ckname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9c940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x7a000000}, 0x0) 15:36:17 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:17 executing program 3: keyctl$KEYCTL_MOVE(0xb, 0x0, 0x0, 0xfffffffffffffff8, 0x0) [ 3045.683182][T26877] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3045.723803][T26877] CPU: 0 PID: 26877 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3045.734250][T26877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3045.744305][T26877] Call Trace: [ 3045.747585][T26877] [ 3045.750501][T26877] dump_stack_lvl+0x136/0x150 [ 3045.755178][T26877] dump_header+0x10a/0xd70 [ 3045.759587][T26877] oom_kill_process+0x25d/0x600 [ 3045.764512][T26877] out_of_memory+0x35c/0x1660 [ 3045.769179][T26877] ? oom_killer_disable+0x2b0/0x2b0 [ 3045.774362][T26877] ? rcu_read_unlock+0x9/0x60 [ 3045.779028][T26877] ? find_held_lock+0x2d/0x110 [ 3045.783787][T26877] mem_cgroup_out_of_memory+0x206/0x270 [ 3045.789325][T26877] ? mem_cgroup_margin+0x130/0x130 [ 3045.794424][T26877] ? lock_downgrade+0x690/0x690 [ 3045.799276][T26877] try_charge_memcg+0xf99/0x13a0 [ 3045.804211][T26877] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3045.810191][T26877] ? rcu_read_unlock+0x9/0x60 [ 3045.814854][T26877] ? lock_downgrade+0x690/0x690 [ 3045.819703][T26877] charge_memcg+0x90/0x3b0 [ 3045.824116][T26877] __mem_cgroup_charge+0x2b/0x90 [ 3045.829040][T26877] do_wp_page+0x8ea/0x33c0 [ 3045.833447][T26877] ? lock_sync+0x190/0x190 [ 3045.837872][T26877] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3045.843230][T26877] ? do_raw_spin_lock+0x124/0x2b0 [ 3045.848248][T26877] ? spin_bug+0x1c0/0x1c0 [ 3045.852577][T26877] __handle_mm_fault+0x1635/0x41c0 [ 3045.857677][T26877] ? vm_iomap_memory+0x190/0x190 [ 3045.862601][T26877] ? mas_walk+0x58f/0x730 [ 3045.866932][T26877] ? numa_migrate_prep+0x3a0/0x3a0 [ 3045.872028][T26877] ? do_user_addr_fault+0x367/0x1210 [ 3045.877308][T26877] handle_mm_fault+0x2af/0x9f0 [ 3045.882149][T26877] do_user_addr_fault+0x2ca/0x1210 [ 3045.887249][T26877] ? rcu_is_watching+0x12/0xb0 [ 3045.892010][T26877] exc_page_fault+0x98/0x170 [ 3045.896614][T26877] asm_exc_page_fault+0x26/0x30 [ 3045.901561][T26877] RIP: 0033:0x7f5bd0639610 [ 3045.905971][T26877] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3045.925667][T26877] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3045.931723][T26877] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3045.939681][T26877] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3045.947646][T26877] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3045.955603][T26877] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3045.963563][T26877] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3045.971520][T26877] ? __sock_create+0x46/0x850 [ 3045.976207][T26877] 15:36:17 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2000}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:17 executing program 3: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, 0x0) 15:36:18 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, 0x0, 0x0) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3046.084293][T26986] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:36:18 executing program 3: r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000300)='big_key\x00', 0x0, &(0x7f0000000480)="e9", 0x1, r0) 15:36:18 executing program 3: write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x58) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) socket$netlink(0x10, 0x3, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000dc0), 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @multicast2}, 0x10) sendmmsg$inet(r5, &(0x7f0000002080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_retopts={{0x10, 0x60000000}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}], 0x30}}], 0x300, 0x0) [ 3046.132302][T26877] memory: usage 307184kB, limit 307200kB, failcnt 25158 [ 3046.163660][T26877] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3046.204829][T26877] Memory cgroup stats for /syz2: [ 3046.204991][T26877] anon 122880 [ 3046.204991][T26877] file 8388608 [ 3046.204991][T26877] kernel 306044928 [ 3046.204991][T26877] kernel_stack 65536 [ 3046.204991][T26877] pagetables 69632 [ 3046.204991][T26877] sec_pagetables 0 [ 3046.204991][T26877] percpu 5294912 [ 3046.204991][T26877] sock 0 [ 3046.204991][T26877] vmalloc 16384 [ 3046.204991][T26877] shmem 8380416 [ 3046.204991][T26877] zswap 0 [ 3046.204991][T26877] zswapped 0 [ 3046.204991][T26877] file_mapped 286720 [ 3046.204991][T26877] file_dirty 8192 [ 3046.204991][T26877] file_writeback 0 [ 3046.204991][T26877] swapcached 0 [ 3046.204991][T26877] anon_thp 0 [ 3046.204991][T26877] file_thp 0 [ 3046.204991][T26877] shmem_thp 0 [ 3046.204991][T26877] inactive_anon 4096 [ 3046.204991][T26877] active_anon 8499200 [ 3046.204991][T26877] inactive_file 8192 [ 3046.204991][T26877] active_file 0 [ 3046.204991][T26877] unevictable 0 [ 3046.204991][T26877] slab_reclaimable 39288 [ 3046.204991][T26877] slab_unreclaimable 300523984 [ 3046.204991][T26877] slab 300563272 [ 3046.204991][T26877] workingset_refault_anon 0 [ 3046.204991][T26877] workingset_refault_file 2 [ 3046.204991][T26877] workingset_activate_anon 0 [ 3046.204991][T26877] workingset_activate_file 0 [ 3046.204991][T26877] workingset_restore_anon 0 [ 3046.204991][T26877] workingset_restore_file 2 [ 3046.204991][T26877] workingset_nodereclaim 0 [ 3046.204991][T26877] pgscan 7709 [ 3046.204991][T26877] pgsteal 122 [ 3046.204991][T26877] pgscan_kswapd 106 [ 3046.204991][T26877] pgscan_direct 7603 [ 3046.204991][T26877] pgscan_khugepaged 0 [ 3046.204991][T26877] pgsteal_kswapd 97 [ 3046.204991][T26877] pgsteal_direct 25 [ 3046.204991][T26877] pgsteal_khugepaged 0 [ 3046.204991][T26877] pgfault 694864 [ 3046.204991][T26877] pgmajfault 0 [ 3046.204991][T26877] pgrefill 30972 [ 3046.204991][T26877] pgactivate 7587 [ 3046.204991][T26877] pgdeactivate 0 [ 3046.204991][T26877] pglazyfree 0 [ 3046.204991][T26877] pglazyfreed 0 [ 3046.204991][T26877] zswpin 0 [ 3046.204991][T26877] zswpout 0 [ 3046.633132][T26877] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26877,uid=0 [ 3046.693805][T26877] Memory cgroup out of memory: Killed process 26877 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:36:18 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x11}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:18 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, 0x0, 0x0) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x7a9e0400}, 0x0) [ 3046.793524][T27102] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3046.804438][T26992] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3046.804463][T26992] CPU: 0 PID: 26992 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3046.804482][T26992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3046.804493][T26992] Call Trace: [ 3046.804498][T26992] [ 3046.804504][T26992] dump_stack_lvl+0x136/0x150 [ 3046.804537][T26992] dump_header+0x10a/0xd70 [ 3046.804558][T26992] oom_kill_process+0x25d/0x600 [ 3046.804581][T26992] out_of_memory+0x35c/0x1660 [ 3046.804602][T26992] ? find_held_lock+0x2d/0x110 [ 3046.804625][T26992] ? oom_killer_disable+0x2b0/0x2b0 [ 3046.804642][T26992] ? rcu_read_unlock+0x9/0x60 [ 3046.804663][T26992] ? find_held_lock+0x2d/0x110 [ 3046.804684][T26992] mem_cgroup_out_of_memory+0x206/0x270 [ 3046.804708][T26992] ? mem_cgroup_margin+0x130/0x130 [ 3046.804728][T26992] ? lock_downgrade+0x690/0x690 [ 3046.804760][T26992] try_charge_memcg+0xf99/0x13a0 [ 3046.804789][T26992] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3046.804817][T26992] ? rcu_read_unlock+0x9/0x60 [ 3046.804836][T26992] ? lock_downgrade+0x690/0x690 [ 3046.804867][T26992] charge_memcg+0x90/0x3b0 [ 3046.804894][T26992] __mem_cgroup_charge+0x2b/0x90 [ 3046.804911][T26992] __handle_mm_fault+0x2296/0x41c0 [ 3046.804934][T26992] ? vm_iomap_memory+0x190/0x190 [ 3046.804951][T26992] ? mas_walk+0x58f/0x730 [ 3046.804980][T26992] ? numa_migrate_prep+0x3a0/0x3a0 [ 3046.805001][T26992] handle_mm_fault+0x2af/0x9f0 [ 3046.805023][T26992] do_user_addr_fault+0x2ca/0x1210 [ 3046.805049][T26992] ? rcu_is_watching+0x12/0xb0 [ 3046.805081][T26992] exc_page_fault+0x98/0x170 [ 3046.805102][T26992] asm_exc_page_fault+0x26/0x30 [ 3046.805127][T26992] RIP: 0033:0x7f5d2ac3e171 [ 3046.805141][T26992] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3046.805157][T26992] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3046.805172][T26992] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3046.805183][T26992] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 [ 3046.805194][T26992] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3046.805204][T26992] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3046.805216][T26992] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3046.805238][T26992] [ 3046.831030][T26992] memory: usage 307200kB, limit 307200kB, failcnt 25060 [ 3047.276993][T26992] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3047.301557][T26992] Memory cgroup stats for /syz1: [ 3047.301727][T26992] anon 438272 [ 3047.301727][T26992] file 262144 [ 3047.301727][T26992] kernel 313872384 [ 3047.301727][T26992] kernel_stack 163840 [ 3047.301727][T26992] pagetables 258048 [ 3047.301727][T26992] sec_pagetables 0 [ 3047.301727][T26992] percpu 5421792 [ 3047.301727][T26992] sock 0 [ 3047.301727][T26992] vmalloc 0 [ 3047.301727][T26992] shmem 258048 [ 3047.301727][T26992] zswap 0 [ 3047.301727][T26992] zswapped 0 [ 3047.301727][T26992] file_mapped 241664 [ 3047.301727][T26992] file_dirty 4096 [ 3047.301727][T26992] file_writeback 0 [ 3047.301727][T26992] swapcached 0 [ 3047.301727][T26992] anon_thp 0 [ 3047.301727][T26992] file_thp 0 [ 3047.301727][T26992] shmem_thp 0 [ 3047.301727][T26992] inactive_anon 49152 [ 3047.301727][T26992] active_anon 647168 [ 3047.301727][T26992] inactive_file 0 [ 3047.301727][T26992] active_file 4096 [ 3047.301727][T26992] unevictable 0 [ 3047.301727][T26992] slab_reclaimable 34328 [ 3047.301727][T26992] slab_unreclaimable 307909680 [ 3047.301727][T26992] slab 307944008 [ 3047.301727][T26992] workingset_refault_anon 0 [ 3047.301727][T26992] workingset_refault_file 2 [ 3047.301727][T26992] workingset_activate_anon 0 [ 3047.301727][T26992] workingset_activate_file 0 [ 3047.301727][T26992] workingset_restore_anon 0 [ 3047.301727][T26992] workingset_restore_file 2 [ 3047.301727][T26992] workingset_nodereclaim 0 [ 3047.301727][T26992] pgscan 3818 [ 3047.301727][T26992] pgsteal 107 [ 3047.301727][T26992] pgscan_kswapd 92 [ 3047.301727][T26992] pgscan_direct 3726 [ 3047.301727][T26992] pgscan_khugepaged 0 [ 3047.301727][T26992] pgsteal_kswapd 88 [ 3047.301727][T26992] pgsteal_direct 19 [ 3047.301727][T26992] pgsteal_khugepaged 0 [ 3047.301727][T26992] pgfault 566926 [ 3047.301727][T26992] pgmajfault 2 [ 3047.301727][T26992] pgrefill 16419 [ 3047.301727][T26992] pgactivate 3711 [ 3047.301727][T26992] pgdeactivate 0 [ 3047.301727][T26992] pglazyfree 0 [ 3047.301727][T26992] pglazyfreed 0 [ 3047.301727][T26992] zswpin 0 [ 3047.301727][T26992] zswpout 0 [ 3047.409354][T27102] syz-executor.4: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0x404dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 3047.591406][T26992] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 3047.613635][T27102] CPU: 1 PID: 27102 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3047.630877][T27102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3047.640923][T27102] Call Trace: [ 3047.644187][T27102] [ 3047.647107][T27102] dump_stack_lvl+0x136/0x150 [ 3047.651786][T27102] warn_alloc+0x213/0x360 [ 3047.656116][T27102] ? zone_watermark_ok_safe+0x2e0/0x2e0 [ 3047.661658][T27102] ? find_held_lock+0x2d/0x110 [ 3047.666418][T27102] ? lock_downgrade+0x690/0x690 [ 3047.671263][T27102] ? mark_held_locks+0x9f/0xe0 [ 3047.676024][T27102] __vmalloc_node_range+0x1021/0x14a0 [ 3047.681397][T27102] ? alloc_netdev_mqs+0x9c/0x1250 [ 3047.686425][T27102] ? delayed_vfree_work+0x70/0x70 [ 3047.691525][T27102] ? __kmem_cache_alloc_node+0xb4/0x320 [ 3047.697070][T27102] ? kvmalloc_node+0x76/0x1a0 [ 3047.701741][T27102] ? rcu_is_watching+0x12/0xb0 [ 3047.706503][T27102] ? alloc_netdev_mqs+0x9c/0x1250 [ 3047.711530][T27102] kvmalloc_node+0x156/0x1a0 [ 3047.716125][T27102] ? alloc_netdev_mqs+0x9c/0x1250 [ 3047.721142][T27102] alloc_netdev_mqs+0x9c/0x1250 [ 3047.725984][T27102] ? security_capable+0x93/0xc0 [ 3047.730826][T27102] ? br_netpoll_disable+0x60/0x60 [ 3047.735840][T27102] rtnl_create_link+0xc17/0xf20 [ 3047.740682][T27102] __rtnl_newlink+0xfd4/0x1840 [ 3047.745444][T27102] ? rtnl_link_unregister+0x250/0x250 [ 3047.750820][T27102] ? rtnl_newlink+0x4a/0xa0 [ 3047.755321][T27102] rtnl_newlink+0x68/0xa0 [ 3047.759667][T27102] ? __rtnl_newlink+0x1840/0x1840 [ 3047.764685][T27102] rtnetlink_rcv_msg+0x43d/0xd50 [ 3047.769616][T27102] ? rtnl_stats_set+0x4d0/0x4d0 [ 3047.774456][T27102] ? __dev_queue_xmit+0xa2a/0x3b10 [ 3047.779568][T27102] netlink_rcv_skb+0x165/0x440 [ 3047.784322][T27102] ? rtnl_stats_set+0x4d0/0x4d0 [ 3047.789163][T27102] ? netlink_ack+0x1360/0x1360 [ 3047.793926][T27102] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3047.799204][T27102] netlink_unicast+0x547/0x7f0 [ 3047.803962][T27102] ? netlink_attachskb+0x890/0x890 [ 3047.809062][T27102] ? __virt_addr_valid+0x61/0x2e0 [ 3047.814094][T27102] ? __phys_addr_symbol+0x30/0x70 [ 3047.819111][T27102] ? __check_object_size+0x323/0x730 [ 3047.824388][T27102] netlink_sendmsg+0x925/0xe30 [ 3047.829146][T27102] ? netlink_unicast+0x7f0/0x7f0 [ 3047.834085][T27102] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3047.839358][T27102] ? netlink_unicast+0x7f0/0x7f0 [ 3047.844286][T27102] sock_sendmsg+0xde/0x190 [ 3047.848693][T27102] ____sys_sendmsg+0x71c/0x900 [ 3047.853446][T27102] ? copy_msghdr_from_user+0xfc/0x150 [ 3047.858812][T27102] ? kernel_sendmsg+0x50/0x50 [ 3047.863484][T27102] ? futex_unqueue+0xb7/0x120 [ 3047.868150][T27102] ? futex_wait+0x503/0x680 [ 3047.872841][T27102] ___sys_sendmsg+0x110/0x1b0 [ 3047.877510][T27102] ? do_recvmmsg+0x6f0/0x6f0 [ 3047.882096][T27102] ? __fget_files+0x248/0x480 [ 3047.886768][T27102] ? lock_downgrade+0x690/0x690 [ 3047.891624][T27102] ? __fget_files+0x26a/0x480 [ 3047.896302][T27102] ? __fget_light+0xe5/0x270 [ 3047.900934][T27102] __sys_sendmsg+0xf7/0x1c0 [ 3047.905436][T27102] ? __sys_sendmsg_sock+0x40/0x40 [ 3047.910455][T27102] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3047.916355][T27102] ? syscall_enter_from_user_mode+0x26/0x80 [ 3047.922249][T27102] ? lockdep_hardirqs_on+0x7d/0x100 [ 3047.927441][T27102] do_syscall_64+0x39/0xb0 [ 3047.931874][T27102] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3047.937764][T27102] RIP: 0033:0x7fcdfee8c169 [ 3047.942168][T27102] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3047.961765][T27102] RSP: 002b:00007fcdffb69168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3047.970178][T27102] RAX: ffffffffffffffda RBX: 00007fcdfefabf80 RCX: 00007fcdfee8c169 [ 3047.978159][T27102] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3047.986115][T27102] RBP: 00007fcdfeee7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3047.994098][T27102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3048.002056][T27102] R13: 00007ffda41c1e2f R14: 00007fcdffb69300 R15: 0000000000022000 [ 3048.010029][T27102] [ 3048.124721][T26992] ,cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=26991,uid=0 [ 3048.135835][T26992] Memory cgroup out of memory: Killed process 26991 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3048.154425][T27102] Mem-Info: [ 3048.161431][T27102] active_anon:191795 inactive_anon:29706 isolated_anon:0 [ 3048.161431][T27102] active_file:7513 inactive_file:1378 isolated_file:0 [ 3048.161431][T27102] unevictable:768 dirty:10 writeback:0 [ 3048.161431][T27102] slab_reclaimable:23919 slab_unreclaimable:609556 [ 3048.161431][T27102] mapped:20167 shmem:27301 pagetables:2185 [ 3048.161431][T27102] sec_pagetables:0 bounce:0 [ 3048.161431][T27102] kernel_misc_reclaimable:0 [ 3048.161431][T27102] free:664805 free_pcp:12691 free_cma:0 [ 3048.221390][T27149] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3048.240406][T27102] Node 0 active_anon:753944kB inactive_anon:126112kB active_file:28796kB inactive_file:448kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:80668kB dirty:16kB writeback:0kB shmem:105284kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 49152kB writeback_tmp:0kB kernel_stack:11576kB pagetables:7812kB sec_pagetables:0kB all_unreclaimable? no [ 3048.273837][T27149] CPU: 0 PID: 27149 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3048.284250][T27149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3048.294285][T27149] Call Trace: [ 3048.297549][T27149] [ 3048.300475][T27149] dump_stack_lvl+0x136/0x150 [ 3048.305164][T27149] dump_header+0x10a/0xd70 [ 3048.309582][T27149] oom_kill_process+0x25d/0x600 [ 3048.314423][T27149] out_of_memory+0x35c/0x1660 [ 3048.319088][T27149] ? find_held_lock+0x2d/0x110 [ 3048.323848][T27149] ? oom_killer_disable+0x2b0/0x2b0 [ 3048.329033][T27149] ? rcu_read_unlock+0x9/0x60 [ 3048.333720][T27149] ? find_held_lock+0x2d/0x110 [ 3048.338475][T27149] mem_cgroup_out_of_memory+0x206/0x270 [ 3048.344030][T27149] ? mem_cgroup_margin+0x130/0x130 [ 3048.349148][T27149] ? lock_downgrade+0x690/0x690 [ 3048.354836][T27149] try_charge_memcg+0xf99/0x13a0 [ 3048.359874][T27149] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3048.365866][T27149] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3048.371615][T27149] ? lock_downgrade+0x690/0x690 [ 3048.376461][T27149] ? lock_downgrade+0x690/0x690 [ 3048.381330][T27149] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3048.386882][T27149] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3048.393034][T27149] copy_process+0x4f9/0x75c0 [ 3048.397704][T27149] ? __lock_acquire+0xc17/0x5f30 [ 3048.402653][T27149] ? pidfd_prepare+0x80/0x80 [ 3048.407254][T27149] ? psi_memstall_leave+0x174/0x250 [ 3048.412453][T27149] ? lock_downgrade+0x690/0x690 [ 3048.417299][T27149] kernel_clone+0xeb/0x890 [ 3048.421749][T27149] ? create_io_thread+0xe0/0xe0 [ 3048.426616][T27149] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3048.432949][T27149] ? lock_downgrade+0x690/0x690 [ 3048.437817][T27149] __do_sys_clone+0xba/0x100 [ 3048.442414][T27149] ? kernel_clone+0x890/0x890 [ 3048.447193][T27149] ? syscall_enter_from_user_mode+0x26/0x80 [ 3048.453086][T27149] do_syscall_64+0x39/0xb0 [ 3048.457497][T27149] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3048.463388][T27149] RIP: 0033:0x7f5bd068d591 [ 3048.467788][T27149] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3048.487483][T27149] RSP: 002b:00007fffe74b1648 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3048.495897][T27149] RAX: ffffffffffffffda RBX: 00007f5bd1304700 RCX: 00007f5bd068d591 [ 3048.503878][T27149] RDX: 00007f5bd13049d0 RSI: 00007f5bd13042f0 RDI: 00000000003d0f00 [ 3048.511918][T27149] RBP: 00007fffe74b1890 R08: 00007f5bd1304700 R09: 00007f5bd1304700 [ 3048.519878][T27149] R10: 00007f5bd13049d0 R11: 0000000000000206 R12: 00007fffe74b16fe [ 3048.527845][T27149] R13: 00007fffe74b16ff R14: 00007f5bd1304300 R15: 0000000000022000 [ 3048.535828][T27149] [ 3048.571427][T27102] Node 1 active_anon:5528kB inactive_anon:336kB active_file:1256kB inactive_file:5064kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:24kB writeback:0kB shmem:3920kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:988kB pagetables:928kB sec_pagetables:0kB all_unreclaimable? no [ 3048.694203][T27102] Node 0 DMA free:10708kB boost:0kB min:200kB low:248kB high:296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:88kB free_cma:0kB [ 3048.695427][T27149] memory: usage 307152kB, limit 307200kB, failcnt 25254 [ 3048.764544][T27102] lowmem_reserve[]: 0 2617 2619 2619 2619 [ 3048.772385][T27102] Node 0 DMA32 free:61356kB boost:0kB min:35440kB low:44300kB high:53160kB reserved_highatomic:0KB active_anon:753364kB inactive_anon:126664kB active_file:27568kB inactive_file:368kB unevictable:1536kB writepending:16kB present:3129332kB managed:2684936kB mlocked:0kB bounce:0kB free_pcp:16752kB local_pcp:15816kB free_cma:0kB [ 3048.772437][T27102] lowmem_reserve[]: 0 0 1 1 1 [ 3048.772468][T27102] Node 0 Normal free:16kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:40kB inactive_anon:4kB active_file:1228kB inactive_file:76kB unevictable:0kB writepending:0kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 3048.772515][T27102] lowmem_reserve[]: 0 0 0 0 0 [ 3048.772552][T27102] Node 1 Normal free:2587140kB boost:0kB min:54444kB low:68052kB high:81660kB reserved_highatomic:0KB active_anon:5528kB inactive_anon:336kB active_file:1256kB inactive_file:5064kB unevictable:1536kB writepending:24kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:33648kB local_pcp:26224kB free_cma:0kB [ 3048.772602][T27102] lowmem_reserve[]: 0 0 0 0 0 [ 3048.772633][T27102] Node 0 DMA: 3*4kB (UE) 3*8kB (UME) 1*16kB (M) 1*32kB (E) 2*64kB (ME) 4*128kB (UME) 3*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10708kB [ 3048.772774][T27102] Node 0 DMA32: 685*4kB (UME) 537*8kB (UME) 171*16kB (ME) 394*32kB (UME) 81*64kB (UME) 26*128kB (UME) 13*256kB (UME) 9*512kB (UME) 6*1024kB (UM) 8*2048kB (M) 0*4096kB = 61356kB [ 3048.772913][T27102] Node 0 Normal: 4*4kB (UM) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 3048.773006][T27102] Node 1 Normal: 1943*4kB (UME) 1255*8kB (UME) 607*16kB (UME) 276*32kB (UME) 236*64kB (UME) 114*128kB (UME) 66*256kB (UME) 41*512kB (UM) 27*1024kB (UM) 11*2048kB (UM) 594*4096kB (UM) = 2587140kB [ 3048.773151][T27102] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3048.773165][T27102] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3048.773178][T27102] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3048.773192][T27102] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3048.773205][T27102] 36032 total pagecache pages [ 3048.773212][T27102] 0 pages in swap cache [ 3048.773218][T27102] Free swap = 0kB [ 3048.773224][T27102] Total swap = 0kB [ 3048.773230][T27102] 2097051 pages RAM [ 3048.773236][T27102] 0 pages HighMem/MovableOnly [ 3048.773242][T27102] 392162 pages reserved [ 3048.773248][T27102] 0 pages cma reserved 15:36:20 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9d940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:20 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, 0x0, 0x0) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:20 executing program 3: write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x58) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xae) socket$netlink(0x10, 0x3, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000dc0), 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @multicast2}, 0x10) sendmmsg$inet(r5, &(0x7f0000002080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_retopts={{0x10, 0x60000000}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}], 0x30}}], 0x300, 0x0) 15:36:20 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2100}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:20 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x7b9e0400}, 0x0) 15:36:21 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3049.171210][T27215] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:36:21 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:21 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x7c9e0400}, 0x0) [ 3049.533207][T27329] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3049.760364][T27149] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3049.806368][T27149] Memory cgroup stats for /syz2: [ 3049.806572][T27149] anon 102400 [ 3049.806572][T27149] file 8388608 [ 3049.806572][T27149] kernel 306016256 [ 3049.806572][T27149] kernel_stack 32768 [ 3049.806572][T27149] pagetables 69632 [ 3049.806572][T27149] sec_pagetables 0 [ 3049.806572][T27149] percpu 5294912 [ 3049.806572][T27149] sock 0 [ 3049.806572][T27149] vmalloc 16384 [ 3049.806572][T27149] shmem 8380416 [ 3049.806572][T27149] zswap 0 [ 3049.806572][T27149] zswapped 0 [ 3049.806572][T27149] file_mapped 286720 [ 3049.806572][T27149] file_dirty 4096 [ 3049.806572][T27149] file_writeback 0 [ 3049.806572][T27149] swapcached 0 [ 3049.806572][T27149] anon_thp 0 [ 3049.806572][T27149] file_thp 0 [ 3049.806572][T27149] shmem_thp 0 [ 3049.806572][T27149] inactive_anon 8437760 [ 3049.806572][T27149] active_anon 45056 [ 3049.806572][T27149] inactive_file 0 [ 3049.806572][T27149] active_file 8192 [ 3049.806572][T27149] unevictable 0 [ 3049.806572][T27149] slab_reclaimable 37360 [ 3049.806572][T27149] slab_unreclaimable 300522872 [ 3049.806572][T27149] slab 300560232 [ 3049.806572][T27149] workingset_refault_anon 0 [ 3049.806572][T27149] workingset_refault_file 2 [ 3049.806572][T27149] workingset_activate_anon 0 [ 3049.806572][T27149] workingset_activate_file 0 [ 3049.806572][T27149] workingset_restore_anon 0 [ 3049.806572][T27149] workingset_restore_file 2 [ 3049.806572][T27149] workingset_nodereclaim 0 [ 3049.806572][T27149] pgscan 7745 [ 3049.806572][T27149] pgsteal 122 [ 3049.806572][T27149] pgscan_kswapd 106 [ 3049.806572][T27149] pgscan_direct 7639 [ 3049.806572][T27149] pgscan_khugepaged 0 [ 3049.806572][T27149] pgsteal_kswapd 97 [ 3049.806572][T27149] pgsteal_direct 25 [ 3049.806572][T27149] pgsteal_khugepaged 0 [ 3049.806572][T27149] pgfault 694904 [ 3049.806572][T27149] pgmajfault 0 [ 3049.806572][T27149] pgrefill 31060 [ 3049.806572][T27149] pgactivate 7623 [ 3049.806572][T27149] pgdeactivate 0 [ 3049.806572][T27149] pglazyfree 0 [ 3049.806572][T27149] pglazyfreed 0 [ 3049.806572][T27149] zswpin 0 [ 3049.806572][T27149] zswpout 0 [ 3050.022947][T27149] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27149,uid=0 [ 3050.073942][T27149] Memory cgroup out of memory: Killed process 27149 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:36:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x17}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:22 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x7d9e0400}, 0x0) [ 3050.144684][T27236] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3050.304717][T27435] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3050.316022][T27435] CPU: 0 PID: 27435 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3050.326452][T27435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3050.336503][T27435] Call Trace: [ 3050.339775][T27435] [ 