 2645.915443][T25940] ? lock_downgrade+0x6e0/0x6e0 [ 2645.920345][T25940] try_charge_memcg+0xf67/0x13f0 [ 2645.925330][T25940] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2645.931353][T25940] ? lock_downgrade+0x6e0/0x6e0 [ 2645.936252][T25940] charge_memcg+0x31/0x320 [ 2645.940715][T25940] __mem_cgroup_charge+0x27/0x90 [ 2645.945731][T25940] ? _compound_head+0x5d/0x150 [ 2645.950542][T25940] __handle_mm_fault+0x17df/0x39b0 [ 2645.955686][T25940] ? vm_iomap_memory+0x190/0x190 [ 2645.960666][T25940] handle_mm_fault+0x1c8/0x780 [ 2645.965450][T25940] do_user_addr_fault+0x475/0x1210 [ 2645.970609][T25940] exc_page_fault+0x94/0x170 [ 2645.975220][T25940] asm_exc_page_fault+0x22/0x30 [ 2645.980092][T25940] RIP: 0033:0x7f89d283accf [ 2645.984520][T25940] Code: ff ff 4d 89 cd 48 85 c0 74 19 8b 95 44 ff ff ff 48 29 c6 48 01 c7 e8 f0 09 05 00 85 c0 0f 85 0b 03 00 00 48 8b 85 48 ff ff ff <41> c7 45 18 01 00 00 00 4c 89 ef 49 89 85 90 06 00 00 48 8b 85 50 [ 2646.004143][T25940] RSP: 002b:00007fff48383190 EFLAGS: 00010246 [ 2646.010308][T25940] RAX: 00007f89d3a71000 RBX: 0000000000021000 RCX: 00007f89d288b6b7 [ 2646.018288][T25940] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f89d3a72000 [ 2646.026267][T25940] RBP: 00007fff48383260 R08: 00000000ffffffff R09: 00007f89d3a91700 [ 2646.034251][T25940] R10: 0000000000020022 R11: 0000000000000206 R12: 00007fff48383380 [ 2646.042488][T25940] R13: 00007f89d3a91700 R14: 0000000000000000 R15: 0000000000022000 [ 2646.050487][T25940] [ 2646.063051][T25940] memory: usage 307200kB, limit 307200kB, failcnt 52625 [ 2646.070265][T25940] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2646.077814][T25940] Memory cgroup stats for /syz3: [ 2646.078031][T25940] anon 139264 [ 2646.078031][T25940] file 385024 [ 2646.078031][T25940] kernel 314048512 [ 2646.078031][T25940] kernel_stack 65536 [ 2646.078031][T25940] pagetables 81920 [ 2646.078031][T25940] percpu 5619264 [ 2646.078031][T25940] sock 0 [ 2646.078031][T25940] vmalloc 0 [ 2646.078031][T25940] shmem 385024 [ 2646.078031][T25940] zswap 0 [ 2646.078031][T25940] zswapped 0 [ 2646.078031][T25940] file_mapped 311296 [ 2646.078031][T25940] file_dirty 0 [ 2646.078031][T25940] file_writeback 0 [ 2646.078031][T25940] swapcached 0 [ 2646.078031][T25940] anon_thp 0 [ 2646.078031][T25940] file_thp 0 [ 2646.078031][T25940] shmem_thp 0 [ 2646.078031][T25940] inactive_anon 192512 [ 2646.078031][T25940] active_anon 331776 [ 2646.078031][T25940] inactive_file 0 [ 2646.078031][T25940] active_file 0 [ 2646.078031][T25940] unevictable 0 [ 2646.078031][T25940] slab_reclaimable 22760 [ 2646.078031][T25940] slab_unreclaimable 308224632 [ 2646.078031][T25940] slab 308247392 [ 2646.172112][T25940] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25940,uid=0 [ 2646.188871][T25940] Memory cgroup out of memory: Killed process 25940 (syz-executor.3) total-vm:54728kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2646.209256][T25950] Memory cgroup out of memory: Killed process 25950 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2646.231398][T25944] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. 11:16:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x20d}]}}]}, 0x40}, 0x7}, 0x0) 11:16:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x702}]}}]}, 0x40}, 0x7}, 0x0) [ 2646.257553][T25948] Memory cgroup out of memory: Killed process 25948 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2646.280752][T25955] Memory cgroup out of memory: Killed process 25955 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 11:16:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3f2) 11:16:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c0}]}}]}, 0x40}, 0x7}, 0x0) 11:16:01 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6f6}]}}]}, 0x40}, 0x7}, 0x0) [ 2646.409340][T25951] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2646.457888][T25957] Memory cgroup out of memory: Killed process 25957 (syz-executor.3) total-vm:54728kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2646.513493][T25956] oom_kill_process: 4 callbacks suppressed [ 2646.513515][T25956] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2646.543005][T25956] CPU: 1 PID: 25956 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2646.554970][T25956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2646.565052][T25956] Call Trace: [ 2646.568356][T25956] [ 2646.571393][T25956] dump_stack_lvl+0xcd/0x134 [ 2646.576020][T25956] dump_header+0x10b/0x7f9 [ 2646.580480][T25956] oom_kill_process.cold+0x10/0x15 [ 2646.585637][T25956] out_of_memory+0x358/0x14a0 [ 2646.590370][T25956] ? oom_killer_disable+0x270/0x270 [ 2646.595618][T25956] ? find_held_lock+0x2d/0x110 [ 2646.600436][T25956] mem_cgroup_out_of_memory+0x206/0x270 [ 2646.606015][T25956] ? mem_cgroup_margin+0x130/0x130 [ 2646.611159][T25956] ? lock_downgrade+0x6e0/0x6e0 [ 2646.616072][T25956] try_charge_memcg+0xf67/0x13f0 [ 2646.621054][T25956] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2646.627101][T25956] ? lock_downgrade+0x6e0/0x6e0 [ 2646.632085][T25956] charge_memcg+0x31/0x320 [ 2646.636542][T25956] __mem_cgroup_charge+0x27/0x90 [ 2646.641523][T25956] ? _compound_head+0x5d/0x150 [ 2646.646341][T25956] wp_page_copy+0x27c/0x1b10 [ 2646.650971][T25956] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2646.656549][T25956] ? lock_downgrade+0x6e0/0x6e0 [ 2646.661434][T25956] ? vm_normal_page+0x146/0x2a0 [ 2646.666343][T25956] do_wp_page+0x52c/0x1910 [ 2646.670811][T25956] __handle_mm_fault+0x1813/0x39b0 [ 2646.675974][T25956] ? vm_iomap_memory+0x190/0x190 [ 2646.680978][T25956] handle_mm_fault+0x1c8/0x780 [ 2646.685786][T25956] do_user_addr_fault+0x475/0x1210 [ 2646.690951][T25956] exc_page_fault+0x94/0x170 [ 2646.695670][T25956] asm_exc_page_fault+0x22/0x30 [ 2646.700565][T25956] RIP: 0033:0x7fefdee362de [ 2646.705009][T25956] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2646.724680][T25956] RSP: 002b:00007ffd4124e640 EFLAGS: 00010246 [ 2646.730781][T25956] RAX: 00007fefdefabf80 RBX: 00007fefdefabf8c RCX: 0000000000000000 [ 2646.738789][T25956] RDX: 0000000000000000 RSI: 00007fefdefabf88 RDI: 0000000000000000 [ 2646.746794][T25956] RBP: 00007fefdefabf80 R08: 00007fefe005a700 R09: 00007fefe005a700 [ 2646.754887][T25956] R10: 00007fefe005a9d0 R11: 0000000000000206 R12: 00007fefdefabf8c [ 2646.762887][T25956] R13: 00007fefdefb0060 R14: 00007fefdefabf80 R15: 0000000000000000 [ 2646.770908][T25956] [ 2646.779784][T25956] memory: usage 307200kB, limit 307200kB, failcnt 52824 [ 2646.787058][T25956] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2646.794575][T25956] Memory cgroup stats for /syz2: [ 2646.794761][T25956] anon 90112 [ 2646.794761][T25956] file 364544 [ 2646.794761][T25956] kernel 314118144 [ 2646.794761][T25956] kernel_stack 65536 [ 2646.794761][T25956] pagetables 69632 [ 2646.794761][T25956] percpu 5619264 [ 2646.794761][T25956] sock 0 [ 2646.794761][T25956] vmalloc 0 [ 2646.794761][T25956] shmem 364544 [ 2646.794761][T25956] zswap 0 [ 2646.794761][T25956] zswapped 0 [ 2646.794761][T25956] file_mapped 364544 [ 2646.794761][T25956] file_dirty 0 [ 2646.794761][T25956] file_writeback 0 [ 2646.794761][T25956] swapcached 0 [ 2646.794761][T25956] anon_thp 0 [ 2646.794761][T25956] file_thp 0 [ 2646.794761][T25956] shmem_thp 0 [ 2646.794761][T25956] inactive_anon 94208 11:16:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) [ 2646.794761][T25956] active_anon 360448 [ 2646.794761][T25956] inactive_file 0 [ 2646.794761][T25956] active_file 0 [ 2646.794761][T25956] unevictable 0 [ 2646.794761][T25956] slab_reclaimable 125104 [ 2646.794761][T25956] slab_unreclaimable 308200224 [ 2646.794761][T25956] slab 308325328 [ 2646.895621][T25958] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2647.043232][T25956] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25956,uid=0 [ 2647.059513][T25956] Memory cgroup out of memory: Killed process 25956 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 2647.113047][T25963] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2647.122632][T25968] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 11:16:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x703}]}}]}, 0x40}, 0x7}, 0x0) [ 2647.159411][T25968] CPU: 1 PID: 25968 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2647.169568][T25968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2647.179664][T25968] Call Trace: [ 2647.182969][T25968] [ 2647.185918][T25968] dump_stack_lvl+0xcd/0x134 [ 2647.190551][T25968] dump_header+0x10b/0x7f9 [ 2647.195045][T25968] oom_kill_process.cold+0x10/0x15 [ 2647.200197][T25968] out_of_memory+0x358/0x14a0 [ 2647.204927][T25968] ? oom_killer_disable+0x270/0x270 [ 2647.210177][T25968] ? find_held_lock+0x2d/0x110 [ 2647.214991][T25968] mem_cgroup_out_of_memory+0x206/0x270 [ 2647.220573][T25968] ? mem_cgroup_margin+0x130/0x130 [ 2647.225722][T25968] ? lock_downgrade+0x6e0/0x6e0 [ 2647.230619][T25968] try_charge_memcg+0xf67/0x13f0 [ 2647.235609][T25968] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2647.241629][T25968] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2647.247384][T25968] ? lock_downgrade+0x6e0/0x6e0 [ 2647.252279][T25968] ? lock_downgrade+0x6e0/0x6e0 [ 2647.257177][T25968] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2647.262766][T25968] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2647.269138][T25968] copy_process+0x15f3/0x7090 [ 2647.273856][T25968] ? __lock_acquire+0xbc3/0x56d0 [ 2647.279009][T25968] ? __cleanup_sighand+0xb0/0xb0 [ 2647.284008][T25968] kernel_clone+0xe7/0xab0 [ 2647.288459][T25968] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2647.294472][T25968] ? create_io_thread+0xe0/0xe0 [ 2647.299363][T25968] ? find_held_lock+0x2d/0x110 [ 2647.304172][T25968] ? __ct_user_exit+0xff/0x150 [ 2647.309080][T25968] __do_sys_clone+0xba/0x100 [ 2647.313793][T25968] ? kernel_clone+0xab0/0xab0 [ 2647.318806][T25968] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2647.324793][T25968] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2647.330760][T25968] do_syscall_64+0x35/0xb0 [ 2647.335223][T25968] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2647.341153][T25968] RIP: 0033:0x7f542068c9d1 [ 2647.345609][T25968] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2647.365251][T25968] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2647.373737][T25968] RAX: ffffffffffffffda RBX: 00007f54217ed700 RCX: 00007f542068c9d1 [ 2647.381746][T25968] RDX: 00007f54217ed9d0 RSI: 00007f54217ed2f0 RDI: 00000000003d0f00 [ 2647.389744][T25968] RBP: 00007ffc9945b1c0 R08: 00007f54217ed700 R09: 00007f54217ed700 [ 2647.397740][T25968] R10: 00007f54217ed9d0 R11: 0000000000000206 R12: 00007ffc9945b02e 11:16:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x20e}]}}]}, 0x40}, 0x7}, 0x0) 11:16:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3f6) [ 2647.405908][T25968] R13: 00007ffc9945b02f R14: 00007f54217ed300 R15: 0000000000022000 [ 2647.416617][T25968] 11:16:02 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c1}]}}]}, 0x40}, 0x7}, 0x0) 11:16:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3f8) [ 2647.544083][T25977] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2647.563172][T25968] memory: usage 307176kB, limit 307200kB, failcnt 38445 [ 2647.595184][T25968] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2647.612857][T25968] Memory cgroup stats for /syz5: [ 2647.613172][T25968] anon 143360 [ 2647.613172][T25968] file 364544 [ 2647.613172][T25968] kernel 314040320 [ 2647.613172][T25968] kernel_stack 65536 [ 2647.613172][T25968] pagetables 81920 [ 2647.613172][T25968] percpu 5618080 [ 2647.613172][T25968] sock 0 [ 2647.613172][T25968] vmalloc 0 [ 2647.613172][T25968] shmem 356352 [ 2647.613172][T25968] zswap 0 [ 2647.613172][T25968] zswapped 0 [ 2647.613172][T25968] file_mapped 356352 [ 2647.613172][T25968] file_dirty 0 [ 2647.613172][T25968] file_writeback 0 [ 2647.613172][T25968] swapcached 0 [ 2647.613172][T25968] anon_thp 0 [ 2647.613172][T25968] file_thp 0 [ 2647.613172][T25968] shmem_thp 0 [ 2647.613172][T25968] inactive_anon 147456 [ 2647.613172][T25968] active_anon 352256 [ 2647.613172][T25968] inactive_file 0 [ 2647.613172][T25968] active_file 8192 [ 2647.613172][T25968] unevictable 0 [ 2647.613172][T25968] slab_reclaimable 20960 [ 2647.613172][T25968] slab_unreclaimable 308204576 [ 2647.613172][T25968] slab 308225536 [ 2647.620143][T25976] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2647.729836][T25968] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=25968,uid=0 11:16:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3fa) 11:16:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) [ 2647.751812][T25968] Memory cgroup out of memory: Killed process 25968 (syz-executor.5) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2647.774329][T25964] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2647.803306][T25964] CPU: 0 PID: 25964 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2647.813462][T25964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2647.823550][T25964] Call Trace: [ 2647.826882][T25964] [ 2647.829922][T25964] dump_stack_lvl+0xcd/0x134 [ 2647.834552][T25964] dump_header+0x10b/0x7f9 [ 2647.839102][T25964] oom_kill_process.cold+0x10/0x15 [ 2647.844260][T25964] out_of_memory+0x358/0x14a0 11:16:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3fc) [ 2647.848996][T25964] ? oom_killer_disable+0x270/0x270 [ 2647.854259][T25964] ? find_held_lock+0x2d/0x110 [ 2647.859095][T25964] mem_cgroup_out_of_memory+0x206/0x270 [ 2647.864774][T25964] ? mem_cgroup_margin+0x130/0x130 [ 2647.869933][T25964] ? lock_downgrade+0x6e0/0x6e0 [ 2647.875102][T25964] try_charge_memcg+0xf67/0x13f0 [ 2647.880187][T25964] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2647.886221][T25964] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2647.891986][T25964] ? lock_downgrade+0x6e0/0x6e0 [ 2647.896883][T25964] ? lock_downgrade+0x6e0/0x6e0 11:16:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x500) 11:16:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x600) [ 2647.901877][T25964] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2647.907480][T25964] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2647.913692][T25964] copy_process+0x15f3/0x7090 [ 2647.918597][T25964] ? __lock_acquire+0xbc3/0x56d0 [ 2647.923580][T25964] ? __cleanup_sighand+0xb0/0xb0 [ 2647.928604][T25964] kernel_clone+0xe7/0xab0 [ 2647.933068][T25964] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2647.939086][T25964] ? create_io_thread+0xe0/0xe0 [ 2647.943982][T25964] ? find_held_lock+0x2d/0x110 [ 2647.948776][T25964] ? __ct_user_exit+0xff/0x150 [ 2647.953594][T25964] __do_sys_clone+0xba/0x100 [ 2647.958229][T25964] ? kernel_clone+0xab0/0xab0 [ 2647.962963][T25964] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2647.968897][T25964] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2647.974818][T25964] do_syscall_64+0x35/0xb0 [ 2647.982602][T25964] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2647.988547][T25964] RIP: 0033:0x7fa378a8c9d1 [ 2647.992998][T25964] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2648.012634][T25964] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2648.021070][T25964] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2648.029080][T25964] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2648.037066][T25964] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2648.045152][T25964] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2648.053156][T25964] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2648.061158][T25964] [ 2648.081047][T25964] memory: usage 307184kB, limit 307200kB, failcnt 54041 [ 2648.088266][T25964] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2648.095467][T25964] Memory cgroup stats for /syz4: [ 2648.095682][T25964] anon 90112 [ 2648.095682][T25964] file 372736 [ 2648.095682][T25964] kernel 314093568 [ 2648.095682][T25964] kernel_stack 32768 [ 2648.095682][T25964] pagetables 65536 [ 2648.095682][T25964] percpu 5624000 [ 2648.095682][T25964] sock 0 [ 2648.095682][T25964] vmalloc 0 [ 2648.095682][T25964] shmem 372736 [ 2648.095682][T25964] zswap 0 [ 2648.095682][T25964] zswapped 0 [ 2648.095682][T25964] file_mapped 372736 [ 2648.095682][T25964] file_dirty 0 [ 2648.095682][T25964] file_writeback 0 [ 2648.095682][T25964] swapcached 0 [ 2648.095682][T25964] anon_thp 0 [ 2648.095682][T25964] file_thp 0 [ 2648.095682][T25964] shmem_thp 0 [ 2648.095682][T25964] inactive_anon 139264 [ 2648.095682][T25964] active_anon 323584 [ 2648.095682][T25964] inactive_file 0 [ 2648.095682][T25964] active_file 0 [ 2648.095682][T25964] unevictable 0 [ 2648.095682][T25964] slab_reclaimable 17888 [ 2648.095682][T25964] slab_unreclaimable 308300560 [ 2648.095682][T25964] slab 308318448 [ 2648.190184][T25964] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=25964,uid=0 [ 2648.206180][T25964] Memory cgroup out of memory: Killed process 25964 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 11:16:03 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6f7}]}}]}, 0x40}, 0x7}, 0x0) 11:16:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x700) [ 2648.300164][T25971] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2648.323594][T25995] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2648.343252][T25971] CPU: 0 PID: 25971 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2648.353572][T25971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2648.363664][T25971] Call Trace: [ 2648.366963][T25971] [ 2648.369916][T25971] dump_stack_lvl+0xcd/0x134 [ 2648.374549][T25971] dump_header+0x10b/0x7f9 [ 2648.379007][T25971] oom_kill_process.cold+0x10/0x15 [ 2648.384162][T25971] out_of_memory+0x358/0x14a0 [ 2648.388884][T25971] ? find_held_lock+0x2d/0x110 [ 2648.393702][T25971] ? oom_killer_disable+0x270/0x270 [ 2648.398944][T25971] ? find_held_lock+0x2d/0x110 [ 2648.403763][T25971] mem_cgroup_out_of_memory+0x206/0x270 [ 2648.409784][T25971] ? mem_cgroup_margin+0x130/0x130 [ 2648.414940][T25971] ? lock_downgrade+0x6e0/0x6e0 [ 2648.419853][T25971] try_charge_memcg+0xf67/0x13f0 [ 2648.424840][T25971] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2648.431040][T25971] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2648.436807][T25971] ? lock_downgrade+0x6e0/0x6e0 [ 2648.441700][T25971] ? lock_downgrade+0x6e0/0x6e0 [ 2648.446683][T25971] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2648.452285][T25971] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2648.458500][T25971] copy_process+0x73e/0x7090 [ 2648.463147][T25971] ? __lock_acquire+0xbc3/0x56d0 [ 2648.468140][T25971] ? __cleanup_sighand+0xb0/0xb0 [ 2648.473158][T25971] kernel_clone+0xe7/0xab0 [ 2648.477639][T25971] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2648.483663][T25971] ? create_io_thread+0xe0/0xe0 [ 2648.488573][T25971] ? find_held_lock+0x2d/0x110 [ 2648.493387][T25971] ? __ct_user_exit+0xff/0x150 [ 2648.498282][T25971] __do_sys_clone+0xba/0x100 [ 2648.502902][T25971] ? kernel_clone+0xab0/0xab0 [ 2648.507625][T25971] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2648.513547][T25971] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2648.519490][T25971] do_syscall_64+0x35/0xb0 [ 2648.523921][T25971] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2648.529834][T25971] RIP: 0033:0x7fefdee8c9d1 [ 2648.534347][T25971] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2648.554000][T25971] RSP: 002b:00007ffd4124e508 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2648.562453][T25971] RAX: ffffffffffffffda RBX: 00007fefe005a700 RCX: 00007fefdee8c9d1 [ 2648.570453][T25971] RDX: 00007fefe005a9d0 RSI: 00007fefe005a2f0 RDI: 00000000003d0f00 [ 2648.578427][T25971] RBP: 00007ffd4124e750 R08: 00007fefe005a700 R09: 00007fefe005a700 [ 2648.586403][T25971] R10: 00007fefe005a9d0 R11: 0000000000000206 R12: 00007ffd4124e5be [ 2648.594400][T25971] R13: 00007ffd4124e5bf R14: 00007fefe005a300 R15: 0000000000022000 [ 2648.602406][T25971] [ 2648.606480][T25971] memory: usage 307176kB, limit 307200kB, failcnt 52901 [ 2648.613924][T25971] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2648.620877][T25971] Memory cgroup stats for /syz2: [ 2648.621104][T25971] anon 90112 [ 2648.621104][T25971] file 364544 [ 2648.621104][T25971] kernel 314093568 [ 2648.621104][T25971] kernel_stack 32768 [ 2648.621104][T25971] pagetables 69632 [ 2648.621104][T25971] percpu 5619264 [ 2648.621104][T25971] sock 0 [ 2648.621104][T25971] vmalloc 0 [ 2648.621104][T25971] shmem 364544 [ 2648.621104][T25971] zswap 0 [ 2648.621104][T25971] zswapped 0 [ 2648.621104][T25971] file_mapped 364544 [ 2648.621104][T25971] file_dirty 0 [ 2648.621104][T25971] file_writeback 0 [ 2648.621104][T25971] swapcached 0 [ 2648.621104][T25971] anon_thp 0 [ 2648.621104][T25971] file_thp 0 [ 2648.621104][T25971] shmem_thp 0 [ 2648.621104][T25971] inactive_anon 94208 [ 2648.621104][T25971] active_anon 360448 [ 2648.621104][T25971] inactive_file 0 [ 2648.621104][T25971] active_file 0 [ 2648.621104][T25971] unevictable 0 [ 2648.621104][T25971] slab_reclaimable 125104 [ 2648.621104][T25971] slab_unreclaimable 308188360 [ 2648.621104][T25971] slab 308313464 [ 2648.717987][T25971] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25971,uid=0 11:16:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x704}]}}]}, 0x40}, 0x7}, 0x0) 11:16:03 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c2}]}}]}, 0x40}, 0x7}, 0x0) 11:16:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x20f}]}}]}, 0x40}, 0x7}, 0x0) 11:16:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x7}, 0x0) 11:16:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x900) [ 2648.740035][T25971] Memory cgroup out of memory: Killed process 25971 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 2648.784662][T25998] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2648.811700][T26006] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2648.833826][T25998] CPU: 0 PID: 25998 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2648.843963][T25998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2648.854040][T25998] Call Trace: [ 2648.857339][T25998] [ 2648.860299][T25998] dump_stack_lvl+0xcd/0x134 [ 2648.864928][T25998] dump_header+0x10b/0x7f9 [ 2648.869376][T25998] oom_kill_process.cold+0x10/0x15 [ 2648.874506][T25998] out_of_memory+0x358/0x14a0 [ 2648.879248][T25998] ? find_held_lock+0x2d/0x110 [ 2648.884048][T25998] ? oom_killer_disable+0x270/0x270 [ 2648.889297][T25998] ? find_held_lock+0x2d/0x110 [ 2648.894097][T25998] mem_cgroup_out_of_memory+0x206/0x270 [ 2648.899664][T25998] ? mem_cgroup_margin+0x130/0x130 [ 2648.904794][T25998] ? lock_downgrade+0x6e0/0x6e0 [ 2648.909676][T25998] try_charge_memcg+0xf67/0x13f0 [ 2648.914642][T25998] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2648.920640][T25998] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2648.926378][T25998] ? lock_downgrade+0x6e0/0x6e0 [ 2648.931255][T25998] ? lock_downgrade+0x6e0/0x6e0 [ 2648.936642][T25998] ? rcu_read_unlock+0x9/0x60 [ 2648.941362][T25998] obj_cgroup_charge+0x2ab/0x5e0 [ 2648.946333][T25998] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2648.951635][T25998] ? copy_semundo+0x187/0x2f0 [ 2648.956329][T25998] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2648.961642][T25998] copy_semundo+0x187/0x2f0 [ 2648.966164][T25998] copy_process+0x23fa/0x7090 [ 2648.970882][T25998] ? __cleanup_sighand+0xb0/0xb0 [ 2648.975859][T25998] kernel_clone+0xe7/0xab0 [ 2648.980294][T25998] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2648.986290][T25998] ? create_io_thread+0xe0/0xe0 [ 2648.991164][T25998] ? find_held_lock+0x2d/0x110 [ 2648.995957][T25998] ? __ct_user_exit+0xff/0x150 [ 2649.000743][T25998] __do_sys_clone+0xba/0x100 [ 2649.005351][T25998] ? kernel_clone+0xab0/0xab0 [ 2649.010060][T25998] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2649.015972][T25998] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2649.021892][T25998] do_syscall_64+0x35/0xb0 [ 2649.026340][T25998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2649.032276][T25998] RIP: 0033:0x7fa378a8c9d1 [ 2649.036699][T25998] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2649.056318][T25998] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2649.064748][T25998] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2649.072731][T25998] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2649.080719][T25998] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2649.088715][T25998] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2649.096702][T25998] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2649.104706][T25998] [ 2649.144258][T25998] memory: usage 307200kB, limit 307200kB, failcnt 54146 [ 2649.151370][T25998] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2649.165981][T25998] Memory cgroup stats for /syz4: [ 2649.166183][T25998] anon 90112 [ 2649.166183][T25998] file 372736 [ 2649.166183][T25998] kernel 314109952 [ 2649.166183][T25998] kernel_stack 65536 [ 2649.166183][T25998] pagetables 65536 [ 2649.166183][T25998] percpu 5624000 [ 2649.166183][T25998] sock 0 [ 2649.166183][T25998] vmalloc 0 [ 2649.166183][T25998] shmem 372736 [ 2649.166183][T25998] zswap 0 [ 2649.166183][T25998] zswapped 0 [ 2649.166183][T25998] file_mapped 372736 [ 2649.166183][T25998] file_dirty 0 [ 2649.166183][T25998] file_writeback 0 [ 2649.166183][T25998] swapcached 0 [ 2649.166183][T25998] anon_thp 0 [ 2649.166183][T25998] file_thp 0 [ 2649.166183][T25998] shmem_thp 0 [ 2649.166183][T25998] inactive_anon 139264 [ 2649.166183][T25998] active_anon 323584 [ 2649.166183][T25998] inactive_file 0 [ 2649.166183][T25998] active_file 0 [ 2649.166183][T25998] unevictable 0 [ 2649.166183][T25998] slab_reclaimable 17888 [ 2649.166183][T25998] slab_unreclaimable 308300256 [ 2649.166183][T25998] slab 308318144 [ 2649.277666][T25998] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=25998,uid=0 11:16:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xa00) [ 2649.291310][T26003] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2649.310779][T25998] Memory cgroup out of memory: Killed process 25998 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2649.338245][T26001] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2649.349756][T26007] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2649.375799][T26001] CPU: 1 PID: 26001 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2649.385949][T26001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2649.396035][T26001] Call Trace: [ 2649.399370][T26001] [ 2649.402329][T26001] dump_stack_lvl+0xcd/0x134 [ 2649.406966][T26001] dump_header+0x10b/0x7f9 [ 2649.411427][T26001] oom_kill_process.cold+0x10/0x15 [ 2649.416668][T26001] out_of_memory+0x358/0x14a0 [ 2649.421397][T26001] ? oom_killer_disable+0x270/0x270 [ 2649.426634][T26001] ? find_held_lock+0x2d/0x110 [ 2649.431450][T26001] mem_cgroup_out_of_memory+0x206/0x270 [ 2649.437039][T26001] ? mem_cgroup_margin+0x130/0x130 11:16:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c3}]}}]}, 0x40}, 0x7}, 0x0) 11:16:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x7}, 0x0) [ 2649.442175][T26001] ? lock_downgrade+0x6e0/0x6e0 [ 2649.447078][T26001] try_charge_memcg+0xf67/0x13f0 [ 2649.452068][T26001] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2649.458091][T26001] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2649.463849][T26001] ? lock_downgrade+0x6e0/0x6e0 [ 2649.468748][T26001] ? lock_downgrade+0x6e0/0x6e0 [ 2649.473656][T26001] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2649.479251][T26001] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2649.485454][T26001] copy_process+0x15f3/0x7090 [ 2649.490172][T26001] ? __lock_acquire+0xbc3/0x56d0 [ 2649.495142][T26001] ? __cleanup_sighand+0xb0/0xb0 [ 2649.500122][T26001] kernel_clone+0xe7/0xab0 [ 2649.504565][T26001] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2649.510563][T26001] ? create_io_thread+0xe0/0xe0 [ 2649.515437][T26001] ? find_held_lock+0x2d/0x110 [ 2649.520235][T26001] ? __ct_user_exit+0xff/0x150 [ 2649.525022][T26001] __do_sys_clone+0xba/0x100 [ 2649.529629][T26001] ? kernel_clone+0xab0/0xab0 [ 2649.534336][T26001] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2649.540247][T26001] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2649.546163][T26001] do_syscall_64+0x35/0xb0 [ 2649.550614][T26001] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2649.556572][T26001] RIP: 0033:0x7f89d288c9d1 [ 2649.561001][T26001] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2649.580623][T26001] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 11:16:04 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6f8}]}}]}, 0x40}, 0x7}, 0x0) [ 2649.589055][T26001] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2649.597039][T26001] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2649.605023][T26001] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2649.613003][T26001] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2649.620987][T26001] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2649.628990][T26001] [ 2649.637100][T26001] memory: usage 307200kB, limit 307200kB, failcnt 52865 [ 2649.659863][T26001] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2649.696901][T26001] Memory cgroup stats for /syz3: [ 2649.697075][T26001] anon 147456 [ 2649.697075][T26001] file 385024 [ 2649.697075][T26001] kernel 314040320 [ 2649.697075][T26001] kernel_stack 98304 [ 2649.697075][T26001] pagetables 81920 [ 2649.697075][T26001] percpu 5618080 [ 2649.697075][T26001] sock 0 [ 2649.697075][T26001] vmalloc 0 [ 2649.697075][T26001] shmem 385024 [ 2649.697075][T26001] zswap 0 [ 2649.697075][T26001] zswapped 0 [ 2649.697075][T26001] file_mapped 311296 [ 2649.697075][T26001] file_dirty 0 [ 2649.697075][T26001] file_writeback 0 [ 2649.697075][T26001] swapcached 0 [ 2649.697075][T26001] anon_thp 0 [ 2649.697075][T26001] file_thp 0 [ 2649.697075][T26001] shmem_thp 0 11:16:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xb00) [ 2649.697075][T26001] inactive_anon 200704 [ 2649.697075][T26001] active_anon 331776 [ 2649.697075][T26001] inactive_file 0 [ 2649.697075][T26001] active_file 0 [ 2649.697075][T26001] unevictable 0 [ 2649.697075][T26001] slab_reclaimable 22760 [ 2649.697075][T26001] slab_unreclaimable 308166016 [ 2649.697075][T26001] slab 308188776 11:16:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xc00) [ 2649.849565][T26001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26001,uid=0 [ 2649.877558][T26001] Memory cgroup out of memory: Killed process 26001 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 11:16:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c4}]}}]}, 0x40}, 0x7}, 0x0) [ 2649.929456][T26026] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=1, oom_score_adj=1000 [ 2649.941909][T26026] CPU: 0 PID: 26026 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2649.952191][T26026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2649.962285][T26026] Call Trace: [ 2649.965695][T26026] [ 2649.968655][T26026] dump_stack_lvl+0xcd/0x134 [ 2649.973314][T26026] dump_header+0x10b/0x7f9 [ 2649.977871][T26026] oom_kill_process.cold+0x10/0x15 [ 2649.983037][T26026] out_of_memory+0x358/0x14a0 [ 2649.987777][T26026] ? find_held_lock+0x2d/0x110 [ 2649.992600][T26026] ? oom_killer_disable+0x270/0x270 [ 2649.997857][T26026] ? find_held_lock+0x2d/0x110 [ 2650.002707][T26026] mem_cgroup_out_of_memory+0x206/0x270 [ 2650.008311][T26026] ? mem_cgroup_margin+0x130/0x130 [ 2650.013555][T26026] ? lock_downgrade+0x6e0/0x6e0 [ 2650.018467][T26026] try_charge_memcg+0xf67/0x13f0 [ 2650.023466][T26026] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2650.029500][T26026] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2650.035282][T26026] ? lock_downgrade+0x6e0/0x6e0 [ 2650.040221][T26026] obj_cgroup_charge+0x2ab/0x5e0 [ 2650.045227][T26026] __kmalloc+0xb2/0x340 [ 2650.049425][T26026] ? veth_dev_init+0x1d8/0x3e0 [ 2650.054260][T26026] veth_dev_init+0x1d8/0x3e0 [ 2650.058912][T26026] ? veth_get_num_queues+0x50/0x50 [ 2650.064096][T26026] register_netdevice+0x580/0x1670 [ 2650.069265][T26026] ? netdev_change_features+0xb0/0xb0 [ 2650.074689][T26026] ? dev_addr_mod+0x2c9/0x3f0 [ 2650.079416][T26026] veth_newlink+0x338/0x990 [ 2650.083983][T26026] ? veth_set_features+0x190/0x190 [ 2650.089155][T26026] ? netlink_unicast+0x543/0x7f0 [ 2650.094148][T26026] ? netlink_sendmsg+0x917/0xe10 [ 2650.099128][T26026] ? sock_sendmsg+0xcf/0x120 [ 2650.103760][T26026] ? ____sys_sendmsg+0x712/0x8c0 [ 2650.108730][T26026] ? ___sys_sendmsg+0x110/0x1b0 [ 2650.113626][T26026] ? __sys_sendmsg+0xf3/0x1c0 [ 2650.118333][T26026] ? do_syscall_64+0x35/0xb0 [ 2650.122941][T26026] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2650.129069][T26026] ? find_held_lock+0x2d/0x110 [ 2650.133892][T26026] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2650.139818][T26026] ? lock_downgrade+0x6e0/0x6e0 [ 2650.144696][T26026] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2650.150300][T26026] ? trace_kmalloc_node+0x32/0x100 [ 2650.155443][T26026] ? __kmalloc_node+0x1bf/0x380 [ 2650.160334][T26026] ? memset+0x20/0x40 [ 2650.164368][T26026] ? __xdp_rxq_info_reg+0x189/0x340 [ 2650.169610][T26026] ? memcpy+0x39/0x60 [ 2650.173650][T26026] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2650.178901][T26026] ? rtnl_create_link+0x7e8/0xca0 [ 2650.184246][T26026] ? veth_set_features+0x190/0x190 [ 2650.189418][T26026] __rtnl_newlink+0x1087/0x17e0 [ 2650.194334][T26026] ? rtnl_link_unregister+0x250/0x250 [ 2650.199735][T26026] ? rtnl_newlink+0x46/0xa0 [ 2650.204271][T26026] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2650.209899][T26026] ? trace_kmalloc+0x32/0x100 [ 2650.214683][T26026] rtnl_newlink+0x64/0xa0 [ 2650.219057][T26026] ? __rtnl_newlink+0x17e0/0x17e0 [ 2650.224208][T26026] rtnetlink_rcv_msg+0x43a/0xca0 [ 2650.229195][T26026] ? rtnl_getlink+0xae0/0xae0 [ 2650.233885][T26026] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2650.239231][T26026] ? skb_clone+0x16e/0x3c0 [ 2650.243703][T26026] ? ref_tracker_free+0x370/0x6b0 [ 2650.248790][T26026] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2650.254203][T26026] netlink_rcv_skb+0x153/0x420 [ 2650.259009][T26026] ? rtnl_getlink+0xae0/0xae0 [ 2650.263731][T26026] ? netlink_ack+0xd50/0xd50 [ 2650.268353][T26026] ? netlink_deliver_tap+0x1a2/0xc40 [ 2650.273664][T26026] ? netlink_deliver_tap+0x1b1/0xc40 [ 2650.278998][T26026] netlink_unicast+0x543/0x7f0 [ 2650.283817][T26026] ? netlink_attachskb+0x880/0x880 [ 2650.288968][T26026] ? __phys_addr+0xc4/0x140 [ 2650.293524][T26026] ? __phys_addr_symbol+0x2c/0x70 [ 2650.298862][T26026] ? __check_object_size+0x2de/0x700 [ 2650.304207][T26026] netlink_sendmsg+0x917/0xe10 [ 2650.309024][T26026] ? netlink_unicast+0x7f0/0x7f0 [ 2650.314025][T26026] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2650.319364][T26026] ? netlink_unicast+0x7f0/0x7f0 [ 2650.324348][T26026] sock_sendmsg+0xcf/0x120 [ 2650.328892][T26026] ____sys_sendmsg+0x712/0x8c0 [ 2650.339174][T26026] ? copy_msghdr_from_user+0xfc/0x150 [ 2650.344597][T26026] ? kernel_sendmsg+0x50/0x50 [ 2650.349321][T26026] ? futex_unqueue+0xb3/0x120 [ 2650.354052][T26026] ___sys_sendmsg+0x110/0x1b0 [ 2650.358787][T26026] ? do_recvmmsg+0x6e0/0x6e0 [ 2650.363426][T26026] ? __fget_files+0x248/0x440 [ 2650.368146][T26026] ? lock_downgrade+0x6e0/0x6e0 [ 2650.373043][T26026] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2650.379069][T26026] ? __fget_files+0x26a/0x440 [ 2650.383808][T26026] ? __fget_light+0xe5/0x270 [ 2650.388447][T26026] __sys_sendmsg+0xf3/0x1c0 [ 2650.392990][T26026] ? __sys_sendmsg_sock+0x30/0x30 [ 2650.398049][T26026] ? lock_downgrade+0x6e0/0x6e0 [ 2650.403120][T26026] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2650.409055][T26026] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2650.414993][T26026] ? lockdep_hardirqs_on+0x79/0x100 [ 2650.420233][T26026] do_syscall_64+0x35/0xb0 [ 2650.424700][T26026] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2650.430646][T26026] RIP: 0033:0x7f542068b5a9 [ 2650.435103][T26026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2650.454840][T26026] RSP: 002b:00007f54217ed168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2650.463295][T26026] RAX: ffffffffffffffda RBX: 00007f54207ac050 RCX: 00007f542068b5a9 [ 2650.471321][T26026] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 2650.479458][T26026] RBP: 00007f54206e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2650.487462][T26026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2650.495478][T26026] R13: 00007ffc9945b02f R14: 00007f54217ed300 R15: 0000000000022000 [ 2650.503519][T26026] [ 2650.527827][T26026] memory: usage 307200kB, limit 307200kB, failcnt 38645 [ 2650.551301][T26026] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2650.561451][T26026] Memory cgroup stats for /syz5: [ 2650.561645][T26026] anon 143360 [ 2650.561645][T26026] file 364544 [ 2650.561645][T26026] kernel 314064896 [ 2650.561645][T26026] kernel_stack 98304 [ 2650.561645][T26026] pagetables 81920 [ 2650.561645][T26026] percpu 5618080 [ 2650.561645][T26026] sock 0 [ 2650.561645][T26026] vmalloc 0 [ 2650.561645][T26026] shmem 356352 [ 2650.561645][T26026] zswap 0 [ 2650.561645][T26026] zswapped 0 [ 2650.561645][T26026] file_mapped 356352 [ 2650.561645][T26026] file_dirty 0 [ 2650.561645][T26026] file_writeback 0 [ 2650.561645][T26026] swapcached 0 [ 2650.561645][T26026] anon_thp 0 [ 2650.561645][T26026] file_thp 0 [ 2650.561645][T26026] shmem_thp 0 [ 2650.561645][T26026] inactive_anon 147456 [ 2650.561645][T26026] active_anon 352256 [ 2650.561645][T26026] inactive_file 0 [ 2650.561645][T26026] active_file 8192 [ 2650.561645][T26026] unevictable 0 [ 2650.561645][T26026] slab_reclaimable 20960 [ 2650.561645][T26026] slab_unreclaimable 308214024 [ 2650.561645][T26026] slab 308234984 [ 2650.658780][T26026] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26017,uid=0 [ 2650.674902][T26026] Memory cgroup out of memory: Killed process 26017 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2650.712770][T26010] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2650.729296][T26010] CPU: 1 PID: 26010 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2650.739428][T26010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2650.749511][T26010] Call Trace: [ 2650.752812][T26010] [ 2650.755764][T26010] dump_stack_lvl+0xcd/0x134 [ 2650.760396][T26010] dump_header+0x10b/0x7f9 [ 2650.764840][T26010] oom_kill_process.cold+0x10/0x15 [ 2650.770046][T26010] out_of_memory+0x358/0x14a0 [ 2650.774736][T26010] ? oom_killer_disable+0x270/0x270 [ 2650.779961][T26010] ? find_held_lock+0x2d/0x110 [ 2650.784753][T26010] mem_cgroup_out_of_memory+0x206/0x270 [ 2650.790320][T26010] ? mem_cgroup_margin+0x130/0x130 [ 2650.795439][T26010] ? lock_downgrade+0x6e0/0x6e0 [ 2650.800300][T26010] try_charge_memcg+0xf67/0x13f0 [ 2650.805240][T26010] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2650.811243][T26010] ? lock_downgrade+0x6e0/0x6e0 [ 2650.816112][T26010] charge_memcg+0x31/0x320 [ 2650.820542][T26010] __mem_cgroup_charge+0x27/0x90 [ 2650.825488][T26010] ? _compound_head+0x5d/0x150 [ 2650.830266][T26010] wp_page_copy+0x27c/0x1b10 [ 2650.834883][T26010] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2650.840364][T26010] ? lock_downgrade+0x6e0/0x6e0 [ 2650.845215][T26010] ? vm_normal_page+0x146/0x2a0 [ 2650.850071][T26010] do_wp_page+0x52c/0x1910 [ 2650.854490][T26010] __handle_mm_fault+0x1813/0x39b0 [ 2650.859617][T26010] ? vm_iomap_memory+0x190/0x190 [ 2650.864595][T26010] handle_mm_fault+0x1c8/0x780 [ 2650.869366][T26010] do_user_addr_fault+0x475/0x1210 [ 2650.874488][T26010] exc_page_fault+0x94/0x170 [ 2650.879081][T26010] asm_exc_page_fault+0x22/0x30 [ 2650.883952][T26010] RIP: 0033:0x7fefdee35a15 [ 2650.888400][T26010] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2650.908134][T26010] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2650.914209][T26010] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2650.922183][T26010] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2650.930154][T26010] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2650.938128][T26010] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 0000000000286f2a [ 2650.946126][T26010] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2650.954127][T26010] [ 2650.965659][T26010] memory: usage 307192kB, limit 307200kB, failcnt 52966 [ 2650.972644][T26010] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2650.979712][T26010] Memory cgroup stats for /syz2: [ 2650.979937][T26010] anon 98304 [ 2650.979937][T26010] file 364544 [ 2650.979937][T26010] kernel 314093568 [ 2650.979937][T26010] kernel_stack 65536 [ 2650.979937][T26010] pagetables 73728 [ 2650.979937][T26010] percpu 5619264 [ 2650.979937][T26010] sock 0 [ 2650.979937][T26010] vmalloc 0 [ 2650.979937][T26010] shmem 364544 [ 2650.979937][T26010] zswap 0 [ 2650.979937][T26010] zswapped 0 [ 2650.979937][T26010] file_mapped 364544 [ 2650.979937][T26010] file_dirty 0 [ 2650.979937][T26010] file_writeback 0 [ 2650.979937][T26010] swapcached 0 [ 2650.979937][T26010] anon_thp 0 [ 2650.979937][T26010] file_thp 0 [ 2650.979937][T26010] shmem_thp 0 [ 2650.979937][T26010] inactive_anon 102400 [ 2650.979937][T26010] active_anon 360448 [ 2650.979937][T26010] inactive_file 0 [ 2650.979937][T26010] active_file 0 [ 2650.979937][T26010] unevictable 0 [ 2650.979937][T26010] slab_reclaimable 127032 [ 2650.979937][T26010] slab_unreclaimable 308180176 [ 2650.979937][T26010] slab 308307208 [ 2651.077822][T26010] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26010,uid=0 [ 2651.096223][T26010] Memory cgroup out of memory: Killed process 26010 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2651.116266][T26020] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2651.151077][T26020] CPU: 1 PID: 26020 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2651.161216][T26020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2651.171311][T26020] Call Trace: [ 2651.174626][T26020] [ 2651.177601][T26020] dump_stack_lvl+0xcd/0x134 [ 2651.182255][T26020] dump_header+0x10b/0x7f9 [ 2651.187206][T26020] oom_kill_process.cold+0x10/0x15 [ 2651.192540][T26020] out_of_memory+0x358/0x14a0 11:16:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x705}]}}]}, 0x40}, 0x7}, 0x0) 11:16:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x210}]}}]}, 0x40}, 0x7}, 0x0) 11:16:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe00) 11:16:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x7}, 0x0) 11:16:05 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c5}]}}]}, 0x40}, 0x7}, 0x0) [ 2651.197279][T26020] ? oom_killer_disable+0x270/0x270 [ 2651.202530][T26020] ? find_held_lock+0x2d/0x110 [ 2651.207441][T26020] mem_cgroup_out_of_memory+0x206/0x270 [ 2651.213023][T26020] ? mem_cgroup_margin+0x130/0x130 [ 2651.218166][T26020] ? lock_downgrade+0x6e0/0x6e0 [ 2651.223092][T26020] try_charge_memcg+0xf67/0x13f0 [ 2651.228090][T26020] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2651.234118][T26020] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2651.239887][T26020] ? lock_downgrade+0x6e0/0x6e0 [ 2651.244785][T26020] ? lock_downgrade+0x6e0/0x6e0 [ 2651.249675][T26020] ? rcu_read_unlock+0x9/0x60 [ 2651.254423][T26020] obj_cgroup_charge+0x2ab/0x5e0 [ 2651.259411][T26020] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2651.264812][T26020] ? copy_semundo+0x187/0x2f0 [ 2651.269507][T26020] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2651.274818][T26020] copy_semundo+0x187/0x2f0 [ 2651.279339][T26020] copy_process+0x23fa/0x7090 [ 2651.284053][T26020] ? __cleanup_sighand+0xb0/0xb0 [ 2651.289025][T26020] kernel_clone+0xe7/0xab0 [ 2651.293463][T26020] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2651.299460][T26020] ? create_io_thread+0xe0/0xe0 [ 2651.304338][T26020] ? find_held_lock+0x2d/0x110 [ 2651.309233][T26020] ? __ct_user_exit+0xff/0x150 [ 2651.314021][T26020] __do_sys_clone+0xba/0x100 [ 2651.318630][T26020] ? kernel_clone+0xab0/0xab0 [ 2651.323337][T26020] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2651.329251][T26020] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2651.335173][T26020] do_syscall_64+0x35/0xb0 [ 2651.339619][T26020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2651.345538][T26020] RIP: 0033:0x7fa378a8c9d1 [ 2651.349984][T26020] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2651.369715][T26020] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2651.378148][T26020] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2651.386149][T26020] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2651.394226][T26020] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2651.402208][T26020] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2651.410190][T26020] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2651.418195][T26020] [ 2651.433586][T26020] memory: usage 307188kB, limit 307200kB, failcnt 54226 [ 2651.440597][T26020] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 11:16:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf00) [ 2651.459913][T26043] __nla_validate_parse: 3 callbacks suppressed [ 2651.459936][T26043] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2651.509793][T26020] Memory cgroup stats for /syz4: [ 2651.509981][T26020] anon 90112 [ 2651.509981][T26020] file 372736 [ 2651.509981][T26020] kernel 314093568 [ 2651.509981][T26020] kernel_stack 65536 [ 2651.509981][T26020] pagetables 65536 [ 2651.509981][T26020] percpu 5624000 [ 2651.509981][T26020] sock 0 [ 2651.509981][T26020] vmalloc 0 [ 2651.509981][T26020] shmem 372736 [ 2651.509981][T26020] zswap 0 [ 2651.509981][T26020] zswapped 0 [ 2651.509981][T26020] file_mapped 372736 [ 2651.509981][T26020] file_dirty 0 [ 2651.509981][T26020] file_writeback 0 [ 2651.509981][T26020] swapcached 0 [ 2651.509981][T26020] anon_thp 0 [ 2651.509981][T26020] file_thp 0 [ 2651.509981][T26020] shmem_thp 0 [ 2651.509981][T26020] inactive_anon 139264 [ 2651.509981][T26020] active_anon 323584 [ 2651.509981][T26020] inactive_file 0 [ 2651.509981][T26020] active_file 0 [ 2651.509981][T26020] unevictable 0 [ 2651.509981][T26020] slab_reclaimable 17888 [ 2651.509981][T26020] slab_unreclaimable 308288856 [ 2651.509981][T26020] slab 308306744 [ 2651.610457][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 [ 2651.644281][T26044] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:16:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x1100) 11:16:06 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c6}]}}]}, 0x40}, 0x7}, 0x0) [ 2651.666553][T26020] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26020,uid=0 [ 2651.688580][T26052] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. 11:16:06 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6f9}]}}]}, 0x40}, 0x7}, 0x0) [ 2651.730151][T26020] Memory cgroup out of memory: Killed process 26020 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2651.759747][T26040] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2651.797883][T26040] CPU: 1 PID: 26040 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2651.808043][T26040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2651.818739][T26040] Call Trace: [ 2651.822045][T26040] [ 2651.825001][T26040] dump_stack_lvl+0xcd/0x134 [ 2651.830327][T26040] dump_header+0x10b/0x7f9 [ 2651.834783][T26040] oom_kill_process.cold+0x10/0x15 [ 2651.839936][T26040] out_of_memory+0x358/0x14a0 11:16:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x1200) 11:16:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2a03) [ 2651.844662][T26040] ? oom_killer_disable+0x270/0x270 [ 2651.849996][T26040] ? find_held_lock+0x2d/0x110 [ 2651.854816][T26040] mem_cgroup_out_of_memory+0x206/0x270 [ 2651.860403][T26040] ? mem_cgroup_margin+0x130/0x130 [ 2651.865551][T26040] ? lock_downgrade+0x6e0/0x6e0 [ 2651.870460][T26040] try_charge_memcg+0xf67/0x13f0 [ 2651.875456][T26040] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2651.880086][T26058] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2651.881463][T26040] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2651.896492][T26040] ? lock_downgrade+0x6e0/0x6e0 [ 2651.901362][T26040] ? lock_downgrade+0x6e0/0x6e0 [ 2651.906242][T26040] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2651.911991][T26040] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2651.918170][T26040] copy_process+0x15f3/0x7090 [ 2651.922870][T26040] ? find_held_lock+0x2d/0x110 [ 2651.927673][T26040] ? __cleanup_sighand+0xb0/0xb0 [ 2651.932729][T26040] kernel_clone+0xe7/0xab0 [ 2651.937164][T26040] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2651.943163][T26040] ? create_io_thread+0xe0/0xe0 [ 2651.948062][T26040] ? find_held_lock+0x2d/0x110 [ 2651.952859][T26040] ? __ct_user_exit+0xff/0x150 [ 2651.957737][T26040] __do_sys_clone+0xba/0x100 [ 2651.962350][T26040] ? kernel_clone+0xab0/0xab0 [ 2651.967056][T26040] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2651.972967][T26040] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2651.978885][T26040] do_syscall_64+0x35/0xb0 [ 2651.983330][T26040] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2651.989244][T26040] RIP: 0033:0x7f89d288c9d1 [ 2651.993669][T26040] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2652.013298][T26040] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2652.021728][T26040] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2652.029710][T26040] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2652.037692][T26040] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2652.045672][T26040] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2652.053738][T26040] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2652.061742][T26040] [ 2652.080704][T26040] memory: usage 307184kB, limit 307200kB, failcnt 52939 [ 2652.101101][T26040] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2652.116932][T26040] Memory cgroup stats for /syz3: [ 2652.117289][T26040] anon 147456 [ 2652.117289][T26040] file 385024 [ 2652.117289][T26040] kernel 314023936 [ 2652.117289][T26040] kernel_stack 98304 [ 2652.117289][T26040] pagetables 81920 [ 2652.117289][T26040] percpu 5618080 [ 2652.117289][T26040] sock 0 [ 2652.117289][T26040] vmalloc 0 [ 2652.117289][T26040] shmem 385024 [ 2652.117289][T26040] zswap 0 [ 2652.117289][T26040] zswapped 0 [ 2652.117289][T26040] file_mapped 311296 [ 2652.117289][T26040] file_dirty 0 [ 2652.117289][T26040] file_writeback 0 [ 2652.117289][T26040] swapcached 0 [ 2652.117289][T26040] anon_thp 0 [ 2652.117289][T26040] file_thp 0 [ 2652.117289][T26040] shmem_thp 0 [ 2652.117289][T26040] inactive_anon 200704 [ 2652.117289][T26040] active_anon 331776 [ 2652.117289][T26040] inactive_file 0 [ 2652.117289][T26040] active_file 0 [ 2652.117289][T26040] unevictable 0 11:16:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2b02) [ 2652.117289][T26040] slab_reclaimable 22760 [ 2652.117289][T26040] slab_unreclaimable 308145216 [ 2652.117289][T26040] slab 308167976 [ 2652.229272][T26040] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26040,uid=0 [ 2652.246039][T26040] Memory cgroup out of memory: Killed process 26040 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2652.269659][T26045] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2652.304932][T26045] CPU: 1 PID: 26045 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2652.315127][T26045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2652.325473][T26045] Call Trace: [ 2652.328842][T26045] [ 2652.331766][T26045] dump_stack_lvl+0xcd/0x134 [ 2652.336361][T26045] dump_header+0x10b/0x7f9 [ 2652.340810][T26045] oom_kill_process.cold+0x10/0x15 [ 2652.345938][T26045] out_of_memory+0x358/0x14a0 [ 2652.350762][T26045] ? oom_killer_disable+0x270/0x270 [ 2652.355990][T26045] ? find_held_lock+0x2d/0x110 [ 2652.360801][T26045] mem_cgroup_out_of_memory+0x206/0x270 [ 2652.366394][T26045] ? mem_cgroup_margin+0x130/0x130 [ 2652.371623][T26045] ? lock_downgrade+0x6e0/0x6e0 [ 2652.376493][T26045] try_charge_memcg+0xf67/0x13f0 [ 2652.381437][T26045] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2652.387428][T26045] ? lock_downgrade+0x6e0/0x6e0 [ 2652.392307][T26045] charge_memcg+0x31/0x320 [ 2652.396772][T26045] __mem_cgroup_charge+0x27/0x90 [ 2652.401819][T26045] ? _compound_head+0x5d/0x150 [ 2652.406801][T26045] wp_page_copy+0x27c/0x1b10 [ 2652.411419][T26045] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2652.416900][T26045] ? lock_downgrade+0x6e0/0x6e0 [ 2652.421755][T26045] ? vm_normal_page+0x146/0x2a0 [ 2652.426628][T26045] do_wp_page+0x52c/0x1910 [ 2652.431214][T26045] __handle_mm_fault+0x1813/0x39b0 [ 2652.436436][T26045] ? vm_iomap_memory+0x190/0x190 [ 2652.441411][T26045] handle_mm_fault+0x1c8/0x780 [ 2652.446184][T26045] do_user_addr_fault+0x475/0x1210 [ 2652.451325][T26045] exc_page_fault+0x94/0x170 [ 2652.455920][T26045] asm_exc_page_fault+0x22/0x30 [ 2652.460805][T26045] RIP: 0033:0x7fefdee35a15 [ 2652.465240][T26045] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2652.484966][T26045] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2652.491051][T26045] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2652.499037][T26045] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2652.507016][T26045] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2652.515008][T26045] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 00000000002875cb [ 2652.523002][T26045] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2652.530998][T26045] [ 2652.538915][T26045] memory: usage 307200kB, limit 307200kB, failcnt 53050 [ 2652.547076][T26045] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2652.554279][T26045] Memory cgroup stats for /syz2: [ 2652.554491][T26045] anon 98304 [ 2652.554491][T26045] file 364544 [ 2652.554491][T26045] kernel 314109952 [ 2652.554491][T26045] kernel_stack 65536 [ 2652.554491][T26045] pagetables 73728 [ 2652.554491][T26045] percpu 5619264 [ 2652.554491][T26045] sock 0 [ 2652.554491][T26045] vmalloc 0 [ 2652.554491][T26045] shmem 364544 [ 2652.554491][T26045] zswap 0 [ 2652.554491][T26045] zswapped 0 [ 2652.554491][T26045] file_mapped 364544 [ 2652.554491][T26045] file_dirty 0 [ 2652.554491][T26045] file_writeback 0 [ 2652.554491][T26045] swapcached 0 [ 2652.554491][T26045] anon_thp 0 [ 2652.554491][T26045] file_thp 0 [ 2652.554491][T26045] shmem_thp 0 [ 2652.554491][T26045] inactive_anon 102400 [ 2652.554491][T26045] active_anon 360448 [ 2652.554491][T26045] inactive_file 0 [ 2652.554491][T26045] active_file 0 [ 2652.554491][T26045] unevictable 0 [ 2652.554491][T26045] slab_reclaimable 127032 [ 2652.554491][T26045] slab_unreclaimable 308189472 [ 2652.554491][T26045] slab 308316504 [ 2652.649512][T26045] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26045,uid=0 [ 2652.668911][T26045] Memory cgroup out of memory: Killed process 26045 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2652.686761][T26039] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2652.697327][T26039] CPU: 0 PID: 26039 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2652.707420][T26039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2652.717484][T26039] Call Trace: [ 2652.720787][T26039] [ 2652.723740][T26039] dump_stack_lvl+0xcd/0x134 [ 2652.728356][T26039] dump_header+0x10b/0x7f9 [ 2652.732779][T26039] oom_kill_process.cold+0x10/0x15 [ 2652.737921][T26039] out_of_memory+0x358/0x14a0 [ 2652.742641][T26039] ? oom_killer_disable+0x270/0x270 [ 2652.747868][T26039] ? find_held_lock+0x2d/0x110 [ 2652.752639][T26039] mem_cgroup_out_of_memory+0x206/0x270 [ 2652.758290][T26039] ? mem_cgroup_margin+0x130/0x130 [ 2652.763441][T26039] ? lock_downgrade+0x6e0/0x6e0 [ 2652.768321][T26039] try_charge_memcg+0xf67/0x13f0 [ 2652.773377][T26039] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2652.779424][T26039] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2652.785187][T26039] ? lock_downgrade+0x6e0/0x6e0 [ 2652.790085][T26039] obj_cgroup_charge+0x2ab/0x5e0 [ 2652.795065][T26039] ? vm_area_dup+0x88/0x3f0 [ 2652.799597][T26039] kmem_cache_alloc+0x96/0x3b0 [ 2652.804389][T26039] vm_area_dup+0x88/0x3f0 [ 2652.808755][T26039] ? mark_lock.part.0+0xee/0x1910 [ 2652.813799][T26039] ? lock_chain_count+0x20/0x20 [ 2652.818689][T26039] ? __vma_adjust+0x109c/0x24a0 [ 2652.823605][T26039] ? __vma_link_rb+0x710/0x710 [ 2652.828418][T26039] ? __lock_acquire+0x166e/0x56d0 [ 2652.833494][T26039] ? vm_area_alloc+0x110/0x110 [ 2652.838301][T26039] ? perf_event_namespaces+0x50/0x50 [ 2652.843632][T26039] ? vma_merge+0x47a/0xeb0 [ 2652.848076][T26039] ? ima_file_mprotect+0x175/0x470 [ 2652.853208][T26039] ? ima_file_mmap+0x130/0x130 [ 2652.858019][T26039] ? vma_wants_writenotify+0x1f8/0x370 [ 2652.863533][T26039] ? __ia32_sys_mmap_pgoff+0x1b0/0x1b0 [ 2652.869038][T26039] ? vma_merge+0x47a/0xeb0 [ 2652.873507][T26039] ? __vma_adjust+0x24a0/0x24a0 [ 2652.878402][T26039] __split_vma+0xa5/0x550 [ 2652.882772][T26039] split_vma+0x95/0xd0 [ 2652.886884][T26039] mprotect_fixup+0x6d9/0x970 [ 2652.891596][T26039] ? change_protection+0x4280/0x4280 [ 2652.896903][T26039] ? vmacache_find+0x62/0x330 [ 2652.901631][T26039] do_mprotect_pkey+0x6c5/0x9e0 [ 2652.906515][T26039] ? __ct_user_exit+0xff/0x150 [ 2652.911324][T26039] ? mprotect_fixup+0x970/0x970 [ 2652.916260][T26039] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2652.922192][T26039] __x64_sys_mprotect+0x74/0xb0 [ 2652.927068][T26039] do_syscall_64+0x35/0xb0 [ 2652.931525][T26039] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2652.937458][T26039] RIP: 0033:0x7f542068b6b7 [ 2652.941889][T26039] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2652.961504][T26039] RSP: 002b:00007ffc9945afc8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 2652.970033][T26039] RAX: ffffffffffffffda RBX: 0000000000021000 RCX: 00007f542068b6b7 [ 2652.978049][T26039] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f54217ad000 [ 2652.986144][T26039] RBP: 00007ffc9945b0a0 R08: 00000000ffffffff R09: 00007f54217cc700 [ 2652.994154][T26039] R10: 0000000000020022 R11: 0000000000000206 R12: 00007ffc9945b1c0 11:16:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x706}]}}]}, 0x40}, 0x7}, 0x0) 11:16:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x211}]}}]}, 0x40}, 0x7}, 0x0) 11:16:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c7}]}}]}, 0x40}, 0x7}, 0x0) [ 2653.002149][T26039] R13: 00007f54217cc700 R14: 0000000000000000 R15: 0000000000022000 [ 2653.010146][T26039] [ 2653.038593][T26039] memory: usage 307184kB, limit 307200kB, failcnt 38783 [ 2653.043788][T26072] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2653.052372][T26039] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2653.067001][T26039] Memory cgroup stats for /syz5: [ 2653.067222][T26039] anon 143360 [ 2653.067222][T26039] file 364544 [ 2653.067222][T26039] kernel 314048512 [ 2653.067222][T26039] kernel_stack 98304 [ 2653.067222][T26039] pagetables 81920 [ 2653.067222][T26039] percpu 5618080 [ 2653.067222][T26039] sock 0 [ 2653.067222][T26039] vmalloc 0 [ 2653.067222][T26039] shmem 356352 [ 2653.067222][T26039] zswap 0 [ 2653.067222][T26039] zswapped 0 [ 2653.067222][T26039] file_mapped 356352 [ 2653.067222][T26039] file_dirty 0 [ 2653.067222][T26039] file_writeback 0 [ 2653.067222][T26039] swapcached 0 [ 2653.067222][T26039] anon_thp 0 [ 2653.067222][T26039] file_thp 0 [ 2653.067222][T26039] shmem_thp 0 [ 2653.067222][T26039] inactive_anon 147456 [ 2653.067222][T26039] active_anon 352256 [ 2653.067222][T26039] inactive_file 0 [ 2653.067222][T26039] active_file 8192 [ 2653.067222][T26039] unevictable 0 [ 2653.067222][T26039] slab_reclaimable 20960 [ 2653.067222][T26039] slab_unreclaimable 308197608 [ 2653.067222][T26039] slab 308218568 [ 2653.201655][T26039] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26039,uid=0 [ 2653.207877][T26070] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2653.218047][T26039] Memory cgroup out of memory: Killed process 26039 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2653.261561][T26069] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2653.277919][T26069] CPU: 1 PID: 26069 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2653.288057][T26069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2653.298235][T26069] Call Trace: [ 2653.301535][T26069] [ 2653.304468][T26069] dump_stack_lvl+0xcd/0x134 [ 2653.309067][T26069] dump_header+0x10b/0x7f9 [ 2653.313490][T26069] oom_kill_process.cold+0x10/0x15 [ 2653.318609][T26069] out_of_memory+0x358/0x14a0 [ 2653.323305][T26069] ? oom_killer_disable+0x270/0x270 [ 2653.328508][T26069] ? find_held_lock+0x2d/0x110 [ 2653.333291][T26069] mem_cgroup_out_of_memory+0x206/0x270 [ 2653.338955][T26069] ? mem_cgroup_margin+0x130/0x130 [ 2653.344096][T26069] ? lock_downgrade+0x6e0/0x6e0 [ 2653.348982][T26069] try_charge_memcg+0xf67/0x13f0 [ 2653.353926][T26069] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2653.359905][T26069] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2653.365711][T26069] ? lock_downgrade+0x6e0/0x6e0 [ 2653.370577][T26069] ? lock_downgrade+0x6e0/0x6e0 [ 2653.375432][T26069] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2653.380986][T26069] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2653.387159][T26069] copy_process+0x15f3/0x7090 [ 2653.391880][T26069] ? find_held_lock+0x2d/0x110 [ 2653.396768][T26069] ? __cleanup_sighand+0xb0/0xb0 [ 2653.401715][T26069] kernel_clone+0xe7/0xab0 [ 2653.406131][T26069] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2653.412105][T26069] ? create_io_thread+0xe0/0xe0 [ 2653.416955][T26069] ? find_held_lock+0x2d/0x110 [ 2653.421724][T26069] ? __ct_user_exit+0xff/0x150 [ 2653.426489][T26069] __do_sys_clone+0xba/0x100 [ 2653.431080][T26069] ? kernel_clone+0xab0/0xab0 [ 2653.435798][T26069] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2653.441721][T26069] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2653.447641][T26069] do_syscall_64+0x35/0xb0 [ 2653.452071][T26069] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2653.458035][T26069] RIP: 0033:0x7f89d288c9d1 [ 2653.462482][T26069] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2653.482096][T26069] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2653.490524][T26069] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2653.498514][T26069] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 11:16:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x7}, 0x0) 11:16:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3f00) 11:16:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c8}]}}]}, 0x40}, 0x7}, 0x0) [ 2653.506480][T26069] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2653.514534][T26069] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2653.522500][T26069] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2653.530495][T26069] 11:16:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x5865) [ 2653.554184][T26069] memory: usage 307200kB, limit 307200kB, failcnt 53000 [ 2653.576762][T26069] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2653.596569][T26082] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2653.606305][T26069] Memory cgroup stats for /syz3: [ 2653.606483][T26069] anon 147456 [ 2653.606483][T26069] file 385024 [ 2653.606483][T26069] kernel 314040320 [ 2653.606483][T26069] kernel_stack 98304 [ 2653.606483][T26069] pagetables 81920 [ 2653.606483][T26069] percpu 5618080 [ 2653.606483][T26069] sock 0 [ 2653.606483][T26069] vmalloc 0 [ 2653.606483][T26069] shmem 385024 [ 2653.606483][T26069] zswap 0 [ 2653.606483][T26069] zswapped 0 [ 2653.606483][T26069] file_mapped 311296 [ 2653.606483][T26069] file_dirty 0 [ 2653.606483][T26069] file_writeback 0 [ 2653.606483][T26069] swapcached 0 [ 2653.606483][T26069] anon_thp 0 [ 2653.606483][T26069] file_thp 0 [ 2653.606483][T26069] shmem_thp 0 [ 2653.606483][T26069] inactive_anon 200704 [ 2653.606483][T26069] active_anon 331776 [ 2653.606483][T26069] inactive_file 0 [ 2653.606483][T26069] active_file 0 [ 2653.606483][T26069] unevictable 0 [ 2653.606483][T26069] slab_reclaimable 22760 [ 2653.606483][T26069] slab_unreclaimable 308156616 [ 2653.606483][T26069] slab 308179376 11:16:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x6000) [ 2653.713214][T26069] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26069,uid=0 [ 2653.742543][T26069] Memory cgroup out of memory: Killed process 26069 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2653.768745][T26059] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2653.795797][T26059] CPU: 0 PID: 26059 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2653.805946][T26059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2653.816040][T26059] Call Trace: [ 2653.821100][T26059] [ 2653.824052][T26059] dump_stack_lvl+0xcd/0x134 [ 2653.828708][T26059] dump_header+0x10b/0x7f9 [ 2653.833178][T26059] oom_kill_process.cold+0x10/0x15 [ 2653.838336][T26059] out_of_memory+0x358/0x14a0 [ 2653.843067][T26059] ? oom_killer_disable+0x270/0x270 [ 2653.848331][T26059] ? find_held_lock+0x2d/0x110 [ 2653.853158][T26059] mem_cgroup_out_of_memory+0x206/0x270 [ 2653.858764][T26059] ? mem_cgroup_margin+0x130/0x130 [ 2653.864004][T26059] ? lock_downgrade+0x6e0/0x6e0 [ 2653.868917][T26059] try_charge_memcg+0xf67/0x13f0 [ 2653.874009][T26059] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2653.880059][T26059] ? lock_downgrade+0x6e0/0x6e0 [ 2653.884989][T26059] charge_memcg+0x31/0x320 [ 2653.889458][T26059] __mem_cgroup_charge+0x27/0x90 [ 2653.894442][T26059] ? _compound_head+0x5d/0x150 [ 2653.899268][T26059] wp_page_copy+0x27c/0x1b10 [ 2653.903905][T26059] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2653.909296][T26083] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2653.909411][T26059] ? lock_downgrade+0x6e0/0x6e0 [ 2653.909442][T26059] ? vm_normal_page+0x146/0x2a0 [ 2653.928469][T26059] do_wp_page+0x52c/0x1910 [ 2653.932940][T26059] __handle_mm_fault+0x1813/0x39b0 [ 2653.938100][T26059] ? vm_iomap_memory+0x190/0x190 [ 2653.943103][T26059] handle_mm_fault+0x1c8/0x780 [ 2653.947913][T26059] do_user_addr_fault+0x475/0x1210 [ 2653.953096][T26059] exc_page_fault+0x94/0x170 [ 2653.957733][T26059] asm_exc_page_fault+0x22/0x30 [ 2653.962634][T26059] RIP: 0033:0x7fa378a362de [ 2653.967083][T26059] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2653.986731][T26059] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2653.992839][T26059] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2654.000850][T26059] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2654.008853][T26059] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2654.016858][T26059] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2654.024944][T26059] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2654.032967][T26059] [ 2654.037069][T26059] memory: usage 307200kB, limit 307200kB, failcnt 54284 [ 2654.044625][T26059] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2654.058672][T26059] Memory cgroup stats for /syz4: [ 2654.058920][T26059] anon 90112 [ 2654.058920][T26059] file 372736 [ 2654.058920][T26059] kernel 314093568 [ 2654.058920][T26059] kernel_stack 65536 [ 2654.058920][T26059] pagetables 65536 [ 2654.058920][T26059] percpu 5624000 [ 2654.058920][T26059] sock 0 [ 2654.058920][T26059] vmalloc 0 [ 2654.058920][T26059] shmem 372736 [ 2654.058920][T26059] zswap 0 [ 2654.058920][T26059] zswapped 0 [ 2654.058920][T26059] file_mapped 372736 [ 2654.058920][T26059] file_dirty 0 [ 2654.058920][T26059] file_writeback 0 [ 2654.058920][T26059] swapcached 0 [ 2654.058920][T26059] anon_thp 0 [ 2654.058920][T26059] file_thp 0 [ 2654.058920][T26059] shmem_thp 0 [ 2654.058920][T26059] inactive_anon 139264 [ 2654.058920][T26059] active_anon 323584 [ 2654.058920][T26059] inactive_file 0 [ 2654.058920][T26059] active_file 0 [ 2654.058920][T26059] unevictable 0 [ 2654.058920][T26059] slab_reclaimable 17888 [ 2654.058920][T26059] slab_unreclaimable 308289624 [ 2654.058920][T26059] slab 308307512 [ 2654.156085][T26059] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26059,uid=0 [ 2654.171735][T26059] Memory cgroup out of memory: Killed process 26059 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2654.190925][T26073] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2654.204826][T26073] CPU: 0 PID: 26073 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2654.214941][T26073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2654.225027][T26073] Call Trace: [ 2654.228321][T26073] [ 2654.231255][T26073] dump_stack_lvl+0xcd/0x134 [ 2654.235864][T26073] dump_header+0x10b/0x7f9 [ 2654.240296][T26073] oom_kill_process.cold+0x10/0x15 [ 2654.245419][T26073] out_of_memory+0x358/0x14a0 [ 2654.250124][T26073] ? oom_killer_disable+0x270/0x270 [ 2654.255338][T26073] ? find_held_lock+0x2d/0x110 [ 2654.260156][T26073] mem_cgroup_out_of_memory+0x206/0x270 [ 2654.265749][T26073] ? mem_cgroup_margin+0x130/0x130 [ 2654.270880][T26073] ? lock_downgrade+0x6e0/0x6e0 [ 2654.275756][T26073] try_charge_memcg+0xf67/0x13f0 [ 2654.280749][T26073] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2654.286751][T26073] ? lock_downgrade+0x6e0/0x6e0 [ 2654.291626][T26073] charge_memcg+0x31/0x320 [ 2654.296057][T26073] __mem_cgroup_charge+0x27/0x90 [ 2654.301017][T26073] ? _compound_head+0x5d/0x150 [ 2654.305887][T26073] wp_page_copy+0x27c/0x1b10 [ 2654.310499][T26073] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2654.315970][T26073] ? lock_downgrade+0x6e0/0x6e0 [ 2654.320836][T26073] ? vm_normal_page+0x146/0x2a0 [ 2654.325711][T26073] do_wp_page+0x52c/0x1910 [ 2654.330149][T26073] __handle_mm_fault+0x1813/0x39b0 [ 2654.335289][T26073] ? vm_iomap_memory+0x190/0x190 [ 2654.340269][T26073] handle_mm_fault+0x1c8/0x780 [ 2654.345139][T26073] do_user_addr_fault+0x475/0x1210 [ 2654.350292][T26073] exc_page_fault+0x94/0x170 [ 2654.354902][T26073] asm_exc_page_fault+0x22/0x30 [ 2654.359777][T26073] RIP: 0033:0x7fefdee35a15 [ 2654.364201][T26073] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2654.383824][T26073] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2654.389907][T26073] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2654.397895][T26073] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2654.405878][T26073] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2654.413860][T26073] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 0000000000287e26 11:16:09 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6fa}]}}]}, 0x40}, 0x7}, 0x0) 11:16:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x6203) 11:16:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x212}]}}]}, 0x40}, 0x7}, 0x0) 11:16:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7c9}]}}]}, 0x40}, 0x7}, 0x0) [ 2654.421845][T26073] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2654.429844][T26073] [ 2654.441118][T26073] memory: usage 307200kB, limit 307200kB, failcnt 53112 [ 2654.473833][T26073] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2654.482234][T26100] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2654.510640][T26073] Memory cgroup stats for /syz2: [ 2654.510866][T26073] anon 98304 [ 2654.510866][T26073] file 364544 [ 2654.510866][T26073] kernel 314109952 [ 2654.510866][T26073] kernel_stack 65536 [ 2654.510866][T26073] pagetables 73728 [ 2654.510866][T26073] percpu 5619264 [ 2654.510866][T26073] sock 0 [ 2654.510866][T26073] vmalloc 0 [ 2654.510866][T26073] shmem 364544 [ 2654.510866][T26073] zswap 0 [ 2654.510866][T26073] zswapped 0 [ 2654.510866][T26073] file_mapped 364544 [ 2654.510866][T26073] file_dirty 0 [ 2654.510866][T26073] file_writeback 0 [ 2654.510866][T26073] swapcached 0 [ 2654.510866][T26073] anon_thp 0 [ 2654.510866][T26073] file_thp 0 [ 2654.510866][T26073] shmem_thp 0 [ 2654.510866][T26073] inactive_anon 102400 [ 2654.510866][T26073] active_anon 360448 [ 2654.510866][T26073] inactive_file 0 [ 2654.510866][T26073] active_file 0 [ 2654.510866][T26073] unevictable 0 [ 2654.510866][T26073] slab_reclaimable 127032 [ 2654.510866][T26073] slab_unreclaimable 308189472 [ 2654.510866][T26073] slab 308316504 [ 2654.617150][T26073] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26073,uid=0 [ 2654.643072][T26073] Memory cgroup out of memory: Killed process 26073 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x707}]}}]}, 0x40}, 0x7}, 0x0) 11:16:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x7}, 0x0) 11:16:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x6558) [ 2654.672622][T26099] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2654.689149][T26101] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2654.727050][T26101] CPU: 1 PID: 26101 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2654.737213][T26101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2654.747281][T26101] Call Trace: [ 2654.750565][T26101] [ 2654.753502][T26101] dump_stack_lvl+0xcd/0x134 [ 2654.758111][T26101] dump_header+0x10b/0x7f9 [ 2654.762545][T26101] oom_kill_process.cold+0x10/0x15 [ 2654.767671][T26101] out_of_memory+0x358/0x14a0 [ 2654.772371][T26101] ? find_held_lock+0x2d/0x110 [ 2654.777159][T26101] ? oom_killer_disable+0x270/0x270 [ 2654.782379][T26101] ? find_held_lock+0x2d/0x110 [ 2654.787171][T26101] mem_cgroup_out_of_memory+0x206/0x270 [ 2654.792733][T26101] ? mem_cgroup_margin+0x130/0x130 [ 2654.797859][T26101] ? lock_downgrade+0x6e0/0x6e0 [ 2654.802750][T26101] try_charge_memcg+0xf67/0x13f0 [ 2654.807802][T26101] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2654.813816][T26101] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2654.819554][T26101] ? lock_downgrade+0x6e0/0x6e0 [ 2654.824420][T26101] ? lock_downgrade+0x6e0/0x6e0 [ 2654.829285][T26101] ? rcu_read_unlock+0x9/0x60 [ 2654.833999][T26101] obj_cgroup_charge+0x2ab/0x5e0 [ 2654.839052][T26101] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2654.844353][T26101] ? copy_semundo+0x187/0x2f0 [ 2654.849049][T26101] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2654.854360][T26101] copy_semundo+0x187/0x2f0 [ 2654.858881][T26101] copy_process+0x23fa/0x7090 [ 2654.863594][T26101] ? __cleanup_sighand+0xb0/0xb0 [ 2654.868564][T26101] kernel_clone+0xe7/0xab0 [ 2654.872996][T26101] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2654.879025][T26101] ? create_io_thread+0xe0/0xe0 [ 2654.883897][T26101] ? find_held_lock+0x2d/0x110 [ 2654.888690][T26101] ? __ct_user_exit+0xff/0x150 [ 2654.893473][T26101] __do_sys_clone+0xba/0x100 [ 2654.898081][T26101] ? kernel_clone+0xab0/0xab0 [ 2654.902875][T26101] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2654.908802][T26101] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2654.914728][T26101] do_syscall_64+0x35/0xb0 [ 2654.919260][T26101] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2654.925174][T26101] RIP: 0033:0x7fa378a8c9d1 [ 2654.929598][T26101] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2654.949221][T26101] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2654.957648][T26101] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2654.965629][T26101] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 11:16:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x7600) [ 2654.973606][T26101] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2654.981793][T26101] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2654.989773][T26101] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2654.997863][T26101] [ 2655.128971][T26101] memory: usage 307200kB, limit 307200kB, failcnt 54341 [ 2655.136383][T26101] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2655.143626][T26101] Memory cgroup stats for /syz4: [ 2655.143783][T26101] anon 90112 [ 2655.143783][T26101] file 372736 [ 2655.143783][T26101] kernel 314109952 [ 2655.143783][T26101] kernel_stack 65536 [ 2655.143783][T26101] pagetables 65536 [ 2655.143783][T26101] percpu 5624000 [ 2655.143783][T26101] sock 0 [ 2655.143783][T26101] vmalloc 0 [ 2655.143783][T26101] shmem 372736 [ 2655.143783][T26101] zswap 0 [ 2655.143783][T26101] zswapped 0 [ 2655.143783][T26101] file_mapped 372736 [ 2655.143783][T26101] file_dirty 0 [ 2655.143783][T26101] file_writeback 0 [ 2655.143783][T26101] swapcached 0 [ 2655.143783][T26101] anon_thp 0 [ 2655.143783][T26101] file_thp 0 [ 2655.143783][T26101] shmem_thp 0 [ 2655.143783][T26101] inactive_anon 139264 [ 2655.143783][T26101] active_anon 323584 [ 2655.143783][T26101] inactive_file 0 [ 2655.143783][T26101] active_file 0 [ 2655.143783][T26101] unevictable 0 [ 2655.143783][T26101] slab_reclaimable 17888 [ 2655.143783][T26101] slab_unreclaimable 308300256 [ 2655.143783][T26101] slab 308318144 [ 2655.238668][T26101] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26101,uid=0 [ 2655.254718][T26101] Memory cgroup out of memory: Killed process 26101 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2655.273093][T26096] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2655.289553][T26096] CPU: 1 PID: 26096 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2655.299689][T26096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2655.309779][T26096] Call Trace: [ 2655.313080][T26096] [ 2655.316028][T26096] dump_stack_lvl+0xcd/0x134 [ 2655.320646][T26096] dump_header+0x10b/0x7f9 [ 2655.325160][T26096] oom_kill_process.cold+0x10/0x15 [ 2655.330285][T26096] out_of_memory+0x358/0x14a0 [ 2655.334976][T26096] ? oom_killer_disable+0x270/0x270 [ 2655.340206][T26096] ? find_held_lock+0x2d/0x110 [ 2655.345017][T26096] mem_cgroup_out_of_memory+0x206/0x270 [ 2655.350590][T26096] ? mem_cgroup_margin+0x130/0x130 [ 2655.355698][T26096] ? lock_downgrade+0x6e0/0x6e0 [ 2655.360554][T26096] try_charge_memcg+0xf67/0x13f0 [ 2655.365495][T26096] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2655.371477][T26096] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2655.377199][T26096] ? lock_downgrade+0x6e0/0x6e0 [ 2655.382070][T26096] ? lock_downgrade+0x6e0/0x6e0 [ 2655.386921][T26096] ? rcu_read_unlock+0x9/0x60 [ 2655.391609][T26096] obj_cgroup_charge+0x2ab/0x5e0 [ 2655.396569][T26096] ? copy_process+0x5c2/0x7090 [ 2655.401359][T26096] kmem_cache_alloc_node+0x92/0x3f0 [ 2655.406573][T26096] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2655.411798][T26096] copy_process+0x5c2/0x7090 [ 2655.416409][T26096] ? find_held_lock+0x2d/0x110 [ 2655.421203][T26096] ? find_held_lock+0x2d/0x110 [ 2655.425995][T26096] ? __cleanup_sighand+0xb0/0xb0 [ 2655.430970][T26096] kernel_clone+0xe7/0xab0 [ 2655.435421][T26096] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2655.441444][T26096] ? create_io_thread+0xe0/0xe0 [ 2655.446334][T26096] ? find_held_lock+0x2d/0x110 [ 2655.451133][T26096] ? __ct_user_exit+0xff/0x150 [ 2655.455920][T26096] __do_sys_clone+0xba/0x100 [ 2655.460530][T26096] ? kernel_clone+0xab0/0xab0 [ 2655.465241][T26096] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2655.471161][T26096] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2655.477080][T26096] do_syscall_64+0x35/0xb0 [ 2655.481522][T26096] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2655.487436][T26096] RIP: 0033:0x7f89d288c9d1 [ 2655.491864][T26096] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2655.511517][T26096] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2655.520231][T26096] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2655.528220][T26096] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2655.536202][T26096] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2655.544186][T26096] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2655.553123][T26096] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2655.561124][T26096] 11:16:10 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6fb}]}}]}, 0x40}, 0x7}, 0x0) [ 2655.574533][T26096] memory: usage 307196kB, limit 307200kB, failcnt 53076 [ 2655.587469][T26096] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2655.595750][T26096] Memory cgroup stats for /syz3: [ 2655.595983][T26096] anon 147456 [ 2655.595983][T26096] file 385024 [ 2655.595983][T26096] kernel 314036224 [ 2655.595983][T26096] kernel_stack 98304 [ 2655.595983][T26096] pagetables 81920 [ 2655.595983][T26096] percpu 5618080 [ 2655.595983][T26096] sock 0 [ 2655.595983][T26096] vmalloc 0 [ 2655.595983][T26096] shmem 385024 [ 2655.595983][T26096] zswap 0 [ 2655.595983][T26096] zswapped 0 [ 2655.595983][T26096] file_mapped 311296 [ 2655.595983][T26096] file_dirty 0 [ 2655.595983][T26096] file_writeback 0 [ 2655.595983][T26096] swapcached 0 [ 2655.595983][T26096] anon_thp 0 [ 2655.595983][T26096] file_thp 0 [ 2655.595983][T26096] shmem_thp 0 [ 2655.595983][T26096] inactive_anon 200704 [ 2655.595983][T26096] active_anon 331776 [ 2655.595983][T26096] inactive_file 0 [ 2655.595983][T26096] active_file 0 [ 2655.595983][T26096] unevictable 0 [ 2655.595983][T26096] slab_reclaimable 22760 [ 2655.595983][T26096] slab_unreclaimable 308181896 [ 2655.595983][T26096] slab 308204656 [ 2655.709785][T26096] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26096,uid=0 [ 2655.733099][T26096] Memory cgroup out of memory: Killed process 26096 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2655.751301][T26111] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2655.765391][T26111] CPU: 1 PID: 26111 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2655.775528][T26111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2655.785614][T26111] Call Trace: [ 2655.788908][T26111] [ 2655.791865][T26111] dump_stack_lvl+0xcd/0x134 [ 2655.796472][T26111] dump_header+0x10b/0x7f9 [ 2655.800909][T26111] oom_kill_process.cold+0x10/0x15 [ 2655.806052][T26111] out_of_memory+0x358/0x14a0 [ 2655.810766][T26111] ? oom_killer_disable+0x270/0x270 [ 2655.815975][T26111] ? find_held_lock+0x2d/0x110 [ 2655.820750][T26111] mem_cgroup_out_of_memory+0x206/0x270 [ 2655.826315][T26111] ? mem_cgroup_margin+0x130/0x130 [ 2655.831446][T26111] ? lock_downgrade+0x6e0/0x6e0 [ 2655.836326][T26111] try_charge_memcg+0xf67/0x13f0 [ 2655.841289][T26111] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2655.847301][T26111] ? lock_downgrade+0x6e0/0x6e0 [ 2655.852179][T26111] charge_memcg+0x31/0x320 [ 2655.856620][T26111] __mem_cgroup_charge+0x27/0x90 [ 2655.861577][T26111] ? _compound_head+0x5d/0x150 [ 2655.866457][T26111] wp_page_copy+0x27c/0x1b10 [ 2655.871068][T26111] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2655.876546][T26111] ? lock_downgrade+0x6e0/0x6e0 [ 2655.881413][T26111] ? vm_normal_page+0x146/0x2a0 [ 2655.886292][T26111] do_wp_page+0x52c/0x1910 [ 2655.891510][T26111] __handle_mm_fault+0x1813/0x39b0 [ 2655.896646][T26111] ? vm_iomap_memory+0x190/0x190 [ 2655.901626][T26111] handle_mm_fault+0x1c8/0x780 [ 2655.906413][T26111] do_user_addr_fault+0x475/0x1210 [ 2655.911557][T26111] exc_page_fault+0x94/0x170 [ 2655.916169][T26111] asm_exc_page_fault+0x22/0x30 [ 2655.921042][T26111] RIP: 0033:0x7fefdee35a15 [ 2655.925473][T26111] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2655.945096][T26111] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2655.951174][T26111] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2655.959156][T26111] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2655.967146][T26111] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2655.975135][T26111] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 0000000000288361 [ 2655.983114][T26111] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2655.991119][T26111] [ 2656.004289][T26111] memory: usage 307200kB, limit 307200kB, failcnt 53187 [ 2656.015276][T26111] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2656.022354][T26111] Memory cgroup stats for /syz2: [ 2656.022584][T26111] anon 98304 [ 2656.022584][T26111] file 364544 11:16:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x213}]}}]}, 0x40}, 0x7}, 0x0) 11:16:10 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7ca}]}}]}, 0x40}, 0x7}, 0x0) [ 2656.022584][T26111] kernel 314109952 [ 2656.022584][T26111] kernel_stack 65536 [ 2656.022584][T26111] pagetables 73728 [ 2656.022584][T26111] percpu 5619264 [ 2656.022584][T26111] sock 0 [ 2656.022584][T26111] vmalloc 0 [ 2656.022584][T26111] shmem 364544 [ 2656.022584][T26111] zswap 0 [ 2656.022584][T26111] zswapped 0 [ 2656.022584][T26111] file_mapped 364544 [ 2656.022584][T26111] file_dirty 0 [ 2656.022584][T26111] file_writeback 0 [ 2656.022584][T26111] swapcached 0 [ 2656.022584][T26111] anon_thp 0 [ 2656.022584][T26111] file_thp 0 11:16:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8100) [ 2656.022584][T26111] shmem_thp 0 [ 2656.022584][T26111] inactive_anon 102400 [ 2656.022584][T26111] active_anon 360448 [ 2656.022584][T26111] inactive_file 0 [ 2656.022584][T26111] active_file 0 [ 2656.022584][T26111] unevictable 0 [ 2656.022584][T26111] slab_reclaimable 127032 [ 2656.022584][T26111] slab_unreclaimable 308189472 [ 2656.022584][T26111] slab 308316504 11:16:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8601) [ 2656.133916][T26111] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26111,uid=0 [ 2656.191785][T26111] Memory cgroup out of memory: Killed process 26111 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:11 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x708}]}}]}, 0x40}, 0x7}, 0x0) 11:16:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x9601) [ 2656.245093][T26105] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2656.267655][T26105] CPU: 1 PID: 26105 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2656.277787][T26105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2656.287866][T26105] Call Trace: [ 2656.291173][T26105] 11:16:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xce03) [ 2656.294126][T26105] dump_stack_lvl+0xcd/0x134 [ 2656.298759][T26105] dump_header+0x10b/0x7f9 [ 2656.303223][T26105] oom_kill_process.cold+0x10/0x15 [ 2656.308376][T26105] out_of_memory+0x358/0x14a0 [ 2656.313181][T26105] ? find_held_lock+0x2d/0x110 [ 2656.318002][T26105] ? oom_killer_disable+0x270/0x270 [ 2656.323221][T26105] ? find_held_lock+0x2d/0x110 [ 2656.328061][T26105] mem_cgroup_out_of_memory+0x206/0x270 [ 2656.333653][T26105] ? mem_cgroup_margin+0x130/0x130 [ 2656.338801][T26105] ? lock_downgrade+0x6e0/0x6e0 11:16:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xd001) [ 2656.343707][T26105] try_charge_memcg+0xf67/0x13f0 [ 2656.349830][T26105] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2656.355858][T26105] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2656.361622][T26105] ? lock_downgrade+0x6e0/0x6e0 [ 2656.366520][T26105] ? lock_downgrade+0x6e0/0x6e0 [ 2656.371438][T26105] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2656.377123][T26105] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2656.383308][T26105] copy_process+0x73e/0x7090 [ 2656.387924][T26105] ? __lock_acquire+0xbc3/0x56d0 [ 2656.392891][T26105] ? __cleanup_sighand+0xb0/0xb0 [ 2656.397865][T26105] kernel_clone+0xe7/0xab0 [ 2656.402298][T26105] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2656.408294][T26105] ? create_io_thread+0xe0/0xe0 [ 2656.413171][T26105] ? find_held_lock+0x2d/0x110 [ 2656.417971][T26105] ? __ct_user_exit+0xff/0x150 [ 2656.422771][T26105] __do_sys_clone+0xba/0x100 [ 2656.428007][T26105] ? kernel_clone+0xab0/0xab0 [ 2656.432807][T26105] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2656.438722][T26105] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2656.444639][T26105] do_syscall_64+0x35/0xb0 [ 2656.449084][T26105] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2656.455002][T26105] RIP: 0033:0x7f542068c9d1 [ 2656.459430][T26105] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2656.479050][T26105] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2656.487477][T26105] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2656.495544][T26105] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2656.503523][T26105] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2656.511502][T26105] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2656.519510][T26105] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2656.527527][T26105] [ 2656.556521][T26123] __nla_validate_parse: 2 callbacks suppressed [ 2656.556543][T26123] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2656.592786][T26105] memory: usage 307200kB, limit 307200kB, failcnt 38935 [ 2656.608972][T26105] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2656.616091][T26105] Memory cgroup stats for /syz5: [ 2656.616312][T26105] anon 147456 [ 2656.616312][T26105] file 364544 [ 2656.616312][T26105] kernel 314060800 [ 2656.616312][T26105] kernel_stack 98304 [ 2656.616312][T26105] pagetables 81920 [ 2656.616312][T26105] percpu 5618080 [ 2656.616312][T26105] sock 0 [ 2656.616312][T26105] vmalloc 0 [ 2656.616312][T26105] shmem 356352 [ 2656.616312][T26105] zswap 0 [ 2656.616312][T26105] zswapped 0 [ 2656.616312][T26105] file_mapped 356352 [ 2656.616312][T26105] file_dirty 0 [ 2656.616312][T26105] file_writeback 0 [ 2656.616312][T26105] swapcached 0 [ 2656.616312][T26105] anon_thp 0 [ 2656.616312][T26105] file_thp 0 [ 2656.616312][T26105] shmem_thp 0 [ 2656.616312][T26105] inactive_anon 151552 [ 2656.616312][T26105] active_anon 352256 [ 2656.616312][T26105] inactive_file 4096 [ 2656.616312][T26105] active_file 4096 [ 2656.616312][T26105] unevictable 0 [ 2656.616312][T26105] slab_reclaimable 20960 [ 2656.616312][T26105] slab_unreclaimable 308199952 [ 2656.616312][T26105] slab 308220912 [ 2656.717638][T26105] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26105,uid=0 [ 2656.734709][T26105] Memory cgroup out of memory: Killed process 26105 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 11:16:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x7}, 0x0) 11:16:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xd501) 11:16:11 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7cb}]}}]}, 0x40}, 0x7}, 0x0) [ 2656.752600][T26116] Memory cgroup out of memory: Killed process 26116 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2656.783878][T26137] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2656.817686][T26119] oom_kill_process: 1 callbacks suppressed [ 2656.817707][T26119] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 11:16:11 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6fc}]}}]}, 0x40}, 0x7}, 0x0) [ 2656.886636][T26119] CPU: 1 PID: 26119 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2656.897650][T26119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2656.907739][T26119] Call Trace: [ 2656.911049][T26119] [ 2656.914006][T26119] dump_stack_lvl+0xcd/0x134 [ 2656.918723][T26119] dump_header+0x10b/0x7f9 [ 2656.923190][T26119] oom_kill_process.cold+0x10/0x15 [ 2656.928351][T26119] out_of_memory+0x358/0x14a0 [ 2656.933093][T26119] ? oom_killer_disable+0x270/0x270 [ 2656.938355][T26119] ? find_held_lock+0x2d/0x110 [ 2656.943182][T26119] mem_cgroup_out_of_memory+0x206/0x270 [ 2656.948774][T26119] ? mem_cgroup_margin+0x130/0x130 [ 2656.953920][T26119] ? lock_downgrade+0x6e0/0x6e0 [ 2656.958825][T26119] try_charge_memcg+0xf67/0x13f0 [ 2656.963907][T26119] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2656.969943][T26119] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2656.975738][T26119] ? lock_downgrade+0x6e0/0x6e0 [ 2656.980720][T26119] ? lock_downgrade+0x6e0/0x6e0 [ 2656.985631][T26119] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2656.991232][T26119] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2656.997435][T26119] copy_process+0x73e/0x7090 [ 2657.002062][T26119] ? find_held_lock+0x2d/0x110 [ 2657.006874][T26119] ? __cleanup_sighand+0xb0/0xb0 [ 2657.011856][T26119] kernel_clone+0xe7/0xab0 [ 2657.016380][T26119] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2657.022384][T26119] ? create_io_thread+0xe0/0xe0 [ 2657.027438][T26119] ? find_held_lock+0x2d/0x110 [ 2657.032232][T26119] ? __ct_user_exit+0xff/0x150 [ 2657.037020][T26119] __do_sys_clone+0xba/0x100 [ 2657.041663][T26119] ? kernel_clone+0xab0/0xab0 [ 2657.046380][T26119] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2657.052298][T26119] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2657.058220][T26119] do_syscall_64+0x35/0xb0 [ 2657.062663][T26119] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2657.068597][T26119] RIP: 0033:0x7f89d288c9d1 [ 2657.073027][T26119] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2657.092651][T26119] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2657.101080][T26119] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2657.109080][T26119] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2657.117161][T26119] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2657.125144][T26119] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2657.133128][T26119] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2657.141132][T26119] [ 2657.164273][T26119] memory: usage 307200kB, limit 307200kB, failcnt 53169 [ 2657.173929][T26119] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2657.180920][T26119] Memory cgroup stats for /syz3: [ 2657.181107][T26119] anon 147456 [ 2657.181107][T26119] file 385024 [ 2657.181107][T26119] kernel 314040320 [ 2657.181107][T26119] kernel_stack 98304 [ 2657.181107][T26119] pagetables 81920 [ 2657.181107][T26119] percpu 5618080 [ 2657.181107][T26119] sock 0 [ 2657.181107][T26119] vmalloc 0 [ 2657.181107][T26119] shmem 385024 [ 2657.181107][T26119] zswap 0 [ 2657.181107][T26119] zswapped 0 [ 2657.181107][T26119] file_mapped 311296 [ 2657.181107][T26119] file_dirty 0 [ 2657.181107][T26119] file_writeback 0 [ 2657.181107][T26119] swapcached 0 [ 2657.181107][T26119] anon_thp 0 [ 2657.181107][T26119] file_thp 0 [ 2657.181107][T26119] shmem_thp 0 [ 2657.181107][T26119] inactive_anon 200704 [ 2657.181107][T26119] active_anon 331776 [ 2657.181107][T26119] inactive_file 0 [ 2657.181107][T26119] active_file 0 [ 2657.181107][T26119] unevictable 0 [ 2657.181107][T26119] slab_reclaimable 22760 [ 2657.181107][T26119] slab_unreclaimable 308156616 [ 2657.181107][T26119] slab 308179376 [ 2657.281048][T26119] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26119,uid=0 [ 2657.296756][T26119] Memory cgroup out of memory: Killed process 26119 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2657.323164][T26141] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 11:16:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x214}]}}]}, 0x40}, 0x7}, 0x0) 11:16:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xd603) 11:16:12 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7cc}]}}]}, 0x40}, 0x7}, 0x0) [ 2657.335267][T26142] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2657.346267][T26141] CPU: 1 PID: 26141 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2657.356394][T26141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2657.366570][T26141] Call Trace: [ 2657.369877][T26141] [ 2657.372832][T26141] dump_stack_lvl+0xcd/0x134 [ 2657.377449][T26141] dump_header+0x10b/0x7f9 [ 2657.381884][T26141] oom_kill_process.cold+0x10/0x15 [ 2657.387015][T26141] out_of_memory+0x358/0x14a0 [ 2657.391739][T26141] ? oom_killer_disable+0x270/0x270 [ 2657.396966][T26141] ? find_held_lock+0x2d/0x110 [ 2657.401771][T26141] mem_cgroup_out_of_memory+0x206/0x270 [ 2657.407336][T26141] ? mem_cgroup_margin+0x130/0x130 [ 2657.412461][T26141] ? lock_downgrade+0x6e0/0x6e0 [ 2657.417424][T26141] try_charge_memcg+0xf67/0x13f0 [ 2657.422389][T26141] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2657.428411][T26141] ? lock_downgrade+0x6e0/0x6e0 [ 2657.433311][T26141] charge_memcg+0x31/0x320 [ 2657.437765][T26141] __mem_cgroup_charge+0x27/0x90 [ 2657.442724][T26141] ? _compound_head+0x5d/0x150 [ 2657.447604][T26141] __handle_mm_fault+0x17df/0x39b0 [ 2657.452739][T26141] ? vm_iomap_memory+0x190/0x190 [ 2657.457716][T26141] handle_mm_fault+0x1c8/0x780 [ 2657.462521][T26141] do_user_addr_fault+0x475/0x1210 [ 2657.467679][T26141] exc_page_fault+0x94/0x170 [ 2657.472313][T26141] asm_exc_page_fault+0x22/0x30 [ 2657.477192][T26141] RIP: 0033:0x7fefdee3633d [ 2657.481633][T26141] Code: e0 04 8b 44 02 08 85 c0 0f 85 d0 0a 00 00 31 c0 b9 40 42 0f 00 ba 81 00 00 00 c7 06 01 00 00 00 bf ca 00 00 00 e8 53 52 05 00 <83> 05 bc 9c 57 00 01 80 bc 24 d8 00 00 00 00 0f b6 05 57 f0 0a 01 [ 2657.501262][T26141] RSP: 002b:00007ffd4124e640 EFLAGS: 00010217 [ 2657.507345][T26141] RAX: 0000000000000000 RBX: 00007fefdefabf8c RCX: 00007fefdee8b5a9 [ 2657.515325][T26141] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fefdefabf88 [ 2657.523323][T26141] RBP: 00007fefdefabf80 R08: 00007fefe005a700 R09: 0000000000000000 [ 2657.531304][T26141] R10: 00007fefe005a700 R11: 0000000000000246 R12: 00007fefdefabf8c [ 2657.539286][T26141] R13: 00007fefdefb0060 R14: 00007fefdefabf80 R15: 0000000000000000 [ 2657.548070][T26141] 11:16:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe201) [ 2657.614224][T26153] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2657.658238][T26141] memory: usage 307200kB, limit 307200kB, failcnt 53296 [ 2657.683043][T26141] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2657.692411][T26141] Memory cgroup stats for /syz2: [ 2657.692518][T26141] anon 94208 [ 2657.692518][T26141] file 364544 [ 2657.692518][T26141] kernel 314114048 [ 2657.692518][T26141] kernel_stack 65536 [ 2657.692518][T26141] pagetables 73728 [ 2657.692518][T26141] percpu 5619264 [ 2657.692518][T26141] sock 0 [ 2657.692518][T26141] vmalloc 0 [ 2657.692518][T26141] shmem 364544 [ 2657.692518][T26141] zswap 0 [ 2657.692518][T26141] zswapped 0 [ 2657.692518][T26141] file_mapped 364544 [ 2657.692518][T26141] file_dirty 0 [ 2657.692518][T26141] file_writeback 0 [ 2657.692518][T26141] swapcached 0 [ 2657.692518][T26141] anon_thp 0 [ 2657.692518][T26141] file_thp 0 [ 2657.692518][T26141] shmem_thp 0 [ 2657.692518][T26141] inactive_anon 98304 [ 2657.692518][T26141] active_anon 360448 [ 2657.692518][T26141] inactive_file 0 [ 2657.692518][T26141] active_file 0 [ 2657.692518][T26141] unevictable 0 [ 2657.692518][T26141] slab_reclaimable 127032 [ 2657.692518][T26141] slab_unreclaimable 308189472 [ 2657.692518][T26141] slab 308316504 [ 2657.793974][T26141] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26141,uid=0 [ 2657.809927][T26141] Memory cgroup out of memory: Killed process 26141 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2657.827986][T26146] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2657.851085][T26146] CPU: 1 PID: 26146 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2657.861208][T26146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2657.871278][T26146] Call Trace: [ 2657.874553][T26146] [ 2657.877573][T26146] dump_stack_lvl+0xcd/0x134 [ 2657.882178][T26146] dump_header+0x10b/0x7f9 [ 2657.886620][T26146] oom_kill_process.cold+0x10/0x15 [ 2657.891732][T26146] out_of_memory+0x358/0x14a0 [ 2657.896418][T26146] ? oom_killer_disable+0x270/0x270 [ 2657.901706][T26146] ? find_held_lock+0x2d/0x110 [ 2657.906495][T26146] mem_cgroup_out_of_memory+0x206/0x270 [ 2657.912079][T26146] ? mem_cgroup_margin+0x130/0x130 [ 2657.917216][T26146] ? lock_downgrade+0x6e0/0x6e0 [ 2657.922073][T26146] try_charge_memcg+0xf67/0x13f0 [ 2657.927019][T26146] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2657.933008][T26146] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2657.938735][T26146] ? lock_downgrade+0x6e0/0x6e0 [ 2657.943587][T26146] ? lock_downgrade+0x6e0/0x6e0 [ 2657.948435][T26146] ? rcu_read_unlock+0x9/0x60 [ 2657.953155][T26146] obj_cgroup_charge+0x2ab/0x5e0 [ 2657.958137][T26146] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2657.963459][T26146] ? copy_semundo+0x187/0x2f0 [ 2657.968164][T26146] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2657.973540][T26146] copy_semundo+0x187/0x2f0 [ 2657.978046][T26146] copy_process+0x23fa/0x7090 [ 2657.982734][T26146] ? __cleanup_sighand+0xb0/0xb0 [ 2657.987765][T26146] kernel_clone+0xe7/0xab0 [ 2657.992181][T26146] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2657.998171][T26146] ? create_io_thread+0xe0/0xe0 [ 2658.003077][T26146] ? find_held_lock+0x2d/0x110 [ 2658.007884][T26146] ? __ct_user_exit+0xff/0x150 [ 2658.012689][T26146] __do_sys_clone+0xba/0x100 [ 2658.017318][T26146] ? kernel_clone+0xab0/0xab0 [ 2658.022018][T26146] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2658.028001][T26146] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2658.033929][T26146] do_syscall_64+0x35/0xb0 [ 2658.038359][T26146] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2658.044320][T26146] RIP: 0033:0x7fa378a8c9d1 [ 2658.048752][T26146] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2658.068494][T26146] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2658.076932][T26146] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2658.084928][T26146] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2658.092899][T26146] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2658.100873][T26146] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e 11:16:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x709}]}}]}, 0x40}, 0x7}, 0x0) 11:16:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe203) [ 2658.108858][T26146] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2658.116895][T26146] 11:16:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe603) [ 2658.156142][T26146] memory: usage 307200kB, limit 307200kB, failcnt 54538 [ 2658.171823][T26146] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2658.182128][T26146] Memory cgroup stats for /syz4: [ 2658.182308][T26146] anon 90112 [ 2658.182308][T26146] file 372736 [ 2658.182308][T26146] kernel 314109952 [ 2658.182308][T26146] kernel_stack 65536 [ 2658.182308][T26146] pagetables 65536 11:16:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xea03) [ 2658.182308][T26146] percpu 5624000 [ 2658.182308][T26146] sock 0 [ 2658.182308][T26146] vmalloc 0 [ 2658.182308][T26146] shmem 372736 [ 2658.182308][T26146] zswap 0 [ 2658.182308][T26146] zswapped 0 [ 2658.182308][T26146] file_mapped 372736 [ 2658.182308][T26146] file_dirty 0 [ 2658.182308][T26146] file_writeback 0 [ 2658.182308][T26146] swapcached 0 [ 2658.182308][T26146] anon_thp 0 [ 2658.182308][T26146] file_thp 0 [ 2658.182308][T26146] shmem_thp 0 [ 2658.182308][T26146] inactive_anon 139264 [ 2658.182308][T26146] active_anon 323584 [ 2658.182308][T26146] inactive_file 0 [ 2658.182308][T26146] active_file 0 [ 2658.182308][T26146] unevictable 0 [ 2658.182308][T26146] slab_reclaimable 17888 [ 2658.182308][T26146] slab_unreclaimable 308300256 [ 2658.182308][T26146] slab 308318144 [ 2658.292693][T26146] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26146,uid=0 [ 2658.311012][T26146] Memory cgroup out of memory: Killed process 26146 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2658.369487][T26163] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2658.388251][T26163] CPU: 0 PID: 26163 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2658.398469][T26163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2658.408548][T26163] Call Trace: [ 2658.411839][T26163] [ 2658.414775][T26163] dump_stack_lvl+0xcd/0x134 [ 2658.420002][T26163] dump_header+0x10b/0x7f9 [ 2658.424442][T26163] oom_kill_process.cold+0x10/0x15 [ 2658.429575][T26163] out_of_memory+0x358/0x14a0 [ 2658.434285][T26163] ? find_held_lock+0x2d/0x110 [ 2658.439082][T26163] ? oom_killer_disable+0x270/0x270 [ 2658.444303][T26163] ? find_held_lock+0x2d/0x110 [ 2658.449097][T26163] mem_cgroup_out_of_memory+0x206/0x270 [ 2658.454661][T26163] ? mem_cgroup_margin+0x130/0x130 [ 2658.459786][T26163] ? lock_downgrade+0x6e0/0x6e0 [ 2658.464705][T26163] try_charge_memcg+0xf67/0x13f0 [ 2658.469760][T26163] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2658.475769][T26163] ? lock_downgrade+0x6e0/0x6e0 [ 2658.480650][T26163] charge_memcg+0x31/0x320 [ 2658.485094][T26163] __mem_cgroup_charge+0x27/0x90 [ 2658.490138][T26163] ? _compound_head+0x5d/0x150 [ 2658.494938][T26163] wp_page_copy+0x27c/0x1b10 [ 2658.499558][T26163] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2658.505043][T26163] ? lock_downgrade+0x6e0/0x6e0 [ 2658.509907][T26163] ? vm_normal_page+0x146/0x2a0 [ 2658.514791][T26163] do_wp_page+0x52c/0x1910 [ 2658.519240][T26163] __handle_mm_fault+0x1813/0x39b0 [ 2658.524377][T26163] ? vm_iomap_memory+0x190/0x190 [ 2658.529357][T26163] handle_mm_fault+0x1c8/0x780 [ 2658.534152][T26163] do_user_addr_fault+0x475/0x1210 [ 2658.539297][T26163] exc_page_fault+0x94/0x170 [ 2658.543907][T26163] asm_exc_page_fault+0x22/0x30 [ 2658.548785][T26163] RIP: 0033:0x7fefdee35a15 [ 2658.553210][T26163] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2658.572831][T26163] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2658.578913][T26163] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2658.586901][T26163] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2658.594884][T26163] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2658.602865][T26163] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 0000000000289003 [ 2658.610846][T26163] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2658.618845][T26163] [ 2658.626565][T26163] memory: usage 307200kB, limit 307200kB, failcnt 53390 [ 2658.636348][T26163] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2658.643534][T26163] Memory cgroup stats for /syz2: [ 2658.643746][T26163] anon 98304 [ 2658.643746][T26163] file 364544 [ 2658.643746][T26163] kernel 314109952 [ 2658.643746][T26163] kernel_stack 65536 [ 2658.643746][T26163] pagetables 73728 [ 2658.643746][T26163] percpu 5619264 [ 2658.643746][T26163] sock 0 [ 2658.643746][T26163] vmalloc 0 [ 2658.643746][T26163] shmem 364544 [ 2658.643746][T26163] zswap 0 [ 2658.643746][T26163] zswapped 0 [ 2658.643746][T26163] file_mapped 364544 [ 2658.643746][T26163] file_dirty 0 [ 2658.643746][T26163] file_writeback 0 [ 2658.643746][T26163] swapcached 0 [ 2658.643746][T26163] anon_thp 0 [ 2658.643746][T26163] file_thp 0 [ 2658.643746][T26163] shmem_thp 0 [ 2658.643746][T26163] inactive_anon 102400 [ 2658.643746][T26163] active_anon 360448 [ 2658.643746][T26163] inactive_file 0 [ 2658.643746][T26163] active_file 0 [ 2658.643746][T26163] unevictable 0 [ 2658.643746][T26163] slab_reclaimable 127032 [ 2658.643746][T26163] slab_unreclaimable 308189472 [ 2658.643746][T26163] slab 308316504 [ 2658.747039][T26163] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26163,uid=0 [ 2658.763020][T26163] Memory cgroup out of memory: Killed process 26163 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2658.780576][T26151] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2658.791616][T26151] CPU: 1 PID: 26151 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2658.801734][T26151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2658.811844][T26151] Call Trace: [ 2658.815238][T26151] [ 2658.818199][T26151] dump_stack_lvl+0xcd/0x134 [ 2658.822851][T26151] dump_header+0x10b/0x7f9 [ 2658.827306][T26151] oom_kill_process.cold+0x10/0x15 [ 2658.832426][T26151] out_of_memory+0x358/0x14a0 [ 2658.837129][T26151] ? oom_killer_disable+0x270/0x270 [ 2658.842345][T26151] ? find_held_lock+0x2d/0x110 [ 2658.847138][T26151] mem_cgroup_out_of_memory+0x206/0x270 [ 2658.852705][T26151] ? mem_cgroup_margin+0x130/0x130 [ 2658.857833][T26151] ? lock_downgrade+0x6e0/0x6e0 [ 2658.862715][T26151] try_charge_memcg+0xf67/0x13f0 [ 2658.867679][T26151] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2658.873680][T26151] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2658.879508][T26151] ? lock_downgrade+0x6e0/0x6e0 [ 2658.884382][T26151] ? lock_downgrade+0x6e0/0x6e0 [ 2658.889244][T26151] ? rcu_read_unlock+0x9/0x60 [ 2658.894049][T26151] obj_cgroup_charge+0x2ab/0x5e0 [ 2658.899014][T26151] ? copy_process+0x5c2/0x7090 [ 2658.903797][T26151] kmem_cache_alloc_node+0x92/0x3f0 [ 2658.909022][T26151] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2658.914246][T26151] copy_process+0x5c2/0x7090 [ 2658.918865][T26151] ? __lock_acquire+0xbc3/0x56d0 [ 2658.923919][T26151] ? __cleanup_sighand+0xb0/0xb0 [ 2658.928898][T26151] kernel_clone+0xe7/0xab0 [ 2658.933331][T26151] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2658.939414][T26151] ? create_io_thread+0xe0/0xe0 [ 2658.944287][T26151] ? find_held_lock+0x2d/0x110 [ 2658.949341][T26151] ? __ct_user_exit+0xff/0x150 [ 2658.954126][T26151] __do_sys_clone+0xba/0x100 [ 2658.958827][T26151] ? kernel_clone+0xab0/0xab0 [ 2658.963531][T26151] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2658.969442][T26151] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2658.975360][T26151] do_syscall_64+0x35/0xb0 [ 2658.979809][T26151] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2658.985728][T26151] RIP: 0033:0x7f89d288c9d1 [ 2658.990155][T26151] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2659.009790][T26151] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2659.018222][T26151] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2659.026206][T26151] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2659.034193][T26151] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2659.042173][T26151] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2659.050158][T26151] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2659.058160][T26151] [ 2659.067638][T26151] memory: usage 307196kB, limit 307200kB, failcnt 53270 [ 2659.075089][T26151] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2659.082117][T26151] Memory cgroup stats for /syz3: [ 2659.082256][T26151] anon 147456 [ 2659.082256][T26151] file 385024 [ 2659.082256][T26151] kernel 314036224 [ 2659.082256][T26151] kernel_stack 98304 [ 2659.082256][T26151] pagetables 81920 [ 2659.082256][T26151] percpu 5618080 [ 2659.082256][T26151] sock 0 [ 2659.082256][T26151] vmalloc 0 [ 2659.082256][T26151] shmem 385024 [ 2659.082256][T26151] zswap 0 [ 2659.082256][T26151] zswapped 0 [ 2659.082256][T26151] file_mapped 311296 [ 2659.082256][T26151] file_dirty 0 [ 2659.082256][T26151] file_writeback 0 [ 2659.082256][T26151] swapcached 0 [ 2659.082256][T26151] anon_thp 0 [ 2659.082256][T26151] file_thp 0 [ 2659.082256][T26151] shmem_thp 0 [ 2659.082256][T26151] inactive_anon 196608 [ 2659.082256][T26151] active_anon 331776 [ 2659.082256][T26151] inactive_file 0 [ 2659.082256][T26151] active_file 0 [ 2659.082256][T26151] unevictable 0 [ 2659.082256][T26151] slab_reclaimable 22760 [ 2659.082256][T26151] slab_unreclaimable 308181896 [ 2659.082256][T26151] slab 308204656 [ 2659.178770][T26151] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26151,uid=0 [ 2659.199962][T26151] Memory cgroup out of memory: Killed process 26151 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2659.231689][T26155] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. 11:16:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xee03) 11:16:14 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6fd}]}}]}, 0x40}, 0x7}, 0x0) 11:16:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) 11:16:14 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70a}]}}]}, 0x40}, 0x7}, 0x0) 11:16:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x215}]}}]}, 0x40}, 0x7}, 0x0) 11:16:14 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7cd}]}}]}, 0x40}, 0x7}, 0x0) 11:16:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf000) [ 2659.354144][T26175] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2659.393537][T26170] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2659.426363][T26170] CPU: 1 PID: 26170 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2659.436599][T26170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2659.446688][T26170] Call Trace: [ 2659.449998][T26170] [ 2659.452961][T26170] dump_stack_lvl+0xcd/0x134 [ 2659.457594][T26170] dump_header+0x10b/0x7f9 [ 2659.462055][T26170] oom_kill_process.cold+0x10/0x15 [ 2659.467220][T26170] out_of_memory+0x358/0x14a0 [ 2659.471960][T26170] ? find_held_lock+0x2d/0x110 [ 2659.476777][T26170] ? oom_killer_disable+0x270/0x270 [ 2659.482034][T26170] ? find_held_lock+0x2d/0x110 [ 2659.486853][T26170] mem_cgroup_out_of_memory+0x206/0x270 [ 2659.492447][T26170] ? mem_cgroup_margin+0x130/0x130 [ 2659.497602][T26170] ? lock_downgrade+0x6e0/0x6e0 [ 2659.502520][T26170] try_charge_memcg+0xf67/0x13f0 [ 2659.507501][T26170] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2659.513492][T26170] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2659.519218][T26170] ? lock_downgrade+0x6e0/0x6e0 [ 2659.524071][T26170] ? lock_downgrade+0x6e0/0x6e0 [ 2659.528961][T26170] ? rcu_read_unlock+0x9/0x60 [ 2659.533711][T26170] obj_cgroup_charge+0x2ab/0x5e0 [ 2659.538703][T26170] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2659.544032][T26170] ? copy_semundo+0x187/0x2f0 [ 2659.548753][T26170] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2659.554078][T26170] copy_semundo+0x187/0x2f0 [ 2659.558621][T26170] copy_process+0x23fa/0x7090 [ 2659.563342][T26170] ? __cleanup_sighand+0xb0/0xb0 [ 2659.568314][T26170] kernel_clone+0xe7/0xab0 [ 2659.572752][T26170] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2659.578750][T26170] ? create_io_thread+0xe0/0xe0 [ 2659.583627][T26170] ? find_held_lock+0x2d/0x110 [ 2659.588424][T26170] ? __ct_user_exit+0xff/0x150 [ 2659.593309][T26170] __do_sys_clone+0xba/0x100 [ 2659.597941][T26170] ? kernel_clone+0xab0/0xab0 [ 2659.602664][T26170] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2659.608584][T26170] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2659.614506][T26170] do_syscall_64+0x35/0xb0 [ 2659.618956][T26170] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2659.624872][T26170] RIP: 0033:0x7fefdee8c9d1 [ 2659.629304][T26170] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2659.648941][T26170] RSP: 002b:00007ffd4124e508 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2659.657397][T26170] RAX: ffffffffffffffda RBX: 00007fefe005a700 RCX: 00007fefdee8c9d1 [ 2659.665391][T26170] RDX: 00007fefe005a9d0 RSI: 00007fefe005a2f0 RDI: 00000000003d0f00 [ 2659.673473][T26170] RBP: 00007ffd4124e750 R08: 00007fefe005a700 R09: 00007fefe005a700 [ 2659.682242][T26170] R10: 00007fefe005a9d0 R11: 0000000000000206 R12: 00007ffd4124e5be [ 2659.690312][T26170] R13: 00007ffd4124e5bf R14: 00007fefe005a300 R15: 0000000000022000 [ 2659.698325][T26170] [ 2659.751058][T26170] memory: usage 307200kB, limit 307200kB, failcnt 53440 [ 2659.761948][T26170] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2659.769347][T26170] Memory cgroup stats for /syz2: [ 2659.769516][T26170] anon 90112 [ 2659.769516][T26170] file 364544 [ 2659.769516][T26170] kernel 314118144 [ 2659.769516][T26170] kernel_stack 65536 [ 2659.769516][T26170] pagetables 69632 [ 2659.769516][T26170] percpu 5619264 [ 2659.769516][T26170] sock 0 [ 2659.769516][T26170] vmalloc 0 [ 2659.769516][T26170] shmem 364544 [ 2659.769516][T26170] zswap 0 [ 2659.769516][T26170] zswapped 0 [ 2659.769516][T26170] file_mapped 364544 [ 2659.769516][T26170] file_dirty 0 [ 2659.769516][T26170] file_writeback 0 [ 2659.769516][T26170] swapcached 0 [ 2659.769516][T26170] anon_thp 0 [ 2659.769516][T26170] file_thp 0 [ 2659.769516][T26170] shmem_thp 0 [ 2659.769516][T26170] inactive_anon 94208 [ 2659.769516][T26170] active_anon 360448 [ 2659.769516][T26170] inactive_file 0 [ 2659.769516][T26170] active_file 0 [ 2659.769516][T26170] unevictable 0 [ 2659.769516][T26170] slab_reclaimable 125104 [ 2659.769516][T26170] slab_unreclaimable 308199760 [ 2659.769516][T26170] slab 308324864 [ 2659.868784][T26170] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26170,uid=0 [ 2659.884420][T26170] Memory cgroup out of memory: Killed process 26170 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 11:16:14 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70b}]}}]}, 0x40}, 0x7}, 0x0) [ 2659.902215][T26171] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2659.912889][T26171] CPU: 1 PID: 26171 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2659.923006][T26171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2659.933090][T26171] Call Trace: [ 2659.936395][T26171] [ 2659.939359][T26171] dump_stack_lvl+0xcd/0x134 [ 2659.943999][T26171] dump_header+0x10b/0x7f9 [ 2659.948461][T26171] oom_kill_process.cold+0x10/0x15 [ 2659.953624][T26171] out_of_memory+0x358/0x14a0 [ 2659.958354][T26171] ? oom_killer_disable+0x270/0x270 [ 2659.963605][T26171] ? find_held_lock+0x2d/0x110 [ 2659.968507][T26171] mem_cgroup_out_of_memory+0x206/0x270 [ 2659.974102][T26171] ? mem_cgroup_margin+0x130/0x130 [ 2659.979248][T26171] ? lock_downgrade+0x6e0/0x6e0 [ 2659.984148][T26171] try_charge_memcg+0xf67/0x13f0 [ 2659.989120][T26171] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2659.995215][T26171] ? lock_downgrade+0x6e0/0x6e0 [ 2660.000095][T26171] charge_memcg+0x31/0x320 [ 2660.004533][T26171] __mem_cgroup_charge+0x27/0x90 [ 2660.009490][T26171] ? _compound_head+0x5d/0x150 [ 2660.014395][T26171] wp_page_copy+0x27c/0x1b10 [ 2660.019029][T26171] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2660.024507][T26171] ? lock_downgrade+0x6e0/0x6e0 [ 2660.029378][T26171] ? vm_normal_page+0x146/0x2a0 [ 2660.034256][T26171] do_wp_page+0x52c/0x1910 [ 2660.038780][T26171] __handle_mm_fault+0x1813/0x39b0 [ 2660.043917][T26171] ? vm_iomap_memory+0x190/0x190 [ 2660.048890][T26171] handle_mm_fault+0x1c8/0x780 [ 2660.053705][T26171] do_user_addr_fault+0x475/0x1210 [ 2660.058852][T26171] exc_page_fault+0x94/0x170 [ 2660.063461][T26171] asm_exc_page_fault+0x22/0x30 [ 2660.068331][T26171] RIP: 0033:0x7fa378a362de [ 2660.072768][T26171] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2660.092398][T26171] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2660.098476][T26171] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2660.106461][T26171] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2660.114473][T26171] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2660.122473][T26171] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2660.130461][T26171] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2660.138467][T26171] [ 2660.153487][T26171] memory: usage 307200kB, limit 307200kB, failcnt 54604 [ 2660.160787][T26171] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2660.168225][T26171] Memory cgroup stats for /syz4: [ 2660.168373][T26171] anon 90112 [ 2660.168373][T26171] file 372736 [ 2660.168373][T26171] kernel 314109952 [ 2660.168373][T26171] kernel_stack 65536 [ 2660.168373][T26171] pagetables 65536 [ 2660.168373][T26171] percpu 5624000 [ 2660.168373][T26171] sock 0 [ 2660.168373][T26171] vmalloc 0 [ 2660.168373][T26171] shmem 372736 [ 2660.168373][T26171] zswap 0 [ 2660.168373][T26171] zswapped 0 [ 2660.168373][T26171] file_mapped 372736 [ 2660.168373][T26171] file_dirty 0 [ 2660.168373][T26171] file_writeback 0 [ 2660.168373][T26171] swapcached 0 [ 2660.168373][T26171] anon_thp 0 [ 2660.168373][T26171] file_thp 0 [ 2660.168373][T26171] shmem_thp 0 [ 2660.168373][T26171] inactive_anon 139264 [ 2660.168373][T26171] active_anon 323584 [ 2660.168373][T26171] inactive_file 0 [ 2660.168373][T26171] active_file 0 [ 2660.168373][T26171] unevictable 0 [ 2660.168373][T26171] slab_reclaimable 17888 [ 2660.168373][T26171] slab_unreclaimable 308300720 [ 2660.168373][T26171] slab 308318608 [ 2660.266909][T26171] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26171,uid=0 [ 2660.282639][T26171] Memory cgroup out of memory: Killed process 26171 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 11:16:15 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6fe}]}}]}, 0x40}, 0x7}, 0x0) [ 2660.303282][T26173] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2660.320606][T26173] CPU: 0 PID: 26173 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2660.330766][T26173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2660.340852][T26173] Call Trace: [ 2660.344187][T26173] [ 2660.347147][T26173] dump_stack_lvl+0xcd/0x134 [ 2660.351789][T26173] dump_header+0x10b/0x7f9 [ 2660.356245][T26173] oom_kill_process.cold+0x10/0x15 [ 2660.361395][T26173] out_of_memory+0x358/0x14a0 [ 2660.366123][T26173] ? oom_killer_disable+0x270/0x270 [ 2660.371371][T26173] ? find_held_lock+0x2d/0x110 [ 2660.376212][T26173] mem_cgroup_out_of_memory+0x206/0x270 [ 2660.381798][T26173] ? mem_cgroup_margin+0x130/0x130 [ 2660.386946][T26173] ? lock_downgrade+0x6e0/0x6e0 [ 2660.391850][T26173] try_charge_memcg+0xf67/0x13f0 [ 2660.396834][T26173] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2660.402855][T26173] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2660.408598][T26173] ? lock_downgrade+0x6e0/0x6e0 [ 2660.413474][T26173] ? lock_downgrade+0x6e0/0x6e0 [ 2660.418354][T26173] ? rcu_read_unlock+0x9/0x60 [ 2660.423093][T26173] obj_cgroup_charge+0x2ab/0x5e0 [ 2660.428061][T26173] ? copy_process+0x5c2/0x7090 [ 2660.432832][T26173] kmem_cache_alloc_node+0x92/0x3f0 [ 2660.438069][T26173] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2660.443314][T26173] copy_process+0x5c2/0x7090 [ 2660.447946][T26173] ? find_held_lock+0x2d/0x110 [ 2660.452741][T26173] ? find_held_lock+0x2d/0x110 [ 2660.457524][T26173] ? __cleanup_sighand+0xb0/0xb0 [ 2660.462513][T26173] kernel_clone+0xe7/0xab0 [ 2660.466966][T26173] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2660.472978][T26173] ? create_io_thread+0xe0/0xe0 [ 2660.477870][T26173] ? find_held_lock+0x2d/0x110 [ 2660.482678][T26173] ? __ct_user_exit+0xff/0x150 [ 2660.487495][T26173] __do_sys_clone+0xba/0x100 [ 2660.492138][T26173] ? kernel_clone+0xab0/0xab0 [ 2660.496868][T26173] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2660.502797][T26173] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2660.508741][T26173] do_syscall_64+0x35/0xb0 [ 2660.513196][T26173] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2660.519130][T26173] RIP: 0033:0x7f89d288c9d1 [ 2660.523584][T26173] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2660.543236][T26173] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2660.551680][T26173] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2660.559753][T26173] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2660.567741][T26173] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2660.575723][T26173] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2660.583724][T26173] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2660.591726][T26173] [ 2660.605621][T26173] memory: usage 307200kB, limit 307200kB, failcnt 53357 [ 2660.612764][T26173] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2660.620215][T26173] Memory cgroup stats for /syz3: [ 2660.620443][T26173] anon 147456 [ 2660.620443][T26173] file 385024 [ 2660.620443][T26173] kernel 314040320 [ 2660.620443][T26173] kernel_stack 98304 [ 2660.620443][T26173] pagetables 81920 [ 2660.620443][T26173] percpu 5618080 [ 2660.620443][T26173] sock 0 [ 2660.620443][T26173] vmalloc 0 [ 2660.620443][T26173] shmem 385024 [ 2660.620443][T26173] zswap 0 [ 2660.620443][T26173] zswapped 0 [ 2660.620443][T26173] file_mapped 311296 [ 2660.620443][T26173] file_dirty 0 [ 2660.620443][T26173] file_writeback 0 [ 2660.620443][T26173] swapcached 0 [ 2660.620443][T26173] anon_thp 0 [ 2660.620443][T26173] file_thp 0 [ 2660.620443][T26173] shmem_thp 0 [ 2660.620443][T26173] inactive_anon 200704 [ 2660.620443][T26173] active_anon 331776 [ 2660.620443][T26173] inactive_file 0 [ 2660.620443][T26173] active_file 0 [ 2660.620443][T26173] unevictable 0 [ 2660.620443][T26173] slab_reclaimable 22760 [ 2660.620443][T26173] slab_unreclaimable 308183952 [ 2660.620443][T26173] slab 308206712 [ 2660.714749][T26173] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26173,uid=0 [ 2660.730418][T26173] Memory cgroup out of memory: Killed process 26173 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2660.754896][T26174] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2660.773429][T26174] CPU: 1 PID: 26174 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2660.783564][T26174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2660.793638][T26174] Call Trace: [ 2660.796912][T26174] [ 2660.799846][T26174] dump_stack_lvl+0xcd/0x134 [ 2660.804452][T26174] dump_header+0x10b/0x7f9 [ 2660.808880][T26174] oom_kill_process.cold+0x10/0x15 [ 2660.814007][T26174] out_of_memory+0x358/0x14a0 [ 2660.818722][T26174] ? oom_killer_disable+0x270/0x270 [ 2660.823950][T26174] ? find_held_lock+0x2d/0x110 [ 2660.828767][T26174] mem_cgroup_out_of_memory+0x206/0x270 [ 2660.834338][T26174] ? mem_cgroup_margin+0x130/0x130 [ 2660.839454][T26174] ? lock_downgrade+0x6e0/0x6e0 [ 2660.844312][T26174] try_charge_memcg+0xf67/0x13f0 [ 2660.849259][T26174] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2660.855429][T26174] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2660.861447][T26174] ? lock_downgrade+0x6e0/0x6e0 [ 2660.866317][T26174] ? lock_downgrade+0x6e0/0x6e0 [ 2660.871444][T26174] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2660.877017][T26174] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2660.883225][T26174] copy_process+0x73e/0x7090 [ 2660.887868][T26174] ? find_held_lock+0x2d/0x110 [ 2660.892685][T26174] ? __cleanup_sighand+0xb0/0xb0 [ 2660.897673][T26174] kernel_clone+0xe7/0xab0 [ 2660.902114][T26174] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2660.908109][T26174] ? create_io_thread+0xe0/0xe0 [ 2660.912981][T26174] ? find_held_lock+0x2d/0x110 [ 2660.917773][T26174] ? __ct_user_exit+0xff/0x150 [ 2660.922560][T26174] __do_sys_clone+0xba/0x100 [ 2660.927182][T26174] ? kernel_clone+0xab0/0xab0 [ 2660.931892][T26174] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2660.938077][T26174] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2660.943999][T26174] do_syscall_64+0x35/0xb0 [ 2660.948452][T26174] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2660.954375][T26174] RIP: 0033:0x7f542068c9d1 [ 2660.958799][T26174] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2660.978682][T26174] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2660.987109][T26174] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2660.995092][T26174] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2661.003069][T26174] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2661.011241][T26174] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2661.019227][T26174] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2661.027231][T26174] [ 2661.036862][T26174] memory: usage 307200kB, limit 307200kB, failcnt 39048 [ 2661.044032][T26174] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2661.050986][T26174] Memory cgroup stats for /syz5: [ 2661.051230][T26174] anon 147456 [ 2661.051230][T26174] file 364544 [ 2661.051230][T26174] kernel 314060800 [ 2661.051230][T26174] kernel_stack 98304 [ 2661.051230][T26174] pagetables 81920 [ 2661.051230][T26174] percpu 5618080 [ 2661.051230][T26174] sock 0 [ 2661.051230][T26174] vmalloc 0 [ 2661.051230][T26174] shmem 356352 [ 2661.051230][T26174] zswap 0 [ 2661.051230][T26174] zswapped 0 [ 2661.051230][T26174] file_mapped 356352 [ 2661.051230][T26174] file_dirty 0 [ 2661.051230][T26174] file_writeback 0 [ 2661.051230][T26174] swapcached 0 [ 2661.051230][T26174] anon_thp 0 [ 2661.051230][T26174] file_thp 0 [ 2661.051230][T26174] shmem_thp 0 [ 2661.051230][T26174] inactive_anon 151552 [ 2661.051230][T26174] active_anon 352256 [ 2661.051230][T26174] inactive_file 4096 [ 2661.051230][T26174] active_file 4096 [ 2661.051230][T26174] unevictable 0 [ 2661.051230][T26174] slab_reclaimable 20960 [ 2661.051230][T26174] slab_unreclaimable 308199952 [ 2661.051230][T26174] slab 308220912 [ 2661.051484][T26177] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2661.056357][T26174] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26174,uid=0 [ 2661.187727][T26174] Memory cgroup out of memory: Killed process 26174 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2661.226413][T26188] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2661.239186][T26188] CPU: 1 PID: 26188 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2661.249298][T26188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2661.258680][T26179] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2661.259395][T26188] Call Trace: [ 2661.259410][T26188] [ 2661.274963][T26188] dump_stack_lvl+0xcd/0x134 [ 2661.279625][T26188] dump_header+0x10b/0x7f9 [ 2661.284086][T26188] oom_kill_process.cold+0x10/0x15 [ 2661.289324][T26188] out_of_memory+0x358/0x14a0 [ 2661.294040][T26188] ? find_held_lock+0x2d/0x110 [ 2661.298857][T26188] ? oom_killer_disable+0x270/0x270 [ 2661.304099][T26188] ? find_held_lock+0x2d/0x110 [ 2661.308906][T26188] mem_cgroup_out_of_memory+0x206/0x270 [ 2661.314478][T26188] ? mem_cgroup_margin+0x130/0x130 [ 2661.319636][T26188] ? lock_downgrade+0x6e0/0x6e0 [ 2661.324627][T26188] try_charge_memcg+0xf67/0x13f0 [ 2661.329614][T26188] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2661.335639][T26188] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2661.341393][T26188] ? lock_downgrade+0x6e0/0x6e0 [ 2661.346286][T26188] ? lock_downgrade+0x6e0/0x6e0 [ 2661.351167][T26188] ? rcu_read_unlock+0x9/0x60 [ 2661.355902][T26188] obj_cgroup_charge+0x2ab/0x5e0 [ 2661.361146][T26188] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2661.366466][T26188] ? copy_semundo+0x187/0x2f0 [ 2661.371190][T26188] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2661.376525][T26188] copy_semundo+0x187/0x2f0 [ 2661.381048][T26188] copy_process+0x23fa/0x7090 [ 2661.385741][T26188] ? __cleanup_sighand+0xb0/0xb0 [ 2661.390695][T26188] kernel_clone+0xe7/0xab0 [ 2661.395121][T26188] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2661.401134][T26188] ? create_io_thread+0xe0/0xe0 [ 2661.406011][T26188] ? find_held_lock+0x2d/0x110 [ 2661.410798][T26188] ? __ct_user_exit+0xff/0x150 [ 2661.415593][T26188] __do_sys_clone+0xba/0x100 [ 2661.420182][T26188] ? kernel_clone+0xab0/0xab0 [ 2661.424864][T26188] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2661.430754][T26188] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2661.436652][T26188] do_syscall_64+0x35/0xb0 [ 2661.441102][T26188] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2661.447013][T26188] RIP: 0033:0x7fa378a8c9d1 [ 2661.451458][T26188] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 11:16:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x216}]}}]}, 0x40}, 0x7}, 0x0) [ 2661.471261][T26188] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2661.479812][T26188] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2661.487799][T26188] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2661.495814][T26188] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2661.503858][T26188] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2661.511955][T26188] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2661.519978][T26188] 11:16:16 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf202) [ 2661.537626][T26188] memory: usage 307200kB, limit 307200kB, failcnt 54688 [ 2661.555288][T26188] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2661.562356][T26188] Memory cgroup stats for /syz4: [ 2661.562578][T26188] anon 90112 [ 2661.562578][T26188] file 372736 [ 2661.562578][T26188] kernel 314109952 [ 2661.562578][T26188] kernel_stack 65536 [ 2661.562578][T26188] pagetables 65536 [ 2661.562578][T26188] percpu 5624000 [ 2661.562578][T26188] sock 0 [ 2661.562578][T26188] vmalloc 0 [ 2661.562578][T26188] shmem 372736 [ 2661.562578][T26188] zswap 0 [ 2661.562578][T26188] zswapped 0 [ 2661.562578][T26188] file_mapped 372736 [ 2661.562578][T26188] file_dirty 0 [ 2661.562578][T26188] file_writeback 0 [ 2661.562578][T26188] swapcached 0 [ 2661.562578][T26188] anon_thp 0 [ 2661.562578][T26188] file_thp 0 [ 2661.562578][T26188] shmem_thp 0 [ 2661.562578][T26188] inactive_anon 139264 [ 2661.562578][T26188] active_anon 323584 [ 2661.562578][T26188] inactive_file 0 11:16:16 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7ce}]}}]}, 0x40}, 0x7}, 0x0) [ 2661.562578][T26188] active_file 0 [ 2661.562578][T26188] unevictable 0 [ 2661.562578][T26188] slab_reclaimable 17888 [ 2661.562578][T26188] slab_unreclaimable 308300256 [ 2661.562578][T26188] slab 308318144 [ 2661.661990][T26188] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26188,uid=0 11:16:16 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6ff}]}}]}, 0x40}, 0x7}, 0x0) 11:16:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) 11:16:16 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70c}]}}]}, 0x40}, 0x7}, 0x0) [ 2661.678599][T26188] Memory cgroup out of memory: Killed process 26188 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2661.681413][T26193] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2661.709357][T26189] Memory cgroup out of memory: Killed process 26189 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2661.858080][T26193] oom_kill_process: 1 callbacks suppressed [ 2661.858108][T26193] syz-executor.3 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=2, oom_score_adj=1000 [ 2661.923096][T26193] CPU: 1 PID: 26193 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2661.934009][T26193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2661.944073][T26193] Call Trace: [ 2661.947365][T26193] [ 2661.950296][T26193] dump_stack_lvl+0xcd/0x134 [ 2661.954894][T26193] dump_header+0x10b/0x7f9 [ 2661.959316][T26193] oom_kill_process.cold+0x10/0x15 [ 2661.964528][T26193] out_of_memory+0x358/0x14a0 [ 2661.969240][T26193] ? find_held_lock+0x2d/0x110 [ 2661.974143][T26193] ? oom_killer_disable+0x270/0x270 [ 2661.979381][T26193] ? find_held_lock+0x2d/0x110 [ 2661.984176][T26193] mem_cgroup_out_of_memory+0x206/0x270 [ 2661.989757][T26193] ? mem_cgroup_margin+0x130/0x130 [ 2661.994892][T26193] ? lock_downgrade+0x6e0/0x6e0 [ 2661.999777][T26193] try_charge_memcg+0xf67/0x13f0 [ 2662.004747][T26193] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2662.010753][T26193] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2662.016491][T26193] ? lock_downgrade+0x6e0/0x6e0 [ 2662.021377][T26193] obj_cgroup_charge+0x2ab/0x5e0 [ 2662.027131][T26193] __kmalloc_track_caller+0xad/0x340 [ 2662.032439][T26193] ? __devinet_sysctl_register+0x98/0x280 [ 2662.038190][T26193] kmemdup+0x23/0x50 [ 2662.042105][T26193] __devinet_sysctl_register+0x98/0x280 [ 2662.047680][T26193] ? inet_netconf_notify_devconf+0x260/0x260 [ 2662.053685][T26193] ? veth_newlink+0x338/0x990 [ 2662.058396][T26193] ? __rtnl_newlink+0x1087/0x17e0 [ 2662.063433][T26193] ? rtnl_newlink+0x64/0xa0 [ 2662.067947][T26193] ? rtnetlink_rcv_msg+0x43a/0xca0 [ 2662.073073][T26193] ? netlink_rcv_skb+0x153/0x420 [ 2662.078033][T26193] ? netlink_unicast+0x543/0x7f0 [ 2662.082994][T26193] ? netlink_sendmsg+0x917/0xe10 [ 2662.087951][T26193] ? sock_sendmsg+0xcf/0x120 [ 2662.092555][T26193] ? ____sys_sendmsg+0x712/0x8c0 [ 2662.097514][T26193] ? ___sys_sendmsg+0x110/0x1b0 [ 2662.102396][T26193] devinet_sysctl_register+0x160/0x230 [ 2662.107888][T26193] inetdev_init+0x286/0x580 [ 2662.112416][T26193] inetdev_event+0xa85/0x1610 [ 2662.117112][T26193] ? del_default_gids+0xd0/0xd0 [ 2662.121986][T26193] ? is_ndev_for_default_gid_filter.part.0+0x2e0/0x2e0 [ 2662.128864][T26193] ? devinet_init_net+0x640/0x640 [ 2662.133914][T26193] ? skb_dequeue+0x125/0x180 [ 2662.138609][T26193] ? __sanitizer_cov_trace_switch+0x50/0x90 [ 2662.144535][T26193] notifier_call_chain+0xb5/0x200 [ 2662.149679][T26193] call_netdevice_notifiers_info+0xb5/0x130 [ 2662.155597][T26193] register_netdevice+0x10bb/0x1670 [ 2662.160822][T26193] ? netdev_change_features+0xb0/0xb0 [ 2662.166225][T26193] ? dev_addr_mod+0x2c9/0x3f0 [ 2662.170928][T26193] veth_newlink+0x338/0x990 [ 2662.175489][T26193] ? veth_set_features+0x190/0x190 [ 2662.180631][T26193] ? netlink_unicast+0x543/0x7f0 [ 2662.185588][T26193] ? netlink_sendmsg+0x917/0xe10 [ 2662.190542][T26193] ? sock_sendmsg+0xcf/0x120 [ 2662.195145][T26193] ? ____sys_sendmsg+0x712/0x8c0 [ 2662.200145][T26193] ? ___sys_sendmsg+0x110/0x1b0 [ 2662.205032][T26193] ? __sys_sendmsg+0xf3/0x1c0 [ 2662.209732][T26193] ? do_syscall_64+0x35/0xb0 [ 2662.214437][T26193] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2662.220541][T26193] ? find_held_lock+0x2d/0x110 [ 2662.225344][T26193] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2662.231261][T26193] ? lock_downgrade+0x6e0/0x6e0 [ 2662.236138][T26193] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2662.241748][T26193] ? trace_kmalloc_node+0x32/0x100 [ 2662.246884][T26193] ? __kmalloc_node+0x1bf/0x380 [ 2662.251767][T26193] ? memset+0x20/0x40 [ 2662.255778][T26193] ? __xdp_rxq_info_reg+0x189/0x340 [ 2662.261003][T26193] ? memcpy+0x39/0x60 [ 2662.265018][T26193] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2662.270288][T26193] ? rtnl_create_link+0x7e8/0xca0 [ 2662.275442][T26193] ? veth_set_features+0x190/0x190 [ 2662.280593][T26193] __rtnl_newlink+0x1087/0x17e0 [ 2662.285479][T26193] ? rtnl_link_unregister+0x250/0x250 [ 2662.290881][T26193] ? rtnl_newlink+0x46/0xa0 [ 2662.295421][T26193] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2662.300998][T26193] ? trace_kmalloc+0x32/0x100 [ 2662.305706][T26193] rtnl_newlink+0x64/0xa0 [ 2662.310053][T26193] ? __rtnl_newlink+0x17e0/0x17e0 [ 2662.315097][T26193] rtnetlink_rcv_msg+0x43a/0xca0 [ 2662.320055][T26193] ? rtnl_getlink+0xae0/0xae0 [ 2662.324750][T26193] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2662.330073][T26193] ? ref_tracker_free+0x370/0x6b0 [ 2662.335125][T26193] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2662.340529][T26193] netlink_rcv_skb+0x153/0x420 [ 2662.345315][T26193] ? rtnl_getlink+0xae0/0xae0 [ 2662.350011][T26193] ? netlink_ack+0xd50/0xd50 [ 2662.354620][T26193] ? netlink_deliver_tap+0x1a2/0xc40 [ 2662.359929][T26193] ? netlink_deliver_tap+0x1b1/0xc40 [ 2662.365238][T26193] netlink_unicast+0x543/0x7f0 [ 2662.370028][T26193] ? netlink_attachskb+0x880/0x880 [ 2662.375184][T26193] ? __phys_addr+0xc4/0x140 [ 2662.379804][T26193] ? __phys_addr_symbol+0x2c/0x70 [ 2662.385043][T26193] ? __check_object_size+0x2de/0x700 [ 2662.390368][T26193] netlink_sendmsg+0x917/0xe10 [ 2662.395163][T26193] ? netlink_unicast+0x7f0/0x7f0 [ 2662.400132][T26193] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2662.405448][T26193] ? netlink_unicast+0x7f0/0x7f0 [ 2662.410410][T26193] sock_sendmsg+0xcf/0x120 [ 2662.414873][T26193] ____sys_sendmsg+0x712/0x8c0 [ 2662.419744][T26193] ? copy_msghdr_from_user+0xfc/0x150 [ 2662.425143][T26193] ? kernel_sendmsg+0x50/0x50 [ 2662.429853][T26193] ___sys_sendmsg+0x110/0x1b0 [ 2662.434557][T26193] ? do_recvmmsg+0x6e0/0x6e0 [ 2662.439176][T26193] ? __fget_files+0x248/0x440 [ 2662.443877][T26193] ? lock_downgrade+0x6e0/0x6e0 [ 2662.448750][T26193] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2662.454753][T26193] ? __fget_files+0x26a/0x440 [ 2662.459456][T26193] ? __fget_light+0xe5/0x270 [ 2662.464075][T26193] __sys_sendmsg+0xf3/0x1c0 [ 2662.468601][T26193] ? __sys_sendmsg_sock+0x30/0x30 [ 2662.473659][T26193] ? lock_downgrade+0x6e0/0x6e0 [ 2662.478562][T26193] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2662.484496][T26193] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2662.490420][T26193] ? lockdep_hardirqs_on+0x79/0x100 [ 2662.495641][T26193] do_syscall_64+0x35/0xb0 [ 2662.500090][T26193] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2662.506011][T26193] RIP: 0033:0x7f89d288b5a9 [ 2662.510442][T26193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2662.530159][T26193] RSP: 002b:00007f89d3ab2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2662.538590][T26193] RAX: ffffffffffffffda RBX: 00007f89d29abf80 RCX: 00007f89d288b5a9 [ 2662.546580][T26193] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 2662.554562][T26193] RBP: 00007f89d28e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2662.562543][T26193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2662.570524][T26193] R13: 00007fff483831ef R14: 00007f89d3ab2300 R15: 0000000000022000 [ 2662.578544][T26193] [ 2662.588929][T26193] memory: usage 307196kB, limit 307200kB, failcnt 53479 [ 2662.596061][T26193] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2662.603218][T26193] Memory cgroup stats for /syz3: [ 2662.603470][T26193] anon 147456 [ 2662.603470][T26193] file 385024 [ 2662.603470][T26193] kernel 314036224 [ 2662.603470][T26193] kernel_stack 98304 [ 2662.603470][T26193] pagetables 81920 [ 2662.603470][T26193] percpu 5618080 [ 2662.603470][T26193] sock 0 [ 2662.603470][T26193] vmalloc 0 [ 2662.603470][T26193] shmem 385024 [ 2662.603470][T26193] zswap 0 [ 2662.603470][T26193] zswapped 0 [ 2662.603470][T26193] file_mapped 311296 [ 2662.603470][T26193] file_dirty 0 [ 2662.603470][T26193] file_writeback 0 [ 2662.603470][T26193] swapcached 0 [ 2662.603470][T26193] anon_thp 0 [ 2662.603470][T26193] file_thp 0 [ 2662.603470][T26193] shmem_thp 0 [ 2662.603470][T26193] inactive_anon 200704 [ 2662.603470][T26193] active_anon 331776 [ 2662.603470][T26193] inactive_file 0 [ 2662.603470][T26193] active_file 0 [ 2662.603470][T26193] unevictable 0 [ 2662.603470][T26193] slab_reclaimable 22760 [ 2662.603470][T26193] slab_unreclaimable 308181896 [ 2662.603470][T26193] slab 308204656 [ 2662.700194][T26193] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26192,uid=0 [ 2662.716004][T26193] Memory cgroup out of memory: Killed process 26192 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2662.733629][T26197] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2662.750186][T26197] CPU: 0 PID: 26197 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2662.760393][T26197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2662.770464][T26197] Call Trace: [ 2662.773747][T26197] [ 2662.776692][T26197] dump_stack_lvl+0xcd/0x134 [ 2662.781310][T26197] dump_header+0x10b/0x7f9 [ 2662.785737][T26197] oom_kill_process.cold+0x10/0x15 [ 2662.790916][T26197] out_of_memory+0x358/0x14a0 [ 2662.795654][T26197] ? oom_killer_disable+0x270/0x270 [ 2662.800895][T26197] ? find_held_lock+0x2d/0x110 [ 2662.805712][T26197] mem_cgroup_out_of_memory+0x206/0x270 [ 2662.811303][T26197] ? mem_cgroup_margin+0x130/0x130 [ 2662.816452][T26197] ? lock_downgrade+0x6e0/0x6e0 [ 2662.821353][T26197] try_charge_memcg+0xf67/0x13f0 [ 2662.826322][T26197] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2662.832307][T26197] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2662.838211][T26197] ? lock_downgrade+0x6e0/0x6e0 [ 2662.843102][T26197] ? lock_downgrade+0x6e0/0x6e0 [ 2662.847979][T26197] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2662.853538][T26197] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2662.859766][T26197] copy_process+0x15f3/0x7090 [ 2662.864487][T26197] ? __lock_acquire+0xbc3/0x56d0 [ 2662.869470][T26197] ? __cleanup_sighand+0xb0/0xb0 [ 2662.874477][T26197] kernel_clone+0xe7/0xab0 [ 2662.878924][T26197] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2662.884936][T26197] ? create_io_thread+0xe0/0xe0 [ 2662.889811][T26197] ? find_held_lock+0x2d/0x110 [ 2662.894595][T26197] ? __ct_user_exit+0xff/0x150 [ 2662.899386][T26197] __do_sys_clone+0xba/0x100 [ 2662.903988][T26197] ? kernel_clone+0xab0/0xab0 [ 2662.908709][T26197] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2662.914639][T26197] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2662.920566][T26197] do_syscall_64+0x35/0xb0 [ 2662.925000][T26197] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2662.930932][T26197] RIP: 0033:0x7f542068c9d1 [ 2662.935357][T26197] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2662.954984][T26197] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2662.963435][T26197] RAX: ffffffffffffffda RBX: 00007f54217ed700 RCX: 00007f542068c9d1 [ 2662.971459][T26197] RDX: 00007f54217ed9d0 RSI: 00007f54217ed2f0 RDI: 00000000003d0f00 [ 2662.979437][T26197] RBP: 00007ffc9945b1c0 R08: 00007f54217ed700 R09: 00007f54217ed700 [ 2662.987536][T26197] R10: 00007f54217ed9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2662.995531][T26197] R13: 00007ffc9945b02f R14: 00007f54217ed300 R15: 0000000000022000 [ 2663.003540][T26197] [ 2663.019783][T26197] memory: usage 307200kB, limit 307200kB, failcnt 39132 11:16:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf203) 11:16:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x217}]}}]}, 0x40}, 0x7}, 0x0) [ 2663.020647][T26199] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2663.051615][T26197] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2663.067953][T26197] Memory cgroup stats for /syz5: [ 2663.068135][T26197] anon 143360 [ 2663.068135][T26197] file 364544 [ 2663.068135][T26197] kernel 314064896 [ 2663.068135][T26197] kernel_stack 65536 [ 2663.068135][T26197] pagetables 81920 [ 2663.068135][T26197] percpu 5618080 [ 2663.068135][T26197] sock 0 [ 2663.068135][T26197] vmalloc 0 [ 2663.068135][T26197] shmem 356352 [ 2663.068135][T26197] zswap 0 [ 2663.068135][T26197] zswapped 0 [ 2663.068135][T26197] file_mapped 356352 [ 2663.068135][T26197] file_dirty 0 [ 2663.068135][T26197] file_writeback 0 [ 2663.068135][T26197] swapcached 0 [ 2663.068135][T26197] anon_thp 0 [ 2663.068135][T26197] file_thp 0 [ 2663.068135][T26197] shmem_thp 0 [ 2663.068135][T26197] inactive_anon 147456 [ 2663.068135][T26197] active_anon 352256 [ 2663.068135][T26197] inactive_file 0 [ 2663.068135][T26197] active_file 8192 [ 2663.068135][T26197] unevictable 0 [ 2663.068135][T26197] slab_reclaimable 20960 [ 2663.068135][T26197] slab_unreclaimable 308215104 [ 2663.068135][T26197] slab 308236064 11:16:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7cf}]}}]}, 0x40}, 0x7}, 0x0) 11:16:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf603) [ 2663.193057][T26210] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:16:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf803) 11:16:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xfa03) 11:16:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xfc03) [ 2663.302097][T26197] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26197,uid=0 [ 2663.328450][T26197] Memory cgroup out of memory: Killed process 26197 (syz-executor.5) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 11:16:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) [ 2663.368848][T26210] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=2, oom_score_adj=1000 [ 2663.398084][T26210] CPU: 1 PID: 26210 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2663.408226][T26210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2663.418327][T26210] Call Trace: [ 2663.421640][T26210] [ 2663.424599][T26210] dump_stack_lvl+0xcd/0x134 [ 2663.429241][T26210] dump_header+0x10b/0x7f9 [ 2663.433704][T26210] oom_kill_process.cold+0x10/0x15 [ 2663.438863][T26210] out_of_memory+0x358/0x14a0 [ 2663.443683][T26210] ? oom_killer_disable+0x270/0x270 [ 2663.448943][T26210] ? find_held_lock+0x2d/0x110 [ 2663.453772][T26210] mem_cgroup_out_of_memory+0x206/0x270 [ 2663.459372][T26210] ? mem_cgroup_margin+0x130/0x130 [ 2663.464528][T26210] ? lock_downgrade+0x6e0/0x6e0 [ 2663.469437][T26210] try_charge_memcg+0xef5/0x13f0 [ 2663.474429][T26210] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2663.480459][T26210] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2663.486226][T26210] ? lock_downgrade+0x6e0/0x6e0 [ 2663.491130][T26210] obj_cgroup_charge+0x2ab/0x5e0 [ 2663.496086][T26210] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2663.501476][T26210] ? ipv6_add_dev+0x672/0x1390 [ 2663.506272][T26210] ipv6_add_dev+0x672/0x1390 [ 2663.510911][T26210] addrconf_notify+0x6f9/0x1c10 [ 2663.515886][T26210] ? clusterip_netdev_event+0x419/0x650 [ 2663.521466][T26210] ? __local_bh_enable_ip+0xa0/0x120 [ 2663.526770][T26210] ? clusterip_netdev_event+0x419/0x650 [ 2663.532345][T26210] ? tee_netdev_event+0x3bc/0x5c0 [ 2663.537401][T26210] ? ip6mr_device_event+0x1ab/0x220 [ 2663.542651][T26210] notifier_call_chain+0xb5/0x200 [ 2663.547728][T26210] call_netdevice_notifiers_info+0xb5/0x130 [ 2663.553662][T26210] register_netdevice+0x10bb/0x1670 [ 2663.558922][T26210] ? netdev_change_features+0xb0/0xb0 [ 2663.564314][T26210] ? dev_addr_mod+0x2c9/0x3f0 [ 2663.569017][T26210] veth_newlink+0x338/0x990 [ 2663.573556][T26210] ? veth_set_features+0x190/0x190 [ 2663.578695][T26210] ? netlink_unicast+0x543/0x7f0 [ 2663.583655][T26210] ? netlink_sendmsg+0x917/0xe10 [ 2663.588617][T26210] ? sock_sendmsg+0xcf/0x120 [ 2663.593220][T26210] ? ____sys_sendmsg+0x712/0x8c0 [ 2663.598171][T26210] ? ___sys_sendmsg+0x110/0x1b0 [ 2663.603042][T26210] ? __sys_sendmsg+0xf3/0x1c0 [ 2663.607741][T26210] ? do_syscall_64+0x35/0xb0 [ 2663.612357][T26210] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2663.618463][T26210] ? find_held_lock+0x2d/0x110 [ 2663.623263][T26210] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2663.629179][T26210] ? lock_downgrade+0x6e0/0x6e0 [ 2663.634054][T26210] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2663.639716][T26210] ? trace_kmalloc_node+0x32/0x100 [ 2663.644848][T26210] ? __kmalloc_node+0x1bf/0x380 [ 2663.649727][T26210] ? memset+0x20/0x40 [ 2663.653739][T26210] ? __xdp_rxq_info_reg+0x189/0x340 [ 2663.658965][T26210] ? memcpy+0x39/0x60 [ 2663.662980][T26210] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2663.668127][T26210] ? rtnl_create_link+0x7e8/0xca0 [ 2663.673181][T26210] ? veth_set_features+0x190/0x190 [ 2663.678326][T26210] __rtnl_newlink+0x1087/0x17e0 [ 2663.683236][T26210] ? rtnl_link_unregister+0x250/0x250 [ 2663.688629][T26210] ? rtnl_newlink+0x46/0xa0 [ 2663.693164][T26210] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2663.698741][T26210] ? trace_kmalloc+0x32/0x100 [ 2663.703443][T26210] rtnl_newlink+0x64/0xa0 [ 2663.707789][T26210] ? __rtnl_newlink+0x17e0/0x17e0 [ 2663.712831][T26210] rtnetlink_rcv_msg+0x43a/0xca0 [ 2663.717795][T26210] ? rtnl_getlink+0xae0/0xae0 [ 2663.722484][T26210] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2663.727804][T26210] ? skb_clone+0x16e/0x3c0 [ 2663.732249][T26210] ? ref_tracker_free+0x370/0x6b0 [ 2663.737302][T26210] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2663.742709][T26210] netlink_rcv_skb+0x153/0x420 [ 2663.747500][T26210] ? rtnl_getlink+0xae0/0xae0 [ 2663.752303][T26210] ? netlink_ack+0xd50/0xd50 [ 2663.757027][T26210] ? netlink_deliver_tap+0x1a2/0xc40 [ 2663.762356][T26210] ? netlink_deliver_tap+0x1b1/0xc40 [ 2663.767671][T26210] netlink_unicast+0x543/0x7f0 [ 2663.772466][T26210] ? netlink_attachskb+0x880/0x880 [ 2663.777681][T26210] ? __phys_addr+0xc4/0x140 [ 2663.782223][T26210] ? __phys_addr_symbol+0x2c/0x70 [ 2663.787279][T26210] ? __check_object_size+0x2de/0x700 [ 2663.792598][T26210] netlink_sendmsg+0x917/0xe10 [ 2663.797392][T26210] ? netlink_unicast+0x7f0/0x7f0 [ 2663.802359][T26210] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2663.807672][T26210] ? netlink_unicast+0x7f0/0x7f0 [ 2663.812634][T26210] sock_sendmsg+0xcf/0x120 [ 2663.817069][T26210] ____sys_sendmsg+0x712/0x8c0 [ 2663.821856][T26210] ? copy_msghdr_from_user+0xfc/0x150 [ 2663.827253][T26210] ? kernel_sendmsg+0x50/0x50 [ 2663.831966][T26210] ? futex_unqueue+0xb3/0x120 [ 2663.836738][T26210] ___sys_sendmsg+0x110/0x1b0 [ 2663.841442][T26210] ? do_recvmmsg+0x6e0/0x6e0 [ 2663.846091][T26210] ? __fget_files+0x248/0x440 [ 2663.850798][T26210] ? lock_downgrade+0x6e0/0x6e0 [ 2663.855674][T26210] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2663.861858][T26210] ? __fget_files+0x26a/0x440 [ 2663.866564][T26210] ? __fget_light+0xe5/0x270 [ 2663.871248][T26210] __sys_sendmsg+0xf3/0x1c0 [ 2663.875869][T26210] ? __sys_sendmsg_sock+0x30/0x30 [ 2663.881014][T26210] ? lock_downgrade+0x6e0/0x6e0 [ 2663.885893][T26210] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2663.891818][T26210] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2663.897733][T26210] ? lockdep_hardirqs_on+0x79/0x100 [ 2663.902964][T26210] do_syscall_64+0x35/0xb0 [ 2663.907414][T26210] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2663.913339][T26210] RIP: 0033:0x7f89d288b5a9 [ 2663.917783][T26210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2663.937672][T26210] RSP: 002b:00007f89d3ab2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2663.946103][T26210] RAX: ffffffffffffffda RBX: 00007f89d29abf80 RCX: 00007f89d288b5a9 [ 2663.954157][T26210] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 2663.962142][T26210] RBP: 00007f89d28e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2663.970214][T26210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2663.978208][T26210] R13: 00007fff483831ef R14: 00007f89d3ab2300 R15: 0000000000022000 [ 2663.986210][T26210] 11:16:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xfe00) [ 2664.013172][T26210] memory: usage 307200kB, limit 307200kB, failcnt 53593 [ 2664.022383][T26210] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2664.030109][T26210] Memory cgroup stats for /syz3: [ 2664.030343][T26210] anon 143360 [ 2664.030343][T26210] file 385024 [ 2664.030343][T26210] kernel 314044416 [ 2664.030343][T26210] kernel_stack 65536 [ 2664.030343][T26210] pagetables 81920 [ 2664.030343][T26210] percpu 5619264 [ 2664.030343][T26210] sock 0 [ 2664.030343][T26210] vmalloc 0 [ 2664.030343][T26210] shmem 385024 [ 2664.030343][T26210] zswap 0 [ 2664.030343][T26210] zswapped 0 [ 2664.030343][T26210] file_mapped 311296 [ 2664.030343][T26210] file_dirty 0 [ 2664.030343][T26210] file_writeback 0 [ 2664.030343][T26210] swapcached 0 [ 2664.030343][T26210] anon_thp 0 [ 2664.030343][T26210] file_thp 0 [ 2664.030343][T26210] shmem_thp 0 [ 2664.030343][T26210] inactive_anon 196608 [ 2664.030343][T26210] active_anon 331776 [ 2664.030343][T26210] inactive_file 0 [ 2664.030343][T26210] active_file 0 [ 2664.030343][T26210] unevictable 0 [ 2664.030343][T26210] slab_reclaimable 22760 [ 2664.030343][T26210] slab_unreclaimable 308199088 [ 2664.030343][T26210] slab 308221848 [ 2664.141818][T26210] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26209,uid=0 [ 2664.160141][T26210] Memory cgroup out of memory: Killed process 26209 (syz-executor.3) total-vm:54728kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2664.211561][T26214] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2664.216015][T26203] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2664.231682][T26203] CPU: 1 PID: 26203 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2664.241803][T26203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2664.251893][T26203] Call Trace: [ 2664.255204][T26203] [ 2664.258163][T26203] dump_stack_lvl+0xcd/0x134 [ 2664.262880][T26203] dump_header+0x10b/0x7f9 [ 2664.267337][T26203] oom_kill_process.cold+0x10/0x15 [ 2664.272498][T26203] out_of_memory+0x358/0x14a0 [ 2664.277228][T26203] ? find_held_lock+0x2d/0x110 [ 2664.282050][T26203] ? oom_killer_disable+0x270/0x270 [ 2664.287354][T26203] ? find_held_lock+0x2d/0x110 [ 2664.292154][T26203] mem_cgroup_out_of_memory+0x206/0x270 [ 2664.298760][T26203] ? mem_cgroup_margin+0x130/0x130 [ 2664.303901][T26203] ? lock_downgrade+0x6e0/0x6e0 [ 2664.308782][T26203] try_charge_memcg+0xf67/0x13f0 [ 2664.313833][T26203] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2664.319842][T26203] ? lock_downgrade+0x6e0/0x6e0 [ 2664.324727][T26203] charge_memcg+0x31/0x320 [ 2664.329170][T26203] __mem_cgroup_charge+0x27/0x90 [ 2664.334128][T26203] ? _compound_head+0x5d/0x150 [ 2664.338921][T26203] wp_page_copy+0x27c/0x1b10 [ 2664.343533][T26203] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2664.349096][T26203] ? lock_downgrade+0x6e0/0x6e0 [ 2664.353956][T26203] ? vm_normal_page+0x146/0x2a0 [ 2664.358925][T26203] do_wp_page+0x1d1/0x1910 [ 2664.363450][T26203] __handle_mm_fault+0x1813/0x39b0 [ 2664.368671][T26203] ? vm_iomap_memory+0x190/0x190 [ 2664.373831][T26203] handle_mm_fault+0x1c8/0x780 [ 2664.378731][T26203] do_user_addr_fault+0x475/0x1210 [ 2664.383878][T26203] exc_page_fault+0x94/0x170 [ 2664.388502][T26203] asm_exc_page_fault+0x22/0x30 [ 2664.393375][T26203] RIP: 0033:0x7fefdee38970 [ 2664.397802][T26203] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 2664.417422][T26203] RSP: 002b:00007ffd4124e550 EFLAGS: 00010246 [ 2664.423509][T26203] RAX: 000000001a3062d4 RBX: 00007fefdefac018 RCX: 0000001b2ed20000 [ 2664.431494][T26203] RDX: 0000000000000000 RSI: 0000001b2ed20018 RDI: 0000000008eb5285 [ 2664.439484][T26203] RBP: 000000001a3062d4 R08: 00000000000002d4 R09: 000000001a3062d8 [ 2664.447470][T26203] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 00007fefdefa0000 [ 2664.455556][T26203] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a2d95f [ 2664.463553][T26203] ? trace_user_exit.constprop.0+0x13f/0x210 [ 2664.469588][T26203] [ 2664.566495][T26203] memory: usage 307200kB, limit 307200kB, failcnt 53633 [ 2664.574420][T26203] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2664.581402][T26203] Memory cgroup stats for /syz2: [ 2664.581542][T26203] anon 114688 [ 2664.581542][T26203] file 364544 [ 2664.581542][T26203] kernel 314093568 [ 2664.581542][T26203] kernel_stack 65536 [ 2664.581542][T26203] pagetables 73728 [ 2664.581542][T26203] percpu 5619264 [ 2664.581542][T26203] sock 0 [ 2664.581542][T26203] vmalloc 0 [ 2664.581542][T26203] shmem 364544 [ 2664.581542][T26203] zswap 0 [ 2664.581542][T26203] zswapped 0 [ 2664.581542][T26203] file_mapped 364544 [ 2664.581542][T26203] file_dirty 0 [ 2664.581542][T26203] file_writeback 0 [ 2664.581542][T26203] swapcached 0 [ 2664.581542][T26203] anon_thp 0 [ 2664.581542][T26203] file_thp 0 [ 2664.581542][T26203] shmem_thp 0 [ 2664.581542][T26203] inactive_anon 118784 [ 2664.581542][T26203] active_anon 360448 [ 2664.581542][T26203] inactive_file 0 [ 2664.581542][T26203] active_file 0 [ 2664.581542][T26203] unevictable 0 [ 2664.581542][T26203] slab_reclaimable 127032 [ 2664.581542][T26203] slab_unreclaimable 308178072 [ 2664.581542][T26203] slab 308305104 [ 2664.675345][T26203] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26203,uid=0 [ 2664.691001][T26203] Memory cgroup out of memory: Killed process 26203 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2664.708882][T26202] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2664.725436][T26202] CPU: 1 PID: 26202 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2664.735575][T26202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2664.745631][T26202] Call Trace: [ 2664.748903][T26202] [ 2664.751829][T26202] dump_stack_lvl+0xcd/0x134 [ 2664.756420][T26202] dump_header+0x10b/0x7f9 [ 2664.760834][T26202] oom_kill_process.cold+0x10/0x15 [ 2664.765949][T26202] out_of_memory+0x358/0x14a0 [ 2664.770628][T26202] ? oom_killer_disable+0x270/0x270 [ 2664.775852][T26202] ? find_held_lock+0x2d/0x110 [ 2664.781336][T26202] mem_cgroup_out_of_memory+0x206/0x270 [ 2664.786904][T26202] ? mem_cgroup_margin+0x130/0x130 [ 2664.792029][T26202] ? lock_downgrade+0x6e0/0x6e0 [ 2664.796890][T26202] try_charge_memcg+0xf67/0x13f0 [ 2664.801933][T26202] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2664.807923][T26202] ? lock_downgrade+0x6e0/0x6e0 [ 2664.812777][T26202] charge_memcg+0x31/0x320 [ 2664.817212][T26202] __mem_cgroup_charge+0x27/0x90 [ 2664.822146][T26202] ? _compound_head+0x5d/0x150 [ 2664.826912][T26202] wp_page_copy+0x27c/0x1b10 [ 2664.831502][T26202] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2664.836961][T26202] ? lock_downgrade+0x6e0/0x6e0 [ 2664.841810][T26202] ? vm_normal_page+0x146/0x2a0 [ 2664.846665][T26202] do_wp_page+0x1d1/0x1910 [ 2664.851166][T26202] __handle_mm_fault+0x1813/0x39b0 [ 2664.856313][T26202] ? vm_iomap_memory+0x190/0x190 [ 2664.861259][T26202] handle_mm_fault+0x1c8/0x780 [ 2664.866021][T26202] do_user_addr_fault+0x475/0x1210 [ 2664.871138][T26202] exc_page_fault+0x94/0x170 [ 2664.875726][T26202] asm_exc_page_fault+0x22/0x30 [ 2664.880572][T26202] RIP: 0033:0x7fa378a38970 [ 2664.884980][T26202] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 2664.904582][T26202] RSP: 002b:00007fff30649520 EFLAGS: 00010246 [ 2664.910638][T26202] RAX: 00000000410b914c RBX: 00007fa378bac018 RCX: 0000001b30a20000 [ 2664.918617][T26202] RDX: 0000000000000000 RSI: 0000001b30a20018 RDI: 0000000000000022 [ 2664.926596][T26202] RBP: 00000000410b914c R08: 000000000000114c R09: 00000000410b9150 [ 2664.934567][T26202] R10: 00007fff306496f0 R11: 0000000000000246 R12: 00007fa378ba0000 [ 2664.942556][T26202] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff81a2d826 [ 2664.950544][T26202] ? trace_user_exit.constprop.0+0x6/0x210 [ 2664.956458][T26202] [ 2664.964910][T26202] memory: usage 307200kB, limit 307200kB, failcnt 54793 [ 2664.972087][T26202] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2664.984228][T26202] Memory cgroup stats for /syz4: [ 2664.984460][T26202] anon 98304 [ 2664.984460][T26202] file 372736 [ 2664.984460][T26202] kernel 314101760 [ 2664.984460][T26202] kernel_stack 65536 [ 2664.984460][T26202] pagetables 69632 [ 2664.984460][T26202] percpu 5624000 [ 2664.984460][T26202] sock 0 [ 2664.984460][T26202] vmalloc 0 [ 2664.984460][T26202] shmem 372736 [ 2664.984460][T26202] zswap 0 [ 2664.984460][T26202] zswapped 0 [ 2664.984460][T26202] file_mapped 372736 [ 2664.984460][T26202] file_dirty 0 [ 2664.984460][T26202] file_writeback 0 [ 2664.984460][T26202] swapcached 0 [ 2664.984460][T26202] anon_thp 0 [ 2664.984460][T26202] file_thp 0 [ 2664.984460][T26202] shmem_thp 0 [ 2664.984460][T26202] inactive_anon 147456 [ 2664.984460][T26202] active_anon 323584 [ 2664.984460][T26202] inactive_file 0 [ 2664.984460][T26202] active_file 0 [ 2664.984460][T26202] unevictable 0 [ 2664.984460][T26202] slab_reclaimable 19816 [ 2664.984460][T26202] slab_unreclaimable 308289968 [ 2664.984460][T26202] slab 308309784 [ 2665.078918][T26202] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26202,uid=0 [ 2665.098197][T26202] Memory cgroup out of memory: Killed process 26202 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 11:16:19 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x700}]}}]}, 0x40}, 0x7}, 0x0) 11:16:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x218}]}}]}, 0x40}, 0x7}, 0x0) 11:16:19 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d0}]}}]}, 0x40}, 0x7}, 0x0) 11:16:19 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x34000) 11:16:19 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70d}]}}]}, 0x40}, 0x7}, 0x0) [ 2665.116795][T26225] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2665.135107][T26225] CPU: 1 PID: 26225 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2665.145257][T26225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2665.155348][T26225] Call Trace: [ 2665.158653][T26225] [ 2665.161613][T26225] dump_stack_lvl+0xcd/0x134 [ 2665.166211][T26235] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2665.175523][T26225] dump_header+0x10b/0x7f9 [ 2665.179991][T26225] oom_kill_process.cold+0x10/0x15 [ 2665.185142][T26225] out_of_memory+0x358/0x14a0 [ 2665.189862][T26225] ? oom_killer_disable+0x270/0x270 [ 2665.195203][T26225] ? find_held_lock+0x2d/0x110 [ 2665.200105][T26225] mem_cgroup_out_of_memory+0x206/0x270 [ 2665.205697][T26225] ? mem_cgroup_margin+0x130/0x130 [ 2665.210851][T26225] ? lock_downgrade+0x6e0/0x6e0 [ 2665.215752][T26225] try_charge_memcg+0xf67/0x13f0 [ 2665.220742][T26225] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2665.226767][T26225] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2665.232529][T26225] ? lock_downgrade+0x6e0/0x6e0 [ 2665.237417][T26225] ? lock_downgrade+0x6e0/0x6e0 [ 2665.242318][T26225] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2665.247912][T26225] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2665.254096][T26225] copy_process+0x15f3/0x7090 [ 2665.258795][T26225] ? __lock_acquire+0xbc3/0x56d0 [ 2665.263759][T26225] ? __cleanup_sighand+0xb0/0xb0 [ 2665.268744][T26225] kernel_clone+0xe7/0xab0 [ 2665.273180][T26225] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2665.279175][T26225] ? create_io_thread+0xe0/0xe0 [ 2665.284056][T26225] ? find_held_lock+0x2d/0x110 [ 2665.288855][T26225] ? __ct_user_exit+0xff/0x150 [ 2665.293641][T26225] __do_sys_clone+0xba/0x100 [ 2665.298253][T26225] ? kernel_clone+0xab0/0xab0 [ 2665.302958][T26225] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2665.308870][T26225] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2665.314786][T26225] do_syscall_64+0x35/0xb0 [ 2665.319232][T26225] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2665.325150][T26225] RIP: 0033:0x7f542068c9d1 [ 2665.329576][T26225] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2665.349200][T26225] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2665.357628][T26225] RAX: ffffffffffffffda RBX: 00007f54217ed700 RCX: 00007f542068c9d1 [ 2665.365701][T26225] RDX: 00007f54217ed9d0 RSI: 00007f54217ed2f0 RDI: 00000000003d0f00 [ 2665.373686][T26225] RBP: 00007ffc9945b1c0 R08: 00007f54217ed700 R09: 00007f54217ed700 [ 2665.381672][T26225] R10: 00007f54217ed9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2665.389657][T26225] R13: 00007ffc9945b02f R14: 00007f54217ed300 R15: 0000000000022000 [ 2665.397668][T26225] [ 2665.488599][T26225] memory: usage 307184kB, limit 307200kB, failcnt 39227 [ 2665.501828][T26225] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2665.509705][T26225] Memory cgroup stats for /syz5: [ 2665.509884][T26225] anon 143360 [ 2665.509884][T26225] file 364544 [ 2665.509884][T26225] kernel 314048512 [ 2665.509884][T26225] kernel_stack 65536 [ 2665.509884][T26225] pagetables 81920 [ 2665.509884][T26225] percpu 5618080 [ 2665.509884][T26225] sock 0 [ 2665.509884][T26225] vmalloc 0 [ 2665.509884][T26225] shmem 356352 [ 2665.509884][T26225] zswap 0 [ 2665.509884][T26225] zswapped 0 [ 2665.509884][T26225] file_mapped 356352 [ 2665.509884][T26225] file_dirty 4096 [ 2665.509884][T26225] file_writeback 0 [ 2665.509884][T26225] swapcached 0 [ 2665.509884][T26225] anon_thp 0 [ 2665.509884][T26225] file_thp 0 [ 2665.509884][T26225] shmem_thp 0 [ 2665.509884][T26225] inactive_anon 147456 [ 2665.509884][T26225] active_anon 352256 [ 2665.509884][T26225] inactive_file 0 [ 2665.509884][T26225] active_file 8192 [ 2665.509884][T26225] unevictable 0 [ 2665.509884][T26225] slab_reclaimable 20960 [ 2665.509884][T26225] slab_unreclaimable 308203704 [ 2665.509884][T26225] slab 308224664 [ 2665.618427][T26225] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26225,uid=0 11:16:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) [ 2665.634191][T26225] Memory cgroup out of memory: Killed process 26225 (syz-executor.5) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2665.651800][T26235] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=1, oom_score_adj=1000 [ 2665.664561][T26235] CPU: 1 PID: 26235 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2665.674689][T26235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2665.684790][T26235] Call Trace: [ 2665.688104][T26235] [ 2665.691065][T26235] dump_stack_lvl+0xcd/0x134 [ 2665.695712][T26235] dump_header+0x10b/0x7f9 [ 2665.700188][T26235] oom_kill_process.cold+0x10/0x15 [ 2665.705449][T26235] out_of_memory+0x358/0x14a0 [ 2665.710192][T26235] ? oom_killer_disable+0x270/0x270 [ 2665.715463][T26235] ? find_held_lock+0x2d/0x110 [ 2665.720278][T26235] mem_cgroup_out_of_memory+0x206/0x270 [ 2665.725867][T26235] ? mem_cgroup_margin+0x130/0x130 [ 2665.731002][T26235] ? lock_downgrade+0x6e0/0x6e0 [ 2665.735904][T26235] try_charge_memcg+0xf67/0x13f0 [ 2665.740906][T26235] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2665.746935][T26235] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2665.752684][T26235] ? lock_downgrade+0x6e0/0x6e0 [ 2665.757571][T26235] obj_cgroup_charge+0x2ab/0x5e0 [ 2665.762541][T26235] __kmalloc+0xb2/0x340 [ 2665.766717][T26235] ? veth_dev_init+0x1d8/0x3e0 [ 2665.771517][T26235] veth_dev_init+0x1d8/0x3e0 [ 2665.776145][T26235] ? veth_get_num_queues+0x50/0x50 [ 2665.781296][T26235] register_netdevice+0x580/0x1670 [ 2665.786435][T26235] ? netdev_change_features+0xb0/0xb0 [ 2665.791828][T26235] ? dev_addr_mod+0x2c9/0x3f0 [ 2665.796530][T26235] veth_newlink+0x338/0x990 [ 2665.801066][T26235] ? veth_set_features+0x190/0x190 [ 2665.806210][T26235] ? netlink_unicast+0x543/0x7f0 [ 2665.811172][T26235] ? netlink_sendmsg+0x917/0xe10 [ 2665.816126][T26235] ? sock_sendmsg+0xcf/0x120 [ 2665.820731][T26235] ? ____sys_sendmsg+0x712/0x8c0 [ 2665.825695][T26235] ? ___sys_sendmsg+0x110/0x1b0 [ 2665.830576][T26235] ? __sys_sendmsg+0xf3/0x1c0 [ 2665.835273][T26235] ? do_syscall_64+0x35/0xb0 [ 2665.839895][T26235] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2665.845999][T26235] ? find_held_lock+0x2d/0x110 [ 2665.850800][T26235] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2665.856715][T26235] ? lock_downgrade+0x6e0/0x6e0 [ 2665.861593][T26235] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2665.867178][T26235] ? trace_kmalloc_node+0x32/0x100 [ 2665.872307][T26235] ? __kmalloc_node+0x1bf/0x380 [ 2665.877185][T26235] ? memset+0x20/0x40 [ 2665.881201][T26235] ? __xdp_rxq_info_reg+0x189/0x340 [ 2665.886428][T26235] ? memcpy+0x39/0x60 [ 2665.890443][T26235] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2665.895590][T26235] ? rtnl_create_link+0x7e8/0xca0 [ 2665.900658][T26235] ? veth_set_features+0x190/0x190 [ 2665.905803][T26235] __rtnl_newlink+0x1087/0x17e0 [ 2665.910687][T26235] ? rtnl_link_unregister+0x250/0x250 [ 2665.916075][T26235] ? find_held_lock+0x2d/0x110 [ 2665.920888][T26235] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2665.926464][T26235] ? trace_kmalloc+0x32/0x100 [ 2665.931258][T26235] rtnl_newlink+0x64/0xa0 [ 2665.935613][T26235] ? __rtnl_newlink+0x17e0/0x17e0 [ 2665.940662][T26235] rtnetlink_rcv_msg+0x43a/0xca0 [ 2665.945630][T26235] ? rtnl_getlink+0xae0/0xae0 [ 2665.950328][T26235] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2665.955659][T26235] ? ref_tracker_free+0x370/0x6b0 [ 2665.960715][T26235] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2665.966124][T26235] netlink_rcv_skb+0x153/0x420 [ 2665.970915][T26235] ? rtnl_getlink+0xae0/0xae0 [ 2665.975620][T26235] ? netlink_ack+0xd50/0xd50 [ 2665.980230][T26235] ? netlink_deliver_tap+0x1a2/0xc40 [ 2665.985542][T26235] ? netlink_deliver_tap+0x1b1/0xc40 [ 2665.990858][T26235] netlink_unicast+0x543/0x7f0 [ 2665.995656][T26235] ? netlink_attachskb+0x880/0x880 [ 2666.000794][T26235] ? __phys_addr+0xc4/0x140 [ 2666.006544][T26235] ? __phys_addr_symbol+0x2c/0x70 [ 2666.011603][T26235] ? __check_object_size+0x2de/0x700 [ 2666.017020][T26235] netlink_sendmsg+0x917/0xe10 [ 2666.021834][T26235] ? netlink_unicast+0x7f0/0x7f0 [ 2666.026809][T26235] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2666.032129][T26235] ? netlink_unicast+0x7f0/0x7f0 [ 2666.037091][T26235] sock_sendmsg+0xcf/0x120 [ 2666.041557][T26235] ____sys_sendmsg+0x712/0x8c0 [ 2666.046342][T26235] ? copy_msghdr_from_user+0xfc/0x150 [ 2666.051825][T26235] ? kernel_sendmsg+0x50/0x50 [ 2666.056525][T26235] ? futex_unqueue+0xb3/0x120 [ 2666.061234][T26235] ___sys_sendmsg+0x110/0x1b0 [ 2666.065937][T26235] ? do_recvmmsg+0x6e0/0x6e0 [ 2666.070561][T26235] ? __fget_files+0x248/0x440 [ 2666.075265][T26235] ? lock_downgrade+0x6e0/0x6e0 [ 2666.080143][T26235] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2666.086155][T26235] ? __fget_files+0x26a/0x440 [ 2666.090870][T26235] ? __fget_light+0xe5/0x270 [ 2666.095487][T26235] __sys_sendmsg+0xf3/0x1c0 [ 2666.100013][T26235] ? __sys_sendmsg_sock+0x30/0x30 [ 2666.105061][T26235] ? lock_downgrade+0x6e0/0x6e0 [ 2666.109943][T26235] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2666.115862][T26235] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2666.121793][T26235] ? lockdep_hardirqs_on+0x79/0x100 [ 2666.127014][T26235] do_syscall_64+0x35/0xb0 [ 2666.131463][T26235] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2666.137392][T26235] RIP: 0033:0x7f89d288b5a9 [ 2666.141820][T26235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2666.161445][T26235] RSP: 002b:00007f89d3ab2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2666.169883][T26235] RAX: ffffffffffffffda RBX: 00007f89d29abf80 RCX: 00007f89d288b5a9 [ 2666.177897][T26235] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 2666.185881][T26235] RBP: 00007f89d28e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2666.193862][T26235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2666.201843][T26235] R13: 00007fff483831ef R14: 00007f89d3ab2300 R15: 0000000000022000 [ 2666.209934][T26235] [ 2666.216035][T26235] memory: usage 307200kB, limit 307200kB, failcnt 53704 [ 2666.246072][T26235] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2666.257395][T26235] Memory cgroup stats for /syz3: [ 2666.257596][T26235] anon 147456 [ 2666.257596][T26235] file 385024 [ 2666.257596][T26235] kernel 314023936 [ 2666.257596][T26235] kernel_stack 98304 [ 2666.257596][T26235] pagetables 81920 [ 2666.257596][T26235] percpu 5618080 [ 2666.257596][T26235] sock 0 [ 2666.257596][T26235] vmalloc 0 [ 2666.257596][T26235] shmem 385024 [ 2666.257596][T26235] zswap 0 [ 2666.257596][T26235] zswapped 0 [ 2666.257596][T26235] file_mapped 311296 [ 2666.257596][T26235] file_dirty 0 [ 2666.257596][T26235] file_writeback 0 [ 2666.257596][T26235] swapcached 0 [ 2666.257596][T26235] anon_thp 0 [ 2666.257596][T26235] file_thp 0 [ 2666.257596][T26235] shmem_thp 0 [ 2666.257596][T26235] inactive_anon 200704 [ 2666.257596][T26235] active_anon 331776 [ 2666.257596][T26235] inactive_file 0 [ 2666.257596][T26235] active_file 0 [ 2666.257596][T26235] unevictable 0 [ 2666.257596][T26235] slab_reclaimable 22760 [ 2666.257596][T26235] slab_unreclaimable 308168096 [ 2666.257596][T26235] slab 308190856 [ 2666.354553][T26235] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26233,uid=0 [ 2666.373174][T26235] Memory cgroup out of memory: Killed process 26233 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2666.391063][T26242] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2666.401488][T26242] CPU: 0 PID: 26242 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2666.411593][T26242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2666.421683][T26242] Call Trace: [ 2666.424993][T26242] [ 2666.427949][T26242] dump_stack_lvl+0xcd/0x134 [ 2666.432583][T26242] dump_header+0x10b/0x7f9 [ 2666.437049][T26242] oom_kill_process.cold+0x10/0x15 [ 2666.442221][T26242] out_of_memory+0x358/0x14a0 [ 2666.446957][T26242] ? oom_killer_disable+0x270/0x270 [ 2666.452205][T26242] ? find_held_lock+0x2d/0x110 [ 2666.457116][T26242] mem_cgroup_out_of_memory+0x206/0x270 [ 2666.462708][T26242] ? mem_cgroup_margin+0x130/0x130 [ 2666.467861][T26242] ? lock_downgrade+0x6e0/0x6e0 [ 2666.472747][T26242] try_charge_memcg+0xf67/0x13f0 [ 2666.477720][T26242] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2666.483725][T26242] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2666.489553][T26242] ? lock_downgrade+0x6e0/0x6e0 [ 2666.494423][T26242] ? lock_downgrade+0x6e0/0x6e0 [ 2666.499301][T26242] obj_cgroup_charge+0x2ab/0x5e0 [ 2666.504280][T26242] kmem_cache_alloc_lru+0x13e/0x720 [ 2666.509515][T26242] ? sock_alloc_inode+0x23/0x1d0 [ 2666.514484][T26242] sock_alloc_inode+0x23/0x1d0 [ 2666.519270][T26242] ? sock_free_inode+0x20/0x20 [ 2666.524048][T26242] alloc_inode+0x61/0x230 [ 2666.528395][T26242] new_inode_pseudo+0x13/0x80 [ 2666.533089][T26242] sock_alloc+0x3c/0x260 [ 2666.537364][T26242] __sock_create+0xb9/0x790 [ 2666.541892][T26242] ? lock_downgrade+0x6e0/0x6e0 [ 2666.546771][T26242] __sys_socket+0x12f/0x240 [ 2666.551296][T26242] ? __sys_socket_file+0x1f0/0x1f0 [ 2666.556514][T26242] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2666.562436][T26242] __x64_sys_socket+0x6f/0xb0 [ 2666.567571][T26242] do_syscall_64+0x35/0xb0 [ 2666.572024][T26242] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2666.577949][T26242] RIP: 0033:0x7fefdee8b5a9 [ 2666.582379][T26242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2666.602012][T26242] RSP: 002b:00007fefe005a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 2666.610440][T26242] RAX: ffffffffffffffda RBX: 00007fefdefabf80 RCX: 00007fefdee8b5a9 [ 2666.618423][T26242] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 2666.626665][T26242] RBP: 00007fefdeee6580 R08: 0000000000000000 R09: 0000000000000000 [ 2666.634665][T26242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 11:16:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x219}]}}]}, 0x40}, 0x7}, 0x0) [ 2666.642678][T26242] R13: 00007ffd4124e5bf R14: 00007fefe005a300 R15: 0000000000022000 [ 2666.650703][T26242] [ 2666.658608][T26242] memory: usage 307200kB, limit 307200kB, failcnt 53712 [ 2666.666028][T26241] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2666.669329][T26242] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2666.689551][T26242] Memory cgroup stats for /syz2: [ 2666.689783][T26242] anon 98304 [ 2666.689783][T26242] file 364544 [ 2666.689783][T26242] kernel 314109952 [ 2666.689783][T26242] kernel_stack 65536 [ 2666.689783][T26242] pagetables 73728 [ 2666.689783][T26242] percpu 5619264 [ 2666.689783][T26242] sock 0 [ 2666.689783][T26242] vmalloc 0 [ 2666.689783][T26242] shmem 364544 [ 2666.689783][T26242] zswap 0 [ 2666.689783][T26242] zswapped 0 [ 2666.689783][T26242] file_mapped 364544 [ 2666.689783][T26242] file_dirty 0 [ 2666.689783][T26242] file_writeback 0 [ 2666.689783][T26242] swapcached 0 [ 2666.689783][T26242] anon_thp 0 [ 2666.689783][T26242] file_thp 0 [ 2666.689783][T26242] shmem_thp 0 [ 2666.689783][T26242] inactive_anon 102400 [ 2666.689783][T26242] active_anon 360448 [ 2666.689783][T26242] inactive_file 0 [ 2666.689783][T26242] active_file 0 [ 2666.689783][T26242] unevictable 0 [ 2666.689783][T26242] slab_reclaimable 125104 [ 2666.689783][T26242] slab_unreclaimable 308189768 [ 2666.689783][T26242] slab 308314872 11:16:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x40000) [ 2666.789516][T26242] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26238,uid=0 [ 2666.805605][T26242] Memory cgroup out of memory: Killed process 26238 (syz-executor.2) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70e}]}}]}, 0x40}, 0x7}, 0x0) [ 2666.841171][T26236] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2666.858394][T26236] CPU: 0 PID: 26236 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2666.868533][T26236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2666.878621][T26236] Call Trace: [ 2666.881920][T26236] [ 2666.884872][T26236] dump_stack_lvl+0xcd/0x134 11:16:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x400300) [ 2666.889507][T26236] dump_header+0x10b/0x7f9 [ 2666.893987][T26236] oom_kill_process.cold+0x10/0x15 [ 2666.899166][T26236] out_of_memory+0x358/0x14a0 [ 2666.903912][T26236] ? oom_killer_disable+0x270/0x270 [ 2666.909259][T26236] ? find_held_lock+0x2d/0x110 [ 2666.914090][T26236] mem_cgroup_out_of_memory+0x206/0x270 [ 2666.919672][T26236] ? mem_cgroup_margin+0x130/0x130 [ 2666.924824][T26236] ? lock_downgrade+0x6e0/0x6e0 [ 2666.930067][T26236] try_charge_memcg+0xf67/0x13f0 [ 2666.935063][T26236] ? mem_cgroup_handle_over_high+0x510/0x510 11:16:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf0ffff) 11:16:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x1000000) [ 2666.941090][T26236] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2666.946855][T26236] ? lock_downgrade+0x6e0/0x6e0 [ 2666.951753][T26236] ? lock_downgrade+0x6e0/0x6e0 [ 2666.956645][T26236] ? rcu_read_unlock+0x9/0x60 [ 2666.961398][T26236] obj_cgroup_charge+0x2ab/0x5e0 [ 2666.966398][T26236] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2666.971716][T26236] ? copy_semundo+0x187/0x2f0 [ 2666.976408][T26236] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2666.981764][T26236] copy_semundo+0x187/0x2f0 [ 2666.986314][T26236] copy_process+0x23fa/0x7090 [ 2666.991078][T26236] ? __cleanup_sighand+0xb0/0xb0 [ 2666.996107][T26236] kernel_clone+0xe7/0xab0 [ 2667.000573][T26236] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2667.006685][T26236] ? create_io_thread+0xe0/0xe0 [ 2667.011589][T26236] ? find_held_lock+0x2d/0x110 [ 2667.016406][T26236] ? __ct_user_exit+0xff/0x150 [ 2667.021213][T26236] __do_sys_clone+0xba/0x100 [ 2667.025813][T26236] ? kernel_clone+0xab0/0xab0 [ 2667.030503][T26236] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2667.036402][T26236] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2667.042326][T26236] do_syscall_64+0x35/0xb0 [ 2667.046765][T26236] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2667.052677][T26236] RIP: 0033:0x7fa378a8c9d1 [ 2667.057107][T26236] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2667.076719][T26236] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2667.085138][T26236] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2667.093115][T26236] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2667.101082][T26236] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2667.109173][T26236] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2667.117164][T26236] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2667.125187][T26236] [ 2667.133557][T26236] memory: usage 307200kB, limit 307200kB, failcnt 54867 [ 2667.140568][T26236] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2667.151962][T26236] Memory cgroup stats for /syz4: [ 2667.152207][T26236] anon 90112 [ 2667.152207][T26236] file 372736 [ 2667.152207][T26236] kernel 314109952 [ 2667.152207][T26236] kernel_stack 65536 [ 2667.152207][T26236] pagetables 65536 [ 2667.152207][T26236] percpu 5624000 [ 2667.152207][T26236] sock 0 [ 2667.152207][T26236] vmalloc 0 [ 2667.152207][T26236] shmem 372736 [ 2667.152207][T26236] zswap 0 [ 2667.152207][T26236] zswapped 0 [ 2667.152207][T26236] file_mapped 372736 [ 2667.152207][T26236] file_dirty 0 [ 2667.152207][T26236] file_writeback 0 [ 2667.152207][T26236] swapcached 0 [ 2667.152207][T26236] anon_thp 0 [ 2667.152207][T26236] file_thp 0 [ 2667.152207][T26236] shmem_thp 0 [ 2667.152207][T26236] inactive_anon 139264 [ 2667.152207][T26236] active_anon 323584 [ 2667.152207][T26236] inactive_file 0 [ 2667.152207][T26236] active_file 0 [ 2667.152207][T26236] unevictable 0 [ 2667.152207][T26236] slab_reclaimable 17888 [ 2667.152207][T26236] slab_unreclaimable 308300256 [ 2667.152207][T26236] slab 308318144 [ 2667.252506][T26236] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26236,uid=0 [ 2667.268677][T26236] Memory cgroup out of memory: Killed process 26236 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 11:16:22 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x701}]}}]}, 0x40}, 0x7}, 0x0) 11:16:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2000000) 11:16:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d1}]}}]}, 0x40}, 0x7}, 0x0) [ 2667.291972][T26251] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2667.389468][T26268] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2667.400424][T26268] CPU: 0 PID: 26268 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2667.412021][T26268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2667.422115][T26268] Call Trace: [ 2667.425436][T26268] [ 2667.428386][T26268] dump_stack_lvl+0xcd/0x134 [ 2667.433001][T26268] dump_header+0x10b/0x7f9 [ 2667.437454][T26268] oom_kill_process.cold+0x10/0x15 [ 2667.442606][T26268] out_of_memory+0x358/0x14a0 [ 2667.447332][T26268] ? find_held_lock+0x2d/0x110 [ 2667.452143][T26268] ? oom_killer_disable+0x270/0x270 [ 2667.457385][T26268] ? find_held_lock+0x2d/0x110 [ 2667.462305][T26268] mem_cgroup_out_of_memory+0x206/0x270 [ 2667.467906][T26268] ? mem_cgroup_margin+0x130/0x130 [ 2667.473054][T26268] ? lock_downgrade+0x6e0/0x6e0 [ 2667.478002][T26268] try_charge_memcg+0xf67/0x13f0 [ 2667.483183][T26268] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2667.489209][T26268] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2667.494960][T26268] ? lock_downgrade+0x6e0/0x6e0 [ 2667.499837][T26268] ? lock_downgrade+0x6e0/0x6e0 [ 2667.504723][T26268] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2667.510304][T26268] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2667.516737][T26268] copy_process+0x15f3/0x7090 [ 2667.521491][T26268] ? __lock_acquire+0xbc3/0x56d0 [ 2667.526455][T26268] ? __cleanup_sighand+0xb0/0xb0 [ 2667.531445][T26268] kernel_clone+0xe7/0xab0 [ 2667.535872][T26268] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2667.541903][T26268] ? create_io_thread+0xe0/0xe0 [ 2667.546783][T26268] ? find_held_lock+0x2d/0x110 [ 2667.551597][T26268] ? __ct_user_exit+0xff/0x150 [ 2667.556503][T26268] __do_sys_clone+0xba/0x100 [ 2667.561129][T26268] ? kernel_clone+0xab0/0xab0 [ 2667.565841][T26268] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2667.571793][T26268] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2667.577747][T26268] do_syscall_64+0x35/0xb0 [ 2667.582219][T26268] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2667.588163][T26268] RIP: 0033:0x7fa378a8c9d1 [ 2667.592611][T26268] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2667.612232][T26268] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2667.620653][T26268] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2667.628628][T26268] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2667.636616][T26268] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2667.644617][T26268] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2667.653069][T26268] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2667.661086][T26268] [ 2667.673996][T26268] memory: usage 307188kB, limit 307200kB, failcnt 54905 [ 2667.681313][T26268] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2667.690283][T26268] Memory cgroup stats for /syz4: [ 2667.690521][T26268] anon 90112 [ 2667.690521][T26268] file 372736 [ 2667.690521][T26268] kernel 314097664 [ 2667.690521][T26268] kernel_stack 32768 [ 2667.690521][T26268] pagetables 65536 [ 2667.690521][T26268] percpu 5624000 [ 2667.690521][T26268] sock 0 [ 2667.690521][T26268] vmalloc 0 [ 2667.690521][T26268] shmem 372736 [ 2667.690521][T26268] zswap 0 [ 2667.690521][T26268] zswapped 0 [ 2667.690521][T26268] file_mapped 372736 [ 2667.690521][T26268] file_dirty 0 [ 2667.690521][T26268] file_writeback 0 [ 2667.690521][T26268] swapcached 0 [ 2667.690521][T26268] anon_thp 0 [ 2667.690521][T26268] file_thp 0 [ 2667.690521][T26268] shmem_thp 0 [ 2667.690521][T26268] inactive_anon 98304 [ 2667.690521][T26268] active_anon 323584 [ 2667.690521][T26268] inactive_file 0 [ 2667.690521][T26268] active_file 0 [ 2667.690521][T26268] unevictable 0 [ 2667.690521][T26268] slab_reclaimable 17888 [ 2667.690521][T26268] slab_unreclaimable 308300256 [ 2667.690521][T26268] slab 308318144 [ 2667.785208][T26268] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26268,uid=0 [ 2667.804995][T26268] Memory cgroup out of memory: Killed process 26268 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2667.823177][T26253] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2667.841087][T26253] CPU: 1 PID: 26253 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2667.851218][T26253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2667.861307][T26253] Call Trace: [ 2667.864609][T26253] [ 2667.867564][T26253] dump_stack_lvl+0xcd/0x134 [ 2667.872191][T26253] dump_header+0x10b/0x7f9 [ 2667.876639][T26253] oom_kill_process.cold+0x10/0x15 [ 2667.881800][T26253] out_of_memory+0x358/0x14a0 [ 2667.886536][T26253] ? oom_killer_disable+0x270/0x270 [ 2667.891784][T26253] ? find_held_lock+0x2d/0x110 [ 2667.896608][T26253] mem_cgroup_out_of_memory+0x206/0x270 [ 2667.902192][T26253] ? mem_cgroup_margin+0x130/0x130 [ 2667.907341][T26253] ? lock_downgrade+0x6e0/0x6e0 [ 2667.912248][T26253] try_charge_memcg+0xf67/0x13f0 [ 2667.917237][T26253] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2667.923269][T26253] ? lock_downgrade+0x6e0/0x6e0 [ 2667.928153][T26253] charge_memcg+0x31/0x320 [ 2667.932582][T26253] __mem_cgroup_charge+0x27/0x90 [ 2667.937529][T26253] ? _compound_head+0x5d/0x150 [ 2667.942310][T26253] wp_page_copy+0x27c/0x1b10 [ 2667.946928][T26253] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2667.952414][T26253] ? lock_downgrade+0x6e0/0x6e0 [ 2667.957282][T26253] ? vm_normal_page+0x146/0x2a0 [ 2667.962144][T26253] do_wp_page+0x52c/0x1910 [ 2667.966565][T26253] __handle_mm_fault+0x1813/0x39b0 [ 2667.971706][T26253] ? vm_iomap_memory+0x190/0x190 [ 2667.976820][T26253] handle_mm_fault+0x1c8/0x780 [ 2667.981590][T26253] do_user_addr_fault+0x475/0x1210 [ 2667.986731][T26253] exc_page_fault+0x94/0x170 11:16:22 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x702}]}}]}, 0x40}, 0x7}, 0x0) [ 2667.991347][T26253] asm_exc_page_fault+0x22/0x30 [ 2667.996221][T26253] RIP: 0033:0x7fefdee35a15 [ 2668.000755][T26253] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2668.020443][T26253] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2668.026549][T26253] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2668.034553][T26253] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2668.042541][T26253] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2668.050530][T26253] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 000000000028b333 [ 2668.058524][T26253] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2668.066528][T26253] [ 2668.084542][T26253] memory: usage 307200kB, limit 307200kB, failcnt 53795 [ 2668.091760][T26253] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2668.106453][T26253] Memory cgroup stats for /syz2: [ 2668.106655][T26253] anon 98304 [ 2668.106655][T26253] file 364544 [ 2668.106655][T26253] kernel 314109952 [ 2668.106655][T26253] kernel_stack 65536 [ 2668.106655][T26253] pagetables 73728 [ 2668.106655][T26253] percpu 5619264 [ 2668.106655][T26253] sock 0 [ 2668.106655][T26253] vmalloc 0 [ 2668.106655][T26253] shmem 364544 [ 2668.106655][T26253] zswap 0 [ 2668.106655][T26253] zswapped 0 [ 2668.106655][T26253] file_mapped 364544 [ 2668.106655][T26253] file_dirty 0 [ 2668.106655][T26253] file_writeback 0 [ 2668.106655][T26253] swapcached 0 [ 2668.106655][T26253] anon_thp 0 [ 2668.106655][T26253] file_thp 0 [ 2668.106655][T26253] shmem_thp 0 [ 2668.106655][T26253] inactive_anon 102400 [ 2668.106655][T26253] active_anon 360448 [ 2668.106655][T26253] inactive_file 0 [ 2668.106655][T26253] active_file 0 [ 2668.106655][T26253] unevictable 0 [ 2668.106655][T26253] slab_reclaimable 127032 [ 2668.106655][T26253] slab_unreclaimable 308189472 [ 2668.106655][T26253] slab 308316504 [ 2668.204032][T26253] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26253,uid=0 [ 2668.220666][T26253] Memory cgroup out of memory: Killed process 26253 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:23 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70f}]}}]}, 0x40}, 0x7}, 0x0) [ 2668.243029][T26250] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2668.268132][T26250] CPU: 1 PID: 26250 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2668.278277][T26250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2668.288365][T26250] Call Trace: [ 2668.291755][T26250] [ 2668.294707][T26250] dump_stack_lvl+0xcd/0x134 [ 2668.299333][T26250] dump_header+0x10b/0x7f9 [ 2668.303789][T26250] oom_kill_process.cold+0x10/0x15 [ 2668.308943][T26250] out_of_memory+0x358/0x14a0 [ 2668.313667][T26250] ? oom_killer_disable+0x270/0x270 [ 2668.318905][T26250] ? find_held_lock+0x2d/0x110 [ 2668.323695][T26250] mem_cgroup_out_of_memory+0x206/0x270 [ 2668.329275][T26250] ? mem_cgroup_margin+0x130/0x130 [ 2668.334414][T26250] ? lock_downgrade+0x6e0/0x6e0 [ 2668.339313][T26250] try_charge_memcg+0xf67/0x13f0 [ 2668.344294][T26250] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2668.350318][T26250] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2668.356072][T26250] ? lock_downgrade+0x6e0/0x6e0 [ 2668.360931][T26250] ? lock_downgrade+0x6e0/0x6e0 [ 2668.365808][T26250] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2668.371403][T26250] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2668.377780][T26250] copy_process+0x73e/0x7090 [ 2668.382403][T26250] ? find_held_lock+0x2d/0x110 [ 2668.387193][T26250] ? __cleanup_sighand+0xb0/0xb0 [ 2668.392146][T26250] kernel_clone+0xe7/0xab0 [ 2668.396569][T26250] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2668.402739][T26250] ? create_io_thread+0xe0/0xe0 [ 2668.407634][T26250] ? find_held_lock+0x2d/0x110 [ 2668.412442][T26250] ? __ct_user_exit+0xff/0x150 [ 2668.417220][T26250] __do_sys_clone+0xba/0x100 [ 2668.421913][T26250] ? kernel_clone+0xab0/0xab0 [ 2668.426630][T26250] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2668.432568][T26250] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2668.438504][T26250] do_syscall_64+0x35/0xb0 [ 2668.442972][T26250] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2668.448906][T26250] RIP: 0033:0x7f89d288c9d1 [ 2668.453365][T26250] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2668.472986][T26250] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2668.481443][T26250] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2668.489458][T26250] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2668.497459][T26250] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2668.505444][T26250] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2668.513413][T26250] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2668.521479][T26250] [ 2668.534956][T26250] memory: usage 307200kB, limit 307200kB, failcnt 53867 [ 2668.541956][T26250] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2668.549307][T26250] Memory cgroup stats for /syz3: [ 2668.549514][T26250] anon 147456 [ 2668.549514][T26250] file 385024 [ 2668.549514][T26250] kernel 314023936 [ 2668.549514][T26250] kernel_stack 98304 [ 2668.549514][T26250] pagetables 81920 [ 2668.549514][T26250] percpu 5618080 [ 2668.549514][T26250] sock 0 [ 2668.549514][T26250] vmalloc 0 [ 2668.549514][T26250] shmem 385024 [ 2668.549514][T26250] zswap 0 [ 2668.549514][T26250] zswapped 0 [ 2668.549514][T26250] file_mapped 311296 [ 2668.549514][T26250] file_dirty 0 [ 2668.549514][T26250] file_writeback 0 [ 2668.549514][T26250] swapcached 0 [ 2668.549514][T26250] anon_thp 0 [ 2668.549514][T26250] file_thp 0 [ 2668.549514][T26250] shmem_thp 0 [ 2668.549514][T26250] inactive_anon 200704 [ 2668.549514][T26250] active_anon 331776 [ 2668.549514][T26250] inactive_file 0 [ 2668.549514][T26250] active_file 0 [ 2668.549514][T26250] unevictable 0 [ 2668.549514][T26250] slab_reclaimable 22760 [ 2668.549514][T26250] slab_unreclaimable 308172200 [ 2668.549514][T26250] slab 308194960 [ 2668.654243][T26250] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26250,uid=0 [ 2668.676918][T26250] Memory cgroup out of memory: Killed process 26250 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2668.713041][T26246] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2668.740682][T26246] CPU: 1 PID: 26246 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2668.750832][T26246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2668.760908][T26246] Call Trace: [ 2668.764188][T26246] [ 2668.767129][T26246] dump_stack_lvl+0xcd/0x134 [ 2668.771859][T26246] dump_header+0x10b/0x7f9 [ 2668.776304][T26246] oom_kill_process.cold+0x10/0x15 [ 2668.781441][T26246] out_of_memory+0x358/0x14a0 [ 2668.786149][T26246] ? oom_killer_disable+0x270/0x270 [ 2668.791390][T26246] ? find_held_lock+0x2d/0x110 [ 2668.796180][T26246] mem_cgroup_out_of_memory+0x206/0x270 [ 2668.801765][T26246] ? mem_cgroup_margin+0x130/0x130 [ 2668.806901][T26246] ? lock_downgrade+0x6e0/0x6e0 [ 2668.811801][T26246] try_charge_memcg+0xf67/0x13f0 [ 2668.816764][T26246] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2668.822775][T26246] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2668.828514][T26246] ? lock_downgrade+0x6e0/0x6e0 [ 2668.833382][T26246] ? lock_downgrade+0x6e0/0x6e0 [ 2668.838261][T26246] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2668.843945][T26246] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2668.850124][T26246] copy_process+0x73e/0x7090 [ 2668.854754][T26246] ? find_held_lock+0x2d/0x110 [ 2668.859559][T26246] ? __cleanup_sighand+0xb0/0xb0 [ 2668.864532][T26246] kernel_clone+0xe7/0xab0 [ 2668.868967][T26246] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2668.874965][T26246] ? create_io_thread+0xe0/0xe0 [ 2668.879864][T26246] ? find_held_lock+0x2d/0x110 [ 2668.884672][T26246] ? __ct_user_exit+0xff/0x150 [ 2668.889467][T26246] __do_sys_clone+0xba/0x100 [ 2668.894081][T26246] ? kernel_clone+0xab0/0xab0 [ 2668.898791][T26246] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2668.904702][T26246] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2668.910620][T26246] do_syscall_64+0x35/0xb0 [ 2668.915071][T26246] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2668.920989][T26246] RIP: 0033:0x7f542068c9d1 [ 2668.925415][T26246] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2668.945126][T26246] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2668.953551][T26246] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2668.961536][T26246] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2668.969548][T26246] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2668.977528][T26246] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2668.985510][T26246] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2668.993508][T26246] [ 2669.013281][T26247] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2669.033894][T26246] memory: usage 307200kB, limit 307200kB, failcnt 39311 [ 2669.040993][T26246] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2669.048525][T26246] Memory cgroup stats for /syz5: [ 2669.048713][T26246] anon 147456 [ 2669.048713][T26246] file 364544 [ 2669.048713][T26246] kernel 314060800 [ 2669.048713][T26246] kernel_stack 98304 [ 2669.048713][T26246] pagetables 81920 [ 2669.048713][T26246] percpu 5618080 [ 2669.048713][T26246] sock 0 [ 2669.048713][T26246] vmalloc 0 [ 2669.048713][T26246] shmem 356352 [ 2669.048713][T26246] zswap 0 [ 2669.048713][T26246] zswapped 0 [ 2669.048713][T26246] file_mapped 356352 [ 2669.048713][T26246] file_dirty 4096 [ 2669.048713][T26246] file_writeback 0 [ 2669.048713][T26246] swapcached 0 [ 2669.048713][T26246] anon_thp 0 [ 2669.048713][T26246] file_thp 0 [ 2669.048713][T26246] shmem_thp 0 [ 2669.048713][T26246] inactive_anon 151552 [ 2669.048713][T26246] active_anon 352256 [ 2669.048713][T26246] inactive_file 4096 [ 2669.048713][T26246] active_file 4096 [ 2669.048713][T26246] unevictable 0 [ 2669.048713][T26246] slab_reclaimable 20960 [ 2669.048713][T26246] slab_unreclaimable 308199952 [ 2669.048713][T26246] slab 308220912 [ 2669.076948][T26266] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2669.151556][T26246] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26246,uid=0 [ 2669.169612][T26246] Memory cgroup out of memory: Killed process 26246 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2669.189294][T26272] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2669.200098][T26272] CPU: 0 PID: 26272 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2669.210208][T26272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2669.220383][T26272] Call Trace: [ 2669.223683][T26272] [ 2669.226635][T26272] dump_stack_lvl+0xcd/0x134 [ 2669.231264][T26272] dump_header+0x10b/0x7f9 [ 2669.235719][T26272] oom_kill_process.cold+0x10/0x15 [ 2669.240885][T26272] out_of_memory+0x358/0x14a0 [ 2669.245610][T26272] ? oom_killer_disable+0x270/0x270 [ 2669.250839][T26272] ? find_held_lock+0x2d/0x110 [ 2669.255632][T26272] mem_cgroup_out_of_memory+0x206/0x270 [ 2669.261212][T26272] ? mem_cgroup_margin+0x130/0x130 [ 2669.266361][T26272] ? lock_downgrade+0x6e0/0x6e0 [ 2669.271296][T26272] try_charge_memcg+0xf67/0x13f0 [ 2669.276277][T26272] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2669.282282][T26272] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2669.288027][T26272] ? lock_downgrade+0x6e0/0x6e0 [ 2669.292902][T26272] ? lock_downgrade+0x6e0/0x6e0 [ 2669.297778][T26272] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2669.303356][T26272] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2669.309538][T26272] copy_process+0x73e/0x7090 [ 2669.314168][T26272] ? __lock_acquire+0xbc3/0x56d0 [ 2669.319159][T26272] ? __cleanup_sighand+0xb0/0xb0 [ 2669.324143][T26272] kernel_clone+0xe7/0xab0 [ 2669.328584][T26272] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2669.334585][T26272] ? create_io_thread+0xe0/0xe0 [ 2669.339459][T26272] ? find_held_lock+0x2d/0x110 [ 2669.344252][T26272] ? __ct_user_exit+0xff/0x150 [ 2669.349036][T26272] __do_sys_clone+0xba/0x100 [ 2669.353650][T26272] ? kernel_clone+0xab0/0xab0 [ 2669.358354][T26272] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2669.364264][T26272] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2669.370184][T26272] do_syscall_64+0x35/0xb0 [ 2669.374625][T26272] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2669.380544][T26272] RIP: 0033:0x7fa378a8c9d1 [ 2669.385061][T26272] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2669.404679][T26272] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2669.413103][T26272] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2669.421088][T26272] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2669.429090][T26272] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2669.437082][T26272] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2669.445088][T26272] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2669.453112][T26272] 11:16:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) 11:16:24 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3000000) 11:16:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x21a}]}}]}, 0x40}, 0x7}, 0x0) [ 2669.467784][T26272] memory: usage 307200kB, limit 307200kB, failcnt 54995 [ 2669.494142][T26272] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2669.511776][T26272] Memory cgroup stats for /syz4: [ 2669.511970][T26272] anon 90112 [ 2669.511970][T26272] file 372736 [ 2669.511970][T26272] kernel 314097664 [ 2669.511970][T26272] kernel_stack 32768 [ 2669.511970][T26272] pagetables 65536 [ 2669.511970][T26272] percpu 5624000 [ 2669.511970][T26272] sock 0 [ 2669.511970][T26272] vmalloc 0 [ 2669.511970][T26272] shmem 372736 [ 2669.511970][T26272] zswap 0 [ 2669.511970][T26272] zswapped 0 [ 2669.511970][T26272] file_mapped 372736 [ 2669.511970][T26272] file_dirty 0 [ 2669.511970][T26272] file_writeback 0 [ 2669.511970][T26272] swapcached 0 [ 2669.511970][T26272] anon_thp 0 [ 2669.511970][T26272] file_thp 0 [ 2669.511970][T26272] shmem_thp 0 [ 2669.511970][T26272] inactive_anon 139264 [ 2669.511970][T26272] active_anon 323584 [ 2669.511970][T26272] inactive_file 0 [ 2669.511970][T26272] active_file 0 [ 2669.511970][T26272] unevictable 0 [ 2669.511970][T26272] slab_reclaimable 17888 [ 2669.511970][T26272] slab_unreclaimable 308300256 [ 2669.511970][T26272] slab 308318144 11:16:24 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d2}]}}]}, 0x40}, 0x7}, 0x0) [ 2669.616954][T26272] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26272,uid=0 11:16:24 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x4000000) [ 2669.685917][T26284] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2669.704758][T26272] Memory cgroup out of memory: Killed process 26272 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2669.746664][T26273] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2669.764714][T26273] CPU: 1 PID: 26273 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2669.774858][T26273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2669.784959][T26273] Call Trace: [ 2669.788267][T26273] [ 2669.791219][T26273] dump_stack_lvl+0xcd/0x134 [ 2669.795862][T26273] dump_header+0x10b/0x7f9 [ 2669.800302][T26273] oom_kill_process.cold+0x10/0x15 [ 2669.805453][T26273] out_of_memory+0x358/0x14a0 [ 2669.810205][T26273] ? oom_killer_disable+0x270/0x270 [ 2669.815537][T26273] ? find_held_lock+0x2d/0x110 [ 2669.820335][T26273] mem_cgroup_out_of_memory+0x206/0x270 [ 2669.825919][T26273] ? mem_cgroup_margin+0x130/0x130 [ 2669.831058][T26273] ? lock_downgrade+0x6e0/0x6e0 [ 2669.835943][T26273] try_charge_memcg+0xf67/0x13f0 [ 2669.840927][T26273] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2669.846961][T26273] ? lock_downgrade+0x6e0/0x6e0 [ 2669.851865][T26273] charge_memcg+0x31/0x320 [ 2669.856322][T26273] __mem_cgroup_charge+0x27/0x90 [ 2669.861286][T26273] ? _compound_head+0x5d/0x150 [ 2669.866094][T26273] wp_page_copy+0x27c/0x1b10 [ 2669.870733][T26273] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2669.876337][T26273] ? lock_downgrade+0x6e0/0x6e0 [ 2669.881222][T26273] ? vm_normal_page+0x146/0x2a0 [ 2669.886105][T26273] do_wp_page+0x52c/0x1910 [ 2669.890545][T26273] __handle_mm_fault+0x1813/0x39b0 [ 2669.895682][T26273] ? vm_iomap_memory+0x190/0x190 [ 2669.900661][T26273] handle_mm_fault+0x1c8/0x780 [ 2669.905452][T26273] do_user_addr_fault+0x475/0x1210 [ 2669.910598][T26273] exc_page_fault+0x94/0x170 [ 2669.915213][T26273] asm_exc_page_fault+0x22/0x30 [ 2669.920086][T26273] RIP: 0033:0x7fefdee35a15 [ 2669.924529][T26273] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2669.944160][T26273] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2669.950251][T26273] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2669.958237][T26273] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2669.966232][T26273] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2669.974302][T26273] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 000000000028ba66 [ 2669.982285][T26273] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2669.990286][T26273] 11:16:24 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x703}]}}]}, 0x40}, 0x7}, 0x0) [ 2670.011773][T26273] memory: usage 307200kB, limit 307200kB, failcnt 53877 [ 2670.019181][T26280] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2670.033408][T26273] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2670.049404][T26273] Memory cgroup stats for /syz2: [ 2670.049652][T26273] anon 98304 [ 2670.049652][T26273] file 364544 [ 2670.049652][T26273] kernel 314109952 [ 2670.049652][T26273] kernel_stack 65536 [ 2670.049652][T26273] pagetables 73728 [ 2670.049652][T26273] percpu 5619264 [ 2670.049652][T26273] sock 0 [ 2670.049652][T26273] vmalloc 0 [ 2670.049652][T26273] shmem 364544 [ 2670.049652][T26273] zswap 0 [ 2670.049652][T26273] zswapped 0 [ 2670.049652][T26273] file_mapped 364544 [ 2670.049652][T26273] file_dirty 0 [ 2670.049652][T26273] file_writeback 0 [ 2670.049652][T26273] swapcached 0 [ 2670.049652][T26273] anon_thp 0 [ 2670.049652][T26273] file_thp 0 [ 2670.049652][T26273] shmem_thp 0 [ 2670.049652][T26273] inactive_anon 102400 [ 2670.049652][T26273] active_anon 360448 [ 2670.049652][T26273] inactive_file 0 [ 2670.049652][T26273] active_file 0 [ 2670.049652][T26273] unevictable 0 [ 2670.049652][T26273] slab_reclaimable 127032 [ 2670.049652][T26273] slab_unreclaimable 308189472 [ 2670.049652][T26273] slab 308316504 [ 2670.191230][T26273] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26273,uid=0 [ 2670.213394][T26273] Memory cgroup out of memory: Killed process 26273 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x710}]}}]}, 0x40}, 0x7}, 0x0) [ 2670.236466][T26276] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2670.253072][T26276] CPU: 0 PID: 26276 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2670.263262][T26276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2670.274568][T26276] Call Trace: [ 2670.277856][T26276] [ 2670.280800][T26276] dump_stack_lvl+0xcd/0x134 [ 2670.285413][T26276] dump_header+0x10b/0x7f9 [ 2670.289857][T26276] oom_kill_process.cold+0x10/0x15 [ 2670.294990][T26276] out_of_memory+0x358/0x14a0 [ 2670.299696][T26276] ? oom_killer_disable+0x270/0x270 [ 2670.304930][T26276] ? find_held_lock+0x2d/0x110 [ 2670.309724][T26276] mem_cgroup_out_of_memory+0x206/0x270 [ 2670.315403][T26276] ? mem_cgroup_margin+0x130/0x130 [ 2670.320545][T26276] ? lock_downgrade+0x6e0/0x6e0 [ 2670.325434][T26276] try_charge_memcg+0xf67/0x13f0 [ 2670.330401][T26276] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2670.336404][T26276] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2670.342143][T26276] ? lock_downgrade+0x6e0/0x6e0 [ 2670.347819][T26276] ? lock_downgrade+0x6e0/0x6e0 [ 2670.352771][T26276] ? rcu_read_unlock+0x9/0x60 [ 2670.357486][T26276] obj_cgroup_charge+0x2ab/0x5e0 [ 2670.362458][T26276] ? copy_process+0x5c2/0x7090 [ 2670.367247][T26276] kmem_cache_alloc_node+0x92/0x3f0 [ 2670.372467][T26276] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2670.377705][T26276] copy_process+0x5c2/0x7090 [ 2670.382325][T26276] ? find_held_lock+0x2d/0x110 [ 2670.387125][T26276] ? find_held_lock+0x2d/0x110 [ 2670.391947][T26276] ? __cleanup_sighand+0xb0/0xb0 [ 2670.396923][T26276] kernel_clone+0xe7/0xab0 [ 2670.401368][T26276] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2670.407459][T26276] ? create_io_thread+0xe0/0xe0 [ 2670.412334][T26276] ? find_held_lock+0x2d/0x110 [ 2670.417238][T26276] ? __ct_user_exit+0xff/0x150 [ 2670.422194][T26276] __do_sys_clone+0xba/0x100 [ 2670.426817][T26276] ? kernel_clone+0xab0/0xab0 [ 2670.431526][T26276] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2670.437629][T26276] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2670.443636][T26276] do_syscall_64+0x35/0xb0 [ 2670.448099][T26276] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2670.454051][T26276] RIP: 0033:0x7f542068c9d1 [ 2670.458519][T26276] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2670.478247][T26276] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2670.486686][T26276] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2670.494672][T26276] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2670.502654][T26276] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2670.510637][T26276] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2670.518627][T26276] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2670.526629][T26276] [ 2670.535326][T26276] memory: usage 307196kB, limit 307200kB, failcnt 39367 [ 2670.542616][T26276] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2670.550046][T26276] Memory cgroup stats for /syz5: [ 2670.550273][T26276] anon 147456 [ 2670.550273][T26276] file 364544 [ 2670.550273][T26276] kernel 314056704 [ 2670.550273][T26276] kernel_stack 98304 [ 2670.550273][T26276] pagetables 81920 [ 2670.550273][T26276] percpu 5618080 [ 2670.550273][T26276] sock 0 [ 2670.550273][T26276] vmalloc 0 [ 2670.550273][T26276] shmem 356352 [ 2670.550273][T26276] zswap 0 [ 2670.550273][T26276] zswapped 0 [ 2670.550273][T26276] file_mapped 356352 [ 2670.550273][T26276] file_dirty 0 [ 2670.550273][T26276] file_writeback 0 [ 2670.550273][T26276] swapcached 0 [ 2670.550273][T26276] anon_thp 0 [ 2670.550273][T26276] file_thp 0 [ 2670.550273][T26276] shmem_thp 0 [ 2670.550273][T26276] inactive_anon 151552 [ 2670.550273][T26276] active_anon 352256 [ 2670.550273][T26276] inactive_file 0 [ 2670.550273][T26276] active_file 8192 [ 2670.550273][T26276] unevictable 0 [ 2670.550273][T26276] slab_reclaimable 20960 [ 2670.550273][T26276] slab_unreclaimable 308203792 [ 2670.550273][T26276] slab 308224752 [ 2670.648147][T26276] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26276,uid=0 [ 2670.663938][T26276] Memory cgroup out of memory: Killed process 26276 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2670.681873][T26278] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2670.692370][T26278] CPU: 1 PID: 26278 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2670.702479][T26278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2670.712583][T26278] Call Trace: [ 2670.715884][T26278] [ 2670.718827][T26278] dump_stack_lvl+0xcd/0x134 [ 2670.723425][T26278] dump_header+0x10b/0x7f9 [ 2670.727849][T26278] oom_kill_process.cold+0x10/0x15 [ 2670.733078][T26278] out_of_memory+0x358/0x14a0 [ 2670.737805][T26278] ? oom_killer_disable+0x270/0x270 [ 2670.743039][T26278] ? find_held_lock+0x2d/0x110 [ 2670.747862][T26278] mem_cgroup_out_of_memory+0x206/0x270 [ 2670.753473][T26278] ? mem_cgroup_margin+0x130/0x130 [ 2670.758621][T26278] ? lock_downgrade+0x6e0/0x6e0 [ 2670.763524][T26278] try_charge_memcg+0xf67/0x13f0 [ 2670.770429][T26278] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2670.776463][T26278] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2670.782226][T26278] ? lock_downgrade+0x6e0/0x6e0 [ 2670.787084][T26278] ? lock_downgrade+0x6e0/0x6e0 [ 2670.791960][T26278] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2670.797544][T26278] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2670.803743][T26278] copy_process+0x15f3/0x7090 [ 2670.808470][T26278] ? find_held_lock+0x2d/0x110 [ 2670.813387][T26278] ? __cleanup_sighand+0xb0/0xb0 [ 2670.818377][T26278] kernel_clone+0xe7/0xab0 [ 2670.822816][T26278] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2670.828850][T26278] ? create_io_thread+0xe0/0xe0 [ 2670.833719][T26278] ? find_held_lock+0x2d/0x110 [ 2670.838513][T26278] ? __ct_user_exit+0xff/0x150 [ 2670.843311][T26278] __do_sys_clone+0xba/0x100 [ 2670.847957][T26278] ? kernel_clone+0xab0/0xab0 [ 2670.852712][T26278] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2670.858612][T26278] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2670.864546][T26278] do_syscall_64+0x35/0xb0 [ 2670.868995][T26278] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2670.874893][T26278] RIP: 0033:0x7f89d288c9d1 [ 2670.879310][T26278] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2670.898931][T26278] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2670.907379][T26278] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2670.915703][T26278] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2670.923950][T26278] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2670.931990][T26278] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2670.939969][T26278] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2670.947973][T26278] [ 2670.956798][T26278] memory: usage 307200kB, limit 307200kB, failcnt 54007 [ 2670.964116][T26278] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2670.971223][T26278] Memory cgroup stats for /syz3: [ 2670.971378][T26278] anon 147456 [ 2670.971378][T26278] file 385024 [ 2670.971378][T26278] kernel 314023936 [ 2670.971378][T26278] kernel_stack 98304 [ 2670.971378][T26278] pagetables 81920 [ 2670.971378][T26278] percpu 5618080 [ 2670.971378][T26278] sock 0 [ 2670.971378][T26278] vmalloc 0 [ 2670.971378][T26278] shmem 385024 [ 2670.971378][T26278] zswap 0 [ 2670.971378][T26278] zswapped 0 [ 2670.971378][T26278] file_mapped 311296 [ 2670.971378][T26278] file_dirty 0 [ 2670.971378][T26278] file_writeback 0 [ 2670.971378][T26278] swapcached 0 [ 2670.971378][T26278] anon_thp 0 [ 2670.971378][T26278] file_thp 0 [ 2670.971378][T26278] shmem_thp 0 [ 2670.971378][T26278] inactive_anon 200704 [ 2670.971378][T26278] active_anon 331776 [ 2670.971378][T26278] inactive_file 0 [ 2670.971378][T26278] active_file 0 [ 2670.971378][T26278] unevictable 0 [ 2670.971378][T26278] slab_reclaimable 22760 [ 2670.971378][T26278] slab_unreclaimable 308169896 [ 2670.971378][T26278] slab 308192656 [ 2671.068518][T26278] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26278,uid=0 [ 2671.085942][T26278] Memory cgroup out of memory: Killed process 26278 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2671.118791][T26285] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2671.161381][T26292] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2671.183008][T26292] CPU: 1 PID: 26292 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2671.193149][T26292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2671.203228][T26292] Call Trace: [ 2671.206520][T26292] [ 2671.209461][T26292] dump_stack_lvl+0xcd/0x134 [ 2671.214068][T26292] dump_header+0x10b/0x7f9 [ 2671.218501][T26292] oom_kill_process.cold+0x10/0x15 [ 2671.223732][T26292] out_of_memory+0x358/0x14a0 [ 2671.228422][T26292] ? find_held_lock+0x2d/0x110 [ 2671.233241][T26292] ? oom_killer_disable+0x270/0x270 [ 2671.238622][T26292] ? find_held_lock+0x2d/0x110 [ 2671.243414][T26292] mem_cgroup_out_of_memory+0x206/0x270 [ 2671.249023][T26292] ? mem_cgroup_margin+0x130/0x130 [ 2671.254167][T26292] ? lock_downgrade+0x6e0/0x6e0 [ 2671.259062][T26292] try_charge_memcg+0xf67/0x13f0 [ 2671.264036][T26292] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2671.270039][T26292] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2671.275775][T26292] ? lock_downgrade+0x6e0/0x6e0 [ 2671.280644][T26292] ? lock_downgrade+0x6e0/0x6e0 [ 2671.285616][T26292] ? rcu_read_unlock+0x9/0x60 [ 2671.290711][T26292] obj_cgroup_charge+0x2ab/0x5e0 [ 2671.295679][T26292] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2671.301005][T26292] ? copy_semundo+0x187/0x2f0 [ 2671.305717][T26292] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2671.311115][T26292] copy_semundo+0x187/0x2f0 [ 2671.315648][T26292] copy_process+0x23fa/0x7090 [ 2671.320380][T26292] ? __cleanup_sighand+0xb0/0xb0 [ 2671.325362][T26292] kernel_clone+0xe7/0xab0 [ 2671.329893][T26292] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2671.335895][T26292] ? create_io_thread+0xe0/0xe0 [ 2671.340861][T26292] ? find_held_lock+0x2d/0x110 [ 2671.345655][T26292] ? __ct_user_exit+0xff/0x150 [ 2671.350447][T26292] __do_sys_clone+0xba/0x100 [ 2671.355057][T26292] ? kernel_clone+0xab0/0xab0 [ 2671.359763][T26292] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2671.365684][T26292] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2671.371606][T26292] do_syscall_64+0x35/0xb0 [ 2671.376146][T26292] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2671.382063][T26292] RIP: 0033:0x7fa378a8c9d1 [ 2671.386490][T26292] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2671.406114][T26292] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2671.414543][T26292] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2671.422525][T26292] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2671.430507][T26292] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2671.438497][T26292] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2671.446475][T26292] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2671.454495][T26292] [ 2671.464041][T26292] memory: usage 307200kB, limit 307200kB, failcnt 55074 [ 2671.471244][T26292] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2671.478513][T26292] Memory cgroup stats for /syz4: [ 2671.478716][T26292] anon 90112 [ 2671.478716][T26292] file 372736 [ 2671.478716][T26292] kernel 314109952 [ 2671.478716][T26292] kernel_stack 65536 [ 2671.478716][T26292] pagetables 65536 [ 2671.478716][T26292] percpu 5624000 [ 2671.478716][T26292] sock 0 [ 2671.478716][T26292] vmalloc 0 [ 2671.478716][T26292] shmem 372736 [ 2671.478716][T26292] zswap 0 [ 2671.478716][T26292] zswapped 0 [ 2671.478716][T26292] file_mapped 372736 [ 2671.478716][T26292] file_dirty 0 [ 2671.478716][T26292] file_writeback 0 [ 2671.478716][T26292] swapcached 0 [ 2671.478716][T26292] anon_thp 0 [ 2671.478716][T26292] file_thp 0 [ 2671.478716][T26292] shmem_thp 0 [ 2671.478716][T26292] inactive_anon 139264 [ 2671.478716][T26292] active_anon 323584 [ 2671.478716][T26292] inactive_file 0 [ 2671.478716][T26292] active_file 0 [ 2671.478716][T26292] unevictable 0 [ 2671.478716][T26292] slab_reclaimable 17888 [ 2671.478716][T26292] slab_unreclaimable 308300256 [ 2671.478716][T26292] slab 308318144 [ 2671.573404][T26292] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26292,uid=0 11:16:26 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x704}]}}]}, 0x40}, 0x7}, 0x0) [ 2671.597569][T26292] Memory cgroup out of memory: Killed process 26292 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2671.617126][T26293] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2671.628886][T26293] CPU: 0 PID: 26293 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2671.639104][T26293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2671.649291][T26293] Call Trace: [ 2671.652612][T26293] [ 2671.655578][T26293] dump_stack_lvl+0xcd/0x134 [ 2671.660210][T26293] dump_header+0x10b/0x7f9 [ 2671.664676][T26293] oom_kill_process.cold+0x10/0x15 [ 2671.670013][T26293] out_of_memory+0x358/0x14a0 [ 2671.674922][T26293] ? oom_killer_disable+0x270/0x270 [ 2671.680174][T26293] ? find_held_lock+0x2d/0x110 [ 2671.685011][T26293] mem_cgroup_out_of_memory+0x206/0x270 [ 2671.690604][T26293] ? mem_cgroup_margin+0x130/0x130 [ 2671.695792][T26293] ? lock_downgrade+0x6e0/0x6e0 [ 2671.700710][T26293] try_charge_memcg+0xf67/0x13f0 [ 2671.705706][T26293] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2671.711750][T26293] ? lock_downgrade+0x6e0/0x6e0 [ 2671.716690][T26293] charge_memcg+0x31/0x320 [ 2671.721165][T26293] __mem_cgroup_charge+0x27/0x90 [ 2671.726172][T26293] ? _compound_head+0x5d/0x150 [ 2671.730976][T26293] wp_page_copy+0x27c/0x1b10 [ 2671.735593][T26293] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2671.741091][T26293] ? lock_downgrade+0x6e0/0x6e0 [ 2671.745958][T26293] ? vm_normal_page+0x146/0x2a0 [ 2671.750853][T26293] do_wp_page+0x52c/0x1910 [ 2671.755305][T26293] __handle_mm_fault+0x1813/0x39b0 [ 2671.760472][T26293] ? vm_iomap_memory+0x190/0x190 [ 2671.765461][T26293] handle_mm_fault+0x1c8/0x780 [ 2671.770251][T26293] do_user_addr_fault+0x475/0x1210 [ 2671.775407][T26293] exc_page_fault+0x94/0x170 [ 2671.780017][T26293] asm_exc_page_fault+0x22/0x30 [ 2671.784898][T26293] RIP: 0033:0x7fefdee35a15 [ 2671.789326][T26293] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2671.808967][T26293] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 11:16:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) 11:16:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x21b}]}}]}, 0x40}, 0x7}, 0x0) [ 2671.815144][T26293] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2671.823212][T26293] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2671.831279][T26293] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2671.839395][T26293] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 000000000028c200 [ 2671.847720][T26293] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2671.855720][T26293] 11:16:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d3}]}}]}, 0x40}, 0x7}, 0x0) 11:16:26 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x5000000) [ 2671.902963][T26293] memory: usage 307200kB, limit 307200kB, failcnt 53952 [ 2671.912771][T26293] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2671.920741][T26293] Memory cgroup stats for /syz2: [ 2671.920975][T26293] anon 98304 [ 2671.920975][T26293] file 364544 [ 2671.920975][T26293] kernel 314109952 [ 2671.920975][T26293] kernel_stack 65536 [ 2671.920975][T26293] pagetables 73728 [ 2671.920975][T26293] percpu 5619264 [ 2671.920975][T26293] sock 0 [ 2671.920975][T26293] vmalloc 0 [ 2671.920975][T26293] shmem 364544 [ 2671.920975][T26293] zswap 0 [ 2671.920975][T26293] zswapped 0 [ 2671.920975][T26293] file_mapped 364544 [ 2671.920975][T26293] file_dirty 0 [ 2671.920975][T26293] file_writeback 0 [ 2671.920975][T26293] swapcached 0 [ 2671.920975][T26293] anon_thp 0 [ 2671.920975][T26293] file_thp 0 [ 2671.920975][T26293] shmem_thp 0 [ 2671.920975][T26293] inactive_anon 102400 [ 2671.920975][T26293] active_anon 360448 [ 2671.920975][T26293] inactive_file 0 [ 2671.920975][T26293] active_file 0 [ 2671.920975][T26293] unevictable 0 [ 2671.920975][T26293] slab_reclaimable 127032 [ 2671.920975][T26293] slab_unreclaimable 308189472 [ 2671.920975][T26293] slab 308316504 [ 2671.989375][T26302] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2672.040441][T26293] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26293,uid=0 [ 2672.056960][T26293] Memory cgroup out of memory: Killed process 26293 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x711}]}}]}, 0x40}, 0x7}, 0x0) [ 2672.112496][T26296] Memory cgroup out of memory: Killed process 26296 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2672.154437][T26300] Memory cgroup out of memory: Killed process 26300 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 11:16:26 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x705}]}}]}, 0x40}, 0x7}, 0x0) 11:16:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x6000000) [ 2672.268798][T26304] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2672.277705][T26299] Memory cgroup out of memory: Killed process 26299 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2672.361747][T26309] Memory cgroup out of memory: Killed process 26309 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2672.398184][T26311] oom_kill_process: 4 callbacks suppressed 11:16:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x712}]}}]}, 0x40}, 0x7}, 0x0) [ 2672.398208][T26311] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2672.423238][T26311] CPU: 1 PID: 26311 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2672.433390][T26311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2672.443564][T26311] Call Trace: [ 2672.446876][T26311] [ 2672.449801][T26311] dump_stack_lvl+0xcd/0x134 [ 2672.454435][T26311] dump_header+0x10b/0x7f9 [ 2672.459018][T26311] oom_kill_process.cold+0x10/0x15 [ 2672.464178][T26311] out_of_memory+0x358/0x14a0 [ 2672.468906][T26311] ? oom_killer_disable+0x270/0x270 [ 2672.474232][T26311] ? find_held_lock+0x2d/0x110 [ 2672.479017][T26311] mem_cgroup_out_of_memory+0x206/0x270 [ 2672.484598][T26311] ? mem_cgroup_margin+0x130/0x130 [ 2672.489738][T26311] ? lock_downgrade+0x6e0/0x6e0 [ 2672.495753][T26311] try_charge_memcg+0xf67/0x13f0 [ 2672.500760][T26311] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2672.506760][T26311] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2672.512525][T26311] ? lock_downgrade+0x6e0/0x6e0 [ 2672.517611][T26311] ? lock_downgrade+0x6e0/0x6e0 [ 2672.522486][T26311] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2672.528057][T26311] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2672.534322][T26311] copy_process+0x73e/0x7090 [ 2672.538969][T26311] ? __lock_acquire+0xbc3/0x56d0 [ 2672.544032][T26311] ? __cleanup_sighand+0xb0/0xb0 [ 2672.549114][T26311] kernel_clone+0xe7/0xab0 [ 2672.553545][T26311] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2672.559545][T26311] ? create_io_thread+0xe0/0xe0 [ 2672.564420][T26311] ? find_held_lock+0x2d/0x110 [ 2672.569242][T26311] ? __ct_user_exit+0xff/0x150 [ 2672.574028][T26311] __do_sys_clone+0xba/0x100 [ 2672.578639][T26311] ? kernel_clone+0xab0/0xab0 [ 2672.583440][T26311] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2672.589371][T26311] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2672.595300][T26311] do_syscall_64+0x35/0xb0 [ 2672.599746][T26311] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2672.605662][T26311] RIP: 0033:0x7fa378a8c9d1 [ 2672.610085][T26311] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2672.630100][T26311] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2672.638628][T26311] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2672.646714][T26311] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2672.654711][T26311] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2672.662707][T26311] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2672.670689][T26311] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2672.678713][T26311] [ 2672.693208][T26311] memory: usage 307200kB, limit 307200kB, failcnt 55213 [ 2672.701235][T26301] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2672.702334][T26311] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2672.719071][T26311] Memory cgroup stats for /syz4: [ 2672.719294][T26311] anon 90112 [ 2672.719294][T26311] file 372736 [ 2672.719294][T26311] kernel 314109952 [ 2672.719294][T26311] kernel_stack 32768 [ 2672.719294][T26311] pagetables 65536 [ 2672.719294][T26311] percpu 5624000 [ 2672.719294][T26311] sock 0 [ 2672.719294][T26311] vmalloc 0 [ 2672.719294][T26311] shmem 372736 [ 2672.719294][T26311] zswap 0 [ 2672.719294][T26311] zswapped 0 [ 2672.719294][T26311] file_mapped 372736 [ 2672.719294][T26311] file_dirty 0 [ 2672.719294][T26311] file_writeback 0 [ 2672.719294][T26311] swapcached 0 [ 2672.719294][T26311] anon_thp 0 [ 2672.719294][T26311] file_thp 0 [ 2672.719294][T26311] shmem_thp 0 [ 2672.719294][T26311] inactive_anon 139264 [ 2672.719294][T26311] active_anon 323584 [ 2672.719294][T26311] inactive_file 0 [ 2672.719294][T26311] active_file 0 [ 2672.719294][T26311] unevictable 0 [ 2672.719294][T26311] slab_reclaimable 17888 11:16:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x21c}]}}]}, 0x40}, 0x7}, 0x0) [ 2672.719294][T26311] slab_unreclaimable 308311656 [ 2672.719294][T26311] slab 308329544 11:16:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x7000000) 11:16:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) [ 2672.834275][T26311] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26311,uid=0 [ 2672.857273][T26311] Memory cgroup out of memory: Killed process 26311 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2672.862955][T26316] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:16:27 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d4}]}}]}, 0x40}, 0x7}, 0x0) 11:16:27 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x706}]}}]}, 0x40}, 0x7}, 0x0) [ 2672.991592][T26317] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2673.012111][T26317] CPU: 0 PID: 26317 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2673.022342][T26317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2673.032570][T26317] Call Trace: [ 2673.035890][T26317] [ 2673.038835][T26317] dump_stack_lvl+0xcd/0x134 [ 2673.043631][T26317] dump_header+0x10b/0x7f9 [ 2673.048077][T26317] oom_kill_process.cold+0x10/0x15 [ 2673.053209][T26317] out_of_memory+0x358/0x14a0 [ 2673.057927][T26317] ? find_held_lock+0x2d/0x110 [ 2673.062720][T26317] ? oom_killer_disable+0x270/0x270 [ 2673.067942][T26317] ? find_held_lock+0x2d/0x110 [ 2673.072735][T26317] mem_cgroup_out_of_memory+0x206/0x270 [ 2673.078336][T26317] ? mem_cgroup_margin+0x130/0x130 [ 2673.083478][T26317] ? lock_downgrade+0x6e0/0x6e0 [ 2673.088392][T26317] try_charge_memcg+0xf67/0x13f0 [ 2673.093375][T26317] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2673.099390][T26317] ? lock_downgrade+0x6e0/0x6e0 [ 2673.104273][T26317] charge_memcg+0x31/0x320 [ 2673.108718][T26317] __mem_cgroup_charge+0x27/0x90 [ 2673.113674][T26317] ? _compound_head+0x5d/0x150 [ 2673.118465][T26317] wp_page_copy+0x27c/0x1b10 [ 2673.123296][T26317] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2673.128780][T26317] ? lock_downgrade+0x6e0/0x6e0 [ 2673.133660][T26317] ? vm_normal_page+0x146/0x2a0 [ 2673.138553][T26317] do_wp_page+0x52c/0x1910 [ 2673.142995][T26317] __handle_mm_fault+0x1813/0x39b0 [ 2673.148155][T26317] ? vm_iomap_memory+0x190/0x190 [ 2673.153242][T26317] handle_mm_fault+0x1c8/0x780 [ 2673.158052][T26317] do_user_addr_fault+0x475/0x1210 [ 2673.163298][T26317] exc_page_fault+0x94/0x170 [ 2673.167937][T26317] asm_exc_page_fault+0x22/0x30 [ 2673.172875][T26317] RIP: 0033:0x7fefdee362de [ 2673.177325][T26317] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2673.197231][T26317] RSP: 002b:00007ffd4124e640 EFLAGS: 00010246 [ 2673.203326][T26317] RAX: 00007fefdefabf80 RBX: 00007fefdefabf8c RCX: 0000000000000000 [ 2673.211309][T26317] RDX: 0000000000000000 RSI: 00007fefdefabf88 RDI: 0000000000000000 [ 2673.219571][T26317] RBP: 00007fefdefabf80 R08: 00007fefe005a700 R09: 00007fefe005a700 [ 2673.227554][T26317] R10: 00007fefe005a9d0 R11: 0000000000000206 R12: 00007fefdefabf8c [ 2673.235549][T26317] R13: 00007fefdefb0060 R14: 00007fefdefabf80 R15: 0000000000000000 [ 2673.243659][T26317] 11:16:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8000000) [ 2673.317423][T26323] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2673.342735][T26317] memory: usage 307200kB, limit 307200kB, failcnt 54128 [ 2673.358142][T26317] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2673.366019][T26317] Memory cgroup stats for /syz2: [ 2673.366201][T26317] anon 90112 [ 2673.366201][T26317] file 364544 [ 2673.366201][T26317] kernel 314118144 [ 2673.366201][T26317] kernel_stack 65536 [ 2673.366201][T26317] pagetables 69632 [ 2673.366201][T26317] percpu 5619264 [ 2673.366201][T26317] sock 0 [ 2673.366201][T26317] vmalloc 0 [ 2673.366201][T26317] shmem 364544 [ 2673.366201][T26317] zswap 0 [ 2673.366201][T26317] zswapped 0 [ 2673.366201][T26317] file_mapped 364544 [ 2673.366201][T26317] file_dirty 0 [ 2673.366201][T26317] file_writeback 0 [ 2673.366201][T26317] swapcached 0 [ 2673.366201][T26317] anon_thp 0 [ 2673.366201][T26317] file_thp 0 [ 2673.366201][T26317] shmem_thp 0 [ 2673.366201][T26317] inactive_anon 94208 [ 2673.366201][T26317] active_anon 360448 [ 2673.366201][T26317] inactive_file 0 [ 2673.366201][T26317] active_file 0 [ 2673.366201][T26317] unevictable 0 [ 2673.366201][T26317] slab_reclaimable 125104 [ 2673.366201][T26317] slab_unreclaimable 308200224 [ 2673.366201][T26317] slab 308325328 [ 2673.462180][T26317] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26317,uid=0 [ 2673.483817][T26317] Memory cgroup out of memory: Killed process 26317 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 2673.508296][T26329] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. 11:16:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x713}]}}]}, 0x40}, 0x7}, 0x0) [ 2673.518092][T26324] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2673.550093][T26324] CPU: 1 PID: 26324 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2673.560240][T26324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2673.570333][T26324] Call Trace: [ 2673.573638][T26324] [ 2673.576594][T26324] dump_stack_lvl+0xcd/0x134 [ 2673.581231][T26324] dump_header+0x10b/0x7f9 [ 2673.585695][T26324] oom_kill_process.cold+0x10/0x15 [ 2673.590854][T26324] out_of_memory+0x358/0x14a0 [ 2673.595598][T26324] ? oom_killer_disable+0x270/0x270 [ 2673.600850][T26324] ? find_held_lock+0x2d/0x110 [ 2673.605684][T26324] mem_cgroup_out_of_memory+0x206/0x270 [ 2673.611293][T26324] ? mem_cgroup_margin+0x130/0x130 11:16:28 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d5}]}}]}, 0x40}, 0x7}, 0x0) [ 2673.616447][T26324] ? lock_downgrade+0x6e0/0x6e0 [ 2673.621368][T26324] try_charge_memcg+0xf67/0x13f0 [ 2673.626368][T26324] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2673.632400][T26324] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2673.638182][T26324] ? lock_downgrade+0x6e0/0x6e0 [ 2673.643092][T26324] obj_cgroup_charge+0x2ab/0x5e0 [ 2673.648077][T26324] ? vm_area_dup+0x88/0x3f0 [ 2673.653580][T26324] kmem_cache_alloc+0x96/0x3b0 [ 2673.658392][T26324] vm_area_dup+0x88/0x3f0 [ 2673.662768][T26324] ? mark_lock.part.0+0xee/0x1910 [ 2673.667894][T26324] ? lock_chain_count+0x20/0x20 [ 2673.672948][T26324] ? __vma_adjust+0x109c/0x24a0 [ 2673.676306][T26335] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2673.679152][T26324] ? __vma_link_rb+0x710/0x710 [ 2673.679200][T26324] ? __lock_acquire+0x166e/0x56d0 [ 2673.698314][T26324] ? vm_area_alloc+0x110/0x110 [ 2673.703397][T26324] ? perf_event_namespaces+0x50/0x50 [ 2673.708911][T26324] ? vma_merge+0x47a/0xeb0 [ 2673.713360][T26324] ? ima_file_mprotect+0x175/0x470 [ 2673.718502][T26324] ? ima_file_mmap+0x130/0x130 [ 2673.723303][T26324] ? vma_wants_writenotify+0x1f8/0x370 [ 2673.728805][T26324] ? __ia32_sys_mmap_pgoff+0x1b0/0x1b0 [ 2673.734409][T26324] ? vma_merge+0x47a/0xeb0 [ 2673.738871][T26324] ? __vma_adjust+0x24a0/0x24a0 [ 2673.743756][T26324] __split_vma+0xa5/0x550 [ 2673.748337][T26324] split_vma+0x95/0xd0 [ 2673.752454][T26324] mprotect_fixup+0x6d9/0x970 [ 2673.757266][T26324] ? change_protection+0x4280/0x4280 [ 2673.762605][T26324] ? vmacache_find+0x62/0x330 [ 2673.767347][T26324] do_mprotect_pkey+0x6c5/0x9e0 [ 2673.772244][T26324] ? __ct_user_exit+0xff/0x150 [ 2673.777024][T26324] ? mprotect_fixup+0x970/0x970 [ 2673.782014][T26324] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2673.787917][T26324] __x64_sys_mprotect+0x74/0xb0 [ 2673.792796][T26324] do_syscall_64+0x35/0xb0 [ 2673.797268][T26324] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2673.803196][T26324] RIP: 0033:0x7f542068b6b7 [ 2673.807736][T26324] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2673.827461][T26324] RSP: 002b:00007ffc9945afc8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 2673.835878][T26324] RAX: ffffffffffffffda RBX: 0000000000021000 RCX: 00007f542068b6b7 [ 2673.843949][T26324] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f54217ad000 [ 2673.851950][T26324] RBP: 00007ffc9945b0a0 R08: 00000000ffffffff R09: 00007f54217cc700 [ 2673.859956][T26324] R10: 0000000000020022 R11: 0000000000000206 R12: 00007ffc9945b1c0 11:16:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x9000000) [ 2673.868039][T26324] R13: 00007f54217cc700 R14: 0000000000000000 R15: 0000000000022000 [ 2673.876034][T26324] [ 2673.895673][T26324] memory: usage 307200kB, limit 307200kB, failcnt 39585 [ 2673.903159][T26324] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2673.910392][T26324] Memory cgroup stats for /syz5: [ 2673.910586][T26324] anon 143360 [ 2673.910586][T26324] file 364544 [ 2673.910586][T26324] kernel 314064896 [ 2673.910586][T26324] kernel_stack 98304 [ 2673.910586][T26324] pagetables 81920 [ 2673.910586][T26324] percpu 5618080 [ 2673.910586][T26324] sock 0 [ 2673.910586][T26324] vmalloc 0 [ 2673.910586][T26324] shmem 356352 [ 2673.910586][T26324] zswap 0 [ 2673.910586][T26324] zswapped 0 [ 2673.910586][T26324] file_mapped 356352 [ 2673.910586][T26324] file_dirty 0 [ 2673.910586][T26324] file_writeback 0 [ 2673.910586][T26324] swapcached 0 [ 2673.910586][T26324] anon_thp 0 [ 2673.910586][T26324] file_thp 0 [ 2673.910586][T26324] shmem_thp 0 [ 2673.910586][T26324] inactive_anon 147456 [ 2673.910586][T26324] active_anon 352256 [ 2673.910586][T26324] inactive_file 4096 [ 2673.910586][T26324] active_file 4096 [ 2673.910586][T26324] unevictable 0 [ 2673.910586][T26324] slab_reclaimable 20960 [ 2673.910586][T26324] slab_unreclaimable 308209008 [ 2673.910586][T26324] slab 308229968 11:16:28 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d6}]}}]}, 0x40}, 0x7}, 0x0) 11:16:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xa000000) [ 2674.041661][T26324] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26324,uid=0 [ 2674.073275][T26324] Memory cgroup out of memory: Killed process 26324 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2674.095985][T26344] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2674.111320][T26315] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2674.129569][T26315] CPU: 0 PID: 26315 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2674.139796][T26315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2674.149964][T26315] Call Trace: [ 2674.153251][T26315] [ 2674.156205][T26315] dump_stack_lvl+0xcd/0x134 [ 2674.160816][T26315] dump_header+0x10b/0x7f9 [ 2674.165254][T26315] oom_kill_process.cold+0x10/0x15 [ 2674.170385][T26315] out_of_memory+0x358/0x14a0 [ 2674.175090][T26315] ? oom_killer_disable+0x270/0x270 [ 2674.180310][T26315] ? find_held_lock+0x2d/0x110 [ 2674.185115][T26315] mem_cgroup_out_of_memory+0x206/0x270 [ 2674.190707][T26315] ? mem_cgroup_margin+0x130/0x130 [ 2674.195844][T26315] ? lock_downgrade+0x6e0/0x6e0 [ 2674.200728][T26315] try_charge_memcg+0xf67/0x13f0 [ 2674.205701][T26315] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2674.211700][T26315] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2674.217436][T26315] ? lock_downgrade+0x6e0/0x6e0 [ 2674.222301][T26315] ? lock_downgrade+0x6e0/0x6e0 [ 2674.227181][T26315] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2674.232754][T26315] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2674.238934][T26315] copy_process+0x15f3/0x7090 [ 2674.243729][T26315] ? find_held_lock+0x2d/0x110 [ 2674.248528][T26315] ? __cleanup_sighand+0xb0/0xb0 [ 2674.253518][T26315] kernel_clone+0xe7/0xab0 [ 2674.257951][T26315] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2674.263948][T26315] ? create_io_thread+0xe0/0xe0 [ 2674.268820][T26315] ? find_held_lock+0x2d/0x110 [ 2674.273616][T26315] ? __ct_user_exit+0xff/0x150 [ 2674.278409][T26315] __do_sys_clone+0xba/0x100 [ 2674.283051][T26315] ? kernel_clone+0xab0/0xab0 [ 2674.287756][T26315] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2674.293672][T26315] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2674.299592][T26315] do_syscall_64+0x35/0xb0 [ 2674.304033][T26315] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2674.309947][T26315] RIP: 0033:0x7f89d288c9d1 [ 2674.314459][T26315] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2674.334079][T26315] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2674.342592][T26315] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2674.350592][T26315] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2674.358660][T26315] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2674.366736][T26315] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2674.374715][T26315] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2674.382715][T26315] 11:16:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) [ 2674.421125][T26315] memory: usage 307188kB, limit 307200kB, failcnt 54211 [ 2674.429481][T26315] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2674.443267][T26315] Memory cgroup stats for /syz3: [ 2674.443471][T26315] anon 147456 [ 2674.443471][T26315] file 385024 [ 2674.443471][T26315] kernel 314023936 [ 2674.443471][T26315] kernel_stack 98304 [ 2674.443471][T26315] pagetables 81920 [ 2674.443471][T26315] percpu 5618080 [ 2674.443471][T26315] sock 0 [ 2674.443471][T26315] vmalloc 0 [ 2674.443471][T26315] shmem 385024 [ 2674.443471][T26315] zswap 0 [ 2674.443471][T26315] zswapped 0 [ 2674.443471][T26315] file_mapped 311296 [ 2674.443471][T26315] file_dirty 0 [ 2674.443471][T26315] file_writeback 0 [ 2674.443471][T26315] swapcached 0 [ 2674.443471][T26315] anon_thp 0 [ 2674.443471][T26315] file_thp 0 [ 2674.443471][T26315] shmem_thp 0 [ 2674.443471][T26315] inactive_anon 200704 [ 2674.443471][T26315] active_anon 331776 [ 2674.443471][T26315] inactive_file 0 [ 2674.443471][T26315] active_file 0 [ 2674.443471][T26315] unevictable 0 [ 2674.443471][T26315] slab_reclaimable 22760 [ 2674.443471][T26315] slab_unreclaimable 308153432 [ 2674.443471][T26315] slab 308176192 [ 2674.549574][T26315] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26315,uid=0 [ 2674.575034][T26315] Memory cgroup out of memory: Killed process 26315 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2674.622196][T26350] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2674.642200][T26330] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2674.673859][T26330] CPU: 0 PID: 26330 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2674.684341][T26330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2674.694430][T26330] Call Trace: [ 2674.697740][T26330] [ 2674.700704][T26330] dump_stack_lvl+0xcd/0x134 [ 2674.705344][T26330] dump_header+0x10b/0x7f9 [ 2674.709812][T26330] oom_kill_process.cold+0x10/0x15 [ 2674.714972][T26330] out_of_memory+0x358/0x14a0 [ 2674.719702][T26330] ? find_held_lock+0x2d/0x110 [ 2674.724536][T26330] ? oom_killer_disable+0x270/0x270 [ 2674.729787][T26330] ? find_held_lock+0x2d/0x110 [ 2674.734607][T26330] mem_cgroup_out_of_memory+0x206/0x270 [ 2674.740188][T26330] ? mem_cgroup_margin+0x130/0x130 [ 2674.745332][T26330] ? lock_downgrade+0x6e0/0x6e0 [ 2674.750410][T26330] try_charge_memcg+0xf67/0x13f0 [ 2674.755398][T26330] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2674.761431][T26330] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2674.767198][T26330] ? lock_downgrade+0x6e0/0x6e0 11:16:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x21d}]}}]}, 0x40}, 0x7}, 0x0) 11:16:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xb000000) 11:16:29 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d7}]}}]}, 0x40}, 0x7}, 0x0) [ 2674.772088][T26330] ? lock_downgrade+0x6e0/0x6e0 [ 2674.776972][T26330] ? rcu_read_unlock+0x9/0x60 [ 2674.781794][T26330] obj_cgroup_charge+0x2ab/0x5e0 [ 2674.786875][T26330] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2674.792205][T26330] ? copy_semundo+0x187/0x2f0 [ 2674.796929][T26330] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2674.802353][T26330] copy_semundo+0x187/0x2f0 [ 2674.806922][T26330] copy_process+0x23fa/0x7090 [ 2674.811684][T26330] ? __cleanup_sighand+0xb0/0xb0 [ 2674.816698][T26330] kernel_clone+0xe7/0xab0 [ 2674.821236][T26330] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2674.827259][T26330] ? create_io_thread+0xe0/0xe0 [ 2674.832161][T26330] ? find_held_lock+0x2d/0x110 [ 2674.836847][T26356] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2674.837141][T26330] ? __ct_user_exit+0xff/0x150 [ 2674.837185][T26330] __do_sys_clone+0xba/0x100 [ 2674.837219][T26330] ? kernel_clone+0xab0/0xab0 [ 2674.860783][T26330] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2674.866720][T26330] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2674.872674][T26330] do_syscall_64+0x35/0xb0 [ 2674.877145][T26330] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2674.883083][T26330] RIP: 0033:0x7fa378a8c9d1 [ 2674.887558][T26330] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2674.908514][T26330] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2674.917050][T26330] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2674.925147][T26330] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2674.933162][T26330] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2674.941599][T26330] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2674.949692][T26330] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2674.957896][T26330] [ 2674.987522][T26330] memory: usage 307184kB, limit 307200kB, failcnt 55312 [ 2674.994684][T26330] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2675.001679][T26330] Memory cgroup stats for /syz4: [ 2675.001886][T26330] anon 90112 [ 2675.001886][T26330] file 372736 [ 2675.001886][T26330] kernel 314093568 [ 2675.001886][T26330] kernel_stack 65536 [ 2675.001886][T26330] pagetables 65536 [ 2675.001886][T26330] percpu 5624000 [ 2675.001886][T26330] sock 0 [ 2675.001886][T26330] vmalloc 0 [ 2675.001886][T26330] shmem 372736 [ 2675.001886][T26330] zswap 0 [ 2675.001886][T26330] zswapped 0 [ 2675.001886][T26330] file_mapped 372736 [ 2675.001886][T26330] file_dirty 0 [ 2675.001886][T26330] file_writeback 0 [ 2675.001886][T26330] swapcached 0 [ 2675.001886][T26330] anon_thp 0 [ 2675.001886][T26330] file_thp 0 [ 2675.001886][T26330] shmem_thp 0 [ 2675.001886][T26330] inactive_anon 139264 [ 2675.001886][T26330] active_anon 323584 [ 2675.001886][T26330] inactive_file 0 [ 2675.001886][T26330] active_file 0 [ 2675.001886][T26330] unevictable 0 [ 2675.001886][T26330] slab_reclaimable 17888 [ 2675.001886][T26330] slab_unreclaimable 308288856 [ 2675.001886][T26330] slab 308306744 [ 2675.098869][T26330] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26330,uid=0 [ 2675.115577][T26330] Memory cgroup out of memory: Killed process 26330 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2675.140081][T26347] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2675.158468][T26347] CPU: 1 PID: 26347 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2675.168606][T26347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2675.178769][T26347] Call Trace: [ 2675.182066][T26347] [ 2675.184998][T26347] dump_stack_lvl+0xcd/0x134 [ 2675.189595][T26347] dump_header+0x10b/0x7f9 [ 2675.194027][T26347] oom_kill_process.cold+0x10/0x15 [ 2675.199148][T26347] out_of_memory+0x358/0x14a0 [ 2675.203858][T26347] ? oom_killer_disable+0x270/0x270 [ 2675.209105][T26347] ? find_held_lock+0x2d/0x110 [ 2675.213917][T26347] mem_cgroup_out_of_memory+0x206/0x270 [ 2675.219489][T26347] ? mem_cgroup_margin+0x130/0x130 [ 2675.224631][T26347] ? lock_downgrade+0x6e0/0x6e0 [ 2675.229506][T26347] try_charge_memcg+0xf67/0x13f0 [ 2675.234464][T26347] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2675.240478][T26347] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2675.246233][T26347] ? lock_downgrade+0x6e0/0x6e0 [ 2675.251102][T26347] obj_cgroup_charge+0x2ab/0x5e0 [ 2675.256095][T26347] ? vm_area_dup+0x88/0x3f0 [ 2675.260658][T26347] kmem_cache_alloc+0x96/0x3b0 [ 2675.265474][T26347] vm_area_dup+0x88/0x3f0 [ 2675.269837][T26347] ? mark_lock.part.0+0xee/0x1910 [ 2675.274894][T26347] ? lock_chain_count+0x20/0x20 [ 2675.279775][T26347] ? __vma_adjust+0x109c/0x24a0 [ 2675.284659][T26347] ? __vma_link_rb+0x710/0x710 [ 2675.289453][T26347] ? __lock_acquire+0x166e/0x56d0 [ 2675.294516][T26347] ? vm_area_alloc+0x110/0x110 [ 2675.299291][T26347] ? perf_event_namespaces+0x50/0x50 [ 2675.304612][T26347] ? vma_merge+0x47a/0xeb0 [ 2675.309083][T26347] ? ima_file_mprotect+0x175/0x470 [ 2675.314244][T26347] ? ima_file_mmap+0x130/0x130 [ 2675.319047][T26347] ? vma_wants_writenotify+0x1f8/0x370 [ 2675.324521][T26347] ? __ia32_sys_mmap_pgoff+0x1b0/0x1b0 [ 2675.330008][T26347] ? vma_merge+0x47a/0xeb0 [ 2675.334433][T26347] ? __vma_adjust+0x24a0/0x24a0 [ 2675.339300][T26347] __split_vma+0xa5/0x550 [ 2675.343756][T26347] split_vma+0x95/0xd0 [ 2675.347863][T26347] mprotect_fixup+0x6d9/0x970 [ 2675.352562][T26347] ? change_protection+0x4280/0x4280 [ 2675.357874][T26347] ? vmacache_find+0x62/0x330 [ 2675.362609][T26347] do_mprotect_pkey+0x6c5/0x9e0 [ 2675.367505][T26347] ? __ct_user_exit+0xff/0x150 [ 2675.372275][T26347] ? mprotect_fixup+0x970/0x970 [ 2675.377178][T26347] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2675.383093][T26347] __x64_sys_mprotect+0x74/0xb0 [ 2675.387956][T26347] do_syscall_64+0x35/0xb0 [ 2675.392382][T26347] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2675.398297][T26347] RIP: 0033:0x7f542068b6b7 [ 2675.402730][T26347] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2675.422361][T26347] RSP: 002b:00007ffc9945afc8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 2675.430789][T26347] RAX: ffffffffffffffda RBX: 0000000000021000 RCX: 00007f542068b6b7 11:16:30 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x707}]}}]}, 0x40}, 0x7}, 0x0) [ 2675.438848][T26347] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f54217ad000 [ 2675.446826][T26347] RBP: 00007ffc9945b0a0 R08: 00000000ffffffff R09: 00007f54217cc700 [ 2675.454816][T26347] R10: 0000000000020022 R11: 0000000000000206 R12: 00007ffc9945b1c0 [ 2675.462831][T26347] R13: 00007f54217cc700 R14: 0000000000000000 R15: 0000000000022000 [ 2675.470838][T26347] [ 2675.483341][T26347] memory: usage 307200kB, limit 307200kB, failcnt 39663 [ 2675.491191][T26347] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2675.505432][T26347] Memory cgroup stats for /syz5: [ 2675.505614][T26347] anon 143360 [ 2675.505614][T26347] file 364544 [ 2675.505614][T26347] kernel 314064896 [ 2675.505614][T26347] kernel_stack 98304 [ 2675.505614][T26347] pagetables 81920 [ 2675.505614][T26347] percpu 5618080 [ 2675.505614][T26347] sock 0 [ 2675.505614][T26347] vmalloc 0 [ 2675.505614][T26347] shmem 356352 [ 2675.505614][T26347] zswap 0 [ 2675.505614][T26347] zswapped 0 [ 2675.505614][T26347] file_mapped 356352 [ 2675.505614][T26347] file_dirty 0 [ 2675.505614][T26347] file_writeback 0 [ 2675.505614][T26347] swapcached 0 [ 2675.505614][T26347] anon_thp 0 [ 2675.505614][T26347] file_thp 0 [ 2675.505614][T26347] shmem_thp 0 [ 2675.505614][T26347] inactive_anon 147456 [ 2675.505614][T26347] active_anon 352256 [ 2675.505614][T26347] inactive_file 0 [ 2675.505614][T26347] active_file 8192 [ 2675.505614][T26347] unevictable 0 [ 2675.505614][T26347] slab_reclaimable 20960 [ 2675.505614][T26347] slab_unreclaimable 308209008 [ 2675.505614][T26347] slab 308229968 [ 2675.607851][T26347] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26347,uid=0 [ 2675.630882][T26347] Memory cgroup out of memory: Killed process 26347 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2675.671310][T26333] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 11:16:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x14a}]}}]}, 0x40}, 0x7}, 0x0) [ 2675.691218][T26333] CPU: 0 PID: 26333 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2675.701445][T26333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2675.711547][T26333] Call Trace: [ 2675.714852][T26333] [ 2675.717820][T26333] dump_stack_lvl+0xcd/0x134 [ 2675.722466][T26333] dump_header+0x10b/0x7f9 [ 2675.726928][T26333] oom_kill_process.cold+0x10/0x15 [ 2675.732094][T26333] out_of_memory+0x358/0x14a0 [ 2675.736842][T26333] ? find_held_lock+0x2d/0x110 [ 2675.741661][T26333] ? oom_killer_disable+0x270/0x270 [ 2675.746935][T26333] ? find_held_lock+0x2d/0x110 [ 2675.751755][T26333] mem_cgroup_out_of_memory+0x206/0x270 [ 2675.757347][T26333] ? mem_cgroup_margin+0x130/0x130 [ 2675.762498][T26333] ? lock_downgrade+0x6e0/0x6e0 [ 2675.767407][T26333] try_charge_memcg+0xf67/0x13f0 [ 2675.772407][T26333] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2675.778434][T26333] ? lock_downgrade+0x6e0/0x6e0 [ 2675.783321][T26333] charge_memcg+0x31/0x320 [ 2675.787809][T26333] __mem_cgroup_charge+0x27/0x90 [ 2675.792887][T26333] ? _compound_head+0x5d/0x150 [ 2675.797707][T26333] wp_page_copy+0x27c/0x1b10 [ 2675.802358][T26333] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2675.807860][T26333] ? lock_downgrade+0x6e0/0x6e0 [ 2675.812738][T26333] ? vm_normal_page+0x146/0x2a0 [ 2675.817606][T26333] do_wp_page+0x1d1/0x1910 [ 2675.822061][T26333] __handle_mm_fault+0x1813/0x39b0 [ 2675.827285][T26333] ? vm_iomap_memory+0x190/0x190 [ 2675.832292][T26333] handle_mm_fault+0x1c8/0x780 [ 2675.837195][T26333] do_user_addr_fault+0x475/0x1210 [ 2675.842362][T26333] exc_page_fault+0x94/0x170 [ 2675.846999][T26333] asm_exc_page_fault+0x22/0x30 [ 2675.851905][T26333] RIP: 0033:0x7fefdee38970 [ 2675.856354][T26333] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 2675.876027][T26333] RSP: 002b:00007ffd4124e550 EFLAGS: 00010246 [ 2675.882130][T26333] RAX: 000000001a3062d4 RBX: 00007fefdefac018 RCX: 0000001b2ed20000 [ 2675.890112][T26333] RDX: 0000000000000000 RSI: 0000001b2ed20018 RDI: 0000000008eb5285 [ 2675.898090][T26333] RBP: 000000001a3062d4 R08: 00000000000002d4 R09: 000000001a3062d8 [ 2675.906090][T26333] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 00007fefdefa0000 [ 2675.914184][T26333] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a2d95f [ 2675.922198][T26333] ? trace_user_exit.constprop.0+0x13f/0x210 [ 2675.928321][T26333] [ 2675.933926][T26333] memory: usage 307200kB, limit 307200kB, failcnt 54237 [ 2675.940912][T26333] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2675.948114][T26333] Memory cgroup stats for /syz2: [ 2675.948341][T26333] anon 114688 [ 2675.948341][T26333] file 364544 [ 2675.948341][T26333] kernel 314093568 [ 2675.948341][T26333] kernel_stack 65536 [ 2675.948341][T26333] pagetables 73728 [ 2675.948341][T26333] percpu 5619264 [ 2675.948341][T26333] sock 0 [ 2675.948341][T26333] vmalloc 0 [ 2675.948341][T26333] shmem 364544 [ 2675.948341][T26333] zswap 0 [ 2675.948341][T26333] zswapped 0 [ 2675.948341][T26333] file_mapped 364544 [ 2675.948341][T26333] file_dirty 0 [ 2675.948341][T26333] file_writeback 0 [ 2675.948341][T26333] swapcached 0 [ 2675.948341][T26333] anon_thp 0 [ 2675.948341][T26333] file_thp 0 [ 2675.948341][T26333] shmem_thp 0 [ 2675.948341][T26333] inactive_anon 102400 [ 2675.948341][T26333] active_anon 360448 [ 2675.948341][T26333] inactive_file 0 [ 2675.948341][T26333] active_file 0 [ 2675.948341][T26333] unevictable 0 [ 2675.948341][T26333] slab_reclaimable 127032 [ 2675.948341][T26333] slab_unreclaimable 308178072 [ 2675.948341][T26333] slab 308305104 [ 2676.042640][T26333] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26333,uid=0 [ 2676.060685][T26333] Memory cgroup out of memory: Killed process 26333 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x714}]}}]}, 0x40}, 0x7}, 0x0) [ 2676.087456][T26366] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2676.103042][T26366] CPU: 0 PID: 26366 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2676.113187][T26366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2676.123281][T26366] Call Trace: [ 2676.126584][T26366] [ 2676.129984][T26366] dump_stack_lvl+0xcd/0x134 [ 2676.134707][T26366] dump_header+0x10b/0x7f9 [ 2676.139174][T26366] oom_kill_process.cold+0x10/0x15 [ 2676.144328][T26366] out_of_memory+0x358/0x14a0 [ 2676.149061][T26366] ? oom_killer_disable+0x270/0x270 [ 2676.154308][T26366] ? find_held_lock+0x2d/0x110 [ 2676.159131][T26366] mem_cgroup_out_of_memory+0x206/0x270 [ 2676.164730][T26366] ? mem_cgroup_margin+0x130/0x130 [ 2676.169895][T26366] ? lock_downgrade+0x6e0/0x6e0 [ 2676.174803][T26366] try_charge_memcg+0xf67/0x13f0 [ 2676.179800][T26366] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2676.185825][T26366] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2676.191566][T26366] ? lock_downgrade+0x6e0/0x6e0 [ 2676.196449][T26366] ? lock_downgrade+0x6e0/0x6e0 [ 2676.201313][T26366] ? rcu_read_unlock+0x9/0x60 [ 2676.206050][T26366] obj_cgroup_charge+0x2ab/0x5e0 [ 2676.211041][T26366] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2676.216365][T26366] ? copy_semundo+0x187/0x2f0 [ 2676.221069][T26366] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2676.226399][T26366] copy_semundo+0x187/0x2f0 [ 2676.231077][T26366] copy_process+0x23fa/0x7090 [ 2676.235804][T26366] ? __cleanup_sighand+0xb0/0xb0 [ 2676.240797][T26366] kernel_clone+0xe7/0xab0 [ 2676.245235][T26366] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2676.251316][T26366] ? create_io_thread+0xe0/0xe0 [ 2676.256226][T26366] ? find_held_lock+0x2d/0x110 [ 2676.261016][T26366] ? __ct_user_exit+0xff/0x150 [ 2676.265805][T26366] __do_sys_clone+0xba/0x100 [ 2676.270411][T26366] ? kernel_clone+0xab0/0xab0 [ 2676.275113][T26366] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2676.281112][T26366] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2676.287034][T26366] do_syscall_64+0x35/0xb0 [ 2676.291480][T26366] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2676.297416][T26366] RIP: 0033:0x7fa378a8c9d1 [ 2676.301930][T26366] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2676.321550][T26366] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2676.329975][T26366] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2676.338046][T26366] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2676.346029][T26366] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2676.354007][T26366] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2676.362078][T26366] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2676.370090][T26366] [ 2676.378110][T26366] memory: usage 307200kB, limit 307200kB, failcnt 55382 [ 2676.386084][T26366] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2676.393821][T26366] Memory cgroup stats for /syz4: [ 2676.394042][T26366] anon 90112 [ 2676.394042][T26366] file 372736 [ 2676.394042][T26366] kernel 314109952 [ 2676.394042][T26366] kernel_stack 65536 [ 2676.394042][T26366] pagetables 65536 [ 2676.394042][T26366] percpu 5624000 [ 2676.394042][T26366] sock 0 [ 2676.394042][T26366] vmalloc 0 [ 2676.394042][T26366] shmem 372736 [ 2676.394042][T26366] zswap 0 [ 2676.394042][T26366] zswapped 0 [ 2676.394042][T26366] file_mapped 372736 [ 2676.394042][T26366] file_dirty 0 [ 2676.394042][T26366] file_writeback 0 [ 2676.394042][T26366] swapcached 0 [ 2676.394042][T26366] anon_thp 0 [ 2676.394042][T26366] file_thp 0 [ 2676.394042][T26366] shmem_thp 0 [ 2676.394042][T26366] inactive_anon 139264 [ 2676.394042][T26366] active_anon 323584 [ 2676.394042][T26366] inactive_file 0 [ 2676.394042][T26366] active_file 0 [ 2676.394042][T26366] unevictable 0 [ 2676.394042][T26366] slab_reclaimable 17888 [ 2676.394042][T26366] slab_unreclaimable 308300256 [ 2676.394042][T26366] slab 308318144 [ 2676.492436][T26366] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26366,uid=0 [ 2676.508712][T26366] Memory cgroup out of memory: Killed process 26366 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2676.526372][T26352] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 11:16:31 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x708}]}}]}, 0x40}, 0x7}, 0x0) [ 2676.540653][T26352] CPU: 1 PID: 26352 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2676.550763][T26352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2676.560832][T26352] Call Trace: [ 2676.564135][T26352] [ 2676.567092][T26352] dump_stack_lvl+0xcd/0x134 [ 2676.571852][T26352] dump_header+0x10b/0x7f9 [ 2676.576308][T26352] oom_kill_process.cold+0x10/0x15 [ 2676.581552][T26352] out_of_memory+0x358/0x14a0 [ 2676.586369][T26352] ? oom_killer_disable+0x270/0x270 [ 2676.591594][T26352] ? find_held_lock+0x2d/0x110 [ 2676.596412][T26352] mem_cgroup_out_of_memory+0x206/0x270 [ 2676.601985][T26352] ? mem_cgroup_margin+0x130/0x130 [ 2676.607143][T26352] ? lock_downgrade+0x6e0/0x6e0 [ 2676.612057][T26352] try_charge_memcg+0xf67/0x13f0 [ 2676.617042][T26352] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2676.623063][T26352] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2676.628832][T26352] ? lock_downgrade+0x6e0/0x6e0 [ 2676.633722][T26352] ? lock_downgrade+0x6e0/0x6e0 [ 2676.638614][T26352] ? rcu_read_unlock+0x9/0x60 [ 2676.643397][T26352] obj_cgroup_charge+0x2ab/0x5e0 [ 2676.648379][T26352] ? copy_process+0x5c2/0x7090 [ 2676.653161][T26352] kmem_cache_alloc_node+0x92/0x3f0 [ 2676.658378][T26352] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2676.663606][T26352] copy_process+0x5c2/0x7090 [ 2676.668220][T26352] ? find_held_lock+0x2d/0x110 [ 2676.673015][T26352] ? find_held_lock+0x2d/0x110 [ 2676.677804][T26352] ? __cleanup_sighand+0xb0/0xb0 [ 2676.682773][T26352] kernel_clone+0xe7/0xab0 [ 2676.687211][T26352] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2676.693209][T26352] ? create_io_thread+0xe0/0xe0 [ 2676.698103][T26352] ? find_held_lock+0x2d/0x110 [ 2676.702894][T26352] ? __ct_user_exit+0xff/0x150 [ 2676.707679][T26352] __do_sys_clone+0xba/0x100 [ 2676.712289][T26352] ? kernel_clone+0xab0/0xab0 [ 2676.716997][T26352] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2676.723167][T26352] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2676.729116][T26352] do_syscall_64+0x35/0xb0 [ 2676.733572][T26352] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2676.739509][T26352] RIP: 0033:0x7f89d288c9d1 [ 2676.743951][T26352] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2676.763592][T26352] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2676.772031][T26352] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2676.780013][T26352] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2676.787993][T26352] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2676.795976][T26352] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2676.803957][T26352] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2676.811959][T26352] [ 2676.835525][T26352] memory: usage 307200kB, limit 307200kB, failcnt 54312 [ 2676.842574][T26352] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2676.850232][T26352] Memory cgroup stats for /syz3: [ 2676.850416][T26352] anon 147456 [ 2676.850416][T26352] file 385024 [ 2676.850416][T26352] kernel 314023936 [ 2676.850416][T26352] kernel_stack 98304 [ 2676.850416][T26352] pagetables 81920 [ 2676.850416][T26352] percpu 5618080 [ 2676.850416][T26352] sock 0 [ 2676.850416][T26352] vmalloc 0 [ 2676.850416][T26352] shmem 385024 [ 2676.850416][T26352] zswap 0 [ 2676.850416][T26352] zswapped 0 [ 2676.850416][T26352] file_mapped 311296 [ 2676.850416][T26352] file_dirty 0 [ 2676.850416][T26352] file_writeback 0 [ 2676.850416][T26352] swapcached 0 [ 2676.850416][T26352] anon_thp 0 [ 2676.850416][T26352] file_thp 0 [ 2676.850416][T26352] shmem_thp 0 [ 2676.850416][T26352] inactive_anon 200704 [ 2676.850416][T26352] active_anon 331776 [ 2676.850416][T26352] inactive_file 0 [ 2676.850416][T26352] active_file 0 [ 2676.850416][T26352] unevictable 0 [ 2676.850416][T26352] slab_reclaimable 22760 [ 2676.850416][T26352] slab_unreclaimable 308174656 [ 2676.850416][T26352] slab 308197416 [ 2676.950182][T26352] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26352,uid=0 [ 2676.966509][T26352] Memory cgroup out of memory: Killed process 26352 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 11:16:31 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xc000000) [ 2677.013146][T26361] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2677.042522][T26370] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2677.077566][T26370] CPU: 1 PID: 26370 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2677.087803][T26370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2677.097892][T26370] Call Trace: [ 2677.101197][T26370] [ 2677.104148][T26370] dump_stack_lvl+0xcd/0x134 [ 2677.108776][T26370] dump_header+0x10b/0x7f9 [ 2677.113236][T26370] oom_kill_process.cold+0x10/0x15 [ 2677.118394][T26370] out_of_memory+0x358/0x14a0 [ 2677.123132][T26370] ? find_held_lock+0x2d/0x110 [ 2677.127952][T26370] ? oom_killer_disable+0x270/0x270 [ 2677.133205][T26370] ? find_held_lock+0x2d/0x110 [ 2677.138019][T26370] mem_cgroup_out_of_memory+0x206/0x270 [ 2677.143608][T26370] ? mem_cgroup_margin+0x130/0x130 [ 2677.148754][T26370] ? lock_downgrade+0x6e0/0x6e0 [ 2677.153749][T26370] try_charge_memcg+0xf67/0x13f0 [ 2677.158741][T26370] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2677.164791][T26370] ? lock_downgrade+0x6e0/0x6e0 [ 2677.169673][T26370] charge_memcg+0x31/0x320 [ 2677.174112][T26370] __mem_cgroup_charge+0x27/0x90 [ 2677.179076][T26370] ? _compound_head+0x5d/0x150 [ 2677.183888][T26370] wp_page_copy+0x27c/0x1b10 [ 2677.188529][T26370] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2677.194013][T26370] ? lock_downgrade+0x6e0/0x6e0 [ 2677.198935][T26370] ? vm_normal_page+0x146/0x2a0 [ 2677.203834][T26370] do_wp_page+0x52c/0x1910 [ 2677.208285][T26370] __handle_mm_fault+0x1813/0x39b0 [ 2677.213456][T26370] ? vm_iomap_memory+0x190/0x190 [ 2677.218456][T26370] handle_mm_fault+0x1c8/0x780 [ 2677.223266][T26370] do_user_addr_fault+0x475/0x1210 [ 2677.228435][T26370] exc_page_fault+0x94/0x170 [ 2677.233049][T26370] asm_exc_page_fault+0x22/0x30 [ 2677.237936][T26370] RIP: 0033:0x7fefdee35a15 [ 2677.242388][T26370] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2677.262289][T26370] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2677.268371][T26370] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2677.276359][T26370] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2677.284352][T26370] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2677.292340][T26370] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 000000000028d901 [ 2677.300430][T26370] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2677.308459][T26370] [ 2677.327307][T26370] memory: usage 307200kB, limit 307200kB, failcnt 54303 [ 2677.334473][T26370] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2677.341489][T26370] Memory cgroup stats for /syz2: [ 2677.341746][T26370] anon 98304 [ 2677.341746][T26370] file 364544 [ 2677.341746][T26370] kernel 314109952 [ 2677.341746][T26370] kernel_stack 65536 [ 2677.341746][T26370] pagetables 73728 [ 2677.341746][T26370] percpu 5619264 [ 2677.341746][T26370] sock 0 [ 2677.341746][T26370] vmalloc 0 [ 2677.341746][T26370] shmem 364544 [ 2677.341746][T26370] zswap 0 [ 2677.341746][T26370] zswapped 0 [ 2677.341746][T26370] file_mapped 364544 [ 2677.341746][T26370] file_dirty 0 [ 2677.341746][T26370] file_writeback 0 [ 2677.341746][T26370] swapcached 0 [ 2677.341746][T26370] anon_thp 0 [ 2677.341746][T26370] file_thp 0 [ 2677.341746][T26370] shmem_thp 0 [ 2677.341746][T26370] inactive_anon 102400 [ 2677.341746][T26370] active_anon 360448 [ 2677.341746][T26370] inactive_file 0 [ 2677.341746][T26370] active_file 0 [ 2677.341746][T26370] unevictable 0 [ 2677.341746][T26370] slab_reclaimable 127032 11:16:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x21e}]}}]}, 0x40}, 0x7}, 0x0) [ 2677.341746][T26370] slab_unreclaimable 308189472 [ 2677.341746][T26370] slab 308316504 [ 2677.440119][T26370] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26370,uid=0 [ 2677.455904][T26370] Memory cgroup out of memory: Killed process 26370 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d8}]}}]}, 0x40}, 0x7}, 0x0) [ 2677.482955][T26375] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. 11:16:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x715}]}}]}, 0x40}, 0x7}, 0x0) [ 2677.530608][T26371] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2677.579721][T26371] CPU: 1 PID: 26371 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2677.589830][T26371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2677.599901][T26371] Call Trace: [ 2677.603206][T26371] [ 2677.606161][T26371] dump_stack_lvl+0xcd/0x134 [ 2677.610789][T26371] dump_header+0x10b/0x7f9 [ 2677.615244][T26371] oom_kill_process.cold+0x10/0x15 [ 2677.620409][T26371] out_of_memory+0x358/0x14a0 [ 2677.625092][T26371] ? find_held_lock+0x2d/0x110 [ 2677.629873][T26371] ? oom_killer_disable+0x270/0x270 [ 2677.635089][T26371] ? find_held_lock+0x2d/0x110 [ 2677.639950][T26371] mem_cgroup_out_of_memory+0x206/0x270 [ 2677.645532][T26371] ? mem_cgroup_margin+0x130/0x130 [ 2677.650671][T26371] ? lock_downgrade+0x6e0/0x6e0 [ 2677.655555][T26371] try_charge_memcg+0xf67/0x13f0 [ 2677.660519][T26371] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2677.666518][T26371] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2677.672252][T26371] ? lock_downgrade+0x6e0/0x6e0 [ 2677.677118][T26371] ? lock_downgrade+0x6e0/0x6e0 [ 2677.681982][T26371] ? rcu_read_unlock+0x9/0x60 [ 2677.686760][T26371] obj_cgroup_charge+0x2ab/0x5e0 [ 2677.691727][T26371] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2677.697034][T26371] ? copy_semundo+0x187/0x2f0 [ 2677.701733][T26371] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2677.707043][T26371] copy_semundo+0x187/0x2f0 [ 2677.711564][T26371] copy_process+0x23fa/0x7090 [ 2677.716277][T26371] ? __cleanup_sighand+0xb0/0xb0 [ 2677.721249][T26371] kernel_clone+0xe7/0xab0 [ 2677.725702][T26371] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2677.731729][T26371] ? create_io_thread+0xe0/0xe0 [ 2677.736607][T26371] ? find_held_lock+0x2d/0x110 [ 2677.741404][T26371] ? __ct_user_exit+0xff/0x150 [ 2677.746279][T26371] __do_sys_clone+0xba/0x100 [ 2677.750900][T26371] ? kernel_clone+0xab0/0xab0 [ 2677.755700][T26371] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2677.761618][T26371] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2677.767536][T26371] do_syscall_64+0x35/0xb0 [ 2677.771980][T26371] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2677.777896][T26371] RIP: 0033:0x7fa378a8c9d1 [ 2677.782324][T26371] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2677.802136][T26371] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2677.810565][T26371] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2677.818546][T26371] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 11:16:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe000000) [ 2677.826791][T26371] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2677.834776][T26371] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2677.842755][T26371] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2677.850754][T26371] [ 2677.866362][T26380] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2677.891612][T26381] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2677.901265][T26371] memory: usage 307200kB, limit 307200kB, failcnt 55496 [ 2677.908664][T26371] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2677.916374][T26371] Memory cgroup stats for /syz4: [ 2677.916592][T26371] anon 90112 [ 2677.916592][T26371] file 372736 [ 2677.916592][T26371] kernel 314109952 [ 2677.916592][T26371] kernel_stack 65536 [ 2677.916592][T26371] pagetables 65536 [ 2677.916592][T26371] percpu 5624000 [ 2677.916592][T26371] sock 0 [ 2677.916592][T26371] vmalloc 0 [ 2677.916592][T26371] shmem 372736 [ 2677.916592][T26371] zswap 0 [ 2677.916592][T26371] zswapped 0 [ 2677.916592][T26371] file_mapped 372736 [ 2677.916592][T26371] file_dirty 0 [ 2677.916592][T26371] file_writeback 0 [ 2677.916592][T26371] swapcached 0 [ 2677.916592][T26371] anon_thp 0 [ 2677.916592][T26371] file_thp 0 [ 2677.916592][T26371] shmem_thp 0 [ 2677.916592][T26371] inactive_anon 139264 [ 2677.916592][T26371] active_anon 323584 [ 2677.916592][T26371] inactive_file 0 [ 2677.916592][T26371] active_file 0 [ 2677.916592][T26371] unevictable 0 [ 2677.916592][T26371] slab_reclaimable 17888 [ 2677.916592][T26371] slab_unreclaimable 308300256 [ 2677.916592][T26371] slab 308318144 [ 2678.019678][T26371] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26371,uid=0 [ 2678.040539][T26371] Memory cgroup out of memory: Killed process 26371 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2678.066420][T26379] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2678.106061][T26379] CPU: 0 PID: 26379 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2678.116204][T26379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2678.126383][T26379] Call Trace: [ 2678.129690][T26379] [ 2678.132642][T26379] dump_stack_lvl+0xcd/0x134 [ 2678.137273][T26379] dump_header+0x10b/0x7f9 [ 2678.141725][T26379] oom_kill_process.cold+0x10/0x15 [ 2678.146885][T26379] out_of_memory+0x358/0x14a0 [ 2678.151699][T26379] ? oom_killer_disable+0x270/0x270 [ 2678.156943][T26379] ? find_held_lock+0x2d/0x110 [ 2678.161773][T26379] mem_cgroup_out_of_memory+0x206/0x270 [ 2678.167356][T26379] ? mem_cgroup_margin+0x130/0x130 [ 2678.172497][T26379] ? lock_downgrade+0x6e0/0x6e0 [ 2678.177373][T26379] try_charge_memcg+0xf67/0x13f0 [ 2678.182346][T26379] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2678.188424][T26379] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2678.194195][T26379] ? lock_downgrade+0x6e0/0x6e0 [ 2678.199081][T26379] ? lock_downgrade+0x6e0/0x6e0 [ 2678.203961][T26379] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2678.209555][T26379] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2678.215752][T26379] copy_process+0x15f3/0x7090 [ 2678.220465][T26379] ? find_held_lock+0x2d/0x110 [ 2678.225376][T26379] ? __cleanup_sighand+0xb0/0xb0 [ 2678.230378][T26379] kernel_clone+0xe7/0xab0 [ 2678.234835][T26379] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2678.240843][T26379] ? create_io_thread+0xe0/0xe0 [ 2678.245733][T26379] ? find_held_lock+0x2d/0x110 [ 2678.250557][T26379] ? __ct_user_exit+0xff/0x150 [ 2678.255370][T26379] __do_sys_clone+0xba/0x100 [ 2678.259998][T26379] ? kernel_clone+0xab0/0xab0 [ 2678.264708][T26379] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2678.270633][T26379] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2678.276554][T26379] do_syscall_64+0x35/0xb0 [ 2678.281005][T26379] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2678.286939][T26379] RIP: 0033:0x7f89d288c9d1 [ 2678.291376][T26379] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2678.310989][T26379] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2678.319404][T26379] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2678.327476][T26379] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2678.335476][T26379] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2678.343477][T26379] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee 11:16:33 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x709}]}}]}, 0x40}, 0x7}, 0x0) 11:16:33 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7d9}]}}]}, 0x40}, 0x7}, 0x0) [ 2678.351554][T26379] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2678.359562][T26379] 11:16:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf000000) [ 2678.403264][T26379] memory: usage 307200kB, limit 307200kB, failcnt 54427 [ 2678.413053][T26379] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2678.420240][T26379] Memory cgroup stats for /syz3: [ 2678.420454][T26379] anon 147456 [ 2678.420454][T26379] file 385024 [ 2678.420454][T26379] kernel 314040320 [ 2678.420454][T26379] kernel_stack 98304 [ 2678.420454][T26379] pagetables 81920 [ 2678.420454][T26379] percpu 5618080 [ 2678.420454][T26379] sock 0 [ 2678.420454][T26379] vmalloc 0 11:16:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x10000000) [ 2678.420454][T26379] shmem 385024 [ 2678.420454][T26379] zswap 0 [ 2678.420454][T26379] zswapped 0 [ 2678.420454][T26379] file_mapped 311296 [ 2678.420454][T26379] file_dirty 0 [ 2678.420454][T26379] file_writeback 0 [ 2678.420454][T26379] swapcached 0 [ 2678.420454][T26379] anon_thp 0 [ 2678.420454][T26379] file_thp 0 [ 2678.420454][T26379] shmem_thp 0 [ 2678.420454][T26379] inactive_anon 200704 [ 2678.420454][T26379] active_anon 331776 [ 2678.420454][T26379] inactive_file 0 [ 2678.420454][T26379] active_file 0 [ 2678.420454][T26379] unevictable 0 [ 2678.420454][T26379] slab_reclaimable 22760 [ 2678.420454][T26379] slab_unreclaimable 308158672 [ 2678.420454][T26379] slab 308181432 [ 2678.523653][T26390] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2678.571699][T26379] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26379,uid=0 [ 2678.597254][T26379] Memory cgroup out of memory: Killed process 26379 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2678.623983][T26368] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2678.636589][T26368] CPU: 1 PID: 26368 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2678.646800][T26368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2678.657751][T26368] Call Trace: [ 2678.661992][T26368] [ 2678.664919][T26368] dump_stack_lvl+0xcd/0x134 [ 2678.669542][T26368] dump_header+0x10b/0x7f9 [ 2678.673957][T26368] oom_kill_process.cold+0x10/0x15 [ 2678.679074][T26368] out_of_memory+0x358/0x14a0 [ 2678.683754][T26368] ? oom_killer_disable+0x270/0x270 [ 2678.688956][T26368] ? find_held_lock+0x2d/0x110 [ 2678.694545][T26368] mem_cgroup_out_of_memory+0x206/0x270 [ 2678.700121][T26368] ? mem_cgroup_margin+0x130/0x130 [ 2678.705250][T26368] ? lock_downgrade+0x6e0/0x6e0 [ 2678.710200][T26368] try_charge_memcg+0xf67/0x13f0 [ 2678.715147][T26368] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2678.721125][T26368] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2678.726942][T26368] ? lock_downgrade+0x6e0/0x6e0 [ 2678.731795][T26368] ? lock_downgrade+0x6e0/0x6e0 [ 2678.736649][T26368] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2678.742198][T26368] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2678.748374][T26368] copy_process+0x15f3/0x7090 [ 2678.753092][T26368] ? find_held_lock+0x2d/0x110 [ 2678.757902][T26368] ? __cleanup_sighand+0xb0/0xb0 [ 2678.762889][T26368] kernel_clone+0xe7/0xab0 [ 2678.767337][T26368] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2678.773350][T26368] ? create_io_thread+0xe0/0xe0 [ 2678.778211][T26368] ? find_held_lock+0x2d/0x110 [ 2678.782981][T26368] ? __ct_user_exit+0xff/0x150 [ 2678.787815][T26368] __do_sys_clone+0xba/0x100 [ 2678.792427][T26368] ? kernel_clone+0xab0/0xab0 [ 2678.797230][T26368] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2678.803168][T26368] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2678.809187][T26368] do_syscall_64+0x35/0xb0 [ 2678.813709][T26368] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2678.819702][T26368] RIP: 0033:0x7f542068c9d1 [ 2678.824113][T26368] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2678.843727][T26368] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2678.852170][T26368] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2678.860190][T26368] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2678.868190][T26368] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2678.876253][T26368] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2678.884227][T26368] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2678.892220][T26368] [ 2678.901030][T26368] memory: usage 307200kB, limit 307200kB, failcnt 39823 [ 2678.912092][T26368] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2678.919378][T26368] Memory cgroup stats for /syz5: [ 2678.919614][T26368] anon 147456 [ 2678.919614][T26368] file 364544 [ 2678.919614][T26368] kernel 313995264 [ 2678.919614][T26368] kernel_stack 32768 [ 2678.919614][T26368] pagetables 81920 [ 2678.919614][T26368] percpu 5618080 [ 2678.919614][T26368] sock 0 [ 2678.919614][T26368] vmalloc 0 [ 2678.919614][T26368] shmem 356352 [ 2678.919614][T26368] zswap 0 [ 2678.919614][T26368] zswapped 0 [ 2678.919614][T26368] file_mapped 356352 [ 2678.919614][T26368] file_dirty 0 [ 2678.919614][T26368] file_writeback 0 [ 2678.919614][T26368] swapcached 0 [ 2678.919614][T26368] anon_thp 0 [ 2678.919614][T26368] file_thp 0 [ 2678.919614][T26368] shmem_thp 0 [ 2678.919614][T26368] inactive_anon 151552 [ 2678.919614][T26368] active_anon 352256 [ 2678.919614][T26368] inactive_file 0 [ 2678.919614][T26368] active_file 8192 [ 2678.919614][T26368] unevictable 0 [ 2678.919614][T26368] slab_reclaimable 20960 [ 2678.919614][T26368] slab_unreclaimable 308199952 [ 2678.919614][T26368] slab 308220912 [ 2679.022372][T26368] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26368,uid=0 [ 2679.038316][T26368] Memory cgroup out of memory: Killed process 26368 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2679.057140][T26395] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2679.070855][T26395] CPU: 1 PID: 26395 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2679.081065][T26395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2679.091663][T26395] Call Trace: [ 2679.094967][T26395] [ 2679.097913][T26395] dump_stack_lvl+0xcd/0x134 [ 2679.102523][T26395] dump_header+0x10b/0x7f9 [ 2679.106958][T26395] oom_kill_process.cold+0x10/0x15 [ 2679.112085][T26395] out_of_memory+0x358/0x14a0 [ 2679.116810][T26395] ? oom_killer_disable+0x270/0x270 [ 2679.122038][T26395] ? find_held_lock+0x2d/0x110 [ 2679.126832][T26395] mem_cgroup_out_of_memory+0x206/0x270 [ 2679.132394][T26395] ? mem_cgroup_margin+0x130/0x130 [ 2679.137611][T26395] ? lock_downgrade+0x6e0/0x6e0 [ 2679.142487][T26395] try_charge_memcg+0xf67/0x13f0 [ 2679.147452][T26395] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2679.153539][T26395] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2679.159284][T26395] ? lock_downgrade+0x6e0/0x6e0 [ 2679.164149][T26395] ? lock_downgrade+0x6e0/0x6e0 [ 2679.169011][T26395] ? rcu_read_unlock+0x9/0x60 [ 2679.173937][T26395] obj_cgroup_charge+0x2ab/0x5e0 [ 2679.178902][T26395] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2679.184288][T26395] ? copy_semundo+0x187/0x2f0 [ 2679.188980][T26395] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2679.194289][T26395] copy_semundo+0x187/0x2f0 [ 2679.198810][T26395] copy_process+0x23fa/0x7090 [ 2679.203524][T26395] ? __cleanup_sighand+0xb0/0xb0 [ 2679.208496][T26395] kernel_clone+0xe7/0xab0 [ 2679.212929][T26395] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2679.218927][T26395] ? create_io_thread+0xe0/0xe0 [ 2679.223800][T26395] ? find_held_lock+0x2d/0x110 [ 2679.228593][T26395] ? __ct_user_exit+0xff/0x150 [ 2679.233404][T26395] __do_sys_clone+0xba/0x100 [ 2679.238025][T26395] ? kernel_clone+0xab0/0xab0 [ 2679.242729][T26395] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2679.248641][T26395] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2679.254558][T26395] do_syscall_64+0x35/0xb0 [ 2679.259004][T26395] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2679.264948][T26395] RIP: 0033:0x7fa378a8c9d1 [ 2679.269460][T26395] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2679.289085][T26395] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2679.297523][T26395] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2679.305590][T26395] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2679.313590][T26395] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 11:16:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}}, 0x24}, 0x7}, 0x0) 11:16:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x11000000) 11:16:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x21f}]}}]}, 0x40}, 0x7}, 0x0) 11:16:34 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7da}]}}]}, 0x40}, 0x7}, 0x0) [ 2679.321580][T26395] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2679.329565][T26395] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2679.337583][T26395] [ 2679.374786][T26405] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2679.417625][T26395] memory: usage 307200kB, limit 307200kB, failcnt 55605 [ 2679.433605][T26395] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2679.452114][T26395] Memory cgroup stats for /syz4: [ 2679.452296][T26395] anon 90112 [ 2679.452296][T26395] file 372736 [ 2679.452296][T26395] kernel 314109952 [ 2679.452296][T26395] kernel_stack 65536 [ 2679.452296][T26395] pagetables 65536 [ 2679.452296][T26395] percpu 5624000 [ 2679.452296][T26395] sock 0 [ 2679.452296][T26395] vmalloc 0 [ 2679.452296][T26395] shmem 372736 [ 2679.452296][T26395] zswap 0 [ 2679.452296][T26395] zswapped 0 [ 2679.452296][T26395] file_mapped 372736 [ 2679.452296][T26395] file_dirty 0 [ 2679.452296][T26395] file_writeback 0 [ 2679.452296][T26395] swapcached 0 [ 2679.452296][T26395] anon_thp 0 [ 2679.452296][T26395] file_thp 0 [ 2679.452296][T26395] shmem_thp 0 [ 2679.452296][T26395] inactive_anon 139264 [ 2679.452296][T26395] active_anon 323584 [ 2679.452296][T26395] inactive_file 0 [ 2679.452296][T26395] active_file 0 [ 2679.452296][T26395] unevictable 0 [ 2679.452296][T26395] slab_reclaimable 17888 [ 2679.452296][T26395] slab_unreclaimable 308300256 [ 2679.452296][T26395] slab 308318144 11:16:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x12000000) 11:16:34 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7db}]}}]}, 0x40}, 0x7}, 0x0) [ 2679.565635][T26404] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2679.599823][T26407] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2679.646996][T26395] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26395,uid=0 [ 2679.702147][T26395] Memory cgroup out of memory: Killed process 26395 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2679.710722][T26416] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2679.733083][T26400] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2679.753476][T26400] CPU: 0 PID: 26400 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2679.763600][T26400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2679.773684][T26400] Call Trace: [ 2679.776983][T26400] [ 2679.779931][T26400] dump_stack_lvl+0xcd/0x134 [ 2679.784551][T26400] dump_header+0x10b/0x7f9 [ 2679.789007][T26400] oom_kill_process.cold+0x10/0x15 [ 2679.794150][T26400] out_of_memory+0x358/0x14a0 [ 2679.798879][T26400] ? oom_killer_disable+0x270/0x270 [ 2679.804128][T26400] ? find_held_lock+0x2d/0x110 [ 2679.808940][T26400] mem_cgroup_out_of_memory+0x206/0x270 [ 2679.814555][T26400] ? mem_cgroup_margin+0x130/0x130 [ 2679.819777][T26400] ? lock_downgrade+0x6e0/0x6e0 [ 2679.824695][T26400] try_charge_memcg+0xf67/0x13f0 [ 2679.829679][T26400] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2679.835713][T26400] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2679.841483][T26400] ? lock_downgrade+0x6e0/0x6e0 [ 2679.846357][T26400] ? lock_downgrade+0x6e0/0x6e0 [ 2679.851251][T26400] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2679.856830][T26400] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2679.863027][T26400] copy_process+0x15f3/0x7090 [ 2679.867742][T26400] ? find_held_lock+0x2d/0x110 [ 2679.872562][T26400] ? __cleanup_sighand+0xb0/0xb0 [ 2679.877533][T26400] kernel_clone+0xe7/0xab0 [ 2679.882128][T26400] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2679.888125][T26400] ? create_io_thread+0xe0/0xe0 [ 2679.893106][T26400] ? find_held_lock+0x2d/0x110 [ 2679.897924][T26400] ? __ct_user_exit+0xff/0x150 [ 2679.902715][T26400] __do_sys_clone+0xba/0x100 [ 2679.907325][T26400] ? kernel_clone+0xab0/0xab0 [ 2679.912055][T26400] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2679.918272][T26400] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2679.924188][T26400] do_syscall_64+0x35/0xb0 [ 2679.928647][T26400] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2679.934577][T26400] RIP: 0033:0x7f89d288c9d1 [ 2679.939004][T26400] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2679.958615][T26400] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2679.967039][T26400] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2679.975042][T26400] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2679.983041][T26400] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2679.991041][T26400] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2679.999027][T26400] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2680.007053][T26400] [ 2680.012903][T26400] memory: usage 307200kB, limit 307200kB, failcnt 54502 [ 2680.020066][T26400] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2680.027144][T26400] Memory cgroup stats for /syz3: [ 2680.027311][T26400] anon 147456 [ 2680.027311][T26400] file 385024 [ 2680.027311][T26400] kernel 314040320 [ 2680.027311][T26400] kernel_stack 98304 [ 2680.027311][T26400] pagetables 81920 [ 2680.027311][T26400] percpu 5618080 [ 2680.027311][T26400] sock 0 [ 2680.027311][T26400] vmalloc 0 [ 2680.027311][T26400] shmem 385024 [ 2680.027311][T26400] zswap 0 [ 2680.027311][T26400] zswapped 0 [ 2680.027311][T26400] file_mapped 311296 [ 2680.027311][T26400] file_dirty 0 [ 2680.027311][T26400] file_writeback 0 [ 2680.027311][T26400] swapcached 0 [ 2680.027311][T26400] anon_thp 0 [ 2680.027311][T26400] file_thp 0 [ 2680.027311][T26400] shmem_thp 0 [ 2680.027311][T26400] inactive_anon 200704 [ 2680.027311][T26400] active_anon 331776 [ 2680.027311][T26400] inactive_file 0 [ 2680.027311][T26400] active_file 0 [ 2680.027311][T26400] unevictable 0 [ 2680.027311][T26400] slab_reclaimable 22760 [ 2680.027311][T26400] slab_unreclaimable 308158672 [ 2680.027311][T26400] slab 308181432 [ 2680.124108][T26400] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26400,uid=0 [ 2680.139821][T26400] Memory cgroup out of memory: Killed process 26400 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2680.157895][T26387] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2680.175162][T26387] CPU: 0 PID: 26387 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2680.185382][T26387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2680.195554][T26387] Call Trace: [ 2680.198855][T26387] [ 2680.201833][T26387] dump_stack_lvl+0xcd/0x134 [ 2680.206477][T26387] dump_header+0x10b/0x7f9 [ 2680.210938][T26387] oom_kill_process.cold+0x10/0x15 [ 2680.216188][T26387] out_of_memory+0x358/0x14a0 [ 2680.220927][T26387] ? oom_killer_disable+0x270/0x270 [ 2680.226177][T26387] ? find_held_lock+0x2d/0x110 [ 2680.230987][T26387] mem_cgroup_out_of_memory+0x206/0x270 [ 2680.236558][T26387] ? mem_cgroup_margin+0x130/0x130 [ 2680.241682][T26387] ? lock_downgrade+0x6e0/0x6e0 [ 2680.246567][T26387] try_charge_memcg+0xf67/0x13f0 [ 2680.251540][T26387] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2680.257634][T26387] ? lock_downgrade+0x6e0/0x6e0 [ 2680.262518][T26387] charge_memcg+0x31/0x320 [ 2680.266961][T26387] __mem_cgroup_charge+0x27/0x90 [ 2680.271918][T26387] ? _compound_head+0x5d/0x150 [ 2680.276711][T26387] wp_page_copy+0x27c/0x1b10 [ 2680.281322][T26387] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2680.286795][T26387] ? lock_downgrade+0x6e0/0x6e0 [ 2680.291740][T26387] ? vm_normal_page+0x146/0x2a0 [ 2680.296622][T26387] do_wp_page+0x1d1/0x1910 [ 2680.301060][T26387] __handle_mm_fault+0x1813/0x39b0 [ 2680.306197][T26387] ? vm_iomap_memory+0x190/0x190 [ 2680.311179][T26387] handle_mm_fault+0x1c8/0x780 [ 2680.315985][T26387] do_user_addr_fault+0x475/0x1210 [ 2680.321136][T26387] exc_page_fault+0x94/0x170 [ 2680.325768][T26387] asm_exc_page_fault+0x22/0x30 [ 2680.330654][T26387] RIP: 0033:0x7fefdee38970 [ 2680.335082][T26387] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 2680.354704][T26387] RSP: 002b:00007ffd4124e550 EFLAGS: 00010246 [ 2680.360789][T26387] RAX: 000000001a3062d4 RBX: 00007fefdefac018 RCX: 0000001b2ed20000 [ 2680.368771][T26387] RDX: 0000000000000000 RSI: 0000001b2ed20018 RDI: 0000000008eb5285 [ 2680.376841][T26387] RBP: 000000001a3062d4 R08: 00000000000002d4 R09: 000000001a3062d8 [ 2680.384826][T26387] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 00007fefdefa0000 [ 2680.392820][T26387] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a2d95f [ 2680.400836][T26387] ? trace_user_exit.constprop.0+0x13f/0x210 [ 2680.406870][T26387] [ 2680.416226][T26387] memory: usage 307200kB, limit 307200kB, failcnt 54439 [ 2680.423341][T26387] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2680.430213][T26387] Memory cgroup stats for /syz2: [ 2680.430434][T26387] anon 114688 [ 2680.430434][T26387] file 364544 [ 2680.430434][T26387] kernel 314093568 [ 2680.430434][T26387] kernel_stack 65536 [ 2680.430434][T26387] pagetables 73728 [ 2680.430434][T26387] percpu 5619264 [ 2680.430434][T26387] sock 0 [ 2680.430434][T26387] vmalloc 0 [ 2680.430434][T26387] shmem 364544 [ 2680.430434][T26387] zswap 0 [ 2680.430434][T26387] zswapped 0 [ 2680.430434][T26387] file_mapped 364544 [ 2680.430434][T26387] file_dirty 0 [ 2680.430434][T26387] file_writeback 0 [ 2680.430434][T26387] swapcached 0 [ 2680.430434][T26387] anon_thp 0 [ 2680.430434][T26387] file_thp 0 [ 2680.430434][T26387] shmem_thp 0 [ 2680.430434][T26387] inactive_anon 118784 [ 2680.430434][T26387] active_anon 360448 [ 2680.430434][T26387] inactive_file 0 [ 2680.430434][T26387] active_file 0 [ 2680.430434][T26387] unevictable 0 [ 2680.430434][T26387] slab_reclaimable 127032 [ 2680.430434][T26387] slab_unreclaimable 308178072 [ 2680.430434][T26387] slab 308305104 [ 2680.528085][T26387] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26387,uid=0 11:16:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x716}]}}]}, 0x40}, 0x7}, 0x0) 11:16:35 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2a030000) 11:16:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}}, 0x24}, 0x7}, 0x0) 11:16:35 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70a}]}}]}, 0x40}, 0x7}, 0x0) 11:16:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7dc}]}}]}, 0x40}, 0x7}, 0x0) 11:16:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x220}]}}]}, 0x40}, 0x7}, 0x0) [ 2680.550063][T26387] Memory cgroup out of memory: Killed process 26387 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:35 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2b020000) [ 2680.628489][T26427] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2680.711569][T26422] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2680.745279][T26422] CPU: 0 PID: 26422 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2680.755416][T26422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2680.765504][T26422] Call Trace: [ 2680.768806][T26422] [ 2680.771772][T26422] dump_stack_lvl+0xcd/0x134 [ 2680.776412][T26422] dump_header+0x10b/0x7f9 [ 2680.780878][T26422] oom_kill_process.cold+0x10/0x15 [ 2680.786039][T26422] out_of_memory+0x358/0x14a0 [ 2680.790764][T26422] ? find_held_lock+0x2d/0x110 [ 2680.795564][T26422] ? oom_killer_disable+0x270/0x270 [ 2680.800803][T26422] ? find_held_lock+0x2d/0x110 [ 2680.805628][T26422] mem_cgroup_out_of_memory+0x206/0x270 [ 2680.811206][T26422] ? mem_cgroup_margin+0x130/0x130 [ 2680.816386][T26422] ? lock_downgrade+0x6e0/0x6e0 [ 2680.821299][T26422] try_charge_memcg+0xf67/0x13f0 [ 2680.826296][T26422] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2680.832323][T26422] ? lock_downgrade+0x6e0/0x6e0 [ 2680.837222][T26422] charge_memcg+0x31/0x320 [ 2680.841691][T26422] __mem_cgroup_charge+0x27/0x90 [ 2680.846659][T26422] ? _compound_head+0x5d/0x150 [ 2680.851453][T26422] wp_page_copy+0x27c/0x1b10 [ 2680.856067][T26422] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2680.861538][T26422] ? lock_downgrade+0x6e0/0x6e0 [ 2680.866487][T26422] ? vm_normal_page+0x146/0x2a0 [ 2680.871379][T26422] do_wp_page+0x52c/0x1910 [ 2680.875816][T26422] __handle_mm_fault+0x1813/0x39b0 [ 2680.880973][T26422] ? vm_iomap_memory+0x190/0x190 [ 2680.885951][T26422] handle_mm_fault+0x1c8/0x780 [ 2680.890750][T26422] do_user_addr_fault+0x475/0x1210 [ 2680.895894][T26422] exc_page_fault+0x94/0x170 [ 2680.900593][T26422] asm_exc_page_fault+0x22/0x30 [ 2680.905466][T26422] RIP: 0033:0x7fa378a362de [ 2680.909986][T26422] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2680.929627][T26422] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2680.935709][T26422] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2680.943690][T26422] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2680.951673][T26422] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2680.959654][T26422] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2680.967740][T26422] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2680.975826][T26422] [ 2680.993080][T26422] memory: usage 307200kB, limit 307200kB, failcnt 55675 [ 2681.000499][T26422] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2681.008083][T26422] Memory cgroup stats for /syz4: [ 2681.008268][T26422] anon 90112 [ 2681.008268][T26422] file 372736 [ 2681.008268][T26422] kernel 314109952 [ 2681.008268][T26422] kernel_stack 65536 [ 2681.008268][T26422] pagetables 65536 [ 2681.008268][T26422] percpu 5624000 [ 2681.008268][T26422] sock 0 [ 2681.008268][T26422] vmalloc 0 [ 2681.008268][T26422] shmem 372736 [ 2681.008268][T26422] zswap 0 [ 2681.008268][T26422] zswapped 0 [ 2681.008268][T26422] file_mapped 372736 [ 2681.008268][T26422] file_dirty 0 [ 2681.008268][T26422] file_writeback 0 [ 2681.008268][T26422] swapcached 0 [ 2681.008268][T26422] anon_thp 0 [ 2681.008268][T26422] file_thp 0 [ 2681.008268][T26422] shmem_thp 0 [ 2681.008268][T26422] inactive_anon 139264 [ 2681.008268][T26422] active_anon 323584 [ 2681.008268][T26422] inactive_file 0 [ 2681.008268][T26422] active_file 0 [ 2681.008268][T26422] unevictable 0 [ 2681.008268][T26422] slab_reclaimable 17888 [ 2681.008268][T26422] slab_unreclaimable 308300720 [ 2681.008268][T26422] slab 308318608 [ 2681.117531][T26422] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26422,uid=0 [ 2681.118631][T26426] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2681.143044][T26422] Memory cgroup out of memory: Killed process 26422 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 11:16:35 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3f000000) [ 2681.171784][T26436] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2681.208201][T26430] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 11:16:36 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70b}]}}]}, 0x40}, 0x7}, 0x0) [ 2681.233601][T26430] CPU: 1 PID: 26430 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2681.243735][T26430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2681.253821][T26430] Call Trace: [ 2681.257221][T26430] [ 2681.260182][T26430] dump_stack_lvl+0xcd/0x134 [ 2681.264815][T26430] dump_header+0x10b/0x7f9 [ 2681.269278][T26430] oom_kill_process.cold+0x10/0x15 [ 2681.274435][T26430] out_of_memory+0x358/0x14a0 11:16:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x60000000) 11:16:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7dd}]}}]}, 0x40}, 0x7}, 0x0) [ 2681.279173][T26430] ? oom_killer_disable+0x270/0x270 [ 2681.284422][T26430] ? find_held_lock+0x2d/0x110 [ 2681.289237][T26430] mem_cgroup_out_of_memory+0x206/0x270 [ 2681.294819][T26430] ? mem_cgroup_margin+0x130/0x130 [ 2681.299961][T26430] ? lock_downgrade+0x6e0/0x6e0 [ 2681.304861][T26430] try_charge_memcg+0xf67/0x13f0 [ 2681.309848][T26430] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2681.315878][T26430] ? lock_downgrade+0x6e0/0x6e0 [ 2681.320784][T26430] charge_memcg+0x31/0x320 [ 2681.325247][T26430] __mem_cgroup_charge+0x27/0x90 [ 2681.330228][T26430] ? _compound_head+0x5d/0x150 [ 2681.335045][T26430] wp_page_copy+0x27c/0x1b10 [ 2681.339697][T26430] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2681.345195][T26430] ? lock_downgrade+0x6e0/0x6e0 [ 2681.350082][T26430] ? vm_normal_page+0x146/0x2a0 [ 2681.354981][T26430] do_wp_page+0x52c/0x1910 [ 2681.359425][T26430] __handle_mm_fault+0x1813/0x39b0 [ 2681.364541][T26430] ? vm_iomap_memory+0x190/0x190 [ 2681.369493][T26430] handle_mm_fault+0x1c8/0x780 [ 2681.374275][T26430] do_user_addr_fault+0x475/0x1210 [ 2681.379420][T26430] exc_page_fault+0x94/0x170 [ 2681.384013][T26430] asm_exc_page_fault+0x22/0x30 [ 2681.388985][T26430] RIP: 0033:0x7fefdee35a15 [ 2681.393406][T26430] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2681.413041][T26430] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2681.419112][T26430] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2681.427108][T26430] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2681.435114][T26430] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2681.443120][T26430] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 000000000028e777 [ 2681.451122][T26430] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2681.459135][T26430] [ 2681.469767][T26430] memory: usage 307200kB, limit 307200kB, failcnt 54509 [ 2681.476848][T26430] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2681.483794][T26430] Memory cgroup stats for /syz2: [ 2681.484007][T26430] anon 98304 [ 2681.484007][T26430] file 364544 [ 2681.484007][T26430] kernel 314109952 [ 2681.484007][T26430] kernel_stack 65536 [ 2681.484007][T26430] pagetables 73728 [ 2681.484007][T26430] percpu 5619264 [ 2681.484007][T26430] sock 0 [ 2681.484007][T26430] vmalloc 0 [ 2681.484007][T26430] shmem 364544 [ 2681.484007][T26430] zswap 0 [ 2681.484007][T26430] zswapped 0 [ 2681.484007][T26430] file_mapped 364544 [ 2681.484007][T26430] file_dirty 0 [ 2681.484007][T26430] file_writeback 0 [ 2681.484007][T26430] swapcached 0 [ 2681.484007][T26430] anon_thp 0 [ 2681.484007][T26430] file_thp 0 [ 2681.484007][T26430] shmem_thp 0 [ 2681.484007][T26430] inactive_anon 102400 [ 2681.484007][T26430] active_anon 360448 [ 2681.484007][T26430] inactive_file 0 [ 2681.484007][T26430] active_file 0 [ 2681.484007][T26430] unevictable 0 [ 2681.484007][T26430] slab_reclaimable 127032 [ 2681.484007][T26430] slab_unreclaimable 308189472 [ 2681.484007][T26430] slab 308316504 11:16:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x62030000) [ 2681.602699][T26430] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26430,uid=0 [ 2681.634662][T26430] Memory cgroup out of memory: Killed process 26430 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2681.655364][T26424] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2681.671662][T26424] CPU: 0 PID: 26424 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2681.681806][T26424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2681.692167][T26424] Call Trace: [ 2681.695471][T26424] [ 2681.698425][T26424] dump_stack_lvl+0xcd/0x134 [ 2681.703047][T26424] dump_header+0x10b/0x7f9 [ 2681.707487][T26424] oom_kill_process.cold+0x10/0x15 [ 2681.712622][T26424] out_of_memory+0x358/0x14a0 [ 2681.717326][T26424] ? oom_killer_disable+0x270/0x270 [ 2681.722549][T26424] ? find_held_lock+0x2d/0x110 [ 2681.727340][T26424] mem_cgroup_out_of_memory+0x206/0x270 [ 2681.732904][T26424] ? mem_cgroup_margin+0x130/0x130 [ 2681.738030][T26424] ? lock_downgrade+0x6e0/0x6e0 [ 2681.742999][T26424] try_charge_memcg+0xf67/0x13f0 [ 2681.748572][T26424] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2681.754573][T26424] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2681.760309][T26424] ? lock_downgrade+0x6e0/0x6e0 [ 2681.765179][T26424] ? lock_downgrade+0x6e0/0x6e0 [ 2681.770054][T26424] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2681.775627][T26424] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2681.781801][T26424] copy_process+0x15f3/0x7090 [ 2681.786498][T26424] ? find_held_lock+0x2d/0x110 [ 2681.791295][T26424] ? __cleanup_sighand+0xb0/0xb0 [ 2681.796285][T26424] kernel_clone+0xe7/0xab0 [ 2681.800719][T26424] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2681.806718][T26424] ? create_io_thread+0xe0/0xe0 [ 2681.811697][T26424] ? find_held_lock+0x2d/0x110 [ 2681.816500][T26424] ? __ct_user_exit+0xff/0x150 [ 2681.821329][T26424] __do_sys_clone+0xba/0x100 [ 2681.825950][T26424] ? kernel_clone+0xab0/0xab0 [ 2681.830670][T26424] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2681.836582][T26424] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2681.842497][T26424] do_syscall_64+0x35/0xb0 [ 2681.846937][T26424] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2681.852852][T26424] RIP: 0033:0x7f89d288c9d1 [ 2681.857278][T26424] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2681.876899][T26424] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2681.885327][T26424] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2681.893313][T26424] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 11:16:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x717}]}}]}, 0x40}, 0x7}, 0x0) 11:16:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7de}]}}]}, 0x40}, 0x7}, 0x0) [ 2681.901292][T26424] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2681.909273][T26424] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2681.917263][T26424] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2681.925267][T26424] [ 2681.979898][T26424] memory: usage 307200kB, limit 307200kB, failcnt 54573 [ 2681.987667][T26424] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2681.995252][T26424] Memory cgroup stats for /syz3: [ 2681.995471][T26424] anon 147456 [ 2681.995471][T26424] file 385024 [ 2681.995471][T26424] kernel 314040320 [ 2681.995471][T26424] kernel_stack 98304 [ 2681.995471][T26424] pagetables 81920 [ 2681.995471][T26424] percpu 5618080 [ 2681.995471][T26424] sock 0 [ 2681.995471][T26424] vmalloc 0 [ 2681.995471][T26424] shmem 385024 [ 2681.995471][T26424] zswap 0 [ 2681.995471][T26424] zswapped 0 [ 2681.995471][T26424] file_mapped 311296 [ 2681.995471][T26424] file_dirty 0 [ 2681.995471][T26424] file_writeback 0 [ 2681.995471][T26424] swapcached 0 [ 2681.995471][T26424] anon_thp 0 [ 2681.995471][T26424] file_thp 0 [ 2681.995471][T26424] shmem_thp 0 [ 2681.995471][T26424] inactive_anon 200704 [ 2681.995471][T26424] active_anon 331776 [ 2681.995471][T26424] inactive_file 0 [ 2681.995471][T26424] active_file 0 [ 2681.995471][T26424] unevictable 0 [ 2681.995471][T26424] slab_reclaimable 22760 [ 2681.995471][T26424] slab_unreclaimable 308158672 [ 2681.995471][T26424] slab 308181432 [ 2682.093012][T26424] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26424,uid=0 [ 2682.109484][T26424] Memory cgroup out of memory: Killed process 26424 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2682.183931][T26451] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2682.209930][T26451] CPU: 1 PID: 26451 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2682.220062][T26451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2682.230139][T26451] Call Trace: [ 2682.233416][T26451] [ 2682.236426][T26451] dump_stack_lvl+0xcd/0x134 [ 2682.241022][T26451] dump_header+0x10b/0x7f9 [ 2682.245461][T26451] oom_kill_process.cold+0x10/0x15 [ 2682.250660][T26451] out_of_memory+0x358/0x14a0 [ 2682.255341][T26451] ? find_held_lock+0x2d/0x110 [ 2682.260109][T26451] ? oom_killer_disable+0x270/0x270 [ 2682.265318][T26451] ? find_held_lock+0x2d/0x110 [ 2682.270129][T26451] mem_cgroup_out_of_memory+0x206/0x270 [ 2682.275675][T26451] ? mem_cgroup_margin+0x130/0x130 [ 2682.280794][T26451] ? lock_downgrade+0x6e0/0x6e0 [ 2682.285668][T26451] try_charge_memcg+0xf67/0x13f0 [ 2682.290614][T26451] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2682.296602][T26451] ? lock_downgrade+0x6e0/0x6e0 [ 2682.301575][T26451] charge_memcg+0x31/0x320 [ 2682.305998][T26451] __mem_cgroup_charge+0x27/0x90 [ 2682.310942][T26451] ? _compound_head+0x5d/0x150 [ 2682.315723][T26451] wp_page_copy+0x27c/0x1b10 [ 2682.320338][T26451] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2682.325799][T26451] ? lock_downgrade+0x6e0/0x6e0 [ 2682.330671][T26451] ? vm_normal_page+0x146/0x2a0 [ 2682.335640][T26451] do_wp_page+0x52c/0x1910 [ 2682.340129][T26451] __handle_mm_fault+0x1813/0x39b0 [ 2682.345280][T26451] ? vm_iomap_memory+0x190/0x190 [ 2682.350240][T26451] handle_mm_fault+0x1c8/0x780 [ 2682.355023][T26451] do_user_addr_fault+0x475/0x1210 [ 2682.360195][T26451] exc_page_fault+0x94/0x170 [ 2682.364803][T26451] asm_exc_page_fault+0x22/0x30 [ 2682.369862][T26451] RIP: 0033:0x7fefdee362de [ 2682.374400][T26451] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2682.394104][T26451] RSP: 002b:00007ffd4124e640 EFLAGS: 00010246 [ 2682.400187][T26451] RAX: 00007fefdefabf80 RBX: 00007fefdefabf8c RCX: 0000000000000000 [ 2682.408243][T26451] RDX: 0000000000000000 RSI: 00007fefdefabf88 RDI: 0000000000000000 [ 2682.416241][T26451] RBP: 00007fefdefabf80 R08: 00007fefe005a700 R09: 00007fefe005a700 [ 2682.424221][T26451] R10: 00007fefe005a9d0 R11: 0000000000000206 R12: 00007fefdefabf8c [ 2682.432192][T26451] R13: 00007fefdefb0060 R14: 00007fefdefabf80 R15: 0000000000000000 [ 2682.440205][T26451] [ 2682.455413][T26451] memory: usage 307200kB, limit 307200kB, failcnt 54574 [ 2682.462580][T26451] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2682.470240][T26451] Memory cgroup stats for /syz2: [ 2682.470474][T26451] anon 90112 [ 2682.470474][T26451] file 364544 [ 2682.470474][T26451] kernel 314118144 [ 2682.470474][T26451] kernel_stack 65536 [ 2682.470474][T26451] pagetables 69632 [ 2682.470474][T26451] percpu 5619264 [ 2682.470474][T26451] sock 0 [ 2682.470474][T26451] vmalloc 0 [ 2682.470474][T26451] shmem 364544 [ 2682.470474][T26451] zswap 0 [ 2682.470474][T26451] zswapped 0 [ 2682.470474][T26451] file_mapped 364544 [ 2682.470474][T26451] file_dirty 0 [ 2682.470474][T26451] file_writeback 0 [ 2682.470474][T26451] swapcached 0 [ 2682.470474][T26451] anon_thp 0 [ 2682.470474][T26451] file_thp 0 [ 2682.470474][T26451] shmem_thp 0 [ 2682.470474][T26451] inactive_anon 94208 [ 2682.470474][T26451] active_anon 360448 [ 2682.470474][T26451] inactive_file 0 [ 2682.470474][T26451] active_file 0 [ 2682.470474][T26451] unevictable 0 [ 2682.470474][T26451] slab_reclaimable 125104 [ 2682.470474][T26451] slab_unreclaimable 308200224 [ 2682.470474][T26451] slab 308325328 [ 2682.564108][T26451] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26451,uid=0 [ 2682.579832][T26451] Memory cgroup out of memory: Killed process 26451 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 2682.597840][T26425] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2682.614837][T26425] CPU: 0 PID: 26425 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2682.624966][T26425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2682.635055][T26425] Call Trace: [ 2682.638360][T26425] [ 2682.641317][T26425] dump_stack_lvl+0xcd/0x134 [ 2682.645949][T26425] dump_header+0x10b/0x7f9 [ 2682.650393][T26425] oom_kill_process.cold+0x10/0x15 [ 2682.655525][T26425] out_of_memory+0x358/0x14a0 [ 2682.660236][T26425] ? oom_killer_disable+0x270/0x270 [ 2682.665456][T26425] ? find_held_lock+0x2d/0x110 [ 2682.670256][T26425] mem_cgroup_out_of_memory+0x206/0x270 [ 2682.675817][T26425] ? mem_cgroup_margin+0x130/0x130 [ 2682.680960][T26425] ? lock_downgrade+0x6e0/0x6e0 [ 2682.685862][T26425] try_charge_memcg+0xf67/0x13f0 [ 2682.690838][T26425] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2682.696835][T26425] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2682.702579][T26425] ? lock_downgrade+0x6e0/0x6e0 [ 2682.707540][T26425] ? lock_downgrade+0x6e0/0x6e0 [ 2682.712417][T26425] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2682.717983][T26425] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2682.724189][T26425] copy_process+0x73e/0x7090 [ 2682.728924][T26425] ? __lock_acquire+0xbc3/0x56d0 [ 2682.733984][T26425] ? __cleanup_sighand+0xb0/0xb0 [ 2682.738960][T26425] kernel_clone+0xe7/0xab0 [ 2682.743395][T26425] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2682.749404][T26425] ? create_io_thread+0xe0/0xe0 [ 2682.754282][T26425] ? find_held_lock+0x2d/0x110 [ 2682.759181][T26425] ? __ct_user_exit+0xff/0x150 [ 2682.763983][T26425] __do_sys_clone+0xba/0x100 [ 2682.768604][T26425] ? kernel_clone+0xab0/0xab0 [ 2682.773329][T26425] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2682.779345][T26425] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2682.785348][T26425] do_syscall_64+0x35/0xb0 [ 2682.789789][T26425] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2682.795792][T26425] RIP: 0033:0x7f542068c9d1 [ 2682.800218][T26425] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2682.819848][T26425] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2682.828539][T26425] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2682.836525][T26425] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2682.844509][T26425] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2682.852534][T26425] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2682.860532][T26425] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2682.868544][T26425] [ 2682.877247][T26425] memory: usage 307200kB, limit 307200kB, failcnt 39936 [ 2682.889341][T26425] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2682.897454][T26425] Memory cgroup stats for /syz5: [ 2682.897678][T26425] anon 147456 [ 2682.897678][T26425] file 364544 [ 2682.897678][T26425] kernel 314060800 [ 2682.897678][T26425] kernel_stack 98304 [ 2682.897678][T26425] pagetables 81920 [ 2682.897678][T26425] percpu 5618080 [ 2682.897678][T26425] sock 0 [ 2682.897678][T26425] vmalloc 0 [ 2682.897678][T26425] shmem 356352 [ 2682.897678][T26425] zswap 0 [ 2682.897678][T26425] zswapped 0 [ 2682.897678][T26425] file_mapped 356352 [ 2682.897678][T26425] file_dirty 0 [ 2682.897678][T26425] file_writeback 0 [ 2682.897678][T26425] swapcached 0 [ 2682.897678][T26425] anon_thp 0 [ 2682.897678][T26425] file_thp 0 [ 2682.897678][T26425] shmem_thp 0 [ 2682.897678][T26425] inactive_anon 151552 [ 2682.897678][T26425] active_anon 352256 [ 2682.897678][T26425] inactive_file 4096 [ 2682.897678][T26425] active_file 4096 [ 2682.897678][T26425] unevictable 0 [ 2682.897678][T26425] slab_reclaimable 20960 [ 2682.897678][T26425] slab_unreclaimable 308199952 [ 2682.897678][T26425] slab 308220912 [ 2682.999904][T26425] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26425,uid=0 [ 2683.015685][T26425] Memory cgroup out of memory: Killed process 26425 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2683.033655][T26456] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2683.047301][T26456] CPU: 0 PID: 26456 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2683.057434][T26456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2683.067531][T26456] Call Trace: [ 2683.070829][T26456] [ 2683.073782][T26456] dump_stack_lvl+0xcd/0x134 [ 2683.078412][T26456] dump_header+0x10b/0x7f9 [ 2683.082875][T26456] oom_kill_process.cold+0x10/0x15 [ 2683.088028][T26456] out_of_memory+0x358/0x14a0 [ 2683.092759][T26456] ? oom_killer_disable+0x270/0x270 [ 2683.098004][T26456] ? find_held_lock+0x2d/0x110 [ 2683.102819][T26456] mem_cgroup_out_of_memory+0x206/0x270 [ 2683.108415][T26456] ? mem_cgroup_margin+0x130/0x130 [ 2683.113599][T26456] ? lock_downgrade+0x6e0/0x6e0 [ 2683.118507][T26456] try_charge_memcg+0xf67/0x13f0 [ 2683.123495][T26456] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2683.129534][T26456] ? lock_downgrade+0x6e0/0x6e0 [ 2683.134448][T26456] charge_memcg+0x31/0x320 11:16:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}}, 0x24}, 0x7}, 0x0) 11:16:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x65580000) 11:16:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x221}]}}]}, 0x40}, 0x7}, 0x0) 11:16:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7df}]}}]}, 0x40}, 0x7}, 0x0) 11:16:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x718}]}}]}, 0x40}, 0x7}, 0x0) [ 2683.138911][T26456] __mem_cgroup_charge+0x27/0x90 [ 2683.143892][T26456] ? _compound_head+0x5d/0x150 [ 2683.148709][T26456] wp_page_copy+0x27c/0x1b10 [ 2683.153359][T26456] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2683.158865][T26456] ? lock_downgrade+0x6e0/0x6e0 [ 2683.163752][T26456] ? vm_normal_page+0x146/0x2a0 [ 2683.168651][T26456] do_wp_page+0x52c/0x1910 [ 2683.173108][T26456] __handle_mm_fault+0x1813/0x39b0 [ 2683.178279][T26456] ? vm_iomap_memory+0x190/0x190 [ 2683.183282][T26456] handle_mm_fault+0x1c8/0x780 [ 2683.188089][T26456] do_user_addr_fault+0x475/0x1210 [ 2683.193258][T26456] exc_page_fault+0x94/0x170 [ 2683.197889][T26456] asm_exc_page_fault+0x22/0x30 [ 2683.202780][T26456] RIP: 0033:0x7fa378a362de [ 2683.207217][T26456] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2683.226862][T26456] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2683.232969][T26456] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2683.240984][T26456] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2683.248987][T26456] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2683.256998][T26456] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2683.265013][T26456] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2683.273055][T26456] 11:16:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x68c9458d) [ 2683.287217][T26467] __nla_validate_parse: 2 callbacks suppressed [ 2683.287238][T26467] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2683.330352][T26456] memory: usage 307184kB, limit 307200kB, failcnt 55748 [ 2683.340344][T26456] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2683.357767][T26456] Memory cgroup stats for /syz4: [ 2683.358011][T26456] anon 90112 [ 2683.358011][T26456] file 372736 [ 2683.358011][T26456] kernel 314093568 [ 2683.358011][T26456] kernel_stack 65536 [ 2683.358011][T26456] pagetables 65536 [ 2683.358011][T26456] percpu 5624000 [ 2683.358011][T26456] sock 0 [ 2683.358011][T26456] vmalloc 0 [ 2683.358011][T26456] shmem 372736 [ 2683.358011][T26456] zswap 0 [ 2683.358011][T26456] zswapped 0 [ 2683.358011][T26456] file_mapped 372736 [ 2683.358011][T26456] file_dirty 0 [ 2683.358011][T26456] file_writeback 0 [ 2683.358011][T26456] swapcached 0 [ 2683.358011][T26456] anon_thp 0 [ 2683.358011][T26456] file_thp 0 [ 2683.358011][T26456] shmem_thp 0 [ 2683.358011][T26456] inactive_anon 139264 [ 2683.358011][T26456] active_anon 323584 [ 2683.358011][T26456] inactive_file 0 [ 2683.358011][T26456] active_file 0 [ 2683.358011][T26456] unevictable 0 [ 2683.358011][T26456] slab_reclaimable 17888 [ 2683.358011][T26456] slab_unreclaimable 308289320 [ 2683.358011][T26456] slab 308307208 [ 2683.456439][T26456] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26456,uid=0 [ 2683.474180][T26456] Memory cgroup out of memory: Killed process 26456 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 11:16:38 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70c}]}}]}, 0x40}, 0x7}, 0x0) 11:16:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x76000000) [ 2683.508144][T26467] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=1, oom_score_adj=1000 [ 2683.541116][T26467] CPU: 0 PID: 26467 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2683.551268][T26467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2683.561365][T26467] Call Trace: [ 2683.564673][T26467] [ 2683.567630][T26467] dump_stack_lvl+0xcd/0x134 [ 2683.572279][T26467] dump_header+0x10b/0x7f9 [ 2683.576746][T26467] oom_kill_process.cold+0x10/0x15 [ 2683.581914][T26467] out_of_memory+0x358/0x14a0 [ 2683.586654][T26467] ? oom_killer_disable+0x270/0x270 [ 2683.591996][T26467] ? find_held_lock+0x2d/0x110 [ 2683.596827][T26467] mem_cgroup_out_of_memory+0x206/0x270 [ 2683.602422][T26467] ? mem_cgroup_margin+0x130/0x130 [ 2683.607570][T26467] ? lock_downgrade+0x6e0/0x6e0 [ 2683.612481][T26467] try_charge_memcg+0xf67/0x13f0 [ 2683.617455][T26467] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2683.623453][T26467] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2683.629222][T26467] ? lock_downgrade+0x6e0/0x6e0 [ 2683.634139][T26467] obj_cgroup_charge+0x2ab/0x5e0 [ 2683.639131][T26467] __kmalloc+0xb2/0x340 [ 2683.643329][T26467] ? veth_dev_init+0x1d8/0x3e0 [ 2683.648156][T26467] veth_dev_init+0x1d8/0x3e0 [ 2683.652802][T26467] ? veth_get_num_queues+0x50/0x50 [ 2683.657975][T26467] register_netdevice+0x580/0x1670 [ 2683.663116][T26467] ? netdev_change_features+0xb0/0xb0 [ 2683.668540][T26467] ? dev_addr_mod+0x2c9/0x3f0 [ 2683.673268][T26467] veth_newlink+0x338/0x990 [ 2683.677819][T26467] ? veth_set_features+0x190/0x190 [ 2683.682946][T26467] ? netlink_unicast+0x543/0x7f0 [ 2683.687922][T26467] ? netlink_sendmsg+0x917/0xe10 [ 2683.692871][T26467] ? sock_sendmsg+0xcf/0x120 [ 2683.697572][T26467] ? ____sys_sendmsg+0x712/0x8c0 [ 2683.702515][T26467] ? ___sys_sendmsg+0x110/0x1b0 [ 2683.707368][T26467] ? __sys_sendmsg+0xf3/0x1c0 [ 2683.712081][T26467] ? do_syscall_64+0x35/0xb0 [ 2683.716800][T26467] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2683.722899][T26467] ? find_held_lock+0x2d/0x110 [ 2683.727718][T26467] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2683.733642][T26467] ? lock_downgrade+0x6e0/0x6e0 [ 2683.738511][T26467] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2683.744125][T26467] ? trace_kmalloc_node+0x32/0x100 [ 2683.749266][T26467] ? __kmalloc_node+0x1bf/0x380 [ 2683.754204][T26467] ? memset+0x20/0x40 [ 2683.758209][T26467] ? __xdp_rxq_info_reg+0x189/0x340 [ 2683.763441][T26467] ? memcpy+0x39/0x60 [ 2683.767469][T26467] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2683.772619][T26467] ? rtnl_create_link+0x7e8/0xca0 [ 2683.777942][T26467] ? veth_set_features+0x190/0x190 [ 2683.783087][T26467] __rtnl_newlink+0x1087/0x17e0 [ 2683.788595][T26467] ? rtnl_link_unregister+0x250/0x250 [ 2683.793975][T26467] ? rtnl_newlink+0x46/0xa0 [ 2683.798518][T26467] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2683.804095][T26467] ? trace_kmalloc+0x32/0x100 [ 2683.808824][T26467] rtnl_newlink+0x64/0xa0 [ 2683.813194][T26467] ? __rtnl_newlink+0x17e0/0x17e0 [ 2683.818285][T26467] rtnetlink_rcv_msg+0x43a/0xca0 [ 2683.823261][T26467] ? rtnl_getlink+0xae0/0xae0 [ 2683.828003][T26467] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2683.833446][T26467] ? ref_tracker_free+0x370/0x6b0 [ 2683.838511][T26467] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2683.843900][T26467] netlink_rcv_skb+0x153/0x420 [ 2683.848670][T26467] ? rtnl_getlink+0xae0/0xae0 [ 2683.853437][T26467] ? netlink_ack+0xd50/0xd50 [ 2683.858028][T26467] ? netlink_deliver_tap+0x1a2/0xc40 [ 2683.863320][T26467] ? netlink_deliver_tap+0x1b1/0xc40 [ 2683.868631][T26467] netlink_unicast+0x543/0x7f0 [ 2683.873428][T26467] ? netlink_attachskb+0x880/0x880 [ 2683.878545][T26467] ? __phys_addr+0xc4/0x140 [ 2683.883178][T26467] ? __phys_addr_symbol+0x2c/0x70 [ 2683.888251][T26467] ? __check_object_size+0x2de/0x700 [ 2683.893571][T26467] netlink_sendmsg+0x917/0xe10 [ 2683.898377][T26467] ? netlink_unicast+0x7f0/0x7f0 [ 2683.903346][T26467] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2683.908658][T26467] ? netlink_unicast+0x7f0/0x7f0 [ 2683.913643][T26467] sock_sendmsg+0xcf/0x120 [ 2683.918093][T26467] ____sys_sendmsg+0x712/0x8c0 [ 2683.922891][T26467] ? copy_msghdr_from_user+0xfc/0x150 [ 2683.928284][T26467] ? kernel_sendmsg+0x50/0x50 [ 2683.932993][T26467] ? futex_unqueue+0xb3/0x120 [ 2683.939607][T26467] ___sys_sendmsg+0x110/0x1b0 [ 2683.944323][T26467] ? do_recvmmsg+0x6e0/0x6e0 [ 2683.948919][T26467] ? __fget_files+0x248/0x440 [ 2683.953606][T26467] ? lock_downgrade+0x6e0/0x6e0 [ 2683.958569][T26467] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2683.964558][T26467] ? __fget_files+0x26a/0x440 [ 2683.969339][T26467] ? __fget_light+0xe5/0x270 [ 2683.973938][T26467] __sys_sendmsg+0xf3/0x1c0 [ 2683.978446][T26467] ? __sys_sendmsg_sock+0x30/0x30 [ 2683.983489][T26467] ? lock_downgrade+0x6e0/0x6e0 [ 2683.988374][T26467] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2683.994976][T26467] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2684.000886][T26467] ? lockdep_hardirqs_on+0x79/0x100 [ 2684.006137][T26467] do_syscall_64+0x35/0xb0 [ 2684.010607][T26467] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2684.016521][T26467] RIP: 0033:0x7f89d288b5a9 [ 2684.020944][T26467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2684.040574][T26467] RSP: 002b:00007f89d3ab2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2684.049093][T26467] RAX: ffffffffffffffda RBX: 00007f89d29abf80 RCX: 00007f89d288b5a9 [ 2684.057096][T26467] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 2684.065085][T26467] RBP: 00007f89d28e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2684.073102][T26467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2684.081109][T26467] R13: 00007fff483831ef R14: 00007f89d3ab2300 R15: 0000000000022000 [ 2684.089140][T26467] [ 2684.104512][T26467] memory: usage 307200kB, limit 307200kB, failcnt 54630 [ 2684.112835][T26467] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2684.119760][T26467] Memory cgroup stats for /syz3: [ 2684.120031][T26467] anon 147456 [ 2684.120031][T26467] file 385024 [ 2684.120031][T26467] kernel 314040320 [ 2684.120031][T26467] kernel_stack 98304 [ 2684.120031][T26467] pagetables 81920 [ 2684.120031][T26467] percpu 5618080 [ 2684.120031][T26467] sock 0 [ 2684.120031][T26467] vmalloc 0 [ 2684.120031][T26467] shmem 385024 [ 2684.120031][T26467] zswap 0 [ 2684.120031][T26467] zswapped 0 [ 2684.120031][T26467] file_mapped 311296 [ 2684.120031][T26467] file_dirty 0 [ 2684.120031][T26467] file_writeback 0 [ 2684.120031][T26467] swapcached 0 [ 2684.120031][T26467] anon_thp 0 [ 2684.120031][T26467] file_thp 0 [ 2684.120031][T26467] shmem_thp 0 [ 2684.120031][T26467] inactive_anon 200704 [ 2684.120031][T26467] active_anon 331776 [ 2684.120031][T26467] inactive_file 0 [ 2684.120031][T26467] active_file 0 [ 2684.120031][T26467] unevictable 0 [ 2684.120031][T26467] slab_reclaimable 22760 [ 2684.120031][T26467] slab_unreclaimable 308179192 [ 2684.120031][T26467] slab 308201952 [ 2684.214468][T26467] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26460,uid=0 [ 2684.236855][T26467] Memory cgroup out of memory: Killed process 26460 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2684.262964][T26462] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2684.290224][T26462] CPU: 1 PID: 26462 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2684.300364][T26462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2684.310447][T26462] Call Trace: [ 2684.313752][T26462] [ 2684.316702][T26462] dump_stack_lvl+0xcd/0x134 [ 2684.321321][T26462] dump_header+0x10b/0x7f9 [ 2684.325792][T26462] oom_kill_process.cold+0x10/0x15 [ 2684.330939][T26462] out_of_memory+0x358/0x14a0 [ 2684.335663][T26462] ? oom_killer_disable+0x270/0x270 [ 2684.340990][T26462] ? find_held_lock+0x2d/0x110 [ 2684.345806][T26462] mem_cgroup_out_of_memory+0x206/0x270 [ 2684.351377][T26462] ? mem_cgroup_margin+0x130/0x130 [ 2684.356499][T26462] ? lock_downgrade+0x6e0/0x6e0 [ 2684.361383][T26462] try_charge_memcg+0xf67/0x13f0 [ 2684.366348][T26462] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2684.372347][T26462] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2684.378083][T26462] ? lock_downgrade+0x6e0/0x6e0 [ 2684.382949][T26462] ? lock_downgrade+0x6e0/0x6e0 [ 2684.387811][T26462] ? rcu_read_unlock+0x9/0x60 [ 2684.392524][T26462] obj_cgroup_charge+0x2ab/0x5e0 [ 2684.397485][T26462] ? copy_process+0x5c2/0x7090 [ 2684.402264][T26462] kmem_cache_alloc_node+0x92/0x3f0 [ 2684.407482][T26462] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2684.412707][T26462] copy_process+0x5c2/0x7090 [ 2684.417324][T26462] ? find_held_lock+0x2d/0x110 [ 2684.422122][T26462] ? find_held_lock+0x2d/0x110 [ 2684.426915][T26462] ? __cleanup_sighand+0xb0/0xb0 [ 2684.431890][T26462] kernel_clone+0xe7/0xab0 [ 2684.436337][T26462] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2684.442422][T26462] ? create_io_thread+0xe0/0xe0 [ 2684.447295][T26462] ? find_held_lock+0x2d/0x110 [ 2684.452087][T26462] ? __ct_user_exit+0xff/0x150 [ 2684.456876][T26462] __do_sys_clone+0xba/0x100 [ 2684.461484][T26462] ? kernel_clone+0xab0/0xab0 [ 2684.466186][T26462] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2684.472103][T26462] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2684.478038][T26462] do_syscall_64+0x35/0xb0 [ 2684.482481][T26462] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2684.488401][T26462] RIP: 0033:0x7f542068c9d1 [ 2684.492827][T26462] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2684.512450][T26462] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2684.520877][T26462] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2684.528858][T26462] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2684.536838][T26462] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2684.544827][T26462] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2684.552891][T26462] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2684.560891][T26462] [ 2684.586863][T26462] memory: usage 307196kB, limit 307200kB, failcnt 40000 [ 2684.594355][T26462] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2684.601391][T26462] Memory cgroup stats for /syz5: [ 2684.601575][T26462] anon 147456 [ 2684.601575][T26462] file 364544 [ 2684.601575][T26462] kernel 314056704 [ 2684.601575][T26462] kernel_stack 98304 [ 2684.601575][T26462] pagetables 81920 [ 2684.601575][T26462] percpu 5618080 [ 2684.601575][T26462] sock 0 [ 2684.601575][T26462] vmalloc 0 [ 2684.601575][T26462] shmem 356352 [ 2684.601575][T26462] zswap 0 [ 2684.601575][T26462] zswapped 0 [ 2684.601575][T26462] file_mapped 356352 [ 2684.601575][T26462] file_dirty 0 [ 2684.601575][T26462] file_writeback 0 [ 2684.601575][T26462] swapcached 0 [ 2684.601575][T26462] anon_thp 0 [ 2684.601575][T26462] file_thp 0 [ 2684.601575][T26462] shmem_thp 0 [ 2684.601575][T26462] inactive_anon 151552 [ 2684.601575][T26462] active_anon 352256 [ 2684.601575][T26462] inactive_file 4096 [ 2684.601575][T26462] active_file 4096 [ 2684.601575][T26462] unevictable 0 [ 2684.601575][T26462] slab_reclaimable 20960 [ 2684.601575][T26462] slab_unreclaimable 308203792 [ 2684.601575][T26462] slab 308224752 [ 2684.697046][T26462] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26462,uid=0 [ 2684.712897][T26462] Memory cgroup out of memory: Killed process 26462 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2684.730664][T26461] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2684.741633][T26461] CPU: 0 PID: 26461 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2684.751756][T26461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2684.761844][T26461] Call Trace: [ 2684.765149][T26461] [ 2684.768195][T26461] dump_stack_lvl+0xcd/0x134 [ 2684.772821][T26461] dump_header+0x10b/0x7f9 [ 2684.777267][T26461] oom_kill_process.cold+0x10/0x15 [ 2684.782398][T26461] out_of_memory+0x358/0x14a0 [ 2684.787130][T26461] ? oom_killer_disable+0x270/0x270 [ 2684.792379][T26461] ? find_held_lock+0x2d/0x110 [ 2684.797176][T26461] mem_cgroup_out_of_memory+0x206/0x270 [ 2684.802737][T26461] ? mem_cgroup_margin+0x130/0x130 [ 2684.807882][T26461] ? lock_downgrade+0x6e0/0x6e0 [ 2684.812794][T26461] try_charge_memcg+0xf67/0x13f0 [ 2684.817788][T26461] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2684.823827][T26461] ? lock_downgrade+0x6e0/0x6e0 [ 2684.828741][T26461] charge_memcg+0x31/0x320 [ 2684.833210][T26461] __mem_cgroup_charge+0x27/0x90 [ 2684.838178][T26461] ? _compound_head+0x5d/0x150 [ 2684.842967][T26461] wp_page_copy+0x27c/0x1b10 [ 2684.847593][T26461] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2684.853084][T26461] ? lock_downgrade+0x6e0/0x6e0 [ 2684.857965][T26461] ? vm_normal_page+0x146/0x2a0 [ 2684.862851][T26461] do_wp_page+0x52c/0x1910 [ 2684.867321][T26461] __handle_mm_fault+0x1813/0x39b0 [ 2684.873181][T26461] ? vm_iomap_memory+0x190/0x190 [ 2684.878168][T26461] handle_mm_fault+0x1c8/0x780 [ 2684.882957][T26461] do_user_addr_fault+0x475/0x1210 [ 2684.888147][T26461] exc_page_fault+0x94/0x170 [ 2684.892774][T26461] asm_exc_page_fault+0x22/0x30 [ 2684.897655][T26461] RIP: 0033:0x7fefdee35a15 [ 2684.902069][T26461] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2684.921688][T26461] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2684.927784][T26461] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2684.935786][T26461] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2684.943793][T26461] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2684.951782][T26461] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 000000000028f541 [ 2684.959763][T26461] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2684.967772][T26461] [ 2684.973863][T26469] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2684.986312][T26461] memory: usage 307200kB, limit 307200kB, failcnt 54668 [ 2684.993930][T26461] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2685.000946][T26461] Memory cgroup stats for /syz2: [ 2685.001123][T26461] anon 98304 [ 2685.001123][T26461] file 364544 [ 2685.001123][T26461] kernel 314093568 [ 2685.001123][T26461] kernel_stack 65536 [ 2685.001123][T26461] pagetables 73728 [ 2685.001123][T26461] percpu 5619264 [ 2685.001123][T26461] sock 0 [ 2685.001123][T26461] vmalloc 0 [ 2685.001123][T26461] shmem 364544 [ 2685.001123][T26461] zswap 0 [ 2685.001123][T26461] zswapped 0 [ 2685.001123][T26461] file_mapped 364544 [ 2685.001123][T26461] file_dirty 0 [ 2685.001123][T26461] file_writeback 0 [ 2685.001123][T26461] swapcached 0 [ 2685.001123][T26461] anon_thp 0 [ 2685.001123][T26461] file_thp 0 [ 2685.001123][T26461] shmem_thp 0 [ 2685.001123][T26461] inactive_anon 102400 [ 2685.001123][T26461] active_anon 360448 [ 2685.001123][T26461] inactive_file 0 [ 2685.001123][T26461] active_file 0 [ 2685.001123][T26461] unevictable 0 [ 2685.001123][T26461] slab_reclaimable 127032 [ 2685.001123][T26461] slab_unreclaimable 308180176 [ 2685.001123][T26461] slab 308307208 [ 2685.095040][T26461] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26461,uid=0 [ 2685.118239][T26461] Memory cgroup out of memory: Killed process 26461 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x222}]}}]}, 0x40}, 0x7}, 0x0) 11:16:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x719}]}}]}, 0x40}, 0x7}, 0x0) 11:16:39 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e0}]}}]}, 0x40}, 0x7}, 0x0) [ 2685.138699][T26463] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2685.159724][T26477] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2685.172229][T26477] CPU: 0 PID: 26477 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2685.182682][T26477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2685.192855][T26477] Call Trace: [ 2685.196169][T26477] [ 2685.199216][T26477] dump_stack_lvl+0xcd/0x134 [ 2685.203848][T26477] dump_header+0x10b/0x7f9 [ 2685.208318][T26477] oom_kill_process.cold+0x10/0x15 [ 2685.213563][T26477] out_of_memory+0x358/0x14a0 [ 2685.218294][T26477] ? find_held_lock+0x2d/0x110 [ 2685.223109][T26477] ? oom_killer_disable+0x270/0x270 [ 2685.228361][T26477] ? find_held_lock+0x2d/0x110 [ 2685.233264][T26477] mem_cgroup_out_of_memory+0x206/0x270 [ 2685.238848][T26477] ? mem_cgroup_margin+0x130/0x130 [ 2685.243992][T26477] ? lock_downgrade+0x6e0/0x6e0 [ 2685.248893][T26477] try_charge_memcg+0xf67/0x13f0 [ 2685.253884][T26477] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2685.259929][T26477] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2685.265689][T26477] ? lock_downgrade+0x6e0/0x6e0 [ 2685.270569][T26477] ? lock_downgrade+0x6e0/0x6e0 [ 2685.275443][T26477] ? rcu_read_unlock+0x9/0x60 [ 2685.280189][T26477] obj_cgroup_charge+0x2ab/0x5e0 [ 2685.285178][T26477] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2685.290499][T26477] ? copy_semundo+0x187/0x2f0 [ 2685.295209][T26477] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2685.300542][T26477] copy_semundo+0x187/0x2f0 [ 2685.305088][T26477] copy_process+0x23fa/0x7090 [ 2685.309858][T26477] ? __cleanup_sighand+0xb0/0xb0 [ 2685.314872][T26477] kernel_clone+0xe7/0xab0 [ 2685.319342][T26477] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2685.325457][T26477] ? create_io_thread+0xe0/0xe0 [ 2685.330365][T26477] ? find_held_lock+0x2d/0x110 [ 2685.335189][T26477] ? __ct_user_exit+0xff/0x150 [ 2685.340006][T26477] __do_sys_clone+0xba/0x100 [ 2685.344642][T26477] ? kernel_clone+0xab0/0xab0 [ 2685.349393][T26477] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2685.355336][T26477] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2685.361287][T26477] do_syscall_64+0x35/0xb0 [ 2685.365764][T26477] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2685.371706][T26477] RIP: 0033:0x7fa378a8c9d1 [ 2685.376190][T26477] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2685.395931][T26477] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2685.404387][T26477] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2685.412397][T26477] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2685.420407][T26477] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2685.428414][T26477] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e 11:16:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x81000000) 11:16:40 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x7}, 0x0) [ 2685.436416][T26477] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2685.444462][T26477] [ 2685.463510][T26484] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2685.513086][T26483] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:16:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x86010000) [ 2685.570907][T26477] memory: usage 307200kB, limit 307200kB, failcnt 55822 [ 2685.581231][T26477] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2685.589200][T26477] Memory cgroup stats for /syz4: [ 2685.589423][T26477] anon 90112 [ 2685.589423][T26477] file 372736 [ 2685.589423][T26477] kernel 314093568 [ 2685.589423][T26477] kernel_stack 65536 [ 2685.589423][T26477] pagetables 65536 [ 2685.589423][T26477] percpu 5624000 [ 2685.589423][T26477] sock 0 [ 2685.589423][T26477] vmalloc 0 [ 2685.589423][T26477] shmem 372736 [ 2685.589423][T26477] zswap 0 [ 2685.589423][T26477] zswapped 0 [ 2685.589423][T26477] file_mapped 372736 [ 2685.589423][T26477] file_dirty 0 [ 2685.589423][T26477] file_writeback 0 [ 2685.589423][T26477] swapcached 0 [ 2685.589423][T26477] anon_thp 0 [ 2685.589423][T26477] file_thp 0 [ 2685.589423][T26477] shmem_thp 0 [ 2685.589423][T26477] inactive_anon 139264 [ 2685.589423][T26477] active_anon 323584 [ 2685.589423][T26477] inactive_file 0 [ 2685.589423][T26477] active_file 0 [ 2685.589423][T26477] unevictable 0 11:16:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x88a8ffff) [ 2685.589423][T26477] slab_reclaimable 17888 [ 2685.589423][T26477] slab_unreclaimable 308289160 [ 2685.589423][T26477] slab 308307048 [ 2685.718455][T26477] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26477,uid=0 [ 2685.735408][T26477] Memory cgroup out of memory: Killed process 26477 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2685.757460][T26481] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2685.780619][T26481] CPU: 0 PID: 26481 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2685.790769][T26481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2685.800868][T26481] Call Trace: [ 2685.804255][T26481] [ 2685.807381][T26481] dump_stack_lvl+0xcd/0x134 [ 2685.812021][T26481] dump_header+0x10b/0x7f9 [ 2685.816742][T26481] oom_kill_process.cold+0x10/0x15 [ 2685.821965][T26481] out_of_memory+0x358/0x14a0 [ 2685.826690][T26481] ? oom_killer_disable+0x270/0x270 [ 2685.832030][T26481] ? find_held_lock+0x2d/0x110 [ 2685.836836][T26481] mem_cgroup_out_of_memory+0x206/0x270 [ 2685.842403][T26481] ? mem_cgroup_margin+0x130/0x130 [ 2685.847546][T26481] ? lock_downgrade+0x6e0/0x6e0 [ 2685.852441][T26481] try_charge_memcg+0xf67/0x13f0 [ 2685.857424][T26481] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2685.863434][T26481] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2685.869194][T26481] ? lock_downgrade+0x6e0/0x6e0 [ 2685.874181][T26481] ? lock_downgrade+0x6e0/0x6e0 [ 2685.879069][T26481] ? rcu_read_unlock+0x9/0x60 [ 2685.883796][T26481] obj_cgroup_charge+0x2ab/0x5e0 [ 2685.888858][T26481] ? copy_process+0x5c2/0x7090 [ 2685.893641][T26481] kmem_cache_alloc_node+0x92/0x3f0 [ 2685.898860][T26481] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2685.904122][T26481] copy_process+0x5c2/0x7090 [ 2685.908735][T26481] ? find_held_lock+0x2d/0x110 [ 2685.913529][T26481] ? find_held_lock+0x2d/0x110 [ 2685.918320][T26481] ? __cleanup_sighand+0xb0/0xb0 [ 2685.923293][T26481] kernel_clone+0xe7/0xab0 [ 2685.927732][T26481] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2685.933729][T26481] ? create_io_thread+0xe0/0xe0 [ 2685.938604][T26481] ? find_held_lock+0x2d/0x110 [ 2685.943397][T26481] ? __ct_user_exit+0xff/0x150 [ 2685.948186][T26481] __do_sys_clone+0xba/0x100 [ 2685.952885][T26481] ? kernel_clone+0xab0/0xab0 [ 2685.957593][T26481] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2685.963504][T26481] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2685.969423][T26481] do_syscall_64+0x35/0xb0 [ 2685.973866][T26481] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2685.979780][T26481] RIP: 0033:0x7f89d288c9d1 [ 2685.984219][T26481] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2686.003842][T26481] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2686.012274][T26481] RAX: ffffffffffffffda RBX: 00007f89d3a91700 RCX: 00007f89d288c9d1 [ 2686.020258][T26481] RDX: 00007f89d3a919d0 RSI: 00007f89d3a912f0 RDI: 00000000003d0f00 11:16:40 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70d}]}}]}, 0x40}, 0x7}, 0x0) [ 2686.028240][T26481] RBP: 00007fff48383380 R08: 00007f89d3a91700 R09: 00007f89d3a91700 [ 2686.036230][T26481] R10: 00007f89d3a919d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2686.044214][T26481] R13: 00007fff483831ef R14: 00007f89d3a91300 R15: 0000000000022000 [ 2686.052224][T26481] 11:16:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8d45c968) [ 2686.084586][T26481] memory: usage 307196kB, limit 307200kB, failcnt 54788 [ 2686.091830][T26481] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2686.110357][T26481] Memory cgroup stats for /syz3: [ 2686.110666][T26481] anon 143360 [ 2686.110666][T26481] file 385024 [ 2686.110666][T26481] kernel 314040320 [ 2686.110666][T26481] kernel_stack 65536 [ 2686.110666][T26481] pagetables 81920 [ 2686.110666][T26481] percpu 5619264 [ 2686.110666][T26481] sock 0 [ 2686.110666][T26481] vmalloc 0 [ 2686.110666][T26481] shmem 385024 [ 2686.110666][T26481] zswap 0 [ 2686.110666][T26481] zswapped 0 [ 2686.110666][T26481] file_mapped 311296 [ 2686.110666][T26481] file_dirty 0 [ 2686.110666][T26481] file_writeback 0 [ 2686.110666][T26481] swapcached 0 [ 2686.110666][T26481] anon_thp 0 [ 2686.110666][T26481] file_thp 0 [ 2686.110666][T26481] shmem_thp 0 [ 2686.110666][T26481] inactive_anon 196608 [ 2686.110666][T26481] active_anon 331776 11:16:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x96010000) [ 2686.110666][T26481] inactive_file 0 [ 2686.110666][T26481] active_file 0 [ 2686.110666][T26481] unevictable 0 [ 2686.110666][T26481] slab_reclaimable 22760 [ 2686.110666][T26481] slab_unreclaimable 308216416 [ 2686.110666][T26481] slab 308239176 [ 2686.213958][T26481] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26481,uid=0 11:16:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x9effffff) [ 2686.242115][T26481] Memory cgroup out of memory: Killed process 26481 (syz-executor.3) total-vm:54728kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2686.276453][T26488] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 11:16:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xce030000) [ 2686.301155][T26488] CPU: 1 PID: 26488 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2686.311298][T26488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2686.321386][T26488] Call Trace: [ 2686.324698][T26488] [ 2686.327663][T26488] dump_stack_lvl+0xcd/0x134 [ 2686.332307][T26488] dump_header+0x10b/0x7f9 [ 2686.336768][T26488] oom_kill_process.cold+0x10/0x15 [ 2686.341915][T26488] out_of_memory+0x358/0x14a0 [ 2686.346653][T26488] ? oom_killer_disable+0x270/0x270 [ 2686.351916][T26488] ? find_held_lock+0x2d/0x110 [ 2686.356730][T26488] mem_cgroup_out_of_memory+0x206/0x270 [ 2686.362298][T26488] ? mem_cgroup_margin+0x130/0x130 [ 2686.367698][T26488] ? lock_downgrade+0x6e0/0x6e0 [ 2686.372576][T26488] try_charge_memcg+0xf67/0x13f0 [ 2686.377542][T26488] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2686.383542][T26488] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2686.389366][T26488] ? lock_downgrade+0x6e0/0x6e0 [ 2686.394251][T26488] obj_cgroup_charge+0x2ab/0x5e0 [ 2686.399212][T26488] ? vm_area_dup+0x88/0x3f0 [ 2686.403907][T26488] kmem_cache_alloc+0x96/0x3b0 [ 2686.408697][T26488] vm_area_dup+0x88/0x3f0 [ 2686.413041][T26488] ? mark_lock.part.0+0xee/0x1910 [ 2686.418087][T26488] ? lock_chain_count+0x20/0x20 [ 2686.422946][T26488] ? __vma_adjust+0x109c/0x24a0 [ 2686.427839][T26488] ? __vma_link_rb+0x710/0x710 [ 2686.432629][T26488] ? __lock_acquire+0x166e/0x56d0 [ 2686.437671][T26488] ? vm_area_alloc+0x110/0x110 [ 2686.442463][T26488] ? perf_event_namespaces+0x50/0x50 [ 2686.447773][T26488] ? vma_merge+0x47a/0xeb0 [ 2686.452213][T26488] ? ima_file_mprotect+0x175/0x470 [ 2686.457442][T26488] ? ima_file_mmap+0x130/0x130 [ 2686.462240][T26488] ? vma_wants_writenotify+0x1f8/0x370 [ 2686.467725][T26488] ? __ia32_sys_mmap_pgoff+0x1b0/0x1b0 [ 2686.473234][T26488] ? vma_merge+0x47a/0xeb0 [ 2686.477867][T26488] ? __vma_adjust+0x24a0/0x24a0 [ 2686.482800][T26488] __split_vma+0xa5/0x550 [ 2686.487179][T26488] split_vma+0x95/0xd0 [ 2686.491334][T26488] mprotect_fixup+0x6d9/0x970 [ 2686.496067][T26488] ? change_protection+0x4280/0x4280 [ 2686.501383][T26488] ? vmacache_find+0x62/0x330 [ 2686.506098][T26488] do_mprotect_pkey+0x6c5/0x9e0 [ 2686.510984][T26488] ? __ct_user_exit+0xff/0x150 [ 2686.515764][T26488] ? mprotect_fixup+0x970/0x970 [ 2686.520661][T26488] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2686.526578][T26488] __x64_sys_mprotect+0x74/0xb0 [ 2686.531725][T26488] do_syscall_64+0x35/0xb0 [ 2686.536172][T26488] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2686.542095][T26488] RIP: 0033:0x7f542068b6b7 [ 2686.546525][T26488] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2686.566351][T26488] RSP: 002b:00007ffc9945afc8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 2686.574866][T26488] RAX: ffffffffffffffda RBX: 0000000000021000 RCX: 00007f542068b6b7 [ 2686.582849][T26488] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f54217ad000 [ 2686.590834][T26488] RBP: 00007ffc9945b0a0 R08: 00000000ffffffff R09: 00007f54217cc700 [ 2686.598819][T26488] R10: 0000000000020022 R11: 0000000000000206 R12: 00007ffc9945b1c0 [ 2686.606805][T26488] R13: 00007f54217cc700 R14: 0000000000000000 R15: 0000000000022000 [ 2686.614807][T26488] [ 2686.633012][T26488] memory: usage 307200kB, limit 307200kB, failcnt 40119 [ 2686.640881][T26488] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2686.649214][T26488] Memory cgroup stats for /syz5: [ 2686.649458][T26488] anon 143360 [ 2686.649458][T26488] file 364544 [ 2686.649458][T26488] kernel 314064896 [ 2686.649458][T26488] kernel_stack 98304 [ 2686.649458][T26488] pagetables 81920 [ 2686.649458][T26488] percpu 5618080 [ 2686.649458][T26488] sock 0 [ 2686.649458][T26488] vmalloc 0 [ 2686.649458][T26488] shmem 356352 [ 2686.649458][T26488] zswap 0 [ 2686.649458][T26488] zswapped 0 [ 2686.649458][T26488] file_mapped 356352 [ 2686.649458][T26488] file_dirty 0 [ 2686.649458][T26488] file_writeback 0 [ 2686.649458][T26488] swapcached 0 [ 2686.649458][T26488] anon_thp 0 [ 2686.649458][T26488] file_thp 0 [ 2686.649458][T26488] shmem_thp 0 [ 2686.649458][T26488] inactive_anon 147456 [ 2686.649458][T26488] active_anon 352256 [ 2686.649458][T26488] inactive_file 4096 [ 2686.649458][T26488] active_file 4096 [ 2686.649458][T26488] unevictable 0 [ 2686.649458][T26488] slab_reclaimable 20960 [ 2686.649458][T26488] slab_unreclaimable 308209008 [ 2686.649458][T26488] slab 308229968 11:16:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x223}]}}]}, 0x40}, 0x7}, 0x0) [ 2686.720876][T26490] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2686.754949][T26488] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26488,uid=0 [ 2686.797322][T26488] Memory cgroup out of memory: Killed process 26488 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2686.820514][T26500] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2686.843438][T26511] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2686.851185][T26500] CPU: 1 PID: 26500 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2686.863209][T26500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2686.873301][T26500] Call Trace: [ 2686.876606][T26500] [ 2686.879562][T26500] dump_stack_lvl+0xcd/0x134 [ 2686.884216][T26500] dump_header+0x10b/0x7f9 [ 2686.888683][T26500] oom_kill_process.cold+0x10/0x15 [ 2686.893842][T26500] out_of_memory+0x358/0x14a0 [ 2686.898572][T26500] ? oom_killer_disable+0x270/0x270 [ 2686.903821][T26500] ? find_held_lock+0x2d/0x110 [ 2686.908654][T26500] mem_cgroup_out_of_memory+0x206/0x270 [ 2686.914391][T26500] ? mem_cgroup_margin+0x130/0x130 [ 2686.919513][T26500] ? lock_downgrade+0x6e0/0x6e0 [ 2686.924378][T26500] try_charge_memcg+0xf67/0x13f0 [ 2686.929325][T26500] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2686.935396][T26500] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2686.941118][T26500] ? lock_downgrade+0x6e0/0x6e0 [ 2686.946410][T26500] ? lock_downgrade+0x6e0/0x6e0 [ 2686.951272][T26500] ? rcu_read_unlock+0x9/0x60 [ 2686.955979][T26500] obj_cgroup_charge+0x2ab/0x5e0 [ 2686.960932][T26500] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2686.966236][T26500] ? copy_semundo+0x187/0x2f0 [ 2686.970916][T26500] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2686.976219][T26500] copy_semundo+0x187/0x2f0 [ 2686.980728][T26500] copy_process+0x23fa/0x7090 [ 2686.985414][T26500] ? __cleanup_sighand+0xb0/0xb0 [ 2686.990357][T26500] kernel_clone+0xe7/0xab0 [ 2686.994772][T26500] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2687.000761][T26500] ? create_io_thread+0xe0/0xe0 [ 2687.006501][T26500] ? find_held_lock+0x2d/0x110 [ 2687.011302][T26500] ? __ct_user_exit+0xff/0x150 [ 2687.016188][T26500] __do_sys_clone+0xba/0x100 [ 2687.020896][T26500] ? kernel_clone+0xab0/0xab0 [ 2687.025607][T26500] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2687.031648][T26500] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2687.037589][T26500] do_syscall_64+0x35/0xb0 [ 2687.042275][T26500] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2687.048177][T26500] RIP: 0033:0x7fa378a8c9d1 [ 2687.052592][T26500] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2687.072204][T26500] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2687.080619][T26500] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2687.088587][T26500] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2687.096559][T26500] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2687.104532][T26500] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2687.112500][T26500] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2687.120475][T26500] [ 2687.128972][T26500] memory: usage 307200kB, limit 307200kB, failcnt 55896 [ 2687.136181][T26500] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2687.143404][T26500] Memory cgroup stats for /syz4: [ 2687.143613][T26500] anon 90112 [ 2687.143613][T26500] file 372736 [ 2687.143613][T26500] kernel 314109952 [ 2687.143613][T26500] kernel_stack 65536 [ 2687.143613][T26500] pagetables 65536 [ 2687.143613][T26500] percpu 5624000 [ 2687.143613][T26500] sock 0 [ 2687.143613][T26500] vmalloc 0 [ 2687.143613][T26500] shmem 372736 [ 2687.143613][T26500] zswap 0 [ 2687.143613][T26500] zswapped 0 [ 2687.143613][T26500] file_mapped 372736 [ 2687.143613][T26500] file_dirty 0 [ 2687.143613][T26500] file_writeback 0 [ 2687.143613][T26500] swapcached 0 [ 2687.143613][T26500] anon_thp 0 [ 2687.143613][T26500] file_thp 0 [ 2687.143613][T26500] shmem_thp 0 [ 2687.143613][T26500] inactive_anon 139264 [ 2687.143613][T26500] active_anon 323584 [ 2687.143613][T26500] inactive_file 0 [ 2687.143613][T26500] active_file 0 [ 2687.143613][T26500] unevictable 0 [ 2687.143613][T26500] slab_reclaimable 17888 [ 2687.143613][T26500] slab_unreclaimable 308300256 [ 2687.143613][T26500] slab 308318144 [ 2687.239791][T26500] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26500,uid=0 [ 2687.257312][T26500] Memory cgroup out of memory: Killed process 26500 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2687.281188][T26494] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2687.304457][T26494] CPU: 1 PID: 26494 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2687.314604][T26494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2687.324681][T26494] Call Trace: [ 2687.327955][T26494] [ 2687.330879][T26494] dump_stack_lvl+0xcd/0x134 [ 2687.335477][T26494] dump_header+0x10b/0x7f9 [ 2687.339913][T26494] oom_kill_process.cold+0x10/0x15 [ 2687.345129][T26494] out_of_memory+0x358/0x14a0 [ 2687.349829][T26494] ? oom_killer_disable+0x270/0x270 [ 2687.355033][T26494] ? find_held_lock+0x2d/0x110 [ 2687.359804][T26494] mem_cgroup_out_of_memory+0x206/0x270 [ 2687.365453][T26494] ? mem_cgroup_margin+0x130/0x130 [ 2687.370599][T26494] ? lock_downgrade+0x6e0/0x6e0 [ 2687.375496][T26494] try_charge_memcg+0xf67/0x13f0 [ 2687.380484][T26494] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2687.386476][T26494] ? lock_downgrade+0x6e0/0x6e0 [ 2687.391338][T26494] charge_memcg+0x31/0x320 [ 2687.395757][T26494] __mem_cgroup_charge+0x27/0x90 [ 2687.400691][T26494] ? _compound_head+0x5d/0x150 [ 2687.405458][T26494] wp_page_copy+0x27c/0x1b10 [ 2687.410071][T26494] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2687.415545][T26494] ? lock_downgrade+0x6e0/0x6e0 [ 2687.420419][T26494] ? vm_normal_page+0x146/0x2a0 [ 2687.425301][T26494] do_wp_page+0x52c/0x1910 [ 2687.429739][T26494] __handle_mm_fault+0x1813/0x39b0 [ 2687.434921][T26494] ? vm_iomap_memory+0x190/0x190 [ 2687.440248][T26494] handle_mm_fault+0x1c8/0x780 [ 2687.445119][T26494] do_user_addr_fault+0x475/0x1210 [ 2687.450279][T26494] exc_page_fault+0x94/0x170 [ 2687.454905][T26494] asm_exc_page_fault+0x22/0x30 [ 2687.459794][T26494] RIP: 0033:0x7fefdee35a15 [ 2687.464224][T26494] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2687.483849][T26494] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2687.489927][T26494] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2687.497909][T26494] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2687.505889][T26494] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2687.513866][T26494] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 000000000028ff43 [ 2687.521845][T26494] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2687.529935][T26494] [ 2687.541505][T26494] memory: usage 307184kB, limit 307200kB, failcnt 54774 [ 2687.548967][T26494] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2687.556569][T26494] Memory cgroup stats for /syz2: [ 2687.556764][T26494] anon 98304 [ 2687.556764][T26494] file 364544 [ 2687.556764][T26494] kernel 314093568 [ 2687.556764][T26494] kernel_stack 65536 [ 2687.556764][T26494] pagetables 73728 [ 2687.556764][T26494] percpu 5619264 [ 2687.556764][T26494] sock 0 [ 2687.556764][T26494] vmalloc 0 [ 2687.556764][T26494] shmem 364544 [ 2687.556764][T26494] zswap 0 [ 2687.556764][T26494] zswapped 0 [ 2687.556764][T26494] file_mapped 364544 [ 2687.556764][T26494] file_dirty 0 [ 2687.556764][T26494] file_writeback 0 [ 2687.556764][T26494] swapcached 0 [ 2687.556764][T26494] anon_thp 0 [ 2687.556764][T26494] file_thp 0 [ 2687.556764][T26494] shmem_thp 0 [ 2687.556764][T26494] inactive_anon 102400 [ 2687.556764][T26494] active_anon 360448 [ 2687.556764][T26494] inactive_file 0 [ 2687.556764][T26494] active_file 0 [ 2687.556764][T26494] unevictable 0 [ 2687.556764][T26494] slab_reclaimable 127032 [ 2687.556764][T26494] slab_unreclaimable 308178072 [ 2687.556764][T26494] slab 308305104 11:16:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71a}]}}]}, 0x40}, 0x7}, 0x0) 11:16:42 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e1}]}}]}, 0x40}, 0x7}, 0x0) 11:16:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xd0010000) 11:16:42 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x7}, 0x0) 11:16:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x224}]}}]}, 0x40}, 0x7}, 0x0) 11:16:42 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70e}]}}]}, 0x40}, 0x7}, 0x0) [ 2687.651208][T26494] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26494,uid=0 [ 2687.670756][T26494] Memory cgroup out of memory: Killed process 26494 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xd5010000) [ 2687.714760][T26518] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. 11:16:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xd6030000) [ 2687.865424][T26517] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2687.895772][T26517] CPU: 0 PID: 26517 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2687.905925][T26517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2687.916019][T26517] Call Trace: [ 2687.919322][T26517] [ 2687.922278][T26517] dump_stack_lvl+0xcd/0x134 [ 2687.926912][T26517] dump_header+0x10b/0x7f9 [ 2687.931374][T26517] oom_kill_process.cold+0x10/0x15 [ 2687.936531][T26517] out_of_memory+0x358/0x14a0 [ 2687.941359][T26517] ? find_held_lock+0x2d/0x110 [ 2687.946180][T26517] ? oom_killer_disable+0x270/0x270 [ 2687.951430][T26517] ? find_held_lock+0x2d/0x110 [ 2687.956255][T26517] mem_cgroup_out_of_memory+0x206/0x270 11:16:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe2010000) [ 2687.961843][T26517] ? mem_cgroup_margin+0x130/0x130 [ 2687.967010][T26517] ? lock_downgrade+0x6e0/0x6e0 [ 2687.971924][T26517] try_charge_memcg+0xf67/0x13f0 [ 2687.976920][T26517] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2687.983393][T26517] ? lock_downgrade+0x6e0/0x6e0 [ 2687.988296][T26517] charge_memcg+0x31/0x320 [ 2687.992758][T26517] __mem_cgroup_charge+0x27/0x90 [ 2687.997746][T26517] ? _compound_head+0x5d/0x150 [ 2688.002563][T26517] wp_page_copy+0x27c/0x1b10 [ 2688.007206][T26517] ? restore_exclusive_pte+0x8b0/0x8b0 11:16:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe2030000) [ 2688.012699][T26517] ? lock_downgrade+0x6e0/0x6e0 [ 2688.017582][T26517] ? vm_normal_page+0x146/0x2a0 [ 2688.022500][T26517] do_wp_page+0x52c/0x1910 [ 2688.026963][T26517] __handle_mm_fault+0x1813/0x39b0 [ 2688.032131][T26517] ? vm_iomap_memory+0x190/0x190 [ 2688.037134][T26517] handle_mm_fault+0x1c8/0x780 [ 2688.041948][T26517] do_user_addr_fault+0x475/0x1210 [ 2688.047125][T26517] exc_page_fault+0x94/0x170 [ 2688.051757][T26517] asm_exc_page_fault+0x22/0x30 [ 2688.056657][T26517] RIP: 0033:0x7fa378a362de 11:16:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe6030000) [ 2688.061100][T26517] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2688.080746][T26517] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2688.086906][T26517] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2688.094912][T26517] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2688.102926][T26517] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2688.110932][T26517] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2688.118942][T26517] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2688.126974][T26517] [ 2688.144497][T26520] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2688.144630][T26517] memory: usage 307200kB, limit 307200kB, failcnt 56002 [ 2688.164352][T26517] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2688.171586][T26517] Memory cgroup stats for /syz4: [ 2688.171768][T26517] anon 90112 [ 2688.171768][T26517] file 372736 [ 2688.171768][T26517] kernel 314109952 [ 2688.171768][T26517] kernel_stack 65536 [ 2688.171768][T26517] pagetables 65536 [ 2688.171768][T26517] percpu 5624000 [ 2688.171768][T26517] sock 0 [ 2688.171768][T26517] vmalloc 0 [ 2688.171768][T26517] shmem 372736 [ 2688.171768][T26517] zswap 0 [ 2688.171768][T26517] zswapped 0 [ 2688.171768][T26517] file_mapped 372736 11:16:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xea030000) [ 2688.171768][T26517] file_dirty 0 [ 2688.171768][T26517] file_writeback 0 [ 2688.171768][T26517] swapcached 0 [ 2688.171768][T26517] anon_thp 0 [ 2688.171768][T26517] file_thp 0 [ 2688.171768][T26517] shmem_thp 0 [ 2688.171768][T26517] inactive_anon 139264 [ 2688.171768][T26517] active_anon 323584 [ 2688.171768][T26517] inactive_file 0 [ 2688.171768][T26517] active_file 0 [ 2688.171768][T26517] unevictable 0 [ 2688.171768][T26517] slab_reclaimable 17888 [ 2688.171768][T26517] slab_unreclaimable 308300720 [ 2688.171768][T26517] slab 308318608 [ 2688.270620][T26526] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2688.280159][T26517] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26517,uid=0 [ 2688.303827][T26517] Memory cgroup out of memory: Killed process 26517 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2688.328800][T26521] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2688.359268][T26521] CPU: 0 PID: 26521 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2688.369500][T26521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2688.379605][T26521] Call Trace: [ 2688.382892][T26521] [ 2688.385819][T26521] dump_stack_lvl+0xcd/0x134 [ 2688.390412][T26521] dump_header+0x10b/0x7f9 [ 2688.394828][T26521] oom_kill_process.cold+0x10/0x15 [ 2688.399937][T26521] out_of_memory+0x358/0x14a0 [ 2688.404619][T26521] ? oom_killer_disable+0x270/0x270 [ 2688.409816][T26521] ? find_held_lock+0x2d/0x110 [ 2688.414670][T26521] mem_cgroup_out_of_memory+0x206/0x270 [ 2688.420218][T26521] ? mem_cgroup_margin+0x130/0x130 [ 2688.425421][T26521] ? lock_downgrade+0x6e0/0x6e0 [ 2688.430287][T26521] try_charge_memcg+0xf67/0x13f0 [ 2688.435270][T26521] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2688.441267][T26521] ? lock_downgrade+0x6e0/0x6e0 [ 2688.446386][T26521] charge_memcg+0x31/0x320 [ 2688.450909][T26521] __mem_cgroup_charge+0x27/0x90 [ 2688.455874][T26521] ? _compound_head+0x5d/0x150 [ 2688.460807][T26521] wp_page_copy+0x27c/0x1b10 [ 2688.465414][T26521] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2688.470873][T26521] ? lock_downgrade+0x6e0/0x6e0 [ 2688.475721][T26521] ? vm_normal_page+0x146/0x2a0 [ 2688.480573][T26521] do_wp_page+0x52c/0x1910 [ 2688.485013][T26521] __handle_mm_fault+0x1813/0x39b0 [ 2688.490156][T26521] ? vm_iomap_memory+0x190/0x190 [ 2688.495106][T26521] handle_mm_fault+0x1c8/0x780 [ 2688.499870][T26521] do_user_addr_fault+0x475/0x1210 [ 2688.505002][T26521] exc_page_fault+0x94/0x170 [ 2688.509623][T26521] asm_exc_page_fault+0x22/0x30 [ 2688.514471][T26521] RIP: 0033:0x7fefdee35a15 [ 2688.518878][T26521] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2688.538568][T26521] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2688.544700][T26521] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2688.552662][T26521] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2688.560625][T26521] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2688.568595][T26521] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 000000000029033f [ 2688.576557][T26521] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2688.584543][T26521] [ 2688.598914][T26521] memory: usage 307200kB, limit 307200kB, failcnt 54834 [ 2688.606383][T26521] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2688.613601][T26521] Memory cgroup stats for /syz2: [ 2688.613819][T26521] anon 98304 [ 2688.613819][T26521] file 364544 [ 2688.613819][T26521] kernel 314109952 [ 2688.613819][T26521] kernel_stack 65536 [ 2688.613819][T26521] pagetables 73728 [ 2688.613819][T26521] percpu 5619264 [ 2688.613819][T26521] sock 0 [ 2688.613819][T26521] vmalloc 0 [ 2688.613819][T26521] shmem 364544 [ 2688.613819][T26521] zswap 0 [ 2688.613819][T26521] zswapped 0 [ 2688.613819][T26521] file_mapped 364544 [ 2688.613819][T26521] file_dirty 0 [ 2688.613819][T26521] file_writeback 0 [ 2688.613819][T26521] swapcached 0 [ 2688.613819][T26521] anon_thp 0 [ 2688.613819][T26521] file_thp 0 [ 2688.613819][T26521] shmem_thp 0 [ 2688.613819][T26521] inactive_anon 102400 [ 2688.613819][T26521] active_anon 360448 [ 2688.613819][T26521] inactive_file 0 [ 2688.613819][T26521] active_file 0 [ 2688.613819][T26521] unevictable 0 [ 2688.613819][T26521] slab_reclaimable 127032 [ 2688.613819][T26521] slab_unreclaimable 308189472 [ 2688.613819][T26521] slab 308316504 [ 2688.707822][T26521] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26521,uid=0 [ 2688.723530][T26521] Memory cgroup out of memory: Killed process 26521 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2688.741546][T26513] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2688.759084][T26513] CPU: 0 PID: 26513 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2688.769209][T26513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2688.779283][T26513] Call Trace: [ 2688.782574][T26513] [ 2688.785515][T26513] dump_stack_lvl+0xcd/0x134 [ 2688.790213][T26513] dump_header+0x10b/0x7f9 [ 2688.794655][T26513] oom_kill_process.cold+0x10/0x15 [ 2688.799801][T26513] out_of_memory+0x358/0x14a0 [ 2688.804522][T26513] ? oom_killer_disable+0x270/0x270 [ 2688.809728][T26513] ? find_held_lock+0x2d/0x110 [ 2688.814533][T26513] mem_cgroup_out_of_memory+0x206/0x270 [ 2688.820117][T26513] ? mem_cgroup_margin+0x130/0x130 [ 2688.825260][T26513] ? lock_downgrade+0x6e0/0x6e0 [ 2688.830143][T26513] try_charge_memcg+0xf67/0x13f0 [ 2688.835107][T26513] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2688.841127][T26513] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2688.846879][T26513] ? lock_downgrade+0x6e0/0x6e0 [ 2688.851756][T26513] ? lock_downgrade+0x6e0/0x6e0 [ 2688.856623][T26513] ? rcu_read_unlock+0x9/0x60 [ 2688.861366][T26513] obj_cgroup_charge+0x2ab/0x5e0 [ 2688.866336][T26513] ? copy_process+0x5c2/0x7090 [ 2688.871130][T26513] kmem_cache_alloc_node+0x92/0x3f0 [ 2688.876398][T26513] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2688.881638][T26513] copy_process+0x5c2/0x7090 [ 2688.886260][T26513] ? find_held_lock+0x2d/0x110 [ 2688.891066][T26513] ? find_held_lock+0x2d/0x110 [ 2688.895967][T26513] ? __cleanup_sighand+0xb0/0xb0 [ 2688.900965][T26513] kernel_clone+0xe7/0xab0 [ 2688.905405][T26513] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2688.911411][T26513] ? create_io_thread+0xe0/0xe0 [ 2688.916286][T26513] ? find_held_lock+0x2d/0x110 [ 2688.921102][T26513] ? __ct_user_exit+0xff/0x150 [ 2688.925907][T26513] __do_sys_clone+0xba/0x100 [ 2688.930536][T26513] ? kernel_clone+0xab0/0xab0 [ 2688.935264][T26513] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2688.941184][T26513] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2688.947101][T26513] do_syscall_64+0x35/0xb0 [ 2688.951557][T26513] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2688.957468][T26513] RIP: 0033:0x7f542068c9d1 [ 2688.961908][T26513] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2688.981533][T26513] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2688.989976][T26513] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2688.997972][T26513] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2689.005982][T26513] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2689.013992][T26513] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2689.021986][T26513] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 11:16:43 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71b}]}}]}, 0x40}, 0x7}, 0x0) 11:16:43 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xee030000) 11:16:43 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x70f}]}}]}, 0x40}, 0x7}, 0x0) [ 2689.029997][T26513] [ 2689.050222][T26513] memory: usage 307184kB, limit 307200kB, failcnt 40200 [ 2689.076658][T26513] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2689.106549][T26513] Memory cgroup stats for /syz5: [ 2689.106734][T26513] anon 147456 [ 2689.106734][T26513] file 364544 [ 2689.106734][T26513] kernel 314044416 [ 2689.106734][T26513] kernel_stack 98304 [ 2689.106734][T26513] pagetables 81920 [ 2689.106734][T26513] percpu 5618080 [ 2689.106734][T26513] sock 0 [ 2689.106734][T26513] vmalloc 0 [ 2689.106734][T26513] shmem 356352 [ 2689.106734][T26513] zswap 0 [ 2689.106734][T26513] zswapped 0 [ 2689.106734][T26513] file_mapped 356352 [ 2689.106734][T26513] file_dirty 0 [ 2689.106734][T26513] file_writeback 0 [ 2689.106734][T26513] swapcached 0 [ 2689.106734][T26513] anon_thp 0 [ 2689.106734][T26513] file_thp 0 [ 2689.106734][T26513] shmem_thp 0 [ 2689.106734][T26513] inactive_anon 151552 [ 2689.106734][T26513] active_anon 352256 [ 2689.106734][T26513] inactive_file 4096 [ 2689.106734][T26513] active_file 4096 [ 2689.106734][T26513] unevictable 0 [ 2689.106734][T26513] slab_reclaimable 20960 [ 2689.106734][T26513] slab_unreclaimable 308192392 [ 2689.106734][T26513] slab 308213352 [ 2689.213827][T26513] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26513,uid=0 [ 2689.230189][T26513] Memory cgroup out of memory: Killed process 26513 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2689.248189][T26543] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2689.267168][T26543] CPU: 1 PID: 26543 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2689.277295][T26543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2689.287369][T26543] Call Trace: [ 2689.290705][T26543] [ 2689.293644][T26543] dump_stack_lvl+0xcd/0x134 [ 2689.298255][T26543] dump_header+0x10b/0x7f9 [ 2689.302691][T26543] oom_kill_process.cold+0x10/0x15 [ 2689.307822][T26543] out_of_memory+0x358/0x14a0 [ 2689.312527][T26543] ? oom_killer_disable+0x270/0x270 [ 2689.317748][T26543] ? find_held_lock+0x2d/0x110 [ 2689.322541][T26543] mem_cgroup_out_of_memory+0x206/0x270 [ 2689.328311][T26543] ? mem_cgroup_margin+0x130/0x130 [ 2689.333611][T26543] ? lock_downgrade+0x6e0/0x6e0 [ 2689.338490][T26543] try_charge_memcg+0xf67/0x13f0 [ 2689.343459][T26543] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2689.349470][T26543] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2689.355205][T26543] ? lock_downgrade+0x6e0/0x6e0 [ 2689.360073][T26543] ? lock_downgrade+0x6e0/0x6e0 [ 2689.365038][T26543] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2689.370619][T26543] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2689.376888][T26543] copy_process+0x73e/0x7090 [ 2689.381505][T26543] ? __lock_acquire+0xbc3/0x56d0 [ 2689.386467][T26543] ? __cleanup_sighand+0xb0/0xb0 [ 2689.391444][T26543] kernel_clone+0xe7/0xab0 [ 2689.395878][T26543] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2689.401871][T26543] ? create_io_thread+0xe0/0xe0 [ 2689.406746][T26543] ? find_held_lock+0x2d/0x110 [ 2689.411538][T26543] ? __ct_user_exit+0xff/0x150 [ 2689.416340][T26543] __do_sys_clone+0xba/0x100 [ 2689.420978][T26543] ? kernel_clone+0xab0/0xab0 [ 2689.425709][T26543] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2689.431754][T26543] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2689.437686][T26543] do_syscall_64+0x35/0xb0 [ 2689.442158][T26543] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2689.448090][T26543] RIP: 0033:0x7fa378a8c9d1 [ 2689.452526][T26543] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2689.472164][T26543] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2689.480601][T26543] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2689.488583][T26543] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2689.496593][T26543] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2689.504584][T26543] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2689.512570][T26543] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2689.520577][T26543] 11:16:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e2}]}}]}, 0x40}, 0x7}, 0x0) 11:16:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x7}, 0x0) 11:16:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf0ffffff) 11:16:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x225}]}}]}, 0x40}, 0x7}, 0x0) 11:16:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf2020000) [ 2689.585924][T26552] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2689.662531][T26543] memory: usage 307188kB, limit 307200kB, failcnt 56052 [ 2689.670102][T26543] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2689.677338][T26543] Memory cgroup stats for /syz4: [ 2689.677553][T26543] anon 90112 [ 2689.677553][T26543] file 372736 [ 2689.677553][T26543] kernel 314097664 [ 2689.677553][T26543] kernel_stack 32768 [ 2689.677553][T26543] pagetables 65536 [ 2689.677553][T26543] percpu 5624000 [ 2689.677553][T26543] sock 0 [ 2689.677553][T26543] vmalloc 0 [ 2689.677553][T26543] shmem 372736 [ 2689.677553][T26543] zswap 0 [ 2689.677553][T26543] zswapped 0 [ 2689.677553][T26543] file_mapped 372736 [ 2689.677553][T26543] file_dirty 0 [ 2689.677553][T26543] file_writeback 0 [ 2689.677553][T26543] swapcached 0 [ 2689.677553][T26543] anon_thp 0 [ 2689.677553][T26543] file_thp 0 [ 2689.677553][T26543] shmem_thp 0 [ 2689.677553][T26543] inactive_anon 139264 [ 2689.677553][T26543] active_anon 323584 [ 2689.677553][T26543] inactive_file 0 [ 2689.677553][T26543] active_file 0 [ 2689.677553][T26543] unevictable 0 11:16:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf2030000) 11:16:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf6030000) [ 2689.677553][T26543] slab_reclaimable 17888 [ 2689.677553][T26543] slab_unreclaimable 308300256 [ 2689.677553][T26543] slab 308318144 [ 2689.792240][T26543] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26543,uid=0 [ 2689.797672][T26553] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2689.808856][T26543] Memory cgroup out of memory: Killed process 26543 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2689.852655][T26555] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. 11:16:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf8030000) 11:16:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x226}]}}]}, 0x40}, 0x7}, 0x0) [ 2689.898714][T26554] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2689.959910][T26554] CPU: 0 PID: 26554 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2689.970033][T26554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2689.980118][T26554] Call Trace: [ 2689.983430][T26554] [ 2689.986384][T26554] dump_stack_lvl+0xcd/0x134 [ 2689.991017][T26554] dump_header+0x10b/0x7f9 [ 2689.995473][T26554] oom_kill_process.cold+0x10/0x15 [ 2690.000631][T26554] out_of_memory+0x358/0x14a0 [ 2690.005366][T26554] ? oom_killer_disable+0x270/0x270 [ 2690.010614][T26554] ? find_held_lock+0x2d/0x110 [ 2690.015520][T26554] mem_cgroup_out_of_memory+0x206/0x270 [ 2690.021204][T26554] ? mem_cgroup_margin+0x130/0x130 [ 2690.026434][T26554] ? lock_downgrade+0x6e0/0x6e0 [ 2690.031315][T26554] try_charge_memcg+0xf67/0x13f0 [ 2690.036280][T26554] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2690.042280][T26554] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2690.048015][T26554] ? lock_downgrade+0x6e0/0x6e0 [ 2690.052887][T26554] ? lock_downgrade+0x6e0/0x6e0 [ 2690.057751][T26554] ? rcu_read_unlock+0x9/0x60 [ 2690.062468][T26554] obj_cgroup_charge+0x2ab/0x5e0 [ 2690.067453][T26554] ? copy_process+0x5c2/0x7090 [ 2690.072256][T26554] kmem_cache_alloc_node+0x92/0x3f0 [ 2690.077488][T26554] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2690.082733][T26554] copy_process+0x5c2/0x7090 [ 2690.087358][T26554] ? find_held_lock+0x2d/0x110 [ 2690.092153][T26554] ? find_held_lock+0x2d/0x110 [ 2690.097030][T26554] ? __cleanup_sighand+0xb0/0xb0 [ 2690.102004][T26554] kernel_clone+0xe7/0xab0 [ 2690.106438][T26554] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2690.112626][T26554] ? create_io_thread+0xe0/0xe0 [ 2690.117511][T26554] ? find_held_lock+0x2d/0x110 [ 2690.122392][T26554] ? __ct_user_exit+0xff/0x150 [ 2690.127175][T26554] __do_sys_clone+0xba/0x100 [ 2690.131829][T26554] ? kernel_clone+0xab0/0xab0 [ 2690.136534][T26554] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2690.142447][T26554] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2690.148392][T26554] do_syscall_64+0x35/0xb0 [ 2690.152835][T26554] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2690.158752][T26554] RIP: 0033:0x7f542068c9d1 [ 2690.163180][T26554] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2690.182803][T26554] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2690.191239][T26554] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2690.199311][T26554] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2690.207296][T26554] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2690.215279][T26554] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e [ 2690.223349][T26554] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2690.231349][T26554] [ 2690.269362][T26554] memory: usage 307196kB, limit 307200kB, failcnt 40288 [ 2690.270175][T26572] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2690.282694][T26554] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2690.301223][T26554] Memory cgroup stats for /syz5: [ 2690.301448][T26554] anon 147456 [ 2690.301448][T26554] file 364544 [ 2690.301448][T26554] kernel 314056704 [ 2690.301448][T26554] kernel_stack 98304 [ 2690.301448][T26554] pagetables 81920 [ 2690.301448][T26554] percpu 5618080 [ 2690.301448][T26554] sock 0 [ 2690.301448][T26554] vmalloc 0 [ 2690.301448][T26554] shmem 356352 [ 2690.301448][T26554] zswap 0 [ 2690.301448][T26554] zswapped 0 [ 2690.301448][T26554] file_mapped 356352 [ 2690.301448][T26554] file_dirty 4096 [ 2690.301448][T26554] file_writeback 0 [ 2690.301448][T26554] swapcached 0 [ 2690.301448][T26554] anon_thp 0 [ 2690.301448][T26554] file_thp 0 [ 2690.301448][T26554] shmem_thp 0 [ 2690.301448][T26554] inactive_anon 151552 [ 2690.301448][T26554] active_anon 352256 [ 2690.301448][T26554] inactive_file 0 [ 2690.301448][T26554] active_file 8192 [ 2690.301448][T26554] unevictable 0 [ 2690.301448][T26554] slab_reclaimable 20960 [ 2690.301448][T26554] slab_unreclaimable 308203792 [ 2690.301448][T26554] slab 308224752 [ 2690.409348][T26554] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26554,uid=0 [ 2690.425545][T26554] Memory cgroup out of memory: Killed process 26554 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2690.443223][T26545] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2690.459588][T26545] CPU: 0 PID: 26545 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2690.469883][T26545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2690.479931][T26545] Call Trace: [ 2690.483214][T26545] [ 2690.486166][T26545] dump_stack_lvl+0xcd/0x134 [ 2690.490781][T26545] dump_header+0x10b/0x7f9 [ 2690.495195][T26545] oom_kill_process.cold+0x10/0x15 [ 2690.500304][T26545] out_of_memory+0x358/0x14a0 [ 2690.505115][T26545] ? oom_killer_disable+0x270/0x270 [ 2690.510485][T26545] ? find_held_lock+0x2d/0x110 [ 2690.515293][T26545] mem_cgroup_out_of_memory+0x206/0x270 [ 2690.520927][T26545] ? mem_cgroup_margin+0x130/0x130 [ 2690.526047][T26545] ? lock_downgrade+0x6e0/0x6e0 [ 2690.530923][T26545] try_charge_memcg+0xf67/0x13f0 [ 2690.535865][T26545] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2690.542023][T26545] ? lock_downgrade+0x6e0/0x6e0 [ 2690.546903][T26545] charge_memcg+0x31/0x320 [ 2690.551355][T26545] __mem_cgroup_charge+0x27/0x90 [ 2690.556292][T26545] ? _compound_head+0x5d/0x150 [ 2690.561061][T26545] wp_page_copy+0x27c/0x1b10 [ 2690.565667][T26545] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2690.571160][T26545] ? lock_downgrade+0x6e0/0x6e0 [ 2690.576019][T26545] ? vm_normal_page+0x146/0x2a0 [ 2690.580898][T26545] do_wp_page+0x52c/0x1910 [ 2690.585341][T26545] __handle_mm_fault+0x1813/0x39b0 [ 2690.590485][T26545] ? vm_iomap_memory+0x190/0x190 [ 2690.595438][T26545] handle_mm_fault+0x1c8/0x780 [ 2690.600207][T26545] do_user_addr_fault+0x475/0x1210 [ 2690.605348][T26545] exc_page_fault+0x94/0x170 [ 2690.609960][T26545] asm_exc_page_fault+0x22/0x30 [ 2690.614824][T26545] RIP: 0033:0x7fefdee35a15 [ 2690.619255][T26545] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2690.638873][T26545] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2690.644954][T26545] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2690.652952][T26545] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2690.660934][T26545] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2690.668901][T26545] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 0000000000290b4d [ 2690.676865][T26545] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2690.684864][T26545] [ 2690.708119][T26545] memory: usage 307200kB, limit 307200kB, failcnt 54905 [ 2690.718350][T26545] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2690.725496][T26545] Memory cgroup stats for /syz2: [ 2690.725719][T26545] anon 98304 [ 2690.725719][T26545] file 364544 [ 2690.725719][T26545] kernel 314109952 [ 2690.725719][T26545] kernel_stack 65536 [ 2690.725719][T26545] pagetables 73728 [ 2690.725719][T26545] percpu 5619264 [ 2690.725719][T26545] sock 0 [ 2690.725719][T26545] vmalloc 0 [ 2690.725719][T26545] shmem 364544 [ 2690.725719][T26545] zswap 0 [ 2690.725719][T26545] zswapped 0 [ 2690.725719][T26545] file_mapped 364544 [ 2690.725719][T26545] file_dirty 0 [ 2690.725719][T26545] file_writeback 0 [ 2690.725719][T26545] swapcached 0 [ 2690.725719][T26545] anon_thp 0 [ 2690.725719][T26545] file_thp 0 [ 2690.725719][T26545] shmem_thp 0 [ 2690.725719][T26545] inactive_anon 102400 [ 2690.725719][T26545] active_anon 360448 [ 2690.725719][T26545] inactive_file 0 [ 2690.725719][T26545] active_file 0 [ 2690.725719][T26545] unevictable 0 [ 2690.725719][T26545] slab_reclaimable 127032 [ 2690.725719][T26545] slab_unreclaimable 308189472 [ 2690.725719][T26545] slab 308316504 [ 2690.820189][T26545] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26545,uid=0 [ 2690.836303][T26545] Memory cgroup out of memory: Killed process 26545 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2690.854308][T26572] syz-executor.3 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=1, oom_score_adj=1000 [ 2690.865586][T26572] CPU: 0 PID: 26572 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2690.875705][T26572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2690.885795][T26572] Call Trace: [ 2690.889104][T26572] [ 2690.892060][T26572] dump_stack_lvl+0xcd/0x134 [ 2690.896692][T26572] dump_header+0x10b/0x7f9 [ 2690.901157][T26572] oom_kill_process.cold+0x10/0x15 [ 2690.906318][T26572] out_of_memory+0x358/0x14a0 [ 2690.911067][T26572] ? oom_killer_disable+0x270/0x270 [ 2690.916319][T26572] ? find_held_lock+0x2d/0x110 11:16:45 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71c}]}}]}, 0x40}, 0x7}, 0x0) 11:16:45 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e3}]}}]}, 0x40}, 0x7}, 0x0) 11:16:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xfa030000) 11:16:45 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x710}]}}]}, 0x40}, 0x7}, 0x0) 11:16:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8}]}}]}, 0x40}, 0x7}, 0x0) [ 2690.921144][T26572] mem_cgroup_out_of_memory+0x206/0x270 [ 2690.926738][T26572] ? mem_cgroup_margin+0x130/0x130 [ 2690.931893][T26572] ? lock_downgrade+0x6e0/0x6e0 [ 2690.936805][T26572] try_charge_memcg+0xf67/0x13f0 [ 2690.941802][T26572] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2690.947834][T26572] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2690.953607][T26572] ? lock_downgrade+0x6e0/0x6e0 [ 2690.958529][T26572] obj_cgroup_charge+0x2ab/0x5e0 [ 2690.963538][T26572] __kmalloc_track_caller+0xad/0x340 [ 2690.968893][T26572] ? neigh_sysctl_register+0x9a/0x5e0 [ 2690.974314][T26572] kmemdup+0x23/0x50 [ 2690.978243][T26572] neigh_sysctl_register+0x9a/0x5e0 [ 2690.983568][T26572] ? neigh_stat_seq_show+0x420/0x420 [ 2690.988908][T26572] ? inetdev_init+0x23d/0x580 [ 2690.993635][T26572] ? inetdev_event+0xa85/0x1610 [ 2690.998541][T26572] ? notifier_call_chain+0xb5/0x200 [ 2691.003790][T26572] ? call_netdevice_notifiers_info+0xb5/0x130 [ 2691.009898][T26572] ? register_netdevice+0x10bb/0x1670 [ 2691.015312][T26572] ? veth_newlink+0x338/0x990 [ 2691.020047][T26572] ? __rtnl_newlink+0x1087/0x17e0 [ 2691.025111][T26572] ? rtnl_newlink+0x64/0xa0 [ 2691.029663][T26572] ? rtnetlink_rcv_msg+0x43a/0xca0 [ 2691.034815][T26572] ? netlink_rcv_skb+0x153/0x420 [ 2691.039872][T26572] ? netlink_unicast+0x543/0x7f0 [ 2691.044852][T26572] ? netlink_sendmsg+0x917/0xe10 [ 2691.049826][T26572] ? sock_sendmsg+0xcf/0x120 [ 2691.054451][T26572] ? ____sys_sendmsg+0x712/0x8c0 [ 2691.059427][T26572] ? ___sys_sendmsg+0x110/0x1b0 [ 2691.064333][T26572] devinet_sysctl_register+0xb1/0x230 [ 2691.069767][T26572] inetdev_init+0x286/0x580 [ 2691.074330][T26572] inetdev_event+0xa85/0x1610 [ 2691.079065][T26572] ? del_default_gids+0xd0/0xd0 [ 2691.083969][T26572] ? is_ndev_for_default_gid_filter.part.0+0x2e0/0x2e0 [ 2691.090881][T26572] ? devinet_init_net+0x640/0x640 [ 2691.095962][T26572] ? skb_dequeue+0x125/0x180 [ 2691.100598][T26572] ? __sanitizer_cov_trace_switch+0x50/0x90 [ 2691.106561][T26572] notifier_call_chain+0xb5/0x200 [ 2691.111661][T26572] call_netdevice_notifiers_info+0xb5/0x130 [ 2691.117615][T26572] register_netdevice+0x10bb/0x1670 [ 2691.122873][T26572] ? netdev_change_features+0xb0/0xb0 [ 2691.128297][T26572] ? dev_addr_mod+0x2c9/0x3f0 [ 2691.133070][T26572] veth_newlink+0x338/0x990 [ 2691.137644][T26572] ? veth_set_features+0x190/0x190 [ 2691.142900][T26572] ? netlink_unicast+0x543/0x7f0 [ 2691.147880][T26572] ? netlink_sendmsg+0x917/0xe10 [ 2691.152861][T26572] ? sock_sendmsg+0xcf/0x120 [ 2691.157491][T26572] ? ____sys_sendmsg+0x712/0x8c0 [ 2691.162463][T26572] ? ___sys_sendmsg+0x110/0x1b0 [ 2691.167357][T26572] ? __sys_sendmsg+0xf3/0x1c0 [ 2691.172073][T26572] ? do_syscall_64+0x35/0xb0 [ 2691.176719][T26572] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2691.182852][T26572] ? find_held_lock+0x2d/0x110 [ 2691.187673][T26572] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2691.193615][T26572] ? lock_downgrade+0x6e0/0x6e0 [ 2691.198527][T26572] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2691.205087][T26572] ? trace_kmalloc_node+0x32/0x100 [ 2691.210334][T26572] ? __kmalloc_node+0x1bf/0x380 [ 2691.215238][T26572] ? memset+0x20/0x40 [ 2691.219535][T26572] ? __xdp_rxq_info_reg+0x189/0x340 [ 2691.224783][T26572] ? memcpy+0x39/0x60 [ 2691.228861][T26572] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2691.234052][T26572] ? rtnl_create_link+0x7e8/0xca0 [ 2691.239147][T26572] ? veth_set_features+0x190/0x190 [ 2691.244316][T26572] __rtnl_newlink+0x1087/0x17e0 [ 2691.249316][T26572] ? rtnl_link_unregister+0x250/0x250 [ 2691.254734][T26572] ? find_held_lock+0x2d/0x110 [ 2691.259642][T26572] ? exc_int3+0xb/0x80 [ 2691.263756][T26572] ? asm_exc_int3+0x35/0x40 [ 2691.268332][T26572] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2691.273936][T26572] ? trace_kmalloc+0x32/0x100 [ 2691.278674][T26572] rtnl_newlink+0x64/0xa0 [ 2691.283050][T26572] ? __rtnl_newlink+0x17e0/0x17e0 [ 2691.288119][T26572] rtnetlink_rcv_msg+0x43a/0xca0 [ 2691.293104][T26572] ? rtnl_getlink+0xae0/0xae0 [ 2691.297821][T26572] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2691.303192][T26572] ? skb_clone+0x16e/0x3c0 [ 2691.307660][T26572] ? ref_tracker_free+0x370/0x6b0 [ 2691.312734][T26572] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2691.318243][T26572] netlink_rcv_skb+0x153/0x420 [ 2691.323057][T26572] ? rtnl_getlink+0xae0/0xae0 [ 2691.327779][T26572] ? netlink_ack+0xd50/0xd50 [ 2691.332413][T26572] ? netlink_deliver_tap+0x1a2/0xc40 [ 2691.337751][T26572] ? netlink_deliver_tap+0x1b1/0xc40 [ 2691.343093][T26572] netlink_unicast+0x543/0x7f0 [ 2691.347914][T26572] ? netlink_attachskb+0x880/0x880 [ 2691.353068][T26572] ? __phys_addr+0xc4/0x140 [ 2691.357631][T26572] ? __phys_addr_symbol+0x2c/0x70 [ 2691.362710][T26572] ? __check_object_size+0x2de/0x700 [ 2691.368058][T26572] netlink_sendmsg+0x917/0xe10 [ 2691.372875][T26572] ? netlink_unicast+0x7f0/0x7f0 [ 2691.377866][T26572] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2691.383203][T26572] ? netlink_unicast+0x7f0/0x7f0 [ 2691.388182][T26572] sock_sendmsg+0xcf/0x120 [ 2691.392643][T26572] ____sys_sendmsg+0x712/0x8c0 [ 2691.397449][T26572] ? copy_msghdr_from_user+0xfc/0x150 [ 2691.402864][T26572] ? kernel_sendmsg+0x50/0x50 [ 2691.407677][T26572] ? futex_unqueue+0xb3/0x120 [ 2691.412408][T26572] ___sys_sendmsg+0x110/0x1b0 [ 2691.417130][T26572] ? do_recvmmsg+0x6e0/0x6e0 [ 2691.421772][T26572] ? __fget_files+0x248/0x440 [ 2691.426489][T26572] ? lock_downgrade+0x6e0/0x6e0 [ 2691.431385][T26572] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2691.437426][T26572] ? __fget_files+0x26a/0x440 [ 2691.442171][T26572] ? __fget_light+0xe5/0x270 [ 2691.446823][T26572] __sys_sendmsg+0xf3/0x1c0 [ 2691.451385][T26572] ? __sys_sendmsg_sock+0x30/0x30 [ 2691.456466][T26572] ? lock_downgrade+0x6e0/0x6e0 [ 2691.461380][T26572] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2691.467330][T26572] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2691.473274][T26572] ? lockdep_hardirqs_on+0x79/0x100 [ 2691.478530][T26572] do_syscall_64+0x35/0xb0 [ 2691.483018][T26572] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2691.488978][T26572] RIP: 0033:0x7f89d288b5a9 [ 2691.493432][T26572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2691.513090][T26572] RSP: 002b:00007f89d3ab2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 11:16:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xfc030000) 11:16:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xfe000000) 11:16:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xffffa888) 11:16:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xfffff000) 11:16:46 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e4}]}}]}, 0x40}, 0x7}, 0x0) [ 2691.521548][T26572] RAX: ffffffffffffffda RBX: 00007f89d29abf80 RCX: 00007f89d288b5a9 [ 2691.529607][T26572] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 2691.537617][T26572] RBP: 00007f89d28e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2691.545633][T26572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2691.553732][T26572] R13: 00007fff483831ef R14: 00007f89d3ab2300 R15: 0000000000022000 [ 2691.561765][T26572] [ 2691.583402][T26572] memory: usage 307200kB, limit 307200kB, failcnt 55067 [ 2691.595313][T26572] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2691.602323][T26572] Memory cgroup stats for /syz3: [ 2691.602589][T26572] anon 147456 [ 2691.602589][T26572] file 385024 [ 2691.602589][T26572] kernel 314032128 [ 2691.602589][T26572] kernel_stack 98304 [ 2691.602589][T26572] pagetables 81920 [ 2691.602589][T26572] percpu 5618080 [ 2691.602589][T26572] sock 0 11:16:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xffffff7f) [ 2691.602589][T26572] vmalloc 0 [ 2691.602589][T26572] shmem 385024 [ 2691.602589][T26572] zswap 0 [ 2691.602589][T26572] zswapped 0 [ 2691.602589][T26572] file_mapped 311296 [ 2691.602589][T26572] file_dirty 0 [ 2691.602589][T26572] file_writeback 0 [ 2691.602589][T26572] swapcached 0 [ 2691.602589][T26572] anon_thp 0 [ 2691.602589][T26572] file_thp 0 [ 2691.602589][T26572] shmem_thp 0 [ 2691.602589][T26572] inactive_anon 200704 [ 2691.602589][T26572] active_anon 331776 [ 2691.602589][T26572] inactive_file 0 [ 2691.602589][T26572] active_file 0 [ 2691.602589][T26572] unevictable 0 [ 2691.602589][T26572] slab_reclaimable 22760 [ 2691.602589][T26572] slab_unreclaimable 308171896 [ 2691.602589][T26572] slab 308194656 [ 2691.696650][T26572] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26569,uid=0 [ 2691.718103][T26572] Memory cgroup out of memory: Killed process 26569 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2691.760891][T26579] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2691.790690][T26579] CPU: 1 PID: 26579 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2691.800836][T26579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2691.810928][T26579] Call Trace: [ 2691.814236][T26579] [ 2691.817192][T26579] dump_stack_lvl+0xcd/0x134 [ 2691.821852][T26579] dump_header+0x10b/0x7f9 [ 2691.826321][T26579] oom_kill_process.cold+0x10/0x15 [ 2691.831472][T26579] out_of_memory+0x358/0x14a0 [ 2691.836199][T26579] ? find_held_lock+0x2d/0x110 [ 2691.841082][T26579] ? oom_killer_disable+0x270/0x270 [ 2691.846327][T26579] ? find_held_lock+0x2d/0x110 [ 2691.851143][T26579] mem_cgroup_out_of_memory+0x206/0x270 [ 2691.856723][T26579] ? mem_cgroup_margin+0x130/0x130 [ 2691.861856][T26579] ? lock_downgrade+0x6e0/0x6e0 [ 2691.866714][T26579] try_charge_memcg+0xf67/0x13f0 [ 2691.871662][T26579] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2691.877695][T26579] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2691.883415][T26579] ? lock_downgrade+0x6e0/0x6e0 [ 2691.888263][T26579] ? lock_downgrade+0x6e0/0x6e0 [ 2691.893133][T26579] ? rcu_read_unlock+0x9/0x60 [ 2691.897863][T26579] obj_cgroup_charge+0x2ab/0x5e0 [ 2691.902848][T26579] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2691.908159][T26579] ? copy_semundo+0x187/0x2f0 [ 2691.912847][T26579] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2691.918138][T26579] copy_semundo+0x187/0x2f0 [ 2691.922730][T26579] copy_process+0x23fa/0x7090 [ 2691.927447][T26579] ? __cleanup_sighand+0xb0/0xb0 [ 2691.932409][T26579] kernel_clone+0xe7/0xab0 [ 2691.936821][T26579] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2691.942816][T26579] ? create_io_thread+0xe0/0xe0 [ 2691.947710][T26579] ? find_held_lock+0x2d/0x110 [ 2691.952523][T26579] ? __ct_user_exit+0xff/0x150 [ 2691.957331][T26579] __do_sys_clone+0xba/0x100 [ 2691.962046][T26579] ? kernel_clone+0xab0/0xab0 [ 2691.966783][T26579] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2691.972680][T26579] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2691.978595][T26579] do_syscall_64+0x35/0xb0 [ 2691.983043][T26579] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2691.988960][T26579] RIP: 0033:0x7fa378a8c9d1 [ 2691.994700][T26579] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2692.014340][T26579] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2692.022756][T26579] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2692.032472][T26579] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2692.040444][T26579] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2692.048432][T26579] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2692.056442][T26579] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2692.064438][T26579] [ 2692.080333][T26596] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2692.081054][T26579] memory: usage 307184kB, limit 307200kB, failcnt 56154 [ 2692.098314][T26579] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2692.106199][T26579] Memory cgroup stats for /syz4: [ 2692.106401][T26579] anon 90112 [ 2692.106401][T26579] file 372736 [ 2692.106401][T26579] kernel 314093568 [ 2692.106401][T26579] kernel_stack 65536 [ 2692.106401][T26579] pagetables 65536 [ 2692.106401][T26579] percpu 5624000 [ 2692.106401][T26579] sock 0 [ 2692.106401][T26579] vmalloc 0 [ 2692.106401][T26579] shmem 372736 [ 2692.106401][T26579] zswap 0 [ 2692.106401][T26579] zswapped 0 [ 2692.106401][T26579] file_mapped 372736 [ 2692.106401][T26579] file_dirty 0 [ 2692.106401][T26579] file_writeback 0 [ 2692.106401][T26579] swapcached 0 [ 2692.106401][T26579] anon_thp 0 [ 2692.106401][T26579] file_thp 0 [ 2692.106401][T26579] shmem_thp 0 [ 2692.106401][T26579] inactive_anon 139264 [ 2692.106401][T26579] active_anon 323584 [ 2692.106401][T26579] inactive_file 0 [ 2692.106401][T26579] active_file 0 [ 2692.106401][T26579] unevictable 0 [ 2692.106401][T26579] slab_reclaimable 17888 [ 2692.106401][T26579] slab_unreclaimable 308289160 [ 2692.106401][T26579] slab 308307048 11:16:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x227}]}}]}, 0x40}, 0x7}, 0x0) [ 2692.205141][T26579] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26579,uid=0 [ 2692.220823][T26579] Memory cgroup out of memory: Killed process 26579 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2692.238344][T26577] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2692.263127][T26577] CPU: 1 PID: 26577 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2692.275441][T26577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2692.285540][T26577] Call Trace: [ 2692.288853][T26577] [ 2692.291813][T26577] dump_stack_lvl+0xcd/0x134 [ 2692.296451][T26577] dump_header+0x10b/0x7f9 [ 2692.299011][T26605] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2692.300891][T26577] oom_kill_process.cold+0x10/0x15 [ 2692.300934][T26577] out_of_memory+0x358/0x14a0 [ 2692.320125][T26577] ? oom_killer_disable+0x270/0x270 [ 2692.325376][T26577] ? find_held_lock+0x2d/0x110 [ 2692.330282][T26577] mem_cgroup_out_of_memory+0x206/0x270 [ 2692.335937][T26577] ? mem_cgroup_margin+0x130/0x130 [ 2692.341102][T26577] ? lock_downgrade+0x6e0/0x6e0 [ 2692.345998][T26577] try_charge_memcg+0xf67/0x13f0 [ 2692.351196][T26577] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2692.357277][T26577] ? lock_downgrade+0x6e0/0x6e0 [ 2692.362182][T26577] charge_memcg+0x31/0x320 [ 2692.366833][T26577] __mem_cgroup_charge+0x27/0x90 [ 2692.371812][T26577] ? _compound_head+0x5d/0x150 [ 2692.376634][T26577] __handle_mm_fault+0x17df/0x39b0 [ 2692.381874][T26577] ? vm_iomap_memory+0x190/0x190 [ 2692.386982][T26577] handle_mm_fault+0x1c8/0x780 [ 2692.391773][T26577] do_user_addr_fault+0x475/0x1210 [ 2692.396907][T26577] exc_page_fault+0x94/0x170 [ 2692.401547][T26577] asm_exc_page_fault+0x22/0x30 [ 2692.406540][T26577] RIP: 0033:0x7fefdee3633d [ 2692.410965][T26577] Code: e0 04 8b 44 02 08 85 c0 0f 85 d0 0a 00 00 31 c0 b9 40 42 0f 00 ba 81 00 00 00 c7 06 01 00 00 00 bf ca 00 00 00 e8 53 52 05 00 <83> 05 bc 9c 57 00 01 80 bc 24 d8 00 00 00 00 0f b6 05 57 f0 0a 01 [ 2692.430716][T26577] RSP: 002b:00007ffd4124e640 EFLAGS: 00010207 [ 2692.436787][T26577] RAX: 0000000000000001 RBX: 00007fefdefabf8c RCX: 00007fefdee8b5a9 [ 2692.444767][T26577] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fefdefabf88 [ 2692.452763][T26577] RBP: 00007fefdefabf80 R08: 00007fefe005a700 R09: 0000000000000000 [ 2692.460749][T26577] R10: 00007fefe005a700 R11: 0000000000000246 R12: 00007fefdefabf8c [ 2692.468732][T26577] R13: 00007fefdefb0060 R14: 00007fefdefabf80 R15: 0000000000000000 [ 2692.476763][T26577] [ 2692.489840][T26577] memory: usage 307196kB, limit 307200kB, failcnt 54977 [ 2692.497009][T26577] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2692.504091][T26577] Memory cgroup stats for /syz2: [ 2692.504306][T26577] anon 94208 [ 2692.504306][T26577] file 364544 [ 2692.504306][T26577] kernel 314109952 [ 2692.504306][T26577] kernel_stack 65536 [ 2692.504306][T26577] pagetables 73728 [ 2692.504306][T26577] percpu 5619264 [ 2692.504306][T26577] sock 0 [ 2692.504306][T26577] vmalloc 0 [ 2692.504306][T26577] shmem 364544 [ 2692.504306][T26577] zswap 0 [ 2692.504306][T26577] zswapped 0 [ 2692.504306][T26577] file_mapped 364544 [ 2692.504306][T26577] file_dirty 0 [ 2692.504306][T26577] file_writeback 0 [ 2692.504306][T26577] swapcached 0 [ 2692.504306][T26577] anon_thp 0 [ 2692.504306][T26577] file_thp 0 [ 2692.504306][T26577] shmem_thp 0 [ 2692.504306][T26577] inactive_anon 98304 [ 2692.504306][T26577] active_anon 360448 [ 2692.504306][T26577] inactive_file 0 [ 2692.504306][T26577] active_file 0 [ 2692.504306][T26577] unevictable 0 [ 2692.504306][T26577] slab_reclaimable 127032 [ 2692.504306][T26577] slab_unreclaimable 308189472 [ 2692.504306][T26577] slab 308316504 [ 2692.599051][T26577] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26577,uid=0 11:16:47 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71d}]}}]}, 0x40}, 0x7}, 0x0) 11:16:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xffffff9e) 11:16:47 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x711}]}}]}, 0x40}, 0x7}, 0x0) [ 2692.616142][T26577] Memory cgroup out of memory: Killed process 26577 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2692.651047][T26578] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2692.703503][T26578] CPU: 0 PID: 26578 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2692.713649][T26578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2692.723736][T26578] Call Trace: [ 2692.727027][T26578] [ 2692.729965][T26578] dump_stack_lvl+0xcd/0x134 [ 2692.734589][T26578] dump_header+0x10b/0x7f9 [ 2692.739113][T26578] oom_kill_process.cold+0x10/0x15 [ 2692.744375][T26578] out_of_memory+0x358/0x14a0 [ 2692.749095][T26578] ? find_held_lock+0x2d/0x110 [ 2692.753889][T26578] ? oom_killer_disable+0x270/0x270 [ 2692.759117][T26578] ? find_held_lock+0x2d/0x110 [ 2692.763926][T26578] mem_cgroup_out_of_memory+0x206/0x270 [ 2692.769500][T26578] ? mem_cgroup_margin+0x130/0x130 [ 2692.774630][T26578] ? lock_downgrade+0x6e0/0x6e0 [ 2692.779540][T26578] try_charge_memcg+0xf67/0x13f0 [ 2692.784593][T26578] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2692.790592][T26578] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2692.796504][T26578] ? lock_downgrade+0x6e0/0x6e0 [ 2692.801376][T26578] ? lock_downgrade+0x6e0/0x6e0 [ 2692.806276][T26578] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2692.811864][T26578] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2692.818043][T26578] copy_process+0x73e/0x7090 [ 2692.822662][T26578] ? __lock_acquire+0xbc3/0x56d0 [ 2692.827624][T26578] ? __cleanup_sighand+0xb0/0xb0 [ 2692.832596][T26578] kernel_clone+0xe7/0xab0 [ 2692.837030][T26578] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2692.843057][T26578] ? create_io_thread+0xe0/0xe0 [ 2692.847933][T26578] ? find_held_lock+0x2d/0x110 [ 2692.852724][T26578] ? __ct_user_exit+0xff/0x150 [ 2692.857594][T26578] __do_sys_clone+0xba/0x100 [ 2692.862202][T26578] ? kernel_clone+0xab0/0xab0 [ 2692.866912][T26578] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2692.872836][T26578] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2692.878756][T26578] do_syscall_64+0x35/0xb0 [ 2692.883198][T26578] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2692.889112][T26578] RIP: 0033:0x7f542068c9d1 [ 2692.893544][T26578] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2692.913179][T26578] RSP: 002b:00007ffc9945af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2692.921611][T26578] RAX: ffffffffffffffda RBX: 00007f54217cc700 RCX: 00007f542068c9d1 [ 2692.929593][T26578] RDX: 00007f54217cc9d0 RSI: 00007f54217cc2f0 RDI: 00000000003d0f00 [ 2692.937576][T26578] RBP: 00007ffc9945b1c0 R08: 00007f54217cc700 R09: 00007f54217cc700 [ 2692.945558][T26578] R10: 00007f54217cc9d0 R11: 0000000000000206 R12: 00007ffc9945b02e 11:16:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xfffffff0) [ 2692.953625][T26578] R13: 00007ffc9945b02f R14: 00007f54217cc300 R15: 0000000000022000 [ 2692.961639][T26578] [ 2692.969703][T26578] memory: usage 307200kB, limit 307200kB, failcnt 40392 [ 2692.977786][T26578] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2692.985343][T26578] Memory cgroup stats for /syz5: [ 2692.985570][T26578] anon 147456 [ 2692.985570][T26578] file 364544 [ 2692.985570][T26578] kernel 314060800 [ 2692.985570][T26578] kernel_stack 98304 [ 2692.985570][T26578] pagetables 81920 [ 2692.985570][T26578] percpu 5618080 [ 2692.985570][T26578] sock 0 [ 2692.985570][T26578] vmalloc 0 [ 2692.985570][T26578] shmem 356352 [ 2692.985570][T26578] zswap 0 [ 2692.985570][T26578] zswapped 0 [ 2692.985570][T26578] file_mapped 356352 [ 2692.985570][T26578] file_dirty 4096 [ 2692.985570][T26578] file_writeback 0 [ 2692.985570][T26578] swapcached 0 [ 2692.985570][T26578] anon_thp 0 [ 2692.985570][T26578] file_thp 0 [ 2692.985570][T26578] shmem_thp 0 [ 2692.985570][T26578] inactive_anon 151552 [ 2692.985570][T26578] active_anon 352256 [ 2692.985570][T26578] inactive_file 0 [ 2692.985570][T26578] active_file 8192 [ 2692.985570][T26578] unevictable 0 [ 2692.985570][T26578] slab_reclaimable 20960 [ 2692.985570][T26578] slab_unreclaimable 308199952 [ 2692.985570][T26578] slab 308220912 [ 2693.084016][T26578] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26578,uid=0 [ 2693.099873][T26578] Memory cgroup out of memory: Killed process 26578 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2693.117966][T26605] syz-executor.3 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=2, oom_score_adj=1000 [ 2693.136123][T26605] CPU: 1 PID: 26605 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2693.146270][T26605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2693.156347][T26605] Call Trace: [ 2693.159628][T26605] [ 2693.162565][T26605] dump_stack_lvl+0xcd/0x134 [ 2693.167159][T26605] dump_header+0x10b/0x7f9 [ 2693.171579][T26605] oom_kill_process.cold+0x10/0x15 [ 2693.176719][T26605] out_of_memory+0x358/0x14a0 [ 2693.181428][T26605] ? oom_killer_disable+0x270/0x270 [ 2693.186653][T26605] ? find_held_lock+0x2d/0x110 [ 2693.191468][T26605] mem_cgroup_out_of_memory+0x206/0x270 [ 2693.197071][T26605] ? mem_cgroup_margin+0x130/0x130 [ 2693.202227][T26605] ? lock_downgrade+0x6e0/0x6e0 [ 2693.207129][T26605] try_charge_memcg+0xf67/0x13f0 [ 2693.212121][T26605] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2693.218153][T26605] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2693.223924][T26605] ? lock_downgrade+0x6e0/0x6e0 [ 2693.228788][T26605] obj_cgroup_charge+0x2ab/0x5e0 [ 2693.233732][T26605] __kmalloc_track_caller+0xad/0x340 [ 2693.239019][T26605] ? __devinet_sysctl_register+0x98/0x280 [ 2693.244763][T26605] kmemdup+0x23/0x50 [ 2693.248688][T26605] __devinet_sysctl_register+0x98/0x280 [ 2693.254353][T26605] ? inet_netconf_notify_devconf+0x260/0x260 [ 2693.260337][T26605] ? veth_newlink+0x338/0x990 [ 2693.265043][T26605] ? __rtnl_newlink+0x1087/0x17e0 [ 2693.270080][T26605] ? rtnl_newlink+0x64/0xa0 [ 2693.274585][T26605] ? rtnetlink_rcv_msg+0x43a/0xca0 [ 2693.279701][T26605] ? netlink_rcv_skb+0x153/0x420 [ 2693.284645][T26605] ? netlink_unicast+0x543/0x7f0 [ 2693.289588][T26605] ? netlink_sendmsg+0x917/0xe10 [ 2693.294543][T26605] ? sock_sendmsg+0xcf/0x120 [ 2693.299165][T26605] ? ____sys_sendmsg+0x712/0x8c0 [ 2693.304130][T26605] ? ___sys_sendmsg+0x110/0x1b0 [ 2693.308993][T26605] devinet_sysctl_register+0x160/0x230 [ 2693.314498][T26605] inetdev_init+0x286/0x580 [ 2693.319009][T26605] inetdev_event+0xa85/0x1610 [ 2693.323698][T26605] ? del_default_gids+0xd0/0xd0 [ 2693.328556][T26605] ? is_ndev_for_default_gid_filter.part.0+0x2e0/0x2e0 [ 2693.335416][T26605] ? devinet_init_net+0x640/0x640 [ 2693.340451][T26605] ? skb_dequeue+0x125/0x180 [ 2693.345061][T26605] ? __sanitizer_cov_trace_switch+0x50/0x90 [ 2693.351005][T26605] notifier_call_chain+0xb5/0x200 [ 2693.356170][T26605] call_netdevice_notifiers_info+0xb5/0x130 [ 2693.362083][T26605] register_netdevice+0x10bb/0x1670 [ 2693.367300][T26605] ? netdev_change_features+0xb0/0xb0 [ 2693.372696][T26605] ? dev_addr_mod+0x2c9/0x3f0 [ 2693.377377][T26605] veth_newlink+0x338/0x990 [ 2693.381913][T26605] ? veth_set_features+0x190/0x190 [ 2693.387047][T26605] ? netlink_unicast+0x543/0x7f0 [ 2693.391991][T26605] ? netlink_sendmsg+0x917/0xe10 [ 2693.396953][T26605] ? sock_sendmsg+0xcf/0x120 [ 2693.401673][T26605] ? ____sys_sendmsg+0x712/0x8c0 [ 2693.406637][T26605] ? ___sys_sendmsg+0x110/0x1b0 [ 2693.411490][T26605] ? __sys_sendmsg+0xf3/0x1c0 [ 2693.416203][T26605] ? do_syscall_64+0x35/0xb0 [ 2693.420824][T26605] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2693.426923][T26605] ? find_held_lock+0x2d/0x110 [ 2693.431700][T26605] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2693.437605][T26605] ? lock_downgrade+0x6e0/0x6e0 [ 2693.442487][T26605] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2693.448063][T26605] ? trace_kmalloc_node+0x32/0x100 [ 2693.453224][T26605] ? __kmalloc_node+0x1bf/0x380 [ 2693.458114][T26605] ? memset+0x20/0x40 [ 2693.462110][T26605] ? __xdp_rxq_info_reg+0x189/0x340 [ 2693.467322][T26605] ? memcpy+0x39/0x60 [ 2693.471314][T26605] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2693.476439][T26605] ? rtnl_create_link+0x7e8/0xca0 [ 2693.481473][T26605] ? veth_set_features+0x190/0x190 [ 2693.486603][T26605] __rtnl_newlink+0x1087/0x17e0 [ 2693.491465][T26605] ? rtnl_link_unregister+0x250/0x250 [ 2693.496856][T26605] ? rtnl_newlink+0x46/0xa0 [ 2693.501416][T26605] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2693.507080][T26605] ? trace_kmalloc+0x32/0x100 [ 2693.511845][T26605] rtnl_newlink+0x64/0xa0 [ 2693.516202][T26605] ? __rtnl_newlink+0x17e0/0x17e0 [ 2693.521245][T26605] rtnetlink_rcv_msg+0x43a/0xca0 [ 2693.526199][T26605] ? rtnl_getlink+0xae0/0xae0 [ 2693.530891][T26605] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2693.536192][T26605] ? ref_tracker_free+0x370/0x6b0 [ 2693.541244][T26605] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2693.546654][T26605] netlink_rcv_skb+0x153/0x420 [ 2693.551579][T26605] ? rtnl_getlink+0xae0/0xae0 [ 2693.556286][T26605] ? netlink_ack+0xd50/0xd50 [ 2693.560887][T26605] ? netlink_deliver_tap+0x1a2/0xc40 [ 2693.566210][T26605] ? netlink_deliver_tap+0x1b1/0xc40 [ 2693.571536][T26605] netlink_unicast+0x543/0x7f0 [ 2693.576347][T26605] ? netlink_attachskb+0x880/0x880 [ 2693.581485][T26605] ? __phys_addr+0xc4/0x140 [ 2693.586047][T26605] ? __phys_addr_symbol+0x2c/0x70 [ 2693.591181][T26605] ? __check_object_size+0x2de/0x700 [ 2693.596513][T26605] netlink_sendmsg+0x917/0xe10 [ 2693.601334][T26605] ? netlink_unicast+0x7f0/0x7f0 [ 2693.606318][T26605] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2693.611621][T26605] ? netlink_unicast+0x7f0/0x7f0 [ 2693.616569][T26605] sock_sendmsg+0xcf/0x120 [ 2693.621000][T26605] ____sys_sendmsg+0x712/0x8c0 [ 2693.625901][T26605] ? copy_msghdr_from_user+0xfc/0x150 [ 2693.631368][T26605] ? kernel_sendmsg+0x50/0x50 [ 2693.636083][T26605] ___sys_sendmsg+0x110/0x1b0 [ 2693.640788][T26605] ? do_recvmmsg+0x6e0/0x6e0 [ 2693.645409][T26605] ? __fget_files+0x248/0x440 [ 2693.650130][T26605] ? lock_downgrade+0x6e0/0x6e0 [ 2693.655015][T26605] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2693.661021][T26605] ? __fget_files+0x26a/0x440 [ 2693.665779][T26605] ? __fget_light+0xe5/0x270 [ 2693.670412][T26605] __sys_sendmsg+0xf3/0x1c0 [ 2693.674945][T26605] ? __sys_sendmsg_sock+0x30/0x30 [ 2693.679977][T26605] ? lock_downgrade+0x6e0/0x6e0 [ 2693.684856][T26605] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2693.690859][T26605] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2693.696779][T26605] ? lockdep_hardirqs_on+0x79/0x100 [ 2693.702049][T26605] do_syscall_64+0x35/0xb0 [ 2693.706512][T26605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2693.712412][T26605] RIP: 0033:0x7f89d288b5a9 [ 2693.716825][T26605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2693.736552][T26605] RSP: 002b:00007f89d3ab2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2693.745087][T26605] RAX: ffffffffffffffda RBX: 00007f89d29abf80 RCX: 00007f89d288b5a9 [ 2693.753092][T26605] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 2693.761172][T26605] RBP: 00007f89d28e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2693.769161][T26605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2693.777143][T26605] R13: 00007fff483831ef R14: 00007f89d3ab2300 R15: 0000000000022000 [ 2693.785136][T26605] [ 2693.793299][T26605] memory: usage 307200kB, limit 307200kB, failcnt 55250 [ 2693.800475][T26605] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2693.807622][T26605] Memory cgroup stats for /syz3: [ 2693.807858][T26605] anon 147456 [ 2693.807858][T26605] file 385024 [ 2693.807858][T26605] kernel 314023936 [ 2693.807858][T26605] kernel_stack 98304 [ 2693.807858][T26605] pagetables 81920 [ 2693.807858][T26605] percpu 5618080 [ 2693.807858][T26605] sock 0 [ 2693.807858][T26605] vmalloc 0 [ 2693.807858][T26605] shmem 385024 [ 2693.807858][T26605] zswap 0 [ 2693.807858][T26605] zswapped 0 [ 2693.807858][T26605] file_mapped 311296 [ 2693.807858][T26605] file_dirty 0 [ 2693.807858][T26605] file_writeback 0 [ 2693.807858][T26605] swapcached 0 [ 2693.807858][T26605] anon_thp 0 [ 2693.807858][T26605] file_thp 0 [ 2693.807858][T26605] shmem_thp 0 [ 2693.807858][T26605] inactive_anon 200704 [ 2693.807858][T26605] active_anon 331776 [ 2693.807858][T26605] inactive_file 0 [ 2693.807858][T26605] active_file 0 [ 2693.807858][T26605] unevictable 0 [ 2693.807858][T26605] slab_reclaimable 22760 [ 2693.807858][T26605] slab_unreclaimable 308174656 [ 2693.807858][T26605] slab 308197416 [ 2693.905924][T26605] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26604,uid=0 [ 2693.921741][T26605] Memory cgroup out of memory: Killed process 26604 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2693.952321][T26610] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2693.972969][T26610] CPU: 1 PID: 26610 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2693.983105][T26610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2693.993184][T26610] Call Trace: [ 2693.996526][T26610] [ 2693.999484][T26610] dump_stack_lvl+0xcd/0x134 [ 2694.004111][T26610] dump_header+0x10b/0x7f9 [ 2694.008568][T26610] oom_kill_process.cold+0x10/0x15 [ 2694.013712][T26610] out_of_memory+0x358/0x14a0 [ 2694.018438][T26610] ? oom_killer_disable+0x270/0x270 [ 2694.023683][T26610] ? find_held_lock+0x2d/0x110 [ 2694.028486][T26610] mem_cgroup_out_of_memory+0x206/0x270 [ 2694.034048][T26610] ? mem_cgroup_margin+0x130/0x130 [ 2694.039186][T26610] ? lock_downgrade+0x6e0/0x6e0 [ 2694.044082][T26610] try_charge_memcg+0xf67/0x13f0 [ 2694.049061][T26610] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2694.055072][T26610] ? lock_downgrade+0x6e0/0x6e0 [ 2694.059933][T26610] charge_memcg+0x31/0x320 [ 2694.064352][T26610] __mem_cgroup_charge+0x27/0x90 [ 2694.069298][T26610] ? _compound_head+0x5d/0x150 [ 2694.074095][T26610] wp_page_copy+0x27c/0x1b10 [ 2694.078763][T26610] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2694.084241][T26610] ? lock_downgrade+0x6e0/0x6e0 [ 2694.089114][T26610] ? vm_normal_page+0x146/0x2a0 [ 2694.093991][T26610] do_wp_page+0x52c/0x1910 [ 2694.098430][T26610] __handle_mm_fault+0x1813/0x39b0 [ 2694.103587][T26610] ? vm_iomap_memory+0x190/0x190 [ 2694.108561][T26610] handle_mm_fault+0x1c8/0x780 [ 2694.113346][T26610] do_user_addr_fault+0x475/0x1210 [ 2694.118493][T26610] exc_page_fault+0x94/0x170 [ 2694.123104][T26610] asm_exc_page_fault+0x22/0x30 [ 2694.127980][T26610] RIP: 0033:0x7fefdee35a15 [ 2694.132403][T26610] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2694.152021][T26610] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2694.158101][T26610] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2694.166080][T26610] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2694.174069][T26610] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2694.182046][T26610] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 00000000002917d5 [ 2694.190024][T26610] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2694.198022][T26610] [ 2694.211779][T26610] memory: usage 307200kB, limit 307200kB, failcnt 55040 [ 2694.218872][T26610] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2694.232881][T26583] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2694.243505][T26610] Memory cgroup stats for /syz2: [ 2694.243736][T26610] anon 98304 [ 2694.243736][T26610] file 364544 [ 2694.243736][T26610] kernel 314109952 [ 2694.243736][T26610] kernel_stack 65536 [ 2694.243736][T26610] pagetables 73728 [ 2694.243736][T26610] percpu 5619264 [ 2694.243736][T26610] sock 0 [ 2694.243736][T26610] vmalloc 0 [ 2694.243736][T26610] shmem 364544 [ 2694.243736][T26610] zswap 0 [ 2694.243736][T26610] zswapped 0 [ 2694.243736][T26610] file_mapped 364544 [ 2694.243736][T26610] file_dirty 0 [ 2694.243736][T26610] file_writeback 0 [ 2694.243736][T26610] swapcached 0 [ 2694.243736][T26610] anon_thp 0 [ 2694.243736][T26610] file_thp 0 [ 2694.243736][T26610] shmem_thp 0 [ 2694.243736][T26610] inactive_anon 102400 [ 2694.243736][T26610] active_anon 360448 [ 2694.243736][T26610] inactive_file 0 [ 2694.243736][T26610] active_file 0 [ 2694.243736][T26610] unevictable 0 [ 2694.243736][T26610] slab_reclaimable 127032 [ 2694.243736][T26610] slab_unreclaimable 308189472 [ 2694.243736][T26610] slab 308316504 [ 2694.347361][T26610] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26610,uid=0 [ 2694.364170][T26610] Memory cgroup out of memory: Killed process 26610 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2694.415372][T26608] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2694.425799][T26608] CPU: 1 PID: 26608 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2694.435897][T26608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2694.445968][T26608] Call Trace: [ 2694.449255][T26608] [ 2694.452192][T26608] dump_stack_lvl+0xcd/0x134 [ 2694.456807][T26608] dump_header+0x10b/0x7f9 [ 2694.461241][T26608] oom_kill_process.cold+0x10/0x15 [ 2694.466374][T26608] out_of_memory+0x358/0x14a0 [ 2694.471079][T26608] ? find_held_lock+0x2d/0x110 [ 2694.475865][T26608] ? oom_killer_disable+0x270/0x270 [ 2694.481086][T26608] ? find_held_lock+0x2d/0x110 [ 2694.485877][T26608] mem_cgroup_out_of_memory+0x206/0x270 [ 2694.491446][T26608] ? mem_cgroup_margin+0x130/0x130 [ 2694.496570][T26608] ? lock_downgrade+0x6e0/0x6e0 [ 2694.501451][T26608] try_charge_memcg+0xf67/0x13f0 [ 2694.506414][T26608] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2694.512436][T26608] ? lock_downgrade+0x6e0/0x6e0 [ 2694.517316][T26608] charge_memcg+0x31/0x320 [ 2694.521755][T26608] __mem_cgroup_charge+0x27/0x90 [ 2694.526802][T26608] ? _compound_head+0x5d/0x150 [ 2694.531594][T26608] wp_page_copy+0x27c/0x1b10 [ 2694.536216][T26608] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2694.541689][T26608] ? lock_downgrade+0x6e0/0x6e0 [ 2694.546552][T26608] ? vm_normal_page+0x146/0x2a0 [ 2694.551433][T26608] do_wp_page+0x1d1/0x1910 [ 2694.555871][T26608] __handle_mm_fault+0x1813/0x39b0 [ 2694.561008][T26608] ? vm_iomap_memory+0x190/0x190 [ 2694.565983][T26608] handle_mm_fault+0x1c8/0x780 [ 2694.570768][T26608] do_user_addr_fault+0x475/0x1210 [ 2694.575912][T26608] exc_page_fault+0x94/0x170 [ 2694.580527][T26608] asm_exc_page_fault+0x22/0x30 [ 2694.585399][T26608] RIP: 0033:0x7fa378a38970 [ 2694.589913][T26608] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 2694.609547][T26608] RSP: 002b:00007fff30649520 EFLAGS: 00010246 [ 2694.615644][T26608] RAX: 00000000410b914c RBX: 00007fa378bac018 RCX: 0000001b30a20000 [ 2694.623635][T26608] RDX: 0000000000000000 RSI: 0000001b30a20018 RDI: 0000000000000022 [ 2694.631617][T26608] RBP: 00000000410b914c R08: 000000000000114c R09: 00000000410b9150 [ 2694.639684][T26608] R10: 00007fff306496f0 R11: 0000000000000246 R12: 00007fa378ba0000 [ 2694.647666][T26608] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff81a2d826 [ 2694.655647][T26608] ? trace_user_exit.constprop.0+0x6/0x210 [ 2694.661956][T26608] [ 2694.671905][T26608] memory: usage 307200kB, limit 307200kB, failcnt 56253 [ 2694.679323][T26608] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2694.686724][T26608] Memory cgroup stats for /syz4: [ 2694.686941][T26608] anon 98304 [ 2694.686941][T26608] file 372736 [ 2694.686941][T26608] kernel 314101760 [ 2694.686941][T26608] kernel_stack 65536 [ 2694.686941][T26608] pagetables 69632 [ 2694.686941][T26608] percpu 5624000 [ 2694.686941][T26608] sock 0 [ 2694.686941][T26608] vmalloc 0 [ 2694.686941][T26608] shmem 372736 [ 2694.686941][T26608] zswap 0 [ 2694.686941][T26608] zswapped 0 [ 2694.686941][T26608] file_mapped 372736 [ 2694.686941][T26608] file_dirty 0 [ 2694.686941][T26608] file_writeback 0 [ 2694.686941][T26608] swapcached 0 [ 2694.686941][T26608] anon_thp 0 [ 2694.686941][T26608] file_thp 0 [ 2694.686941][T26608] shmem_thp 0 [ 2694.686941][T26608] inactive_anon 147456 [ 2694.686941][T26608] active_anon 323584 [ 2694.686941][T26608] inactive_file 0 [ 2694.686941][T26608] active_file 0 [ 2694.686941][T26608] unevictable 0 [ 2694.686941][T26608] slab_reclaimable 19816 11:16:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8}]}}]}, 0x40}, 0x7}, 0x0) 11:16:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x1000000000000) 11:16:49 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e5}]}}]}, 0x40}, 0x7}, 0x0) 11:16:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71e}]}}]}, 0x40}, 0x7}, 0x0) 11:16:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x228}]}}]}, 0x40}, 0x7}, 0x0) [ 2694.686941][T26608] slab_unreclaimable 308289968 [ 2694.686941][T26608] slab 308309784 [ 2694.800643][T26618] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2694.836290][T26608] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26608,uid=0 [ 2694.852655][T26608] Memory cgroup out of memory: Killed process 26608 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 2694.892458][T26622] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2694.907214][T26622] CPU: 0 PID: 26622 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2694.917342][T26622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2694.927434][T26622] Call Trace: [ 2694.930740][T26622] [ 2694.933696][T26622] dump_stack_lvl+0xcd/0x134 [ 2694.938349][T26622] dump_header+0x10b/0x7f9 [ 2694.942805][T26622] oom_kill_process.cold+0x10/0x15 [ 2694.947947][T26622] out_of_memory+0x358/0x14a0 [ 2694.952659][T26622] ? oom_killer_disable+0x270/0x270 [ 2694.957888][T26622] ? io_schedule_timeout+0x140/0x140 [ 2694.963214][T26622] mem_cgroup_out_of_memory+0x206/0x270 [ 2694.968782][T26622] ? mem_cgroup_margin+0x130/0x130 [ 2694.973913][T26622] ? preempt_schedule_thunk+0x16/0x18 [ 2694.979322][T26622] ? preempt_schedule_thunk+0x16/0x18 [ 2694.984732][T26622] try_charge_memcg+0xf67/0x13f0 [ 2694.989700][T26622] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2694.995707][T26622] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2695.001447][T26622] ? lock_downgrade+0x6e0/0x6e0 [ 2695.006320][T26622] ? lock_downgrade+0x6e0/0x6e0 [ 2695.011287][T26622] obj_cgroup_charge+0x2ab/0x5e0 [ 2695.016255][T26622] kmem_cache_alloc_lru+0x13e/0x720 [ 2695.021472][T26622] ? sock_alloc_inode+0x23/0x1d0 [ 2695.026432][T26622] sock_alloc_inode+0x23/0x1d0 [ 2695.031251][T26622] ? sock_free_inode+0x20/0x20 [ 2695.036044][T26622] alloc_inode+0x61/0x230 [ 2695.040415][T26622] new_inode_pseudo+0x13/0x80 [ 2695.045118][T26622] sock_alloc+0x3c/0x260 [ 2695.049403][T26622] __sock_create+0xb9/0x790 [ 2695.053931][T26622] ? lock_downgrade+0x6e0/0x6e0 [ 2695.058841][T26622] __sys_socket+0x12f/0x240 [ 2695.063395][T26622] ? __sys_socket_file+0x1f0/0x1f0 [ 2695.068540][T26622] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2695.074467][T26622] __x64_sys_socket+0x6f/0xb0 [ 2695.079168][T26622] do_syscall_64+0x35/0xb0 [ 2695.083622][T26622] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2695.089639][T26622] RIP: 0033:0x7fefdee8b5a9 [ 2695.094067][T26622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2695.113694][T26622] RSP: 002b:00007fefe005a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 2695.122128][T26622] RAX: ffffffffffffffda RBX: 00007fefdefabf80 RCX: 00007fefdee8b5a9 [ 2695.130112][T26622] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 11:16:49 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x712}]}}]}, 0x40}, 0x7}, 0x0) [ 2695.138110][T26622] RBP: 00007fefdeee6580 R08: 0000000000000000 R09: 0000000000000000 [ 2695.146112][T26622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2695.154105][T26622] R13: 00007ffd4124e5bf R14: 00007fefe005a300 R15: 0000000000022000 [ 2695.162113][T26622] 11:16:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x4000000000000) [ 2695.199241][T26622] memory: usage 307200kB, limit 307200kB, failcnt 55119 [ 2695.205303][T26621] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2695.206407][T26622] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2695.222556][T26622] Memory cgroup stats for /syz2: [ 2695.222860][T26622] anon 98304 [ 2695.222860][T26622] file 364544 [ 2695.222860][T26622] kernel 314109952 [ 2695.222860][T26622] kernel_stack 65536 [ 2695.222860][T26622] pagetables 73728 [ 2695.222860][T26622] percpu 5619264 [ 2695.222860][T26622] sock 0 [ 2695.222860][T26622] vmalloc 0 [ 2695.222860][T26622] shmem 364544 [ 2695.222860][T26622] zswap 0 [ 2695.222860][T26622] zswapped 0 [ 2695.222860][T26622] file_mapped 364544 [ 2695.222860][T26622] file_dirty 0 [ 2695.222860][T26622] file_writeback 0 [ 2695.222860][T26622] swapcached 0 [ 2695.222860][T26622] anon_thp 0 [ 2695.222860][T26622] file_thp 0 [ 2695.222860][T26622] shmem_thp 0 [ 2695.222860][T26622] inactive_anon 102400 [ 2695.222860][T26622] active_anon 360448 [ 2695.222860][T26622] inactive_file 0 [ 2695.222860][T26622] active_file 0 [ 2695.222860][T26622] unevictable 0 [ 2695.222860][T26622] slab_reclaimable 125104 [ 2695.222860][T26622] slab_unreclaimable 308189768 [ 2695.222860][T26622] slab 308314872 11:16:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e6}]}}]}, 0x40}, 0x7}, 0x0) 11:16:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x40030000000000) [ 2695.364592][T26622] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26615,uid=0 [ 2695.412127][T26635] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2695.438274][T26622] Memory cgroup out of memory: Killed process 26615 (syz-executor.2) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2695.476718][T26620] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2695.498301][T26622] socket: no more sockets [ 2695.506976][T26620] CPU: 0 PID: 26620 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2695.517109][T26620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2695.527180][T26620] Call Trace: [ 2695.530471][T26620] [ 2695.533416][T26620] dump_stack_lvl+0xcd/0x134 [ 2695.538029][T26620] dump_header+0x10b/0x7f9 [ 2695.542465][T26620] oom_kill_process.cold+0x10/0x15 [ 2695.547596][T26620] out_of_memory+0x358/0x14a0 [ 2695.552301][T26620] ? oom_killer_disable+0x270/0x270 [ 2695.557524][T26620] ? find_held_lock+0x2d/0x110 [ 2695.562313][T26620] mem_cgroup_out_of_memory+0x206/0x270 [ 2695.567878][T26620] ? mem_cgroup_margin+0x130/0x130 [ 2695.572999][T26620] ? lock_downgrade+0x6e0/0x6e0 [ 2695.577877][T26620] try_charge_memcg+0xf67/0x13f0 [ 2695.582845][T26620] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2695.588846][T26620] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2695.594579][T26620] ? lock_downgrade+0x6e0/0x6e0 [ 2695.599442][T26620] ? lock_downgrade+0x6e0/0x6e0 [ 2695.604317][T26620] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2695.609893][T26620] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2695.616070][T26620] copy_process+0x73e/0x7090 [ 2695.620700][T26620] ? find_held_lock+0x2d/0x110 [ 2695.625525][T26620] ? __cleanup_sighand+0xb0/0xb0 [ 2695.630509][T26620] kernel_clone+0xe7/0xab0 [ 2695.634953][T26620] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2695.640962][T26620] ? create_io_thread+0xe0/0xe0 [ 2695.645854][T26620] ? find_held_lock+0x2d/0x110 [ 2695.650645][T26620] ? __ct_user_exit+0xff/0x150 [ 2695.655432][T26620] __do_sys_clone+0xba/0x100 [ 2695.660038][T26620] ? kernel_clone+0xab0/0xab0 [ 2695.664745][T26620] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2695.670736][T26620] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2695.676655][T26620] do_syscall_64+0x35/0xb0 [ 2695.681094][T26620] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2695.687009][T26620] RIP: 0033:0x7f89d288c9d1 [ 2695.691432][T26620] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2695.711052][T26620] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2695.719478][T26620] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 11:16:50 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71f}]}}]}, 0x40}, 0x7}, 0x0) [ 2695.727461][T26620] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2695.735440][T26620] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2695.743419][T26620] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2695.751401][T26620] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2695.759405][T26620] 11:16:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf0ffffffffffff) [ 2695.790651][T26620] memory: usage 307200kB, limit 307200kB, failcnt 55364 [ 2695.811467][T26620] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2695.820987][T26620] Memory cgroup stats for /syz3: [ 2695.821222][T26620] anon 147456 [ 2695.821222][T26620] file 385024 [ 2695.821222][T26620] kernel 314040320 [ 2695.821222][T26620] kernel_stack 98304 [ 2695.821222][T26620] pagetables 81920 [ 2695.821222][T26620] percpu 5618080 [ 2695.821222][T26620] sock 0 [ 2695.821222][T26620] vmalloc 0 [ 2695.821222][T26620] shmem 385024 [ 2695.821222][T26620] zswap 0 [ 2695.821222][T26620] zswapped 0 [ 2695.821222][T26620] file_mapped 311296 [ 2695.821222][T26620] file_dirty 0 [ 2695.821222][T26620] file_writeback 0 [ 2695.821222][T26620] swapcached 0 [ 2695.821222][T26620] anon_thp 0 [ 2695.821222][T26620] file_thp 0 [ 2695.821222][T26620] shmem_thp 0 [ 2695.821222][T26620] inactive_anon 200704 11:16:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e7}]}}]}, 0x40}, 0x7}, 0x0) [ 2695.821222][T26620] active_anon 331776 [ 2695.821222][T26620] inactive_file 0 [ 2695.821222][T26620] active_file 0 [ 2695.821222][T26620] unevictable 0 [ 2695.821222][T26620] slab_reclaimable 22760 [ 2695.821222][T26620] slab_unreclaimable 308171256 [ 2695.821222][T26620] slab 308194016 [ 2695.927459][T26620] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26620,uid=0 [ 2695.944747][T26644] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2695.963293][T26620] Memory cgroup out of memory: Killed process 26620 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2695.991863][T26628] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2696.002666][T26628] CPU: 0 PID: 26628 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2696.012779][T26628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2696.022882][T26628] Call Trace: [ 2696.026199][T26628] [ 2696.029166][T26628] dump_stack_lvl+0xcd/0x134 [ 2696.033787][T26628] dump_header+0x10b/0x7f9 [ 2696.038206][T26628] oom_kill_process.cold+0x10/0x15 [ 2696.043321][T26628] out_of_memory+0x358/0x14a0 [ 2696.048003][T26628] ? oom_killer_disable+0x270/0x270 [ 2696.053205][T26628] ? find_held_lock+0x2d/0x110 [ 2696.057986][T26628] mem_cgroup_out_of_memory+0x206/0x270 [ 2696.063542][T26628] ? mem_cgroup_margin+0x130/0x130 [ 2696.068669][T26628] ? lock_downgrade+0x6e0/0x6e0 [ 2696.073547][T26628] try_charge_memcg+0xf67/0x13f0 [ 2696.078514][T26628] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2696.084522][T26628] ? lock_downgrade+0x6e0/0x6e0 [ 2696.089402][T26628] charge_memcg+0x31/0x320 [ 2696.093839][T26628] __mem_cgroup_charge+0x27/0x90 [ 2696.098810][T26628] ? _compound_head+0x5d/0x150 [ 2696.103603][T26628] wp_page_copy+0x27c/0x1b10 [ 2696.108219][T26628] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2696.113689][T26628] ? lock_downgrade+0x6e0/0x6e0 [ 2696.118554][T26628] ? vm_normal_page+0x146/0x2a0 [ 2696.123432][T26628] do_wp_page+0x52c/0x1910 [ 2696.127877][T26628] __handle_mm_fault+0x1813/0x39b0 [ 2696.133019][T26628] ? vm_iomap_memory+0x190/0x190 [ 2696.137999][T26628] handle_mm_fault+0x1c8/0x780 [ 2696.142790][T26628] do_user_addr_fault+0x475/0x1210 [ 2696.147937][T26628] exc_page_fault+0x94/0x170 [ 2696.152547][T26628] asm_exc_page_fault+0x22/0x30 [ 2696.157419][T26628] RIP: 0033:0x7fa378a362de [ 2696.161845][T26628] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2696.181552][T26628] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2696.187646][T26628] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2696.195626][T26628] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2696.203608][T26628] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2696.211762][T26628] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2696.219768][T26628] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2696.227780][T26628] [ 2696.237168][T26628] memory: usage 307200kB, limit 307200kB, failcnt 56314 [ 2696.252012][T26628] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2696.259883][T26628] Memory cgroup stats for /syz4: [ 2696.260120][T26628] anon 90112 [ 2696.260120][T26628] file 372736 [ 2696.260120][T26628] kernel 314109952 [ 2696.260120][T26628] kernel_stack 65536 [ 2696.260120][T26628] pagetables 65536 [ 2696.260120][T26628] percpu 5624000 [ 2696.260120][T26628] sock 0 [ 2696.260120][T26628] vmalloc 0 [ 2696.260120][T26628] shmem 372736 [ 2696.260120][T26628] zswap 0 [ 2696.260120][T26628] zswapped 0 [ 2696.260120][T26628] file_mapped 372736 [ 2696.260120][T26628] file_dirty 0 [ 2696.260120][T26628] file_writeback 0 [ 2696.260120][T26628] swapcached 0 [ 2696.260120][T26628] anon_thp 0 [ 2696.260120][T26628] file_thp 0 [ 2696.260120][T26628] shmem_thp 0 [ 2696.260120][T26628] inactive_anon 139264 [ 2696.260120][T26628] active_anon 323584 [ 2696.260120][T26628] inactive_file 0 [ 2696.260120][T26628] active_file 0 [ 2696.260120][T26628] unevictable 0 [ 2696.260120][T26628] slab_reclaimable 17888 [ 2696.260120][T26628] slab_unreclaimable 308300720 [ 2696.260120][T26628] slab 308318608 [ 2696.355041][T26628] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26628,uid=0 [ 2696.370749][T26628] Memory cgroup out of memory: Killed process 26628 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2696.389134][T26627] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2696.410949][T26627] CPU: 1 PID: 26627 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2696.421091][T26627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2696.431169][T26627] Call Trace: [ 2696.434464][T26627] [ 2696.437478][T26627] dump_stack_lvl+0xcd/0x134 [ 2696.442073][T26627] dump_header+0x10b/0x7f9 [ 2696.446503][T26627] oom_kill_process.cold+0x10/0x15 [ 2696.451697][T26627] out_of_memory+0x358/0x14a0 [ 2696.456394][T26627] ? oom_killer_disable+0x270/0x270 [ 2696.461601][T26627] ? find_held_lock+0x2d/0x110 [ 2696.466389][T26627] mem_cgroup_out_of_memory+0x206/0x270 [ 2696.471982][T26627] ? mem_cgroup_margin+0x130/0x130 [ 2696.477128][T26627] ? lock_downgrade+0x6e0/0x6e0 [ 2696.482036][T26627] try_charge_memcg+0xf67/0x13f0 [ 2696.487028][T26627] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2696.493025][T26627] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2696.498779][T26627] ? lock_downgrade+0x6e0/0x6e0 [ 2696.503645][T26627] ? lock_downgrade+0x6e0/0x6e0 [ 2696.508515][T26627] obj_cgroup_charge+0x2ab/0x5e0 [ 2696.513483][T26627] kmem_cache_alloc_lru+0x13e/0x720 [ 2696.518723][T26627] ? sock_alloc_inode+0x23/0x1d0 [ 2696.523722][T26627] sock_alloc_inode+0x23/0x1d0 [ 2696.528515][T26627] ? sock_free_inode+0x20/0x20 [ 2696.533280][T26627] alloc_inode+0x61/0x230 [ 2696.537623][T26627] new_inode_pseudo+0x13/0x80 [ 2696.542308][T26627] sock_alloc+0x3c/0x260 [ 2696.546558][T26627] __sock_create+0xb9/0x790 [ 2696.551060][T26627] ? lock_downgrade+0x6e0/0x6e0 [ 2696.555912][T26627] __sys_socket+0x12f/0x240 [ 2696.560410][T26627] ? __sys_socket_file+0x1f0/0x1f0 [ 2696.565539][T26627] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2696.571480][T26627] __x64_sys_socket+0x6f/0xb0 [ 2696.576185][T26627] do_syscall_64+0x35/0xb0 [ 2696.580635][T26627] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2696.586545][T26627] RIP: 0033:0x7f542068b5a9 [ 2696.590972][T26627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2696.610586][T26627] RSP: 002b:00007f542180e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 2696.619047][T26627] RAX: ffffffffffffffda RBX: 00007f54207abf80 RCX: 00007f542068b5a9 [ 2696.627058][T26627] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 2696.635028][T26627] RBP: 00007f54206e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2696.643009][T26627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2696.650985][T26627] R13: 00007ffc9945b02f R14: 00007f542180e300 R15: 0000000000022000 [ 2696.658973][T26627] [ 2696.662678][T26627] memory: usage 307200kB, limit 307200kB, failcnt 40527 [ 2696.680814][T26627] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2696.687965][T26627] Memory cgroup stats for /syz5: [ 2696.688233][T26627] anon 147456 [ 2696.688233][T26627] file 364544 [ 2696.688233][T26627] kernel 314060800 [ 2696.688233][T26627] kernel_stack 98304 [ 2696.688233][T26627] pagetables 81920 [ 2696.688233][T26627] percpu 5618080 [ 2696.688233][T26627] sock 0 [ 2696.688233][T26627] vmalloc 0 [ 2696.688233][T26627] shmem 356352 [ 2696.688233][T26627] zswap 0 [ 2696.688233][T26627] zswapped 0 [ 2696.688233][T26627] file_mapped 356352 [ 2696.688233][T26627] file_dirty 0 [ 2696.688233][T26627] file_writeback 0 [ 2696.688233][T26627] swapcached 0 [ 2696.688233][T26627] anon_thp 0 [ 2696.688233][T26627] file_thp 0 [ 2696.688233][T26627] shmem_thp 0 [ 2696.688233][T26627] inactive_anon 151552 [ 2696.688233][T26627] active_anon 352256 [ 2696.688233][T26627] inactive_file 4096 [ 2696.688233][T26627] active_file 4096 [ 2696.688233][T26627] unevictable 0 [ 2696.688233][T26627] slab_reclaimable 19032 [ 2696.688233][T26627] slab_unreclaimable 308201360 [ 2696.688233][T26627] slab 308220392 11:16:51 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x0, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8}]}}]}, 0x40}, 0x7}, 0x0) 11:16:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x100000000000000) 11:16:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x229}]}}]}, 0x40}, 0x7}, 0x0) 11:16:51 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e8}]}}]}, 0x40}, 0x7}, 0x0) 11:16:51 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x713}]}}]}, 0x40}, 0x7}, 0x0) [ 2696.782446][T26627] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26623,uid=0 [ 2696.798170][T26627] Memory cgroup out of memory: Killed process 26623 (syz-executor.5) total-vm:54860kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2696.835887][T26641] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2696.858360][T26653] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2696.906168][T26641] CPU: 1 PID: 26641 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2696.916331][T26641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2696.926418][T26641] Call Trace: [ 2696.929723][T26641] [ 2696.932680][T26641] dump_stack_lvl+0xcd/0x134 [ 2696.937313][T26641] dump_header+0x10b/0x7f9 [ 2696.941774][T26641] oom_kill_process.cold+0x10/0x15 [ 2696.946927][T26641] out_of_memory+0x358/0x14a0 [ 2696.951653][T26641] ? find_held_lock+0x2d/0x110 [ 2696.956466][T26641] ? oom_killer_disable+0x270/0x270 [ 2696.961698][T26641] ? find_held_lock+0x2d/0x110 [ 2696.966507][T26641] mem_cgroup_out_of_memory+0x206/0x270 [ 2696.972081][T26641] ? mem_cgroup_margin+0x130/0x130 [ 2696.977228][T26641] ? lock_downgrade+0x6e0/0x6e0 [ 2696.982139][T26641] try_charge_memcg+0xf67/0x13f0 [ 2696.987131][T26641] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2696.993173][T26641] ? lock_downgrade+0x6e0/0x6e0 [ 2696.998091][T26641] charge_memcg+0x31/0x320 [ 2697.002562][T26641] __mem_cgroup_charge+0x27/0x90 [ 2697.007539][T26641] ? _compound_head+0x5d/0x150 [ 2697.012358][T26641] wp_page_copy+0x27c/0x1b10 [ 2697.017001][T26641] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2697.022674][T26641] ? lock_downgrade+0x6e0/0x6e0 [ 2697.027561][T26641] ? vm_normal_page+0x146/0x2a0 [ 2697.032466][T26641] do_wp_page+0x52c/0x1910 [ 2697.036923][T26641] __handle_mm_fault+0x1813/0x39b0 [ 2697.042082][T26641] ? vm_iomap_memory+0x190/0x190 [ 2697.047088][T26641] handle_mm_fault+0x1c8/0x780 [ 2697.051884][T26641] do_user_addr_fault+0x475/0x1210 [ 2697.057028][T26641] exc_page_fault+0x94/0x170 [ 2697.061659][T26641] asm_exc_page_fault+0x22/0x30 [ 2697.066544][T26641] RIP: 0033:0x7fefdee35a15 [ 2697.070970][T26641] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2697.090605][T26641] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2697.096686][T26641] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2697.104681][T26641] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2697.112658][T26641] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2697.120651][T26641] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 0000000000292654 [ 2697.128633][T26641] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2697.136621][T26641] [ 2697.146689][T26641] memory: usage 307200kB, limit 307200kB, failcnt 55221 11:16:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x200000000000000) [ 2697.161709][T26641] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2697.175415][T26641] Memory cgroup stats for /syz2: [ 2697.175594][T26641] anon 98304 [ 2697.175594][T26641] file 364544 [ 2697.175594][T26641] kernel 314109952 [ 2697.175594][T26641] kernel_stack 65536 [ 2697.175594][T26641] pagetables 73728 [ 2697.175594][T26641] percpu 5619264 [ 2697.175594][T26641] sock 0 [ 2697.175594][T26641] vmalloc 0 [ 2697.175594][T26641] shmem 364544 [ 2697.175594][T26641] zswap 0 [ 2697.175594][T26641] zswapped 0 [ 2697.175594][T26641] file_mapped 364544 [ 2697.175594][T26641] file_dirty 0 [ 2697.175594][T26641] file_writeback 0 [ 2697.175594][T26641] swapcached 0 [ 2697.175594][T26641] anon_thp 0 [ 2697.175594][T26641] file_thp 0 [ 2697.175594][T26641] shmem_thp 0 [ 2697.175594][T26641] inactive_anon 102400 [ 2697.175594][T26641] active_anon 360448 [ 2697.175594][T26641] inactive_file 0 [ 2697.175594][T26641] active_file 0 [ 2697.175594][T26641] unevictable 0 [ 2697.175594][T26641] slab_reclaimable 127032 [ 2697.175594][T26641] slab_unreclaimable 308189472 [ 2697.175594][T26641] slab 308316504 [ 2697.177439][T26650] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:16:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x300000000000000) [ 2697.204039][T26641] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26641,uid=0 [ 2697.322735][T26641] Memory cgroup out of memory: Killed process 26641 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x720}]}}]}, 0x40}, 0x7}, 0x0) 11:16:52 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7e9}]}}]}, 0x40}, 0x7}, 0x0) [ 2697.363061][T26649] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2697.376663][T26657] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2697.393163][T26649] CPU: 1 PID: 26649 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2697.403298][T26649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2697.413389][T26649] Call Trace: [ 2697.416694][T26649] [ 2697.419652][T26649] dump_stack_lvl+0xcd/0x134 [ 2697.424287][T26649] dump_header+0x10b/0x7f9 [ 2697.428745][T26649] oom_kill_process.cold+0x10/0x15 [ 2697.433904][T26649] out_of_memory+0x358/0x14a0 [ 2697.438631][T26649] ? oom_killer_disable+0x270/0x270 [ 2697.443898][T26649] ? find_held_lock+0x2d/0x110 [ 2697.448716][T26649] mem_cgroup_out_of_memory+0x206/0x270 [ 2697.454297][T26649] ? mem_cgroup_margin+0x130/0x130 [ 2697.459427][T26649] ? lock_downgrade+0x6e0/0x6e0 [ 2697.464303][T26649] try_charge_memcg+0xf67/0x13f0 [ 2697.469266][T26649] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2697.475264][T26649] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2697.481012][T26649] ? lock_downgrade+0x6e0/0x6e0 [ 2697.485877][T26649] ? lock_downgrade+0x6e0/0x6e0 [ 2697.490752][T26649] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2697.496322][T26649] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2697.502498][T26649] copy_process+0x73e/0x7090 [ 2697.507116][T26649] ? find_held_lock+0x2d/0x110 [ 2697.511918][T26649] ? __cleanup_sighand+0xb0/0xb0 [ 2697.516893][T26649] kernel_clone+0xe7/0xab0 [ 2697.521328][T26649] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2697.527325][T26649] ? create_io_thread+0xe0/0xe0 [ 2697.532197][T26649] ? find_held_lock+0x2d/0x110 [ 2697.536989][T26649] ? __ct_user_exit+0xff/0x150 [ 2697.541793][T26649] __do_sys_clone+0xba/0x100 [ 2697.546401][T26649] ? kernel_clone+0xab0/0xab0 [ 2697.551109][T26649] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2697.557022][T26649] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2697.562945][T26649] do_syscall_64+0x35/0xb0 [ 2697.567389][T26649] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2697.573302][T26649] RIP: 0033:0x7f89d288c9d1 [ 2697.577761][T26649] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2697.597381][T26649] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2697.605828][T26649] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2697.613819][T26649] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2697.621816][T26649] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2697.629799][T26649] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2697.637780][T26649] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2697.645779][T26649] 11:16:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x400000000000000) [ 2697.671648][T26668] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2697.681368][T26649] memory: usage 307200kB, limit 307200kB, failcnt 55441 [ 2697.681396][T26649] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2697.681414][T26649] Memory cgroup stats for /syz3: [ 2697.681575][T26649] anon 147456 [ 2697.681575][T26649] file 385024 [ 2697.681575][T26649] kernel 314040320 [ 2697.681575][T26649] kernel_stack 98304 [ 2697.681575][T26649] pagetables 81920 [ 2697.681575][T26649] percpu 5618080 [ 2697.681575][T26649] sock 0 [ 2697.681575][T26649] vmalloc 0 [ 2697.681575][T26649] shmem 385024 [ 2697.681575][T26649] zswap 0 [ 2697.681575][T26649] zswapped 0 [ 2697.681575][T26649] file_mapped 311296 [ 2697.681575][T26649] file_dirty 0 [ 2697.681575][T26649] file_writeback 0 [ 2697.681575][T26649] swapcached 0 [ 2697.681575][T26649] anon_thp 0 [ 2697.681575][T26649] file_thp 0 [ 2697.681575][T26649] shmem_thp 0 [ 2697.681575][T26649] inactive_anon 200704 [ 2697.681575][T26649] active_anon 331776 [ 2697.681575][T26649] inactive_file 0 [ 2697.681575][T26649] active_file 0 [ 2697.681575][T26649] unevictable 0 [ 2697.681575][T26649] slab_reclaimable 22760 [ 2697.681575][T26649] slab_unreclaimable 308156616 [ 2697.681575][T26649] slab 308179376 [ 2697.794398][T26649] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26649,uid=0 11:16:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x22a}]}}]}, 0x40}, 0x7}, 0x0) [ 2697.810151][T26649] Memory cgroup out of memory: Killed process 26649 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2697.828037][T26654] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2697.852545][T26654] CPU: 0 PID: 26654 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2697.862683][T26654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2697.872770][T26654] Call Trace: [ 2697.876072][T26654] [ 2697.879022][T26654] dump_stack_lvl+0xcd/0x134 [ 2697.883655][T26654] dump_header+0x10b/0x7f9 [ 2697.888111][T26654] oom_kill_process.cold+0x10/0x15 [ 2697.893257][T26654] out_of_memory+0x358/0x14a0 [ 2697.898054][T26654] ? oom_killer_disable+0x270/0x270 [ 2697.903269][T26654] ? find_held_lock+0x2d/0x110 [ 2697.908069][T26654] mem_cgroup_out_of_memory+0x206/0x270 [ 2697.913632][T26654] ? mem_cgroup_margin+0x130/0x130 [ 2697.918761][T26654] ? lock_downgrade+0x6e0/0x6e0 [ 2697.923637][T26654] try_charge_memcg+0xf67/0x13f0 [ 2697.928634][T26654] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2697.934615][T26654] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2697.940335][T26654] ? lock_downgrade+0x6e0/0x6e0 [ 2697.945200][T26654] ? lock_downgrade+0x6e0/0x6e0 [ 2697.950064][T26654] ? rcu_read_unlock+0x9/0x60 [ 2697.954780][T26654] obj_cgroup_charge+0x2ab/0x5e0 [ 2697.959730][T26654] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2697.966236][T26654] ? copy_semundo+0x187/0x2f0 [ 2697.970911][T26654] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2697.976201][T26654] copy_semundo+0x187/0x2f0 [ 2697.980761][T26654] copy_process+0x23fa/0x7090 [ 2697.985451][T26654] ? __cleanup_sighand+0xb0/0xb0 [ 2697.990399][T26654] kernel_clone+0xe7/0xab0 [ 2697.994818][T26654] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2698.000795][T26654] ? create_io_thread+0xe0/0xe0 [ 2698.005674][T26654] ? find_held_lock+0x2d/0x110 [ 2698.010480][T26654] ? __ct_user_exit+0xff/0x150 [ 2698.015268][T26654] __do_sys_clone+0xba/0x100 [ 2698.019881][T26654] ? kernel_clone+0xab0/0xab0 [ 2698.024562][T26654] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2698.030460][T26654] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2698.036400][T26654] do_syscall_64+0x35/0xb0 [ 2698.040845][T26654] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2698.046741][T26654] RIP: 0033:0x7fa378a8c9d1 [ 2698.051160][T26654] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2698.070787][T26654] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2698.079200][T26654] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2698.087180][T26654] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2698.095174][T26654] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2698.103157][T26654] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2698.111122][T26654] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2698.119107][T26654] 11:16:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x500000000000000) 11:16:52 executing program 5: socket$inet(0x2, 0xe0740514b9fd1122, 0x0) [ 2698.142378][T26654] memory: usage 307200kB, limit 307200kB, failcnt 56394 [ 2698.164107][T26654] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2698.174935][T26654] Memory cgroup stats for /syz4: [ 2698.175283][T26654] anon 90112 [ 2698.175283][T26654] file 372736 [ 2698.175283][T26654] kernel 314109952 [ 2698.175283][T26654] kernel_stack 65536 [ 2698.175283][T26654] pagetables 65536 [ 2698.175283][T26654] percpu 5624000 [ 2698.175283][T26654] sock 0 [ 2698.175283][T26654] vmalloc 0 [ 2698.175283][T26654] shmem 372736 [ 2698.175283][T26654] zswap 0 [ 2698.175283][T26654] zswapped 0 [ 2698.175283][T26654] file_mapped 372736 [ 2698.175283][T26654] file_dirty 0 [ 2698.175283][T26654] file_writeback 0 [ 2698.175283][T26654] swapcached 0 [ 2698.175283][T26654] anon_thp 0 [ 2698.175283][T26654] file_thp 0 [ 2698.175283][T26654] shmem_thp 0 [ 2698.175283][T26654] inactive_anon 139264 11:16:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7ea}]}}]}, 0x40}, 0x7}, 0x0) [ 2698.175283][T26654] active_anon 323584 [ 2698.175283][T26654] inactive_file 0 [ 2698.175283][T26654] active_file 0 [ 2698.175283][T26654] unevictable 0 [ 2698.175283][T26654] slab_reclaimable 17888 [ 2698.175283][T26654] slab_unreclaimable 308300256 [ 2698.175283][T26654] slab 308318144 11:16:53 executing program 5: r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="08010000100001"], 0x108}}, 0x0) 11:16:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x600000000000000) [ 2698.290403][T26680] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2698.300066][T26654] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26654,uid=0 [ 2698.359663][T26654] Memory cgroup out of memory: Killed process 26654 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2698.385004][T26686] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. 11:16:53 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x714}]}}]}, 0x40}, 0x7}, 0x0) [ 2698.426498][T26666] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2698.456346][T26666] CPU: 0 PID: 26666 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2698.466542][T26666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2698.476630][T26666] Call Trace: [ 2698.479953][T26666] [ 2698.482909][T26666] dump_stack_lvl+0xcd/0x134 [ 2698.487552][T26666] dump_header+0x10b/0x7f9 [ 2698.492013][T26666] oom_kill_process.cold+0x10/0x15 [ 2698.499079][T26666] out_of_memory+0x358/0x14a0 [ 2698.503806][T26666] ? find_held_lock+0x2d/0x110 [ 2698.508623][T26666] ? oom_killer_disable+0x270/0x270 [ 2698.513875][T26666] ? find_held_lock+0x2d/0x110 [ 2698.518701][T26666] mem_cgroup_out_of_memory+0x206/0x270 [ 2698.524288][T26666] ? mem_cgroup_margin+0x130/0x130 [ 2698.529444][T26666] ? lock_downgrade+0x6e0/0x6e0 [ 2698.534354][T26666] try_charge_memcg+0xf67/0x13f0 [ 2698.539348][T26666] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2698.545379][T26666] ? lock_downgrade+0x6e0/0x6e0 [ 2698.550283][T26666] charge_memcg+0x31/0x320 [ 2698.554747][T26666] __mem_cgroup_charge+0x27/0x90 [ 2698.559725][T26666] ? _compound_head+0x5d/0x150 [ 2698.564538][T26666] wp_page_copy+0x27c/0x1b10 [ 2698.569259][T26666] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2698.574752][T26666] ? lock_downgrade+0x6e0/0x6e0 [ 2698.579633][T26666] ? vm_normal_page+0x146/0x2a0 [ 2698.584532][T26666] do_wp_page+0x52c/0x1910 [ 2698.588988][T26666] __handle_mm_fault+0x1813/0x39b0 [ 2698.594144][T26666] ? vm_iomap_memory+0x190/0x190 [ 2698.599144][T26666] handle_mm_fault+0x1c8/0x780 [ 2698.603951][T26666] do_user_addr_fault+0x475/0x1210 [ 2698.609114][T26666] exc_page_fault+0x94/0x170 [ 2698.613744][T26666] asm_exc_page_fault+0x22/0x30 [ 2698.618638][T26666] RIP: 0033:0x7fefdee35a15 [ 2698.623082][T26666] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2698.642727][T26666] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2698.648838][T26666] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2698.656843][T26666] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2698.664856][T26666] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 11:16:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x700000000000000) [ 2698.672870][T26666] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 0000000000292c81 [ 2698.680879][T26666] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2698.688954][T26666] 11:16:53 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f000001a400)=@base={0x1, 0xcb5b, 0x1, 0x4}, 0x48) bpf$BPF_GET_MAP_INFO(0x4, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10) [ 2698.776085][T26666] memory: usage 307200kB, limit 307200kB, failcnt 55307 [ 2698.783617][T26666] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2698.793586][T26666] Memory cgroup stats for /syz2: [ 2698.794300][T26666] anon 98304 [ 2698.794300][T26666] file 364544 [ 2698.794300][T26666] kernel 314109952 [ 2698.794300][T26666] kernel_stack 65536 [ 2698.794300][T26666] pagetables 73728 [ 2698.794300][T26666] percpu 5619264 [ 2698.794300][T26666] sock 0 [ 2698.794300][T26666] vmalloc 0 [ 2698.794300][T26666] shmem 364544 [ 2698.794300][T26666] zswap 0 [ 2698.794300][T26666] zswapped 0 [ 2698.794300][T26666] file_mapped 364544 [ 2698.794300][T26666] file_dirty 0 [ 2698.794300][T26666] file_writeback 0 [ 2698.794300][T26666] swapcached 0 [ 2698.794300][T26666] anon_thp 0 [ 2698.794300][T26666] file_thp 0 [ 2698.794300][T26666] shmem_thp 0 [ 2698.794300][T26666] inactive_anon 102400 [ 2698.794300][T26666] active_anon 360448 [ 2698.794300][T26666] inactive_file 0 [ 2698.794300][T26666] active_file 0 [ 2698.794300][T26666] unevictable 0 [ 2698.794300][T26666] slab_reclaimable 127032 [ 2698.794300][T26666] slab_unreclaimable 308189472 [ 2698.794300][T26666] slab 308316504 [ 2698.891450][T26666] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26666,uid=0 [ 2698.909271][T26666] Memory cgroup out of memory: Killed process 26666 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2698.927903][T26674] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2698.944050][T26674] CPU: 1 PID: 26674 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2698.954174][T26674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2698.964339][T26674] Call Trace: [ 2698.967626][T26674] [ 2698.970565][T26674] dump_stack_lvl+0xcd/0x134 [ 2698.975175][T26674] dump_header+0x10b/0x7f9 [ 2698.979609][T26674] oom_kill_process.cold+0x10/0x15 [ 2698.984738][T26674] out_of_memory+0x358/0x14a0 [ 2698.989442][T26674] ? oom_killer_disable+0x270/0x270 [ 2698.994686][T26674] ? find_held_lock+0x2d/0x110 [ 2698.999477][T26674] mem_cgroup_out_of_memory+0x206/0x270 [ 2699.005043][T26674] ? mem_cgroup_margin+0x130/0x130 [ 2699.010175][T26674] ? lock_downgrade+0x6e0/0x6e0 [ 2699.015074][T26674] try_charge_memcg+0xf67/0x13f0 [ 2699.020057][T26674] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2699.026065][T26674] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2699.031804][T26674] ? lock_downgrade+0x6e0/0x6e0 [ 2699.036672][T26674] ? lock_downgrade+0x6e0/0x6e0 [ 2699.041546][T26674] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2699.047115][T26674] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2699.053290][T26674] copy_process+0x73e/0x7090 [ 2699.057902][T26674] ? find_held_lock+0x2d/0x110 [ 2699.062728][T26674] ? __cleanup_sighand+0xb0/0xb0 [ 2699.067698][T26674] kernel_clone+0xe7/0xab0 [ 2699.072129][T26674] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2699.078125][T26674] ? create_io_thread+0xe0/0xe0 [ 2699.083008][T26674] ? find_held_lock+0x2d/0x110 [ 2699.087798][T26674] ? __ct_user_exit+0xff/0x150 [ 2699.092583][T26674] __do_sys_clone+0xba/0x100 [ 2699.097190][T26674] ? kernel_clone+0xab0/0xab0 [ 2699.101899][T26674] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2699.107811][T26674] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2699.113726][T26674] do_syscall_64+0x35/0xb0 [ 2699.118169][T26674] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2699.124083][T26674] RIP: 0033:0x7f89d288c9d1 [ 2699.128510][T26674] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2699.148222][T26674] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2699.156646][T26674] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2699.164637][T26674] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2699.172616][T26674] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2699.180595][T26674] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2699.188573][T26674] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2699.196569][T26674] [ 2699.213280][T26674] memory: usage 307200kB, limit 307200kB, failcnt 55531 [ 2699.220597][T26674] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2699.239172][T26674] Memory cgroup stats for /syz3: [ 2699.239360][T26674] anon 147456 [ 2699.239360][T26674] file 385024 [ 2699.239360][T26674] kernel 314040320 [ 2699.239360][T26674] kernel_stack 98304 [ 2699.239360][T26674] pagetables 81920 [ 2699.239360][T26674] percpu 5618080 [ 2699.239360][T26674] sock 0 [ 2699.239360][T26674] vmalloc 0 [ 2699.239360][T26674] shmem 385024 [ 2699.239360][T26674] zswap 0 [ 2699.239360][T26674] zswapped 0 [ 2699.239360][T26674] file_mapped 311296 [ 2699.239360][T26674] file_dirty 0 [ 2699.239360][T26674] file_writeback 0 [ 2699.239360][T26674] swapcached 0 [ 2699.239360][T26674] anon_thp 0 [ 2699.239360][T26674] file_thp 0 [ 2699.239360][T26674] shmem_thp 0 [ 2699.239360][T26674] inactive_anon 200704 [ 2699.239360][T26674] active_anon 331776 [ 2699.239360][T26674] inactive_file 0 [ 2699.239360][T26674] active_file 0 [ 2699.239360][T26674] unevictable 0 [ 2699.239360][T26674] slab_reclaimable 22760 [ 2699.239360][T26674] slab_unreclaimable 308179192 [ 2699.239360][T26674] slab 308201952 11:16:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x721}]}}]}, 0x40}, 0x7}, 0x0) 11:16:54 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20024ffc, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) recvmsg(r0, &(0x7f0000001500)={0x0, 0x1300, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0xb2c86da597010000, 0x2700}, 0x3) [ 2699.345209][T26674] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26674,uid=0 [ 2699.372274][T26674] Memory cgroup out of memory: Killed process 26674 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2699.431769][T26691] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2699.448258][T26691] CPU: 0 PID: 26691 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2699.458412][T26691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2699.468518][T26691] Call Trace: [ 2699.471838][T26691] [ 2699.474807][T26691] dump_stack_lvl+0xcd/0x134 11:16:54 executing program 5: r0 = socket(0x15, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8946, &(0x7f0000000000)={'vxcan0\x00'}) [ 2699.479450][T26691] dump_header+0x10b/0x7f9 [ 2699.483913][T26691] oom_kill_process.cold+0x10/0x15 [ 2699.489073][T26691] out_of_memory+0x358/0x14a0 [ 2699.493804][T26691] ? oom_killer_disable+0x270/0x270 [ 2699.499059][T26691] ? find_held_lock+0x2d/0x110 [ 2699.503888][T26691] mem_cgroup_out_of_memory+0x206/0x270 [ 2699.509468][T26691] ? mem_cgroup_margin+0x130/0x130 [ 2699.514623][T26691] ? lock_downgrade+0x6e0/0x6e0 [ 2699.519526][T26691] try_charge_memcg+0xf67/0x13f0 [ 2699.524540][T26691] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2699.530569][T26691] ? lock_downgrade+0x6e0/0x6e0 [ 2699.535468][T26691] charge_memcg+0x31/0x320 [ 2699.539926][T26691] __mem_cgroup_charge+0x27/0x90 [ 2699.544901][T26691] ? _compound_head+0x5d/0x150 [ 2699.549709][T26691] wp_page_copy+0x27c/0x1b10 [ 2699.554349][T26691] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2699.559927][T26691] ? lock_downgrade+0x6e0/0x6e0 [ 2699.564805][T26691] ? vm_normal_page+0x146/0x2a0 [ 2699.569705][T26691] do_wp_page+0x52c/0x1910 [ 2699.574161][T26691] __handle_mm_fault+0x1813/0x39b0 [ 2699.579329][T26691] ? vm_iomap_memory+0x190/0x190 [ 2699.584339][T26691] handle_mm_fault+0x1c8/0x780 [ 2699.589142][T26691] do_user_addr_fault+0x475/0x1210 [ 2699.594317][T26691] exc_page_fault+0x94/0x170 [ 2699.598997][T26691] asm_exc_page_fault+0x22/0x30 [ 2699.603941][T26691] RIP: 0033:0x7fa378a362de [ 2699.608387][T26691] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2699.628079][T26691] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2699.634156][T26691] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2699.642145][T26691] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2699.650145][T26691] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2699.658136][T26691] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2699.666143][T26691] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2699.674168][T26691] 11:16:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x22b}]}}]}, 0x40}, 0x7}, 0x0) 11:16:54 executing program 5: r0 = socket(0x1e, 0x5, 0x0) sendmmsg$sock(r0, &(0x7f0000001ec0)=[{{&(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}}], 0x1, 0x101d0) 11:16:54 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7eb}]}}]}, 0x40}, 0x7}, 0x0) [ 2699.678460][T26691] memory: usage 307200kB, limit 307200kB, failcnt 56483 [ 2699.692403][T26691] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2699.704809][T26691] Memory cgroup stats for /syz4: [ 2699.705051][T26691] anon 90112 [ 2699.705051][T26691] file 372736 [ 2699.705051][T26691] kernel 314109952 [ 2699.705051][T26691] kernel_stack 65536 [ 2699.705051][T26691] pagetables 65536 [ 2699.705051][T26691] percpu 5624000 [ 2699.705051][T26691] sock 0 [ 2699.705051][T26691] vmalloc 0 [ 2699.705051][T26691] shmem 372736 [ 2699.705051][T26691] zswap 0 [ 2699.705051][T26691] zswapped 0 [ 2699.705051][T26691] file_mapped 372736 [ 2699.705051][T26691] file_dirty 0 [ 2699.705051][T26691] file_writeback 0 [ 2699.705051][T26691] swapcached 0 [ 2699.705051][T26691] anon_thp 0 [ 2699.705051][T26691] file_thp 0 [ 2699.705051][T26691] shmem_thp 0 [ 2699.705051][T26691] inactive_anon 139264 [ 2699.705051][T26691] active_anon 323584 [ 2699.705051][T26691] inactive_file 0 [ 2699.705051][T26691] active_file 0 11:16:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x800000000000000) [ 2699.705051][T26691] unevictable 0 [ 2699.705051][T26691] slab_reclaimable 17888 [ 2699.705051][T26691] slab_unreclaimable 308300720 [ 2699.705051][T26691] slab 308318608 [ 2699.816212][T26709] __nla_validate_parse: 1 callbacks suppressed [ 2699.816235][T26709] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2699.826866][T26691] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26691,uid=0 11:16:54 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f000001a400)=@base={0x1, 0xcb5b, 0x1, 0x4}, 0x48) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10) 11:16:54 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x715}]}}]}, 0x40}, 0x7}, 0x0) [ 2699.879953][T26691] Memory cgroup out of memory: Killed process 26691 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2699.898790][T26700] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2699.927241][T26700] CPU: 1 PID: 26700 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2699.937378][T26700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2699.947472][T26700] Call Trace: [ 2699.951559][T26700] [ 2699.954518][T26700] dump_stack_lvl+0xcd/0x134 [ 2699.959156][T26700] dump_header+0x10b/0x7f9 [ 2699.963620][T26700] oom_kill_process.cold+0x10/0x15 [ 2699.968778][T26700] out_of_memory+0x358/0x14a0 [ 2699.973512][T26700] ? oom_killer_disable+0x270/0x270 [ 2699.978764][T26700] ? find_held_lock+0x2d/0x110 [ 2699.983586][T26700] mem_cgroup_out_of_memory+0x206/0x270 [ 2699.989171][T26700] ? mem_cgroup_margin+0x130/0x130 [ 2699.994303][T26700] ? lock_downgrade+0x6e0/0x6e0 [ 2699.999189][T26700] try_charge_memcg+0xef5/0x13f0 [ 2700.004179][T26700] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2700.010206][T26700] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2700.015966][T26700] ? lock_downgrade+0x6e0/0x6e0 [ 2700.020869][T26700] obj_cgroup_charge+0x2ab/0x5e0 [ 2700.025853][T26700] ? vm_area_dup+0x88/0x3f0 [ 2700.030399][T26700] kmem_cache_alloc+0x96/0x3b0 [ 2700.035213][T26700] vm_area_dup+0x88/0x3f0 [ 2700.039564][T26700] ? mark_lock.part.0+0xee/0x1910 [ 2700.044735][T26700] ? lock_chain_count+0x20/0x20 [ 2700.049598][T26700] ? __vma_adjust+0x109c/0x24a0 [ 2700.054497][T26700] ? __vma_link_rb+0x710/0x710 [ 2700.059287][T26700] ? __lock_acquire+0x166e/0x56d0 [ 2700.064325][T26700] ? vm_area_alloc+0x110/0x110 [ 2700.069108][T26700] ? perf_event_namespaces+0x50/0x50 [ 2700.074418][T26700] ? vma_merge+0x47a/0xeb0 [ 2700.078853][T26700] ? ima_file_mprotect+0x175/0x470 [ 2700.083990][T26700] ? ima_file_mmap+0x130/0x130 [ 2700.088778][T26700] ? vma_wants_writenotify+0x1f8/0x370 [ 2700.094264][T26700] ? __ia32_sys_mmap_pgoff+0x1b0/0x1b0 [ 2700.099743][T26700] ? vma_merge+0x47a/0xeb0 [ 2700.104186][T26700] ? __vma_adjust+0x24a0/0x24a0 [ 2700.109059][T26700] __split_vma+0xa5/0x550 [ 2700.113426][T26700] split_vma+0x95/0xd0 [ 2700.117519][T26700] mprotect_fixup+0x6d9/0x970 [ 2700.122231][T26700] ? change_protection+0x4280/0x4280 [ 2700.127538][T26700] ? vmacache_find+0x62/0x330 [ 2700.132242][T26700] do_mprotect_pkey+0x6c5/0x9e0 [ 2700.137119][T26700] ? __ct_user_exit+0xff/0x150 [ 2700.141990][T26700] ? mprotect_fixup+0x970/0x970 [ 2700.146887][T26700] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2700.152811][T26700] __x64_sys_mprotect+0x74/0xb0 [ 2700.157695][T26700] do_syscall_64+0x35/0xb0 [ 2700.162137][T26700] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2700.168053][T26700] RIP: 0033:0x7fefdee8b6b7 [ 2700.172481][T26700] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2700.192103][T26700] RSP: 002b:00007ffd4124e558 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 2700.200530][T26700] RAX: ffffffffffffffda RBX: 0000000000021000 RCX: 00007fefdee8b6b7 [ 2700.208514][T26700] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007fefe001a000 [ 2700.216494][T26700] RBP: 00007ffd4124e630 R08: 00000000ffffffff R09: 00007fefe0039700 [ 2700.224476][T26700] R10: 0000000000020022 R11: 0000000000000206 R12: 00007ffd4124e750 [ 2700.232459][T26700] R13: 00007fefe0039700 R14: 0000000000000000 R15: 0000000000022000 [ 2700.240466][T26700] [ 2700.256809][T26700] memory: usage 307200kB, limit 307200kB, failcnt 55409 [ 2700.260260][T26711] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:16:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x900000000000000) [ 2700.282685][T26700] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2700.301599][T26700] Memory cgroup stats for /syz2: [ 2700.301833][T26700] anon 98304 [ 2700.301833][T26700] file 364544 [ 2700.301833][T26700] kernel 314109952 [ 2700.301833][T26700] kernel_stack 65536 [ 2700.301833][T26700] pagetables 73728 [ 2700.301833][T26700] percpu 5619264 [ 2700.301833][T26700] sock 0 [ 2700.301833][T26700] vmalloc 0 [ 2700.301833][T26700] shmem 364544 [ 2700.301833][T26700] zswap 0 [ 2700.301833][T26700] zswapped 0 [ 2700.301833][T26700] file_mapped 364544 [ 2700.301833][T26700] file_dirty 0 [ 2700.301833][T26700] file_writeback 0 [ 2700.301833][T26700] swapcached 0 [ 2700.301833][T26700] anon_thp 0 [ 2700.301833][T26700] file_thp 0 [ 2700.301833][T26700] shmem_thp 0 [ 2700.301833][T26700] inactive_anon 102400 [ 2700.301833][T26700] active_anon 360448 [ 2700.301833][T26700] inactive_file 0 [ 2700.301833][T26700] active_file 0 [ 2700.301833][T26700] unevictable 0 11:16:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xa00000000000000) 11:16:55 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7ec}]}}]}, 0x40}, 0x7}, 0x0) [ 2700.301833][T26700] slab_reclaimable 127032 [ 2700.301833][T26700] slab_unreclaimable 308189472 [ 2700.301833][T26700] slab 308316504 [ 2700.417837][T26700] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26700,uid=0 [ 2700.434509][T26700] Memory cgroup out of memory: Killed process 26700 (syz-executor.2) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2700.453908][T26710] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2700.492270][T26710] CPU: 1 PID: 26710 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2700.502420][T26710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2700.509411][T26726] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2700.512483][T26710] Call Trace: [ 2700.512497][T26710] [ 2700.512507][T26710] dump_stack_lvl+0xcd/0x134 [ 2700.512544][T26710] dump_header+0x10b/0x7f9 [ 2700.512576][T26710] oom_kill_process.cold+0x10/0x15 [ 2700.542218][T26710] out_of_memory+0x358/0x14a0 [ 2700.546956][T26710] ? oom_killer_disable+0x270/0x270 [ 2700.552204][T26710] ? find_held_lock+0x2d/0x110 [ 2700.557026][T26710] mem_cgroup_out_of_memory+0x206/0x270 [ 2700.562618][T26710] ? mem_cgroup_margin+0x130/0x130 [ 2700.567759][T26710] ? lock_downgrade+0x6e0/0x6e0 [ 2700.572663][T26710] try_charge_memcg+0xf67/0x13f0 [ 2700.577644][T26710] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2700.583675][T26710] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2700.589432][T26710] ? lock_downgrade+0x6e0/0x6e0 [ 2700.594318][T26710] ? lock_downgrade+0x6e0/0x6e0 [ 2700.599224][T26710] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2700.604823][T26710] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2700.611034][T26710] copy_process+0x15f3/0x7090 [ 2700.615766][T26710] ? __lock_acquire+0xbc3/0x56d0 [ 2700.620759][T26710] ? __cleanup_sighand+0xb0/0xb0 [ 2700.626550][T26710] kernel_clone+0xe7/0xab0 [ 2700.631008][T26710] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2700.637029][T26710] ? create_io_thread+0xe0/0xe0 11:16:55 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x722}]}}]}, 0x40}, 0x7}, 0x0) [ 2700.642012][T26710] ? find_held_lock+0x2d/0x110 [ 2700.646927][T26710] ? __ct_user_exit+0xff/0x150 [ 2700.651746][T26710] __do_sys_clone+0xba/0x100 [ 2700.656463][T26710] ? kernel_clone+0xab0/0xab0 [ 2700.661193][T26710] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2700.667129][T26710] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2700.673078][T26710] do_syscall_64+0x35/0xb0 [ 2700.677546][T26710] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2700.683493][T26710] RIP: 0033:0x7f89d288c9d1 [ 2700.687942][T26710] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2700.707587][T26710] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2700.716126][T26710] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2700.724134][T26710] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2700.732139][T26710] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2700.740143][T26710] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2700.748147][T26710] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2700.756171][T26710] [ 2700.761240][T26710] memory: usage 307200kB, limit 307200kB, failcnt 55652 [ 2700.769508][T26710] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2700.783254][T26710] Memory cgroup stats for /syz3: [ 2700.783492][T26710] anon 147456 [ 2700.783492][T26710] file 385024 [ 2700.783492][T26710] kernel 314040320 [ 2700.783492][T26710] kernel_stack 98304 [ 2700.783492][T26710] pagetables 81920 [ 2700.783492][T26710] percpu 5618080 [ 2700.783492][T26710] sock 0 [ 2700.783492][T26710] vmalloc 0 [ 2700.783492][T26710] shmem 385024 [ 2700.783492][T26710] zswap 0 [ 2700.783492][T26710] zswapped 0 [ 2700.783492][T26710] file_mapped 311296 [ 2700.783492][T26710] file_dirty 0 [ 2700.783492][T26710] file_writeback 0 [ 2700.783492][T26710] swapcached 0 [ 2700.783492][T26710] anon_thp 0 [ 2700.783492][T26710] file_thp 0 11:16:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xb00000000000000) [ 2700.783492][T26710] shmem_thp 0 [ 2700.783492][T26710] inactive_anon 200704 [ 2700.783492][T26710] active_anon 331776 [ 2700.783492][T26710] inactive_file 0 [ 2700.783492][T26710] active_file 0 [ 2700.783492][T26710] unevictable 0 [ 2700.783492][T26710] slab_reclaimable 22760 [ 2700.783492][T26710] slab_unreclaimable 308156616 [ 2700.783492][T26710] slab 308179376 11:16:55 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7ed}]}}]}, 0x40}, 0x7}, 0x0) [ 2700.904977][T26710] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26710,uid=0 [ 2700.931336][T26710] Memory cgroup out of memory: Killed process 26710 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 11:16:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x22c}]}}]}, 0x40}, 0x7}, 0x0) 11:16:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xc00000000000000) 11:16:55 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f000001a400)=@base={0x1, 0xcb5b, 0x1, 0x4}, 0x48) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10) [ 2700.998180][T26734] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2701.013081][T26722] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2701.067405][T26722] CPU: 1 PID: 26722 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2701.077549][T26722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2701.087641][T26722] Call Trace: [ 2701.090951][T26722] [ 2701.093913][T26722] dump_stack_lvl+0xcd/0x134 [ 2701.098548][T26722] dump_header+0x10b/0x7f9 [ 2701.103126][T26722] oom_kill_process.cold+0x10/0x15 [ 2701.108289][T26722] out_of_memory+0x358/0x14a0 [ 2701.113032][T26722] ? find_held_lock+0x2d/0x110 [ 2701.117847][T26722] ? oom_killer_disable+0x270/0x270 [ 2701.123362][T26722] ? find_held_lock+0x2d/0x110 [ 2701.128186][T26722] mem_cgroup_out_of_memory+0x206/0x270 [ 2701.133781][T26722] ? mem_cgroup_margin+0x130/0x130 [ 2701.138927][T26722] ? lock_downgrade+0x6e0/0x6e0 [ 2701.143822][T26722] try_charge_memcg+0xf67/0x13f0 [ 2701.148811][T26722] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2701.154835][T26722] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2701.160596][T26722] ? lock_downgrade+0x6e0/0x6e0 [ 2701.165488][T26722] ? lock_downgrade+0x6e0/0x6e0 [ 2701.170381][T26722] ? rcu_read_unlock+0x9/0x60 [ 2701.175121][T26722] obj_cgroup_charge+0x2ab/0x5e0 [ 2701.180118][T26722] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2701.185528][T26722] ? copy_semundo+0x187/0x2f0 [ 2701.190240][T26722] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2701.195576][T26722] copy_semundo+0x187/0x2f0 [ 2701.200129][T26722] copy_process+0x23fa/0x7090 [ 2701.204846][T26722] ? put_page+0xd9/0x280 [ 2701.209125][T26722] ? wp_page_copy+0x2ce/0x1b10 [ 2701.213966][T26722] ? __cleanup_sighand+0xb0/0xb0 [ 2701.219007][T26722] kernel_clone+0xe7/0xab0 [ 2701.223439][T26722] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2701.229457][T26722] ? create_io_thread+0xe0/0xe0 [ 2701.234365][T26722] ? find_held_lock+0x2d/0x110 [ 2701.239183][T26722] ? __ct_user_exit+0xff/0x150 [ 2701.243992][T26722] __do_sys_clone+0xba/0x100 [ 2701.248624][T26722] ? kernel_clone+0xab0/0xab0 [ 2701.253357][T26722] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2701.259291][T26722] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2701.265246][T26722] do_syscall_64+0x35/0xb0 [ 2701.269710][T26722] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2701.275650][T26722] RIP: 0033:0x7fa378a8c9d1 [ 2701.280093][T26722] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2701.299741][T26722] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2701.308298][T26722] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2701.316292][T26722] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2701.324301][T26722] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2701.332498][T26722] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2701.340497][T26722] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2701.348589][T26722] [ 2701.357976][T26722] memory: usage 307200kB, limit 307200kB, failcnt 56558 [ 2701.367384][T26722] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2701.375023][T26722] Memory cgroup stats for /syz4: [ 2701.375201][T26722] anon 90112 [ 2701.375201][T26722] file 372736 [ 2701.375201][T26722] kernel 314109952 [ 2701.375201][T26722] kernel_stack 65536 [ 2701.375201][T26722] pagetables 65536 [ 2701.375201][T26722] percpu 5624000 [ 2701.375201][T26722] sock 0 [ 2701.375201][T26722] vmalloc 0 [ 2701.375201][T26722] shmem 372736 [ 2701.375201][T26722] zswap 0 [ 2701.375201][T26722] zswapped 0 [ 2701.375201][T26722] file_mapped 372736 [ 2701.375201][T26722] file_dirty 0 [ 2701.375201][T26722] file_writeback 0 [ 2701.375201][T26722] swapcached 0 [ 2701.375201][T26722] anon_thp 0 [ 2701.375201][T26722] file_thp 0 [ 2701.375201][T26722] shmem_thp 0 [ 2701.375201][T26722] inactive_anon 139264 [ 2701.375201][T26722] active_anon 323584 [ 2701.375201][T26722] inactive_file 0 [ 2701.375201][T26722] active_file 0 [ 2701.375201][T26722] unevictable 0 [ 2701.375201][T26722] slab_reclaimable 17888 [ 2701.375201][T26722] slab_unreclaimable 308300256 [ 2701.375201][T26722] slab 308318144 11:16:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe00000000000000) 11:16:56 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7ee}]}}]}, 0x40}, 0x7}, 0x0) [ 2701.477585][T26722] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26722,uid=0 [ 2701.494265][T26722] Memory cgroup out of memory: Killed process 26722 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2701.513761][T26736] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2701.533347][T26736] CPU: 1 PID: 26736 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2701.543490][T26736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2701.553639][T26736] Call Trace: [ 2701.556939][T26736] [ 2701.559890][T26736] dump_stack_lvl+0xcd/0x134 [ 2701.564542][T26736] dump_header+0x10b/0x7f9 [ 2701.569008][T26736] oom_kill_process.cold+0x10/0x15 [ 2701.574170][T26736] out_of_memory+0x358/0x14a0 [ 2701.578905][T26736] ? oom_killer_disable+0x270/0x270 [ 2701.584139][T26736] ? find_held_lock+0x2d/0x110 [ 2701.588931][T26736] mem_cgroup_out_of_memory+0x206/0x270 [ 2701.594525][T26736] ? mem_cgroup_margin+0x130/0x130 [ 2701.599668][T26736] ? lock_downgrade+0x6e0/0x6e0 [ 2701.604574][T26736] try_charge_memcg+0xf67/0x13f0 [ 2701.608209][T26749] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2701.609552][T26736] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2701.609597][T26736] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2701.609630][T26736] ? lock_downgrade+0x6e0/0x6e0 [ 2701.635497][T26736] ? lock_downgrade+0x6e0/0x6e0 [ 2701.640444][T26736] obj_cgroup_charge+0x2ab/0x5e0 [ 2701.645442][T26736] kmem_cache_alloc_lru+0x13e/0x720 [ 2701.650686][T26736] ? sock_alloc_inode+0x23/0x1d0 [ 2701.655676][T26736] sock_alloc_inode+0x23/0x1d0 [ 2701.660474][T26736] ? sock_free_inode+0x20/0x20 [ 2701.665258][T26736] alloc_inode+0x61/0x230 [ 2701.669617][T26736] new_inode_pseudo+0x13/0x80 [ 2701.674330][T26736] sock_alloc+0x3c/0x260 [ 2701.678621][T26736] __sock_create+0xb9/0x790 [ 2701.683166][T26736] ? lock_downgrade+0x6e0/0x6e0 [ 2701.688051][T26736] __sys_socket+0x12f/0x240 [ 2701.692590][T26736] ? __sys_socket_file+0x1f0/0x1f0 [ 2701.697750][T26736] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2701.703697][T26736] __x64_sys_socket+0x6f/0xb0 [ 2701.708422][T26736] do_syscall_64+0x35/0xb0 [ 2701.713150][T26736] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2701.719093][T26736] RIP: 0033:0x7fefdee8b5a9 [ 2701.723579][T26736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2701.743232][T26736] RSP: 002b:00007fefe005a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 2701.751687][T26736] RAX: ffffffffffffffda RBX: 00007fefdefabf80 RCX: 00007fefdee8b5a9 [ 2701.759705][T26736] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 2701.767721][T26736] RBP: 00007fefdeee6580 R08: 0000000000000000 R09: 0000000000000000 [ 2701.775730][T26736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 11:16:56 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x716}]}}]}, 0x40}, 0x7}, 0x0) 11:16:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf00000000000000) 11:16:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x1000000000000000) [ 2701.783828][T26736] R13: 00007ffd4124e5bf R14: 00007fefe005a300 R15: 0000000000022000 [ 2701.791838][T26736] 11:16:56 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7ef}]}}]}, 0x40}, 0x7}, 0x0) [ 2701.889627][T26736] memory: usage 307200kB, limit 307200kB, failcnt 55498 [ 2701.897035][T26736] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2701.908524][T26736] Memory cgroup stats for /syz2: [ 2701.908827][T26736] anon 98304 [ 2701.908827][T26736] file 364544 [ 2701.908827][T26736] kernel 314109952 [ 2701.908827][T26736] kernel_stack 65536 [ 2701.908827][T26736] pagetables 73728 [ 2701.908827][T26736] percpu 5619264 [ 2701.908827][T26736] sock 0 [ 2701.908827][T26736] vmalloc 0 [ 2701.908827][T26736] shmem 364544 [ 2701.908827][T26736] zswap 0 [ 2701.908827][T26736] zswapped 0 [ 2701.908827][T26736] file_mapped 364544 [ 2701.908827][T26736] file_dirty 0 [ 2701.908827][T26736] file_writeback 0 [ 2701.908827][T26736] swapcached 0 [ 2701.908827][T26736] anon_thp 0 [ 2701.908827][T26736] file_thp 0 [ 2701.908827][T26736] shmem_thp 0 [ 2701.908827][T26736] inactive_anon 102400 [ 2701.908827][T26736] active_anon 360448 [ 2701.908827][T26736] inactive_file 0 [ 2701.908827][T26736] active_file 0 [ 2701.908827][T26736] unevictable 0 [ 2701.908827][T26736] slab_reclaimable 125104 [ 2701.908827][T26736] slab_unreclaimable 308188824 [ 2701.908827][T26736] slab 308313928 [ 2702.005845][T26760] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2702.011040][T26736] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26730,uid=0 11:16:56 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x723}]}}]}, 0x40}, 0x7}, 0x0) 11:16:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x1100000000000000) [ 2702.043937][T26736] Memory cgroup out of memory: Killed process 26730 (syz-executor.2) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2702.115233][T26756] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2702.137559][T26756] CPU: 1 PID: 26756 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2702.147788][T26756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2702.157972][T26756] Call Trace: [ 2702.161290][T26756] 11:16:56 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000140), 0x10, 0x0) shutdown(r1, 0x0) [ 2702.164353][T26756] dump_stack_lvl+0xcd/0x134 [ 2702.168988][T26756] dump_header+0x10b/0x7f9 [ 2702.173541][T26756] oom_kill_process.cold+0x10/0x15 [ 2702.178700][T26756] out_of_memory+0x358/0x14a0 [ 2702.183436][T26756] ? find_held_lock+0x2d/0x110 [ 2702.188360][T26756] ? oom_killer_disable+0x270/0x270 [ 2702.193623][T26756] ? find_held_lock+0x2d/0x110 [ 2702.198462][T26756] mem_cgroup_out_of_memory+0x206/0x270 [ 2702.204068][T26756] ? mem_cgroup_margin+0x130/0x130 [ 2702.209264][T26756] ? lock_downgrade+0x6e0/0x6e0 [ 2702.214190][T26756] try_charge_memcg+0xf67/0x13f0 [ 2702.219186][T26756] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2702.225216][T26756] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2702.230980][T26756] ? lock_downgrade+0x6e0/0x6e0 [ 2702.235875][T26756] ? lock_downgrade+0x6e0/0x6e0 [ 2702.240862][T26756] ? rcu_read_unlock+0x9/0x60 [ 2702.245601][T26756] obj_cgroup_charge+0x2ab/0x5e0 [ 2702.250593][T26756] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2702.255915][T26756] ? copy_semundo+0x187/0x2f0 [ 2702.260618][T26756] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2702.265953][T26756] copy_semundo+0x187/0x2f0 [ 2702.270481][T26756] copy_process+0x23fa/0x7090 [ 2702.275200][T26756] ? __cleanup_sighand+0xb0/0xb0 [ 2702.280264][T26756] kernel_clone+0xe7/0xab0 [ 2702.284695][T26756] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2702.290691][T26756] ? create_io_thread+0xe0/0xe0 [ 2702.295566][T26756] ? find_held_lock+0x2d/0x110 [ 2702.300360][T26756] ? __ct_user_exit+0xff/0x150 [ 2702.305147][T26756] __do_sys_clone+0xba/0x100 [ 2702.309797][T26756] ? kernel_clone+0xab0/0xab0 [ 2702.314505][T26756] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2702.320422][T26756] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2702.326338][T26756] do_syscall_64+0x35/0xb0 [ 2702.330778][T26756] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2702.336693][T26756] RIP: 0033:0x7fa378a8c9d1 [ 2702.341127][T26756] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2702.360747][T26756] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2702.369171][T26756] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2702.377148][T26756] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2702.385135][T26756] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2702.393112][T26756] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2702.401093][T26756] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2702.409099][T26756] [ 2702.425832][T26763] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2702.435690][T26756] memory: usage 307200kB, limit 307200kB, failcnt 56653 [ 2702.443196][T26756] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2702.450458][T26756] Memory cgroup stats for /syz4: [ 2702.450689][T26756] anon 90112 [ 2702.450689][T26756] file 372736 [ 2702.450689][T26756] kernel 314109952 [ 2702.450689][T26756] kernel_stack 65536 [ 2702.450689][T26756] pagetables 65536 [ 2702.450689][T26756] percpu 5624000 [ 2702.450689][T26756] sock 0 [ 2702.450689][T26756] vmalloc 0 [ 2702.450689][T26756] shmem 372736 [ 2702.450689][T26756] zswap 0 [ 2702.450689][T26756] zswapped 0 [ 2702.450689][T26756] file_mapped 372736 [ 2702.450689][T26756] file_dirty 0 [ 2702.450689][T26756] file_writeback 0 [ 2702.450689][T26756] swapcached 0 [ 2702.450689][T26756] anon_thp 0 [ 2702.450689][T26756] file_thp 0 [ 2702.450689][T26756] shmem_thp 0 [ 2702.450689][T26756] inactive_anon 139264 [ 2702.450689][T26756] active_anon 323584 [ 2702.450689][T26756] inactive_file 0 [ 2702.450689][T26756] active_file 0 [ 2702.450689][T26756] unevictable 0 [ 2702.450689][T26756] slab_reclaimable 17888 [ 2702.450689][T26756] slab_unreclaimable 308300256 [ 2702.450689][T26756] slab 308318144 [ 2702.558416][T26756] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26756,uid=0 [ 2702.574316][T26756] Memory cgroup out of memory: Killed process 26756 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2702.601050][T26741] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2702.642945][T26741] CPU: 1 PID: 26741 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2702.653088][T26741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2702.663183][T26741] Call Trace: [ 2702.666483][T26741] [ 2702.669424][T26741] dump_stack_lvl+0xcd/0x134 [ 2702.674039][T26741] dump_header+0x10b/0x7f9 [ 2702.678477][T26741] oom_kill_process.cold+0x10/0x15 [ 2702.683608][T26741] out_of_memory+0x358/0x14a0 [ 2702.688316][T26741] ? oom_killer_disable+0x270/0x270 [ 2702.693544][T26741] ? find_held_lock+0x2d/0x110 [ 2702.698339][T26741] mem_cgroup_out_of_memory+0x206/0x270 [ 2702.703906][T26741] ? mem_cgroup_margin+0x130/0x130 [ 2702.709040][T26741] ? lock_downgrade+0x6e0/0x6e0 [ 2702.713916][T26741] try_charge_memcg+0xf67/0x13f0 [ 2702.718887][T26741] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2702.724892][T26741] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2702.730631][T26741] ? lock_downgrade+0x6e0/0x6e0 [ 2702.735497][T26741] ? lock_downgrade+0x6e0/0x6e0 [ 2702.740370][T26741] ? rcu_read_unlock+0x9/0x60 [ 2702.745082][T26741] obj_cgroup_charge+0x2ab/0x5e0 [ 2702.750043][T26741] ? copy_process+0x5c2/0x7090 [ 2702.754834][T26741] kmem_cache_alloc_node+0x92/0x3f0 [ 2702.760049][T26741] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2702.765276][T26741] copy_process+0x5c2/0x7090 [ 2702.769889][T26741] ? __lock_acquire+0xbc3/0x56d0 [ 2702.774869][T26741] ? __cleanup_sighand+0xb0/0xb0 [ 2702.779860][T26741] kernel_clone+0xe7/0xab0 [ 2702.784303][T26741] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2702.790309][T26741] ? create_io_thread+0xe0/0xe0 [ 2702.795274][T26741] ? find_held_lock+0x2d/0x110 [ 2702.800067][T26741] ? __ct_user_exit+0xff/0x150 [ 2702.804942][T26741] __do_sys_clone+0xba/0x100 [ 2702.809659][T26741] ? kernel_clone+0xab0/0xab0 [ 2702.814738][T26741] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2702.820665][T26741] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2702.826588][T26741] do_syscall_64+0x35/0xb0 [ 2702.831035][T26741] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2702.836969][T26741] RIP: 0033:0x7f89d288c9d1 [ 2702.841498][T26741] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2702.861223][T26741] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2702.869652][T26741] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2702.877634][T26741] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2702.885631][T26741] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2702.893619][T26741] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2702.901622][T26741] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2702.909623][T26741] [ 2702.921066][T26741] memory: usage 307196kB, limit 307200kB, failcnt 55753 [ 2702.928620][T26741] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2702.936083][T26741] Memory cgroup stats for /syz3: [ 2702.936300][T26741] anon 147456 [ 2702.936300][T26741] file 385024 [ 2702.936300][T26741] kernel 314036224 [ 2702.936300][T26741] kernel_stack 98304 [ 2702.936300][T26741] pagetables 81920 [ 2702.936300][T26741] percpu 5618080 [ 2702.936300][T26741] sock 0 [ 2702.936300][T26741] vmalloc 0 [ 2702.936300][T26741] shmem 385024 [ 2702.936300][T26741] zswap 0 [ 2702.936300][T26741] zswapped 0 [ 2702.936300][T26741] file_mapped 311296 [ 2702.936300][T26741] file_dirty 0 [ 2702.936300][T26741] file_writeback 0 [ 2702.936300][T26741] swapcached 0 [ 2702.936300][T26741] anon_thp 0 [ 2702.936300][T26741] file_thp 0 [ 2702.936300][T26741] shmem_thp 0 [ 2702.936300][T26741] inactive_anon 200704 [ 2702.936300][T26741] active_anon 331776 [ 2702.936300][T26741] inactive_file 0 [ 2702.936300][T26741] active_file 0 [ 2702.936300][T26741] unevictable 0 [ 2702.936300][T26741] slab_reclaimable 22760 [ 2702.936300][T26741] slab_unreclaimable 308175736 [ 2702.936300][T26741] slab 308198496 [ 2703.030394][T26741] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26741,uid=0 [ 2703.050365][T26741] Memory cgroup out of memory: Killed process 26741 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2703.068673][T26767] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2703.083773][T26767] CPU: 0 PID: 26767 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2703.093893][T26767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2703.103989][T26767] Call Trace: [ 2703.107295][T26767] [ 2703.110250][T26767] dump_stack_lvl+0xcd/0x134 [ 2703.114872][T26767] dump_header+0x10b/0x7f9 [ 2703.119298][T26767] oom_kill_process.cold+0x10/0x15 [ 2703.124407][T26767] out_of_memory+0x358/0x14a0 [ 2703.129097][T26767] ? oom_killer_disable+0x270/0x270 [ 2703.134319][T26767] ? find_held_lock+0x2d/0x110 [ 2703.139098][T26767] mem_cgroup_out_of_memory+0x206/0x270 [ 2703.144738][T26767] ? mem_cgroup_margin+0x130/0x130 [ 2703.149932][T26767] ? lock_downgrade+0x6e0/0x6e0 [ 2703.154904][T26767] try_charge_memcg+0xf67/0x13f0 [ 2703.159910][T26767] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2703.166055][T26767] ? lock_downgrade+0x6e0/0x6e0 [ 2703.170937][T26767] charge_memcg+0x31/0x320 [ 2703.175359][T26767] __mem_cgroup_charge+0x27/0x90 [ 2703.180411][T26767] ? _compound_head+0x5d/0x150 [ 2703.185178][T26767] wp_page_copy+0x27c/0x1b10 [ 2703.189796][T26767] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2703.195282][T26767] ? lock_downgrade+0x6e0/0x6e0 [ 2703.200188][T26767] ? vm_normal_page+0x146/0x2a0 [ 2703.205071][T26767] do_wp_page+0x52c/0x1910 [ 2703.209513][T26767] __handle_mm_fault+0x1813/0x39b0 [ 2703.214652][T26767] ? vm_iomap_memory+0x190/0x190 [ 2703.219629][T26767] handle_mm_fault+0x1c8/0x780 [ 2703.224417][T26767] do_user_addr_fault+0x475/0x1210 [ 2703.229565][T26767] exc_page_fault+0x94/0x170 [ 2703.234267][T26767] asm_exc_page_fault+0x22/0x30 [ 2703.239143][T26767] RIP: 0033:0x7fefdee35a15 [ 2703.243568][T26767] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2703.263195][T26767] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2703.269306][T26767] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2703.277387][T26767] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2703.285370][T26767] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2703.293353][T26767] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 0000000000293cfb [ 2703.301338][T26767] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2703.309345][T26767] [ 2703.317471][T26767] memory: usage 307200kB, limit 307200kB, failcnt 55601 [ 2703.324849][T26767] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2703.331785][T26767] Memory cgroup stats for /syz2: [ 2703.338000][T26767] anon 98304 [ 2703.338000][T26767] file 364544 [ 2703.338000][T26767] kernel 314109952 [ 2703.338000][T26767] kernel_stack 65536 [ 2703.338000][T26767] pagetables 73728 [ 2703.338000][T26767] percpu 5619264 [ 2703.338000][T26767] sock 0 [ 2703.338000][T26767] vmalloc 0 [ 2703.338000][T26767] shmem 364544 [ 2703.338000][T26767] zswap 0 [ 2703.338000][T26767] zswapped 0 [ 2703.338000][T26767] file_mapped 364544 [ 2703.338000][T26767] file_dirty 0 [ 2703.338000][T26767] file_writeback 0 [ 2703.338000][T26767] swapcached 0 [ 2703.338000][T26767] anon_thp 0 [ 2703.338000][T26767] file_thp 0 [ 2703.338000][T26767] shmem_thp 0 [ 2703.338000][T26767] inactive_anon 86016 [ 2703.338000][T26767] active_anon 360448 [ 2703.338000][T26767] inactive_file 0 [ 2703.338000][T26767] active_file 0 [ 2703.338000][T26767] unevictable 0 [ 2703.338000][T26767] slab_reclaimable 127032 [ 2703.338000][T26767] slab_unreclaimable 308189472 [ 2703.338000][T26767] slab 308316504 11:16:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x22d}]}}]}, 0x40}, 0x7}, 0x0) 11:16:58 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f0}]}}]}, 0x40}, 0x7}, 0x0) 11:16:58 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000140), 0x10, 0x0) shutdown(r1, 0x0) 11:16:58 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x717}]}}]}, 0x40}, 0x7}, 0x0) 11:16:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x1200000000000000) [ 2703.432324][T26767] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26767,uid=0 [ 2703.453202][T26767] Memory cgroup out of memory: Killed process 26767 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:16:58 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000140), 0x10, 0x0) shutdown(r1, 0x0) 11:16:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2a03000000000000) [ 2703.496041][T26774] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. 