3050.342704][T27435] dump_stack_lvl+0x136/0x150 [ 3050.347404][T27435] dump_header+0x10a/0xd70 [ 3050.351855][T27435] oom_kill_process+0x25d/0x600 [ 3050.356705][T27435] out_of_memory+0x35c/0x1660 [ 3050.361405][T27435] ? find_held_lock+0x2d/0x110 [ 3050.366183][T27435] ? oom_killer_disable+0x2b0/0x2b0 [ 3050.371400][T27435] ? rcu_read_unlock+0x9/0x60 [ 3050.376080][T27435] ? find_held_lock+0x2d/0x110 [ 3050.380847][T27435] mem_cgroup_out_of_memory+0x206/0x270 [ 3050.386401][T27435] ? mem_cgroup_margin+0x130/0x130 [ 3050.391517][T27435] ? lock_downgrade+0x690/0x690 [ 3050.396388][T27435] try_charge_memcg+0xf99/0x13a0 [ 3050.401335][T27435] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3050.407324][T27435] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3050.413053][T27435] ? lock_downgrade+0x690/0x690 [ 3050.417918][T27435] ? lock_downgrade+0x690/0x690 [ 3050.422783][T27435] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3050.428431][T27435] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3050.434612][T27435] copy_process+0x4f9/0x75c0 [ 3050.439207][T27435] ? __lock_acquire+0xc17/0x5f30 [ 3050.444153][T27435] ? pidfd_prepare+0x80/0x80 [ 3050.448757][T27435] ? psi_memstall_leave+0x174/0x250 [ 3050.453958][T27435] ? lock_downgrade+0x690/0x690 [ 3050.458821][T27435] kernel_clone+0xeb/0x890 [ 3050.463237][T27435] ? create_io_thread+0xe0/0xe0 [ 3050.468078][T27435] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3050.474325][T27435] ? lock_downgrade+0x690/0x690 [ 3050.479188][T27435] __do_sys_clone+0xba/0x100 [ 3050.483774][T27435] ? kernel_clone+0x890/0x890 [ 3050.488449][T27435] ? syscall_enter_from_user_mode+0x26/0x80 [ 3050.494340][T27435] do_syscall_64+0x39/0xb0 [ 3050.498749][T27435] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3050.504650][T27435] RIP: 0033:0x7f5bd068d591 [ 3050.509073][T27435] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3050.528701][T27435] RSP: 002b:00007fffe74b1648 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3050.537113][T27435] RAX: ffffffffffffffda RBX: 00007f5bd1304700 RCX: 00007f5bd068d591 [ 3050.545088][T27435] RDX: 00007f5bd13049d0 RSI: 00007f5bd13042f0 RDI: 00000000003d0f00 [ 3050.553052][T27435] RBP: 00007fffe74b1890 R08: 00007f5bd1304700 R09: 00007f5bd1304700 [ 3050.561003][T27435] R10: 00007f5bd13049d0 R11: 0000000000000206 R12: 00007fffe74b16fe [ 3050.568979][T27435] R13: 00007fffe74b16ff R14: 00007f5bd1304300 R15: 0000000000022000 [ 3050.576972][T27435] [ 3050.582848][T27435] memory: usage 307200kB, limit 307200kB, failcnt 25339 [ 3050.603823][T27435] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3050.624116][T27435] Memory cgroup stats for /syz2: [ 3050.624275][T27435] anon 102400 [ 3050.624275][T27435] file 8388608 [ 3050.624275][T27435] kernel 306081792 [ 3050.624275][T27435] kernel_stack 32768 [ 3050.624275][T27435] pagetables 69632 [ 3050.624275][T27435] sec_pagetables 0 [ 3050.624275][T27435] percpu 5294976 [ 3050.624275][T27435] sock 0 [ 3050.624275][T27435] vmalloc 16384 [ 3050.624275][T27435] shmem 8380416 [ 3050.624275][T27435] zswap 0 [ 3050.624275][T27435] zswapped 0 [ 3050.624275][T27435] file_mapped 286720 [ 3050.624275][T27435] file_dirty 4096 [ 3050.624275][T27435] file_writeback 0 [ 3050.624275][T27435] swapcached 0 [ 3050.624275][T27435] anon_thp 0 [ 3050.624275][T27435] file_thp 0 [ 3050.624275][T27435] shmem_thp 0 [ 3050.624275][T27435] inactive_anon 8450048 [ 3050.624275][T27435] active_anon 32768 [ 3050.624275][T27435] inactive_file 8192 [ 3050.624275][T27435] active_file 0 [ 3050.624275][T27435] unevictable 0 [ 3050.624275][T27435] slab_reclaimable 85816 [ 3050.624275][T27435] slab_unreclaimable 300539712 [ 3050.624275][T27435] slab 300625528 [ 3050.624275][T27435] workingset_refault_anon 0 [ 3050.624275][T27435] workingset_refault_file 2 [ 3050.624275][T27435] workingset_activate_anon 0 [ 3050.624275][T27435] workingset_activate_file 0 [ 3050.624275][T27435] workingset_restore_anon 0 [ 3050.624275][T27435] workingset_restore_file 2 [ 3050.624275][T27435] workingset_nodereclaim 0 [ 3050.624275][T27435] pgscan 7768 [ 3050.624275][T27435] pgsteal 122 [ 3050.624275][T27435] pgscan_kswapd 106 [ 3050.624275][T27435] pgscan_direct 7662 [ 3050.624275][T27435] pgscan_khugepaged 0 [ 3050.624275][T27435] pgsteal_kswapd 97 [ 3050.624275][T27435] pgsteal_direct 25 [ 3050.624275][T27435] pgsteal_khugepaged 0 [ 3050.624275][T27435] pgfault 694945 [ 3050.624275][T27435] pgmajfault 0 [ 3050.624275][T27435] pgrefill 31106 [ 3050.624275][T27435] pgactivate 7646 [ 3050.624275][T27435] pgdeactivate 0 [ 3050.624275][T27435] pglazyfree 0 [ 3050.624275][T27435] pglazyfreed 0 [ 3050.624275][T27435] zswpin 0 [ 3050.624275][T27435] zswpout 0 [ 3050.919676][T27435] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27435,uid=0 [ 3050.953502][T27435] Memory cgroup out of memory: Killed process 27435 (syz-executor.2) total-vm:54548kB, anon-rss:360kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3051.021414][T27236] syz-executor.4 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=1, oom_score_adj=1000 [ 3051.068255][T27236] CPU: 0 PID: 27236 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3051.078771][T27236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3051.088824][T27236] Call Trace: [ 3051.092091][T27236] [ 3051.095016][T27236] dump_stack_lvl+0x136/0x150 [ 3051.099705][T27236] dump_header+0x10a/0xd70 [ 3051.104119][T27236] oom_kill_process+0x25d/0x600 [ 3051.108965][T27236] out_of_memory+0x35c/0x1660 [ 3051.113644][T27236] ? oom_killer_disable+0x2b0/0x2b0 [ 3051.118837][T27236] ? rcu_read_unlock+0x9/0x60 [ 3051.123510][T27236] ? find_held_lock+0x2d/0x110 [ 3051.128272][T27236] mem_cgroup_out_of_memory+0x206/0x270 [ 3051.133830][T27236] ? mem_cgroup_margin+0x130/0x130 [ 3051.138956][T27236] ? lock_downgrade+0x690/0x690 [ 3051.143824][T27236] try_charge_memcg+0xf27/0x13a0 [ 3051.148773][T27236] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3051.154760][T27236] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3051.160486][T27236] ? lock_downgrade+0x690/0x690 [ 3051.165424][T27236] ? lock_downgrade+0x690/0x690 [ 3051.170287][T27236] obj_cgroup_charge+0x2af/0x5e0 [ 3051.175234][T27236] __kmem_cache_alloc_node+0xa3/0x320 [ 3051.180609][T27236] ? neigh_sysctl_register+0x9e/0x5f0 [ 3051.185986][T27236] ? neigh_sysctl_register+0x9e/0x5f0 [ 3051.191366][T27236] __kmalloc_node_track_caller+0x4f/0x1a0 [ 3051.197095][T27236] kmemdup+0x2c/0x60 [ 3051.201350][T27236] neigh_sysctl_register+0x9e/0x5f0 [ 3051.206568][T27236] ? neigh_stat_seq_show+0x420/0x420 [ 3051.211867][T27236] ? lock_downgrade+0x690/0x690 [ 3051.216719][T27236] ? inetdev_init+0x23d/0x580 [ 3051.221403][T27236] ? inetdev_event+0xe7c/0x1720 [ 3051.226254][T27236] ? notifier_call_chain+0xb6/0x3c0 [ 3051.231456][T27236] ? call_netdevice_notifiers_info+0xb9/0x130 [ 3051.237522][T27236] ? register_netdevice+0xfb4/0x1640 [ 3051.242805][T27236] ? br_dev_newlink+0x27/0x110 [ 3051.247563][T27236] ? __rtnl_newlink+0x10c2/0x1840 [ 3051.252580][T27236] ? rtnl_newlink+0x68/0xa0 [ 3051.257080][T27236] ? rtnetlink_rcv_msg+0x43d/0xd50 [ 3051.262189][T27236] ? netlink_rcv_skb+0x165/0x440 [ 3051.267120][T27236] ? netlink_unicast+0x547/0x7f0 [ 3051.272059][T27236] ? netlink_sendmsg+0x925/0xe30 [ 3051.276993][T27236] ? sock_sendmsg+0xde/0x190 [ 3051.281576][T27236] ? ____sys_sendmsg+0x71c/0x900 [ 3051.286503][T27236] ? ___sys_sendmsg+0x110/0x1b0 [ 3051.291354][T27236] devinet_sysctl_register+0xb1/0x230 [ 3051.296728][T27236] inetdev_init+0x286/0x580 [ 3051.301237][T27236] inetdev_event+0xe7c/0x1720 [ 3051.305914][T27236] ? del_default_gids+0xe0/0xe0 [ 3051.310765][T27236] ? is_ndev_for_default_gid_filter.part.0+0x320/0x320 [ 3051.317611][T27236] ? devinet_init_net+0x650/0x650 [ 3051.322637][T27236] ? skb_dequeue+0x129/0x180 [ 3051.327222][T27236] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 3051.333116][T27236] notifier_call_chain+0xb6/0x3c0 [ 3051.338143][T27236] call_netdevice_notifiers_info+0xb9/0x130 [ 3051.344044][T27236] register_netdevice+0xfb4/0x1640 [ 3051.349157][T27236] ? unregister_netdevice_queue+0x3c0/0x3c0 [ 3051.355055][T27236] ? validate_linkmsg+0x6e4/0x9c0 [ 3051.360093][T27236] br_dev_newlink+0x27/0x110 [ 3051.364690][T27236] ? br_changelink+0x1660/0x1660 [ 3051.369636][T27236] __rtnl_newlink+0x10c2/0x1840 [ 3051.374488][T27236] ? rtnl_link_unregister+0x250/0x250 [ 3051.379869][T27236] ? rtnl_newlink+0x4a/0xa0 [ 3051.384374][T27236] rtnl_newlink+0x68/0xa0 [ 3051.388692][T27236] ? __rtnl_newlink+0x1840/0x1840 [ 3051.393702][T27236] rtnetlink_rcv_msg+0x43d/0xd50 [ 3051.398636][T27236] ? rtnl_stats_set+0x4d0/0x4d0 [ 3051.403478][T27236] ? __dev_queue_xmit+0xa2a/0x3b10 [ 3051.408587][T27236] netlink_rcv_skb+0x165/0x440 [ 3051.413342][T27236] ? rtnl_stats_set+0x4d0/0x4d0 [ 3051.418186][T27236] ? netlink_ack+0x1360/0x1360 [ 3051.422955][T27236] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3051.428237][T27236] netlink_unicast+0x547/0x7f0 [ 3051.433022][T27236] ? netlink_attachskb+0x890/0x890 [ 3051.438126][T27236] ? __virt_addr_valid+0x61/0x2e0 [ 3051.443152][T27236] ? __phys_addr_symbol+0x30/0x70 [ 3051.448173][T27236] ? __check_object_size+0x323/0x730 [ 3051.453452][T27236] netlink_sendmsg+0x925/0xe30 [ 3051.458211][T27236] ? netlink_unicast+0x7f0/0x7f0 [ 3051.463144][T27236] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3051.468416][T27236] ? netlink_unicast+0x7f0/0x7f0 [ 3051.473342][T27236] sock_sendmsg+0xde/0x190 [ 3051.477751][T27236] ____sys_sendmsg+0x71c/0x900 [ 3051.482506][T27236] ? copy_msghdr_from_user+0xfc/0x150 [ 3051.487871][T27236] ? kernel_sendmsg+0x50/0x50 [ 3051.492542][T27236] ? futex_unqueue+0xb7/0x120 [ 3051.497212][T27236] ? futex_wait+0x503/0x680 [ 3051.501707][T27236] ___sys_sendmsg+0x110/0x1b0 [ 3051.506465][T27236] ? do_recvmmsg+0x6f0/0x6f0 [ 3051.511048][T27236] ? __fget_files+0x248/0x480 [ 3051.515731][T27236] ? lock_downgrade+0x690/0x690 [ 3051.520586][T27236] ? __fget_files+0x26a/0x480 [ 3051.525267][T27236] ? __fget_light+0xe5/0x270 [ 3051.529861][T27236] __sys_sendmsg+0xf7/0x1c0 [ 3051.534352][T27236] ? __sys_sendmsg_sock+0x40/0x40 [ 3051.539372][T27236] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3051.545274][T27236] ? syscall_enter_from_user_mode+0x26/0x80 [ 3051.551161][T27236] ? lockdep_hardirqs_on+0x7d/0x100 [ 3051.556354][T27236] do_syscall_64+0x39/0xb0 [ 3051.560768][T27236] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3051.566656][T27236] RIP: 0033:0x7fcdfee8c169 [ 3051.571058][T27236] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3051.590657][T27236] RSP: 002b:00007fcdffb69168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3051.599057][T27236] RAX: ffffffffffffffda RBX: 00007fcdfefabf80 RCX: 00007fcdfee8c169 [ 3051.607020][T27236] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3051.614977][T27236] RBP: 00007fcdfeee7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3051.622944][T27236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3051.630921][T27236] R13: 00007ffda41c1e2f R14: 00007fcdffb69300 R15: 0000000000022000 [ 3051.638890][T27236] [ 3051.758412][T27236] memory: usage 307200kB, limit 307200kB, failcnt 36543 [ 3051.769008][T27236] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3051.791072][T27236] Memory cgroup stats for /syz4: [ 3051.791157][T27236] anon 2142208 [ 3051.791157][T27236] file 7716864 [ 3051.791157][T27236] kernel 304713728 [ 3051.791157][T27236] kernel_stack 688128 [ 3051.791157][T27236] pagetables 1171456 [ 3051.791157][T27236] sec_pagetables 0 [ 3051.791157][T27236] percpu 5219168 [ 3051.791157][T27236] sock 0 [ 3051.791157][T27236] vmalloc 16384 [ 3051.791157][T27236] shmem 7716864 [ 3051.791157][T27236] zswap 0 [ 3051.791157][T27236] zswapped 0 [ 3051.791157][T27236] file_mapped 196608 [ 3051.791157][T27236] file_dirty 0 [ 3051.791157][T27236] file_writeback 0 [ 3051.791157][T27236] swapcached 0 [ 3051.791157][T27236] anon_thp 0 [ 3051.791157][T27236] file_thp 0 [ 3051.791157][T27236] shmem_thp 0 [ 3051.791157][T27236] inactive_anon 9596928 [ 3051.791157][T27236] active_anon 262144 [ 3051.791157][T27236] inactive_file 0 [ 3051.791157][T27236] active_file 0 [ 3051.791157][T27236] unevictable 0 [ 3051.791157][T27236] slab_reclaimable 172672 [ 3051.791157][T27236] slab_unreclaimable 297106368 [ 3051.791157][T27236] slab 297279040 [ 3051.791157][T27236] workingset_refault_anon 0 [ 3051.791157][T27236] workingset_refault_file 0 [ 3051.791157][T27236] workingset_activate_anon 0 [ 3051.791157][T27236] workingset_activate_file 0 [ 3051.791157][T27236] workingset_restore_anon 0 [ 3051.791157][T27236] workingset_restore_file 0 [ 3051.791157][T27236] workingset_nodereclaim 0 [ 3051.791157][T27236] pgscan 116 [ 3051.791157][T27236] pgsteal 111 [ 3051.791157][T27236] pgscan_kswapd 99 [ 3051.791157][T27236] pgscan_direct 17 [ 3051.791157][T27236] pgscan_khugepaged 0 [ 3051.791157][T27236] pgsteal_kswapd 97 [ 3051.791157][T27236] pgsteal_direct 14 [ 3051.791157][T27236] pgsteal_khugepaged 0 [ 3051.791157][T27236] pgfault 695457 [ 3051.791157][T27236] pgmajfault 6 [ 3051.791157][T27236] pgrefill 593 [ 3051.791157][T27236] pgactivate 5 [ 3051.791157][T27236] pgdeactivate 0 [ 3051.791157][T27236] pglazyfree 0 [ 3051.791157][T27236] pglazyfreed 0 [ 3051.791157][T27236] zswpin 0 [ 3051.791157][T27236] zswpout 0 [ 3052.080053][T27236] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27216,uid=0 [ 3052.123983][T27236] Memory cgroup out of memory: Killed process 27216 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:36:24 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9e940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:24 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000280)={0x2, {0x80000001}}) 15:36:24 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2200}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:24 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x21}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:24 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x7e9e0400}, 0x0) [ 3052.402478][T27542] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:36:24 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3052.500465][T27540] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 15:36:24 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288d3aaea2bc0000def1260a0000", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000400)="7c2c44c83c241dd76f01a75a61bc92b57d8a68bcca75b08f8aca60a6f009ae2b21671c1d5479c40f", 0x28}, {&(0x7f0000000440)="dc941df89996cc5a9211a435f10f0a6464a3493663522bae3d", 0x19}], 0x2}, 0x4c040) recvmmsg(r1, &(0x7f00000005c0)=[{{0x0, 0xf000000, &(0x7f0000000500)=[{&(0x7f0000001800)=""/4096, 0x7ffff000}], 0x5, 0x0, 0x200000000000600, 0x7000000}}], 0xff00, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) 15:36:24 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, 0x0, 0x0) [ 3052.576411][T27540] CPU: 0 PID: 27540 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3052.586851][T27540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3052.596908][T27540] Call Trace: [ 3052.600182][T27540] [ 3052.603114][T27540] dump_stack_lvl+0x136/0x150 [ 3052.607808][T27540] dump_header+0x10a/0xd70 [ 3052.612229][T27540] oom_kill_process+0x25d/0x600 [ 3052.617090][T27540] out_of_memory+0x35c/0x1660 [ 3052.621770][T27540] ? find_held_lock+0x2d/0x110 [ 3052.626560][T27540] ? oom_killer_disable+0x2b0/0x2b0 [ 3052.631760][T27540] ? rcu_read_unlock+0x9/0x60 [ 3052.636440][T27540] ? find_held_lock+0x2d/0x110 [ 3052.641214][T27540] mem_cgroup_out_of_memory+0x206/0x270 [ 3052.646769][T27540] ? mem_cgroup_margin+0x130/0x130 [ 3052.651887][T27540] ? lock_downgrade+0x690/0x690 [ 3052.656755][T27540] try_charge_memcg+0xf99/0x13a0 [ 3052.661699][T27540] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3052.667690][T27540] ? rcu_read_unlock+0x9/0x60 [ 3052.672370][T27540] ? lock_downgrade+0x690/0x690 [ 3052.677239][T27540] charge_memcg+0x90/0x3b0 [ 3052.683142][T27540] __mem_cgroup_charge+0x2b/0x90 [ 3052.688083][T27540] ? copy_mc_to_kernel+0x86/0x90 [ 3052.693057][T27540] do_wp_page+0x8ea/0x33c0 [ 3052.697485][T27540] ? lock_sync+0x190/0x190 [ 3052.701957][T27540] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3052.707319][T27540] ? do_raw_spin_lock+0x124/0x2b0 [ 3052.712342][T27540] ? spin_bug+0x1c0/0x1c0 [ 3052.716670][T27540] __handle_mm_fault+0x1635/0x41c0 [ 3052.721775][T27540] ? vm_iomap_memory+0x190/0x190 [ 3052.726711][T27540] ? mas_walk+0x58f/0x730 [ 3052.731055][T27540] ? numa_migrate_prep+0x3a0/0x3a0 [ 3052.736174][T27540] handle_mm_fault+0x2af/0x9f0 [ 3052.740950][T27540] do_user_addr_fault+0x2ca/0x1210 [ 3052.746070][T27540] ? rcu_is_watching+0x12/0xb0 [ 3052.750844][T27540] exc_page_fault+0x98/0x170 [ 3052.755475][T27540] asm_exc_page_fault+0x26/0x30 [ 3052.760326][T27540] RIP: 0033:0x7f5bd06366e5 [ 3052.764731][T27540] Code: 0f 1f 44 00 00 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d de 19 17 00 48 01 ca 02 01 48 89 42 08 48 8b 0d 8d 72 17 00 48 8b 53 10 4c 8d 81 00 [ 3052.784341][T27540] RSP: 002b:00007fffe74b1750 EFLAGS: 00010206 [ 3052.790405][T27540] RAX: 0000000000000003 RBX: 00007f5bd07abf80 RCX: 00007f5bd07a80c0 [ 3052.798457][T27540] RDX: 00007f5bd07a80c0 RSI: 0000000000000080 RDI: 00007f5bd07abf80 [ 3052.806436][T27540] RBP: 00007f5bd07abf80 R08: 00007fffe753d080 R09: 0000000000000000 [ 3052.814398][T27540] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00000000002e934b [ 3052.822357][T27540] R13: 00007fffe74b1860 R14: 00007f5bd07abf80 R15: 0000000000000032 [ 3052.830337][T27540] [ 3052.833603][T27540] memory: usage 307200kB, limit 307200kB, failcnt 25368 [ 3052.853414][T27540] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:36:24 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x7f9e0400}, 0x0) 15:36:24 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, 0x0, 0x0) [ 3052.952079][T27540] Memory cgroup stats for /syz2: [ 3052.952243][T27540] anon 110592 [ 3052.952243][T27540] file 8388608 [ 3052.952243][T27540] kernel 306073600 [ 3052.952243][T27540] kernel_stack 65536 [ 3052.952243][T27540] pagetables 69632 [ 3052.952243][T27540] sec_pagetables 0 [ 3052.952243][T27540] percpu 5294976 [ 3052.952243][T27540] sock 0 [ 3052.952243][T27540] vmalloc 16384 [ 3052.952243][T27540] shmem 8380416 [ 3052.952243][T27540] zswap 0 [ 3052.952243][T27540] zswapped 0 [ 3052.952243][T27540] file_mapped 286720 [ 3052.952243][T27540] file_dirty 4096 [ 3052.952243][T27540] file_writeback 0 [ 3052.952243][T27540] swapcached 0 [ 3052.952243][T27540] anon_thp 0 [ 3052.952243][T27540] file_thp 0 [ 3052.952243][T27540] shmem_thp 0 [ 3052.952243][T27540] inactive_anon 8478720 [ 3052.952243][T27540] active_anon 12288 [ 3052.952243][T27540] inactive_file 4096 [ 3052.952243][T27540] active_file 4096 [ 3052.952243][T27540] unevictable 0 [ 3052.952243][T27540] slab_reclaimable 51864 [ 3052.952243][T27540] slab_unreclaimable 300536608 [ 3052.952243][T27540] slab 300588472 [ 3052.952243][T27540] workingset_refault_anon 0 [ 3052.952243][T27540] workingset_refault_file 2 [ 3052.952243][T27540] workingset_activate_anon 0 [ 3052.952243][T27540] workingset_activate_file 0 [ 3052.952243][T27540] workingset_restore_anon 0 [ 3052.952243][T27540] workingset_restore_file 2 [ 3052.952243][T27540] workingset_nodereclaim 0 [ 3052.952243][T27540] pgscan 7780 [ 3052.952243][T27540] pgsteal 122 [ 3052.952243][T27540] pgscan_kswapd 106 [ 3052.952243][T27540] pgscan_direct 7674 [ 3052.952243][T27540] pgscan_khugepaged 0 [ 3052.952243][T27540] pgsteal_kswapd 97 [ 3052.952243][T27540] pgsteal_direct 25 [ 3052.952243][T27540] pgsteal_khugepaged 0 [ 3052.952243][T27540] pgfault 694986 [ 3052.952243][T27540] pgmajfault 0 [ 3052.952243][T27540] pgrefill 31129 [ 3052.952243][T27540] pgactivate 7658 [ 3052.952243][T27540] pgdeactivate 0 [ 3052.952243][T27540] pglazyfree 0 [ 3052.952243][T27540] pglazyfreed 0 [ 3052.952243][T27540] zswpin 0 [ 3052.952243][T27540] zswpout 0 [ 3053.263514][T27540] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27540,uid=0 [ 3053.273263][T27659] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3053.292597][T27540] Memory cgroup out of memory: Killed process 27540 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:36:25 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 3053.376245][T27545] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3053.392734][T27545] CPU: 1 PID: 27545 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3053.403147][T27545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3053.413190][T27545] Call Trace: [ 3053.416452][T27545] [ 3053.419368][T27545] dump_stack_lvl+0x136/0x150 [ 3053.424045][T27545] dump_header+0x10a/0xd70 [ 3053.428458][T27545] oom_kill_process+0x25d/0x600 [ 3053.433306][T27545] out_of_memory+0x35c/0x1660 [ 3053.437974][T27545] ? oom_killer_disable+0x2b0/0x2b0 [ 3053.443157][T27545] ? rcu_read_unlock+0x9/0x60 [ 3053.447826][T27545] ? find_held_lock+0x2d/0x110 [ 3053.452579][T27545] mem_cgroup_out_of_memory+0x206/0x270 [ 3053.458117][T27545] ? mem_cgroup_margin+0x130/0x130 [ 3053.463218][T27545] ? lock_downgrade+0x690/0x690 [ 3053.468072][T27545] try_charge_memcg+0xf99/0x13a0 [ 3053.473009][T27545] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3053.478993][T27545] ? rcu_read_unlock+0x9/0x60 [ 3053.483661][T27545] ? lock_downgrade+0x690/0x690 [ 3053.488518][T27545] charge_memcg+0x90/0x3b0 [ 3053.492939][T27545] __mem_cgroup_charge+0x2b/0x90 [ 3053.497865][T27545] do_wp_page+0x8ea/0x33c0 [ 3053.502273][T27545] ? lock_sync+0x190/0x190 [ 3053.506681][T27545] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3053.512044][T27545] ? do_raw_spin_lock+0x124/0x2b0 [ 3053.517072][T27545] ? spin_bug+0x1c0/0x1c0 [ 3053.521396][T27545] __handle_mm_fault+0x1635/0x41c0 [ 3053.526499][T27545] ? vm_iomap_memory+0x190/0x190 [ 3053.531420][T27545] ? mas_walk+0x58f/0x730 [ 3053.535745][T27545] ? numa_migrate_prep+0x3a0/0x3a0 [ 3053.540852][T27545] ? do_user_addr_fault+0x367/0x1210 [ 3053.546133][T27545] handle_mm_fault+0x2af/0x9f0 [ 3053.550886][T27545] do_user_addr_fault+0x2ca/0x1210 [ 3053.555992][T27545] ? rcu_is_watching+0x12/0xb0 [ 3053.560749][T27545] exc_page_fault+0x98/0x170 [ 3053.565328][T27545] asm_exc_page_fault+0x26/0x30 [ 3053.570173][T27545] RIP: 0033:0x7f5d2ac39610 [ 3053.574571][T27545] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3053.594175][T27545] RSP: 002b:00007ffc24e00390 EFLAGS: 00010246 [ 3053.600228][T27545] RAX: 00000000daf2970c RBX: 00007f5d2adac018 RCX: 0000001b2dc20000 [ 3053.608183][T27545] RDX: 0000000000000000 RSI: 0000001b2dc20018 RDI: 000000000c826fd8 [ 3053.616139][T27545] RBP: 00000000daf2970c R08: 000000000000170c R09: 00000000daf29710 [ 3053.624099][T27545] R10: 00007ffc24e00550 R11: 0000000000000246 R12: 00007f5d2ada0000 [ 3053.632072][T27545] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff8804dd52 [ 3053.640031][T27545] ? __sock_create+0x62/0x850 [ 3053.644716][T27545] [ 3053.739667][T27545] memory: usage 307200kB, limit 307200kB, failcnt 25264 [ 3053.752025][T27545] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3053.773683][T27545] Memory cgroup stats for /syz1: [ 3053.781653][T27545] anon 405504 [ 3053.781653][T27545] file 262144 [ 3053.781653][T27545] kernel 313905152 [ 3053.781653][T27545] kernel_stack 163840 [ 3053.781653][T27545] pagetables 249856 [ 3053.781653][T27545] sec_pagetables 0 [ 3053.781653][T27545] percpu 5421792 [ 3053.781653][T27545] sock 0 [ 3053.781653][T27545] vmalloc 0 [ 3053.781653][T27545] shmem 258048 [ 3053.781653][T27545] zswap 0 [ 3053.781653][T27545] zswapped 0 [ 3053.781653][T27545] file_mapped 241664 [ 3053.781653][T27545] file_dirty 0 [ 3053.781653][T27545] file_writeback 0 [ 3053.781653][T27545] swapcached 0 [ 3053.781653][T27545] anon_thp 0 [ 3053.781653][T27545] file_thp 0 [ 3053.781653][T27545] shmem_thp 0 [ 3053.781653][T27545] inactive_anon 45056 [ 3053.781653][T27545] active_anon 618496 [ 3053.781653][T27545] inactive_file 4096 [ 3053.781653][T27545] active_file 0 [ 3053.781653][T27545] unevictable 0 [ 3053.781653][T27545] slab_reclaimable 70624 [ 3053.781653][T27545] slab_unreclaimable 307913528 [ 3053.781653][T27545] slab 307984152 [ 3053.781653][T27545] workingset_refault_anon 0 [ 3053.781653][T27545] workingset_refault_file 2 [ 3053.781653][T27545] workingset_activate_anon 0 [ 3053.781653][T27545] workingset_activate_file 0 [ 3053.781653][T27545] workingset_restore_anon 0 [ 3053.781653][T27545] workingset_restore_file 2 [ 3053.781653][T27545] workingset_nodereclaim 0 [ 3053.781653][T27545] pgscan 3896 [ 3053.781653][T27545] pgsteal 107 [ 3053.781653][T27545] pgscan_kswapd 92 [ 3053.781653][T27545] pgscan_direct 3804 [ 3053.781653][T27545] pgscan_khugepaged 0 [ 3053.781653][T27545] pgsteal_kswapd 88 [ 3053.781653][T27545] pgsteal_direct 19 [ 3053.781653][T27545] pgsteal_khugepaged 0 [ 3053.781653][T27545] pgfault 567042 [ 3053.781653][T27545] pgmajfault 2 [ 3053.781653][T27545] pgrefill 16419 [ 3053.781653][T27545] pgactivate 3789 [ 3053.781653][T27545] pgdeactivate 0 [ 3053.781653][T27545] pglazyfree 0 [ 3053.781653][T27545] pglazyfreed 0 [ 3053.781653][T27545] zswpin 0 [ 3053.781653][T27545] zswpout 0 [ 3053.980295][T27545] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27545,uid=0 [ 3054.012256][T27545] Memory cgroup out of memory: Killed process 27545 (syz-executor.1) total-vm:54548kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3054.094412][T27544] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3054.131284][T27544] CPU: 1 PID: 27544 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3054.141713][T27544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3054.151765][T27544] Call Trace: [ 3054.155038][T27544] [ 3054.157966][T27544] dump_stack_lvl+0x136/0x150 [ 3054.162649][T27544] dump_header+0x10a/0xd70 [ 3054.167050][T27544] oom_kill_process+0x25d/0x600 [ 3054.171905][T27544] out_of_memory+0x35c/0x1660 [ 3054.176566][T27544] ? find_held_lock+0x2d/0x110 [ 3054.181310][T27544] ? oom_killer_disable+0x2b0/0x2b0 [ 3054.186498][T27544] ? rcu_read_unlock+0x9/0x60 [ 3054.191180][T27544] ? find_held_lock+0x2d/0x110 [ 3054.195951][T27544] mem_cgroup_out_of_memory+0x206/0x270 [ 3054.201498][T27544] ? mem_cgroup_margin+0x130/0x130 [ 3054.206611][T27544] ? lock_downgrade+0x690/0x690 [ 3054.211474][T27544] try_charge_memcg+0xf99/0x13a0 [ 3054.216423][T27544] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3054.222407][T27544] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3054.228124][T27544] ? lock_downgrade+0x690/0x690 [ 3054.232960][T27544] ? lock_downgrade+0x690/0x690 [ 3054.237807][T27544] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3054.243363][T27544] __alloc_pages+0x1f3/0x4a0 [ 3054.247960][T27544] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3054.254728][T27544] ? print_usage_bug.part.0+0x660/0x660 [ 3054.260282][T27544] ? find_held_lock+0x2d/0x110 [ 3054.265049][T27544] alloc_pages+0x1aa/0x270 [ 3054.269453][T27544] pte_alloc_one+0x1a/0x230 [ 3054.273939][T27544] __pte_alloc+0x6d/0x260 [ 3054.278379][T27544] ? pmd_install+0x160/0x160 [ 3054.282972][T27544] ? _raw_spin_unlock+0x28/0x40 [ 3054.287814][T27544] ? __pmd_alloc+0x30c/0x5d0 [ 3054.292404][T27544] __handle_mm_fault+0x412e/0x41c0 [ 3054.297512][T27544] ? mt_find+0x3b9/0xa60 [ 3054.301758][T27544] ? vm_iomap_memory+0x190/0x190 [ 3054.306709][T27544] ? mas_find+0x200/0x200 [ 3054.311058][T27544] handle_mm_fault+0x2af/0x9f0 [ 3054.315821][T27544] do_user_addr_fault+0x51a/0x1210 [ 3054.320936][T27544] exc_page_fault+0x98/0x170 [ 3054.325508][T27544] asm_exc_page_fault+0x26/0x30 [ 3054.330339][T27544] RIP: 0033:0x7fcdfee86cc5 [ 3054.334742][T27544] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3054.354447][T27544] RSP: 002b:00007ffda41c1ea8 EFLAGS: 00010202 [ 3054.360512][T27544] RAX: 00000000200003c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3054.368476][T27544] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200003c0 [ 3054.376427][T27544] RBP: 00007ffda41c1f68 R08: 00007fcdfee00000 R09: 00007fcdfea00000 [ 3054.384379][T27544] R10: 00007fcdfea000c8 R11: 0000000000000246 R12: 00000000002e9731 [ 3054.392338][T27544] R13: 00007ffda41c1f90 R14: 00007fcdfefabf80 R15: 0000000000000032 [ 3054.400315][T27544] [ 3054.490809][T27544] memory: usage 307184kB, limit 307200kB, failcnt 36705 [ 3054.503726][T27544] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3054.514034][T27544] Memory cgroup stats for /syz4: [ 3054.514232][T27544] anon 2125824 [ 3054.514232][T27544] file 7716864 [ 3054.514232][T27544] kernel 304689152 [ 3054.514232][T27544] kernel_stack 688128 [ 3054.514232][T27544] pagetables 1167360 [ 3054.514232][T27544] sec_pagetables 0 [ 3054.514232][T27544] percpu 5219168 [ 3054.514232][T27544] sock 0 [ 3054.514232][T27544] vmalloc 8192 [ 3054.514232][T27544] shmem 7716864 [ 3054.514232][T27544] zswap 0 [ 3054.514232][T27544] zswapped 0 [ 3054.514232][T27544] file_mapped 196608 [ 3054.514232][T27544] file_dirty 0 [ 3054.514232][T27544] file_writeback 0 [ 3054.514232][T27544] swapcached 0 [ 3054.514232][T27544] anon_thp 0 [ 3054.514232][T27544] file_thp 0 [ 3054.514232][T27544] shmem_thp 0 [ 3054.514232][T27544] inactive_anon 9596928 [ 3054.514232][T27544] active_anon 245760 [ 3054.514232][T27544] inactive_file 0 [ 3054.514232][T27544] active_file 0 [ 3054.514232][T27544] unevictable 0 [ 3054.514232][T27544] slab_reclaimable 172672 [ 3054.514232][T27544] slab_unreclaimable 297095976 [ 3054.514232][T27544] slab 297268648 [ 3054.514232][T27544] workingset_refault_anon 0 [ 3054.514232][T27544] workingset_refault_file 0 [ 3054.514232][T27544] workingset_activate_anon 0 [ 3054.514232][T27544] workingset_activate_file 0 [ 3054.514232][T27544] workingset_restore_anon 0 [ 3054.514232][T27544] workingset_restore_file 0 [ 3054.514232][T27544] workingset_nodereclaim 0 [ 3054.514232][T27544] pgscan 116 [ 3054.514232][T27544] pgsteal 111 [ 3054.514232][T27544] pgscan_kswapd 99 [ 3054.514232][T27544] pgscan_direct 17 [ 3054.514232][T27544] pgscan_khugepaged 0 [ 3054.514232][T27544] pgsteal_kswapd 97 [ 3054.514232][T27544] pgsteal_direct 14 [ 3054.514232][T27544] pgsteal_khugepaged 0 [ 3054.514232][T27544] pgfault 695517 [ 3054.514232][T27544] pgmajfault 6 [ 3054.514232][T27544] pgrefill 593 [ 3054.514232][T27544] pgactivate 5 [ 3054.514232][T27544] pgdeactivate 0 [ 3054.514232][T27544] pglazyfree 0 [ 3054.514232][T27544] pglazyfreed 0 [ 3054.514232][T27544] zswpin 0 [ 3054.514232][T27544] zswpout 0 [ 3054.723117][T27544] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27544,uid=0 [ 3054.781191][T27544] Memory cgroup out of memory: Killed process 27544 (syz-executor.4) total-vm:54548kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:36:26 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9effffff}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:26 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, 0x0, 0x0) 15:36:26 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x809e0400}, 0x0) 15:36:26 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x39}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:26 executing program 3: pselect6(0x40, &(0x7f00000005c0), &(0x7f0000000600)={0x4}, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSGCAUSE(r0, 0x89e0, &(0x7f0000000740)) 15:36:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2300}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:26 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3054.902324][T27766] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:36:26 executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0xc4) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f00000007c0)) connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x2) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x9c) [ 3055.037119][T27764] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3055.082055][T27764] CPU: 1 PID: 27764 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3055.092495][T27764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3055.102550][T27764] Call Trace: [ 3055.105836][T27764] [ 3055.108760][T27764] dump_stack_lvl+0x136/0x150 [ 3055.113452][T27764] dump_header+0x10a/0xd70 [ 3055.117871][T27764] oom_kill_process+0x25d/0x600 [ 3055.122721][T27764] out_of_memory+0x35c/0x1660 [ 3055.127401][T27764] ? find_held_lock+0x2d/0x110 [ 3055.132166][T27764] ? oom_killer_disable+0x2b0/0x2b0 [ 3055.137365][T27764] ? rcu_read_unlock+0x9/0x60 [ 3055.142042][T27764] ? find_held_lock+0x2d/0x110 [ 3055.146810][T27764] mem_cgroup_out_of_memory+0x206/0x270 [ 3055.152358][T27764] ? mem_cgroup_margin+0x130/0x130 [ 3055.157474][T27764] ? lock_downgrade+0x690/0x690 [ 3055.162335][T27764] try_charge_memcg+0xf99/0x13a0 [ 3055.167299][T27764] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3055.173302][T27764] ? rcu_read_unlock+0x9/0x60 [ 3055.177984][T27764] ? lock_downgrade+0x690/0x690 [ 3055.182840][T27764] charge_memcg+0x90/0x3b0 [ 3055.187252][T27764] __mem_cgroup_charge+0x2b/0x90 [ 3055.192173][T27764] ? copy_mc_to_kernel+0x86/0x90 [ 3055.197102][T27764] do_wp_page+0x8ea/0x33c0 [ 3055.201507][T27764] ? lock_sync+0x190/0x190 [ 3055.205912][T27764] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3055.211271][T27764] ? do_raw_spin_lock+0x124/0x2b0 [ 3055.216285][T27764] ? spin_bug+0x1c0/0x1c0 [ 3055.220609][T27764] __handle_mm_fault+0x1635/0x41c0 [ 3055.225719][T27764] ? vm_iomap_memory+0x190/0x190 [ 3055.230645][T27764] ? mas_walk+0x58f/0x730 [ 3055.234975][T27764] ? numa_migrate_prep+0x3a0/0x3a0 [ 3055.240080][T27764] handle_mm_fault+0x2af/0x9f0 [ 3055.244858][T27764] do_user_addr_fault+0x2ca/0x1210 [ 3055.249958][T27764] ? rcu_is_watching+0x12/0xb0 [ 3055.254718][T27764] exc_page_fault+0x98/0x170 [ 3055.259299][T27764] asm_exc_page_fault+0x26/0x30 [ 3055.264143][T27764] RIP: 0033:0x7f5bd06366e5 [ 3055.268545][T27764] Code: 0f 1f 44 00 00 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d de 19 17 00 48 01 ca 02 01 48 89 42 08 48 8b 0d 8d 72 17 00 48 8b 53 10 4c 8d 81 00 [ 3055.288139][T27764] RSP: 002b:00007fffe74b1750 EFLAGS: 00010206 [ 3055.294215][T27764] RAX: 0000000000000003 RBX: 00007f5bd07abf80 RCX: 00007f5bd07a80c0 [ 3055.302175][T27764] RDX: 00007f5bd07a80c0 RSI: 0000000000000080 RDI: 00007f5bd07abf80 [ 3055.310135][T27764] RBP: 00007f5bd07abf80 R08: 00007fffe753d080 R09: 0000000000000000 [ 3055.318091][T27764] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00000000002e9d26 [ 3055.326051][T27764] R13: 00007fffe74b1860 R14: 00007f5bd07abf80 R15: 0000000000000032 [ 3055.334023][T27764] 15:36:27 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:27 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3055.434030][T27764] memory: usage 307184kB, limit 307200kB, failcnt 25418 [ 3055.451051][T27764] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:36:27 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3055.511150][T27764] Memory cgroup stats for /syz2: [ 3055.511497][T27764] anon 110592 [ 3055.511497][T27764] file 8388608 [ 3055.511497][T27764] kernel 306057216 [ 3055.511497][T27764] kernel_stack 65536 [ 3055.511497][T27764] pagetables 69632 [ 3055.511497][T27764] sec_pagetables 0 [ 3055.511497][T27764] percpu 5294912 [ 3055.511497][T27764] sock 0 [ 3055.511497][T27764] vmalloc 16384 [ 3055.511497][T27764] shmem 8380416 [ 3055.511497][T27764] zswap 0 [ 3055.511497][T27764] zswapped 0 [ 3055.511497][T27764] file_mapped 286720 [ 3055.511497][T27764] file_dirty 4096 [ 3055.511497][T27764] file_writeback 0 [ 3055.511497][T27764] swapcached 0 [ 3055.511497][T27764] anon_thp 0 [ 3055.511497][T27764] file_thp 0 [ 3055.511497][T27764] shmem_thp 0 [ 3055.511497][T27764] inactive_anon 28672 [ 3055.511497][T27764] active_anon 8462336 [ 3055.511497][T27764] inactive_file 4096 [ 3055.511497][T27764] active_file 4096 [ 3055.511497][T27764] unevictable 0 [ 3055.511497][T27764] slab_reclaimable 51096 [ 3055.511497][T27764] slab_unreclaimable 300524936 [ 3055.511497][T27764] slab 300576032 [ 3055.511497][T27764] workingset_refault_anon 0 [ 3055.511497][T27764] workingset_refault_file 2 [ 3055.511497][T27764] workingset_activate_anon 0 [ 3055.511497][T27764] workingset_activate_file 0 [ 3055.511497][T27764] workingset_restore_anon 0 [ 3055.511497][T27764] workingset_restore_file 2 [ 3055.511497][T27764] workingset_nodereclaim 0 [ 3055.511497][T27764] pgscan 7801 [ 3055.511497][T27764] pgsteal 122 [ 3055.511497][T27764] pgscan_kswapd 106 [ 3055.511497][T27764] pgscan_direct 7695 [ 3055.511497][T27764] pgscan_khugepaged 0 [ 3055.511497][T27764] pgsteal_kswapd 97 [ 3055.511497][T27764] pgsteal_direct 25 [ 3055.511497][T27764] pgsteal_khugepaged 0 [ 3055.511497][T27764] pgfault 695028 [ 3055.511497][T27764] pgmajfault 0 [ 3055.511497][T27764] pgrefill 31171 [ 3055.511497][T27764] pgactivate 7679 [ 3055.511497][T27764] pgdeactivate 0 [ 3055.511497][T27764] pglazyfree 0 [ 3055.511497][T27764] pglazyfreed 0 [ 3055.511497][T27764] zswpin 0 [ 3055.511497][T27764] zswpout 0 15:36:27 executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0xc4) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f00000007c0)) connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x2) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x9c) [ 3055.814276][T27764] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27764,uid=0 [ 3055.852870][T27764] Memory cgroup out of memory: Killed process 27764 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3055.979236][T27773] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3055.991771][T27778] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3056.012219][T27773] CPU: 0 PID: 27773 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3056.022648][T27773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3056.032701][T27773] Call Trace: [ 3056.035977][T27773] [ 3056.038910][T27773] dump_stack_lvl+0x136/0x150 [ 3056.043604][T27773] dump_header+0x10a/0xd70 [ 3056.048028][T27773] oom_kill_process+0x25d/0x600 [ 3056.052970][T27773] out_of_memory+0x35c/0x1660 [ 3056.057648][T27773] ? find_held_lock+0x2d/0x110 [ 3056.062416][T27773] ? oom_killer_disable+0x2b0/0x2b0 [ 3056.067611][T27773] ? rcu_read_unlock+0x9/0x60 [ 3056.072298][T27773] ? find_held_lock+0x2d/0x110 [ 3056.077081][T27773] mem_cgroup_out_of_memory+0x206/0x270 [ 3056.082638][T27773] ? mem_cgroup_margin+0x130/0x130 [ 3056.087748][T27773] ? lock_downgrade+0x690/0x690 [ 3056.092614][T27773] try_charge_memcg+0xf99/0x13a0 [ 3056.097555][T27773] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3056.103547][T27773] ? rcu_read_unlock+0x9/0x60 [ 3056.108220][T27773] ? lock_downgrade+0x690/0x690 [ 3056.113080][T27773] charge_memcg+0x90/0x3b0 [ 3056.117500][T27773] __mem_cgroup_charge+0x2b/0x90 [ 3056.122435][T27773] __handle_mm_fault+0x2296/0x41c0 [ 3056.127544][T27773] ? vm_iomap_memory+0x190/0x190 [ 3056.132477][T27773] ? mas_walk+0x58f/0x730 [ 3056.136814][T27773] ? numa_migrate_prep+0x3a0/0x3a0 [ 3056.141929][T27773] handle_mm_fault+0x2af/0x9f0 [ 3056.146693][T27773] do_user_addr_fault+0x2ca/0x1210 [ 3056.151807][T27773] ? rcu_is_watching+0x12/0xb0 [ 3056.156576][T27773] exc_page_fault+0x98/0x170 [ 3056.161171][T27773] asm_exc_page_fault+0x26/0x30 [ 3056.166026][T27773] RIP: 0033:0x7f5d2ac3e171 [ 3056.170443][T27773] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3056.190106][T27773] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3056.196220][T27773] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3056.204215][T27773] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 [ 3056.212175][T27773] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3056.220136][T27773] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3056.228105][T27773] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3056.236096][T27773] [ 3056.301869][T27773] memory: usage 307188kB, limit 307200kB, failcnt 25374 [ 3056.320767][T27773] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3056.333754][T27773] Memory cgroup stats for /syz1: [ 3056.333914][T27773] anon 434176 [ 3056.333914][T27773] file 262144 [ 3056.333914][T27773] kernel 313864192 [ 3056.333914][T27773] kernel_stack 163840 [ 3056.333914][T27773] pagetables 258048 [ 3056.333914][T27773] sec_pagetables 0 [ 3056.333914][T27773] percpu 5421792 [ 3056.333914][T27773] sock 0 [ 3056.333914][T27773] vmalloc 0 [ 3056.333914][T27773] shmem 258048 [ 3056.333914][T27773] zswap 0 [ 3056.333914][T27773] zswapped 0 [ 3056.333914][T27773] file_mapped 241664 [ 3056.333914][T27773] file_dirty 0 [ 3056.333914][T27773] file_writeback 0 [ 3056.333914][T27773] swapcached 0 [ 3056.333914][T27773] anon_thp 0 [ 3056.333914][T27773] file_thp 0 [ 3056.333914][T27773] shmem_thp 0 [ 3056.333914][T27773] inactive_anon 49152 [ 3056.333914][T27773] active_anon 643072 [ 3056.333914][T27773] inactive_file 4096 [ 3056.333914][T27773] active_file 0 [ 3056.333914][T27773] unevictable 0 [ 3056.333914][T27773] slab_reclaimable 34328 [ 3056.333914][T27773] slab_unreclaimable 307900680 [ 3056.333914][T27773] slab 307935008 [ 3056.333914][T27773] workingset_refault_anon 0 [ 3056.333914][T27773] workingset_refault_file 2 [ 3056.333914][T27773] workingset_activate_anon 0 [ 3056.333914][T27773] workingset_activate_file 0 [ 3056.333914][T27773] workingset_restore_anon 0 [ 3056.333914][T27773] workingset_restore_file 2 [ 3056.333914][T27773] workingset_nodereclaim 0 [ 3056.333914][T27773] pgscan 3944 [ 3056.333914][T27773] pgsteal 107 [ 3056.333914][T27773] pgscan_kswapd 92 [ 3056.333914][T27773] pgscan_direct 3852 [ 3056.333914][T27773] pgscan_khugepaged 0 [ 3056.333914][T27773] pgsteal_kswapd 88 [ 3056.333914][T27773] pgsteal_direct 19 [ 3056.333914][T27773] pgsteal_khugepaged 0 [ 3056.333914][T27773] pgfault 567105 [ 3056.333914][T27773] pgmajfault 2 [ 3056.333914][T27773] pgrefill 16419 [ 3056.333914][T27773] pgactivate 3837 [ 3056.333914][T27773] pgdeactivate 0 [ 3056.333914][T27773] pglazyfree 0 [ 3056.333914][T27773] pglazyfreed 0 [ 3056.333914][T27773] zswpin 0 [ 3056.333914][T27773] zswpout 0 [ 3056.569148][T27773] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27767,uid=0 [ 3056.632491][T27773] Memory cgroup out of memory: Killed process 27767 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3056.711677][T27777] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3056.742685][T27777] CPU: 0 PID: 27777 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3056.753127][T27777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3056.763183][T27777] Call Trace: [ 3056.766473][T27777] [ 3056.769417][T27777] dump_stack_lvl+0x136/0x150 [ 3056.774116][T27777] dump_header+0x10a/0xd70 [ 3056.778537][T27777] oom_kill_process+0x25d/0x600 [ 3056.783403][T27777] out_of_memory+0x35c/0x1660 [ 3056.788092][T27777] ? oom_killer_disable+0x2b0/0x2b0 [ 3056.793293][T27777] ? rcu_read_unlock+0x9/0x60 [ 3056.797973][T27777] ? find_held_lock+0x2d/0x110 [ 3056.802744][T27777] mem_cgroup_out_of_memory+0x206/0x270 [ 3056.808301][T27777] ? mem_cgroup_margin+0x130/0x130 [ 3056.813412][T27777] ? lock_downgrade+0x690/0x690 [ 3056.818264][T27777] try_charge_memcg+0xf99/0x13a0 [ 3056.823217][T27777] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3056.829208][T27777] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3056.834935][T27777] ? lock_downgrade+0x690/0x690 [ 3056.839797][T27777] ? lock_downgrade+0x690/0x690 [ 3056.844657][T27777] ? rcu_read_unlock+0x9/0x60 [ 3056.849347][T27777] obj_cgroup_charge+0x2af/0x5e0 [ 3056.854317][T27777] ? copy_process+0x3c0/0x75c0 [ 3056.859083][T27777] kmem_cache_alloc_node+0xa8/0x3e0 [ 3056.864286][T27777] copy_process+0x3c0/0x75c0 [ 3056.868888][T27777] ? pidfd_prepare+0x80/0x80 [ 3056.873479][T27777] ? lock_downgrade+0x690/0x690 [ 3056.878328][T27777] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3056.884309][T27777] ? folio_add_lru+0x47f/0x7c0 [ 3056.889073][T27777] kernel_clone+0xeb/0x890 [ 3056.893491][T27777] ? create_io_thread+0xe0/0xe0 [ 3056.898340][T27777] ? find_held_lock+0x2d/0x110 [ 3056.903106][T27777] ? find_held_lock+0x2d/0x110 [ 3056.907869][T27777] __do_sys_clone+0xba/0x100 [ 3056.912462][T27777] ? kernel_clone+0x890/0x890 [ 3056.917140][T27777] ? syscall_enter_from_user_mode+0x26/0x80 [ 3056.923031][T27777] do_syscall_64+0x39/0xb0 [ 3056.927446][T27777] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3056.933340][T27777] RIP: 0033:0x7fcdfee8d591 [ 3056.937747][T27777] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3056.957353][T27777] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3056.965766][T27777] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3056.973736][T27777] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3056.981698][T27777] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3056.989744][T27777] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3056.997714][T27777] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3057.005700][T27777] [ 3057.089952][T27777] memory: usage 307196kB, limit 307200kB, failcnt 36837 [ 3057.102996][T27777] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3057.113771][T27777] Memory cgroup stats for /syz4: [ 3057.113863][T27777] anon 2142208 [ 3057.113863][T27777] file 7716864 [ 3057.113863][T27777] kernel 304693248 [ 3057.113863][T27777] kernel_stack 688128 [ 3057.113863][T27777] pagetables 1171456 [ 3057.113863][T27777] sec_pagetables 0 [ 3057.113863][T27777] percpu 5219168 [ 3057.113863][T27777] sock 0 [ 3057.113863][T27777] vmalloc 8192 [ 3057.113863][T27777] shmem 7716864 [ 3057.113863][T27777] zswap 0 [ 3057.113863][T27777] zswapped 0 [ 3057.113863][T27777] file_mapped 196608 [ 3057.113863][T27777] file_dirty 0 [ 3057.113863][T27777] file_writeback 0 [ 3057.113863][T27777] swapcached 0 [ 3057.113863][T27777] anon_thp 0 [ 3057.113863][T27777] file_thp 0 [ 3057.113863][T27777] shmem_thp 0 [ 3057.113863][T27777] inactive_anon 9596928 [ 3057.113863][T27777] active_anon 262144 [ 3057.113863][T27777] inactive_file 0 [ 3057.113863][T27777] active_file 0 [ 3057.113863][T27777] unevictable 0 [ 3057.113863][T27777] slab_reclaimable 172672 [ 3057.113863][T27777] slab_unreclaimable 297097752 [ 3057.113863][T27777] slab 297270424 [ 3057.113863][T27777] workingset_refault_anon 0 [ 3057.113863][T27777] workingset_refault_file 0 [ 3057.113863][T27777] workingset_activate_anon 0 [ 3057.113863][T27777] workingset_activate_file 0 [ 3057.113863][T27777] workingset_restore_anon 0 [ 3057.113863][T27777] workingset_restore_file 0 [ 3057.113863][T27777] workingset_nodereclaim 0 [ 3057.113863][T27777] pgscan 116 [ 3057.113863][T27777] pgsteal 111 [ 3057.113863][T27777] pgscan_kswapd 99 [ 3057.113863][T27777] pgscan_direct 17 [ 3057.113863][T27777] pgscan_khugepaged 0 [ 3057.113863][T27777] pgsteal_kswapd 97 [ 3057.113863][T27777] pgsteal_direct 14 [ 3057.113863][T27777] pgsteal_khugepaged 0 [ 3057.113863][T27777] pgfault 695585 [ 3057.113863][T27777] pgmajfault 6 [ 3057.113863][T27777] pgrefill 593 [ 3057.113863][T27777] pgactivate 5 [ 3057.113863][T27777] pgdeactivate 0 [ 3057.113863][T27777] pglazyfree 0 [ 3057.113863][T27777] pglazyfreed 0 [ 3057.113863][T27777] zswpin 0 [ 3057.113863][T27777] zswpout 0 [ 3057.413783][T27777] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27777,uid=0 [ 3057.460861][T27777] Memory cgroup out of memory: Killed process 27777 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:36:29 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9f940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x81000000}, 0x0) 15:36:29 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:29 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x63}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:29 executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0xc4) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f00000007c0)) connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x2) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x9c) 15:36:29 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2400}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3057.643061][T27902] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3057.656086][T27898] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3057.710667][T27902] CPU: 1 PID: 27902 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3057.721113][T27902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3057.731172][T27902] Call Trace: [ 3057.734445][T27902] [ 3057.737371][T27902] dump_stack_lvl+0x136/0x150 [ 3057.742047][T27902] dump_header+0x10a/0xd70 [ 3057.746458][T27902] oom_kill_process+0x25d/0x600 [ 3057.751298][T27902] out_of_memory+0x35c/0x1660 [ 3057.755965][T27902] ? find_held_lock+0x2d/0x110 [ 3057.760726][T27902] ? oom_killer_disable+0x2b0/0x2b0 [ 3057.765916][T27902] ? rcu_read_unlock+0x9/0x60 [ 3057.770583][T27902] ? find_held_lock+0x2d/0x110 [ 3057.775340][T27902] mem_cgroup_out_of_memory+0x206/0x270 [ 3057.780884][T27902] ? mem_cgroup_margin+0x130/0x130 [ 3057.785994][T27902] ? lock_downgrade+0x690/0x690 [ 3057.790858][T27902] try_charge_memcg+0xf99/0x13a0 [ 3057.795811][T27902] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3057.801813][T27902] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3057.807536][T27902] ? lock_downgrade+0x690/0x690 [ 3057.812393][T27902] ? lock_downgrade+0x690/0x690 [ 3057.817243][T27902] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3057.822787][T27902] __alloc_pages+0x1f3/0x4a0 [ 3057.827375][T27902] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3057.834132][T27902] ? __lock_acquire+0xc17/0x5f30 [ 3057.839073][T27902] ? find_held_lock+0x2d/0x110 [ 3057.843848][T27902] alloc_pages+0x1aa/0x270 [ 3057.848260][T27902] __pmd_alloc+0x3f/0x5d0 [ 3057.852578][T27902] __handle_mm_fault+0x93e/0x41c0 [ 3057.857594][T27902] ? mt_find+0x3b9/0xa60 [ 3057.861831][T27902] ? vm_iomap_memory+0x190/0x190 [ 3057.866757][T27902] ? mas_find+0x200/0x200 [ 3057.871091][T27902] handle_mm_fault+0x2af/0x9f0 [ 3057.875852][T27902] do_user_addr_fault+0x51a/0x1210 [ 3057.880964][T27902] exc_page_fault+0x98/0x170 [ 3057.885665][T27902] asm_exc_page_fault+0x26/0x30 [ 3057.890511][T27902] RIP: 0033:0x7f5d2ac86cc5 [ 3057.895007][T27902] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3057.914628][T27902] RSP: 002b:00007ffc24e00468 EFLAGS: 00010202 [ 3057.921374][T27902] RAX: 00000000200003c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3057.929333][T27902] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200003c0 [ 3057.937293][T27902] RBP: 00007ffc24e00528 R08: 00007f5d2ac00000 R09: 00007f5d2a800000 [ 3057.945252][T27902] R10: 00007f5d2a8000c8 R11: 0000000000000246 R12: 00000000002ea7c2 [ 3057.953211][T27902] R13: 00007ffc24e00550 R14: 00007f5d2adabf80 R15: 0000000000000032 [ 3057.961197][T27902] 15:36:30 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x819e0400}, 0x0) [ 3058.079578][T27902] memory: usage 307196kB, limit 307200kB, failcnt 25454 [ 3058.091912][T27902] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3058.146117][T28010] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3058.183743][T27902] Memory cgroup stats for /syz1: 15:36:30 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:30 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x829e0400}, 0x0) [ 3058.183958][T27902] anon 425984 [ 3058.183958][T27902] file 262144 [ 3058.183958][T27902] kernel 313880576 [ 3058.183958][T27902] kernel_stack 163840 [ 3058.183958][T27902] pagetables 249856 [ 3058.183958][T27902] sec_pagetables 0 [ 3058.183958][T27902] percpu 5421856 [ 3058.183958][T27902] sock 0 [ 3058.183958][T27902] vmalloc 0 [ 3058.183958][T27902] shmem 258048 [ 3058.183958][T27902] zswap 0 [ 3058.183958][T27902] zswapped 0 [ 3058.183958][T27902] file_mapped 241664 [ 3058.183958][T27902] file_dirty 0 [ 3058.183958][T27902] file_writeback 0 [ 3058.183958][T27902] swapcached 0 [ 3058.183958][T27902] anon_thp 0 [ 3058.183958][T27902] file_thp 0 [ 3058.183958][T27902] shmem_thp 0 [ 3058.183958][T27902] inactive_anon 40960 [ 3058.183958][T27902] active_anon 643072 [ 3058.183958][T27902] inactive_file 4096 [ 3058.183958][T27902] active_file 0 [ 3058.183958][T27902] unevictable 0 [ 3058.183958][T27902] slab_reclaimable 46136 [ 3058.183958][T27902] slab_unreclaimable 307912600 [ 3058.183958][T27902] slab 307958736 [ 3058.183958][T27902] workingset_refault_anon 0 [ 3058.183958][T27902] workingset_refault_file 2 [ 3058.183958][T27902] workingset_activate_anon 0 [ 3058.183958][T27902] workingset_activate_file 0 [ 3058.183958][T27902] workingset_restore_anon 0 [ 3058.183958][T27902] workingset_restore_file 2 [ 3058.183958][T27902] workingset_nodereclaim 0 [ 3058.183958][T27902] pgscan 3970 [ 3058.183958][T27902] pgsteal 107 [ 3058.183958][T27902] pgscan_kswapd 92 [ 3058.183958][T27902] pgscan_direct 3878 [ 3058.183958][T27902] pgscan_khugepaged 0 [ 3058.183958][T27902] pgsteal_kswapd 88 [ 3058.183958][T27902] pgsteal_direct 19 [ 3058.183958][T27902] pgsteal_khugepaged 0 15:36:30 executing program 3: syz_init_net_socket$rose(0xb, 0x5, 0x0) socket(0x0, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) [ 3058.183958][T27902] pgfault 567166 [ 3058.183958][T27902] pgmajfault 2 [ 3058.183958][T27902] pgrefill 