11:16:58 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x724}]}}]}, 0x40}, 0x7}, 0x0) [ 2703.581339][T26773] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2703.611378][T26773] CPU: 1 PID: 26773 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2703.621524][T26773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2703.631610][T26773] Call Trace: [ 2703.635098][T26773] [ 2703.638143][T26773] dump_stack_lvl+0xcd/0x134 [ 2703.642784][T26773] dump_header+0x10b/0x7f9 [ 2703.647244][T26773] oom_kill_process.cold+0x10/0x15 [ 2703.652404][T26773] out_of_memory+0x358/0x14a0 [ 2703.657135][T26773] ? find_held_lock+0x2d/0x110 [ 2703.661966][T26773] ? oom_killer_disable+0x270/0x270 [ 2703.667234][T26773] ? find_held_lock+0x2d/0x110 [ 2703.672061][T26773] mem_cgroup_out_of_memory+0x206/0x270 [ 2703.677646][T26773] ? mem_cgroup_margin+0x130/0x130 [ 2703.682781][T26773] ? lock_downgrade+0x6e0/0x6e0 [ 2703.687666][T26773] try_charge_memcg+0xf67/0x13f0 [ 2703.692635][T26773] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2703.698638][T26773] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2703.704376][T26773] ? lock_downgrade+0x6e0/0x6e0 [ 2703.709244][T26773] ? lock_downgrade+0x6e0/0x6e0 [ 2703.714129][T26773] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2703.719699][T26773] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2703.725876][T26773] copy_process+0x15f3/0x7090 [ 2703.730578][T26773] ? __lock_acquire+0xbc3/0x56d0 [ 2703.735537][T26773] ? __cleanup_sighand+0xb0/0xb0 [ 2703.740509][T26773] kernel_clone+0xe7/0xab0 [ 2703.744940][T26773] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2703.751113][T26773] ? create_io_thread+0xe0/0xe0 [ 2703.755989][T26773] ? find_held_lock+0x2d/0x110 [ 2703.760795][T26773] ? __ct_user_exit+0xff/0x150 [ 2703.765583][T26773] __do_sys_clone+0xba/0x100 [ 2703.770194][T26773] ? kernel_clone+0xab0/0xab0 [ 2703.774905][T26773] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2703.780816][T26773] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2703.786744][T26773] do_syscall_64+0x35/0xb0 [ 2703.791190][T26773] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2703.797120][T26773] RIP: 0033:0x7fa378a8c9d1 [ 2703.801720][T26773] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2703.821341][T26773] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 11:16:58 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000140), 0x10, 0x0) shutdown(r1, 0x0) [ 2703.829769][T26773] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2703.837806][T26773] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2703.845823][T26773] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2703.853804][T26773] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2703.861808][T26773] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2703.869808][T26773] [ 2703.901803][T26773] memory: usage 307188kB, limit 307200kB, failcnt 56716 [ 2703.916229][T26773] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2703.934951][T26773] Memory cgroup stats for /syz4: [ 2703.935143][T26773] anon 90112 [ 2703.935143][T26773] file 372736 [ 2703.935143][T26773] kernel 314097664 [ 2703.935143][T26773] kernel_stack 32768 [ 2703.935143][T26773] pagetables 65536 [ 2703.935143][T26773] percpu 5624000 [ 2703.935143][T26773] sock 0 [ 2703.935143][T26773] vmalloc 0 [ 2703.935143][T26773] shmem 372736 [ 2703.935143][T26773] zswap 0 [ 2703.935143][T26773] zswapped 0 [ 2703.935143][T26773] file_mapped 372736 [ 2703.935143][T26773] file_dirty 0 [ 2703.935143][T26773] file_writeback 0 [ 2703.935143][T26773] swapcached 0 [ 2703.935143][T26773] anon_thp 0 [ 2703.935143][T26773] file_thp 0 [ 2703.935143][T26773] shmem_thp 0 [ 2703.935143][T26773] inactive_anon 139264 11:16:58 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000140), 0x10, 0x0) [ 2703.935143][T26773] active_anon 323584 [ 2703.935143][T26773] inactive_file 0 [ 2703.935143][T26773] active_file 0 [ 2703.935143][T26773] unevictable 0 [ 2703.935143][T26773] slab_reclaimable 17888 [ 2703.935143][T26773] slab_unreclaimable 308300256 [ 2703.935143][T26773] slab 308318144 [ 2704.031920][T26779] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:16:58 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000140), 0x10, 0x0) [ 2704.071458][T26773] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26773,uid=0 11:16:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2b02000000000000) [ 2704.112756][T26773] Memory cgroup out of memory: Killed process 26773 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2704.135006][T26778] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2704.166290][T26778] CPU: 0 PID: 26778 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2704.176650][T26778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2704.186733][T26778] Call Trace: [ 2704.190032][T26778] [ 2704.192985][T26778] dump_stack_lvl+0xcd/0x134 [ 2704.197617][T26778] dump_header+0x10b/0x7f9 [ 2704.202077][T26778] oom_kill_process.cold+0x10/0x15 [ 2704.207498][T26778] out_of_memory+0x358/0x14a0 [ 2704.212233][T26778] ? oom_killer_disable+0x270/0x270 [ 2704.217483][T26778] ? find_held_lock+0x2d/0x110 [ 2704.222302][T26778] mem_cgroup_out_of_memory+0x206/0x270 [ 2704.227890][T26778] ? mem_cgroup_margin+0x130/0x130 [ 2704.233070][T26778] ? lock_downgrade+0x6e0/0x6e0 [ 2704.237982][T26778] try_charge_memcg+0xf67/0x13f0 [ 2704.242997][T26778] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2704.249020][T26778] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2704.254852][T26778] ? lock_downgrade+0x6e0/0x6e0 [ 2704.259710][T26778] ? lock_downgrade+0x6e0/0x6e0 [ 2704.264565][T26778] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2704.270113][T26778] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2704.276283][T26778] copy_process+0x73e/0x7090 [ 2704.280936][T26778] ? find_held_lock+0x2d/0x110 [ 2704.285827][T26778] ? __cleanup_sighand+0xb0/0xb0 [ 2704.290776][T26778] kernel_clone+0xe7/0xab0 [ 2704.295195][T26778] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2704.301176][T26778] ? create_io_thread+0xe0/0xe0 [ 2704.306027][T26778] ? find_held_lock+0x2d/0x110 [ 2704.310795][T26778] ? __ct_user_exit+0xff/0x150 [ 2704.315558][T26778] __do_sys_clone+0xba/0x100 [ 2704.320144][T26778] ? kernel_clone+0xab0/0xab0 [ 2704.324850][T26778] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2704.330777][T26778] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2704.336704][T26778] do_syscall_64+0x35/0xb0 [ 2704.341124][T26778] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2704.347018][T26778] RIP: 0033:0x7f89d288c9d1 [ 2704.351429][T26778] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2704.371140][T26778] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2704.379571][T26778] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2704.387561][T26778] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2704.396311][T26778] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2704.404367][T26778] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2704.412338][T26778] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2704.420317][T26778] [ 2704.442749][T26778] memory: usage 307200kB, limit 307200kB, failcnt 55877 [ 2704.450523][T26778] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2704.457642][T26778] Memory cgroup stats for /syz3: [ 2704.457808][T26778] anon 147456 [ 2704.457808][T26778] file 385024 [ 2704.457808][T26778] kernel 314040320 [ 2704.457808][T26778] kernel_stack 98304 [ 2704.457808][T26778] pagetables 81920 [ 2704.457808][T26778] percpu 5618080 [ 2704.457808][T26778] sock 0 [ 2704.457808][T26778] vmalloc 0 [ 2704.457808][T26778] shmem 385024 [ 2704.457808][T26778] zswap 0 [ 2704.457808][T26778] zswapped 0 [ 2704.457808][T26778] file_mapped 311296 [ 2704.457808][T26778] file_dirty 0 [ 2704.457808][T26778] file_writeback 0 [ 2704.457808][T26778] swapcached 0 [ 2704.457808][T26778] anon_thp 0 [ 2704.457808][T26778] file_thp 0 [ 2704.457808][T26778] shmem_thp 0 [ 2704.457808][T26778] inactive_anon 200704 [ 2704.457808][T26778] active_anon 331776 [ 2704.457808][T26778] inactive_file 0 [ 2704.457808][T26778] active_file 0 [ 2704.457808][T26778] unevictable 0 [ 2704.457808][T26778] slab_reclaimable 22760 [ 2704.457808][T26778] slab_unreclaimable 308162776 [ 2704.457808][T26778] slab 308185536 [ 2704.552377][T26778] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26778,uid=0 11:16:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x22e}]}}]}, 0x40}, 0x7}, 0x0) 11:16:59 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f1}]}}]}, 0x40}, 0x7}, 0x0) 11:16:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x3f00000000000000) 11:16:59 executing program 5: sendmmsg(0xffffffffffffffff, &(0x7f0000000140), 0x10, 0x0) 11:16:59 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x718}]}}]}, 0x40}, 0x7}, 0x0) [ 2704.572154][T26778] Memory cgroup out of memory: Killed process 26778 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2704.607666][T26787] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2704.659628][T26803] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2704.661665][T26787] CPU: 0 PID: 26787 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2704.679056][T26787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2704.689135][T26787] Call Trace: [ 2704.692439][T26787] [ 2704.695396][T26787] dump_stack_lvl+0xcd/0x134 [ 2704.700028][T26787] dump_header+0x10b/0x7f9 [ 2704.704473][T26787] oom_kill_process.cold+0x10/0x15 [ 2704.709621][T26787] out_of_memory+0x358/0x14a0 [ 2704.714354][T26787] ? find_held_lock+0x2d/0x110 [ 2704.719164][T26787] ? oom_killer_disable+0x270/0x270 [ 2704.724389][T26787] ? find_held_lock+0x2d/0x110 [ 2704.729189][T26787] mem_cgroup_out_of_memory+0x206/0x270 [ 2704.734843][T26787] ? mem_cgroup_margin+0x130/0x130 [ 2704.739983][T26787] ? lock_downgrade+0x6e0/0x6e0 [ 2704.744870][T26787] try_charge_memcg+0xf67/0x13f0 [ 2704.749834][T26787] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2704.755905][T26787] ? lock_downgrade+0x6e0/0x6e0 [ 2704.760785][T26787] charge_memcg+0x31/0x320 [ 2704.765225][T26787] __mem_cgroup_charge+0x27/0x90 [ 2704.770185][T26787] ? _compound_head+0x5d/0x150 [ 2704.775075][T26787] wp_page_copy+0x27c/0x1b10 [ 2704.779776][T26787] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2704.785253][T26787] ? lock_downgrade+0x6e0/0x6e0 [ 2704.790146][T26787] ? vm_normal_page+0x146/0x2a0 [ 2704.795030][T26787] do_wp_page+0x52c/0x1910 [ 2704.799470][T26787] __handle_mm_fault+0x1813/0x39b0 [ 2704.804606][T26787] ? vm_iomap_memory+0x190/0x190 [ 2704.809671][T26787] handle_mm_fault+0x1c8/0x780 [ 2704.814462][T26787] do_user_addr_fault+0x475/0x1210 [ 2704.819612][T26787] exc_page_fault+0x94/0x170 [ 2704.824228][T26787] asm_exc_page_fault+0x22/0x30 [ 2704.829112][T26787] RIP: 0033:0x7fefdee35a15 [ 2704.833538][T26787] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2704.853161][T26787] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 11:16:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x6000000000000000) [ 2704.859238][T26787] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2704.867220][T26787] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2704.875202][T26787] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2704.883190][T26787] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 00000000002944b2 [ 2704.891174][T26787] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2704.899274][T26787] [ 2704.931961][T26787] memory: usage 307200kB, limit 307200kB, failcnt 55695 [ 2704.947565][T26787] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2704.967281][T26787] Memory cgroup stats for /syz2: [ 2704.967576][T26787] anon 98304 [ 2704.967576][T26787] file 364544 [ 2704.967576][T26787] kernel 314109952 [ 2704.967576][T26787] kernel_stack 65536 [ 2704.967576][T26787] pagetables 73728 [ 2704.967576][T26787] percpu 5619264 [ 2704.967576][T26787] sock 0 [ 2704.967576][T26787] vmalloc 0 [ 2704.967576][T26787] shmem 364544 [ 2704.967576][T26787] zswap 0 [ 2704.967576][T26787] zswapped 0 [ 2704.967576][T26787] file_mapped 364544 [ 2704.967576][T26787] file_dirty 0 [ 2704.967576][T26787] file_writeback 0 [ 2704.967576][T26787] swapcached 0 [ 2704.967576][T26787] anon_thp 0 [ 2704.967576][T26787] file_thp 0 [ 2704.967576][T26787] shmem_thp 0 11:16:59 executing program 5: sendmmsg(0xffffffffffffffff, &(0x7f0000000140), 0x10, 0x0) [ 2704.967576][T26787] inactive_anon 102400 [ 2704.967576][T26787] active_anon 360448 [ 2704.967576][T26787] inactive_file 0 [ 2704.967576][T26787] active_file 0 [ 2704.967576][T26787] unevictable 0 [ 2704.967576][T26787] slab_reclaimable 127032 [ 2704.967576][T26787] slab_unreclaimable 308189472 [ 2704.967576][T26787] slab 308316504 [ 2705.078619][T26787] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26787,uid=0 [ 2705.098087][T26810] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:16:59 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x725}]}}]}, 0x40}, 0x7}, 0x0) 11:16:59 executing program 5: sendmmsg(0xffffffffffffffff, &(0x7f0000000140), 0x10, 0x0) 11:16:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x6203000000000000) 11:16:59 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f2}]}}]}, 0x40}, 0x7}, 0x0) [ 2705.122658][T26787] Memory cgroup out of memory: Killed process 26787 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2705.161979][T26799] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 11:16:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x6558000000000000) [ 2705.178791][T26799] CPU: 1 PID: 26799 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2705.188929][T26799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2705.199061][T26799] Call Trace: [ 2705.202374][T26799] [ 2705.205336][T26799] dump_stack_lvl+0xcd/0x134 [ 2705.209987][T26799] dump_header+0x10b/0x7f9 [ 2705.214445][T26799] oom_kill_process.cold+0x10/0x15 [ 2705.219602][T26799] out_of_memory+0x358/0x14a0 [ 2705.224329][T26799] ? find_held_lock+0x2d/0x110 [ 2705.229153][T26799] ? oom_killer_disable+0x270/0x270 [ 2705.234415][T26799] ? find_held_lock+0x2d/0x110 [ 2705.239246][T26799] mem_cgroup_out_of_memory+0x206/0x270 [ 2705.245137][T26799] ? mem_cgroup_margin+0x130/0x130 [ 2705.250289][T26799] ? lock_downgrade+0x6e0/0x6e0 [ 2705.255207][T26799] try_charge_memcg+0xf67/0x13f0 [ 2705.260205][T26799] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2705.266241][T26799] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2705.272035][T26799] ? lock_downgrade+0x6e0/0x6e0 [ 2705.276934][T26799] ? lock_downgrade+0x6e0/0x6e0 [ 2705.281837][T26799] ? rcu_read_unlock+0x9/0x60 [ 2705.286591][T26799] obj_cgroup_charge+0x2ab/0x5e0 [ 2705.291576][T26799] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2705.296908][T26799] ? copy_semundo+0x187/0x2f0 [ 2705.301613][T26799] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2705.307010][T26799] copy_semundo+0x187/0x2f0 [ 2705.311544][T26799] copy_process+0x23fa/0x7090 [ 2705.316264][T26799] ? __cleanup_sighand+0xb0/0xb0 [ 2705.321325][T26799] kernel_clone+0xe7/0xab0 [ 2705.325762][T26799] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2705.331763][T26799] ? create_io_thread+0xe0/0xe0 [ 2705.336638][T26799] ? find_held_lock+0x2d/0x110 [ 2705.341435][T26799] ? __ct_user_exit+0xff/0x150 [ 2705.346229][T26799] __do_sys_clone+0xba/0x100 [ 2705.350838][T26799] ? kernel_clone+0xab0/0xab0 [ 2705.355598][T26799] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2705.361524][T26799] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2705.367443][T26799] do_syscall_64+0x35/0xb0 [ 2705.371891][T26799] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2705.377910][T26799] RIP: 0033:0x7fa378a8c9d1 [ 2705.382339][T26799] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2705.401967][T26799] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2705.410412][T26799] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2705.418397][T26799] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2705.426396][T26799] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2705.434382][T26799] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2705.442385][T26799] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2705.450452][T26799] [ 2705.489641][T26822] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2705.535146][T26799] memory: usage 307200kB, limit 307200kB, failcnt 56816 [ 2705.546864][T26799] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2705.565118][T26799] Memory cgroup stats for /syz4: [ 2705.565345][T26799] anon 90112 [ 2705.565345][T26799] file 372736 [ 2705.565345][T26799] kernel 314109952 [ 2705.565345][T26799] kernel_stack 65536 [ 2705.565345][T26799] pagetables 65536 [ 2705.565345][T26799] percpu 5624000 [ 2705.565345][T26799] sock 0 [ 2705.565345][T26799] vmalloc 0 [ 2705.565345][T26799] shmem 372736 [ 2705.565345][T26799] zswap 0 [ 2705.565345][T26799] zswapped 0 [ 2705.565345][T26799] file_mapped 372736 [ 2705.565345][T26799] file_dirty 0 [ 2705.565345][T26799] file_writeback 0 [ 2705.565345][T26799] swapcached 0 [ 2705.565345][T26799] anon_thp 0 [ 2705.565345][T26799] file_thp 0 [ 2705.565345][T26799] shmem_thp 0 [ 2705.565345][T26799] inactive_anon 139264 [ 2705.565345][T26799] active_anon 323584 [ 2705.565345][T26799] inactive_file 0 [ 2705.565345][T26799] active_file 0 [ 2705.565345][T26799] unevictable 0 [ 2705.565345][T26799] slab_reclaimable 17888 [ 2705.565345][T26799] slab_unreclaimable 308300256 [ 2705.565345][T26799] slab 308318144 [ 2705.662436][T26799] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26799,uid=0 [ 2705.680529][T26799] Memory cgroup out of memory: Killed process 26799 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2705.725998][T26805] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2705.769853][T26805] CPU: 0 PID: 26805 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2705.780020][T26805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2705.790099][T26805] Call Trace: [ 2705.793372][T26805] [ 2705.796299][T26805] dump_stack_lvl+0xcd/0x134 [ 2705.800888][T26805] dump_header+0x10b/0x7f9 [ 2705.805301][T26805] oom_kill_process.cold+0x10/0x15 [ 2705.810420][T26805] out_of_memory+0x358/0x14a0 [ 2705.815128][T26805] ? find_held_lock+0x2d/0x110 [ 2705.819939][T26805] ? oom_killer_disable+0x270/0x270 [ 2705.825153][T26805] ? find_held_lock+0x2d/0x110 [ 2705.829941][T26805] mem_cgroup_out_of_memory+0x206/0x270 [ 2705.835494][T26805] ? mem_cgroup_margin+0x130/0x130 [ 2705.840611][T26805] ? lock_downgrade+0x6e0/0x6e0 [ 2705.845524][T26805] try_charge_memcg+0xf67/0x13f0 [ 2705.850476][T26805] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2705.856468][T26805] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2705.862224][T26805] ? lock_downgrade+0x6e0/0x6e0 [ 2705.867082][T26805] ? lock_downgrade+0x6e0/0x6e0 [ 2705.871933][T26805] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2705.877500][T26805] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2705.883668][T26805] copy_process+0x73e/0x7090 [ 2705.888272][T26805] ? find_held_lock+0x2d/0x110 [ 2705.893043][T26805] ? __cleanup_sighand+0xb0/0xb0 [ 2705.897987][T26805] kernel_clone+0xe7/0xab0 [ 2705.902603][T26805] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2705.908600][T26805] ? create_io_thread+0xe0/0xe0 [ 2705.913471][T26805] ? find_held_lock+0x2d/0x110 [ 2705.918300][T26805] ? __ct_user_exit+0xff/0x150 [ 2705.923067][T26805] __do_sys_clone+0xba/0x100 [ 2705.927659][T26805] ? kernel_clone+0xab0/0xab0 [ 2705.932337][T26805] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2705.938226][T26805] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2705.944123][T26805] do_syscall_64+0x35/0xb0 [ 2705.948630][T26805] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2705.954531][T26805] RIP: 0033:0x7f89d288c9d1 [ 2705.958941][T26805] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2705.978554][T26805] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2705.986976][T26805] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2705.994969][T26805] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2706.002932][T26805] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2706.010908][T26805] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2706.018880][T26805] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2706.026862][T26805] [ 2706.056874][T26805] memory: usage 307200kB, limit 307200kB, failcnt 55968 [ 2706.064171][T26805] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2706.071160][T26805] Memory cgroup stats for /syz3: [ 2706.071294][T26805] anon 147456 [ 2706.071294][T26805] file 385024 [ 2706.071294][T26805] kernel 314040320 [ 2706.071294][T26805] kernel_stack 98304 [ 2706.071294][T26805] pagetables 81920 [ 2706.071294][T26805] percpu 5618080 [ 2706.071294][T26805] sock 0 [ 2706.071294][T26805] vmalloc 0 [ 2706.071294][T26805] shmem 385024 [ 2706.071294][T26805] zswap 0 [ 2706.071294][T26805] zswapped 0 [ 2706.071294][T26805] file_mapped 311296 [ 2706.071294][T26805] file_dirty 0 [ 2706.071294][T26805] file_writeback 0 [ 2706.071294][T26805] swapcached 0 [ 2706.071294][T26805] anon_thp 0 [ 2706.071294][T26805] file_thp 0 [ 2706.071294][T26805] shmem_thp 0 [ 2706.071294][T26805] inactive_anon 200704 [ 2706.071294][T26805] active_anon 331776 [ 2706.071294][T26805] inactive_file 0 [ 2706.071294][T26805] active_file 0 [ 2706.071294][T26805] unevictable 0 [ 2706.071294][T26805] slab_reclaimable 22760 [ 2706.071294][T26805] slab_unreclaimable 308162776 [ 2706.071294][T26805] slab 308185536 [ 2706.165306][T26805] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26805,uid=0 [ 2706.183042][T26805] Memory cgroup out of memory: Killed process 26805 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2706.201147][T26821] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 11:17:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x22f}]}}]}, 0x40}, 0x7}, 0x0) 11:17:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x68c9458d00000000) 11:17:01 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000140), 0x10, 0x0) 11:17:01 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x719}]}}]}, 0x40}, 0x7}, 0x0) 11:17:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f3}]}}]}, 0x40}, 0x7}, 0x0) [ 2706.218161][T26821] CPU: 0 PID: 26821 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2706.228298][T26821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2706.238388][T26821] Call Trace: [ 2706.241704][T26821] [ 2706.244664][T26821] dump_stack_lvl+0xcd/0x134 [ 2706.249290][T26821] dump_header+0x10b/0x7f9 [ 2706.253767][T26821] oom_kill_process.cold+0x10/0x15 [ 2706.258928][T26821] out_of_memory+0x358/0x14a0 [ 2706.263663][T26821] ? oom_killer_disable+0x270/0x270 [ 2706.269001][T26821] ? find_held_lock+0x2d/0x110 [ 2706.273827][T26821] mem_cgroup_out_of_memory+0x206/0x270 [ 2706.279414][T26821] ? mem_cgroup_margin+0x130/0x130 [ 2706.284557][T26821] ? lock_downgrade+0x6e0/0x6e0 [ 2706.289459][T26821] try_charge_memcg+0xf67/0x13f0 [ 2706.294447][T26821] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2706.300494][T26821] ? lock_downgrade+0x6e0/0x6e0 [ 2706.305416][T26821] charge_memcg+0x31/0x320 [ 2706.309878][T26821] __mem_cgroup_charge+0x27/0x90 [ 2706.314855][T26821] ? _compound_head+0x5d/0x150 [ 2706.319671][T26821] __handle_mm_fault+0x17df/0x39b0 [ 2706.324832][T26821] ? vm_iomap_memory+0x190/0x190 [ 2706.329832][T26821] handle_mm_fault+0x1c8/0x780 [ 2706.334622][T26821] do_user_addr_fault+0x475/0x1210 [ 2706.339767][T26821] exc_page_fault+0x94/0x170 [ 2706.344378][T26821] asm_exc_page_fault+0x22/0x30 [ 2706.349250][T26821] RIP: 0033:0x7fefdee3633d [ 2706.353674][T26821] Code: e0 04 8b 44 02 08 85 c0 0f 85 d0 0a 00 00 31 c0 b9 40 42 0f 00 ba 81 00 00 00 c7 06 01 00 00 00 bf ca 00 00 00 e8 53 52 05 00 <83> 05 bc 9c 57 00 01 80 bc 24 d8 00 00 00 00 0f b6 05 57 f0 0a 01 [ 2706.373468][T26821] RSP: 002b:00007ffd4124e640 EFLAGS: 00010217 [ 2706.379549][T26821] RAX: 0000000000000000 RBX: 00007fefdefabf8c RCX: 00007fefdee8b5a9 [ 2706.387532][T26821] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fefdefabf88 [ 2706.395510][T26821] RBP: 00007fefdefabf80 R08: 00007fefe005a700 R09: 0000000000000000 [ 2706.403488][T26821] R10: 00007fefe005a700 R11: 0000000000000246 R12: 00007fefdefabf8c [ 2706.411467][T26821] R13: 00007fefdefb0060 R14: 00007fefdefabf80 R15: 0000000000000000 [ 2706.419468][T26821] 11:17:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x7600000000000000) 11:17:01 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000140), 0x10, 0x0) [ 2706.443329][T26821] memory: usage 307200kB, limit 307200kB, failcnt 55830 [ 2706.450658][T26835] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2706.483007][T26821] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2706.500307][T26821] Memory cgroup stats for /syz2: [ 2706.500527][T26821] anon 94208 [ 2706.500527][T26821] file 368640 [ 2706.500527][T26821] kernel 314109952 [ 2706.500527][T26821] kernel_stack 65536 [ 2706.500527][T26821] pagetables 73728 [ 2706.500527][T26821] percpu 5619264 [ 2706.500527][T26821] sock 0 [ 2706.500527][T26821] vmalloc 0 [ 2706.500527][T26821] shmem 364544 [ 2706.500527][T26821] zswap 0 [ 2706.500527][T26821] zswapped 0 [ 2706.500527][T26821] file_mapped 364544 [ 2706.500527][T26821] file_dirty 0 [ 2706.500527][T26821] file_writeback 0 [ 2706.500527][T26821] swapcached 0 [ 2706.500527][T26821] anon_thp 0 [ 2706.500527][T26821] file_thp 0 [ 2706.500527][T26821] shmem_thp 0 [ 2706.500527][T26821] inactive_anon 98304 [ 2706.500527][T26821] active_anon 360448 [ 2706.500527][T26821] inactive_file 4096 [ 2706.500527][T26821] active_file 0 [ 2706.500527][T26821] unevictable 0 [ 2706.500527][T26821] slab_reclaimable 125344 [ 2706.500527][T26821] slab_unreclaimable 308188824 [ 2706.500527][T26821] slab 308314168 [ 2706.618991][T26821] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26821,uid=0 [ 2706.645019][T26836] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2706.691810][T26821] Memory cgroup out of memory: Killed process 26821 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2706.758595][T26833] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2706.779117][T26833] CPU: 1 PID: 26833 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2706.780077][T26826] socket: no more sockets [ 2706.789237][T26833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2706.789255][T26833] Call Trace: [ 2706.789264][T26833] [ 2706.789275][T26833] dump_stack_lvl+0xcd/0x134 [ 2706.789308][T26833] dump_header+0x10b/0x7f9 [ 2706.789337][T26833] oom_kill_process.cold+0x10/0x15 [ 2706.789368][T26833] out_of_memory+0x358/0x14a0 [ 2706.789408][T26833] ? find_held_lock+0x2d/0x110 [ 2706.789444][T26833] ? oom_killer_disable+0x270/0x270 [ 2706.838748][T26833] ? find_held_lock+0x2d/0x110 [ 2706.843548][T26833] mem_cgroup_out_of_memory+0x206/0x270 [ 2706.849113][T26833] ? mem_cgroup_margin+0x130/0x130 [ 2706.854238][T26833] ? lock_downgrade+0x6e0/0x6e0 [ 2706.859117][T26833] try_charge_memcg+0xf67/0x13f0 [ 2706.864176][T26833] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2706.870264][T26833] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2706.876002][T26833] ? lock_downgrade+0x6e0/0x6e0 [ 2706.880895][T26833] obj_cgroup_charge+0x2ab/0x5e0 [ 2706.885855][T26833] ? vm_area_dup+0x88/0x3f0 [ 2706.890380][T26833] kmem_cache_alloc+0x96/0x3b0 [ 2706.895170][T26833] vm_area_dup+0x88/0x3f0 [ 2706.899514][T26833] ? mark_lock.part.0+0xee/0x1910 [ 2706.904567][T26833] ? lock_chain_count+0x20/0x20 [ 2706.909427][T26833] ? __vma_adjust+0x109c/0x24a0 [ 2706.914333][T26833] ? __vma_link_rb+0x710/0x710 [ 2706.919132][T26833] ? __lock_acquire+0x166e/0x56d0 [ 2706.924277][T26833] ? vm_area_alloc+0x110/0x110 [ 2706.929160][T26833] ? perf_event_namespaces+0x50/0x50 [ 2706.934470][T26833] ? vma_merge+0x47a/0xeb0 [ 2706.938908][T26833] ? ima_file_mprotect+0x175/0x470 [ 2706.944130][T26833] ? ima_file_mmap+0x130/0x130 [ 2706.949013][T26833] ? vma_wants_writenotify+0x1f8/0x370 [ 2706.954581][T26833] ? __ia32_sys_mmap_pgoff+0x1b0/0x1b0 [ 2706.960084][T26833] ? vma_merge+0x47a/0xeb0 [ 2706.964621][T26833] ? __vma_adjust+0x24a0/0x24a0 [ 2706.969521][T26833] __split_vma+0xa5/0x550 [ 2706.973883][T26833] split_vma+0x95/0xd0 [ 2706.978008][T26833] mprotect_fixup+0x6d9/0x970 [ 2706.982742][T26833] ? change_protection+0x4280/0x4280 [ 2706.988054][T26833] ? vmacache_find+0x62/0x330 [ 2706.992787][T26833] do_mprotect_pkey+0x6c5/0x9e0 [ 2706.997674][T26833] ? __ct_user_exit+0xff/0x150 [ 2707.002477][T26833] ? mprotect_fixup+0x970/0x970 [ 2707.007374][T26833] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2707.013290][T26833] __x64_sys_mprotect+0x74/0xb0 [ 2707.018172][T26833] do_syscall_64+0x35/0xb0 [ 2707.022616][T26833] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2707.028535][T26833] RIP: 0033:0x7f89d288b6b7 [ 2707.032960][T26833] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 11:17:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x726}]}}]}, 0x40}, 0x7}, 0x0) 11:17:01 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000140), 0x10, 0x0) 11:17:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8100000000000000) [ 2707.052676][T26833] RSP: 002b:00007fff48383188 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 2707.061102][T26833] RAX: ffffffffffffffda RBX: 0000000000021000 RCX: 00007f89d288b6b7 [ 2707.069090][T26833] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f89d3a51000 [ 2707.077081][T26833] RBP: 00007fff48383260 R08: 00000000ffffffff R09: 00007f89d3a70700 [ 2707.085066][T26833] R10: 0000000000020022 R11: 0000000000000206 R12: 00007fff48383380 [ 2707.093143][T26833] R13: 00007f89d3a70700 R14: 0000000000000000 R15: 0000000000022000 [ 2707.101149][T26833] [ 2707.132951][T26833] memory: usage 307200kB, limit 307200kB, failcnt 56039 [ 2707.149984][T26833] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2707.157630][T26833] Memory cgroup stats for /syz3: [ 2707.157851][T26833] anon 143360 [ 2707.157851][T26833] file 389120 [ 2707.157851][T26833] kernel 314040320 [ 2707.157851][T26833] kernel_stack 98304 [ 2707.157851][T26833] pagetables 81920 [ 2707.157851][T26833] percpu 5618080 [ 2707.157851][T26833] sock 0 [ 2707.157851][T26833] vmalloc 0 [ 2707.157851][T26833] shmem 385024 [ 2707.157851][T26833] zswap 0 [ 2707.157851][T26833] zswapped 0 [ 2707.157851][T26833] file_mapped 311296 [ 2707.157851][T26833] file_dirty 0 [ 2707.157851][T26833] file_writeback 0 [ 2707.157851][T26833] swapcached 0 [ 2707.157851][T26833] anon_thp 0 [ 2707.157851][T26833] file_thp 0 [ 2707.157851][T26833] shmem_thp 0 [ 2707.157851][T26833] inactive_anon 196608 [ 2707.157851][T26833] active_anon 331776 [ 2707.157851][T26833] inactive_file 4096 [ 2707.157851][T26833] active_file 0 [ 2707.157851][T26833] unevictable 0 [ 2707.157851][T26833] slab_reclaimable 23000 [ 2707.157851][T26833] slab_unreclaimable 308180952 [ 2707.157851][T26833] slab 308203952 [ 2707.266101][T26833] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26833,uid=0 11:17:02 executing program 5: socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000140), 0x10, 0x0) [ 2707.281968][T26833] Memory cgroup out of memory: Killed process 26833 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2707.327597][T26830] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2707.355860][T26830] CPU: 0 PID: 26830 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2707.365999][T26830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 11:17:02 executing program 5: socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000140), 0x10, 0x0) [ 2707.376089][T26830] Call Trace: [ 2707.379395][T26830] [ 2707.382431][T26830] dump_stack_lvl+0xcd/0x134 [ 2707.387320][T26830] dump_header+0x10b/0x7f9 [ 2707.391777][T26830] oom_kill_process.cold+0x10/0x15 [ 2707.396938][T26830] out_of_memory+0x358/0x14a0 [ 2707.401667][T26830] ? oom_killer_disable+0x270/0x270 [ 2707.406910][T26830] ? find_held_lock+0x2d/0x110 [ 2707.411718][T26830] mem_cgroup_out_of_memory+0x206/0x270 [ 2707.417283][T26830] ? mem_cgroup_margin+0x130/0x130 [ 2707.422408][T26830] ? lock_downgrade+0x6e0/0x6e0 [ 2707.427284][T26830] try_charge_memcg+0xf67/0x13f0 [ 2707.432250][T26830] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2707.438263][T26830] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2707.444000][T26830] ? lock_downgrade+0x6e0/0x6e0 [ 2707.448868][T26830] ? lock_downgrade+0x6e0/0x6e0 [ 2707.453731][T26830] ? rcu_read_unlock+0x9/0x60 [ 2707.458461][T26830] obj_cgroup_charge+0x2ab/0x5e0 [ 2707.463487][T26830] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2707.468804][T26830] ? copy_semundo+0x187/0x2f0 [ 2707.473497][T26830] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2707.478806][T26830] copy_semundo+0x187/0x2f0 [ 2707.483591][T26830] copy_process+0x23fa/0x7090 [ 2707.488330][T26830] ? __cleanup_sighand+0xb0/0xb0 [ 2707.493315][T26830] kernel_clone+0xe7/0xab0 [ 2707.497774][T26830] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2707.503803][T26830] ? create_io_thread+0xe0/0xe0 [ 2707.508709][T26830] ? find_held_lock+0x2d/0x110 [ 2707.513535][T26830] ? __ct_user_exit+0xff/0x150 [ 2707.518335][T26830] __do_sys_clone+0xba/0x100 [ 2707.523041][T26830] ? kernel_clone+0xab0/0xab0 [ 2707.527751][T26830] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2707.533661][T26830] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2707.539668][T26830] do_syscall_64+0x35/0xb0 [ 2707.544125][T26830] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2707.550040][T26830] RIP: 0033:0x7fa378a8c9d1 [ 2707.554464][T26830] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2707.574203][T26830] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2707.582742][T26830] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2707.590869][T26830] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2707.600433][T26830] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2707.608565][T26830] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2707.616566][T26830] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2707.624580][T26830] [ 2707.647683][T26830] memory: usage 307200kB, limit 307200kB, failcnt 56897 [ 2707.656656][T26830] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2707.673601][T26830] Memory cgroup stats for /syz4: [ 2707.673840][T26830] anon 90112 [ 2707.673840][T26830] file 372736 [ 2707.673840][T26830] kernel 314109952 [ 2707.673840][T26830] kernel_stack 65536 [ 2707.673840][T26830] pagetables 65536 11:17:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x230}]}}]}, 0x40}, 0x7}, 0x0) 11:17:02 executing program 5: socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000140), 0x10, 0x0) 11:17:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8601000000000000) [ 2707.673840][T26830] percpu 5624000 [ 2707.673840][T26830] sock 0 [ 2707.673840][T26830] vmalloc 0 [ 2707.673840][T26830] shmem 372736 [ 2707.673840][T26830] zswap 0 [ 2707.673840][T26830] zswapped 0 [ 2707.673840][T26830] file_mapped 372736 [ 2707.673840][T26830] file_dirty 0 [ 2707.673840][T26830] file_writeback 0 [ 2707.673840][T26830] swapcached 0 [ 2707.673840][T26830] anon_thp 0 [ 2707.673840][T26830] file_thp 0 [ 2707.673840][T26830] shmem_thp 0 [ 2707.673840][T26830] inactive_anon 139264 [ 2707.673840][T26830] active_anon 323584 [ 2707.673840][T26830] inactive_file 0 [ 2707.673840][T26830] active_file 0 [ 2707.673840][T26830] unevictable 0 [ 2707.673840][T26830] slab_reclaimable 17888 [ 2707.673840][T26830] slab_unreclaimable 308300256 [ 2707.673840][T26830] slab 308318144 [ 2707.768968][T26855] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2707.801645][T26830] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26830,uid=0 11:17:02 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71a}]}}]}, 0x40}, 0x7}, 0x0) 11:17:02 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f4}]}}]}, 0x40}, 0x7}, 0x0) 11:17:02 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) sendmmsg(0xffffffffffffffff, &(0x7f0000000140), 0x10, 0x0) [ 2707.860121][T26830] Memory cgroup out of memory: Killed process 26830 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2707.878035][T26848] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2707.914525][T26848] CPU: 0 PID: 26848 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2707.924674][T26848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2707.934767][T26848] Call Trace: [ 2707.938087][T26848] [ 2707.941047][T26848] dump_stack_lvl+0xcd/0x134 [ 2707.945702][T26848] dump_header+0x10b/0x7f9 [ 2707.950167][T26848] oom_kill_process.cold+0x10/0x15 [ 2707.955331][T26848] out_of_memory+0x358/0x14a0 11:17:02 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) sendmmsg(0xffffffffffffffff, &(0x7f0000000140), 0x10, 0x0) [ 2707.960073][T26848] ? oom_killer_disable+0x270/0x270 [ 2707.965324][T26848] ? find_held_lock+0x2d/0x110 [ 2707.970145][T26848] mem_cgroup_out_of_memory+0x206/0x270 [ 2707.975734][T26848] ? mem_cgroup_margin+0x130/0x130 [ 2707.980886][T26848] ? lock_downgrade+0x6e0/0x6e0 [ 2707.985796][T26848] try_charge_memcg+0xf67/0x13f0 [ 2707.991742][T26848] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2707.997774][T26848] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2708.003539][T26848] ? lock_downgrade+0x6e0/0x6e0 [ 2708.008531][T26848] ? lock_downgrade+0x6e0/0x6e0 [ 2708.013463][T26848] obj_cgroup_charge+0x2ab/0x5e0 [ 2708.018457][T26848] kmem_cache_alloc_lru+0x13e/0x720 [ 2708.023712][T26848] ? sock_alloc_inode+0x23/0x1d0 [ 2708.028699][T26848] sock_alloc_inode+0x23/0x1d0 [ 2708.033499][T26848] ? sock_free_inode+0x20/0x20 [ 2708.038296][T26848] alloc_inode+0x61/0x230 [ 2708.042669][T26848] new_inode_pseudo+0x13/0x80 [ 2708.047392][T26848] sock_alloc+0x3c/0x260 [ 2708.051726][T26848] __sock_create+0xb9/0x790 [ 2708.056275][T26848] ? lock_downgrade+0x6e0/0x6e0 [ 2708.061171][T26848] __sys_socket+0x12f/0x240 [ 2708.065720][T26848] ? __sys_socket_file+0x1f0/0x1f0 [ 2708.070872][T26848] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2708.076819][T26848] __x64_sys_socket+0x6f/0xb0 [ 2708.081545][T26848] do_syscall_64+0x35/0xb0 [ 2708.086083][T26848] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2708.091999][T26848] RIP: 0033:0x7fefdee8b5a9 [ 2708.096451][T26848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2708.116085][T26848] RSP: 002b:00007fefe005a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 2708.124516][T26848] RAX: ffffffffffffffda RBX: 00007fefdefabf80 RCX: 00007fefdee8b5a9 [ 2708.132602][T26848] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 2708.140606][T26848] RBP: 00007fefdeee6580 R08: 0000000000000000 R09: 0000000000000000 [ 2708.148609][T26848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2708.156608][T26848] R13: 00007ffd4124e5bf R14: 00007fefe005a300 R15: 0000000000022000 [ 2708.164595][T26848] [ 2708.202127][T26848] memory: usage 307200kB, limit 307200kB, failcnt 55942 [ 2708.212016][T26848] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2708.228819][T26848] Memory cgroup stats for /syz2: [ 2708.230041][T26848] anon 98304 [ 2708.230041][T26848] file 368640 [ 2708.230041][T26848] kernel 314105856 [ 2708.230041][T26848] kernel_stack 65536 [ 2708.230041][T26848] pagetables 73728 [ 2708.230041][T26848] percpu 5619264 [ 2708.230041][T26848] sock 0 [ 2708.230041][T26848] vmalloc 0 [ 2708.230041][T26848] shmem 364544 [ 2708.230041][T26848] zswap 0 [ 2708.230041][T26848] zswapped 0 [ 2708.230041][T26848] file_mapped 364544 [ 2708.230041][T26848] file_dirty 0 [ 2708.230041][T26848] file_writeback 0 [ 2708.230041][T26848] swapcached 0 [ 2708.230041][T26848] anon_thp 0 [ 2708.230041][T26848] file_thp 0 [ 2708.230041][T26848] shmem_thp 0 [ 2708.230041][T26848] inactive_anon 102400 [ 2708.230041][T26848] active_anon 360448 [ 2708.230041][T26848] inactive_file 0 [ 2708.230041][T26848] active_file 4096 [ 2708.230041][T26848] unevictable 0 [ 2708.230041][T26848] slab_reclaimable 125344 [ 2708.230041][T26848] slab_unreclaimable 308188824 [ 2708.230041][T26848] slab 308314168 [ 2708.355695][T26848] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26846,uid=0 [ 2708.379537][T26848] Memory cgroup out of memory: Killed process 26846 (syz-executor.2) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2708.413122][T26855] syz-executor.3 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=2, oom_score_adj=1000 [ 2708.431467][T26855] CPU: 1 PID: 26855 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2708.441612][T26855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2708.451700][T26855] Call Trace: [ 2708.455004][T26855] [ 2708.457961][T26855] dump_stack_lvl+0xcd/0x134 [ 2708.462588][T26855] dump_header+0x10b/0x7f9 [ 2708.467043][T26855] oom_kill_process.cold+0x10/0x15 [ 2708.472195][T26855] out_of_memory+0x358/0x14a0 [ 2708.476921][T26855] ? oom_killer_disable+0x270/0x270 [ 2708.482163][T26855] ? find_held_lock+0x2d/0x110 [ 2708.486980][T26855] mem_cgroup_out_of_memory+0x206/0x270 [ 2708.492563][T26855] ? mem_cgroup_margin+0x130/0x130 [ 2708.497709][T26855] ? lock_downgrade+0x6e0/0x6e0 [ 2708.502615][T26855] try_charge_memcg+0xf67/0x13f0 [ 2708.507601][T26855] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2708.513624][T26855] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2708.519381][T26855] ? lock_downgrade+0x6e0/0x6e0 [ 2708.524294][T26855] obj_cgroup_charge+0x2ab/0x5e0 [ 2708.529296][T26855] __kmalloc_track_caller+0xad/0x340 [ 2708.534623][T26855] ? __addrconf_sysctl_register+0x9d/0x3d0 [ 2708.540479][T26855] kmemdup+0x23/0x50 [ 2708.544407][T26855] __addrconf_sysctl_register+0x9d/0x3d0 [ 2708.550084][T26855] ? pndisc_destructor+0x220/0x220 [ 2708.555251][T26855] ? inet6_netconf_notify_devconf+0x1e0/0x1e0 [ 2708.561359][T26855] ? lockdep_init_map_type+0x21a/0x7f0 [ 2708.566854][T26855] ? lockdep_init_map_type+0x21a/0x7f0 [ 2708.572347][T26855] ? __raw_spin_lock_init+0x36/0x110 [ 2708.577674][T26855] addrconf_sysctl_register+0x139/0x1d0 [ 2708.583269][T26855] ? ipv6_mc_init_dev+0x950/0xb50 [ 2708.588331][T26855] ipv6_add_dev+0xade/0x1390 [ 2708.592971][T26855] addrconf_notify+0x6f9/0x1c10 [ 2708.597867][T26855] ? clusterip_netdev_event+0x419/0x650 [ 2708.603542][T26855] ? __local_bh_enable_ip+0xa0/0x120 [ 2708.608859][T26855] ? clusterip_netdev_event+0x419/0x650 [ 2708.614450][T26855] ? tee_netdev_event+0x3bc/0x5c0 [ 2708.619522][T26855] ? ip6mr_device_event+0x1ab/0x220 [ 2708.624781][T26855] notifier_call_chain+0xb5/0x200 [ 2708.629862][T26855] call_netdevice_notifiers_info+0xb5/0x130 [ 2708.635799][T26855] register_netdevice+0x10bb/0x1670 [ 2708.641044][T26855] ? netdev_change_features+0xb0/0xb0 [ 2708.646467][T26855] ? dev_addr_mod+0x2c9/0x3f0 [ 2708.651194][T26855] veth_newlink+0x338/0x990 [ 2708.655752][T26855] ? veth_set_features+0x190/0x190 [ 2708.660917][T26855] ? netlink_unicast+0x543/0x7f0 [ 2708.665903][T26855] ? netlink_sendmsg+0x917/0xe10 [ 2708.670873][T26855] ? sock_sendmsg+0xcf/0x120 [ 2708.675493][T26855] ? ____sys_sendmsg+0x712/0x8c0 [ 2708.680463][T26855] ? ___sys_sendmsg+0x110/0x1b0 [ 2708.685348][T26855] ? __sys_sendmsg+0xf3/0x1c0 [ 2708.690058][T26855] ? do_syscall_64+0x35/0xb0 [ 2708.694722][T26855] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2708.700849][T26855] ? find_held_lock+0x2d/0x110 [ 2708.705669][T26855] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2708.711689][T26855] ? lock_downgrade+0x6e0/0x6e0 [ 2708.716585][T26855] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2708.722180][T26855] ? trace_kmalloc_node+0x32/0x100 [ 2708.727324][T26855] ? __kmalloc_node+0x1bf/0x380 [ 2708.732217][T26855] ? memset+0x20/0x40 [ 2708.736247][T26855] ? __xdp_rxq_info_reg+0x189/0x340 [ 2708.741508][T26855] ? memcpy+0x39/0x60 [ 2708.745557][T26855] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2708.750733][T26855] ? rtnl_create_link+0x7e8/0xca0 [ 2708.755817][T26855] ? veth_set_features+0x190/0x190 [ 2708.760993][T26855] __rtnl_newlink+0x1087/0x17e0 [ 2708.765955][T26855] ? rtnl_link_unregister+0x250/0x250 [ 2708.771369][T26855] ? rtnl_newlink+0x46/0xa0 [ 2708.775936][T26855] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2708.781533][T26855] ? trace_kmalloc+0x32/0x100 [ 2708.786265][T26855] rtnl_newlink+0x64/0xa0 [ 2708.790647][T26855] ? __rtnl_newlink+0x17e0/0x17e0 [ 2708.795714][T26855] rtnetlink_rcv_msg+0x43a/0xca0 [ 2708.800698][T26855] ? rtnl_getlink+0xae0/0xae0 [ 2708.805407][T26855] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2708.810755][T26855] ? ref_tracker_free+0x370/0x6b0 [ 2708.815829][T26855] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2708.821262][T26855] netlink_rcv_skb+0x153/0x420 [ 2708.826069][T26855] ? rtnl_getlink+0xae0/0xae0 [ 2708.830794][T26855] ? netlink_ack+0xd50/0xd50 [ 2708.835427][T26855] ? netlink_deliver_tap+0x1a2/0xc40 [ 2708.840763][T26855] ? netlink_deliver_tap+0x1b1/0xc40 [ 2708.846098][T26855] netlink_unicast+0x543/0x7f0 [ 2708.850906][T26855] ? netlink_attachskb+0x880/0x880 [ 2708.856053][T26855] ? __phys_addr+0xc4/0x140 [ 2708.860632][T26855] ? __phys_addr_symbol+0x2c/0x70 [ 2708.865713][T26855] ? __check_object_size+0x2de/0x700 [ 2708.871066][T26855] netlink_sendmsg+0x917/0xe10 [ 2708.875965][T26855] ? netlink_unicast+0x7f0/0x7f0 [ 2708.880949][T26855] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2708.886281][T26855] ? netlink_unicast+0x7f0/0x7f0 [ 2708.891255][T26855] sock_sendmsg+0xcf/0x120 [ 2708.895705][T26855] ____sys_sendmsg+0x712/0x8c0 [ 2708.900503][T26855] ? copy_msghdr_from_user+0xfc/0x150 [ 2708.905916][T26855] ? kernel_sendmsg+0x50/0x50 [ 2708.910729][T26855] ? futex_unqueue+0xb3/0x120 [ 2708.915456][T26855] ___sys_sendmsg+0x110/0x1b0 [ 2708.920176][T26855] ? do_recvmmsg+0x6e0/0x6e0 [ 2708.924809][T26855] ? __fget_files+0x248/0x440 [ 2708.929530][T26855] ? lock_downgrade+0x6e0/0x6e0 [ 2708.934420][T26855] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2708.940457][T26855] ? __fget_files+0x26a/0x440 [ 2708.945182][T26855] ? __fget_light+0xe5/0x270 [ 2708.949819][T26855] __sys_sendmsg+0xf3/0x1c0 [ 2708.954362][T26855] ? __sys_sendmsg_sock+0x30/0x30 [ 2708.959422][T26855] ? lock_downgrade+0x6e0/0x6e0 [ 2708.964321][T26855] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2708.970255][T26855] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2708.976186][T26855] ? lockdep_hardirqs_on+0x79/0x100 [ 2708.981429][T26855] do_syscall_64+0x35/0xb0 [ 2708.985911][T26855] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2708.991852][T26855] RIP: 0033:0x7f89d288b5a9 [ 2708.996296][T26855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2709.015942][T26855] RSP: 002b:00007f89d3ab2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2709.024396][T26855] RAX: ffffffffffffffda RBX: 00007f89d29abf80 RCX: 00007f89d288b5a9 [ 2709.032401][T26855] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 2709.040413][T26855] RBP: 00007f89d28e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2709.048416][T26855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2709.056422][T26855] R13: 00007fff483831ef R14: 00007f89d3ab2300 R15: 0000000000022000 11:17:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x727}]}}]}, 0x40}, 0x7}, 0x0) [ 2709.064459][T26855] [ 2709.075266][T26855] memory: usage 307184kB, limit 307200kB, failcnt 56154 [ 2709.093031][T26855] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2709.106977][T26855] Memory cgroup stats for /syz3: [ 2709.107180][T26855] anon 139264 [ 2709.107180][T26855] file 389120 [ 2709.107180][T26855] kernel 314028032 [ 2709.107180][T26855] kernel_stack 65536 [ 2709.107180][T26855] pagetables 81920 [ 2709.107180][T26855] percpu 5619264 [ 2709.107180][T26855] sock 0 [ 2709.107180][T26855] vmalloc 0 [ 2709.107180][T26855] shmem 385024 [ 2709.107180][T26855] zswap 0 [ 2709.107180][T26855] zswapped 0 [ 2709.107180][T26855] file_mapped 311296 [ 2709.107180][T26855] file_dirty 0 [ 2709.107180][T26855] file_writeback 0 [ 2709.107180][T26855] swapcached 0 [ 2709.107180][T26855] anon_thp 0 [ 2709.107180][T26855] file_thp 0 [ 2709.107180][T26855] shmem_thp 0 [ 2709.107180][T26855] inactive_anon 192512 [ 2709.107180][T26855] active_anon 331776 [ 2709.107180][T26855] inactive_file 4096 [ 2709.107180][T26855] active_file 0 [ 2709.107180][T26855] unevictable 0 [ 2709.107180][T26855] slab_reclaimable 23000 [ 2709.107180][T26855] slab_unreclaimable 308202888 [ 2709.107180][T26855] slab 308225888 11:17:04 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) sendmmsg(0xffffffffffffffff, &(0x7f0000000140), 0x10, 0x0) [ 2709.202290][T26855] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26854,uid=0 [ 2709.223503][T26855] Memory cgroup out of memory: Killed process 26854 (syz-executor.3) total-vm:54728kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2709.281983][T26863] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2709.323070][T26863] CPU: 0 PID: 26863 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2709.333205][T26863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2709.343377][T26863] Call Trace: [ 2709.346764][T26863] [ 2709.349714][T26863] dump_stack_lvl+0xcd/0x134 [ 2709.354342][T26863] dump_header+0x10b/0x7f9 [ 2709.358797][T26863] oom_kill_process.cold+0x10/0x15 [ 2709.363954][T26863] out_of_memory+0x358/0x14a0 [ 2709.368679][T26863] ? find_held_lock+0x2d/0x110 11:17:04 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) sendmmsg(r0, 0x0, 0x0, 0x0) [ 2709.373483][T26863] ? oom_killer_disable+0x270/0x270 [ 2709.378720][T26863] ? find_held_lock+0x2d/0x110 [ 2709.383535][T26863] mem_cgroup_out_of_memory+0x206/0x270 [ 2709.389116][T26863] ? mem_cgroup_margin+0x130/0x130 [ 2709.394255][T26863] ? lock_downgrade+0x6e0/0x6e0 [ 2709.399154][T26863] try_charge_memcg+0xf67/0x13f0 [ 2709.404151][T26863] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2709.410184][T26863] ? lock_downgrade+0x6e0/0x6e0 [ 2709.415087][T26863] charge_memcg+0x31/0x320 [ 2709.419551][T26863] __mem_cgroup_charge+0x27/0x90 [ 2709.424535][T26863] ? _compound_head+0x5d/0x150 [ 2709.429350][T26863] wp_page_copy+0x27c/0x1b10 [ 2709.433987][T26863] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2709.439480][T26863] ? lock_downgrade+0x6e0/0x6e0 [ 2709.444380][T26863] ? vm_normal_page+0x146/0x2a0 [ 2709.449285][T26863] do_wp_page+0x52c/0x1910 [ 2709.453751][T26863] __handle_mm_fault+0x1813/0x39b0 [ 2709.458917][T26863] ? vm_iomap_memory+0x190/0x190 [ 2709.463906][T26863] handle_mm_fault+0x1c8/0x780 [ 2709.468703][T26863] do_user_addr_fault+0x475/0x1210 [ 2709.473870][T26863] exc_page_fault+0x94/0x170 [ 2709.478510][T26863] asm_exc_page_fault+0x22/0x30 [ 2709.483408][T26863] RIP: 0033:0x7fa378a362de [ 2709.487849][T26863] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2709.507499][T26863] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2709.513594][T26863] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2709.521568][T26863] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2709.529544][T26863] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2709.537572][T26863] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2709.546788][T26863] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2709.554783][T26863] [ 2709.559121][T26863] memory: usage 307200kB, limit 307200kB, failcnt 56963 [ 2709.566222][T26863] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2709.573181][T26863] Memory cgroup stats for /syz4: [ 2709.573403][T26863] anon 90112 [ 2709.573403][T26863] file 372736 [ 2709.573403][T26863] kernel 314109952 [ 2709.573403][T26863] kernel_stack 65536 [ 2709.573403][T26863] pagetables 65536 [ 2709.573403][T26863] percpu 5624000 [ 2709.573403][T26863] sock 0 [ 2709.573403][T26863] vmalloc 0 [ 2709.573403][T26863] shmem 372736 [ 2709.573403][T26863] zswap 0 [ 2709.573403][T26863] zswapped 0 [ 2709.573403][T26863] file_mapped 372736 [ 2709.573403][T26863] file_dirty 0 [ 2709.573403][T26863] file_writeback 0 [ 2709.573403][T26863] swapcached 0 [ 2709.573403][T26863] anon_thp 0 [ 2709.573403][T26863] file_thp 0 [ 2709.573403][T26863] shmem_thp 0 [ 2709.573403][T26863] inactive_anon 139264 [ 2709.573403][T26863] active_anon 323584 [ 2709.573403][T26863] inactive_file 0 [ 2709.573403][T26863] active_file 0 [ 2709.573403][T26863] unevictable 0 [ 2709.573403][T26863] slab_reclaimable 17888 [ 2709.573403][T26863] slab_unreclaimable 308300720 [ 2709.573403][T26863] slab 308318608 [ 2709.666906][T26863] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26863,uid=0 [ 2709.688642][T26863] Memory cgroup out of memory: Killed process 26863 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2709.706517][T26871] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2709.722286][T26871] CPU: 1 PID: 26871 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2709.723200][T26862] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2709.732387][T26871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2709.752017][T26871] Call Trace: [ 2709.755400][T26871] [ 2709.758344][T26871] dump_stack_lvl+0xcd/0x134 [ 2709.762971][T26871] dump_header+0x10b/0x7f9 [ 2709.767426][T26871] oom_kill_process.cold+0x10/0x15 [ 2709.772579][T26871] out_of_memory+0x358/0x14a0 [ 2709.777309][T26871] ? oom_killer_disable+0x270/0x270 [ 2709.782546][T26871] ? find_held_lock+0x2d/0x110 [ 2709.787345][T26871] mem_cgroup_out_of_memory+0x206/0x270 [ 2709.792921][T26871] ? mem_cgroup_margin+0x130/0x130 [ 2709.798048][T26871] ? lock_downgrade+0x6e0/0x6e0 [ 2709.802930][T26871] try_charge_memcg+0xf67/0x13f0 [ 2709.807898][T26871] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2709.813903][T26871] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2709.819644][T26871] ? lock_downgrade+0x6e0/0x6e0 [ 2709.824512][T26871] ? lock_downgrade+0x6e0/0x6e0 [ 2709.829399][T26871] obj_cgroup_charge+0x2ab/0x5e0 [ 2709.834365][T26871] kmem_cache_alloc_lru+0x13e/0x720 [ 2709.839591][T26871] ? sock_alloc_inode+0x23/0x1d0 [ 2709.844552][T26871] sock_alloc_inode+0x23/0x1d0 [ 2709.849326][T26871] ? sock_free_inode+0x20/0x20 [ 2709.854106][T26871] alloc_inode+0x61/0x230 [ 2709.858451][T26871] new_inode_pseudo+0x13/0x80 [ 2709.863157][T26871] sock_alloc+0x3c/0x260 [ 2709.867433][T26871] __sock_create+0xb9/0x790 [ 2709.871959][T26871] ? lock_downgrade+0x6e0/0x6e0 [ 2709.876827][T26871] __sys_socket+0x12f/0x240 [ 2709.881351][T26871] ? __sys_socket_file+0x1f0/0x1f0 [ 2709.886575][T26871] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2709.892499][T26871] __x64_sys_socket+0x6f/0xb0 [ 2709.897195][T26871] do_syscall_64+0x35/0xb0 [ 2709.901646][T26871] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2709.907566][T26871] RIP: 0033:0x7fefdee8b5a9 [ 2709.912000][T26871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2709.931709][T26871] RSP: 002b:00007fefe005a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 2709.940141][T26871] RAX: ffffffffffffffda RBX: 00007fefdefabf80 RCX: 00007fefdee8b5a9 [ 2709.948123][T26871] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 2709.956105][T26871] RBP: 00007fefdeee6580 R08: 0000000000000000 R09: 0000000000000000 [ 2709.964084][T26871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 11:17:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x88a8ffff00000000) 11:17:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x231}]}}]}, 0x40}, 0x7}, 0x0) 11:17:04 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71b}]}}]}, 0x40}, 0x7}, 0x0) [ 2709.972113][T26871] R13: 00007ffd4124e5bf R14: 00007fefe005a300 R15: 0000000000022000 [ 2709.980114][T26871] [ 2710.050429][T26871] memory: usage 307200kB, limit 307200kB, failcnt 56035 [ 2710.058713][T26871] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2710.066670][T26871] Memory cgroup stats for /syz2: [ 2710.066859][T26871] anon 98304 [ 2710.066859][T26871] file 368640 [ 2710.066859][T26871] kernel 314105856 [ 2710.066859][T26871] kernel_stack 65536 [ 2710.066859][T26871] pagetables 73728 [ 2710.066859][T26871] percpu 5619264 [ 2710.066859][T26871] sock 0 [ 2710.066859][T26871] vmalloc 0 [ 2710.066859][T26871] shmem 364544 [ 2710.066859][T26871] zswap 0 [ 2710.066859][T26871] zswapped 0 [ 2710.066859][T26871] file_mapped 364544 [ 2710.066859][T26871] file_dirty 0 [ 2710.066859][T26871] file_writeback 0 [ 2710.066859][T26871] swapcached 0 [ 2710.066859][T26871] anon_thp 0 [ 2710.066859][T26871] file_thp 0 [ 2710.066859][T26871] shmem_thp 0 [ 2710.066859][T26871] inactive_anon 102400 [ 2710.066859][T26871] active_anon 360448 [ 2710.066859][T26871] inactive_file 4096 [ 2710.066859][T26871] active_file 0 [ 2710.066859][T26871] unevictable 0 [ 2710.066859][T26871] slab_reclaimable 125344 [ 2710.066859][T26871] slab_unreclaimable 308188824 [ 2710.066859][T26871] slab 308314168 [ 2710.173716][T26871] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26869,uid=0 11:17:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f5}]}}]}, 0x40}, 0x7}, 0x0) 11:17:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x9601000000000000) [ 2710.189898][T26871] Memory cgroup out of memory: Killed process 26869 (syz-executor.2) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2710.212357][T26879] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. 11:17:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x728}]}}]}, 0x40}, 0x7}, 0x0) 11:17:05 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) sendmmsg(r0, 0x0, 0x0, 0x0) [ 2710.282741][T26880] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2710.297293][T26883] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2710.348027][T26880] CPU: 0 PID: 26880 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2710.358162][T26880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2710.368334][T26880] Call Trace: [ 2710.371641][T26880] [ 2710.374617][T26880] dump_stack_lvl+0xcd/0x134 [ 2710.379262][T26880] dump_header+0x10b/0x7f9 [ 2710.383802][T26880] oom_kill_process.cold+0x10/0x15 [ 2710.388963][T26880] out_of_memory+0x358/0x14a0 [ 2710.393708][T26880] ? find_held_lock+0x2d/0x110 [ 2710.398875][T26880] ? oom_killer_disable+0x270/0x270 [ 2710.404129][T26880] ? find_held_lock+0x2d/0x110 [ 2710.408952][T26880] mem_cgroup_out_of_memory+0x206/0x270 [ 2710.414626][T26880] ? mem_cgroup_margin+0x130/0x130 [ 2710.419778][T26880] ? lock_downgrade+0x6e0/0x6e0 [ 2710.424680][T26880] try_charge_memcg+0xf67/0x13f0 [ 2710.429848][T26880] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2710.437440][T26880] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2710.443205][T26880] ? lock_downgrade+0x6e0/0x6e0 [ 2710.448096][T26880] ? lock_downgrade+0x6e0/0x6e0 [ 2710.452984][T26880] ? rcu_read_unlock+0x9/0x60 [ 2710.457727][T26880] obj_cgroup_charge+0x2ab/0x5e0 [ 2710.462707][T26880] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2710.468015][T26880] ? copy_semundo+0x187/0x2f0 [ 2710.472720][T26880] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2710.478030][T26880] copy_semundo+0x187/0x2f0 [ 2710.482568][T26880] copy_process+0x23fa/0x7090 [ 2710.487283][T26880] ? __cleanup_sighand+0xb0/0xb0 [ 2710.492249][T26880] kernel_clone+0xe7/0xab0 [ 2710.496683][T26880] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2710.502703][T26880] ? create_io_thread+0xe0/0xe0 [ 2710.507620][T26880] ? find_held_lock+0x2d/0x110 [ 2710.512481][T26880] ? __ct_user_exit+0xff/0x150 [ 2710.517350][T26880] __do_sys_clone+0xba/0x100 [ 2710.521999][T26880] ? kernel_clone+0xab0/0xab0 [ 2710.526706][T26880] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2710.532607][T26880] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2710.538519][T26880] do_syscall_64+0x35/0xb0 [ 2710.542958][T26880] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2710.548892][T26880] RIP: 0033:0x7fa378a8c9d1 [ 2710.553319][T26880] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2710.572936][T26880] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2710.581376][T26880] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2710.589363][T26880] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2710.597346][T26880] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2710.605342][T26880] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2710.613322][T26880] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2710.621346][T26880] [ 2710.626504][T26880] memory: usage 307200kB, limit 307200kB, failcnt 57029 [ 2710.634871][T26880] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2710.641939][T26880] Memory cgroup stats for /syz4: [ 2710.642175][T26880] anon 90112 [ 2710.642175][T26880] file 372736 [ 2710.642175][T26880] kernel 314109952 [ 2710.642175][T26880] kernel_stack 65536 [ 2710.642175][T26880] pagetables 65536 [ 2710.642175][T26880] percpu 5624000 [ 2710.642175][T26880] sock 0 [ 2710.642175][T26880] vmalloc 0 [ 2710.642175][T26880] shmem 372736 [ 2710.642175][T26880] zswap 0 [ 2710.642175][T26880] zswapped 0 [ 2710.642175][T26880] file_mapped 372736 [ 2710.642175][T26880] file_dirty 0 [ 2710.642175][T26880] file_writeback 0 [ 2710.642175][T26880] swapcached 0 [ 2710.642175][T26880] anon_thp 0 [ 2710.642175][T26880] file_thp 0 [ 2710.642175][T26880] shmem_thp 0 [ 2710.642175][T26880] inactive_anon 139264 [ 2710.642175][T26880] active_anon 323584 [ 2710.642175][T26880] inactive_file 0 [ 2710.642175][T26880] active_file 0 [ 2710.642175][T26880] unevictable 0 [ 2710.642175][T26880] slab_reclaimable 17888 [ 2710.642175][T26880] slab_unreclaimable 308300256 [ 2710.642175][T26880] slab 308318144 11:17:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x9effffff00000000) 11:17:05 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f6}]}}]}, 0x40}, 0x7}, 0x0) [ 2710.769374][T26880] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26880,uid=0 [ 2710.798620][T26880] Memory cgroup out of memory: Killed process 26880 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 11:17:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xce03000000000000) [ 2710.827374][T26878] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2710.853073][T26878] CPU: 1 PID: 26878 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2710.863209][T26878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2710.873295][T26878] Call Trace: [ 2710.876584][T26878] [ 2710.879523][T26878] dump_stack_lvl+0xcd/0x134 [ 2710.884136][T26878] dump_header+0x10b/0x7f9 [ 2710.888573][T26878] oom_kill_process.cold+0x10/0x15 [ 2710.893703][T26878] out_of_memory+0x358/0x14a0 [ 2710.898407][T26878] ? oom_killer_disable+0x270/0x270 [ 2710.903634][T26878] ? find_held_lock+0x2d/0x110 [ 2710.908424][T26878] mem_cgroup_out_of_memory+0x206/0x270 [ 2710.913986][T26878] ? mem_cgroup_margin+0x130/0x130 [ 2710.919108][T26878] ? lock_downgrade+0x6e0/0x6e0 [ 2710.923983][T26878] try_charge_memcg+0xf67/0x13f0 [ 2710.929032][T26878] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2710.935056][T26878] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2710.940880][T26878] ? lock_downgrade+0x6e0/0x6e0 [ 2710.945745][T26878] ? lock_downgrade+0x6e0/0x6e0 [ 2710.950623][T26878] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2710.956192][T26878] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2710.962372][T26878] copy_process+0x73e/0x7090 [ 2710.966985][T26878] ? find_held_lock+0x2d/0x110 [ 2710.971785][T26878] ? __cleanup_sighand+0xb0/0xb0 [ 2710.976762][T26878] kernel_clone+0xe7/0xab0 [ 2710.981195][T26878] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2710.987374][T26878] ? create_io_thread+0xe0/0xe0 [ 2710.992251][T26878] ? find_held_lock+0x2d/0x110 [ 2710.997049][T26878] ? __ct_user_exit+0xff/0x150 [ 2711.001833][T26878] __do_sys_clone+0xba/0x100 [ 2711.006443][T26878] ? kernel_clone+0xab0/0xab0 [ 2711.011152][T26878] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2711.017062][T26878] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2711.022981][T26878] do_syscall_64+0x35/0xb0 [ 2711.027424][T26878] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2711.033342][T26878] RIP: 0033:0x7f89d288c9d1 [ 2711.037769][T26878] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2711.057393][T26878] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2711.065827][T26878] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2711.073808][T26878] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2711.081794][T26878] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2711.089774][T26878] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2711.097753][T26878] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2711.105758][T26878] 11:17:05 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71c}]}}]}, 0x40}, 0x7}, 0x0) [ 2711.124300][T26893] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2711.159510][T26878] memory: usage 307200kB, limit 307200kB, failcnt 56250 [ 2711.170825][T26878] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2711.189788][T26878] Memory cgroup stats for /syz3: [ 2711.190003][T26878] anon 147456 [ 2711.190003][T26878] file 385024 [ 2711.190003][T26878] kernel 314040320 [ 2711.190003][T26878] kernel_stack 98304 [ 2711.190003][T26878] pagetables 81920 [ 2711.190003][T26878] percpu 5618080 [ 2711.190003][T26878] sock 0 [ 2711.190003][T26878] vmalloc 0 [ 2711.190003][T26878] shmem 385024 [ 2711.190003][T26878] zswap 0 [ 2711.190003][T26878] zswapped 0 [ 2711.190003][T26878] file_mapped 311296 [ 2711.190003][T26878] file_dirty 0 [ 2711.190003][T26878] file_writeback 0 [ 2711.190003][T26878] swapcached 0 [ 2711.190003][T26878] anon_thp 0 [ 2711.190003][T26878] file_thp 0 [ 2711.190003][T26878] shmem_thp 0 [ 2711.190003][T26878] inactive_anon 200704 [ 2711.190003][T26878] active_anon 331776 [ 2711.190003][T26878] inactive_file 0 [ 2711.190003][T26878] active_file 0 [ 2711.190003][T26878] unevictable 0 [ 2711.190003][T26878] slab_reclaimable 22760 [ 2711.190003][T26878] slab_unreclaimable 308169200 [ 2711.190003][T26878] slab 308191960 [ 2711.288712][T26878] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26878,uid=0 11:17:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xd001000000000000) [ 2711.311888][T26878] Memory cgroup out of memory: Killed process 26878 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 11:17:06 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) sendmmsg(r0, 0x0, 0x0, 0x0) 11:17:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x232}]}}]}, 0x40}, 0x7}, 0x0) 11:17:06 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f7}]}}]}, 0x40}, 0x7}, 0x0) [ 2711.371781][T26897] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2711.422902][T26897] CPU: 1 PID: 26897 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2711.433049][T26897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2711.443134][T26897] Call Trace: [ 2711.446444][T26897] [ 2711.449393][T26897] dump_stack_lvl+0xcd/0x134 [ 2711.454025][T26897] dump_header+0x10b/0x7f9 [ 2711.458488][T26897] oom_kill_process.cold+0x10/0x15 [ 2711.463646][T26897] out_of_memory+0x358/0x14a0 [ 2711.468371][T26897] ? find_held_lock+0x2d/0x110 11:17:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@gettclass={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0x2}}}, 0x24}}, 0x0) [ 2711.473184][T26897] ? oom_killer_disable+0x270/0x270 [ 2711.478435][T26897] ? find_held_lock+0x2d/0x110 [ 2711.483260][T26897] mem_cgroup_out_of_memory+0x206/0x270 [ 2711.488862][T26897] ? mem_cgroup_margin+0x130/0x130 [ 2711.494106][T26897] ? lock_downgrade+0x6e0/0x6e0 [ 2711.499009][T26897] try_charge_memcg+0xf67/0x13f0 [ 2711.504014][T26897] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2711.510053][T26897] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2711.515823][T26897] ? lock_downgrade+0x6e0/0x6e0 [ 2711.520713][T26897] ? lock_downgrade+0x6e0/0x6e0 [ 2711.525631][T26897] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2711.531321][T26897] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2711.537527][T26897] copy_process+0x73e/0x7090 [ 2711.542175][T26897] ? __lock_acquire+0xbc3/0x56d0 [ 2711.547164][T26897] ? __cleanup_sighand+0xb0/0xb0 [ 2711.552168][T26897] kernel_clone+0xe7/0xab0 [ 2711.556634][T26897] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2711.562656][T26897] ? create_io_thread+0xe0/0xe0 [ 2711.567552][T26897] ? find_held_lock+0x2d/0x110 [ 2711.572372][T26897] ? __ct_user_exit+0xff/0x150 [ 2711.577182][T26897] __do_sys_clone+0xba/0x100 [ 2711.581901][T26897] ? kernel_clone+0xab0/0xab0 [ 2711.586636][T26897] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2711.592583][T26897] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2711.598532][T26897] do_syscall_64+0x35/0xb0 [ 2711.603001][T26897] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2711.608944][T26897] RIP: 0033:0x7fa378a8c9d1 [ 2711.613398][T26897] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2711.633129][T26897] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2711.641586][T26897] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2711.649590][T26897] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2711.657595][T26897] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2711.665602][T26897] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e 11:17:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xd501000000000000) [ 2711.673606][T26897] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2711.681633][T26897] [ 2711.684274][T26910] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2711.718442][T26897] memory: usage 307200kB, limit 307200kB, failcnt 57113 [ 2711.728844][T26897] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2711.736856][T26897] Memory cgroup stats for /syz4: [ 2711.737038][T26897] anon 90112 [ 2711.737038][T26897] file 372736 [ 2711.737038][T26897] kernel 314109952 [ 2711.737038][T26897] kernel_stack 32768 [ 2711.737038][T26897] pagetables 65536 [ 2711.737038][T26897] percpu 5624000 [ 2711.737038][T26897] sock 0 [ 2711.737038][T26897] vmalloc 0 [ 2711.737038][T26897] shmem 372736 [ 2711.737038][T26897] zswap 0 [ 2711.737038][T26897] zswapped 0 [ 2711.737038][T26897] file_mapped 372736 [ 2711.737038][T26897] file_dirty 0 [ 2711.737038][T26897] file_writeback 0 [ 2711.737038][T26897] swapcached 0 [ 2711.737038][T26897] anon_thp 0 [ 2711.737038][T26897] file_thp 0 [ 2711.737038][T26897] shmem_thp 0 [ 2711.737038][T26897] inactive_anon 139264 [ 2711.737038][T26897] active_anon 323584 [ 2711.737038][T26897] inactive_file 0 [ 2711.737038][T26897] active_file 0 [ 2711.737038][T26897] unevictable 0 [ 2711.737038][T26897] slab_reclaimable 17888 [ 2711.737038][T26897] slab_unreclaimable 308311656 [ 2711.737038][T26897] slab 308329544 [ 2711.843407][T26897] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26897,uid=0 [ 2711.859393][T26911] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2711.881358][T26897] Memory cgroup out of memory: Killed process 26897 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2711.915196][T26899] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2711.930304][T26899] CPU: 1 PID: 26899 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2711.940434][T26899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2711.950530][T26899] Call Trace: [ 2711.953854][T26899] [ 2711.956810][T26899] dump_stack_lvl+0xcd/0x134 [ 2711.961446][T26899] dump_header+0x10b/0x7f9 [ 2711.965898][T26899] oom_kill_process.cold+0x10/0x15 [ 2711.972263][T26899] out_of_memory+0x358/0x14a0 [ 2711.977063][T26899] ? oom_killer_disable+0x270/0x270 [ 2711.982288][T26899] ? find_held_lock+0x2d/0x110 [ 2711.987086][T26899] mem_cgroup_out_of_memory+0x206/0x270 [ 2711.992744][T26899] ? mem_cgroup_margin+0x130/0x130 [ 2711.997872][T26899] ? lock_downgrade+0x6e0/0x6e0 [ 2712.002755][T26899] try_charge_memcg+0xf67/0x13f0 [ 2712.007728][T26899] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2712.013734][T26899] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2712.019475][T26899] ? lock_downgrade+0x6e0/0x6e0 [ 2712.024377][T26899] ? lock_downgrade+0x6e0/0x6e0 [ 2712.029255][T26899] obj_cgroup_charge+0x2ab/0x5e0 [ 2712.035701][T26899] kmem_cache_alloc_lru+0x13e/0x720 [ 2712.040924][T26899] ? sock_alloc_inode+0x23/0x1d0 [ 2712.045888][T26899] sock_alloc_inode+0x23/0x1d0 [ 2712.050668][T26899] ? sock_free_inode+0x20/0x20 [ 2712.055541][T26899] alloc_inode+0x61/0x230 [ 2712.059889][T26899] new_inode_pseudo+0x13/0x80 [ 2712.064591][T26899] sock_alloc+0x3c/0x260 [ 2712.068879][T26899] __sock_create+0xb9/0x790 [ 2712.073415][T26899] ? lock_downgrade+0x6e0/0x6e0 [ 2712.078301][T26899] __sys_socket+0x12f/0x240 [ 2712.082862][T26899] ? __sys_socket_file+0x1f0/0x1f0 [ 2712.088108][T26899] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2712.094087][T26899] __x64_sys_socket+0x6f/0xb0 [ 2712.098805][T26899] do_syscall_64+0x35/0xb0 [ 2712.103256][T26899] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2712.109178][T26899] RIP: 0033:0x7fefdee8b5a9 [ 2712.113607][T26899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2712.133230][T26899] RSP: 002b:00007fefe005a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 2712.141661][T26899] RAX: ffffffffffffffda RBX: 00007fefdefabf80 RCX: 00007fefdee8b5a9 [ 2712.149648][T26899] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 2712.157635][T26899] RBP: 00007fefdeee6580 R08: 0000000000000000 R09: 0000000000000000 [ 2712.165618][T26899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2712.173605][T26899] R13: 00007ffd4124e5bf R14: 00007fefe005a300 R15: 0000000000022000 [ 2712.181612][T26899] [ 2712.200698][T26899] memory: usage 307200kB, limit 307200kB, failcnt 56156 [ 2712.212220][T26899] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2712.219759][T26899] Memory cgroup stats for /syz2: [ 2712.220015][T26899] anon 98304 [ 2712.220015][T26899] file 368640 [ 2712.220015][T26899] kernel 314105856 [ 2712.220015][T26899] kernel_stack 65536 [ 2712.220015][T26899] pagetables 73728 [ 2712.220015][T26899] percpu 5619264 [ 2712.220015][T26899] sock 0 [ 2712.220015][T26899] vmalloc 0 [ 2712.220015][T26899] shmem 364544 [ 2712.220015][T26899] zswap 0 [ 2712.220015][T26899] zswapped 0 [ 2712.220015][T26899] file_mapped 364544 [ 2712.220015][T26899] file_dirty 0 [ 2712.220015][T26899] file_writeback 0 [ 2712.220015][T26899] swapcached 0 [ 2712.220015][T26899] anon_thp 0 [ 2712.220015][T26899] file_thp 0 [ 2712.220015][T26899] shmem_thp 0 [ 2712.220015][T26899] inactive_anon 102400 [ 2712.220015][T26899] active_anon 360448 [ 2712.220015][T26899] inactive_file 0 [ 2712.220015][T26899] active_file 4096 [ 2712.220015][T26899] unevictable 0 [ 2712.220015][T26899] slab_reclaimable 125344 [ 2712.220015][T26899] slab_unreclaimable 308188824 [ 2712.220015][T26899] slab 308314168 [ 2712.314739][T26899] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26889,uid=0 [ 2712.331990][T26899] Memory cgroup out of memory: Killed process 26889 (syz-executor.2) total-vm:54728kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2712.352969][T26909] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2712.369563][T26909] CPU: 0 PID: 26909 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 11:17:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x729}]}}]}, 0x40}, 0x7}, 0x0) 11:17:07 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71d}]}}]}, 0x40}, 0x7}, 0x0) [ 2712.379702][T26909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2712.389795][T26909] Call Trace: [ 2712.393103][T26909] [ 2712.396060][T26909] dump_stack_lvl+0xcd/0x134 [ 2712.400694][T26909] dump_header+0x10b/0x7f9 [ 2712.405150][T26909] oom_kill_process.cold+0x10/0x15 [ 2712.410338][T26909] out_of_memory+0x358/0x14a0 [ 2712.415077][T26909] ? oom_killer_disable+0x270/0x270 [ 2712.420326][T26909] ? find_held_lock+0x2d/0x110 [ 2712.425138][T26909] mem_cgroup_out_of_memory+0x206/0x270 [ 2712.430718][T26909] ? mem_cgroup_margin+0x130/0x130 [ 2712.435863][T26909] ? lock_downgrade+0x6e0/0x6e0 [ 2712.440764][T26909] try_charge_memcg+0xf67/0x13f0 [ 2712.445759][T26909] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2712.451876][T26909] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2712.457640][T26909] ? lock_downgrade+0x6e0/0x6e0 [ 2712.462524][T26909] ? lock_downgrade+0x6e0/0x6e0 [ 2712.467403][T26909] ? rcu_read_unlock+0x9/0x60 [ 2712.472124][T26909] obj_cgroup_charge+0x2ab/0x5e0 [ 2712.477087][T26909] ? copy_process+0x5c2/0x7090 [ 2712.481886][T26909] kmem_cache_alloc_node+0x92/0x3f0 [ 2712.487117][T26909] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2712.492351][T26909] copy_process+0x5c2/0x7090 [ 2712.496947][T26909] ? __lock_acquire+0xbc3/0x56d0 [ 2712.501893][T26909] ? __cleanup_sighand+0xb0/0xb0 [ 2712.506939][T26909] kernel_clone+0xe7/0xab0 [ 2712.511362][T26909] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2712.517348][T26909] ? create_io_thread+0xe0/0xe0 [ 2712.522210][T26909] ? find_held_lock+0x2d/0x110 [ 2712.527029][T26909] ? __ct_user_exit+0xff/0x150 [ 2712.531835][T26909] __do_sys_clone+0xba/0x100 [ 2712.536461][T26909] ? kernel_clone+0xab0/0xab0 [ 2712.541148][T26909] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2712.547072][T26909] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2712.553013][T26909] do_syscall_64+0x35/0xb0 [ 2712.557462][T26909] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2712.563362][T26909] RIP: 0033:0x7f89d288c9d1 [ 