16419 [ 3058.183958][T27902] pgactivate 3863 [ 3058.183958][T27902] pgdeactivate 0 [ 3058.183958][T27902] pglazyfree 0 [ 3058.183958][T27902] pglazyfreed 0 [ 3058.183958][T27902] zswpin 0 [ 3058.183958][T27902] zswpout 0 15:36:30 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, 0x0}, 0x0) [ 3058.511408][T27902] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=27902,uid=0 [ 3058.553335][T28016] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3058.554958][T27902] Memory cgroup out of memory: Killed process 27902 (syz-executor.1) total-vm:54548kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 15:36:30 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, 0x0}, 0x0) [ 3058.697824][T27896] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3058.794196][T27896] CPU: 0 PID: 27896 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3058.804662][T27896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3058.815768][T27896] Call Trace: [ 3058.819050][T27896] [ 3058.822005][T27896] dump_stack_lvl+0x136/0x150 [ 3058.826712][T27896] dump_header+0x10a/0xd70 [ 3058.831138][T27896] oom_kill_process+0x25d/0x600 [ 3058.836008][T27896] out_of_memory+0x35c/0x1660 [ 3058.840701][T27896] ? find_held_lock+0x2d/0x110 [ 3058.845490][T27896] ? oom_killer_disable+0x2b0/0x2b0 [ 3058.850701][T27896] ? rcu_read_unlock+0x9/0x60 [ 3058.855392][T27896] ? find_held_lock+0x2d/0x110 [ 3058.860169][T27896] mem_cgroup_out_of_memory+0x206/0x270 [ 3058.865728][T27896] ? mem_cgroup_margin+0x130/0x130 [ 3058.870849][T27896] ? lock_downgrade+0x690/0x690 [ 3058.875722][T27896] try_charge_memcg+0xf99/0x13a0 [ 3058.880680][T27896] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3058.886677][T27896] ? rcu_read_unlock+0x9/0x60 [ 3058.891358][T27896] ? lock_downgrade+0x690/0x690 [ 3058.896224][T27896] charge_memcg+0x90/0x3b0 [ 3058.900654][T27896] __mem_cgroup_charge+0x2b/0x90 [ 3058.905685][T27896] do_wp_page+0x8ea/0x33c0 [ 3058.910116][T27896] ? lock_sync+0x190/0x190 [ 3058.914625][T27896] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3058.920022][T27896] ? do_raw_spin_lock+0x124/0x2b0 [ 3058.925057][T27896] ? spin_bug+0x1c0/0x1c0 [ 3058.929420][T27896] __handle_mm_fault+0x1635/0x41c0 [ 3058.934535][T27896] ? vm_iomap_memory+0x190/0x190 [ 3058.939473][T27896] ? mas_walk+0x58f/0x730 [ 3058.943803][T27896] ? numa_migrate_prep+0x3a0/0x3a0 [ 3058.948921][T27896] ? do_user_addr_fault+0x367/0x1210 [ 3058.954226][T27896] handle_mm_fault+0x2af/0x9f0 [ 3058.958993][T27896] do_user_addr_fault+0x2ca/0x1210 [ 3058.964287][T27896] ? rcu_is_watching+0x12/0xb0 [ 3058.969054][T27896] exc_page_fault+0x98/0x170 [ 3058.973659][T27896] asm_exc_page_fault+0x26/0x30 [ 3058.978506][T27896] RIP: 0033:0x7f5bd0639610 [ 3058.982924][T27896] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3059.002545][T27896] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3059.008629][T27896] RAX: 0000000004219014 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3059.016604][T27896] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a28a722 [ 3059.024574][T27896] RBP: 0000000004219014 R08: 0000000000001014 R09: 0000000004219018 [ 3059.032547][T27896] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3059.040516][T27896] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83d6fdb1 [ 3059.048497][T27896] ? apparmor_socket_create+0x151/0x670 [ 3059.054064][T27896] [ 3059.162240][T27896] memory: usage 307200kB, limit 307200kB, failcnt 25495 [ 3059.202715][T27896] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3059.220973][T27896] Memory cgroup stats for /syz2: [ 3059.221647][T27896] anon 139264 [ 3059.221647][T27896] file 8388608 [ 3059.221647][T27896] kernel 306044928 [ 3059.221647][T27896] kernel_stack 65536 [ 3059.221647][T27896] pagetables 69632 [ 3059.221647][T27896] sec_pagetables 0 [ 3059.221647][T27896] percpu 5294912 [ 3059.221647][T27896] sock 0 [ 3059.221647][T27896] vmalloc 16384 [ 3059.221647][T27896] shmem 8380416 [ 3059.221647][T27896] zswap 0 [ 3059.221647][T27896] zswapped 0 [ 3059.221647][T27896] file_mapped 286720 [ 3059.221647][T27896] file_dirty 4096 [ 3059.221647][T27896] file_writeback 0 [ 3059.221647][T27896] swapcached 0 [ 3059.221647][T27896] anon_thp 0 [ 3059.221647][T27896] file_thp 0 [ 3059.221647][T27896] shmem_thp 0 [ 3059.221647][T27896] inactive_anon 36864 [ 3059.221647][T27896] active_anon 8482816 [ 3059.221647][T27896] inactive_file 4096 [ 3059.221647][T27896] active_file 4096 [ 3059.221647][T27896] unevictable 0 [ 3059.221647][T27896] slab_reclaimable 39288 [ 3059.221647][T27896] slab_unreclaimable 300523984 [ 3059.221647][T27896] slab 300563272 [ 3059.221647][T27896] workingset_refault_anon 0 [ 3059.221647][T27896] workingset_refault_file 2 [ 3059.221647][T27896] workingset_activate_anon 0 [ 3059.221647][T27896] workingset_activate_file 0 [ 3059.221647][T27896] workingset_restore_anon 0 [ 3059.221647][T27896] workingset_restore_file 2 [ 3059.221647][T27896] workingset_nodereclaim 0 [ 3059.221647][T27896] pgscan 7835 [ 3059.221647][T27896] pgsteal 122 [ 3059.221647][T27896] pgscan_kswapd 106 [ 3059.221647][T27896] pgscan_direct 7729 [ 3059.221647][T27896] pgscan_khugepaged 0 [ 3059.221647][T27896] pgsteal_kswapd 97 [ 3059.221647][T27896] pgsteal_direct 25 [ 3059.221647][T27896] pgsteal_khugepaged 0 [ 3059.221647][T27896] pgfault 695084 [ 3059.221647][T27896] pgmajfault 0 [ 3059.221647][T27896] pgrefill 31239 [ 3059.221647][T27896] pgactivate 7713 [ 3059.221647][T27896] pgdeactivate 0 [ 3059.221647][T27896] pglazyfree 0 [ 3059.221647][T27896] pglazyfreed 0 [ 3059.221647][T27896] zswpin 0 [ 3059.221647][T27896] zswpout 0 [ 3059.561582][T27896] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27896,uid=0 [ 3059.603574][T27896] Memory cgroup out of memory: Killed process 27896 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3059.743295][T28125] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3059.814348][T27906] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3059.841572][T27906] CPU: 1 PID: 27906 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3059.851986][T27906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3059.862024][T27906] Call Trace: [ 3059.865288][T27906] [ 3059.868203][T27906] dump_stack_lvl+0x136/0x150 [ 3059.872873][T27906] dump_header+0x10a/0xd70 [ 3059.877274][T27906] oom_kill_process+0x25d/0x600 [ 3059.882108][T27906] out_of_memory+0x35c/0x1660 [ 3059.886771][T27906] ? find_held_lock+0x2d/0x110 [ 3059.891519][T27906] ? oom_killer_disable+0x2b0/0x2b0 [ 3059.896711][T27906] ? rcu_read_unlock+0x9/0x60 [ 3059.901393][T27906] ? find_held_lock+0x2d/0x110 [ 3059.909203][T27906] mem_cgroup_out_of_memory+0x206/0x270 [ 3059.914756][T27906] ? mem_cgroup_margin+0x130/0x130 [ 3059.919879][T27906] ? lock_downgrade+0x690/0x690 [ 3059.924747][T27906] try_charge_memcg+0xf99/0x13a0 [ 3059.929700][T27906] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3059.935684][T27906] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3059.941404][T27906] ? lock_downgrade+0x690/0x690 [ 3059.946254][T27906] ? lock_downgrade+0x690/0x690 [ 3059.951103][T27906] ? rcu_read_unlock+0x9/0x60 [ 3059.955780][T27906] obj_cgroup_charge+0x2af/0x5e0 [ 3059.960719][T27906] ? copy_process+0x3c0/0x75c0 [ 3059.965598][T27906] kmem_cache_alloc_node+0xa8/0x3e0 [ 3059.970795][T27906] copy_process+0x3c0/0x75c0 [ 3059.975389][T27906] ? pidfd_prepare+0x80/0x80 [ 3059.979971][T27906] ? lock_downgrade+0x690/0x690 [ 3059.984818][T27906] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3059.990791][T27906] ? folio_add_lru+0x47f/0x7c0 [ 3059.995637][T27906] kernel_clone+0xeb/0x890 [ 3060.000044][T27906] ? create_io_thread+0xe0/0xe0 [ 3060.004891][T27906] ? find_held_lock+0x2d/0x110 [ 3060.009651][T27906] ? find_held_lock+0x2d/0x110 [ 3060.014407][T27906] __do_sys_clone+0xba/0x100 [ 3060.018989][T27906] ? kernel_clone+0x890/0x890 [ 3060.023755][T27906] ? syscall_enter_from_user_mode+0x26/0x80 [ 3060.029649][T27906] do_syscall_64+0x39/0xb0 [ 3060.034091][T27906] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3060.039995][T27906] RIP: 0033:0x7fcdfee8d591 [ 3060.044404][T27906] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3060.064003][T27906] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3060.072407][T27906] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3060.080366][T27906] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3060.088323][T27906] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3060.096281][T27906] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3060.104243][T27906] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3060.112212][T27906] [ 3060.218733][T27906] memory: usage 307200kB, limit 307200kB, failcnt 36951 [ 3060.228791][T27906] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3060.240759][T27906] Memory cgroup stats for /syz4: [ 3060.240870][T27906] anon 2142208 [ 3060.240870][T27906] file 7716864 [ 3060.240870][T27906] kernel 304713728 [ 3060.240870][T27906] kernel_stack 688128 [ 3060.240870][T27906] pagetables 1171456 [ 3060.240870][T27906] sec_pagetables 0 [ 3060.240870][T27906] percpu 5219168 [ 3060.240870][T27906] sock 0 [ 3060.240870][T27906] vmalloc 8192 [ 3060.240870][T27906] shmem 7716864 [ 3060.240870][T27906] zswap 0 [ 3060.240870][T27906] zswapped 0 [ 3060.240870][T27906] file_mapped 196608 [ 3060.240870][T27906] file_dirty 0 [ 3060.240870][T27906] file_writeback 0 [ 3060.240870][T27906] swapcached 0 [ 3060.240870][T27906] anon_thp 0 [ 3060.240870][T27906] file_thp 0 [ 3060.240870][T27906] shmem_thp 0 [ 3060.240870][T27906] inactive_anon 9596928 [ 3060.240870][T27906] active_anon 262144 [ 3060.240870][T27906] inactive_file 0 [ 3060.240870][T27906] active_file 0 [ 3060.240870][T27906] unevictable 0 [ 3060.240870][T27906] slab_reclaimable 172672 [ 3060.240870][T27906] slab_unreclaimable 297115136 [ 3060.240870][T27906] slab 297287808 [ 3060.240870][T27906] workingset_refault_anon 0 [ 3060.240870][T27906] workingset_refault_file 0 [ 3060.240870][T27906] workingset_activate_anon 0 [ 3060.240870][T27906] workingset_activate_file 0 [ 3060.240870][T27906] workingset_restore_anon 0 [ 3060.240870][T27906] workingset_restore_file 0 [ 3060.240870][T27906] workingset_nodereclaim 0 [ 3060.240870][T27906] pgscan 116 [ 3060.240870][T27906] pgsteal 111 [ 3060.240870][T27906] pgscan_kswapd 99 [ 3060.240870][T27906] pgscan_direct 17 [ 3060.240870][T27906] pgscan_khugepaged 0 [ 3060.240870][T27906] pgsteal_kswapd 97 [ 3060.240870][T27906] pgsteal_direct 14 [ 3060.240870][T27906] pgsteal_khugepaged 0 [ 3060.240870][T27906] pgfault 695650 [ 3060.240870][T27906] pgmajfault 6 [ 3060.240870][T27906] pgrefill 593 [ 3060.240870][T27906] pgactivate 5 [ 3060.240870][T27906] pgdeactivate 0 [ 3060.240870][T27906] pglazyfree 0 [ 3060.240870][T27906] pglazyfreed 0 [ 3060.240870][T27906] zswpin 0 [ 3060.240870][T27906] zswpout 0 [ 3060.521670][T27906] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27906,uid=0 [ 3060.549582][T27906] Memory cgroup out of memory: Killed process 27906 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:36:32 executing program 3: socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001cc0)={0x6, 0x2, &(0x7f0000001b40)=ANY=[], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) socket$packet(0x11, 0x3, 0x300) 15:36:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2500}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:32 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa0940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:32 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, 0x0}, 0x0) 15:36:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x839e0400}, 0x0) 15:36:32 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x118}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3060.814951][T28133] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3060.859282][T28130] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3060.913765][T28130] CPU: 0 PID: 28130 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3060.924292][T28130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3060.934349][T28130] Call Trace: [ 3060.937630][T28130] [ 3060.940561][T28130] dump_stack_lvl+0x136/0x150 [ 3060.945254][T28130] dump_header+0x10a/0xd70 [ 3060.947174][T28128] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3060.949662][T28130] oom_kill_process+0x25d/0x600 [ 3060.949689][T28130] out_of_memory+0x35c/0x1660 [ 3060.968456][T28130] ? find_held_lock+0x2d/0x110 [ 3060.973222][T28130] ? oom_killer_disable+0x2b0/0x2b0 [ 3060.978420][T28130] ? rcu_read_unlock+0x9/0x60 [ 3060.983098][T28130] ? find_held_lock+0x2d/0x110 [ 3060.987866][T28130] mem_cgroup_out_of_memory+0x206/0x270 [ 3060.993415][T28130] ? mem_cgroup_margin+0x130/0x130 [ 3060.998539][T28130] ? lock_downgrade+0x690/0x690 [ 3061.003404][T28130] try_charge_memcg+0xf99/0x13a0 [ 3061.008359][T28130] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3061.014354][T28130] ? rcu_read_unlock+0x9/0x60 [ 3061.019037][T28130] ? lock_downgrade+0x690/0x690 [ 3061.023911][T28130] charge_memcg+0x90/0x3b0 [ 3061.028342][T28130] __mem_cgroup_charge+0x2b/0x90 [ 3061.033283][T28130] ? copy_mc_to_kernel+0x86/0x90 [ 3061.038233][T28130] do_wp_page+0x8ea/0x33c0 [ 3061.042657][T28130] ? lock_sync+0x190/0x190 [ 3061.047083][T28130] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3061.052458][T28130] ? do_raw_spin_lock+0x124/0x2b0 [ 3061.057491][T28130] ? spin_bug+0x1c0/0x1c0 [ 3061.061846][T28130] __handle_mm_fault+0x1635/0x41c0 [ 3061.066965][T28130] ? vm_iomap_memory+0x190/0x190 [ 3061.071900][T28130] ? mas_walk+0x58f/0x730 [ 3061.076240][T28130] ? numa_migrate_prep+0x3a0/0x3a0 [ 3061.081351][T28130] handle_mm_fault+0x2af/0x9f0 [ 3061.086202][T28130] do_user_addr_fault+0x2ca/0x1210 [ 3061.091315][T28130] ? rcu_is_watching+0x12/0xb0 [ 3061.096087][T28130] exc_page_fault+0x98/0x170 [ 3061.100677][T28130] asm_exc_page_fault+0x26/0x30 [ 3061.105622][T28130] RIP: 0033:0x7f5bd06366e5 15:36:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2600}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3061.110036][T28130] Code: 0f 1f 44 00 00 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d de 19 17 00 48 01 ca 02 01 48 89 42 08 48 8b 0d 8d 72 17 00 48 8b 53 10 4c 8d 81 00 [ 3061.129654][T28130] RSP: 002b:00007fffe74b1750 EFLAGS: 00010206 [ 3061.135725][T28130] RAX: 0000000000000003 RBX: 00007f5bd07abf80 RCX: 00007f5bd07a80c0 [ 3061.143697][T28130] RDX: 00007f5bd07a80c0 RSI: 0000000000000080 RDI: 00007f5bd07abf80 [ 3061.151756][T28130] RBP: 00007f5bd07abf80 R08: 00007fffe753d080 R09: 0000000000000000 15:36:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x849e0400}, 0x0) 15:36:33 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={0x0}}, 0x0) [ 3061.159730][T28130] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00000000002eb41e [ 3061.167697][T28130] R13: 00007fffe74b1860 R14: 00007f5bd07abf80 R15: 0000000000000032 [ 3061.175675][T28130] 15:36:33 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={0x0}}, 0x0) 15:36:33 executing program 3: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_FREEZE(r0, 0x400c620e, &(0x7f0000000100)) [ 3061.334685][T28130] memory: usage 307188kB, limit 307200kB, failcnt 25541 [ 3061.347532][T28243] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:36:33 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={0x0}}, 0x0) [ 3061.405694][T28130] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3061.422944][T28130] Memory cgroup stats for /syz2: [ 3061.423105][T28130] anon 110592 [ 3061.423105][T28130] file 8388608 [ 3061.423105][T28130] kernel 306061312 [ 3061.423105][T28130] kernel_stack 65536 [ 3061.423105][T28130] pagetables 69632 [ 3061.423105][T28130] sec_pagetables 0 [ 3061.423105][T28130] percpu 5294976 [ 3061.423105][T28130] sock 0 [ 3061.423105][T28130] vmalloc 16384 [ 3061.423105][T28130] shmem 8380416 [ 3061.423105][T28130] zswap 0 [ 3061.423105][T28130] zswapped 0 [ 3061.423105][T28130] file_mapped 286720 [ 3061.423105][T28130] file_dirty 4096 [ 3061.423105][T28130] file_writeback 0 [ 3061.423105][T28130] swapcached 0 [ 3061.423105][T28130] anon_thp 0 [ 3061.423105][T28130] file_thp 0 [ 3061.423105][T28130] shmem_thp 0 [ 3061.423105][T28130] inactive_anon 8417280 [ 3061.423105][T28130] active_anon 73728 [ 3061.423105][T28130] inactive_file 4096 [ 3061.423105][T28130] active_file 4096 [ 3061.423105][T28130] unevictable 0 [ 3061.423105][T28130] slab_reclaimable 39288 [ 3061.423105][T28130] slab_unreclaimable 300535960 [ 3061.423105][T28130] slab 300575248 [ 3061.423105][T28130] workingset_refault_anon 0 [ 3061.423105][T28130] workingset_refault_file 2 [ 3061.423105][T28130] workingset_activate_anon 0 [ 3061.423105][T28130] workingset_activate_file 0 [ 3061.423105][T28130] workingset_restore_anon 0 [ 3061.423105][T28130] workingset_restore_file 2 [ 3061.423105][T28130] workingset_nodereclaim 0 [ 3061.423105][T28130] pgscan 7854 [ 3061.423105][T28130] pgsteal 122 [ 3061.423105][T28130] pgscan_kswapd 106 [ 3061.423105][T28130] pgscan_direct 7748 [ 3061.423105][T28130] pgscan_khugepaged 0 [ 3061.423105][T28130] pgsteal_kswapd 97 [ 3061.423105][T28130] pgsteal_direct 25 [ 3061.423105][T28130] pgsteal_khugepaged 0 [ 3061.423105][T28130] pgfault 695128 [ 3061.423105][T28130] pgmajfault 0 [ 3061.423105][T28130] pgrefill 31277 [ 3061.423105][T28130] pgactivate 7732 [ 3061.423105][T28130] pgdeactivate 0 [ 3061.423105][T28130] pglazyfree 0 [ 3061.423105][T28130] pglazyfreed 0 [ 3061.423105][T28130] zswpin 0 [ 3061.423105][T28130] zswpout 0 [ 3061.426051][T28247] binder: 28246:28247 ioctl 400c620e 20000100 returned -22 15:36:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x859e0400}, 0x0) [ 3061.455129][T28130] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=28130,uid=0 15:36:33 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)}}, 0x0) [ 3061.809441][T28351] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3061.966691][T28130] Memory cgroup out of memory: Killed process 28130 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3062.012273][T28237] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3062.022733][T28237] CPU: 1 PID: 28237 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3062.033151][T28237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3062.043205][T28237] Call Trace: [ 3062.046482][T28237] [ 3062.049407][T28237] dump_stack_lvl+0x136/0x150 [ 3062.054074][T28237] dump_header+0x10a/0xd70 [ 3062.058480][T28237] oom_kill_process+0x25d/0x600 [ 3062.063324][T28237] out_of_memory+0x35c/0x1660 [ 3062.067992][T28237] ? find_held_lock+0x2d/0x110 [ 3062.072746][T28237] ? oom_killer_disable+0x2b0/0x2b0 [ 3062.078028][T28237] ? rcu_read_unlock+0x9/0x60 [ 3062.082712][T28237] ? find_held_lock+0x2d/0x110 [ 3062.087484][T28237] mem_cgroup_out_of_memory+0x206/0x270 [ 3062.093056][T28237] ? mem_cgroup_margin+0x130/0x130 [ 3062.098178][T28237] ? lock_downgrade+0x690/0x690 [ 3062.103053][T28237] try_charge_memcg+0xf99/0x13a0 [ 3062.108021][T28237] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3062.114002][T28237] ? rcu_read_unlock+0x9/0x60 [ 3062.118673][T28237] ? lock_downgrade+0x690/0x690 [ 3062.123531][T28237] charge_memcg+0x90/0x3b0 [ 3062.127949][T28237] __mem_cgroup_charge+0x2b/0x90 [ 3062.132890][T28237] __handle_mm_fault+0x2296/0x41c0 [ 3062.138007][T28237] ? vm_iomap_memory+0x190/0x190 [ 3062.142966][T28237] ? mas_walk+0x58f/0x730 [ 3062.147418][T28237] ? numa_migrate_prep+0x3a0/0x3a0 [ 3062.152531][T28237] handle_mm_fault+0x2af/0x9f0 [ 3062.157300][T28237] do_user_addr_fault+0x2ca/0x1210 [ 3062.162419][T28237] ? rcu_is_watching+0x12/0xb0 [ 3062.167180][T28237] exc_page_fault+0x98/0x170 [ 3062.171761][T28237] asm_exc_page_fault+0x26/0x30 [ 3062.176618][T28237] RIP: 0033:0x7fcdfee30eac [ 3062.181036][T28237] Code: c0 e8 98 5a ff ff b8 ff ff ff ff e9 33 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 54 31 c0 55 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 90 6b 0a 00 48 89 34 24 48 8b 14 24 48 8b [ 3062.200643][T28237] RSP: 002b:00007fcdffb680e0 EFLAGS: 00010202 [ 3062.206693][T28237] RAX: 0000000000000000 RBX: 00007fcdfefabf80 RCX: 0000000000000000 [ 3062.214651][T28237] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000200003c0 [ 3062.222609][T28237] RBP: 00007fcdfeee7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3062.230571][T28237] R10: 00000000200003c0 R11: 0000000000000000 R12: 0000000000000000 [ 3062.238542][T28237] R13: 00007ffda41c1e2f R14: 00007fcdffb69300 R15: 0000000000022000 [ 3062.246523][T28237] [ 3062.283162][T28237] memory: usage 307200kB, limit 307200kB, failcnt 37060 [ 3062.290151][T28237] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3062.313789][T28237] Memory cgroup stats for /syz4: [ 3062.313957][T28237] anon 2129920 [ 3062.313957][T28237] file 7716864 [ 3062.313957][T28237] kernel 304726016 [ 3062.313957][T28237] kernel_stack 688128 [ 3062.313957][T28237] pagetables 1171456 [ 3062.313957][T28237] sec_pagetables 0 [ 3062.313957][T28237] percpu 5219232 [ 3062.313957][T28237] sock 0 [ 3062.313957][T28237] vmalloc 8192 [ 3062.313957][T28237] shmem 7716864 [ 3062.313957][T28237] zswap 0 [ 3062.313957][T28237] zswapped 0 [ 3062.313957][T28237] file_mapped 196608 [ 3062.313957][T28237] file_dirty 0 [ 3062.313957][T28237] file_writeback 0 [ 3062.313957][T28237] swapcached 0 [ 3062.313957][T28237] anon_thp 0 [ 3062.313957][T28237] file_thp 0 [ 3062.313957][T28237] shmem_thp 0 [ 3062.313957][T28237] inactive_anon 9596928 [ 3062.313957][T28237] active_anon 249856 [ 3062.313957][T28237] inactive_file 0 [ 3062.313957][T28237] active_file 0 [ 3062.313957][T28237] unevictable 0 [ 3062.313957][T28237] slab_reclaimable 186024 [ 3062.313957][T28237] slab_unreclaimable 297109344 [ 3062.313957][T28237] slab 297295368 [ 3062.313957][T28237] workingset_refault_anon 0 [ 3062.313957][T28237] workingset_refault_file 0 [ 3062.313957][T28237] workingset_activate_anon 0 [ 3062.313957][T28237] workingset_activate_file 0 [ 3062.313957][T28237] workingset_restore_anon 0 [ 3062.313957][T28237] workingset_restore_file 0 [ 3062.313957][T28237] workingset_nodereclaim 0 [ 3062.313957][T28237] pgscan 116 [ 3062.313957][T28237] pgsteal 111 [ 3062.313957][T28237] pgscan_kswapd 99 [ 3062.313957][T28237] pgscan_direct 17 [ 3062.313957][T28237] pgscan_khugepaged 0 [ 3062.313957][T28237] pgsteal_kswapd 97 [ 3062.313957][T28237] pgsteal_direct 14 [ 3062.313957][T28237] pgsteal_khugepaged 0 [ 3062.313957][T28237] pgfault 695712 [ 3062.313957][T28237] pgmajfault 6 [ 3062.313957][T28237] pgrefill 593 [ 3062.313957][T28237] pgactivate 5 [ 3062.313957][T28237] pgdeactivate 0 [ 3062.313957][T28237] pglazyfree 0 [ 3062.313957][T28237] pglazyfreed 0 [ 3062.313957][T28237] zswpin 0 [ 3062.313957][T28237] zswpout 0 [ 3062.540236][T28237] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=28182,uid=0 [ 3062.592722][T28237] Memory cgroup out of memory: Killed process 28182 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:36:34 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa11c0000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:34 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)}}, 0x0) 15:36:34 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x38, 0x10, 0x421, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_TTL={0x5}]}}}]}, 0x38}}, 0x0) 15:36:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x869e0400}, 0x0) [ 3062.654365][T28239] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3062.791008][T28460] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3062.833539][T28460] CPU: 0 PID: 28460 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3062.843981][T28460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3062.854034][T28460] Call Trace: [ 3062.857308][T28460] [ 3062.860235][T28460] dump_stack_lvl+0x136/0x150 [ 3062.864921][T28460] dump_header+0x10a/0xd70 [ 3062.869342][T28460] oom_kill_process+0x25d/0x600 [ 3062.874187][T28460] out_of_memory+0x35c/0x1660 [ 3062.878856][T28460] ? find_held_lock+0x2d/0x110 [ 3062.883615][T28460] ? oom_killer_disable+0x2b0/0x2b0 [ 3062.888803][T28460] ? rcu_read_unlock+0x9/0x60 [ 3062.893475][T28460] ? find_held_lock+0x2d/0x110 [ 3062.898236][T28460] mem_cgroup_out_of_memory+0x206/0x270 [ 3062.903783][T28460] ? mem_cgroup_margin+0x130/0x130 [ 3062.908893][T28460] ? lock_downgrade+0x690/0x690 [ 3062.914363][T28460] try_charge_memcg+0xf99/0x13a0 [ 3062.919314][T28460] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3062.925301][T28460] ? rcu_read_unlock+0x9/0x60 [ 3062.929969][T28460] ? lock_downgrade+0x690/0x690 [ 3062.934816][T28460] charge_memcg+0x90/0x3b0 [ 3062.939230][T28460] __mem_cgroup_charge+0x2b/0x90 [ 3062.944156][T28460] do_wp_page+0x8ea/0x33c0 [ 3062.948569][T28460] ? lock_sync+0x190/0x190 [ 3062.952980][T28460] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3062.958342][T28460] ? do_raw_spin_lock+0x124/0x2b0 [ 3062.963368][T28460] ? spin_bug+0x1c0/0x1c0 [ 3062.967699][T28460] __handle_mm_fault+0x1635/0x41c0 [ 3062.972803][T28460] ? vm_iomap_memory+0x190/0x190 [ 3062.977730][T28460] ? mas_walk+0x58f/0x730 [ 3062.982064][T28460] ? numa_migrate_prep+0x3a0/0x3a0 [ 3062.987163][T28460] ? do_user_addr_fault+0x367/0x1210 [ 3062.992448][T28460] handle_mm_fault+0x2af/0x9f0 [ 3062.997207][T28460] do_user_addr_fault+0x2ca/0x1210 [ 3063.002311][T28460] ? rcu_is_watching+0x12/0xb0 [ 3063.007074][T28460] exc_page_fault+0x98/0x170 [ 3063.011658][T28460] asm_exc_page_fault+0x26/0x30 [ 3063.016516][T28460] RIP: 0033:0x7fcdfee39610 [ 3063.020925][T28460] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3063.040521][T28460] RSP: 002b:00007ffda41c1dd0 EFLAGS: 00010246 [ 3063.046582][T28460] RAX: 000000004b479e20 RBX: 00007fcdfefac018 RCX: 0000001b2e120000 [ 3063.054540][T28460] RDX: 0000000000000000 RSI: 0000001b2e120018 RDI: 000000000a2432ae [ 3063.062503][T28460] RBP: 000000004b479e20 R08: 0000000000001e20 R09: 000000004b479e24 [ 3063.070464][T28460] R10: 00007ffda41c1f90 R11: 0000000000000246 R12: 00007fcdfefa0000 [ 3063.078423][T28460] R13: 0000000000000001 R14: 0000000000000008 R15: ffffffff83ce111f [ 3063.086380][T28460] ? security_socket_create+0x3f/0xc0 [ 3063.091756][T28460] [ 3063.197386][T28239] warn_alloc: 1 callbacks suppressed [ 3063.197402][T28239] syz-executor.1: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0x404dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null) [ 3063.199052][T28460] memory: usage 307200kB, limit 307200kB, failcnt 37123 [ 3063.202804][T28239] ,cpuset= [ 3063.220834][T28460] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3063.227833][T28239] syz1,mems_allowed=0-1 [ 3063.227862][T28239] CPU: 1 PID: 28239 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3063.227886][T28239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3063.227897][T28239] Call Trace: [ 3063.227903][T28239] [ 3063.227912][T28239] dump_stack_lvl+0x136/0x150 [ 3063.227957][T28239] warn_alloc+0x213/0x360 [ 3063.227997][T28239] ? zone_watermark_ok_safe+0x2e0/0x2e0 [ 3063.228034][T28239] ? find_held_lock+0x2d/0x110 [ 3063.228075][T28239] ? lock_downgrade+0x690/0x690 [ 3063.228107][T28239] ? mark_held_locks+0x9f/0xe0 [ 3063.228146][T28239] __vmalloc_node_range+0x1021/0x14a0 [ 3063.228183][T28239] ? alloc_netdev_mqs+0x9c/0x1250 [ 3063.228227][T28239] ? delayed_vfree_work+0x70/0x70 [ 3063.228254][T28239] ? kvmalloc_node+0x76/0x1a0 [ 3063.228287][T28239] ? kasan_quarantine_reduce+0x1cc/0x220 [ 3063.228316][T28239] ? kvmalloc_node+0x76/0x1a0 [ 3063.228346][T28239] ? rcu_is_watching+0x12/0xb0 [ 3063.228380][T28239] ? alloc_netdev_mqs+0x9c/0x1250 [ 3063.228412][T28239] kvmalloc_node+0x156/0x1a0 [ 3063.228443][T28239] ? alloc_netdev_mqs+0x9c/0x1250 [ 3063.228472][T28239] alloc_netdev_mqs+0x9c/0x1250 [ 3063.228498][T28239] ? security_capable+0x93/0xc0 [ 3063.228518][T28239] ? br_netpoll_disable+0x60/0x60 [ 3063.228542][T28239] rtnl_create_link+0xc17/0xf20 [ 3063.228570][T28239] __rtnl_newlink+0xfd4/0x1840 [ 3063.228603][T28239] ? rtnl_link_unregister+0x250/0x250 [ 3063.228643][T28239] ? rtnl_newlink+0x4a/0xa0 [ 3063.228672][T28239] rtnl_newlink+0x68/0xa0 [ 3063.228693][T28239] ? __rtnl_newlink+0x1840/0x1840 [ 3063.228716][T28239] rtnetlink_rcv_msg+0x43d/0xd50 [ 3063.228741][T28239] ? rtnl_stats_set+0x4d0/0x4d0 [ 3063.228764][T28239] ? __dev_queue_xmit+0xa2a/0x3b10 [ 3063.228794][T28239] netlink_rcv_skb+0x165/0x440 [ 3063.228817][T28239] ? rtnl_stats_set+0x4d0/0x4d0 [ 3063.228841][T28239] ? netlink_ack+0x1360/0x1360 [ 3063.228880][T28239] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3063.228907][T28239] netlink_unicast+0x547/0x7f0 [ 3063.228932][T28239] ? netlink_attachskb+0x890/0x890 [ 3063.228953][T28239] ? __virt_addr_valid+0x61/0x2e0 [ 3063.228984][T28239] ? __phys_addr_symbol+0x30/0x70 [ 3063.229011][T28239] ? __check_object_size+0x323/0x730 [ 3063.229040][T28239] netlink_sendmsg+0x925/0xe30 [ 3063.229081][T28239] ? netlink_unicast+0x7f0/0x7f0 [ 3063.229108][T28239] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3063.229129][T28239] ? netlink_unicast+0x7f0/0x7f0 [ 3063.229152][T28239] sock_sendmsg+0xde/0x190 [ 3063.229174][T28239] ____sys_sendmsg+0x71c/0x900 [ 3063.229198][T28239] ? copy_msghdr_from_user+0xfc/0x150 [ 3063.229224][T28239] ? kernel_sendmsg+0x50/0x50 [ 3063.229249][T28239] ? futex_unqueue+0xb7/0x120 [ 3063.229273][T28239] ? futex_wait+0x503/0x680 [ 3063.229298][T28239] ___sys_sendmsg+0x110/0x1b0 [ 3063.229323][T28239] ? do_recvmmsg+0x6f0/0x6f0 [ 3063.229351][T28239] ? __fget_files+0x248/0x480 [ 3063.229381][T28239] ? lock_downgrade+0x690/0x690 [ 3063.229413][T28239] ? __fget_files+0x26a/0x480 [ 3063.229444][T28239] ? __fget_light+0xe5/0x270 [ 3063.229475][T28239] __sys_sendmsg+0xf7/0x1c0 [ 3063.229496][T28239] ? __sys_sendmsg_sock+0x40/0x40 [ 3063.229520][T28239] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3063.229557][T28239] ? syscall_enter_from_user_mode+0x26/0x80 [ 3063.229581][T28239] ? lockdep_hardirqs_on+0x7d/0x100 [ 3063.229603][T28239] do_syscall_64+0x39/0xb0 [ 3063.229630][T28239] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3063.229656][T28239] RIP: 0033:0x7f5d2ac8c169 [ 3063.229670][T28239] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3063.229688][T28239] RSP: 002b:00007f5d2ba0d168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3063.229705][T28239] RAX: ffffffffffffffda RBX: 00007f5d2adabf80 RCX: 00007f5d2ac8c169 [ 3063.229716][T28239] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3063.229728][T28239] RBP: 00007f5d2ace7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3063.229740][T28239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3063.229750][T28239] R13: 00007ffc24e003ef R14: 00007f5d2ba0d300 R15: 0000000000022000 [ 3063.229773][T28239] [ 3063.229868][T28239] Mem-Info: [ 3063.229875][T28239] active_anon:189900 inactive_anon:31591 isolated_anon:0 [ 3063.229875][T28239] active_file:7513 inactive_file:1387 isolated_file:0 [ 3063.229875][T28239] unevictable:768 dirty:17 writeback:0 [ 3063.229875][T28239] slab_reclaimable:23893 slab_unreclaimable:609834 [ 3063.229875][T28239] mapped:20167 shmem:27291 pagetables:2185 [ 3063.229875][T28239] sec_pagetables:0 bounce:0 [ 3063.229875][T28239] kernel_misc_reclaimable:0 [ 3063.229875][T28239] free:669469 free_pcp:7525 free_cma:0 [ 3063.229923][T28239] Node 0 active_anon:753664kB inactive_anon:126164kB active_file:28796kB inactive_file:472kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:80668kB dirty:60kB writeback:0kB shmem:105376kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 49152kB writeback_tmp:0kB kernel_stack:11536kB pagetables:7540kB sec_pagetables:0kB all_unreclaimable? no [ 3063.229970][T28239] Node 1 active_anon:5936kB inactive_anon:200kB active_file:1256kB inactive_file:5076kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:3788kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:1136kB pagetables:1200kB sec_pagetables:0kB all_unreclaimable? no [ 3063.230014][T28239] Node 0 DMA free:10708kB boost:0kB min:200kB low:248kB high:296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:88kB free_cma:0kB [ 3063.230069][T28239] lowmem_reserve[]: 0 2617 2619 2619 2619 [ 3063.230103][T28239] Node 0 DMA32 free:44292kB boost:0kB min:35440kB low:44300kB high:53160kB reserved_highatomic:0KB active_anon:753624kB inactive_anon:126160kB active_file:27568kB inactive_file:392kB unevictable:1536kB writepending:60kB present:3129332kB managed:2684936kB mlocked:0kB bounce:0kB free_pcp:5416kB local_pcp:2916kB free_cma:0kB [ 3063.230154][T28239] lowmem_reserve[]: 0 0 1 1 1 [ 3063.230186][T28239] Node 0 Normal free:16kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:40kB inactive_anon:4kB active_file:1228kB inactive_file:76kB unevictable:0kB writepending:0kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 3063.230236][T28239] lowmem_reserve[]: 0 0 0 0 0 [ 3063.230269][T28239] Node 1 Normal free:2622860kB boost:0kB min:54444kB low:68052kB high:81660kB reserved_highatomic:0KB active_anon:5936kB inactive_anon:200kB active_file:1256kB inactive_file:5076kB unevictable:1536kB writepending:8kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:24512kB local_pcp:3112kB free_cma:0kB [ 3063.230319][T28239] lowmem_reserve[]: 0 0 0 0 0 [ 3063.230353][T28239] Node 0 DMA: 3*4kB (UE) 3*8kB (UME) 1*16kB (M) 1*32kB (E) 2*64kB (ME) 4*128kB (UME) 3*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10708kB [ 3063.230496][T28239] Node 0 DMA32: 499*4kB (ME) 427*8kB (ME) 172*16kB (UME) 155*32kB (ME) 47*64kB (UME) 20*128kB (UME) 10*256kB (ME) 9*512kB (UME) 6*1024kB (UM) 6*2048kB (M) 0*4096kB = 44292kB [ 3063.230636][T28239] Node 0 Normal: 4*4kB (UM) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 3063.230732][T28239] Node 1 Normal: 1999*4kB (UME) 1360*8kB (UME) 599*16kB (UME) 661*32kB (UME) 261*64kB (UME) 119*128kB (UME) 69*256kB (UME) 43*512kB (UM) 29*1024kB (UM) 11*2048kB (UM) 598*4096kB (UM) = 2622860kB [ 3063.230879][T28239] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3063.230972][T28239] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3063.230988][T28239] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3063.231001][T28239] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3063.231015][T28239] 36031 total pagecache pages [ 3063.231021][T28239] 0 pages in swap cache [ 3063.231027][T28239] Free swap = 0kB [ 3063.231033][T28239] Total swap = 0kB [ 3063.231039][T28239] 2097051 pages RAM [ 3063.231054][T28239] 0 pages HighMem/MovableOnly [ 3063.231060][T28239] 392162 pages reserved [ 3063.231065][T28239] 0 pages cma reserved [ 3064.052444][T28460] Memory cgroup stats for /syz4: [ 3064.052627][T28460] anon 2109440 [ 3064.052627][T28460] file 7716864 [ 3064.052627][T28460] kernel 304697344 [ 3064.052627][T28460] kernel_stack 688128 [ 3064.052627][T28460] pagetables 1163264 [ 3064.052627][T28460] sec_pagetables 0 [ 3064.052627][T28460] percpu 5219232 [ 3064.052627][T28460] sock 0 [ 3064.052627][T28460] vmalloc 8192 [ 3064.052627][T28460] shmem 7716864 [ 3064.052627][T28460] zswap 0 [ 3064.052627][T28460] zswapped 0 [ 3064.052627][T28460] file_mapped 196608 [ 3064.052627][T28460] file_dirty 0 [ 3064.052627][T28460] file_writeback 0 [ 3064.052627][T28460] swapcached 0 [ 3064.052627][T28460] anon_thp 0 [ 3064.052627][T28460] file_thp 0 [ 3064.052627][T28460] shmem_thp 0 [ 3064.052627][T28460] inactive_anon 9596928 [ 3064.052627][T28460] active_anon 229376 [ 3064.052627][T28460] inactive_file 0 [ 3064.052627][T28460] active_file 0 [ 3064.052627][T28460] unevictable 0 [ 3064.052627][T28460] slab_reclaimable 170744 [ 3064.052627][T28460] slab_unreclaimable 297107000 [ 3064.052627][T28460] slab 297277744 [ 3064.052627][T28460] workingset_refault_anon 0 [ 3064.052627][T28460] workingset_refault_file 0 [ 3064.052627][T28460] workingset_activate_anon 0 [ 3064.052627][T28460] workingset_activate_file 0 [ 3064.052627][T28460] workingset_restore_anon 0 [ 3064.052627][T28460] workingset_restore_file 0 [ 3064.052627][T28460] workingset_nodereclaim 0 [ 3064.052627][T28460] pgscan 116 [ 3064.052627][T28460] pgsteal 111 [ 3064.052627][T28460] pgscan_kswapd 99 [ 3064.052627][T28460] pgscan_direct 17 [ 3064.052627][T28460] pgscan_khugepaged 0 15:36:36 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2700}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:36 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x300}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:36 executing program 5: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, 0x0, 0xee0000}, 0x18, &(0x7f00000001c0)={&(0x7f0000000100)}}, 0x0) 15:36:36 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2500}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x879e0400}, 0x0) [ 3064.052627][T28460] pgsteal_kswapd 97 [ 3064.052627][T28460] pgsteal_direct 14 [ 3064.052627][T28460] pgsteal_khugepaged 0 [ 3064.052627][T28460] pgfault 695766 [ 3064.052627][T28460] pgmajfault 6 [ 3064.052627][T28460] pgrefill 593 [ 3064.052627][T28460] pgactivate 5 [ 3064.052627][T28460] pgdeactivate 0 [ 3064.052627][T28460] pglazyfree 0 [ 3064.052627][T28460] pglazyfreed 0 [ 3064.052627][T28460] zswpin 0 [ 3064.052627][T28460] zswpout 0 [ 3064.322970][T28460] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=28460,uid=0 [ 3064.411985][T28571] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 15:36:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2500}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3064.502719][T28460] Memory cgroup out of memory: Killed process 28460 (syz-executor.4) total-vm:54548kB, anon-rss:480kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 15:36:36 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa1940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3064.601865][T28599] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3064.627983][T28563] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3064.669264][T28563] CPU: 0 PID: 28563 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3064.679695][T28563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3064.689752][T28563] Call Trace: [ 3064.693033][T28563] [ 3064.695968][T28563] dump_stack_lvl+0x136/0x150 [ 3064.700661][T28563] dump_header+0x10a/0xd70 [ 3064.705082][T28563] oom_kill_process+0x25d/0x600 [ 3064.709944][T28563] out_of_memory+0x35c/0x1660 [ 3064.714625][T28563] ? find_held_lock+0x2d/0x110 [ 3064.719396][T28563] ? oom_killer_disable+0x2b0/0x2b0 [ 3064.724597][T28563] ? rcu_read_unlock+0x9/0x60 [ 3064.729278][T28563] ? find_held_lock+0x2d/0x110 [ 3064.734087][T28563] mem_cgroup_out_of_memory+0x206/0x270 [ 3064.739651][T28563] ? mem_cgroup_margin+0x130/0x130 [ 3064.744768][T28563] ? lock_downgrade+0x690/0x690 [ 3064.749635][T28563] try_charge_memcg+0xf99/0x13a0 [ 3064.754582][T28563] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3064.760573][T28563] ? rcu_read_unlock+0x9/0x60 [ 3064.765333][T28563] ? lock_downgrade+0x690/0x690 [ 3064.770205][T28563] charge_memcg+0x90/0x3b0 [ 3064.774637][T28563] __mem_cgroup_charge+0x2b/0x90 [ 3064.779581][T28563] do_wp_page+0x8ea/0x33c0 [ 3064.784003][T28563] ? lock_sync+0x190/0x190 [ 3064.788416][T28563] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3064.793780][T28563] ? do_raw_spin_lock+0x124/0x2b0 [ 3064.798803][T28563] ? spin_bug+0x1c0/0x1c0 [ 3064.803138][T28563] __handle_mm_fault+0x1635/0x41c0 [ 3064.808248][T28563] ? vm_iomap_memory+0x190/0x190 [ 3064.813178][T28563] ? mas_walk+0x58f/0x730 [ 3064.817600][T28563] ? numa_migrate_prep+0x3a0/0x3a0 [ 3064.822702][T28563] ? do_user_addr_fault+0x367/0x1210 [ 3064.827988][T28563] handle_mm_fault+0x2af/0x9f0 [ 3064.832749][T28563] do_user_addr_fault+0x2ca/0x1210 [ 3064.837859][T28563] ? rcu_is_watching+0x12/0xb0 [ 3064.842624][T28563] exc_page_fault+0x98/0x170 [ 3064.847208][T28563] asm_exc_page_fault+0x26/0x30 [ 3064.852061][T28563] RIP: 0033:0x7f5bd0639610 [ 3064.856470][T28563] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3064.876077][T28563] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3064.882143][T28563] RAX: 0000000004219014 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3064.890107][T28563] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a28a722 [ 3064.898073][T28563] RBP: 0000000004219014 R08: 0000000000001014 R09: 0000000004219018 [ 3064.906043][T28563] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3064.914010][T28563] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83d6fdb1 [ 3064.921969][T28563] ? apparmor_socket_create+0x151/0x670 [ 3064.927521][T28563] 15:36:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x889e0400}, 0x0) [ 3065.041821][T28563] memory: usage 307200kB, limit 307200kB, failcnt 25612 [ 3065.062746][T28563] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3065.091920][T28681] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3065.101330][T28563] Memory cgroup stats for /syz2: [ 3065.101577][T28563] anon 139264 [ 3065.101577][T28563] file 8388608 [ 3065.101577][T28563] kernel 306044928 [ 3065.101577][T28563] kernel_stack 65536 [ 3065.101577][T28563] pagetables 69632 [ 3065.101577][T28563] sec_pagetables 0 [ 3065.101577][T28563] percpu 5294912 [ 3065.101577][T28563] sock 0 15:36:37 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9effffff}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3065.101577][T28563] vmalloc 16384 [ 3065.101577][T28563] shmem 8380416 [ 3065.101577][T28563] zswap 0 [ 3065.101577][T28563] zswapped 0 [ 3065.101577][T28563] file_mapped 286720 [ 3065.101577][T28563] file_dirty 8192 [ 3065.101577][T28563] file_writeback 0 [ 3065.101577][T28563] swapcached 0 [ 3065.101577][T28563] anon_thp 0 [ 3065.101577][T28563] file_thp 0 [ 3065.101577][T28563] shmem_thp 0 [ 3065.101577][T28563] inactive_anon 0 [ 3065.101577][T28563] active_anon 8519680 [ 3065.101577][T28563] inactive_file 8192 [ 3065.101577][T28563] active_file 0 [ 3065.101577][T28563] unevictable 0 [ 3065.101577][T28563] slab_reclaimable 39288 [ 3065.101577][T28563] slab_unreclaimable 300523984 [ 3065.101577][T28563] slab 300563272 [ 3065.101577][T28563] workingset_refault_anon 0 [ 3065.101577][T28563] workingset_refault_file 2 [ 3065.101577][T28563] workingset_activate_anon 0 [ 3065.101577][T28563] workingset_activate_file 0 [ 3065.101577][T28563] workingset_restore_anon 0 [ 3065.101577][T28563] workingset_restore_file 2 [ 3065.101577][T28563] workingset_nodereclaim 0 [ 3065.101577][T28563] pgscan 7854 [ 3065.101577][T28563] pgsteal 122 [ 3065.101577][T28563] pgscan_kswapd 106 [ 3065.101577][T28563] pgscan_direct 7748 [ 3065.101577][T28563] pgscan_khugepaged 0 [ 3065.101577][T28563] pgsteal_kswapd 97 [ 3065.101577][T28563] pgsteal_direct 25 [ 3065.101577][T28563] pgsteal_khugepaged 0 [ 3065.101577][T28563] pgfault 695184 [ 3065.101577][T28563] pgmajfault 0 [ 3065.101577][T28563] pgrefill 31402 [ 3065.101577][T28563] pgactivate 7732 [ 3065.101577][T28563] pgdeactivate 0 [ 3065.101577][T28563] pglazyfree 0 [ 3065.101577][T28563] pglazyfreed 0 [ 3065.101577][T28563] zswpin 0 [ 3065.101577][T28563] zswpout 0 [ 3065.234270][T28685] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 15:36:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x88a8ffff}, 0x0) [ 3065.382637][T28563] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=28563,uid=0 [ 3065.410952][T28563] Memory cgroup out of memory: Killed process 28563 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:36:37 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3065.546902][T28564] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3065.562274][T28564] CPU: 1 PID: 28564 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3065.572703][T28564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3065.582760][T28564] Call Trace: [ 3065.586038][T28564] [ 3065.588975][T28564] dump_stack_lvl+0x136/0x150 [ 3065.593660][T28564] dump_header+0x10a/0xd70 [ 3065.598091][T28564] oom_kill_process+0x25d/0x600 [ 3065.602973][T28564] out_of_memory+0x35c/0x1660 [ 3065.607656][T28564] ? oom_killer_disable+0x2b0/0x2b0 [ 3065.612860][T28564] ? rcu_read_unlock+0x9/0x60 [ 3065.617539][T28564] ? find_held_lock+0x2d/0x110 [ 3065.622307][T28564] mem_cgroup_out_of_memory+0x206/0x270 [ 3065.627858][T28564] ? mem_cgroup_margin+0x130/0x130 [ 3065.632971][T28564] ? lock_downgrade+0x690/0x690 [ 3065.637845][T28564] try_charge_memcg+0xf99/0x13a0 [ 3065.642794][T28564] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3065.648784][T28564] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3065.654511][T28564] ? lock_downgrade+0x690/0x690 [ 3065.659371][T28564] ? lock_downgrade+0x690/0x690 [ 3065.664232][T28564] ? rcu_read_unlock+0x9/0x60 [ 3065.668933][T28564] obj_cgroup_charge+0x2af/0x5e0 [ 3065.673887][T28564] ? copy_process+0x3c0/0x75c0 [ 3065.678660][T28564] kmem_cache_alloc_node+0xa8/0x3e0 [ 3065.683869][T28564] copy_process+0x3c0/0x75c0 [ 3065.688467][T28564] ? __lock_acquire+0xc17/0x5f30 [ 3065.693417][T28564] ? pidfd_prepare+0x80/0x80 [ 3065.698013][T28564] ? psi_memstall_leave+0x174/0x250 [ 3065.703211][T28564] ? lock_downgrade+0x690/0x690 [ 3065.708068][T28564] kernel_clone+0xeb/0x890 [ 3065.712475][T28564] ? create_io_thread+0xe0/0xe0 [ 3065.717320][T28564] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3065.723569][T28564] ? lock_downgrade+0x690/0x690 [ 3065.728430][T28564] __do_sys_clone+0xba/0x100 [ 3065.733023][T28564] ? kernel_clone+0x890/0x890 [ 3065.737715][T28564] ? syscall_enter_from_user_mode+0x26/0x80 [ 3065.743620][T28564] do_syscall_64+0x39/0xb0 [ 3065.748046][T28564] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3065.753962][T28564] RIP: 0033:0x7f5d2ac8d591 [ 3065.758360][T28564] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3065.777958][T28564] RSP: 002b:00007ffc24e00338 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3065.786371][T28564] RAX: ffffffffffffffda RBX: 00007f5d2b9ec700 RCX: 00007f5d2ac8d591 [ 3065.794339][T28564] RDX: 00007f5d2b9ec9d0 RSI: 00007f5d2b9ec2f0 RDI: 00000000003d0f00 [ 3065.802304][T28564] RBP: 00007ffc24e00580 R08: 00007f5d2b9ec700 R09: 00007f5d2b9ec700 [ 3065.810266][T28564] R10: 00007f5d2b9ec9d0 R11: 0000000000000206 R12: 00007ffc24e003ee [ 3065.818234][T28564] R13: 00007ffc24e003ef R14: 00007f5d2b9ec300 R15: 0000000000022000 [ 3065.826303][T28564] [ 3065.901710][T28564] memory: usage 307196kB, limit 307200kB, failcnt 25734 [ 3065.929551][T28564] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3065.941354][T28564] Memory cgroup stats for /syz1: [ 3065.941510][T28564] anon 442368 [ 3065.941510][T28564] file 262144 [ 3065.941510][T28564] kernel 313864192 [ 3065.941510][T28564] kernel_stack 163840 [ 3065.941510][T28564] pagetables 258048 [ 3065.941510][T28564] sec_pagetables 0 [ 3065.941510][T28564] percpu 5421792 [ 3065.941510][T28564] sock 0 [ 3065.941510][T28564] vmalloc 0 [ 3065.941510][T28564] shmem 258048 [ 3065.941510][T28564] zswap 0 [ 3065.941510][T28564] zswapped 0 [ 3065.941510][T28564] file_mapped 241664 [ 3065.941510][T28564] file_dirty 0 [ 3065.941510][T28564] file_writeback 0 [ 3065.941510][T28564] swapcached 0 [ 3065.941510][T28564] anon_thp 0 [ 3065.941510][T28564] file_thp 0 [ 3065.941510][T28564] shmem_thp 0 [ 3065.941510][T28564] inactive_anon 0 [ 3065.941510][T28564] active_anon 700416 [ 3065.941510][T28564] inactive_file 0 [ 3065.941510][T28564] active_file 4096 [ 3065.941510][T28564] unevictable 0 [ 3065.941510][T28564] slab_reclaimable 34328 [ 3065.941510][T28564] slab_unreclaimable 307901752 [ 3065.941510][T28564] slab 307936080 [ 3065.941510][T28564] workingset_refault_anon 0 [ 3065.941510][T28564] workingset_refault_file 2 [ 3065.941510][T28564] workingset_activate_anon 0 [ 3065.941510][T28564] workingset_activate_file 0 [ 3065.941510][T28564] workingset_restore_anon 0 [ 3065.941510][T28564] workingset_restore_file 2 [ 3065.941510][T28564] workingset_nodereclaim 0 [ 3065.941510][T28564] pgscan 4097 [ 3065.941510][T28564] pgsteal 107 [ 3065.941510][T28564] pgscan_kswapd 92 [ 3065.941510][T28564] pgscan_direct 4005 [ 3065.941510][T28564] pgscan_khugepaged 0 [ 3065.941510][T28564] pgsteal_kswapd 88 [ 3065.941510][T28564] pgsteal_direct 19 [ 3065.941510][T28564] pgsteal_khugepaged 0 [ 3065.941510][T28564] pgfault 567366 [ 3065.941510][T28564] pgmajfault 2 [ 3065.941510][T28564] pgrefill 16419 [ 3065.941510][T28564] pgactivate 3990 [ 3065.941510][T28564] pgdeactivate 0 [ 3065.941510][T28564] pglazyfree 0 [ 3065.941510][T28564] pglazyfreed 0 [ 3065.941510][T28564] zswpin 0 [ 3065.941510][T28564] zswpout 0 [ 3066.229065][T28564] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=28564,uid=0 [ 3066.260270][T28564] Memory cgroup out of memory: Killed process 28564 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 15:36:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2800}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3066.303692][T28678] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 15:36:38 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x899e0400}, 0x0) 15:36:38 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x306}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2000}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3066.524105][T28797] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3066.563101][T28655] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3066.599122][T28655] CPU: 0 PID: 28655 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3066.609555][T28655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3066.619609][T28655] Call Trace: [ 3066.622887][T28655] [ 3066.625821][T28655] dump_stack_lvl+0x136/0x150 [ 3066.630511][T28655] dump_header+0x10a/0xd70 [ 3066.634945][T28655] oom_kill_process+0x25d/0x600 [ 3066.639799][T28655] out_of_memory+0x35c/0x1660 [ 3066.644480][T28655] ? find_held_lock+0x2d/0x110 [ 3066.649253][T28655] ? oom_killer_disable+0x2b0/0x2b0 [ 3066.654456][T28655] ? rcu_read_unlock+0x9/0x60 [ 3066.659138][T28655] ? find_held_lock+0x2d/0x110 [ 3066.663908][T28655] mem_cgroup_out_of_memory+0x206/0x270 [ 3066.669466][T28655] ? mem_cgroup_margin+0x130/0x130 [ 3066.674583][T28655] ? lock_downgrade+0x690/0x690 [ 3066.679452][T28655] try_charge_memcg+0xf99/0x13a0 [ 3066.684394][T28655] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3066.690376][T28655] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3066.696098][T28655] ? lock_downgrade+0x690/0x690 [ 3066.700955][T28655] ? lock_downgrade+0x690/0x690 [ 3066.705801][T28655] ? rcu_read_unlock+0x9/0x60 [ 3066.710489][T28655] obj_cgroup_charge+0x2af/0x5e0 [ 3066.715440][T28655] ? copy_process+0x3c0/0x75c0 [ 3066.720207][T28655] kmem_cache_alloc_node+0xa8/0x3e0 [ 3066.725412][T28655] copy_process+0x3c0/0x75c0 [ 3066.730026][T28655] ? pidfd_prepare+0x80/0x80 [ 3066.734627][T28655] ? lock_downgrade+0x690/0x690 [ 3066.739484][T28655] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3066.745466][T28655] ? folio_add_lru+0x47f/0x7c0 [ 3066.750256][T28655] kernel_clone+0xeb/0x890 [ 3066.754696][T28655] ? create_io_thread+0xe0/0xe0 [ 3066.759568][T28655] ? find_held_lock+0x2d/0x110 [ 3066.764334][T28655] ? find_held_lock+0x2d/0x110 [ 3066.769100][T28655] __do_sys_clone+0xba/0x100 [ 3066.773704][T28655] ? kernel_clone+0x890/0x890 [ 3066.778392][T28655] ? syscall_enter_from_user_mode+0x26/0x80 [ 3066.784287][T28655] do_syscall_64+0x39/0xb0 [ 3066.788702][T28655] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3066.794689][T28655] RIP: 0033:0x7fcdfee8d591 [ 3066.799113][T28655] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3066.818737][T28655] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3066.827150][T28655] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3066.835118][T28655] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3066.843087][T28655] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3066.851050][T28655] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3066.859013][T28655] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3066.866998][T28655] 15:36:38 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3066.960816][T28655] memory: usage 307180kB, limit 307200kB, failcnt 37236 [ 3067.033467][T28854] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3067.051888][T28655] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3067.078267][T28655] Memory cgroup stats for /syz4: [ 3067.078421][T28655] anon 2142208 [ 3067.078421][T28655] file 7716864 [ 3067.078421][T28655] kernel 304693248 [ 3067.078421][T28655] kernel_stack 688128 [ 3067.078421][T28655] pagetables 1171456 [ 3067.078421][T28655] sec_pagetables 0 [ 3067.078421][T28655] percpu 5219168 [ 3067.078421][T28655] sock 0 [ 3067.078421][T28655] vmalloc 8192 [ 3067.078421][T28655] shmem 7716864 [ 3067.078421][T28655] zswap 0 [ 3067.078421][T28655] zswapped 0 [ 3067.078421][T28655] file_mapped 196608 [ 3067.078421][T28655] file_dirty 0 [ 3067.078421][T28655] file_writeback 0 [ 3067.078421][T28655] swapcached 0 [ 3067.078421][T28655] anon_thp 0 [ 3067.078421][T28655] file_thp 0 [ 3067.078421][T28655] shmem_thp 0 [ 3067.078421][T28655] inactive_anon 9596928 [ 3067.078421][T28655] active_anon 262144 [ 3067.078421][T28655] inactive_file 0 [ 3067.078421][T28655] active_file 0 [ 3067.078421][T28655] unevictable 0 [ 3067.078421][T28655] slab_reclaimable 172672 [ 3067.078421][T28655] slab_unreclaimable 297097448 [ 3067.078421][T28655] slab 297270120 [ 3067.078421][T28655] workingset_refault_anon 0 [ 3067.078421][T28655] workingset_refault_file 0 [ 3067.078421][T28655] workingset_activate_anon 0 [ 3067.078421][T28655] workingset_activate_file 0 [ 3067.078421][T28655] workingset_restore_anon 0 [ 3067.078421][T28655] workingset_restore_file 0 [ 3067.078421][T28655] workingset_nodereclaim 0 [ 3067.078421][T28655] pgscan 116 [ 3067.078421][T28655] pgsteal 111 [ 3067.078421][T28655] pgscan_kswapd 99 [ 3067.078421][T28655] pgscan_direct 17 [ 3067.078421][T28655] pgscan_khugepaged 0 [ 3067.078421][T28655] pgsteal_kswapd 97 [ 3067.078421][T28655] pgsteal_direct 14 [ 3067.078421][T28655] pgsteal_khugepaged 0 [ 3067.078421][T28655] pgfault 695833 [ 3067.078421][T28655] pgmajfault 6 [ 3067.078421][T28655] pgrefill 593 [ 3067.078421][T28655] pgactivate 5 [ 3067.078421][T28655] pgdeactivate 0 [ 3067.078421][T28655] pglazyfree 0 [ 3067.078421][T28655] pglazyfreed 0 [ 3067.078421][T28655] zswpin 0 [ 3067.078421][T28655] zswpout 0 [ 3067.372686][T28655] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=28655,uid=0 [ 3067.443066][T28655] Memory cgroup out of memory: Killed process 28655 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3067.566249][T28792] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3067.592829][T28792] CPU: 0 PID: 28792 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3067.603256][T28792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3067.613335][T28792] Call Trace: [ 3067.616605][T28792] [ 3067.619533][T28792] dump_stack_lvl+0x136/0x150 [ 3067.624230][T28792] dump_header+0x10a/0xd70 [ 3067.628656][T28792] oom_kill_process+0x25d/0x600 [ 3067.633508][T28792] out_of_memory+0x35c/0x1660 [ 3067.638185][T28792] ? find_held_lock+0x2d/0x110 [ 3067.642951][T28792] ? oom_killer_disable+0x2b0/0x2b0 [ 3067.648144][T28792] ? rcu_read_unlock+0x9/0x60 [ 3067.652812][T28792] ? find_held_lock+0x2d/0x110 [ 3067.657571][T28792] mem_cgroup_out_of_memory+0x206/0x270 [ 3067.663108][T28792] ? mem_cgroup_margin+0x130/0x130 [ 3067.668208][T28792] ? lock_downgrade+0x690/0x690 [ 3067.673060][T28792] try_charge_memcg+0xf99/0x13a0 [ 3067.677996][T28792] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3067.683974][T28792] ? rcu_read_unlock+0x9/0x60 [ 3067.688728][T28792] ? lock_downgrade+0x690/0x690 [ 3067.693581][T28792] charge_memcg+0x90/0x3b0 [ 3067.697993][T28792] __mem_cgroup_charge+0x2b/0x90 [ 3067.702918][T28792] do_wp_page+0x8ea/0x33c0 [ 3067.707330][T28792] ? lock_sync+0x190/0x190 [ 3067.711735][T28792] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3067.717100][T28792] ? do_raw_spin_lock+0x124/0x2b0 [ 3067.722118][T28792] ? spin_bug+0x1c0/0x1c0 [ 3067.726445][T28792] __handle_mm_fault+0x1635/0x41c0 [ 3067.731551][T28792] ? vm_iomap_memory+0x190/0x190 [ 3067.736571][T28792] ? mas_walk+0x58f/0x730 [ 3067.740902][T28792] ? numa_migrate_prep+0x3a0/0x3a0 [ 3067.746001][T28792] ? do_user_addr_fault+0x367/0x1210 [ 3067.751283][T28792] handle_mm_fault+0x2af/0x9f0 [ 3067.756127][T28792] do_user_addr_fault+0x2ca/0x1210 [ 3067.761228][T28792] ? rcu_is_watching+0x12/0xb0 [ 3067.765992][T28792] exc_page_fault+0x98/0x170 [ 3067.770577][T28792] asm_exc_page_fault+0x26/0x30 [ 3067.775698][T28792] RIP: 0033:0x7f5bd0639610 [ 3067.780106][T28792] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3067.799704][T28792] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3067.805758][T28792] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3067.813718][T28792] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3067.821766][T28792] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3067.829733][T28792] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3067.837728][T28792] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3067.845717][T28792] ? __sock_create+0x46/0x850 [ 3067.850395][T28792] 15:36:39 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa2010000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:39 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8a400000}, 0x0) 15:36:39 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9b940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3067.969966][T28910] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3067.979419][T28792] memory: usage 307192kB, limit 307200kB, failcnt 25694 [ 3067.989677][T28792] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3068.002636][T28792] Memory cgroup stats for /syz2: [ 3068.002788][T28792] anon 122880 [ 3068.002788][T28792] file 8388608 [ 3068.002788][T28792] kernel 306044928 [ 3068.002788][T28792] kernel_stack 65536 [ 3068.002788][T28792] pagetables 69632 [ 3068.002788][T28792] sec_pagetables 0 [ 3068.002788][T28792] percpu 5294912 [ 3068.002788][T28792] sock 0 [ 3068.002788][T28792] vmalloc 16384 [ 3068.002788][T28792] shmem 8380416 [ 3068.002788][T28792] zswap 0 [ 3068.002788][T28792] zswapped 0 [ 3068.002788][T28792] file_mapped 286720 [ 3068.002788][T28792] file_dirty 8192 [ 3068.002788][T28792] file_writeback 0 [ 3068.002788][T28792] swapcached 0 [ 3068.002788][T28792] anon_thp 0 [ 3068.002788][T28792] file_thp 0 [ 3068.002788][T28792] shmem_thp 0 [ 3068.002788][T28792] inactive_anon 8417280 [ 3068.002788][T28792] active_anon 86016 [ 3068.002788][T28792] inactive_file 8192 [ 3068.002788][T28792] active_file 0 [ 3068.002788][T28792] unevictable 0 [ 3068.002788][T28792] slab_reclaimable 39288 [ 3068.002788][T28792] slab_unreclaimable 300524288 [ 3068.002788][T28792] slab 300563576 [ 3068.002788][T28792] workingset_refault_anon 0 [ 3068.002788][T28792] workingset_refault_file 2 [ 3068.002788][T28792] workingset_activate_anon 0 [ 3068.002788][T28792] workingset_activate_file 0 [ 3068.002788][T28792] workingset_restore_anon 0 [ 3068.002788][T28792] workingset_restore_file 2 [ 3068.002788][T28792] workingset_nodereclaim 0 [ 3068.002788][T28792] pgscan 7854 [ 3068.002788][T28792] pgsteal 122 [ 3068.002788][T28792] pgscan_kswapd 106 [ 3068.002788][T28792] pgscan_direct 7748 [ 3068.002788][T28792] pgscan_khugepaged 0 [ 3068.002788][T28792] pgsteal_kswapd 97 [ 3068.002788][T28792] pgsteal_direct 25 [ 3068.002788][T28792] pgsteal_khugepaged 0 [ 3068.002788][T28792] pgfault 695232 [ 3068.002788][T28792] pgmajfault 0 [ 3068.002788][T28792] pgrefill 31548 [ 3068.002788][T28792] pgactivate 7732 [ 3068.002788][T28792] pgdeactivate 0 [ 3068.002788][T28792] pglazyfree 0 [ 3068.002788][T28792] pglazyfreed 0 [ 3068.002788][T28792] zswpin 0 [ 3068.002788][T28792] zswpout 0 15:36:40 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:40 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3068.020662][T28912] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3068.301988][T28792] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=28792,uid=0 [ 3068.353496][T28792] Memory cgroup out of memory: Killed process 28792 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3068.491952][T28909] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3068.504271][T28909] CPU: 0 PID: 28909 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3068.514701][T28909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3068.524759][T28909] Call Trace: [ 3068.528040][T28909] [ 3068.530981][T28909] dump_stack_lvl+0x136/0x150 [ 3068.535673][T28909] dump_header+0x10a/0xd70 [ 3068.540093][T28909] oom_kill_process+0x25d/0x600 [ 3068.544945][T28909] out_of_memory+0x35c/0x1660 [ 3068.549658][T28909] ? oom_killer_disable+0x2b0/0x2b0 [ 3068.554860][T28909] ? rcu_read_unlock+0x9/0x60 [ 3068.559536][T28909] ? find_held_lock+0x2d/0x110 [ 3068.564307][T28909] mem_cgroup_out_of_memory+0x206/0x270 [ 3068.569856][T28909] ? mem_cgroup_margin+0x130/0x130 [ 3068.574971][T28909] ? lock_downgrade+0x690/0x690 [ 3068.579840][T28909] try_charge_memcg+0xf99/0x13a0 [ 3068.584788][T28909] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3068.590779][T28909] ? rcu_read_unlock+0x9/0x60 [ 3068.595456][T28909] ? lock_downgrade+0x690/0x690 [ 3068.600320][T28909] charge_memcg+0x90/0x3b0 [ 3068.604741][T28909] __mem_cgroup_charge+0x2b/0x90 [ 3068.609849][T28909] ? copy_mc_to_kernel+0x86/0x90 [ 3068.614793][T28909] do_wp_page+0x8ea/0x33c0 [ 3068.619203][T28909] ? lock_sync+0x190/0x190 [ 3068.623624][T28909] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3068.628987][T28909] ? do_raw_spin_lock+0x124/0x2b0 [ 3068.634005][T28909] ? spin_bug+0x1c0/0x1c0 [ 3068.638331][T28909] __handle_mm_fault+0x1635/0x41c0 [ 3068.643435][T28909] ? vm_iomap_memory+0x190/0x190 [ 3068.648363][T28909] ? mas_walk+0x58f/0x730 [ 3068.652699][T28909] ? numa_migrate_prep+0x3a0/0x3a0 [ 3068.657802][T28909] handle_mm_fault+0x2af/0x9f0 [ 3068.662559][T28909] do_user_addr_fault+0x2ca/0x1210 [ 3068.667666][T28909] ? rcu_is_watching+0x12/0xb0 [ 3068.672454][T28909] exc_page_fault+0x98/0x170 [ 3068.677065][T28909] asm_exc_page_fault+0x26/0x30 [ 3068.681922][T28909] RIP: 0033:0x7fcdfee366e5 [ 3068.686325][T28909] Code: 0f 1f 44 00 00 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d de 19 17 00 48 01 ca 02 01 48 89 42 08 48 8b 0d 8d 72 17 00 48 8b 53 10 4c 8d 81 00 [ 3068.705923][T28909] RSP: 002b:00007ffda41c1e80 EFLAGS: 00010206 [ 3068.711977][T28909] RAX: 0000000000000003 RBX: 00007fcdfefabf80 RCX: 00007fcdfefa80c0 [ 3068.719936][T28909] RDX: 00007fcdfefa80c0 RSI: 0000000000000080 RDI: 00007fcdfefabf80 [ 3068.727897][T28909] RBP: 00007fcdfefabf80 R08: 00007ffda41e6080 R09: 0000000000000000 [ 3068.735866][T28909] R10: 00007ffda41c1f90 R11: 0000000000000246 R12: 00000000002ed1a9 [ 3068.743910][T28909] R13: 00007ffda41c1f90 R14: 00007fcdfefabf80 R15: 0000000000000032 [ 3068.751882][T28909] [ 3068.862222][T28909] memory: usage 307132kB, limit 307200kB, failcnt 37391 [ 3068.873512][T28909] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3068.889601][T28909] Memory cgroup stats for /syz4: [ 3068.889746][T28909] anon 2088960 [ 3068.889746][T28909] file 7716864 [ 3068.889746][T28909] kernel 304697344 [ 3068.889746][T28909] kernel_stack 688128 [ 3068.889746][T28909] pagetables 1163264 [ 3068.889746][T28909] sec_pagetables 0 [ 3068.889746][T28909] percpu 5219232 [ 3068.889746][T28909] sock 0 [ 3068.889746][T28909] vmalloc 8192 [ 3068.889746][T28909] shmem 7716864 [ 3068.889746][T28909] zswap 0 [ 3068.889746][T28909] zswapped 0 [ 3068.889746][T28909] file_mapped 196608 [ 3068.889746][T28909] file_dirty 0 [ 3068.889746][T28909] file_writeback 0 [ 3068.889746][T28909] swapcached 0 [ 3068.889746][T28909] anon_thp 0 [ 3068.889746][T28909] file_thp 0 [ 3068.889746][T28909] shmem_thp 0 [ 3068.889746][T28909] inactive_anon 9596928 [ 3068.889746][T28909] active_anon 208896 [ 3068.889746][T28909] inactive_file 0 [ 3068.889746][T28909] active_file 0 [ 3068.889746][T28909] unevictable 0 [ 3068.889746][T28909] slab_reclaimable 170744 [ 3068.889746][T28909] slab_unreclaimable 297107000 [ 3068.889746][T28909] slab 297277744 [ 3068.889746][T28909] workingset_refault_anon 0 [ 3068.889746][T28909] workingset_refault_file 0 [ 3068.889746][T28909] workingset_activate_anon 0 [ 3068.889746][T28909] workingset_activate_file 0 [ 3068.889746][T28909] workingset_restore_anon 0 [ 3068.889746][T28909] workingset_restore_file 0 [ 3068.889746][T28909] workingset_nodereclaim 0 [ 3068.889746][T28909] pgscan 116 [ 3068.889746][T28909] pgsteal 111 [ 3068.889746][T28909] pgscan_kswapd 99 [ 3068.889746][T28909] pgscan_direct 17 [ 3068.889746][T28909] pgscan_khugepaged 0 [ 3068.889746][T28909] pgsteal_kswapd 97 [ 3068.889746][T28909] pgsteal_direct 14 [ 3068.889746][T28909] pgsteal_khugepaged 0 [ 3068.889746][T28909] pgfault 695877 [ 3068.889746][T28909] pgmajfault 6 [ 3068.889746][T28909] pgrefill 593 [ 3068.889746][T28909] pgactivate 5 [ 3068.889746][T28909] pgdeactivate 0 [ 3068.889746][T28909] pglazyfree 0 [ 3068.889746][T28909] pglazyfreed 0 [ 3068.889746][T28909] zswpin 0 [ 3068.889746][T28909] zswpout 0 [ 3069.163736][T28909] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=28909,uid=0 [ 3069.203821][T28909] Memory cgroup out of memory: Killed process 28909 (syz-executor.4) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3069.250558][T28800] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3069.276619][T28800] CPU: 0 PID: 28800 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3069.287474][T28800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3069.297526][T28800] Call Trace: [ 3069.300799][T28800] [ 3069.303708][T28800] dump_stack_lvl+0x136/0x150 [ 3069.308382][T28800] dump_header+0x10a/0xd70 [ 3069.312797][T28800] oom_kill_process+0x25d/0x600 [ 3069.317639][T28800] out_of_memory+0x35c/0x1660 [ 3069.322311][T28800] ? oom_killer_disable+0x2b0/0x2b0 [ 3069.327526][T28800] ? rcu_read_unlock+0x9/0x60 [ 3069.332222][T28800] ? find_held_lock+0x2d/0x110 [ 3069.336979][T28800] mem_cgroup_out_of_memory+0x206/0x270 [ 3069.342522][T28800] ? mem_cgroup_margin+0x130/0x130 [ 3069.347624][T28800] ? lock_downgrade+0x690/0x690 [ 3069.352477][T28800] try_charge_memcg+0xf99/0x13a0 [ 3069.357411][T28800] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3069.363393][T28800] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3069.369101][T28800] ? lock_downgrade+0x690/0x690 [ 3069.373950][T28800] ? lock_downgrade+0x690/0x690 [ 3069.378789][T28800] ? rcu_read_unlock+0x9/0x60 [ 3069.383465][T28800] obj_cgroup_charge+0x2af/0x5e0 [ 3069.388401][T28800] ? copy_process+0x3c0/0x75c0 [ 3069.393162][T28800] kmem_cache_alloc_node+0xa8/0x3e0 [ 3069.398354][T28800] copy_process+0x3c0/0x75c0 [ 3069.402949][T28800] ? pidfd_prepare+0x80/0x80 [ 3069.407529][T28800] ? lock_downgrade+0x690/0x690 [ 3069.412378][T28800] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3069.418608][T28800] ? folio_add_lru+0x47f/0x7c0 [ 3069.423372][T28800] kernel_clone+0xeb/0x890 [ 3069.427781][T28800] ? create_io_thread+0xe0/0xe0 [ 3069.432683][T28800] ? find_held_lock+0x2d/0x110 [ 3069.437489][T28800] ? find_held_lock+0x2d/0x110 [ 3069.442960][T28800] __do_sys_clone+0xba/0x100 [ 3069.447538][T28800] ? kernel_clone+0x890/0x890 [ 3069.452214][T28800] ? syscall_enter_from_user_mode+0x26/0x80 [ 3069.458099][T28800] do_syscall_64+0x39/0xb0 [ 3069.462521][T28800] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3069.468423][T28800] RIP: 0033:0x7f5d2ac8d591 [ 3069.472835][T28800] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3069.492437][T28800] RSP: 002b:00007ffc24e00338 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3069.500850][T28800] RAX: ffffffffffffffda RBX: 00007f5d2b9ec700 RCX: 00007f5d2ac8d591 [ 3069.508822][T28800] RDX: 00007f5d2b9ec9d0 RSI: 00007f5d2b9ec2f0 RDI: 00000000003d0f00 [ 3069.516792][T28800] RBP: 00007ffc24e00580 R08: 00007f5d2b9ec700 R09: 00007f5d2b9ec700 [ 3069.524765][T28800] R10: 00007f5d2b9ec9d0 R11: 0000000000000206 R12: 00007ffc24e003ee [ 3069.532732][T28800] R13: 00007ffc24e003ef R14: 00007f5d2b9ec300 R15: 0000000000022000 [ 3069.540700][T28800] [ 3069.643475][T28800] memory: usage 307196kB, limit 307200kB, failcnt 25867 [ 3069.659267][T28800] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3069.671419][T28800] Memory cgroup stats for /syz1: [ 3069.671570][T28800] anon 442368 [ 3069.671570][T28800] file 262144 [ 3069.671570][T28800] kernel 313823232 [ 3069.671570][T28800] kernel_stack 131072 [ 3069.671570][T28800] pagetables 258048 [ 3069.671570][T28800] sec_pagetables 0 [ 3069.671570][T28800] percpu 5421792 [ 3069.671570][T28800] sock 0 [ 3069.671570][T28800] vmalloc 0 [ 3069.671570][T28800] shmem 258048 [ 3069.671570][T28800] zswap 0 [ 3069.671570][T28800] zswapped 0 [ 3069.671570][T28800] file_mapped 241664 [ 3069.671570][T28800] file_dirty 0 [ 3069.671570][T28800] file_writeback 0 [ 3069.671570][T28800] swapcached 0 [ 3069.671570][T28800] anon_thp 0 [ 3069.671570][T28800] file_thp 0 [ 3069.671570][T28800] shmem_thp 0 [ 3069.671570][T28800] inactive_anon 0 [ 3069.671570][T28800] active_anon 700416 [ 3069.671570][T28800] inactive_file 0 [ 3069.671570][T28800] active_file 4096 [ 3069.671570][T28800] unevictable 0 [ 3069.671570][T28800] slab_reclaimable 34328 [ 3069.671570][T28800] slab_unreclaimable 307893800 [ 3069.671570][T28800] slab 307928128 [ 3069.671570][T28800] workingset_refault_anon 0 [ 3069.671570][T28800] workingset_refault_file 2 [ 3069.671570][T28800] workingset_activate_anon 0 [ 3069.671570][T28800] workingset_activate_file 0 [ 3069.671570][T28800] workingset_restore_anon 0 [ 3069.671570][T28800] workingset_restore_file 2 [ 3069.671570][T28800] workingset_nodereclaim 0 [ 3069.671570][T28800] pgscan 4153 [ 3069.671570][T28800] pgsteal 107 [ 3069.671570][T28800] pgscan_kswapd 92 [ 3069.671570][T28800] pgscan_direct 4061 [ 3069.671570][T28800] pgscan_khugepaged 0 [ 3069.671570][T28800] pgsteal_kswapd 88 [ 3069.671570][T28800] pgsteal_direct 19 [ 3069.671570][T28800] pgsteal_khugepaged 0 [ 3069.671570][T28800] pgfault 567430 [ 3069.671570][T28800] pgmajfault 2 [ 3069.671570][T28800] pgrefill 16419 [ 3069.671570][T28800] pgactivate 4046 [ 3069.671570][T28800] pgdeactivate 0 [ 3069.671570][T28800] pglazyfree 0 [ 3069.671570][T28800] pglazyfreed 0 [ 3069.671570][T28800] zswpin 0 [ 3069.671570][T28800] zswpout 0 [ 3069.972957][T28800] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=28800,uid=0 [ 3070.013576][T28800] Memory cgroup out of memory: Killed process 28800 (syz-executor.1) total-vm:54680kB, anon-rss:488kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 15:36:41 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2900}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8a9e0400}, 0x0) 15:36:41 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1d00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:41 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x308}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:41 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa2020000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3070.143460][T29022] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:36:42 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3070.294403][T29026] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3070.393917][T29024] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3070.393994][T29026] CPU: 0 PID: 29026 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3070.413721][T29026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3070.423779][T29026] Call Trace: [ 3070.427057][T29026] [ 3070.429995][T29026] dump_stack_lvl+0x136/0x150 [ 3070.434698][T29026] dump_header+0x10a/0xd70 [ 3070.439120][T29026] oom_kill_process+0x25d/0x600 [ 3070.443975][T29026] out_of_memory+0x35c/0x1660 [ 3070.448653][T29026] ? find_held_lock+0x2d/0x110 [ 3070.453422][T29026] ? oom_killer_disable+0x2b0/0x2b0 [ 3070.458626][T29026] ? rcu_read_unlock+0x9/0x60 [ 3070.463304][T29026] ? find_held_lock+0x2d/0x110 [ 3070.468070][T29026] mem_cgroup_out_of_memory+0x206/0x270 [ 3070.473623][T29026] ? mem_cgroup_margin+0x130/0x130 [ 3070.478729][T29026] ? lock_downgrade+0x690/0x690 [ 3070.483592][T29026] try_charge_memcg+0xf99/0x13a0 [ 3070.488545][T29026] ? mem_cgroup_handle_over_high+0x520/0x520 15:36:42 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3070.494536][T29026] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3070.500281][T29026] ? lock_downgrade+0x690/0x690 [ 3070.505139][T29026] ? lock_downgrade+0x690/0x690 [ 3070.509989][T29026] ? rcu_read_unlock+0x9/0x60 [ 3070.514679][T29026] obj_cgroup_charge+0x2af/0x5e0 [ 3070.519624][T29026] ? copy_process+0x3c0/0x75c0 [ 3070.524476][T29026] kmem_cache_alloc_node+0xa8/0x3e0 [ 3070.529685][T29026] copy_process+0x3c0/0x75c0 [ 3070.534290][T29026] ? pidfd_prepare+0x80/0x80 [ 3070.538899][T29026] ? lock_downgrade+0x690/0x690 [ 3070.543758][T29026] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3070.549751][T29026] ? folio_add_lru+0x47f/0x7c0 [ 3070.554517][T29026] kernel_clone+0xeb/0x890 [ 3070.558931][T29026] ? create_io_thread+0xe0/0xe0 [ 3070.563785][T29026] ? find_held_lock+0x2d/0x110 [ 3070.568550][T29026] ? find_held_lock+0x2d/0x110 [ 3070.573317][T29026] __do_sys_clone+0xba/0x100 [ 3070.577910][T29026] ? kernel_clone+0x890/0x890 [ 3070.582599][T29026] ? syscall_enter_from_user_mode+0x26/0x80 [ 3070.588499][T29026] do_syscall_64+0x39/0xb0 [ 3070.592926][T29026] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3070.598825][T29026] RIP: 0033:0x7fcdfee8d591 [ 3070.603328][T29026] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3070.622935][T29026] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3070.631343][T29026] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3070.639313][T29026] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3070.647287][T29026] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3070.655257][T29026] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3070.663222][T29026] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3070.671201][T29026] [ 3070.793063][T29026] memory: usage 307196kB, limit 307200kB, failcnt 37450 [ 3070.822598][T29026] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:36:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x98940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3070.854088][T29026] Memory cgroup stats for /syz4: [ 3070.854437][T29026] anon 2142208 [ 3070.854437][T29026] file 7716864 [ 3070.854437][T29026] kernel 304709632 [ 3070.854437][T29026] kernel_stack 688128 [ 3070.854437][T29026] pagetables 1171456 [ 3070.854437][T29026] sec_pagetables 0 [ 3070.854437][T29026] percpu 5219232 [ 3070.854437][T29026] sock 0 [ 3070.854437][T29026] vmalloc 8192 [ 3070.854437][T29026] shmem 7716864 [ 3070.854437][T29026] zswap 0 [ 3070.854437][T29026] zswapped 0 [ 3070.854437][T29026] file_mapped 196608 [ 3070.854437][T29026] file_dirty 0 [ 3070.854437][T29026] file_writeback 0 [ 3070.854437][T29026] swapcached 0 [ 3070.854437][T29026] anon_thp 0 [ 3070.854437][T29026] file_thp 0 [ 3070.854437][T29026] shmem_thp 0 [ 3070.854437][T29026] inactive_anon 9596928 [ 3070.854437][T29026] active_anon 262144 [ 3070.854437][T29026] inactive_file 0 [ 3070.854437][T29026] active_file 0 [ 3070.854437][T29026] unevictable 0 [ 3070.854437][T29026] slab_reclaimable 172672 [ 3070.854437][T29026] slab_unreclaimable 297109424 [ 3070.854437][T29026] slab 297282096 [ 3070.854437][T29026] workingset_refault_anon 0 [ 3070.854437][T29026] workingset_refault_file 0 [ 3070.854437][T29026] workingset_activate_anon 0 [ 3070.854437][T29026] workingset_activate_file 0 [ 3070.854437][T29026] workingset_restore_anon 0 [ 3070.854437][T29026] workingset_restore_file 0 [ 3070.854437][T29026] workingset_nodereclaim 0 [ 3070.854437][T29026] pgscan 116 [ 3070.854437][T29026] pgsteal 111 [ 3070.854437][T29026] pgscan_kswapd 99 [ 3070.854437][T29026] pgscan_direct 17 [ 3070.854437][T29026] pgscan_khugepaged 0 [ 3070.854437][T29026] pgsteal_kswapd 97 [ 3070.854437][T29026] pgsteal_direct 14 [ 3070.854437][T29026] pgsteal_khugepaged 0 [ 3070.854437][T29026] pgfault 695941 [ 3070.854437][T29026] pgmajfault 6 [ 3070.854437][T29026] pgrefill 593 [ 3070.854437][T29026] pgactivate 5 [ 3070.854437][T29026] pgdeactivate 0 [ 3070.854437][T29026] pglazyfree 0 [ 3070.854437][T29026] pglazyfreed 0 [ 3070.854437][T29026] zswpin 0 [ 3070.854437][T29026] zswpout 0 [ 3070.923889][T29139] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 15:36:42 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:43 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8b9e0400}, 0x0) 15:36:43 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3071.163360][T29026] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29026,uid=0 [ 3071.203269][T29026] Memory cgroup out of memory: Killed process 29026 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3071.234927][T29143] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3071.303755][T29033] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3071.329761][T29033] CPU: 1 PID: 29033 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3071.340192][T29033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3071.350240][T29033] Call Trace: [ 3071.353525][T29033] [ 3071.356459][T29033] dump_stack_lvl+0x136/0x150 [ 3071.361190][T29033] dump_header+0x10a/0xd70 [ 3071.365625][T29033] oom_kill_process+0x25d/0x600 [ 3071.370578][T29033] out_of_memory+0x35c/0x1660 [ 3071.375260][T29033] ? find_held_lock+0x2d/0x110 [ 3071.380030][T29033] ? oom_killer_disable+0x2b0/0x2b0 [ 3071.385235][T29033] ? rcu_read_unlock+0x9/0x60 [ 3071.389915][T29033] ? find_held_lock+0x2d/0x110 [ 3071.394680][T29033] mem_cgroup_out_of_memory+0x206/0x270 [ 3071.400231][T29033] ? mem_cgroup_margin+0x130/0x130 [ 3071.405345][T29033] ? lock_downgrade+0x690/0x690 [ 3071.410213][T29033] try_charge_memcg+0xf99/0x13a0 [ 3071.415167][T29033] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3071.421164][T29033] ? rcu_read_unlock+0x9/0x60 [ 3071.425847][T29033] ? lock_downgrade+0x690/0x690 [ 3071.430712][T29033] charge_memcg+0x90/0x3b0 [ 3071.435137][T29033] __mem_cgroup_charge+0x2b/0x90 [ 3071.440076][T29033] __handle_mm_fault+0x2296/0x41c0 [ 3071.445278][T29033] ? vm_iomap_memory+0x190/0x190 [ 3071.450213][T29033] ? mas_walk+0x58f/0x730 [ 3071.454554][T29033] ? numa_migrate_prep+0x3a0/0x3a0 [ 3071.459676][T29033] handle_mm_fault+0x2af/0x9f0 [ 3071.464451][T29033] do_user_addr_fault+0x2ca/0x1210 [ 3071.469575][T29033] ? rcu_is_watching+0x12/0xb0 [ 3071.474354][T29033] exc_page_fault+0x98/0x170 [ 3071.478954][T29033] asm_exc_page_fault+0x26/0x30 [ 3071.483814][T29033] RIP: 0033:0x7f5d2ac3e171 [ 3071.488226][T29033] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3071.507836][T29033] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3071.513901][T29033] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3071.521930][T29033] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 [ 3071.529905][T29033] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3071.537877][T29033] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3071.546016][T29033] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3071.554001][T29033] [ 3071.559863][T29033] memory: usage 307200kB, limit 307200kB, failcnt 25983 [ 3071.613158][T29033] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3071.633421][T29033] Memory cgroup stats for /syz1: [ 3071.633592][T29033] anon 434176 [ 3071.633592][T29033] file 262144 [ 3071.633592][T29033] kernel 313876480 [ 3071.633592][T29033] kernel_stack 163840 [ 3071.633592][T29033] pagetables 258048 [ 3071.633592][T29033] sec_pagetables 0 [ 3071.633592][T29033] percpu 5421856 [ 3071.633592][T29033] sock 0 [ 3071.633592][T29033] vmalloc 0 [ 3071.633592][T29033] shmem 258048 [ 3071.633592][T29033] zswap 0 [ 3071.633592][T29033] zswapped 0 [ 3071.633592][T29033] file_mapped 241664 [ 3071.633592][T29033] file_dirty 0 [ 3071.633592][T29033] file_writeback 0 [ 3071.633592][T29033] swapcached 0 [ 3071.633592][T29033] anon_thp 0 [ 3071.633592][T29033] file_thp 0 [ 3071.633592][T29033] shmem_thp 0 [ 3071.633592][T29033] inactive_anon 0 [ 3071.633592][T29033] active_anon 692224 [ 3071.633592][T29033] inactive_file 0 [ 3071.633592][T29033] active_file 4096 [ 3071.633592][T29033] unevictable 0 [ 3071.633592][T29033] slab_reclaimable 34328 [ 3071.633592][T29033] slab_unreclaimable 307912352 [ 3071.633592][T29033] slab 307946680 [ 3071.633592][T29033] workingset_refault_anon 0 [ 3071.633592][T29033] workingset_refault_file 2 [ 3071.633592][T29033] workingset_activate_anon 0 [ 3071.633592][T29033] workingset_activate_file 0 [ 3071.633592][T29033] workingset_restore_anon 0 [ 3071.633592][T29033] workingset_restore_file 2 [ 3071.633592][T29033] workingset_nodereclaim 0 [ 3071.633592][T29033] pgscan 4197 [ 3071.633592][T29033] pgsteal 107 [ 3071.633592][T29033] pgscan_kswapd 92 [ 3071.633592][T29033] pgscan_direct 4105 [ 3071.633592][T29033] pgscan_khugepaged 0 [ 3071.633592][T29033] pgsteal_kswapd 88 [ 3071.633592][T29033] pgsteal_direct 19 [ 3071.633592][T29033] pgsteal_khugepaged 0 [ 3071.633592][T29033] pgfault 567494 [ 3071.633592][T29033] pgmajfault 2 [ 3071.633592][T29033] pgrefill 16419 [ 3071.633592][T29033] pgactivate 4090 [ 3071.633592][T29033] pgdeactivate 0 [ 3071.633592][T29033] pglazyfree 0 [ 3071.633592][T29033] pglazyfreed 0 [ 3071.633592][T29033] zswpin 0 [ 3071.633592][T29033] zswpout 0 [ 3071.939103][T29033] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=29032,uid=0 [ 3071.962334][T29033] Memory cgroup out of memory: Killed process 29032 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3071.994516][T29025] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3072.050865][T29025] CPU: 1 PID: 29025 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3072.061330][T29025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3072.071378][T29025] Call Trace: [ 3072.074646][T29025] [ 3072.077564][T29025] dump_stack_lvl+0x136/0x150 [ 3072.082245][T29025] dump_header+0x10a/0xd70 [ 3072.086653][T29025] oom_kill_process+0x25d/0x600 [ 3072.091493][T29025] out_of_memory+0x35c/0x1660 [ 3072.096159][T29025] ? oom_killer_disable+0x2b0/0x2b0 [ 3072.101342][T29025] ? rcu_read_unlock+0x9/0x60 [ 3072.106009][T29025] ? find_held_lock+0x2d/0x110 [ 3072.110763][T29025] mem_cgroup_out_of_memory+0x206/0x270 [ 3072.116301][T29025] ? mem_cgroup_margin+0x130/0x130 [ 3072.121401][T29025] ? lock_downgrade+0x690/0x690 [ 3072.126262][T29025] try_charge_memcg+0xf99/0x13a0 [ 3072.131211][T29025] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3072.137192][T29025] ? rcu_read_unlock+0x9/0x60 [ 3072.141856][T29025] ? lock_downgrade+0x690/0x690 [ 3072.146705][T29025] charge_memcg+0x90/0x3b0 [ 3072.151116][T29025] __mem_cgroup_charge+0x2b/0x90 [ 3072.156042][T29025] do_wp_page+0x8ea/0x33c0 [ 3072.160458][T29025] ? lock_sync+0x190/0x190 [ 3072.164871][T29025] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3072.170234][T29025] ? do_raw_spin_lock+0x124/0x2b0 [ 3072.175253][T29025] ? spin_bug+0x1c0/0x1c0 [ 3072.179578][T29025] __handle_mm_fault+0x1635/0x41c0 [ 3072.184683][T29025] ? vm_iomap_memory+0x190/0x190 [ 3072.189609][T29025] ? mas_walk+0x58f/0x730 [ 3072.193938][T29025] ? numa_migrate_prep+0x3a0/0x3a0 [ 3072.199032][T29025] ? do_user_addr_fault+0x367/0x1210 [ 3072.204317][T29025] handle_mm_fault+0x2af/0x9f0 [ 3072.209085][T29025] do_user_addr_fault+0x2ca/0x1210 [ 3072.214188][T29025] ? rcu_is_watching+0x12/0xb0 [ 3072.218948][T29025] exc_page_fault+0x98/0x170 [ 3072.223531][T29025] asm_exc_page_fault+0x26/0x30 [ 3072.228375][T29025] RIP: 0033:0x7f5bd0639610 [ 3072.232776][T29025] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3072.252368][T29025] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3072.258422][T29025] RAX: 0000000004219014 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3072.266379][T29025] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a28a722 [ 3072.274336][T29025] RBP: 0000000004219014 R08: 0000000000001014 R09: 0000000004219018 [ 3072.282291][T29025] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3072.290248][T29025] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83d6fdb1 [ 3072.298204][T29025] ? apparmor_socket_create+0x151/0x670 [ 3072.303751][T29025] 15:36:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2a00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:44 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:44 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa2030000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8c9e0400}, 0x0) [ 3072.412043][T29025] memory: usage 307200kB, limit 307200kB, failcnt 25777 [ 3072.421085][T29025] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3072.456390][T29151] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3072.468563][T29025] Memory cgroup stats for /syz2: [ 3072.468716][T29025] anon 139264 [ 3072.468716][T29025] file 8388608 [ 3072.468716][T29025] kernel 306044928 [ 3072.468716][T29025] kernel_stack 65536 [ 3072.468716][T29025] pagetables 69632 [ 3072.468716][T29025] sec_pagetables 0 [ 3072.468716][T29025] percpu 5294912 [ 3072.468716][T29025] sock 0 [ 3072.468716][T29025] vmalloc 16384 [ 3072.468716][T29025] shmem 8380416 [ 3072.468716][T29025] zswap 0 [ 3072.468716][T29025] zswapped 0 [ 3072.468716][T29025] file_mapped 286720 [ 3072.468716][T29025] file_dirty 8192 [ 3072.468716][T29025] file_writeback 0 [ 3072.468716][T29025] swapcached 0 [ 3072.468716][T29025] anon_thp 0 [ 3072.468716][T29025] file_thp 0 [ 3072.468716][T29025] shmem_thp 0 [ 3072.468716][T29025] inactive_anon 0 [ 3072.468716][T29025] active_anon 8519680 [ 3072.468716][T29025] inactive_file 8192 [ 3072.468716][T29025] active_file 0 [ 3072.468716][T29025] unevictable 0 [ 3072.468716][T29025] slab_reclaimable 39288 [ 3072.468716][T29025] slab_unreclaimable 300523984 [ 3072.468716][T29025] slab 300563272 [ 3072.468716][T29025] workingset_refault_anon 0 [ 3072.468716][T29025] workingset_refault_file 2 [ 3072.468716][T29025] workingset_activate_anon 0 [ 3072.468716][T29025] workingset_activate_file 0 [ 3072.468716][T29025] workingset_restore_anon 0 [ 3072.468716][T29025] workingset_restore_file 2 [ 3072.468716][T29025] workingset_nodereclaim 0 [ 3072.468716][T29025] pgscan 7854 [ 3072.468716][T29025] pgsteal 122 [ 3072.468716][T29025] pgscan_kswapd 106 [ 3072.468716][T29025] pgscan_direct 7748 [ 3072.468716][T29025] pgscan_khugepaged 0 [ 3072.468716][T29025] pgsteal_kswapd 97 [ 3072.468716][T29025] pgsteal_direct 25 [ 3072.468716][T29025] pgsteal_khugepaged 0 [ 3072.468716][T29025] pgfault 695290 [ 3072.468716][T29025] pgmajfault 0 [ 3072.468716][T29025] pgrefill 31696 [ 3072.468716][T29025] pgactivate 7732 [ 3072.468716][T29025] pgdeactivate 0 [ 3072.468716][T29025] pglazyfree 0 [ 3072.468716][T29025] pglazyfreed 0 [ 3072.468716][T29025] zswpin 0 [ 3072.468716][T29025] zswpout 0 [ 3072.812934][T29025] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29025,uid=0 [ 3072.860796][T29025] Memory cgroup out of memory: Killed process 29025 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:36:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x30a}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x96940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:44 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8d9e0400}, 0x0) [ 3072.961119][T29257] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3072.980273][T29152] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3073.028551][T29154] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3073.056227][T29152] CPU: 0 PID: 29152 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3073.066657][T29152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3073.076713][T29152] Call Trace: [ 3073.079990][T29152] [ 3073.082921][T29152] dump_stack_lvl+0x136/0x150 [ 3073.087613][T29152] dump_header+0x10a/0xd70 [ 3073.092033][T29152] oom_kill_process+0x25d/0x600 [ 3073.096892][T29152] out_of_memory+0x35c/0x1660 [ 3073.101605][T29152] ? find_held_lock+0x2d/0x110 [ 3073.106379][T29152] ? oom_killer_disable+0x2b0/0x2b0 [ 3073.111576][T29152] ? rcu_read_unlock+0x9/0x60 [ 3073.116254][T29152] ? find_held_lock+0x2d/0x110 [ 3073.121023][T29152] mem_cgroup_out_of_memory+0x206/0x270 [ 3073.126581][T29152] ? mem_cgroup_margin+0x130/0x130 [ 3073.131693][T29152] ? lock_downgrade+0x690/0x690 [ 3073.136556][T29152] try_charge_memcg+0xf99/0x13a0 [ 3073.141506][T29152] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3073.147586][T29152] ? rcu_read_unlock+0x9/0x60 [ 3073.152281][T29152] ? lock_downgrade+0x690/0x690 [ 3073.157164][T29152] charge_memcg+0x90/0x3b0 [ 3073.161595][T29152] __mem_cgroup_charge+0x2b/0x90 [ 3073.166527][T29152] do_wp_page+0x8ea/0x33c0 [ 3073.170959][T29152] ? lock_sync+0x190/0x190 [ 3073.175384][T29152] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3073.180754][T29152] ? do_raw_spin_lock+0x124/0x2b0 [ 3073.185785][T29152] ? spin_bug+0x1c0/0x1c0 [ 3073.190131][T29152] __handle_mm_fault+0x1635/0x41c0 [ 3073.195247][T29152] ? vm_iomap_memory+0x190/0x190 [ 3073.200183][T29152] ? mas_walk+0x58f/0x730 [ 3073.204526][T29152] ? numa_migrate_prep+0x3a0/0x3a0 [ 3073.209635][T29152] ? do_user_addr_fault+0x367/0x1210 [ 3073.214928][T29152] handle_mm_fault+0x2af/0x9f0 [ 3073.219696][T29152] do_user_addr_fault+0x2ca/0x1210 [ 3073.224836][T29152] ? rcu_is_watching+0x12/0xb0 [ 3073.229606][T29152] exc_page_fault+0x98/0x170 [ 3073.234199][T29152] asm_exc_page_fault+0x26/0x30 [ 3073.239063][T29152] RIP: 0033:0x7f5d2ac39610 [ 3073.243474][T29152] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3073.263090][T29152] RSP: 002b:00007ffc24e00390 EFLAGS: 00010246 [ 3073.269156][T29152] RAX: 0000000048ac4d0b RBX: 00007f5d2adac0e8 RCX: 0000001b2dc20000 [ 3073.277126][T29152] RDX: 0000000000000000 RSI: 0000001b2dc20018 RDI: 0000000000000022 [ 3073.285142][T29152] RBP: 0000000048ac4d0b R08: 0000000000000d0b R09: 0000000048ac4d0f [ 3073.293111][T29152] R10: 00007ffc24e00550 R11: 0000000000000246 R12: 00007f5d2ada0000 [ 3073.301080][T29152] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff88050461 [ 3073.309129][T29152] ? __x64_sys_socket+0x11/0xb0 [ 3073.313990][T29152] 15:36:44 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:45 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:45 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:45 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3073.453177][T29262] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3073.481315][T29152] memory: usage 307200kB, limit 307200kB, failcnt 26147 [ 3073.523862][T29152] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3073.550644][T29152] Memory cgroup stats for /syz1: [ 3073.550852][T29152] anon 397312 [ 3073.550852][T29152] file 262144 [ 3073.550852][T29152] kernel 313913344 [ 3073.550852][T29152] kernel_stack 196608 [ 3073.550852][T29152] pagetables 249856 [ 3073.550852][T29152] sec_pagetables 0 [ 3073.550852][T29152] percpu 5421856 [ 3073.550852][T29152] sock 0 [ 3073.550852][T29152] vmalloc 0 [ 3073.550852][T29152] shmem 258048 [ 3073.550852][T29152] zswap 0 [ 3073.550852][T29152] zswapped 0 [ 3073.550852][T29152] file_mapped 241664 [ 3073.550852][T29152] file_dirty 0 [ 3073.550852][T29152] file_writeback 0 [ 3073.550852][T29152] swapcached 0 [ 3073.550852][T29152] anon_thp 0 [ 3073.550852][T29152] file_thp 0 [ 3073.550852][T29152] shmem_thp 0 [ 3073.550852][T29152] inactive_anon 0 [ 3073.550852][T29152] active_anon 655360 [ 3073.550852][T29152] inactive_file 0 [ 3073.550852][T29152] active_file 4096 [ 3073.550852][T29152] unevictable 0 [ 3073.550852][T29152] slab_reclaimable 34328 [ 3073.550852][T29152] slab_unreclaimable 307921280 [ 3073.550852][T29152] slab 307955608 [ 3073.550852][T29152] workingset_refault_anon 0 [ 3073.550852][T29152] workingset_refault_file 2 [ 3073.550852][T29152] workingset_activate_anon 0 [ 3073.550852][T29152] workingset_activate_file 0 [ 3073.550852][T29152] workingset_restore_anon 0 [ 3073.550852][T29152] workingset_restore_file 2 [ 3073.550852][T29152] workingset_nodereclaim 0 [ 3073.550852][T29152] pgscan 4265 [ 3073.550852][T29152] pgsteal 107 [ 3073.550852][T29152] pgscan_kswapd 92 [ 3073.550852][T29152] pgscan_direct 4173 [ 3073.550852][T29152] pgscan_khugepaged 0 [ 3073.550852][T29152] pgsteal_kswapd 88 [ 3073.550852][T29152] pgsteal_direct 19 [ 3073.550852][T29152] pgsteal_khugepaged 0 [ 3073.550852][T29152] pgfault 567540 [ 3073.550852][T29152] pgmajfault 2 [ 3073.550852][T29152] pgrefill 16419 [ 3073.550852][T29152] pgactivate 4158 [ 3073.550852][T29152] pgdeactivate 0 [ 3073.550852][T29152] pglazyfree 0 [ 3073.550852][T29152] pglazyfreed 0 [ 3073.550852][T29152] zswpin 0 [ 3073.550852][T29152] zswpout 0 [ 3073.864554][T29152] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=29152,uid=0 [ 3073.911360][T29152] Memory cgroup out of memory: Killed process 29152 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3073.973620][T29263] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3074.012886][T29263] CPU: 0 PID: 29263 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3074.023311][T29263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3074.033359][T29263] Call Trace: [ 3074.036629][T29263] [ 3074.039561][T29263] dump_stack_lvl+0x136/0x150 [ 3074.044252][T29263] dump_header+0x10a/0xd70 [ 3074.048670][T29263] oom_kill_process+0x25d/0x600 [ 3074.053521][T29263] out_of_memory+0x35c/0x1660 [ 3074.058198][T29263] ? find_held_lock+0x2d/0x110 [ 3074.062969][T29263] ? oom_killer_disable+0x2b0/0x2b0 [ 3074.068170][T29263] ? rcu_read_unlock+0x9/0x60 15:36:45 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2b00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:45 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa2940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2900}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:45 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3074.072855][T29263] ? find_held_lock+0x2d/0x110 [ 3074.077629][T29263] mem_cgroup_out_of_memory+0x206/0x270 [ 3074.083174][T29263] ? mem_cgroup_margin+0x130/0x130 [ 3074.088283][T29263] ? lock_downgrade+0x690/0x690 [ 3074.093145][T29263] try_charge_memcg+0xf99/0x13a0 [ 3074.098094][T29263] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3074.104088][T29263] ? rcu_read_unlock+0x9/0x60 [ 3074.108767][T29263] ? lock_downgrade+0x690/0x690 [ 3074.113634][T29263] charge_memcg+0x90/0x3b0 [ 3074.118067][T29263] __mem_cgroup_charge+0x2b/0x90 [ 3074.123004][T29263] do_wp_page+0x8ea/0x33c0 [ 3074.127424][T29263] ? lock_sync+0x190/0x190 [ 3074.131845][T29263] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3074.137219][T29263] ? do_raw_spin_lock+0x124/0x2b0 [ 3074.142251][T29263] ? spin_bug+0x1c0/0x1c0 [ 3074.146595][T29263] __handle_mm_fault+0x1635/0x41c0 [ 3074.151710][T29263] ? vm_iomap_memory+0x190/0x190 [ 3074.156649][T29263] ? mas_walk+0x58f/0x730 [ 3074.160994][T29263] ? numa_migrate_prep+0x3a0/0x3a0 [ 3074.166102][T29263] ? do_user_addr_fault+0x367/0x1210 [ 3074.171398][T29263] handle_mm_fault+0x2af/0x9f0 [ 3074.176169][T29263] do_user_addr_fault+0x2ca/0x1210 [ 3074.181286][T29263] ? rcu_is_watching+0x12/0xb0 [ 3074.186068][T29263] exc_page_fault+0x98/0x170 [ 3074.190660][T29263] asm_exc_page_fault+0x26/0x30 [ 3074.195519][T29263] RIP: 0033:0x7f5bd0639610 [ 3074.199932][T29263] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3074.219536][T29263] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3074.225602][T29263] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3074.233569][T29263] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3074.241622][T29263] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3074.249591][T29263] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3074.254491][T29376] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3074.257543][T29263] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3074.257556][T29263] ? __sock_create+0x46/0x850 [ 3074.257588][T29263] [ 3074.380866][T29263] memory: usage 307200kB, limit 307200kB, failcnt 25882 [ 3074.393653][T29263] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3074.443291][T29263] Memory cgroup stats for /syz2: [ 3074.443462][T29263] anon 122880 [ 3074.443462][T29263] file 8388608 [ 3074.443462][T29263] kernel 306061312 [ 3074.443462][T29263] kernel_stack 65536 [ 3074.443462][T29263] pagetables 69632 [ 3074.443462][T29263] sec_pagetables 0 [ 3074.443462][T29263] percpu 5294976 [ 3074.443462][T29263] sock 0 [ 3074.443462][T29263] vmalloc 16384 [ 3074.443462][T29263] shmem 8380416 [ 3074.443462][T29263] zswap 0 [ 3074.443462][T29263] zswapped 0 [ 3074.443462][T29263] file_mapped 286720 [ 3074.443462][T29263] file_dirty 8192 [ 3074.443462][T29263] file_writeback 0 [ 3074.443462][T29263] swapcached 0 [ 3074.443462][T29263] anon_thp 0 [ 3074.443462][T29263] file_thp 0 [ 3074.443462][T29263] shmem_thp 0 [ 3074.443462][T29263] inactive_anon 0 [ 3074.443462][T29263] active_anon 8503296 [ 3074.443462][T29263] inactive_file 8192 [ 3074.443462][T29263] active_file 0 [ 3074.443462][T29263] unevictable 0 [ 3074.443462][T29263] slab_reclaimable 39288 [ 3074.443462][T29263] slab_unreclaimable 300535960 [ 3074.443462][T29263] slab 300575248 [ 3074.443462][T29263] workingset_refault_anon 0 [ 3074.443462][T29263] workingset_refault_file 2 [ 3074.443462][T29263] workingset_activate_anon 0 [ 3074.443462][T29263] workingset_activate_file 0 [ 3074.443462][T29263] workingset_restore_anon 0 [ 3074.443462][T29263] workingset_restore_file 2 [ 3074.443462][T29263] workingset_nodereclaim 0 [ 3074.443462][T29263] pgscan 7854 [ 3074.443462][T29263] pgsteal 122 [ 3074.443462][T29263] pgscan_kswapd 106 [ 3074.443462][T29263] pgscan_direct 7748 [ 3074.443462][T29263] pgscan_khugepaged 0 [ 3074.443462][T29263] pgsteal_kswapd 97 [ 3074.443462][T29263] pgsteal_direct 25 [ 3074.443462][T29263] pgsteal_khugepaged 0 [ 3074.443462][T29263] pgfault 695338 [ 3074.443462][T29263] pgmajfault 0 [ 3074.443462][T29263] pgrefill 31834 [ 3074.443462][T29263] pgactivate 7732 [ 3074.443462][T29263] pgdeactivate 0 [ 3074.443462][T29263] pglazyfree 0 [ 3074.443462][T29263] pglazyfreed 0 [ 3074.443462][T29263] zswpin 0 [ 3074.443462][T29263] zswpout 0 [ 3074.476209][T29376] warn_alloc: 1 callbacks suppressed [ 3074.476222][T29376] syz-executor.4: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0x404dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null) [ 3074.731142][T29263] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29263,uid=0 [ 3074.768277][T29263] Memory cgroup out of memory: Killed process 29263 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3074.785659][T29376] ,cpuset=syz4,mems_allowed=0-1 [ 3074.791738][T29374] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3074.802167][T29376] CPU: 0 PID: 29376 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3074.812596][T29376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3074.822657][T29376] Call Trace: [ 3074.825935][T29376] [ 3074.828864][T29376] dump_stack_lvl+0x136/0x150 [ 3074.833556][T29376] warn_alloc+0x213/0x360 [ 3074.837899][T29376] ? zone_watermark_ok_safe+0x2e0/0x2e0 [ 3074.843456][T29376] ? find_held_lock+0x2d/0x110 [ 3074.848233][T29376] ? lock_downgrade+0x690/0x690 [ 3074.853094][T29376] ? mark_held_locks+0x9f/0xe0 [ 3074.857873][T29376] __vmalloc_node_range+0x1021/0x14a0 [ 3074.863264][T29376] ? alloc_netdev_mqs+0x9c/0x1250 [ 3074.868317][T29376] ? delayed_vfree_work+0x70/0x70 [ 3074.873350][T29376] ? __kmem_cache_alloc_node+0xb4/0x320 [ 3074.878911][T29376] ? kvmalloc_node+0x76/0x1a0 [ 3074.883596][T29376] ? rcu_is_watching+0x12/0xb0 [ 3074.888373][T29376] ? alloc_netdev_mqs+0x9c/0x1250 [ 3074.893407][T29376] kvmalloc_node+0x156/0x1a0 [ 3074.898012][T29376] ? alloc_netdev_mqs+0x9c/0x1250 [ 3074.903051][T29376] alloc_netdev_mqs+0x9c/0x1250 [ 3074.907912][T29376] ? security_capable+0x93/0xc0 [ 3074.912763][T29376] ? br_netpoll_disable+0x60/0x60 [ 3074.917797][T29376] rtnl_create_link+0xc17/0xf20 [ 3074.922654][T29376] __rtnl_newlink+0xfd4/0x1840 15:36:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x324}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8e9e0400}, 0x0) 15:36:46 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3074.927435][T29376] ? rtnl_link_unregister+0x250/0x250 [ 3074.932816][T29376] ? __kmem_cache_alloc_node+0x48/0x320 [ 3074.938380][T29376] ? rtnl_newlink+0x4a/0xa0 [ 3074.942899][T29376] rtnl_newlink+0x68/0xa0 [ 3074.947238][T29376] ? __rtnl_newlink+0x1840/0x1840 [ 3074.952272][T29376] rtnetlink_rcv_msg+0x43d/0xd50 [ 3074.957227][T29376] ? rtnl_stats_set+0x4d0/0x4d0 [ 3074.962090][T29376] ? __dev_queue_xmit+0xa2a/0x3b10 [ 3074.967215][T29376] netlink_rcv_skb+0x165/0x440 [ 3074.971986][T29376] ? rtnl_stats_set+0x4d0/0x4d0 [ 3074.976849][T29376] ? netlink_ack+0x1360/0x1360 [ 3074.981636][T29376] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3074.986931][T29376] netlink_unicast+0x547/0x7f0 [ 3074.991707][T29376] ? netlink_attachskb+0x890/0x890 [ 3074.996830][T29376] ? __virt_addr_valid+0x61/0x2e0 [ 3075.001867][T29376] ? __phys_addr_symbol+0x30/0x70 [ 3075.006933][T29376] ? __check_object_size+0x323/0x730 [ 3075.012250][T29376] netlink_sendmsg+0x925/0xe30 [ 3075.017037][T29376] ? netlink_unicast+0x7f0/0x7f0 [ 3075.021998][T29376] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3075.027302][T29376] ? netlink_unicast+0x7f0/0x7f0 [ 3075.032254][T29376] sock_sendmsg+0xde/0x190 [ 3075.036683][T29376] ____sys_sendmsg+0x71c/0x900 [ 3075.041458][T29376] ? copy_msghdr_from_user+0xfc/0x150 [ 3075.046839][T29376] ? kernel_sendmsg+0x50/0x50 [ 3075.051525][T29376] ? futex_unqueue+0xb7/0x120 [ 3075.056300][T29376] ? futex_wait+0x503/0x680 [ 3075.060813][T29376] ___sys_sendmsg+0x110/0x1b0 [ 3075.065505][T29376] ? do_recvmmsg+0x6f0/0x6f0 [ 3075.070119][T29376] ? __fget_files+0x248/0x480 [ 3075.074820][T29376] ? lock_downgrade+0x690/0x690 [ 3075.079772][T29376] ? __fget_files+0x26a/0x480 [ 3075.084468][T29376] ? __fget_light+0xe5/0x270 [ 3075.089084][T29376] __sys_sendmsg+0xf7/0x1c0 [ 3075.093593][T29376] ? __sys_sendmsg_sock+0x40/0x40 [ 3075.098619][T29376] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3075.104626][T29376] ? syscall_enter_from_user_mode+0x26/0x80 [ 3075.110530][T29376] ? lockdep_hardirqs_on+0x7d/0x100 [ 3075.115737][T29376] do_syscall_64+0x39/0xb0 [ 3075.120162][T29376] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3075.126066][T29376] RIP: 0033:0x7fcdfee8c169 [ 3075.130482][T29376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3075.150092][T29376] RSP: 002b:00007fcdffb69168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3075.158510][T29376] RAX: ffffffffffffffda RBX: 00007fcdfefabf80 RCX: 00007fcdfee8c169 [ 3075.166481][T29376] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3075.174447][T29376] RBP: 00007fcdfeee7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3075.182416][T29376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3075.190392][T29376] R13: 00007ffda41c1e2f R14: 00007fcdffb69300 R15: 0000000000022000 [ 3075.198372][T29376] [ 3075.201400][T29374] CPU: 1 PID: 29374 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3075.211824][T29374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3075.221880][T29374] Call Trace: [ 3075.225164][T29374] [ 3075.228089][T29374] dump_stack_lvl+0x136/0x150 [ 3075.232777][T29374] dump_header+0x10a/0xd70 [ 3075.237193][T29374] oom_kill_process+0x25d/0x600 [ 3075.242129][T29374] out_of_memory+0x35c/0x1660 [ 3075.246808][T29374] ? oom_killer_disable+0x2b0/0x2b0 [ 3075.252088][T29374] ? rcu_read_unlock+0x9/0x60 [ 3075.256762][T29374] ? find_held_lock+0x2d/0x110 [ 3075.261529][T29374] mem_cgroup_out_of_memory+0x206/0x270 [ 3075.267169][T29374] ? mem_cgroup_margin+0x130/0x130 [ 3075.272278][T29374] ? lock_downgrade+0x690/0x690 [ 3075.277139][T29374] try_charge_memcg+0xf99/0x13a0 [ 3075.282084][T29374] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3075.288067][T29374] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3075.293788][T29374] ? lock_downgrade+0x690/0x690 [ 3075.298643][T29374] ? lock_downgrade+0x690/0x690 [ 3075.303580][T29374] ? rcu_read_unlock+0x9/0x60 [ 3075.308261][T29374] obj_cgroup_charge+0x2af/0x5e0 [ 3075.313204][T29374] ? copy_process+0x3c0/0x75c0 [ 3075.317971][T29374] kmem_cache_alloc_node+0xa8/0x3e0 [ 3075.323179][T29374] copy_process+0x3c0/0x75c0 [ 3075.327775][T29374] ? __lock_acquire+0xc17/0x5f30 [ 3075.332710][T29374] ? pidfd_prepare+0x80/0x80 [ 3075.337296][T29374] ? psi_memstall_leave+0x174/0x250 [ 3075.342482][T29374] ? lock_downgrade+0x690/0x690 [ 3075.347332][T29374] kernel_clone+0xeb/0x890 [ 3075.351739][T29374] ? create_io_thread+0xe0/0xe0 [ 3075.356584][T29374] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3075.362817][T29374] ? lock_downgrade+0x690/0x690 [ 3075.367665][T29374] __do_sys_clone+0xba/0x100 [ 3075.372245][T29374] ? kernel_clone+0x890/0x890 [ 3075.376924][T29374] ? syscall_enter_from_user_mode+0x26/0x80 [ 3075.382813][T29374] do_syscall_64+0x39/0xb0 [ 3075.387228][T29374] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3075.393111][T29374] RIP: 0033:0x7fcdfee8d591 [ 3075.397512][T29374] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3075.417124][T29374] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3075.425522][T29374] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3075.433482][T29374] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3075.441437][T29374] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3075.449396][T29374] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3075.457526][T29374] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3075.465502][T29374] 15:36:47 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3075.553436][T29374] memory: usage 307184kB, limit 307200kB, failcnt 37720 [ 3075.564046][T29374] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3075.592790][T29376] Mem-Info: [ 3075.601289][T29376] active_anon:191968 inactive_anon:29518 isolated_anon:0 [ 3075.601289][T29376] active_file:7513 inactive_file:1396 isolated_file:0 [ 3075.601289][T29376] unevictable:768 dirty:35 writeback:0 [ 3075.601289][T29376] slab_reclaimable:23893 slab_unreclaimable:610467 [ 3075.601289][T29376] mapped:20167 shmem:27272 pagetables:2195 [ 3075.601289][T29376] sec_pagetables:0 