2712.567773][T26909] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2712.587397][T26909] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2712.595817][T26909] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2712.603800][T26909] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2712.611973][T26909] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2712.619974][T26909] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2712.627983][T26909] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2712.636006][T26909] [ 2712.640388][T26909] memory: usage 307200kB, limit 307200kB, failcnt 56346 [ 2712.648096][T26909] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2712.655842][T26909] Memory cgroup stats for /syz3: [ 2712.656082][T26909] anon 147456 [ 2712.656082][T26909] file 385024 [ 2712.656082][T26909] kernel 314040320 [ 2712.656082][T26909] kernel_stack 98304 [ 2712.656082][T26909] pagetables 81920 [ 2712.656082][T26909] percpu 5618080 [ 2712.656082][T26909] sock 0 [ 2712.656082][T26909] vmalloc 0 [ 2712.656082][T26909] shmem 385024 [ 2712.656082][T26909] zswap 0 [ 2712.656082][T26909] zswapped 0 [ 2712.656082][T26909] file_mapped 311296 [ 2712.656082][T26909] file_dirty 0 [ 2712.656082][T26909] file_writeback 0 [ 2712.656082][T26909] swapcached 0 [ 2712.656082][T26909] anon_thp 0 [ 2712.656082][T26909] file_thp 0 [ 2712.656082][T26909] shmem_thp 0 [ 2712.656082][T26909] inactive_anon 200704 [ 2712.656082][T26909] active_anon 331776 [ 2712.656082][T26909] inactive_file 0 [ 2712.656082][T26909] active_file 0 [ 2712.656082][T26909] unevictable 0 [ 2712.656082][T26909] slab_reclaimable 22760 [ 2712.656082][T26909] slab_unreclaimable 308184216 [ 2712.656082][T26909] slab 308206976 [ 2712.755513][T26909] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26909,uid=0 11:17:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xd603000000000000) 11:17:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f8}]}}]}, 0x40}, 0x7}, 0x0) [ 2712.771827][T26909] Memory cgroup out of memory: Killed process 26909 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2712.819536][T26918] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2712.844300][T26918] CPU: 1 PID: 26918 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2712.854437][T26918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2712.864532][T26918] Call Trace: [ 2712.867844][T26918] [ 2712.870793][T26918] dump_stack_lvl+0xcd/0x134 [ 2712.875404][T26918] dump_header+0x10b/0x7f9 [ 2712.879836][T26918] oom_kill_process.cold+0x10/0x15 [ 2712.884965][T26918] out_of_memory+0x358/0x14a0 [ 2712.889666][T26918] ? find_held_lock+0x2d/0x110 [ 2712.894452][T26918] ? oom_killer_disable+0x270/0x270 [ 2712.899682][T26918] ? find_held_lock+0x2d/0x110 [ 2712.904469][T26918] mem_cgroup_out_of_memory+0x206/0x270 [ 2712.910036][T26918] ? mem_cgroup_margin+0x130/0x130 [ 2712.915163][T26918] ? lock_downgrade+0x6e0/0x6e0 [ 2712.920039][T26918] try_charge_memcg+0xf67/0x13f0 [ 2712.925005][T26918] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2712.931007][T26918] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2712.936741][T26918] ? lock_downgrade+0x6e0/0x6e0 [ 2712.941615][T26918] ? lock_downgrade+0x6e0/0x6e0 [ 2712.946494][T26918] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2712.952072][T26918] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2712.958253][T26918] copy_process+0x15f3/0x7090 [ 2712.962953][T26918] ? __lock_acquire+0xbc3/0x56d0 [ 2712.967914][T26918] ? __cleanup_sighand+0xb0/0xb0 [ 2712.972886][T26918] kernel_clone+0xe7/0xab0 [ 2712.977318][T26918] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2712.983401][T26918] ? create_io_thread+0xe0/0xe0 [ 2712.988277][T26918] ? find_held_lock+0x2d/0x110 [ 2712.993105][T26918] ? __ct_user_exit+0xff/0x150 [ 2712.997894][T26918] __do_sys_clone+0xba/0x100 [ 2713.002503][T26918] ? kernel_clone+0xab0/0xab0 [ 2713.007208][T26918] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2713.013119][T26918] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2713.019035][T26918] do_syscall_64+0x35/0xb0 [ 2713.023486][T26918] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2713.029413][T26918] RIP: 0033:0x7fa378a8c9d1 [ 2713.033838][T26918] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2713.053459][T26918] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2713.061884][T26918] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2713.069953][T26918] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2713.077931][T26918] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2713.085908][T26918] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2713.093975][T26918] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2713.101975][T26918] [ 2713.113379][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 11:17:07 executing program 5: r0 = socket(0x1e, 0x5, 0x0) setsockopt$MRT6_ADD_MFC(r0, 0x10f, 0x88, 0x0, 0x0) 11:17:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x233}]}}]}, 0x40}, 0x7}, 0x0) [ 2713.120449][T26918] memory: usage 307188kB, limit 307200kB, failcnt 57211 [ 2713.148430][T26918] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2713.159028][T26925] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2713.175716][T26918] Memory cgroup stats for /syz4: [ 2713.175909][T26918] anon 90112 [ 2713.175909][T26918] file 372736 [ 2713.175909][T26918] kernel 314097664 [ 2713.175909][T26918] kernel_stack 32768 [ 2713.175909][T26918] pagetables 65536 [ 2713.175909][T26918] percpu 5624000 [ 2713.175909][T26918] sock 0 [ 2713.175909][T26918] vmalloc 0 [ 2713.175909][T26918] shmem 372736 [ 2713.175909][T26918] zswap 0 [ 2713.175909][T26918] zswapped 0 [ 2713.175909][T26918] file_mapped 372736 [ 2713.175909][T26918] file_dirty 0 11:17:08 executing program 5: r0 = socket(0x15, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8993, &(0x7f0000000000)={'vxcan0\x00'}) [ 2713.175909][T26918] file_writeback 0 [ 2713.175909][T26918] swapcached 0 [ 2713.175909][T26918] anon_thp 0 [ 2713.175909][T26918] file_thp 0 [ 2713.175909][T26918] shmem_thp 0 [ 2713.175909][T26918] inactive_anon 139264 [ 2713.175909][T26918] active_anon 323584 [ 2713.175909][T26918] inactive_file 0 [ 2713.175909][T26918] active_file 0 [ 2713.175909][T26918] unevictable 0 [ 2713.175909][T26918] slab_reclaimable 17888 [ 2713.175909][T26918] slab_unreclaimable 308300256 [ 2713.175909][T26918] slab 308318144 11:17:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe201000000000000) 11:17:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7f9}]}}]}, 0x40}, 0x7}, 0x0) [ 2713.347499][T26932] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2713.389968][T26918] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26918,uid=0 [ 2713.416787][T26918] Memory cgroup out of memory: Killed process 26918 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2713.451728][T26917] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2713.473021][T26917] CPU: 0 PID: 26917 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2713.483164][T26917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2713.493344][T26917] Call Trace: [ 2713.496641][T26917] [ 2713.499593][T26917] dump_stack_lvl+0xcd/0x134 [ 2713.504224][T26917] dump_header+0x10b/0x7f9 [ 2713.508681][T26917] oom_kill_process.cold+0x10/0x15 [ 2713.513841][T26917] out_of_memory+0x358/0x14a0 [ 2713.518583][T26917] ? oom_killer_disable+0x270/0x270 [ 2713.523832][T26917] ? find_held_lock+0x2d/0x110 [ 2713.528660][T26917] mem_cgroup_out_of_memory+0x206/0x270 [ 2713.534253][T26917] ? mem_cgroup_margin+0x130/0x130 [ 2713.539402][T26917] ? lock_downgrade+0x6e0/0x6e0 [ 2713.544306][T26917] try_charge_memcg+0xf67/0x13f0 11:17:08 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71e}]}}]}, 0x40}, 0x7}, 0x0) [ 2713.549291][T26917] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2713.555321][T26917] ? lock_downgrade+0x6e0/0x6e0 [ 2713.560219][T26917] charge_memcg+0x31/0x320 [ 2713.564667][T26917] __mem_cgroup_charge+0x27/0x90 [ 2713.569629][T26917] ? _compound_head+0x5d/0x150 [ 2713.574419][T26917] wp_page_copy+0x27c/0x1b10 [ 2713.579035][T26917] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2713.584531][T26917] ? lock_downgrade+0x6e0/0x6e0 [ 2713.589394][T26917] ? vm_normal_page+0x146/0x2a0 [ 2713.594273][T26917] do_wp_page+0x52c/0x1910 [ 2713.598771][T26917] __handle_mm_fault+0x1813/0x39b0 [ 2713.603911][T26917] ? vm_iomap_memory+0x190/0x190 [ 2713.608927][T26917] handle_mm_fault+0x1c8/0x780 [ 2713.613712][T26917] do_user_addr_fault+0x475/0x1210 [ 2713.618861][T26917] exc_page_fault+0x94/0x170 [ 2713.623477][T26917] asm_exc_page_fault+0x22/0x30 [ 2713.628350][T26917] RIP: 0033:0x7fefdee35a15 [ 2713.632775][T26917] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2713.652407][T26917] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2713.658485][T26917] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2713.666478][T26917] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2713.674561][T26917] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2713.682552][T26917] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 00000000002964ca [ 2713.690623][T26917] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2713.698625][T26917] [ 2713.706456][T26917] memory: usage 307200kB, limit 307200kB, failcnt 56226 [ 2713.715476][T26917] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2713.722628][T26917] Memory cgroup stats for /syz2: [ 2713.723201][T26917] anon 98304 [ 2713.723201][T26917] file 364544 [ 2713.723201][T26917] kernel 314109952 [ 2713.723201][T26917] kernel_stack 65536 [ 2713.723201][T26917] pagetables 73728 [ 2713.723201][T26917] percpu 5619264 [ 2713.723201][T26917] sock 0 [ 2713.723201][T26917] vmalloc 0 [ 2713.723201][T26917] shmem 364544 [ 2713.723201][T26917] zswap 0 [ 2713.723201][T26917] zswapped 0 [ 2713.723201][T26917] file_mapped 364544 [ 2713.723201][T26917] file_dirty 0 [ 2713.723201][T26917] file_writeback 0 [ 2713.723201][T26917] swapcached 0 [ 2713.723201][T26917] anon_thp 0 [ 2713.723201][T26917] file_thp 0 [ 2713.723201][T26917] shmem_thp 0 [ 2713.723201][T26917] inactive_anon 102400 [ 2713.723201][T26917] active_anon 360448 [ 2713.723201][T26917] inactive_file 0 [ 2713.723201][T26917] active_file 0 [ 2713.723201][T26917] unevictable 0 [ 2713.723201][T26917] slab_reclaimable 127032 [ 2713.723201][T26917] slab_unreclaimable 308189472 [ 2713.723201][T26917] slab 308316504 [ 2713.822450][T26917] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26917,uid=0 [ 2713.838589][T26917] Memory cgroup out of memory: Killed process 26917 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 11:17:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x72a}]}}]}, 0x40}, 0x7}, 0x0) [ 2713.856817][T26931] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 2713.868137][T26931] CPU: 0 PID: 26931 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2713.878438][T26931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2713.888638][T26931] Call Trace: [ 2713.891956][T26931] [ 2713.894937][T26931] dump_stack_lvl+0xcd/0x134 [ 2713.899673][T26931] dump_header+0x10b/0x7f9 [ 2713.904133][T26931] oom_kill_process.cold+0x10/0x15 [ 2713.909286][T26931] out_of_memory+0x358/0x14a0 [ 2713.914020][T26931] ? oom_killer_disable+0x270/0x270 [ 2713.919268][T26931] ? find_held_lock+0x2d/0x110 [ 2713.924070][T26931] mem_cgroup_out_of_memory+0x206/0x270 [ 2713.929634][T26931] ? mem_cgroup_margin+0x130/0x130 [ 2713.934753][T26931] ? lock_downgrade+0x6e0/0x6e0 [ 2713.939637][T26931] try_charge_memcg+0xf67/0x13f0 [ 2713.944590][T26931] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2713.950578][T26931] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2713.956353][T26931] ? lock_downgrade+0x6e0/0x6e0 [ 2713.961215][T26931] ? lock_downgrade+0x6e0/0x6e0 [ 2713.966090][T26931] ? rcu_read_unlock+0x9/0x60 [ 2713.970892][T26931] obj_cgroup_charge+0x2ab/0x5e0 [ 2713.975867][T26931] ? copy_process+0x5c2/0x7090 [ 2713.980655][T26931] kmem_cache_alloc_node+0x92/0x3f0 [ 2713.985875][T26931] ? _raw_spin_unlock_irq+0x1f/0x40 [ 2713.991125][T26931] copy_process+0x5c2/0x7090 [ 2713.995738][T26931] ? find_held_lock+0x2d/0x110 [ 2714.000537][T26931] ? find_held_lock+0x2d/0x110 [ 2714.005358][T26931] ? __cleanup_sighand+0xb0/0xb0 [ 2714.010362][T26931] kernel_clone+0xe7/0xab0 [ 2714.014873][T26931] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2714.020889][T26931] ? create_io_thread+0xe0/0xe0 [ 2714.025778][T26931] ? find_held_lock+0x2d/0x110 [ 2714.030602][T26931] ? __ct_user_exit+0xff/0x150 [ 2714.035507][T26931] __do_sys_clone+0xba/0x100 [ 2714.040137][T26931] ? kernel_clone+0xab0/0xab0 [ 2714.044855][T26931] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2714.050782][T26931] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2714.056708][T26931] do_syscall_64+0x35/0xb0 [ 2714.061157][T26931] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2714.067080][T26931] RIP: 0033:0x7f89d288c9d1 [ 2714.071507][T26931] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2714.091130][T26931] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2714.099561][T26931] RAX: ffffffffffffffda RBX: 00007f89d3a91700 RCX: 00007f89d288c9d1 [ 2714.107641][T26931] RDX: 00007f89d3a919d0 RSI: 00007f89d3a912f0 RDI: 00000000003d0f00 [ 2714.115625][T26931] RBP: 00007fff48383380 R08: 00007f89d3a91700 R09: 00007f89d3a91700 [ 2714.123610][T26931] R10: 00007f89d3a919d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2714.131774][T26931] R13: 00007fff483831ef R14: 00007f89d3a91300 R15: 0000000000022000 [ 2714.139787][T26931] [ 2714.146274][T26931] memory: usage 307196kB, limit 307200kB, failcnt 56425 [ 2714.155663][T26931] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2714.163103][T26931] Memory cgroup stats for /syz3: [ 2714.163317][T26931] anon 143360 [ 2714.163317][T26931] file 385024 [ 2714.163317][T26931] kernel 314040320 [ 2714.163317][T26931] kernel_stack 65536 [ 2714.163317][T26931] pagetables 81920 [ 2714.163317][T26931] percpu 5619264 [ 2714.163317][T26931] sock 0 [ 2714.163317][T26931] vmalloc 0 [ 2714.163317][T26931] shmem 385024 [ 2714.163317][T26931] zswap 0 [ 2714.163317][T26931] zswapped 0 [ 2714.163317][T26931] file_mapped 311296 [ 2714.163317][T26931] file_dirty 0 [ 2714.163317][T26931] file_writeback 0 [ 2714.163317][T26931] swapcached 0 [ 2714.163317][T26931] anon_thp 0 [ 2714.163317][T26931] file_thp 0 [ 2714.163317][T26931] shmem_thp 0 [ 2714.163317][T26931] inactive_anon 196608 [ 2714.163317][T26931] active_anon 331776 [ 2714.163317][T26931] inactive_file 0 [ 2714.163317][T26931] active_file 0 [ 2714.163317][T26931] unevictable 0 [ 2714.163317][T26931] slab_reclaimable 22760 [ 2714.163317][T26931] slab_unreclaimable 308216400 [ 2714.163317][T26931] slab 308239160 [ 2714.258526][T26931] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26931,uid=0 [ 2714.274270][T26931] Memory cgroup out of memory: Killed process 26931 (syz-executor.3) total-vm:54728kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2714.313890][T26940] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2714.332586][T26940] CPU: 1 PID: 26940 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2714.342715][T26940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2714.352786][T26940] Call Trace: [ 2714.356164][T26940] [ 2714.359098][T26940] dump_stack_lvl+0xcd/0x134 [ 2714.363698][T26940] dump_header+0x10b/0x7f9 [ 2714.368136][T26940] oom_kill_process.cold+0x10/0x15 [ 2714.373274][T26940] out_of_memory+0x358/0x14a0 [ 2714.377983][T26940] ? find_held_lock+0x2d/0x110 [ 2714.382776][T26940] ? oom_killer_disable+0x270/0x270 [ 2714.388005][T26940] ? find_held_lock+0x2d/0x110 [ 2714.392804][T26940] mem_cgroup_out_of_memory+0x206/0x270 [ 2714.398377][T26940] ? mem_cgroup_margin+0x130/0x130 [ 2714.403518][T26940] ? lock_downgrade+0x6e0/0x6e0 [ 2714.408402][T26940] try_charge_memcg+0xf67/0x13f0 [ 2714.413370][T26940] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2714.419382][T26940] ? lock_downgrade+0x6e0/0x6e0 [ 2714.424270][T26940] charge_memcg+0x31/0x320 [ 2714.428722][T26940] __mem_cgroup_charge+0x27/0x90 [ 2714.433681][T26940] ? _compound_head+0x5d/0x150 [ 2714.438480][T26940] wp_page_copy+0x27c/0x1b10 [ 2714.443097][T26940] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2714.448572][T26940] ? lock_downgrade+0x6e0/0x6e0 [ 2714.453524][T26940] ? vm_normal_page+0x146/0x2a0 [ 2714.458407][T26940] do_wp_page+0x52c/0x1910 [ 2714.462851][T26940] __handle_mm_fault+0x1813/0x39b0 [ 2714.467989][T26940] ? vm_iomap_memory+0x190/0x190 [ 2714.472967][T26940] handle_mm_fault+0x1c8/0x780 [ 2714.477755][T26940] do_user_addr_fault+0x475/0x1210 [ 2714.482901][T26940] exc_page_fault+0x94/0x170 [ 2714.487514][T26940] asm_exc_page_fault+0x22/0x30 [ 2714.492392][T26940] RIP: 0033:0x7fefdee362de [ 2714.496824][T26940] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2714.516552][T26940] RSP: 002b:00007ffd4124e640 EFLAGS: 00010246 [ 2714.522638][T26940] RAX: 00007fefdefabf80 RBX: 00007fefdefabf8c RCX: 0000000000000000 [ 2714.530621][T26940] RDX: 0000000000000000 RSI: 00007fefdefabf88 RDI: 0000000000000000 [ 2714.538607][T26940] RBP: 00007fefdefabf80 R08: 00007fefe005a700 R09: 00007fefe005a700 [ 2714.546744][T26940] R10: 00007fefe005a9d0 R11: 0000000000000206 R12: 00007fefdefabf8c [ 2714.554727][T26940] R13: 00007fefdefb0060 R14: 00007fefdefabf80 R15: 0000000000000000 11:17:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe203000000000000) 11:17:09 executing program 5: r0 = socket(0x15, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x89e0, 0x0) 11:17:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x234}]}}]}, 0x40}, 0x7}, 0x0) [ 2714.562738][T26940] [ 2714.577415][T26940] memory: usage 307184kB, limit 307200kB, failcnt 56276 [ 2714.596408][T26940] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2714.598714][T26936] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2714.643149][T26940] Memory cgroup stats for /syz2: [ 2714.643332][T26940] anon 90112 [ 2714.643332][T26940] file 364544 [ 2714.643332][T26940] kernel 314101760 [ 2714.643332][T26940] kernel_stack 65536 [ 2714.643332][T26940] pagetables 69632 [ 2714.643332][T26940] percpu 5619264 [ 2714.643332][T26940] sock 0 [ 2714.643332][T26940] vmalloc 0 [ 2714.643332][T26940] shmem 364544 [ 2714.643332][T26940] zswap 0 [ 2714.643332][T26940] zswapped 0 [ 2714.643332][T26940] file_mapped 364544 [ 2714.643332][T26940] file_dirty 0 11:17:09 executing program 5: r0 = socket(0x15, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8912, &(0x7f0000000000)={'vxcan0\x00'}) [ 2714.643332][T26940] file_writeback 0 [ 2714.643332][T26940] swapcached 0 [ 2714.643332][T26940] anon_thp 0 [ 2714.643332][T26940] file_thp 0 [ 2714.643332][T26940] shmem_thp 0 [ 2714.643332][T26940] inactive_anon 94208 [ 2714.643332][T26940] active_anon 360448 [ 2714.643332][T26940] inactive_file 0 [ 2714.643332][T26940] active_file 0 [ 2714.643332][T26940] unevictable 0 [ 2714.643332][T26940] slab_reclaimable 125104 [ 2714.643332][T26940] slab_unreclaimable 308188824 [ 2714.643332][T26940] slab 308313928 [ 2714.751719][T26940] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26940,uid=0 [ 2714.779509][T26940] Memory cgroup out of memory: Killed process 26940 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 11:17:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x72b}]}}]}, 0x40}, 0x7}, 0x0) [ 2714.800589][T26944] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2714.806978][T26939] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2714.840569][T26939] CPU: 0 PID: 26939 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2714.850710][T26939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2714.861412][T26939] Call Trace: [ 2714.864735][T26939] [ 2714.867788][T26939] dump_stack_lvl+0xcd/0x134 [ 2714.872517][T26939] dump_header+0x10b/0x7f9 [ 2714.877166][T26939] oom_kill_process.cold+0x10/0x15 [ 2714.882413][T26939] out_of_memory+0x358/0x14a0 [ 2714.887214][T26939] ? oom_killer_disable+0x270/0x270 [ 2714.892468][T26939] ? find_held_lock+0x2d/0x110 [ 2714.897469][T26939] mem_cgroup_out_of_memory+0x206/0x270 [ 2714.903063][T26939] ? mem_cgroup_margin+0x130/0x130 [ 2714.908231][T26939] ? lock_downgrade+0x6e0/0x6e0 [ 2714.913233][T26939] try_charge_memcg+0xf67/0x13f0 [ 2714.918239][T26939] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2714.924274][T26939] ? lock_downgrade+0x6e0/0x6e0 [ 2714.929255][T26939] charge_memcg+0x31/0x320 [ 2714.933735][T26939] __mem_cgroup_charge+0x27/0x90 [ 2714.938709][T26939] ? _compound_head+0x5d/0x150 [ 2714.943534][T26939] wp_page_copy+0x27c/0x1b10 [ 2714.948159][T26939] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2714.953719][T26939] ? lock_downgrade+0x6e0/0x6e0 [ 2714.958665][T26939] ? vm_normal_page+0x146/0x2a0 [ 2714.963878][T26939] do_wp_page+0x52c/0x1910 [ 2714.968312][T26939] __handle_mm_fault+0x1813/0x39b0 [ 2714.973435][T26939] ? vm_iomap_memory+0x190/0x190 [ 2714.978438][T26939] handle_mm_fault+0x1c8/0x780 [ 2714.983231][T26939] do_user_addr_fault+0x475/0x1210 [ 2714.988363][T26939] exc_page_fault+0x94/0x170 [ 2714.993214][T26939] asm_exc_page_fault+0x22/0x30 [ 2714.998188][T26939] RIP: 0033:0x7fa378a362de [ 2715.002617][T26939] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2715.022368][T26939] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2715.028465][T26939] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2715.036446][T26939] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2715.044772][T26939] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 11:17:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xe603000000000000) [ 2715.052847][T26939] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2715.060926][T26939] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2715.069956][T26939] [ 2715.083514][T26939] memory: usage 307200kB, limit 307200kB, failcnt 57310 [ 2715.090523][T26939] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2715.097656][T26939] Memory cgroup stats for /syz4: 11:17:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7fa}]}}]}, 0x40}, 0x7}, 0x0) 11:17:09 executing program 5: bpf$MAP_CREATE(0x18, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48) [ 2715.097877][T26939] anon 90112 [ 2715.097877][T26939] file 372736 [ 2715.097877][T26939] kernel 314109952 [ 2715.097877][T26939] kernel_stack 65536 [ 2715.097877][T26939] pagetables 65536 [ 2715.097877][T26939] percpu 5624000 [ 2715.097877][T26939] sock 0 [ 2715.097877][T26939] vmalloc 0 [ 2715.097877][T26939] shmem 372736 [ 2715.097877][T26939] zswap 0 [ 2715.097877][T26939] zswapped 0 [ 2715.097877][T26939] file_mapped 372736 [ 2715.097877][T26939] file_dirty 0 [ 2715.097877][T26939] file_writeback 0 [ 2715.097877][T26939] swapcached 0 [ 2715.097877][T26939] anon_thp 0 [ 2715.097877][T26939] file_thp 0 [ 2715.097877][T26939] shmem_thp 0 [ 2715.097877][T26939] inactive_anon 139264 [ 2715.097877][T26939] active_anon 323584 [ 2715.097877][T26939] inactive_file 0 [ 2715.097877][T26939] active_file 0 [ 2715.097877][T26939] unevictable 0 [ 2715.097877][T26939] slab_reclaimable 17888 [ 2715.097877][T26939] slab_unreclaimable 308300720 [ 2715.097877][T26939] slab 308318608 11:17:10 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0) bind$netlink(r0, &(0x7f0000000000), 0xc) 11:17:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xea03000000000000) [ 2715.203081][T26956] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2715.271345][T26939] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26939,uid=0 [ 2715.287253][T26939] Memory cgroup out of memory: Killed process 26939 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2715.331311][T26943] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2715.343268][T26943] CPU: 0 PID: 26943 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2715.353398][T26943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2715.363489][T26943] Call Trace: [ 2715.366790][T26943] [ 2715.369763][T26943] dump_stack_lvl+0xcd/0x134 [ 2715.374402][T26943] dump_header+0x10b/0x7f9 11:17:10 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x71f}]}}]}, 0x40}, 0x7}, 0x0) 11:17:10 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7fb}]}}]}, 0x40}, 0x7}, 0x0) 11:17:10 executing program 5: socketpair(0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000007c0), 0xffffffffffffffff) 11:17:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xee03000000000000) [ 2715.378875][T26943] oom_kill_process.cold+0x10/0x15 [ 2715.384037][T26943] out_of_memory+0x358/0x14a0 [ 2715.388805][T26943] ? oom_killer_disable+0x270/0x270 [ 2715.394059][T26943] ? find_held_lock+0x2d/0x110 [ 2715.398901][T26943] mem_cgroup_out_of_memory+0x206/0x270 [ 2715.404511][T26943] ? mem_cgroup_margin+0x130/0x130 [ 2715.409660][T26943] ? lock_downgrade+0x6e0/0x6e0 [ 2715.414569][T26943] try_charge_memcg+0xf67/0x13f0 [ 2715.419578][T26943] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2715.425696][T26943] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2715.431461][T26943] ? lock_downgrade+0x6e0/0x6e0 [ 2715.436353][T26943] ? lock_downgrade+0x6e0/0x6e0 [ 2715.441254][T26943] __memcg_kmem_charge_page+0x16a/0x3b0 [ 2715.446854][T26943] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 2715.453065][T26943] copy_process+0x73e/0x7090 [ 2715.457713][T26943] ? find_held_lock+0x2d/0x110 [ 2715.462621][T26943] ? __cleanup_sighand+0xb0/0xb0 [ 2715.467626][T26943] kernel_clone+0xe7/0xab0 [ 2715.472074][T26943] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2715.479670][T26943] ? create_io_thread+0xe0/0xe0 [ 2715.484578][T26943] ? find_held_lock+0x2d/0x110 [ 2715.489396][T26943] ? __ct_user_exit+0xff/0x150 [ 2715.494196][T26943] __do_sys_clone+0xba/0x100 [ 2715.498912][T26943] ? kernel_clone+0xab0/0xab0 [ 2715.503643][T26943] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2715.509565][T26943] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2715.515578][T26943] do_syscall_64+0x35/0xb0 [ 2715.520029][T26943] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2715.525955][T26943] RIP: 0033:0x7f89d288c9d1 [ 2715.530390][T26943] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2715.550022][T26943] RSP: 002b:00007fff48383138 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2715.558497][T26943] RAX: ffffffffffffffda RBX: 00007f89d3a70700 RCX: 00007f89d288c9d1 [ 2715.566484][T26943] RDX: 00007f89d3a709d0 RSI: 00007f89d3a702f0 RDI: 00000000003d0f00 [ 2715.574468][T26943] RBP: 00007fff48383380 R08: 00007f89d3a70700 R09: 00007f89d3a70700 [ 2715.582462][T26943] R10: 00007f89d3a709d0 R11: 0000000000000206 R12: 00007fff483831ee [ 2715.590446][T26943] R13: 00007fff483831ef R14: 00007f89d3a70300 R15: 0000000000022000 [ 2715.598451][T26943] [ 2715.614384][T26943] memory: usage 307200kB, limit 307200kB, failcnt 56567 [ 2715.621567][T26943] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2715.641295][T26967] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2715.672899][T26943] Memory cgroup stats for /syz3: [ 2715.673114][T26943] anon 147456 [ 2715.673114][T26943] file 385024 [ 2715.673114][T26943] kernel 314040320 [ 2715.673114][T26943] kernel_stack 98304 [ 2715.673114][T26943] pagetables 81920 [ 2715.673114][T26943] percpu 5618080 [ 2715.673114][T26943] sock 0 [ 2715.673114][T26943] vmalloc 0 [ 2715.673114][T26943] shmem 385024 [ 2715.673114][T26943] zswap 0 [ 2715.673114][T26943] zswapped 0 [ 2715.673114][T26943] file_mapped 311296 [ 2715.673114][T26943] file_dirty 0 [ 2715.673114][T26943] file_writeback 0 [ 2715.673114][T26943] swapcached 0 [ 2715.673114][T26943] anon_thp 0 [ 2715.673114][T26943] file_thp 0 [ 2715.673114][T26943] shmem_thp 0 [ 2715.673114][T26943] inactive_anon 200704 [ 2715.673114][T26943] active_anon 331776 [ 2715.673114][T26943] inactive_file 0 [ 2715.673114][T26943] active_file 0 [ 2715.673114][T26943] unevictable 0 [ 2715.673114][T26943] slab_reclaimable 22760 [ 2715.673114][T26943] slab_unreclaimable 308169200 [ 2715.673114][T26943] slab 308191960 11:17:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x235}]}}]}, 0x40}, 0x7}, 0x0) 11:17:10 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x1c, 0x3, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_MARK={0x8}]}, 0x1c}}, 0x0) [ 2715.783624][T26943] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26943,uid=0 [ 2715.803926][T26943] Memory cgroup out of memory: Killed process 26943 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2715.917399][T26966] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2715.938585][T26966] CPU: 1 PID: 26966 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2715.948754][T26966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2715.958857][T26966] Call Trace: [ 2715.962162][T26966] [ 2715.965293][T26966] dump_stack_lvl+0xcd/0x134 [ 2715.969939][T26966] dump_header+0x10b/0x7f9 [ 2715.974401][T26966] oom_kill_process.cold+0x10/0x15 [ 2715.979555][T26966] out_of_memory+0x358/0x14a0 [ 2715.984285][T26966] ? find_held_lock+0x2d/0x110 [ 2715.989096][T26966] ? oom_killer_disable+0x270/0x270 [ 2715.994339][T26966] ? find_held_lock+0x2d/0x110 [ 2715.999150][T26966] mem_cgroup_out_of_memory+0x206/0x270 [ 2716.004748][T26966] ? mem_cgroup_margin+0x130/0x130 [ 2716.010068][T26966] ? lock_downgrade+0x6e0/0x6e0 [ 2716.014967][T26966] try_charge_memcg+0xf67/0x13f0 [ 2716.020127][T26966] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2716.026157][T26966] ? lock_downgrade+0x6e0/0x6e0 [ 2716.031056][T26966] charge_memcg+0x31/0x320 [ 2716.035513][T26966] __mem_cgroup_charge+0x27/0x90 [ 2716.040489][T26966] ? _compound_head+0x5d/0x150 [ 2716.045299][T26966] wp_page_copy+0x27c/0x1b10 [ 2716.049943][T26966] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2716.055430][T26966] ? lock_downgrade+0x6e0/0x6e0 [ 2716.060312][T26966] ? vm_normal_page+0x146/0x2a0 [ 2716.065211][T26966] do_wp_page+0x52c/0x1910 [ 2716.069667][T26966] __handle_mm_fault+0x1813/0x39b0 [ 2716.075428][T26966] ? vm_iomap_memory+0x190/0x190 [ 2716.080512][T26966] handle_mm_fault+0x1c8/0x780 [ 2716.085317][T26966] do_user_addr_fault+0x475/0x1210 [ 2716.090477][T26966] exc_page_fault+0x94/0x170 [ 2716.095119][T26966] asm_exc_page_fault+0x22/0x30 [ 2716.100095][T26966] RIP: 0033:0x7fa378a362de [ 2716.104536][T26966] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2716.124175][T26966] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2716.130298][T26966] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2716.138296][T26966] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2716.146296][T26966] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2716.154382][T26966] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2716.162385][T26966] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2716.170408][T26966] [ 2716.186199][T26966] memory: usage 307200kB, limit 307200kB, failcnt 57377 [ 2716.194115][T26966] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2716.201206][T26966] Memory cgroup stats for /syz4: [ 2716.201390][T26966] anon 90112 [ 2716.201390][T26966] file 372736 [ 2716.201390][T26966] kernel 314109952 [ 2716.201390][T26966] kernel_stack 65536 [ 2716.201390][T26966] pagetables 65536 [ 2716.201390][T26966] percpu 5624000 [ 2716.201390][T26966] sock 0 [ 2716.201390][T26966] vmalloc 0 [ 2716.201390][T26966] shmem 372736 [ 2716.201390][T26966] zswap 0 [ 2716.201390][T26966] zswapped 0 [ 2716.201390][T26966] file_mapped 372736 [ 2716.201390][T26966] file_dirty 0 [ 2716.201390][T26966] file_writeback 0 [ 2716.201390][T26966] swapcached 0 [ 2716.201390][T26966] anon_thp 0 [ 2716.201390][T26966] file_thp 0 [ 2716.201390][T26966] shmem_thp 0 [ 2716.201390][T26966] inactive_anon 139264 [ 2716.201390][T26966] active_anon 323584 [ 2716.201390][T26966] inactive_file 0 [ 2716.201390][T26966] active_file 0 [ 2716.201390][T26966] unevictable 0 [ 2716.201390][T26966] slab_reclaimable 17888 [ 2716.201390][T26966] slab_unreclaimable 308300720 [ 2716.201390][T26966] slab 308318608 [ 2716.301257][T26966] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26966,uid=0 [ 2716.317870][T26979] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2716.328020][T26966] Memory cgroup out of memory: Killed process 26966 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2716.352907][T26972] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2716.374855][T26972] CPU: 0 PID: 26972 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2716.384994][T26972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2716.395172][T26972] Call Trace: [ 2716.398563][T26972] [ 2716.401505][T26972] dump_stack_lvl+0xcd/0x134 [ 2716.406103][T26972] dump_header+0x10b/0x7f9 [ 2716.410611][T26972] oom_kill_process.cold+0x10/0x15 [ 2716.415727][T26972] out_of_memory+0x358/0x14a0 [ 2716.420512][T26972] ? oom_killer_disable+0x270/0x270 [ 2716.425749][T26972] ? find_held_lock+0x2d/0x110 [ 2716.430569][T26972] mem_cgroup_out_of_memory+0x206/0x270 [ 2716.436667][T26972] ? mem_cgroup_margin+0x130/0x130 [ 2716.441918][T26972] ? lock_downgrade+0x6e0/0x6e0 [ 2716.446811][T26972] try_charge_memcg+0xf67/0x13f0 [ 2716.451775][T26972] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2716.457789][T26972] ? lock_downgrade+0x6e0/0x6e0 [ 2716.462689][T26972] charge_memcg+0x31/0x320 [ 2716.467158][T26972] __mem_cgroup_charge+0x27/0x90 [ 2716.472150][T26972] ? _compound_head+0x5d/0x150 [ 2716.476955][T26972] wp_page_copy+0x27c/0x1b10 [ 2716.481568][T26972] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2716.487051][T26972] ? lock_downgrade+0x6e0/0x6e0 [ 2716.491911][T26972] ? vm_normal_page+0x146/0x2a0 [ 2716.497215][T26972] do_wp_page+0x52c/0x1910 [ 2716.501641][T26972] __handle_mm_fault+0x1813/0x39b0 [ 2716.506868][T26972] ? vm_iomap_memory+0x190/0x190 [ 2716.512057][T26972] handle_mm_fault+0x1c8/0x780 [ 2716.516944][T26972] do_user_addr_fault+0x475/0x1210 [ 2716.522173][T26972] exc_page_fault+0x94/0x170 [ 2716.526780][T26972] asm_exc_page_fault+0x22/0x30 [ 2716.531725][T26972] RIP: 0033:0x7fefdee35a15 [ 2716.536144][T26972] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2716.555857][T26972] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2716.561932][T26972] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2716.569955][T26972] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2716.578023][T26972] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2716.586020][T26972] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 00000000002970f4 [ 2716.594064][T26972] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2716.602057][T26972] [ 2716.622165][T26972] memory: usage 307200kB, limit 307200kB, failcnt 56396 [ 2716.631355][T26972] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2716.640868][T26972] Memory cgroup stats for /syz2: [ 2716.641001][T26972] anon 98304 [ 2716.641001][T26972] file 364544 [ 2716.641001][T26972] kernel 314109952 [ 2716.641001][T26972] kernel_stack 65536 [ 2716.641001][T26972] pagetables 73728 [ 2716.641001][T26972] percpu 5619264 [ 2716.641001][T26972] sock 0 [ 2716.641001][T26972] vmalloc 0 [ 2716.641001][T26972] shmem 364544 [ 2716.641001][T26972] zswap 0 [ 2716.641001][T26972] zswapped 0 [ 2716.641001][T26972] file_mapped 364544 [ 2716.641001][T26972] file_dirty 0 [ 2716.641001][T26972] file_writeback 0 [ 2716.641001][T26972] swapcached 0 [ 2716.641001][T26972] anon_thp 0 [ 2716.641001][T26972] file_thp 0 [ 2716.641001][T26972] shmem_thp 0 [ 2716.641001][T26972] inactive_anon 102400 [ 2716.641001][T26972] active_anon 360448 [ 2716.641001][T26972] inactive_file 0 [ 2716.641001][T26972] active_file 0 [ 2716.641001][T26972] unevictable 0 [ 2716.641001][T26972] slab_reclaimable 127032 [ 2716.641001][T26972] slab_unreclaimable 308189472 [ 2716.641001][T26972] slab 308316504 [ 2716.737312][T26972] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26972,uid=0 [ 2716.754208][T26972] Memory cgroup out of memory: Killed process 26972 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2716.772055][T26979] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=1, oom_score_adj=1000 [ 2716.791998][T26979] CPU: 0 PID: 26979 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2716.802157][T26979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2716.812231][T26979] Call Trace: [ 2716.815633][T26979] [ 2716.818566][T26979] dump_stack_lvl+0xcd/0x134 [ 2716.823167][T26979] dump_header+0x10b/0x7f9 [ 2716.827589][T26979] oom_kill_process.cold+0x10/0x15 [ 2716.832714][T26979] out_of_memory+0x358/0x14a0 [ 2716.837423][T26979] ? oom_killer_disable+0x270/0x270 [ 2716.842678][T26979] ? find_held_lock+0x2d/0x110 [ 2716.847598][T26979] mem_cgroup_out_of_memory+0x206/0x270 [ 2716.853150][T26979] ? mem_cgroup_margin+0x130/0x130 [ 2716.858347][T26979] ? lock_downgrade+0x6e0/0x6e0 [ 2716.863204][T26979] try_charge_memcg+0xf67/0x13f0 [ 2716.868163][T26979] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2716.874148][T26979] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2716.879887][T26979] ? lock_downgrade+0x6e0/0x6e0 [ 2716.884787][T26979] obj_cgroup_charge+0x2ab/0x5e0 [ 2716.889789][T26979] __kmalloc+0xb2/0x340 [ 2716.893973][T26979] ? veth_dev_init+0x1d8/0x3e0 [ 2716.898882][T26979] veth_dev_init+0x1d8/0x3e0 [ 2716.903593][T26979] ? veth_get_num_queues+0x50/0x50 [ 2716.908744][T26979] register_netdevice+0x580/0x1670 [ 2716.913888][T26979] ? netdev_change_features+0xb0/0xb0 [ 2716.919325][T26979] ? dev_addr_mod+0x2c9/0x3f0 [ 2716.924127][T26979] veth_newlink+0x338/0x990 [ 2716.928678][T26979] ? veth_set_features+0x190/0x190 [ 2716.933828][T26979] ? netlink_unicast+0x543/0x7f0 [ 2716.938921][T26979] ? netlink_sendmsg+0x917/0xe10 [ 2716.944058][T26979] ? sock_sendmsg+0xcf/0x120 [ 2716.948672][T26979] ? ____sys_sendmsg+0x712/0x8c0 [ 2716.953634][T26979] ? ___sys_sendmsg+0x110/0x1b0 [ 2716.958510][T26979] ? __sys_sendmsg+0xf3/0x1c0 [ 2716.963214][T26979] ? do_syscall_64+0x35/0xb0 [ 2716.967861][T26979] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2716.973974][T26979] ? find_held_lock+0x2d/0x110 [ 2716.980607][T26979] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2716.986530][T26979] ? lock_downgrade+0x6e0/0x6e0 [ 2716.991430][T26979] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2716.997022][T26979] ? trace_kmalloc_node+0x32/0x100 [ 2717.002157][T26979] ? __kmalloc_node+0x1bf/0x380 [ 2717.007037][T26979] ? memset+0x20/0x40 [ 2717.011057][T26979] ? __xdp_rxq_info_reg+0x189/0x340 [ 2717.016294][T26979] ? memcpy+0x39/0x60 [ 2717.020309][T26979] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2717.025464][T26979] ? rtnl_create_link+0x7e8/0xca0 [ 2717.030534][T26979] ? veth_set_features+0x190/0x190 [ 2717.035686][T26979] __rtnl_newlink+0x1087/0x17e0 [ 2717.040577][T26979] ? rtnl_link_unregister+0x250/0x250 [ 2717.045975][T26979] ? rtnl_newlink+0x46/0xa0 [ 2717.050698][T26979] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2717.056281][T26979] ? trace_kmalloc+0x32/0x100 [ 2717.060993][T26979] rtnl_newlink+0x64/0xa0 [ 2717.065344][T26979] ? __rtnl_newlink+0x17e0/0x17e0 [ 2717.070392][T26979] rtnetlink_rcv_msg+0x43a/0xca0 [ 2717.075359][T26979] ? rtnl_getlink+0xae0/0xae0 [ 2717.080053][T26979] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2717.085381][T26979] ? skb_clone+0x16e/0x3c0 [ 2717.089826][T26979] ? ref_tracker_free+0x370/0x6b0 [ 2717.094883][T26979] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2717.100383][T26979] netlink_rcv_skb+0x153/0x420 [ 2717.105179][T26979] ? rtnl_getlink+0xae0/0xae0 [ 2717.109968][T26979] ? netlink_ack+0xd50/0xd50 [ 2717.114584][T26979] ? netlink_deliver_tap+0x1a2/0xc40 [ 2717.119901][T26979] ? netlink_deliver_tap+0x1b1/0xc40 [ 2717.125220][T26979] netlink_unicast+0x543/0x7f0 [ 2717.130117][T26979] ? netlink_attachskb+0x880/0x880 [ 2717.135254][T26979] ? __phys_addr+0xc4/0x140 [ 2717.139864][T26979] ? __phys_addr_symbol+0x2c/0x70 [ 2717.144928][T26979] ? __check_object_size+0x2de/0x700 [ 2717.150257][T26979] netlink_sendmsg+0x917/0xe10 [ 2717.155057][T26979] ? netlink_unicast+0x7f0/0x7f0 [ 2717.160033][T26979] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2717.165455][T26979] ? netlink_unicast+0x7f0/0x7f0 [ 2717.170420][T26979] sock_sendmsg+0xcf/0x120 [ 2717.174881][T26979] ____sys_sendmsg+0x712/0x8c0 [ 2717.179674][T26979] ? copy_msghdr_from_user+0xfc/0x150 [ 2717.185075][T26979] ? kernel_sendmsg+0x50/0x50 [ 2717.189791][T26979] ? futex_unqueue+0xb3/0x120 [ 2717.194506][T26979] ___sys_sendmsg+0x110/0x1b0 [ 2717.199214][T26979] ? do_recvmmsg+0x6e0/0x6e0 [ 2717.203836][T26979] ? __fget_files+0x248/0x440 [ 2717.208626][T26979] ? lock_downgrade+0x6e0/0x6e0 [ 2717.213504][T26979] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2717.219517][T26979] ? __fget_files+0x26a/0x440 [ 2717.224234][T26979] ? __fget_light+0xe5/0x270 [ 2717.228854][T26979] __sys_sendmsg+0xf3/0x1c0 [ 2717.233389][T26979] ? __sys_sendmsg_sock+0x30/0x30 [ 2717.238443][T26979] ? lock_downgrade+0x6e0/0x6e0 [ 2717.243329][T26979] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2717.249258][T26979] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2717.255178][T26979] ? lockdep_hardirqs_on+0x79/0x100 [ 2717.260508][T26979] do_syscall_64+0x35/0xb0 [ 2717.264965][T26979] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2717.270890][T26979] RIP: 0033:0x7f89d288b5a9 [ 2717.275328][T26979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2717.294961][T26979] RSP: 002b:00007f89d3ab2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2717.303403][T26979] RAX: ffffffffffffffda RBX: 00007f89d29abf80 RCX: 00007f89d288b5a9 [ 2717.311447][T26979] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 2717.319439][T26979] RBP: 00007f89d28e6580 R08: 0000000000000000 R09: 0000000000000000 11:17:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x72c}]}}]}, 0x40}, 0x7}, 0x0) 11:17:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf0ffffff00000000) 11:17:12 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7fc}]}}]}, 0x40}, 0x7}, 0x0) 11:17:12 executing program 5: unshare(0x0) pipe(&(0x7f0000000640)={0xffffffffffffffff}) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x0, 0x0, 0xfff, 0x94, 0xffffffffffffffff, 0x6}, 0x48) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, 0x0, 0x20040004) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) unshare(0x64020000) 11:17:12 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x720}]}}]}, 0x40}, 0x7}, 0x0) [ 2717.327601][T26979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2717.335704][T26979] R13: 00007fff483831ef R14: 00007f89d3ab2300 R15: 0000000000022000 [ 2717.343825][T26979] [ 2717.353728][T26979] memory: usage 307200kB, limit 307200kB, failcnt 56637 [ 2717.360836][T26979] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2717.405559][T26979] Memory cgroup stats for /syz3: [ 2717.405774][T26979] anon 147456 [ 2717.405774][T26979] file 385024 [ 2717.405774][T26979] kernel 314040320 [ 2717.405774][T26979] kernel_stack 98304 [ 2717.405774][T26979] pagetables 81920 [ 2717.405774][T26979] percpu 5618080 [ 2717.405774][T26979] sock 0 [ 2717.405774][T26979] vmalloc 0 [ 2717.405774][T26979] shmem 385024 [ 2717.405774][T26979] zswap 0 [ 2717.405774][T26979] zswapped 0 [ 2717.405774][T26979] file_mapped 311296 [ 2717.405774][T26979] file_dirty 0 [ 2717.405774][T26979] file_writeback 0 [ 2717.405774][T26979] swapcached 0 [ 2717.405774][T26979] anon_thp 0 [ 2717.405774][T26979] file_thp 0 [ 2717.405774][T26979] shmem_thp 0 [ 2717.405774][T26979] inactive_anon 200704 [ 2717.405774][T26979] active_anon 331776 [ 2717.405774][T26979] inactive_file 0 [ 2717.405774][T26979] active_file 0 [ 2717.405774][T26979] unevictable 0 [ 2717.405774][T26979] slab_reclaimable 22760 [ 2717.405774][T26979] slab_unreclaimable 308184216 [ 2717.405774][T26979] slab 308206976 [ 2717.504542][T26979] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26978,uid=0 [ 2717.533166][T26979] Memory cgroup out of memory: Killed process 26978 (syz-executor.3) total-vm:54860kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2717.599653][T26984] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2717.615191][T26984] CPU: 1 PID: 26984 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2717.625593][T26984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2717.635952][T26984] Call Trace: [ 2717.639263][T26984] [ 2717.642221][T26984] dump_stack_lvl+0xcd/0x134 [ 2717.646860][T26984] dump_header+0x10b/0x7f9 [ 2717.651327][T26984] oom_kill_process.cold+0x10/0x15 [ 2717.656486][T26984] out_of_memory+0x358/0x14a0 [ 2717.661219][T26984] ? find_held_lock+0x2d/0x110 [ 2717.666042][T26984] ? oom_killer_disable+0x270/0x270 [ 2717.671380][T26984] ? find_held_lock+0x2d/0x110 [ 2717.676196][T26984] mem_cgroup_out_of_memory+0x206/0x270 [ 2717.681775][T26984] ? mem_cgroup_margin+0x130/0x130 [ 2717.686998][T26984] ? lock_downgrade+0x6e0/0x6e0 [ 2717.691884][T26984] try_charge_memcg+0xf67/0x13f0 [ 2717.696889][T26984] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2717.702905][T26984] ? lock_downgrade+0x6e0/0x6e0 [ 2717.707884][T26984] charge_memcg+0x31/0x320 [ 2717.712334][T26984] __mem_cgroup_charge+0x27/0x90 [ 2717.719052][T26984] ? _compound_head+0x5d/0x150 [ 2717.723862][T26984] wp_page_copy+0x27c/0x1b10 [ 2717.728486][T26984] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2717.733964][T26984] ? lock_downgrade+0x6e0/0x6e0 [ 2717.738834][T26984] ? vm_normal_page+0x146/0x2a0 [ 2717.743718][T26984] do_wp_page+0x52c/0x1910 [ 2717.748770][T26984] __handle_mm_fault+0x1813/0x39b0 [ 2717.753913][T26984] ? vm_iomap_memory+0x190/0x190 [ 2717.758896][T26984] handle_mm_fault+0x1c8/0x780 [ 2717.763707][T26984] do_user_addr_fault+0x475/0x1210 [ 2717.768880][T26984] exc_page_fault+0x94/0x170 [ 2717.773600][T26984] asm_exc_page_fault+0x22/0x30 [ 2717.778488][T26984] RIP: 0033:0x7fa378a362de [ 2717.782922][T26984] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 97 5c 17 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 2717.802779][T26984] RSP: 002b:00007fff30649610 EFLAGS: 00010246 [ 2717.808870][T26984] RAX: 00007fa378babf80 RBX: 00007fa378babf8c RCX: 0000000000000000 [ 2717.816862][T26984] RDX: 0000000000000000 RSI: 00007fa378babf88 RDI: 0000000000000000 [ 2717.825110][T26984] RBP: 00007fa378babf80 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2717.833098][T26984] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fa378babf8c [ 2717.841087][T26984] R13: 00007fa378bb0060 R14: 00007fa378babf80 R15: 0000000000000000 [ 2717.849881][T26984] [ 2717.858462][T26984] memory: usage 307200kB, limit 307200kB, failcnt 57457 [ 2717.865810][T26984] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2717.874151][T26984] Memory cgroup stats for /syz4: [ 2717.874334][T26984] anon 90112 [ 2717.874334][T26984] file 372736 [ 2717.874334][T26984] kernel 314109952 [ 2717.874334][T26984] kernel_stack 65536 [ 2717.874334][T26984] pagetables 65536 [ 2717.874334][T26984] percpu 5624000 [ 2717.874334][T26984] sock 0 [ 2717.874334][T26984] vmalloc 0 [ 2717.874334][T26984] shmem 372736 [ 2717.874334][T26984] zswap 0 [ 2717.874334][T26984] zswapped 0 [ 2717.874334][T26984] file_mapped 372736 [ 2717.874334][T26984] file_dirty 0 [ 2717.874334][T26984] file_writeback 0 [ 2717.874334][T26984] swapcached 0 [ 2717.874334][T26984] anon_thp 0 [ 2717.874334][T26984] file_thp 0 [ 2717.874334][T26984] shmem_thp 0 [ 2717.874334][T26984] inactive_anon 139264 [ 2717.874334][T26984] active_anon 323584 [ 2717.874334][T26984] inactive_file 0 [ 2717.874334][T26984] active_file 0 [ 2717.874334][T26984] unevictable 0 [ 2717.874334][T26984] slab_reclaimable 17888 [ 2717.874334][T26984] slab_unreclaimable 308300720 [ 2717.874334][T26984] slab 308318608 [ 2717.974841][T26984] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26984,uid=0 11:17:12 executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x721}]}}]}, 0x40}, 0x7}, 0x0) 11:17:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf202000000000000) [ 2717.991437][T26984] Memory cgroup out of memory: Killed process 26984 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2718.009535][T26989] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2718.020785][T26986] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2718.053668][T26986] CPU: 0 PID: 26986 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2718.063806][T26986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2718.073911][T26986] Call Trace: [ 2718.077223][T26986] [ 2718.080185][T26986] dump_stack_lvl+0xcd/0x134 [ 2718.084920][T26986] dump_header+0x10b/0x7f9 [ 2718.089480][T26986] oom_kill_process.cold+0x10/0x15 [ 2718.095015][T26986] out_of_memory+0x358/0x14a0 11:17:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x236}]}}]}, 0x40}, 0x7}, 0x0) [ 2718.100633][T26986] ? oom_killer_disable+0x270/0x270 [ 2718.105904][T26986] ? io_schedule_timeout+0x140/0x140 [ 2718.111430][T26986] mem_cgroup_out_of_memory+0x206/0x270 [ 2718.117022][T26986] ? mem_cgroup_margin+0x130/0x130 [ 2718.122218][T26986] ? preempt_schedule_thunk+0x16/0x18 [ 2718.127652][T26986] ? preempt_schedule_thunk+0x16/0x18 [ 2718.133082][T26986] try_charge_memcg+0xf67/0x13f0 [ 2718.138090][T26986] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2718.144125][T26986] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2718.149894][T26986] ? lock_downgrade+0x6e0/0x6e0 [ 2718.154829][T26986] obj_cgroup_charge+0x2ab/0x5e0 [ 2718.159837][T26986] kmem_cache_alloc_lru+0x13e/0x720 [ 2718.165269][T26986] ? sock_alloc_inode+0x23/0x1d0 [ 2718.170263][T26986] sock_alloc_inode+0x23/0x1d0 [ 2718.175068][T26986] ? sock_free_inode+0x20/0x20 [ 2718.179874][T26986] alloc_inode+0x61/0x230 [ 2718.184248][T26986] new_inode_pseudo+0x13/0x80 [ 2718.188979][T26986] sock_alloc+0x3c/0x260 [ 2718.193287][T26986] sock_create_lite+0x7b/0x120 [ 2718.198120][T26986] __netlink_kernel_create+0xde/0x850 [ 2718.203547][T26986] ? netlink_insert+0x1690/0x1690 [ 2718.208644][T26986] ? fib_default_rule_add+0x373/0x460 [ 2718.214061][T26986] fib_net_init+0x217/0x3b0 [ 2718.218582][T26986] ? ip_valid_fib_dump_req+0xb60/0xb60 [ 2718.224087][T26986] ? nl_fib_lookup+0x730/0x730 [ 2718.228875][T26986] ? devinet_init_net+0x396/0x640 [ 2718.233960][T26986] ? devinet_exit_net+0x280/0x280 [ 2718.239133][T26986] ? ip_valid_fib_dump_req+0xb60/0xb60 [ 2718.244966][T26986] ops_init+0xaf/0x470 [ 2718.249085][T26986] setup_net+0x5d1/0xc50 [ 2718.253386][T26986] ? down_read_killable+0x1a7/0x490 [ 2718.258634][T26986] ? ops_init+0x470/0x470 [ 2718.263034][T26986] ? trace_kmalloc+0x32/0x100 [ 2718.267761][T26986] copy_net_ns+0x318/0x760 [ 2718.272238][T26986] create_new_namespaces+0x3f6/0xb20 [ 2718.277589][T26986] unshare_nsproxy_namespaces+0xc1/0x1f0 [ 2718.283294][T26986] ksys_unshare+0x445/0x920 [ 2718.287899][T26986] ? unshare_fd+0x1c0/0x1c0 [ 2718.292426][T26986] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2718.298329][T26986] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2718.304251][T26986] __x64_sys_unshare+0x2d/0x40 [ 2718.309067][T26986] do_syscall_64+0x35/0xb0 [ 2718.313542][T26986] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2718.319481][T26986] RIP: 0033:0x7f542068b5a9 [ 2718.323904][T26986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2718.343534][T26986] RSP: 002b:00007f542180e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 2718.351980][T26986] RAX: ffffffffffffffda RBX: 00007f54207abf80 RCX: 00007f542068b5a9 [ 2718.359986][T26986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000064020000 [ 2718.367985][T26986] RBP: 00007f54206e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2718.375977][T26986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2718.384041][T26986] R13: 00007ffc9945b02f R14: 00007f542180e300 R15: 0000000000022000 [ 2718.392036][T26986] [ 2718.399416][T26986] memory: usage 307160kB, limit 307200kB, failcnt 41492 [ 2718.406517][T26986] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2718.414282][T26986] Memory cgroup stats for /syz5: [ 2718.414966][T26986] anon 147456 [ 2718.414966][T26986] file 368640 [ 2718.414966][T26986] kernel 314015744 [ 2718.414966][T26986] kernel_stack 32768 [ 2718.414966][T26986] pagetables 81920 [ 2718.414966][T26986] percpu 5618080 [ 2718.414966][T26986] sock 0 [ 2718.414966][T26986] vmalloc 0 [ 2718.414966][T26986] shmem 356352 [ 2718.414966][T26986] zswap 0 [ 2718.414966][T26986] zswapped 0 [ 2718.414966][T26986] file_mapped 356352 [ 2718.414966][T26986] file_dirty 0 [ 2718.414966][T26986] file_writeback 0 [ 2718.414966][T26986] swapcached 0 [ 2718.414966][T26986] anon_thp 0 [ 2718.414966][T26986] file_thp 0 [ 2718.414966][T26986] shmem_thp 0 [ 2718.414966][T26986] inactive_anon 151552 [ 2718.414966][T26986] active_anon 352256 [ 2718.414966][T26986] inactive_file 4096 [ 2718.414966][T26986] active_file 8192 [ 2718.414966][T26986] unevictable 0 [ 2718.414966][T26986] slab_reclaimable 25064 [ 2718.414966][T26986] slab_unreclaimable 308228336 [ 2718.414966][T26986] slab 308253400 [ 2718.509530][T26986] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26982,uid=0 [ 2718.527452][T26986] Memory cgroup out of memory: Killed process 26986 (syz-executor.5) total-vm:54596kB, anon-rss:500kB, file-rss:8992kB, shmem-rss:88kB, UID:0 pgtables:88kB oom_score_adj:1000 11:17:13 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7fd}]}}]}, 0x40}, 0x7}, 0x0) [ 2718.547482][T26988] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2718.548661][T26996] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2718.574198][T26988] CPU: 0 PID: 26988 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2718.584368][T26988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2718.594459][T26988] Call Trace: [ 2718.597768][T26988] [ 2718.600747][T26988] dump_stack_lvl+0xcd/0x134 [ 2718.605472][T26988] dump_header+0x10b/0x7f9 [ 2718.609970][T26988] oom_kill_process.cold+0x10/0x15 [ 2718.615118][T26988] out_of_memory+0x358/0x14a0 [ 2718.619853][T26988] ? oom_killer_disable+0x270/0x270 [ 2718.625193][T26988] ? find_held_lock+0x2d/0x110 [ 2718.630011][T26988] mem_cgroup_out_of_memory+0x206/0x270 [ 2718.635607][T26988] ? mem_cgroup_margin+0x130/0x130 [ 2718.640761][T26988] ? lock_downgrade+0x6e0/0x6e0 [ 2718.645687][T26988] try_charge_memcg+0xf67/0x13f0 [ 2718.650679][T26988] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2718.656707][T26988] ? lock_downgrade+0x6e0/0x6e0 [ 2718.661604][T26988] charge_memcg+0x31/0x320 [ 2718.666099][T26988] __mem_cgroup_charge+0x27/0x90 [ 2718.671073][T26988] ? _compound_head+0x5d/0x150 [ 2718.675878][T26988] wp_page_copy+0x27c/0x1b10 [ 2718.680502][T26988] ? restore_exclusive_pte+0x8b0/0x8b0 [ 2718.685983][T26988] ? lock_downgrade+0x6e0/0x6e0 [ 2718.690852][T26988] ? vm_normal_page+0x146/0x2a0 [ 2718.695737][T26988] do_wp_page+0x52c/0x1910 [ 2718.700218][T26988] __handle_mm_fault+0x1813/0x39b0 [ 2718.705363][T26988] ? vm_iomap_memory+0x190/0x190 [ 2718.710357][T26988] handle_mm_fault+0x1c8/0x780 [ 2718.715163][T26988] do_user_addr_fault+0x475/0x1210 [ 2718.720357][T26988] exc_page_fault+0x94/0x170 [ 2718.725078][T26988] asm_exc_page_fault+0x22/0x30 [ 2718.729963][T26988] RIP: 0033:0x7fefdee35a15 [ 2718.734400][T26988] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d ae 26 17 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d d9 a5 57 00 4c 39 ea 0f [ 2718.755764][T26988] RSP: 002b:00007ffd4124e600 EFLAGS: 00010206 [ 2718.761854][T26988] RAX: 0000000000000003 RBX: 00007fefdefabf80 RCX: 00007fefdefa80c0 [ 2718.769843][T26988] RDX: 00007fefdefa80c0 RSI: 0000000000000080 RDI: 00007fefdefabf80 [ 2718.777832][T26988] RBP: 00007fefdefabf80 R08: 00007ffd413e9080 R09: 0000000000000000 [ 2718.786003][T26988] R10: 00007ffd4124e720 R11: 0000000000000246 R12: 0000000000297766 [ 2718.794102][T26988] R13: 00007ffd4124e720 R14: 00007fefdefabf80 R15: 0000000000000032 [ 2718.802134][T26988] [ 2718.849221][T26988] memory: usage 307184kB, limit 307200kB, failcnt 56476 [ 2718.859891][T26988] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2718.867523][T26988] Memory cgroup stats for /syz2: [ 2718.867693][T26988] anon 98304 [ 2718.867693][T26988] file 364544 [ 2718.867693][T26988] kernel 314093568 [ 2718.867693][T26988] kernel_stack 65536 [ 2718.867693][T26988] pagetables 73728 [ 2718.867693][T26988] percpu 5619264 [ 2718.867693][T26988] sock 0 [ 2718.867693][T26988] vmalloc 0 [ 2718.867693][T26988] shmem 364544 [ 2718.867693][T26988] zswap 0 [ 2718.867693][T26988] zswapped 0 [ 2718.867693][T26988] file_mapped 364544 [ 2718.867693][T26988] file_dirty 0 [ 2718.867693][T26988] file_writeback 0 [ 2718.867693][T26988] swapcached 0 [ 2718.867693][T26988] anon_thp 0 [ 2718.867693][T26988] file_thp 0 [ 2718.867693][T26988] shmem_thp 0 [ 2718.867693][T26988] inactive_anon 102400 [ 2718.867693][T26988] active_anon 360448 [ 2718.867693][T26988] inactive_file 0 [ 2718.867693][T26988] active_file 0 [ 2718.867693][T26988] unevictable 0 [ 2718.867693][T26988] slab_reclaimable 127032 [ 2718.867693][T26988] slab_unreclaimable 308178376 [ 2718.867693][T26988] slab 308305408 [ 2718.968150][T26988] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26988,uid=0 11:17:13 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x72d}]}}]}, 0x40}, 0x7}, 0x0) [ 2718.984251][T26988] Memory cgroup out of memory: Killed process 26988 (syz-executor.2) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 2719.010546][T26996] syz-executor.3 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=1, oom_score_adj=1000 [ 2719.042340][T26996] CPU: 0 PID: 26996 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2719.052503][T26996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2719.062599][T26996] Call Trace: [ 2719.065906][T26996] [ 2719.068866][T26996] dump_stack_lvl+0xcd/0x134 [ 2719.073504][T26996] dump_header+0x10b/0x7f9 [ 2719.077969][T26996] oom_kill_process.cold+0x10/0x15 [ 2719.083108][T26996] out_of_memory+0x358/0x14a0 [ 2719.087826][T26996] ? oom_killer_disable+0x270/0x270 [ 2719.093066][T26996] ? find_held_lock+0x2d/0x110 [ 2719.097895][T26996] mem_cgroup_out_of_memory+0x206/0x270 [ 2719.103484][T26996] ? mem_cgroup_margin+0x130/0x130 [ 2719.108870][T26996] ? lock_downgrade+0x6e0/0x6e0 [ 2719.113793][T26996] try_charge_memcg+0xef5/0x13f0 [ 2719.118747][T26996] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2719.124767][T26996] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2719.130498][T26996] ? lock_downgrade+0x6e0/0x6e0 [ 2719.135366][T26996] obj_cgroup_charge+0x2ab/0x5e0 [ 2719.140406][T26996] __kmalloc_track_caller+0xad/0x340 [ 2719.145721][T26996] ? neigh_sysctl_register+0x9a/0x5e0 [ 2719.151148][T26996] kmemdup+0x23/0x50 [ 2719.155143][T26996] neigh_sysctl_register+0x9a/0x5e0 [ 2719.160443][T26996] ? pndisc_destructor+0x220/0x220 [ 2719.165575][T26996] ? neigh_stat_seq_show+0x420/0x420 [ 2719.170874][T26996] ? debug_object_free+0x350/0x350 [ 2719.175989][T26996] ? lockdep_init_map_type+0x21a/0x7f0 [ 2719.182036][T26996] ? lockdep_init_map_type+0x21a/0x7f0 [ 2719.187794][T26996] ? __raw_spin_lock_init+0x36/0x110 [ 2719.193108][T26996] addrconf_sysctl_register+0xb6/0x1d0 [ 2719.199834][T26996] ? ipv6_mc_init_dev+0x950/0xb50 [ 2719.204914][T26996] ipv6_add_dev+0xade/0x1390 [ 2719.209567][T26996] addrconf_notify+0x6f9/0x1c10 [ 2719.214450][T26996] ? clusterip_netdev_event+0x419/0x650 [ 2719.220028][T26996] ? __local_bh_enable_ip+0xa0/0x120 [ 2719.225346][T26996] ? clusterip_netdev_event+0x419/0x650 [ 2719.230902][T26996] ? tee_netdev_event+0x3bc/0x5c0 [ 2719.235934][T26996] ? ip6mr_device_event+0x1ab/0x220 [ 2719.241167][T26996] notifier_call_chain+0xb5/0x200 [ 2719.246229][T26996] call_netdevice_notifiers_info+0xb5/0x130 [ 2719.252175][T26996] register_netdevice+0x10bb/0x1670 [ 2719.257518][T26996] ? netdev_change_features+0xb0/0xb0 [ 2719.262925][T26996] ? dev_addr_mod+0x2c9/0x3f0 [ 2719.267617][T26996] veth_newlink+0x338/0x990 [ 2719.272161][T26996] ? veth_set_features+0x190/0x190 [ 2719.277294][T26996] ? netlink_unicast+0x543/0x7f0 [ 2719.282234][T26996] ? netlink_sendmsg+0x917/0xe10 [ 2719.287188][T26996] ? sock_sendmsg+0xcf/0x120 [ 2719.291888][T26996] ? ____sys_sendmsg+0x712/0x8c0 [ 2719.296843][T26996] ? ___sys_sendmsg+0x110/0x1b0 [ 2719.301749][T26996] ? __sys_sendmsg+0xf3/0x1c0 [ 2719.306578][T26996] ? do_syscall_64+0x35/0xb0 [ 2719.311214][T26996] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2719.317310][T26996] ? find_held_lock+0x2d/0x110 [ 2719.322103][T26996] ? memcg_slab_post_alloc_hook+0x249/0x480 [ 2719.328038][T26996] ? lock_downgrade+0x6e0/0x6e0 [ 2719.332903][T26996] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2719.338464][T26996] ? trace_kmalloc_node+0x32/0x100 [ 2719.343600][T26996] ? __kmalloc_node+0x1bf/0x380 [ 2719.348504][T26996] ? memset+0x20/0x40 [ 2719.352541][T26996] ? __xdp_rxq_info_reg+0x189/0x340 [ 2719.357776][T26996] ? memcpy+0x39/0x60 [ 2719.361783][T26996] ? alloc_netdev_mqs+0xd5d/0x1180 [ 2719.366950][T26996] ? rtnl_create_link+0x7e8/0xca0 [ 2719.371995][T26996] ? veth_set_features+0x190/0x190 [ 2719.377243][T26996] __rtnl_newlink+0x1087/0x17e0 [ 2719.382108][T26996] ? rtnl_link_unregister+0x250/0x250 [ 2719.387487][T26996] ? find_held_lock+0x2d/0x110 [ 2719.392266][T26996] ? exc_int3+0xb/0x80 [ 2719.396362][T26996] ? asm_exc_int3+0x35/0x40 [ 2719.400952][T26996] ? rcu_read_lock_sched_held+0x3a/0x70 [ 2719.406551][T26996] ? trace_kmalloc+0x32/0x100 [ 2719.411265][T26996] rtnl_newlink+0x64/0xa0 [ 2719.415612][T26996] ? __rtnl_newlink+0x17e0/0x17e0 [ 2719.420736][T26996] rtnetlink_rcv_msg+0x43a/0xca0 [ 2719.425692][T26996] ? rtnl_getlink+0xae0/0xae0 [ 2719.430384][T26996] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2719.435691][T26996] ? ref_tracker_free+0x370/0x6b0 [ 2719.440755][T26996] ? ref_tracker_dir_exit+0x3e0/0x3e0 [ 2719.446200][T26996] netlink_rcv_skb+0x153/0x420 [ 2719.451020][T26996] ? rtnl_getlink+0xae0/0xae0 [ 2719.455733][T26996] ? netlink_ack+0xd50/0xd50 [ 2719.460329][T26996] ? netlink_deliver_tap+0x1a2/0xc40 [ 2719.465626][T26996] ? netlink_deliver_tap+0x1b1/0xc40 [ 2719.470929][T26996] netlink_unicast+0x543/0x7f0 [ 2719.475904][T26996] ? netlink_attachskb+0x880/0x880 [ 2719.481064][T26996] ? __phys_addr+0xc4/0x140 [ 2719.485591][T26996] ? __phys_addr_symbol+0x2c/0x70 [ 2719.490645][T26996] ? __check_object_size+0x2de/0x700 [ 2719.495972][T26996] netlink_sendmsg+0x917/0xe10 [ 2719.500797][T26996] ? netlink_unicast+0x7f0/0x7f0 [ 2719.505872][T26996] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2719.511274][T26996] ? netlink_unicast+0x7f0/0x7f0 [ 2719.516224][T26996] sock_sendmsg+0xcf/0x120 [ 2719.520739][T26996] ____sys_sendmsg+0x712/0x8c0 [ 2719.525515][T26996] ? copy_msghdr_from_user+0xfc/0x150 [ 2719.530910][T26996] ? kernel_sendmsg+0x50/0x50 [ 2719.535627][T26996] ___sys_sendmsg+0x110/0x1b0 [ 2719.540328][T26996] ? do_recvmmsg+0x6e0/0x6e0 [ 2719.544967][T26996] ? __fget_files+0x248/0x440 [ 2719.549691][T26996] ? lock_downgrade+0x6e0/0x6e0 [ 2719.554590][T26996] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2719.560649][T26996] ? __fget_files+0x26a/0x440 [ 2719.565406][T26996] ? __fget_light+0xe5/0x270 [ 2719.570034][T26996] __sys_sendmsg+0xf3/0x1c0 [ 2719.574596][T26996] ? __sys_sendmsg_sock+0x30/0x30 [ 2719.580569][T26996] ? lock_downgrade+0x6e0/0x6e0 [ 2719.585447][T26996] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2719.591356][T26996] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2719.597287][T26996] ? lockdep_hardirqs_on+0x79/0x100 [ 2719.602542][T26996] do_syscall_64+0x35/0xb0 [ 2719.607019][T26996] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2719.612973][T26996] RIP: 0033:0x7f89d288b5a9 [ 2719.617520][T26996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2719.637364][T26996] RSP: 002b:00007f89d3ab2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2719.645804][T26996] RAX: ffffffffffffffda RBX: 00007f89d29abf80 RCX: 00007f89d288b5a9 [ 2719.653805][T26996] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 2719.661790][T26996] RBP: 00007f89d28e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2719.669855][T26996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2719.677874][T26996] R13: 00007fff483831ef R14: 00007f89d3ab2300 R15: 0000000000022000 [ 2719.685904][T26996] [ 2719.692461][T26996] memory: usage 307200kB, limit 307200kB, failcnt 56781 [ 2719.704656][T26996] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2719.711973][T26996] Memory cgroup stats for /syz3: [ 2719.712230][T26996] anon 143360 [ 2719.712230][T26996] file 385024 [ 2719.712230][T26996] kernel 314028032 [ 2719.712230][T26996] kernel_stack 65536 [ 2719.712230][T26996] pagetables 81920 [ 2719.712230][T26996] percpu 5619264 [ 2719.712230][T26996] sock 0 [ 2719.712230][T26996] vmalloc 0 [ 2719.712230][T26996] shmem 385024 [ 2719.712230][T26996] zswap 0 [ 2719.712230][T26996] zswapped 0 [ 2719.712230][T26996] file_mapped 311296 [ 2719.712230][T26996] file_dirty 0 [ 2719.712230][T26996] file_writeback 0 [ 2719.712230][T26996] swapcached 0 [ 2719.712230][T26996] anon_thp 0 [ 2719.712230][T26996] file_thp 0 [ 2719.712230][T26996] shmem_thp 0 [ 2719.712230][T26996] inactive_anon 196608 [ 2719.712230][T26996] active_anon 331776 [ 2719.712230][T26996] inactive_file 0 [ 2719.712230][T26996] active_file 0 [ 2719.712230][T26996] unevictable 0 [ 2719.712230][T26996] slab_reclaimable 22760 [ 2719.712230][T26996] slab_unreclaimable 308200296 [ 2719.712230][T26996] slab 308223056 [ 2719.810075][T26996] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26994,uid=0 [ 2719.837406][T26996] Memory cgroup out of memory: Killed process 26994 (syz-executor.3) total-vm:54728kB, anon-rss:456kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 2719.884279][T27000] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2719.907137][T27000] CPU: 0 PID: 27000 Comm: syz-executor.4 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2719.917274][T27000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2719.927384][T27000] Call Trace: [ 2719.930700][T27000] [ 2719.933659][T27000] dump_stack_lvl+0xcd/0x134 [ 2719.938303][T27000] dump_header+0x10b/0x7f9 [ 2719.942754][T27000] oom_kill_process.cold+0x10/0x15 [ 2719.947895][T27000] out_of_memory+0x358/0x14a0 [ 2719.952710][T27000] ? find_held_lock+0x2d/0x110 [ 2719.957528][T27000] ? oom_killer_disable+0x270/0x270 [ 2719.962765][T27000] ? find_held_lock+0x2d/0x110 [ 2719.967564][T27000] mem_cgroup_out_of_memory+0x206/0x270 [ 2719.973221][T27000] ? mem_cgroup_margin+0x130/0x130 [ 2719.978346][T27000] ? lock_downgrade+0x6e0/0x6e0 [ 2719.983229][T27000] try_charge_memcg+0xf67/0x13f0 [ 2719.988196][T27000] ? mem_cgroup_handle_over_high+0x510/0x510 [ 2719.994212][T27000] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 2720.000015][T27000] ? lock_downgrade+0x6e0/0x6e0 [ 2720.004887][T27000] ? lock_downgrade+0x6e0/0x6e0 [ 2720.009757][T27000] ? rcu_read_unlock+0x9/0x60 [ 2720.014491][T27000] obj_cgroup_charge+0x2ab/0x5e0 [ 2720.019474][T27000] kmem_cache_alloc_trace+0xa3/0x3e0 [ 2720.024783][T27000] ? copy_semundo+0x187/0x2f0 [ 2720.029480][T27000] ? apparmor_task_alloc+0x2bb/0x3b0 [ 2720.034881][T27000] copy_semundo+0x187/0x2f0 [ 2720.039404][T27000] copy_process+0x23fa/0x7090 [ 2720.044124][T27000] ? __cleanup_sighand+0xb0/0xb0 [ 2720.049099][T27000] kernel_clone+0xe7/0xab0 [ 2720.053535][T27000] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2720.059590][T27000] ? create_io_thread+0xe0/0xe0 [ 2720.064473][T27000] ? find_held_lock+0x2d/0x110 [ 2720.069276][T27000] ? __ct_user_exit+0xff/0x150 [ 2720.074062][T27000] __do_sys_clone+0xba/0x100 [ 2720.078679][T27000] ? kernel_clone+0xab0/0xab0 [ 2720.083390][T27000] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2720.089332][T27000] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2720.095276][T27000] do_syscall_64+0x35/0xb0 [ 2720.099753][T27000] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2720.105776][T27000] RIP: 0033:0x7fa378a8c9d1 [ 2720.110217][T27000] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 2720.129969][T27000] RSP: 002b:00007fff306494d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 2720.138401][T27000] RAX: ffffffffffffffda RBX: 00007fa379be4700 RCX: 00007fa378a8c9d1 [ 2720.146400][T27000] RDX: 00007fa379be49d0 RSI: 00007fa379be42f0 RDI: 00000000003d0f00 [ 2720.154524][T27000] RBP: 00007fff30649720 R08: 00007fa379be4700 R09: 00007fa379be4700 [ 2720.162522][T27000] R10: 00007fa379be49d0 R11: 0000000000000206 R12: 00007fff3064958e [ 2720.170510][T27000] R13: 00007fff3064958f R14: 00007fa379be4300 R15: 0000000000022000 [ 2720.178533][T27000] 11:17:15 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0xf203000000000000) [ 2720.223837][T27000] memory: usage 307184kB, limit 307200kB, failcnt 57532 [ 2720.231047][T27000] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2720.238635][T26998] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2720.261357][T27000] Memory cgroup stats for /syz4: [ 2720.261590][T27000] anon 90112 [ 2720.261590][T27000] file 372736 [ 2720.261590][T27000] kernel 314093568 [ 2720.261590][T27000] kernel_stack 65536 [ 2720.261590][T27000] pagetables 65536 [ 2720.261590][T27000] percpu 5624000 [ 2720.261590][T27000] sock 0 [ 2720.261590][T27000] vmalloc 0 [ 2720.261590][T27000] shmem 372736 [ 2720.261590][T27000] zswap 0 [ 2720.261590][T27000] zswapped 0 [ 2720.261590][T27000] file_mapped 372736 [ 2720.261590][T27000] file_dirty 0 [ 2720.261590][T27000] file_writeback 0 [ 2720.261590][T27000] swapcached 0 [ 2720.261590][T27000] anon_thp 0 [ 2720.261590][T27000] file_thp 0 11:17:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x802, 0x0) connect$netlink(r2, &(0x7f00000001c0)=@proc, 0xc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r3, @ANYBLOB="e522c8ffaf000062270012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x237}]}}]}, 0x40}, 0x7}, 0x0) [ 2720.261590][T27000] shmem_thp 0 [ 2720.261590][T27000] inactive_anon 139264 [ 2720.261590][T27000] active_anon 323584 [ 2720.261590][T27000] inactive_file 0 [ 2720.261590][T27000] active_file 0 [ 2720.261590][T27000] unevictable 0 [ 2720.261590][T27000] slab_reclaimable 17888 [ 2720.261590][T27000] slab_unreclaimable 308288856 [ 2720.261590][T27000] slab 308306744 [ 2720.370150][T27000] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27000,uid=0 [ 2720.377124][T26986] ================================================================== [ 2720.387403][T27000] Memory cgroup out of memory: Killed process 27000 (syz-executor.4) total-vm:54596kB, anon-rss:460kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2720.393733][T26986] BUG: KASAN: use-after-free in ip6mr_sk_done+0x139/0x400 [ 2720.393767][T26986] Read of size 4 at addr ffff8880320db488 by task syz-executor.5/26986 [ 2720.393790][T26986] [ 2720.429208][T26986] CPU: 0 PID: 26986 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2720.439306][T26986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2720.441830][T27002] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2720.449364][T26986] Call Trace: [ 2720.449376][T26986] [ 2720.449385][T26986] dump_stack_lvl+0xcd/0x134 [ 2720.449418][T26986] print_report.cold+0x2ba/0x719 [ 2720.475307][T26986] ? ip6mr_sk_done+0x139/0x400 [ 2720.480102][T26986] kasan_report+0xb1/0x1e0 [ 2720.484732][T26986] ? pde_put+0x90/0x1e0 [ 2720.489027][T26986] ? ip6mr_sk_done+0x139/0x400 [ 2720.494032][T26986] kasan_check_range+0x13d/0x180 [ 2720.499087][T26986] ip6mr_sk_done+0x139/0x400 [ 2720.503702][T26986] rawv6_close+0x58/0x80 [ 2720.507972][T26986] inet_release+0x12e/0x270 [ 2720.512501][T26986] inet6_release+0x4c/0x70 [ 2720.517026][T26986] sock_release+0x87/0x1b0 [ 2720.521466][T26986] igmp6_net_exit+0x6b/0x170 [ 2720.526068][T26986] ? dst_output+0x170/0x170 [ 2720.530579][T26986] ops_exit_list+0xb0/0x170 [ 2720.535108][T26986] setup_net+0x7fb/0xc50 [ 2720.539375][T26986] ? ops_init+0x470/0x470 [ 2720.543841][T26986] ? trace_kmalloc+0x32/0x100 [ 2720.548536][T26986] copy_net_ns+0x318/0x760 [ 2720.552979][T26986] create_new_namespaces+0x3f6/0xb20 [ 2720.558289][T26986] unshare_nsproxy_namespaces+0xc1/0x1f0 [ 2720.563948][T26986] ksys_unshare+0x445/0x920 [ 2720.568574][T26986] ? unshare_fd+0x1c0/0x1c0 [ 2720.573202][T26986] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2720.579204][T26986] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2720.585206][T26986] __x64_sys_unshare+0x2d/0x40 [ 2720.589991][T26986] do_syscall_64+0x35/0xb0 [ 2720.594432][T26986] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2720.600348][T26986] RIP: 0033:0x7f542068b5a9 [ 2720.604771][T26986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 2720.624394][T26986] RSP: 002b:00007f542180e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 2720.632915][T26986] RAX: ffffffffffffffda RBX: 00007f54207abf80 RCX: 00007f542068b5a9 [ 2720.640930][T26986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000064020000 [ 2720.648927][T26986] RBP: 00007f54206e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2720.656914][T26986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2720.664893][T26986] R13: 00007ffc9945b02f R14: 00007f542180e300 R15: 0000000000022000 [ 2720.672884][T26986] [ 2720.675910][T26986] [ 2720.678236][T26986] Allocated by task 26986: [ 2720.682650][T26986] kasan_save_stack+0x1e/0x40 [ 2720.687352][T26986] __kasan_kmalloc+0xa9/0xd0 [ 2720.692000][T26986] kmemdup+0x23/0x50 [ 2720.695912][T26986] addrconf_init_net+0x1be/0x870 [ 2720.700873][T26986] ops_init+0xaf/0x470 [ 2720.704970][T26986] setup_net+0x5d1/0xc50 [ 2720.709236][T26986] copy_net_ns+0x318/0x760 [ 2720.713674][T26986] create_new_namespaces+0x3f6/0xb20 [ 2720.718978][T26986] unshare_nsproxy_namespaces+0xc1/0x1f0 [ 2720.724630][T26986] ksys_unshare+0x445/0x920 [ 2720.729150][T26986] __x64_sys_unshare+0x2d/0x40 [ 2720.733940][T26986] do_syscall_64+0x35/0xb0 [ 2720.738386][T26986] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2720.744305][T26986] [ 2720.746631][T26986] Freed by task 26986: [ 2720.750700][T26986] kasan_save_stack+0x1e/0x40 [ 2720.755401][T26986] kasan_set_track+0x21/0x30 [ 2720.760006][T26986] kasan_set_free_info+0x20/0x30 [ 2720.764965][T26986] ____kasan_slab_free+0x166/0x1c0 [ 2720.770114][T26986] slab_free_freelist_hook+0x8b/0x1c0 [ 2720.775502][T26986] kfree+0xe2/0x580 [ 2720.779323][T26986] addrconf_init_net+0x649/0x870 [ 2720.784282][T26986] ops_init+0xaf/0x470 [ 2720.788379][T26986] setup_net+0x5d1/0xc50 [ 2720.792683][T26986] copy_net_ns+0x318/0x760 [ 2720.797123][T26986] create_new_namespaces+0x3f6/0xb20 [ 2720.802429][T26986] unshare_nsproxy_namespaces+0xc1/0x1f0 [ 2720.808088][T26986] ksys_unshare+0x445/0x920 [ 2720.812608][T26986] __x64_sys_unshare+0x2d/0x40 [ 2720.817391][T26986] do_syscall_64+0x35/0xb0 [ 2720.821833][T26986] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2720.827746][T26986] [ 2720.830082][T26986] Last potentially related work creation: [ 2720.835833][T26986] kasan_save_stack+0x1e/0x40 [ 2720.840531][T26986] __kasan_record_aux_stack+0xbe/0xd0 [ 2720.845925][T26986] kvfree_call_rcu+0x74/0x8f0 [ 2720.850619][T26986] drop_sysctl_table+0x3c0/0x4e0 [ 2720.855570][T26986] unregister_sysctl_table+0xc0/0x190 [ 2720.860956][T26986] inetdev_event+0xcaa/0x1610 [ 2720.865651][T26986] notifier_call_chain+0xb5/0x200 [ 2720.870695][T26986] call_netdevice_notifiers_info+0xb5/0x130 [ 2720.876608][T26986] unregister_netdevice_many+0xa69/0x1980 [ 2720.882357][T26986] default_device_exit_batch+0x449/0x590 [ 2720.888014][T26986] ops_exit_list+0x125/0x170 [ 2720.892625][T26986] cleanup_net+0x4ea/0xb00 [ 2720.897063][T26986] process_one_work+0x991/0x1610 [ 2720.902024][T26986] worker_thread+0x665/0x1080 [ 2720.906716][T26986] kthread+0x2e4/0x3a0 [ 2720.910797][T26986] ret_from_fork+0x1f/0x30 [ 2720.915248][T26986] [ 2720.917573][T26986] The buggy address belongs to the object at ffff8880320db400 [ 2720.917573][T26986] which belongs to the cache kmalloc-256 of size 256 [ 2720.931633][T26986] The buggy address is located 136 bytes inside of [ 2720.931633][T26986] 256-byte region [ffff8880320db400, ffff8880320db500) [ 2720.944916][T26986] [ 2720.947258][T26986] The buggy address belongs to the physical page: [ 2720.953670][T26986] page:ffffea0000c83680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x320da [ 2720.963835][T26986] head:ffffea0000c83680 order:1 compound_mapcount:0 compound_pincount:0 [ 2720.972177][T26986] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 2720.980173][T26986] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888011841b40 [ 2720.988773][T26986] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 2720.997356][T26986] page dumped because: kasan: bad access detected [ 2721.003770][T26986] page_owner tracks the page as allocated [ 2721.009485][T26986] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 28376, tgid 28372 (syz-executor.4), ts 647353265592, free_ts 258223297864 [ 2721.032778][T26986] get_page_from_freelist+0x109b/0x2ce0 [ 2721.038364][T26986] __alloc_pages+0x1c7/0x510 [ 2721.042976][T26986] alloc_pages+0x1a6/0x270 [ 2721.047415][T26986] allocate_slab+0x27e/0x3d0 [ 2721.052017][T26986] ___slab_alloc+0x84f/0xe80 [ 2721.056622][T26986] __slab_alloc.constprop.0+0x4d/0xa0 [ 2721.062009][T26986] __kmalloc+0x32b/0x340 [ 2721.066262][T26986] __register_sysctl_table+0x9eb/0x10a0 [ 2721.071834][T26986] mpls_dev_sysctl_register+0x1b7/0x2d0 [ 2721.077403][T26986] mpls_dev_notify+0xfc/0x9b0 [ 2721.082101][T26986] notifier_call_chain+0xb5/0x200 [ 2721.087149][T26986] call_netdevice_notifiers_info+0xb5/0x130 [ 2721.093142][T26986] register_netdevice+0x10bb/0x1670 [ 2721.098351][T26986] veth_newlink+0x4cf/0x990 [ 2721.102877][T26986] __rtnl_newlink+0x1087/0x17e0 [ 2721.107742][T26986] rtnl_newlink+0x64/0xa0 [ 2721.112167][T26986] page last free stack trace: [ 2721.116838][T26986] free_pcp_prepare+0x5e4/0xd20 [ 2721.121706][T26986] free_unref_page+0x19/0x4d0 [ 2721.126406][T26986] __vunmap+0x85d/0xd30 [ 2721.130576][T26986] __vfree+0x3c/0xd0 [ 2721.134490][T26986] __vmalloc_node_range+0xfdb/0x13a0 [ 2721.139790][T26986] kvmalloc_node+0x14c/0x1b0 [ 2721.144390][T26986] xt_alloc_entry_offsets+0x3b/0x50 [ 2721.149664][T26986] translate_table+0x234/0x1750 [ 2721.154562][T26986] do_ip6t_set_ctl+0x56c/0xb20 [ 2721.159347][T26986] nf_setsockopt+0x83/0xe0 [ 2721.163817][T26986] ipv6_setsockopt+0x127/0x190 [ 2721.168601][T26986] tcp_setsockopt+0x9b/0x100 [ 2721.173220][T26986] __sys_setsockopt+0x2d6/0x690 [ 2721.178087][T26986] __x64_sys_setsockopt+0xba/0x150 [ 2721.183214][T26986] do_syscall_64+0x35/0xb0 [ 2721.187660][T26986] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2721.193577][T26986] [ 2721.195906][T26986] Memory state around the buggy address: [ 2721.201539][T26986] ffff8880320db380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2721.209620][T26986] ffff8880320db400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2721.217689][T26986] >ffff8880320db480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2721.225754][T26986] ^ [ 2721.230086][T26986] ffff8880320db500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2721.238332][T26986] ffff8880320db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2721.246395][T26986] ================================================================== [ 2721.265741][ T30] oom_reaper: reaped process 26986 (syz-executor.5), now anon-rss:0kB, file-rss:8192kB, shmem-rss:24kB [ 2721.268000][T26986] Kernel panic - not syncing: panic_on_warn set ... [ 2721.268015][T26986] CPU: 0 PID: 26986 Comm: syz-executor.5 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 [ 2721.268045][T26986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 2721.268060][T26986] Call Trace: [ 2721.268067][T26986] [ 2721.268076][T26986] dump_stack_lvl+0xcd/0x134 [ 2721.268110][T26986] panic+0x2c8/0x627 [ 2721.268161][T26986] ? panic_print_sys_info.part.0+0x10b/0x10b [ 2721.268190][T26986] ? preempt_schedule_common+0x59/0xc0 [ 2721.268218][T26986] ? preempt_schedule_thunk+0x16/0x18 [ 2721.268261][T26986] ? ip6mr_sk_done+0x139/0x400 [ 2721.268289][T26986] end_report.part.0+0x3f/0x7c [ 2721.268316][T26986] kasan_report.cold+0xa/0xf [ 2721.268343][T26986] ? pde_put+0x90/0x1e0 [ 2721.268383][T26986] ? ip6mr_sk_done+0x139/0x400 [ 2721.268412][T26986] kasan_check_range+0x13d/0x180 [ 2721.268452][T26986] ip6mr_sk_done+0x139/0x400 [ 2721.268482][T26986] rawv6_close+0x58/0x80 [ 2721.268519][T26986] inet_release+0x12e/0x270 [ 2721.268556][T26986] inet6_release+0x4c/0x70 [ 2721.268596][T26986] sock_release+0x87/0x1b0 [ 2721.268624][T26986] igmp6_net_exit+0x6b/0x170 [ 2721.268649][T26986] ? dst_output+0x170/0x170 [ 2721.268671][T26986] ops_exit_list+0xb0/0x170 [ 2721.268710][T26986] setup_net+0x7fb/0xc50 [ 2721.268750][T26986] ? ops_init+0x470/0x470 [ 2721.268793][T26986] ? trace_kmalloc+0x32/0x100 [ 2721.268824][T26986] copy_net_ns+0x318/0x760 [ 2721.268864][T26986] create_new_namespaces+0x3f6/0xb20 [ 2721.268901][T26986] unshare_nsproxy_namespaces+0xc1/0x1f0 [ 2721.268937][T26986] ksys_unshare+0x445/0x920 [ 2721.268969][T26986] ? unshare_fd+0x1c0/0x1c0 [ 2721.269003][T26986] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2721.269035][T26986] ? syscall_enter_from_user_mode+0x22/0xb0 [ 2721.269069][T26986] __x64_sys_unshare+0x2d/0x40 [ 2721.269101][T26986] do_syscall_64+0x35/0xb0 [ 2721.269140][T26986] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 2721.269178][T26986] RIP: 0033:0x7f542068b5a9 [ 2721.269208][T26986] Code: Unable to access opcode bytes at 0x7f542068b57f. [ 2721.269218][T26986] RSP: 002b:00007f542180e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 2721.269243][T26986] RAX: ffffffffffffffda RBX: 00007f54207abf80 RCX: 00007f542068b5a9 [ 2721.269262][T26986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000064020000 [ 2721.269278][T26986] RBP: 00007f54206e6580 R08: 0000000000000000 R09: 0000000000000000 [ 2721.269294][T26986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2721.269310][T26986] R13: 00007ffc9945b02f R14: 00007f542180e300 R15: 0000000000022000 [ 2721.269334][T26986] [ 2721.276979][T26986] Kernel Offset: disabled [ 2721.530313][T26986] Rebooting in 86400 seconds..