bounce:0 [ 3075.601289][T29376] kernel_misc_reclaimable:0 [ 3075.601289][T29376] free:666557 free_pcp:9513 free_cma:0 [ 3075.613917][T29374] Memory cgroup stats for /syz4: [ 3075.694327][T29374] anon 2142208 [ 3075.694327][T29374] file 7716864 [ 3075.694327][T29374] kernel 304697344 [ 3075.694327][T29374] kernel_stack 688128 [ 3075.694327][T29374] pagetables 1171456 [ 3075.694327][T29374] sec_pagetables 0 [ 3075.694327][T29374] percpu 5219168 [ 3075.694327][T29374] sock 0 [ 3075.694327][T29374] vmalloc 12288 [ 3075.694327][T29374] shmem 7716864 [ 3075.694327][T29374] zswap 0 [ 3075.694327][T29374] zswapped 0 [ 3075.694327][T29374] file_mapped 196608 [ 3075.694327][T29374] file_dirty 0 [ 3075.694327][T29374] file_writeback 0 [ 3075.694327][T29374] swapcached 0 [ 3075.694327][T29374] anon_thp 0 [ 3075.694327][T29374] file_thp 0 [ 3075.694327][T29374] shmem_thp 0 [ 3075.694327][T29374] inactive_anon 9596928 [ 3075.694327][T29374] active_anon 262144 [ 3075.694327][T29374] inactive_file 0 [ 3075.694327][T29374] active_file 0 [ 3075.694327][T29374] unevictable 0 [ 3075.694327][T29374] slab_reclaimable 172672 [ 3075.694327][T29374] slab_unreclaimable 297097448 [ 3075.694327][T29374] slab 297270120 [ 3075.694327][T29374] workingset_refault_anon 0 [ 3075.694327][T29374] workingset_refault_file 0 [ 3075.694327][T29374] workingset_activate_anon 0 [ 3075.694327][T29374] workingset_activate_file 0 [ 3075.694327][T29374] workingset_restore_anon 0 [ 3075.694327][T29374] workingset_restore_file 0 [ 3075.694327][T29374] workingset_nodereclaim 0 [ 3075.694327][T29374] pgscan 116 [ 3075.694327][T29374] pgsteal 111 [ 3075.694327][T29374] pgscan_kswapd 99 [ 3075.694327][T29374] pgscan_direct 17 [ 3075.694327][T29374] pgscan_khugepaged 0 [ 3075.694327][T29374] pgsteal_kswapd 97 [ 3075.694327][T29374] pgsteal_direct 14 [ 3075.694327][T29374] pgsteal_khugepaged 0 [ 3075.694327][T29374] pgfault 696073 [ 3075.694327][T29374] pgmajfault 6 [ 3075.694327][T29374] pgrefill 593 [ 3075.694327][T29374] pgactivate 5 [ 3075.694327][T29374] pgdeactivate 0 [ 3075.694327][T29374] pglazyfree 0 [ 3075.694327][T29374] pglazyfreed 0 [ 3075.694327][T29374] zswpin 0 [ 3075.694327][T29374] zswpout 0 15:36:47 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:47 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3076.040612][T29374] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29374,uid=0 [ 3076.091973][T29376] Node 0 active_anon:761884kB inactive_anon:117884kB active_file:28796kB inactive_file:472kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:80668kB dirty:116kB writeback:0kB shmem:105316kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 49152kB writeback_tmp:0kB kernel_stack:11504kB pagetables:7540kB sec_pagetables:0kB all_unreclaimable? no 15:36:48 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3076.124052][T29374] Memory cgroup out of memory: Killed process 29374 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3076.222936][T29376] Node 1 active_anon:6172kB inactive_anon:188kB active_file:1256kB inactive_file:5112kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:24kB writeback:0kB shmem:3772kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:1268kB pagetables:1312kB sec_pagetables:0kB all_unreclaimable? no [ 3076.241080][T29384] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3076.314176][T29384] CPU: 1 PID: 29384 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3076.324620][T29384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3076.334665][T29384] Call Trace: [ 3076.337932][T29384] [ 3076.340856][T29384] dump_stack_lvl+0x136/0x150 [ 3076.345533][T29384] dump_header+0x10a/0xd70 [ 3076.349947][T29384] oom_kill_process+0x25d/0x600 [ 3076.354784][T29384] out_of_memory+0x35c/0x1660 [ 3076.359452][T29384] ? find_held_lock+0x2d/0x110 [ 3076.364204][T29384] ? oom_killer_disable+0x2b0/0x2b0 [ 3076.369391][T29384] ? rcu_read_unlock+0x9/0x60 [ 3076.374061][T29384] ? find_held_lock+0x2d/0x110 [ 3076.378816][T29384] mem_cgroup_out_of_memory+0x206/0x270 [ 3076.384355][T29384] ? mem_cgroup_margin+0x130/0x130 [ 3076.389453][T29384] ? lock_downgrade+0x690/0x690 [ 3076.394303][T29384] try_charge_memcg+0xf99/0x13a0 [ 3076.399242][T29384] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3076.405221][T29384] ? rcu_read_unlock+0x9/0x60 [ 3076.409890][T29384] ? lock_downgrade+0x690/0x690 [ 3076.414738][T29384] charge_memcg+0x90/0x3b0 [ 3076.419149][T29384] __mem_cgroup_charge+0x2b/0x90 [ 3076.424080][T29384] do_wp_page+0x8ea/0x33c0 [ 3076.428485][T29384] ? lock_sync+0x190/0x190 [ 3076.432895][T29384] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3076.438254][T29384] ? do_raw_spin_lock+0x124/0x2b0 [ 3076.443270][T29384] ? spin_bug+0x1c0/0x1c0 [ 3076.447601][T29384] __handle_mm_fault+0x1635/0x41c0 [ 3076.452704][T29384] ? vm_iomap_memory+0x190/0x190 [ 3076.457627][T29384] ? mas_walk+0x58f/0x730 [ 3076.461953][T29384] ? numa_migrate_prep+0x3a0/0x3a0 [ 3076.467050][T29384] ? do_user_addr_fault+0x367/0x1210 [ 3076.472338][T29384] handle_mm_fault+0x2af/0x9f0 [ 3076.477102][T29384] do_user_addr_fault+0x2ca/0x1210 [ 3076.482208][T29384] ? rcu_is_watching+0x12/0xb0 [ 3076.486968][T29384] exc_page_fault+0x98/0x170 [ 3076.491550][T29384] asm_exc_page_fault+0x26/0x30 [ 3076.496393][T29384] RIP: 0033:0x7f5bd0639610 [ 3076.500795][T29384] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3076.520391][T29384] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3076.526529][T29384] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3076.534483][T29384] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3076.542440][T29384] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3076.550396][T29384] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3076.558355][T29384] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3076.566311][T29384] ? __sock_create+0x46/0x850 [ 3076.570990][T29384] 15:36:48 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, 0x0, 0x0) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3076.693556][T29384] memory: usage 307200kB, limit 307200kB, failcnt 26009 [ 3076.709941][T29384] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3076.729131][T29384] Memory cgroup stats for /syz2: [ 3076.729285][T29384] anon 122880 [ 3076.729285][T29384] file 8388608 [ 3076.729285][T29384] kernel 306061312 [ 3076.729285][T29384] kernel_stack 65536 [ 3076.729285][T29384] pagetables 69632 [ 3076.729285][T29384] sec_pagetables 0 [ 3076.729285][T29384] percpu 5294976 [ 3076.729285][T29384] sock 0 [ 3076.729285][T29384] vmalloc 16384 [ 3076.729285][T29384] shmem 8380416 [ 3076.729285][T29384] zswap 0 [ 3076.729285][T29384] zswapped 0 [ 3076.729285][T29384] file_mapped 286720 [ 3076.729285][T29384] file_dirty 8192 [ 3076.729285][T29384] file_writeback 0 [ 3076.729285][T29384] swapcached 0 [ 3076.729285][T29384] anon_thp 0 [ 3076.729285][T29384] file_thp 0 [ 3076.729285][T29384] shmem_thp 0 [ 3076.729285][T29384] inactive_anon 8417280 [ 3076.729285][T29384] active_anon 86016 [ 3076.729285][T29384] inactive_file 8192 [ 3076.729285][T29384] active_file 0 [ 3076.729285][T29384] unevictable 0 [ 3076.729285][T29384] slab_reclaimable 39288 [ 3076.729285][T29384] slab_unreclaimable 300535960 [ 3076.729285][T29384] slab 300575248 [ 3076.729285][T29384] workingset_refault_anon 0 [ 3076.729285][T29384] workingset_refault_file 2 [ 3076.729285][T29384] workingset_activate_anon 0 [ 3076.729285][T29384] workingset_activate_file 0 [ 3076.729285][T29384] workingset_restore_anon 0 [ 3076.729285][T29384] workingset_restore_file 2 [ 3076.729285][T29384] workingset_nodereclaim 0 [ 3076.729285][T29384] pgscan 7854 [ 3076.729285][T29384] pgsteal 122 [ 3076.729285][T29384] pgscan_kswapd 106 [ 3076.729285][T29384] pgscan_direct 7748 [ 3076.729285][T29384] pgscan_khugepaged 0 [ 3076.729285][T29384] pgsteal_kswapd 97 [ 3076.729285][T29384] pgsteal_direct 25 [ 3076.729285][T29384] pgsteal_khugepaged 0 [ 3076.729285][T29384] pgfault 695386 [ 3076.729285][T29384] pgmajfault 0 [ 3076.729285][T29384] pgrefill 32012 [ 3076.729285][T29384] pgactivate 7732 [ 3076.729285][T29384] pgdeactivate 0 [ 3076.729285][T29384] pglazyfree 0 [ 3076.729285][T29384] pglazyfreed 0 [ 3076.729285][T29384] zswpin 0 [ 3076.729285][T29384] zswpout 0 [ 3076.926638][T29376] Node 0 DMA free:10708kB boost:0kB min:200kB low:248kB high:296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:64kB free_cma:0kB [ 3076.954184][T29384] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29384,uid=0 [ 3076.959690][T29376] lowmem_reserve[]: 0 2617 2619 2619 2619 [ 3077.094372][T29376] Node 0 DMA32 free:44292kB boost:0kB min:35440kB low:44300kB high:53160kB reserved_highatomic:0KB active_anon:753588kB inactive_anon:126100kB active_file:27568kB inactive_file:392kB unevictable:1536kB writepending:116kB present:3129332kB managed:2684936kB mlocked:0kB bounce:0kB free_pcp:23832kB local_pcp:13892kB free_cma:0kB [ 3077.095682][T29384] Memory cgroup out of memory: Killed process 29384 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3077.169710][T29376] lowmem_reserve[]: 0 0 1 1 1 [ 3077.174516][T29376] Node 0 Normal free:16kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:40kB inactive_anon:4kB active_file:1228kB inactive_file:76kB unevictable:0kB writepending:0kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 3077.243970][T29376] lowmem_reserve[]: 0 0 0 0 0 [ 3077.260165][T29376] Node 1 Normal free:2609392kB boost:0kB min:54444kB low:68052kB high:81660kB reserved_highatomic:0KB active_anon:4344kB inactive_anon:216kB active_file:1256kB inactive_file:5112kB unevictable:1536kB writepending:24kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:17332kB local_pcp:1692kB free_cma:0kB [ 3077.338717][T29376] lowmem_reserve[]: 0 0 0 0 0 [ 3077.345304][T29376] Node 0 DMA: 3*4kB (UE) 3*8kB (UME) 1*16kB (M) 1*32kB (E) 2*64kB (ME) 4*128kB (UME) 3*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10708kB [ 3077.361747][T29376] Node 0 DMA32: 499*4kB (ME) 427*8kB (ME) 172*16kB (UME) 155*32kB (ME) 47*64kB (UME) 20*128kB (UME) 10*256kB (ME) 9*512kB (UME) 6*1024kB (UM) 6*2048kB (M) 0*4096kB = 44292kB [ 3077.381191][T29376] Node 0 Normal: 4*4kB (UM) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 3077.411211][T29376] Node 1 Normal: 1446*4kB (UME) 1353*8kB (UME) 599*16kB (UME) 311*32kB (UME) 261*64kB (UME) 119*128kB (UME) 69*256kB (UME) 43*512kB (UM) 29*1024kB (UM) 11*2048kB (UM) 598*4096kB (UM) = 2609392kB [ 3077.460797][T29376] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3077.491019][T29376] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3077.513877][T29376] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3077.542328][T29376] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3077.551720][T29376] 36028 total pagecache pages [ 3077.572433][T29376] 0 pages in swap cache [ 3077.583324][T29376] Free swap = 0kB [ 3077.593404][T29376] Total swap = 0kB [ 3077.603456][T29376] 2097051 pages RAM [ 3077.613621][T29376] 0 pages HighMem/MovableOnly [ 3077.642752][T29376] 392162 pages reserved [ 3077.653610][T29376] 0 pages cma reserved [ 3077.670911][T29380] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 15:36:49 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa3940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:49 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, 0x0, 0x0) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:49 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x334}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2c00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x8f9e0400}, 0x0) 15:36:49 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1700}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:49 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, 0x0, 0x0) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:49 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3077.953959][T29507] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3077.964529][T29518] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3077.985377][T29507] CPU: 1 PID: 29507 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3077.995794][T29507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3078.005851][T29507] Call Trace: [ 3078.009128][T29507] [ 3078.012051][T29507] dump_stack_lvl+0x136/0x150 [ 3078.016735][T29507] dump_header+0x10a/0xd70 [ 3078.021157][T29507] oom_kill_process+0x25d/0x600 [ 3078.026015][T29507] out_of_memory+0x35c/0x1660 [ 3078.030697][T29507] ? find_held_lock+0x2d/0x110 [ 3078.032282][T29546] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3078.035456][T29507] ? oom_killer_disable+0x2b0/0x2b0 [ 3078.035478][T29507] ? rcu_read_unlock+0x9/0x60 [ 3078.035499][T29507] ? find_held_lock+0x2d/0x110 [ 3078.059347][T29507] mem_cgroup_out_of_memory+0x206/0x270 [ 3078.064905][T29507] ? mem_cgroup_margin+0x130/0x130 [ 3078.070018][T29507] ? lock_downgrade+0x690/0x690 [ 3078.074887][T29507] try_charge_memcg+0xf99/0x13a0 [ 3078.079841][T29507] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3078.085831][T29507] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3078.091561][T29507] ? lock_downgrade+0x690/0x690 [ 3078.096419][T29507] ? lock_downgrade+0x690/0x690 [ 3078.101286][T29507] obj_cgroup_charge+0x2af/0x5e0 [ 3078.106233][T29507] ? vm_area_dup+0x23/0x300 [ 3078.110739][T29507] kmem_cache_alloc+0xb1/0x3b0 [ 3078.115514][T29507] vm_area_dup+0x23/0x300 [ 3078.119852][T29507] __split_vma+0x199/0x830 [ 3078.124274][T29507] ? expand_stack+0x20/0x20 [ 3078.128779][T29507] ? vma_shrink+0x5c0/0x5c0 [ 3078.133280][T29507] ? mark_held_locks+0x9f/0xe0 [ 3078.138052][T29507] ? percpu_counter_add_batch+0x199/0x1e0 [ 3078.143774][T29507] ? lockdep_hardirqs_on+0x7d/0x100 [ 3078.148983][T29507] split_vma+0xc6/0x110 [ 3078.153139][T29507] mprotect_fixup+0x891/0xbd0 [ 3078.157825][T29507] ? change_protection+0x3e40/0x3e40 [ 3078.163113][T29507] do_mprotect_pkey+0x87f/0xd50 [ 3078.167971][T29507] ? mprotect_fixup+0xbd0/0xbd0 [ 3078.172822][T29507] ? up_write+0x1b4/0x520 [ 3078.177153][T29507] ? xfd_validate_state+0x5d/0x180 [ 3078.182264][T29507] ? kernel_fpu_begin_mask+0x270/0x270 [ 3078.187726][T29507] ? do_futex+0x360/0x360 [ 3078.192059][T29507] __x64_sys_mprotect+0x78/0xb0 [ 3078.196911][T29507] do_syscall_64+0x39/0xb0 [ 3078.201325][T29507] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3078.207306][T29507] RIP: 0033:0x7f5bd068c277 [ 3078.211713][T29507] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3078.231315][T29507] RSP: 002b:00007fffe74b1698 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 3078.239728][T29507] RAX: ffffffffffffffda RBX: 0000000000021000 RCX: 00007f5bd068c277 15:36:49 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:49 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) bind$can_j1939(r0, &(0x7f0000000080), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:50 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3078.247699][T29507] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f5bcf1df000 [ 3078.255668][T29507] RBP: 00007fffe74b1770 R08: 00000000ffffffff R09: 00007f5bcf1fe700 [ 3078.263635][T29507] R10: 0000000000020022 R11: 0000000000000206 R12: 00007fffe74b1890 [ 3078.271695][T29507] R13: 00007f5bcf1fe700 R14: 0000000000000000 R15: 0000000000022000 [ 3078.279764][T29507] 15:36:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1400}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3078.401390][T29507] memory: usage 307200kB, limit 307200kB, failcnt 26071 [ 3078.413934][T29507] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3078.428019][T29631] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3078.465060][T29507] Memory cgroup stats for /syz2: [ 3078.465229][T29507] anon 110592 [ 3078.465229][T29507] file 8388608 [ 3078.465229][T29507] kernel 306073600 [ 3078.465229][T29507] kernel_stack 65536 [ 3078.465229][T29507] pagetables 69632 [ 3078.465229][T29507] sec_pagetables 0 [ 3078.465229][T29507] percpu 5294976 [ 3078.465229][T29507] sock 0 [ 3078.465229][T29507] vmalloc 16384 [ 3078.465229][T29507] shmem 8380416 [ 3078.465229][T29507] zswap 0 [ 3078.465229][T29507] zswapped 0 [ 3078.465229][T29507] file_mapped 286720 [ 3078.465229][T29507] file_dirty 8192 [ 3078.465229][T29507] file_writeback 0 [ 3078.465229][T29507] swapcached 0 [ 3078.465229][T29507] anon_thp 0 [ 3078.465229][T29507] file_thp 0 [ 3078.465229][T29507] shmem_thp 0 [ 3078.465229][T29507] inactive_anon 0 [ 3078.465229][T29507] active_anon 8491008 [ 3078.465229][T29507] inactive_file 8192 [ 3078.465229][T29507] active_file 0 [ 3078.465229][T29507] unevictable 0 [ 3078.465229][T29507] slab_reclaimable 51096 [ 3078.465229][T29507] slab_unreclaimable 300536608 [ 3078.465229][T29507] slab 300587704 [ 3078.465229][T29507] workingset_refault_anon 0 [ 3078.465229][T29507] workingset_refault_file 2 [ 3078.465229][T29507] workingset_activate_anon 0 [ 3078.465229][T29507] workingset_activate_file 0 [ 3078.465229][T29507] workingset_restore_anon 0 [ 3078.465229][T29507] workingset_restore_file 2 [ 3078.465229][T29507] workingset_nodereclaim 0 [ 3078.465229][T29507] pgscan 7854 [ 3078.465229][T29507] pgsteal 122 [ 3078.465229][T29507] pgscan_kswapd 106 [ 3078.465229][T29507] pgscan_direct 7748 [ 3078.465229][T29507] pgscan_khugepaged 0 [ 3078.465229][T29507] pgsteal_kswapd 97 [ 3078.465229][T29507] pgsteal_direct 25 [ 3078.465229][T29507] pgsteal_khugepaged 0 [ 3078.465229][T29507] pgfault 695428 [ 3078.465229][T29507] pgmajfault 0 [ 3078.465229][T29507] pgrefill 32120 [ 3078.465229][T29507] pgactivate 7732 [ 3078.465229][T29507] pgdeactivate 0 [ 3078.465229][T29507] pglazyfree 0 [ 3078.465229][T29507] pglazyfreed 0 [ 3078.465229][T29507] zswpin 0 [ 3078.465229][T29507] zswpout 0 [ 3078.674017][T29507] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29507,uid=0 [ 3078.731804][T29507] Memory cgroup out of memory: Killed process 29507 (syz-executor.2) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3078.812371][T29514] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3078.813349][T29509] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3078.822622][T29514] CPU: 0 PID: 29514 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3078.822642][T29514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3078.822653][T29514] Call Trace: [ 3078.822658][T29514] [ 3078.822664][T29514] dump_stack_lvl+0x136/0x150 [ 3078.822697][T29514] dump_header+0x10a/0xd70 [ 3078.822717][T29514] oom_kill_process+0x25d/0x600 [ 3078.822736][T29514] out_of_memory+0x35c/0x1660 [ 3078.822755][T29514] ? find_held_lock+0x2d/0x110 [ 3078.822777][T29514] ? oom_killer_disable+0x2b0/0x2b0 [ 3078.822794][T29514] ? rcu_read_unlock+0x9/0x60 [ 3078.822815][T29514] ? find_held_lock+0x2d/0x110 [ 3078.822837][T29514] mem_cgroup_out_of_memory+0x206/0x270 [ 3078.822860][T29514] ? mem_cgroup_margin+0x130/0x130 [ 3078.822881][T29514] ? lock_downgrade+0x690/0x690 [ 3078.822912][T29514] try_charge_memcg+0xf99/0x13a0 [ 3078.822942][T29514] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3078.822972][T29514] ? rcu_read_unlock+0x9/0x60 [ 3078.822991][T29514] ? lock_downgrade+0x690/0x690 [ 3078.823022][T29514] charge_memcg+0x90/0x3b0 [ 3078.823048][T29514] __mem_cgroup_charge+0x2b/0x90 [ 3078.823064][T29514] do_wp_page+0x8ea/0x33c0 [ 3078.823086][T29514] ? lock_sync+0x190/0x190 [ 3078.823107][T29514] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3078.823124][T29514] ? do_raw_spin_lock+0x124/0x2b0 [ 3078.823147][T29514] ? spin_bug+0x1c0/0x1c0 [ 3078.823175][T29514] __handle_mm_fault+0x1635/0x41c0 [ 3078.823196][T29514] ? vm_iomap_memory+0x190/0x190 [ 3078.823213][T29514] ? mas_walk+0x58f/0x730 [ 3078.823241][T29514] ? numa_migrate_prep+0x3a0/0x3a0 [ 3078.823256][T29514] ? do_user_addr_fault+0x367/0x1210 [ 3078.823282][T29514] handle_mm_fault+0x2af/0x9f0 [ 3078.823305][T29514] do_user_addr_fault+0x2ca/0x1210 [ 3078.823324][T29514] ? rcu_is_watching+0x12/0xb0 [ 3078.823352][T29514] exc_page_fault+0x98/0x170 [ 3078.823373][T29514] asm_exc_page_fault+0x26/0x30 [ 3078.823396][T29514] RIP: 0033:0x7f5d2ac39610 [ 3078.823409][T29514] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3078.823426][T29514] RSP: 002b:00007ffc24e00390 EFLAGS: 00010246 [ 3078.823441][T29514] RAX: 000000004b479e20 RBX: 00007f5d2adac0e8 RCX: 0000001b2dc20000 [ 3078.823452][T29514] RDX: 0000000000000000 RSI: 0000001b2dc20018 RDI: 000000000a2432ae [ 3078.823463][T29514] RBP: 000000004b479e20 R08: 0000000000001e20 R09: 000000004b479e24 [ 3078.823474][T29514] R10: 00007ffc24e00550 R11: 0000000000000246 R12: 00007f5d2ada0000 [ 3078.823486][T29514] R13: 0000000000000001 R14: 0000000000000008 R15: ffffffff83ce111f [ 3078.823498][T29514] ? security_socket_create+0x3f/0xc0 [ 3078.823532][T29514] [ 3078.823539][T29514] memory: usage 307200kB, limit 307200kB, failcnt 26401 [ 3078.823556][T29514] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3078.823568][T29514] Memory cgroup stats for /syz1: [ 3078.823775][T29514] anon 413696 [ 3078.823775][T29514] file 262144 [ 3078.823775][T29514] kernel 313896960 [ 3078.823775][T29514] kernel_stack 196608 [ 3078.823775][T29514] pagetables 249856 [ 3078.823775][T29514] sec_pagetables 0 [ 3078.823775][T29514] percpu 5421792 [ 3078.823775][T29514] sock 0 [ 3078.823775][T29514] vmalloc 0 [ 3078.823775][T29514] shmem 258048 [ 3078.823775][T29514] zswap 0 [ 3078.823775][T29514] zswapped 0 [ 3078.823775][T29514] file_mapped 241664 [ 3078.823775][T29514] file_dirty 4096 [ 3078.823775][T29514] file_writeback 0 [ 3078.823775][T29514] swapcached 0 [ 3078.823775][T29514] anon_thp 0 [ 3078.823775][T29514] file_thp 0 [ 3078.823775][T29514] shmem_thp 0 [ 3078.823775][T29514] inactive_anon 573440 [ 3078.823775][T29514] active_anon 98304 [ 3078.823775][T29514] inactive_file 0 [ 3078.823775][T29514] active_file 4096 [ 3078.823775][T29514] unevictable 0 [ 3078.823775][T29514] slab_reclaimable 34328 [ 3078.823775][T29514] slab_unreclaimable 307909608 [ 3078.823775][T29514] slab 307943936 [ 3078.823775][T29514] workingset_refault_anon 0 [ 3078.823775][T29514] workingset_refault_file 2 [ 3078.823775][T29514] workingset_activate_anon 0 [ 3078.823775][T29514] workingset_activate_file 0 [ 3078.823775][T29514] workingset_restore_anon 0 [ 3078.823775][T29514] workingset_restore_file 2 [ 3078.823775][T29514] workingset_nodereclaim 0 [ 3078.823775][T29514] pgscan 4268 [ 3078.823775][T29514] pgsteal 107 [ 3078.823775][T29514] pgscan_kswapd 92 [ 3078.823775][T29514] pgscan_direct 4176 [ 3078.823775][T29514] pgscan_khugepaged 0 [ 3078.823775][T29514] pgsteal_kswapd 88 [ 3078.823775][T29514] pgsteal_direct 19 [ 3078.823775][T29514] pgsteal_khugepaged 0 [ 3078.823775][T29514] pgfault 567658 [ 3078.823775][T29514] pgmajfault 2 [ 3078.823775][T29514] pgrefill 16618 [ 3078.823775][T29514] pgactivate 4161 [ 3078.823775][T29514] pgdeactivate 0 [ 3078.823775][T29514] pglazyfree 0 [ 3078.823775][T29514] pglazyfreed 0 [ 3078.823775][T29514] zswpin 0 [ 3078.823775][T29514] zswpout 0 [ 3078.823825][T29514] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=29514,uid=0 [ 3078.823943][T29514] Memory cgroup out of memory: Killed process 29514 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3078.902179][T29505] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3079.350393][T29505] CPU: 1 PID: 29505 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3079.360832][T29505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3079.370892][T29505] Call Trace: [ 3079.374171][T29505] [ 3079.377099][T29505] dump_stack_lvl+0x136/0x150 [ 3079.381788][T29505] dump_header+0x10a/0xd70 [ 3079.386226][T29505] oom_kill_process+0x25d/0x600 [ 3079.391076][T29505] out_of_memory+0x35c/0x1660 [ 3079.395754][T29505] ? find_held_lock+0x2d/0x110 [ 3079.400521][T29505] ? oom_killer_disable+0x2b0/0x2b0 [ 3079.405712][T29505] ? rcu_read_unlock+0x9/0x60 [ 3079.410397][T29505] ? find_held_lock+0x2d/0x110 [ 3079.415166][T29505] mem_cgroup_out_of_memory+0x206/0x270 [ 3079.420715][T29505] ? mem_cgroup_margin+0x130/0x130 [ 3079.425914][T29505] ? lock_downgrade+0x690/0x690 [ 3079.430777][T29505] try_charge_memcg+0xf99/0x13a0 [ 3079.435727][T29505] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3079.441708][T29505] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3079.447429][T29505] ? lock_downgrade+0x690/0x690 [ 3079.452287][T29505] ? lock_downgrade+0x690/0x690 [ 3079.457147][T29505] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3079.462787][T29505] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3079.468950][T29505] copy_process+0x4f9/0x75c0 [ 3079.473558][T29505] ? pidfd_prepare+0x80/0x80 [ 3079.478154][T29505] ? lock_downgrade+0x690/0x690 [ 3079.482995][T29505] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3079.488960][T29505] ? folio_add_lru+0x47f/0x7c0 [ 3079.493712][T29505] kernel_clone+0xeb/0x890 [ 3079.498135][T29505] ? create_io_thread+0xe0/0xe0 [ 3079.502989][T29505] ? find_held_lock+0x2d/0x110 [ 3079.507756][T29505] ? find_held_lock+0x2d/0x110 [ 3079.512521][T29505] __do_sys_clone+0xba/0x100 [ 3079.517110][T29505] ? kernel_clone+0x890/0x890 [ 3079.521796][T29505] ? syscall_enter_from_user_mode+0x26/0x80 [ 3079.527704][T29505] do_syscall_64+0x39/0xb0 [ 3079.532101][T29505] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3079.537979][T29505] RIP: 0033:0x7fcdfee8d591 [ 3079.542378][T29505] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3079.561977][T29505] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3079.570384][T29505] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3079.578347][T29505] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3079.586297][T29505] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3079.594243][T29505] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3079.602288][T29505] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3079.610262][T29505] [ 3079.713801][T29505] memory: usage 307200kB, limit 307200kB, failcnt 37931 [ 3079.733226][T29505] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3079.752953][T29505] Memory cgroup stats for /syz4: [ 3079.753093][T29505] anon 2142208 [ 3079.753093][T29505] file 7716864 [ 3079.753093][T29505] kernel 304713728 [ 3079.753093][T29505] kernel_stack 688128 [ 3079.753093][T29505] pagetables 1171456 [ 3079.753093][T29505] sec_pagetables 0 [ 3079.753093][T29505] percpu 5219168 [ 3079.753093][T29505] sock 0 [ 3079.753093][T29505] vmalloc 8192 [ 3079.753093][T29505] shmem 7716864 [ 3079.753093][T29505] zswap 0 [ 3079.753093][T29505] zswapped 0 [ 3079.753093][T29505] file_mapped 196608 [ 3079.753093][T29505] file_dirty 0 [ 3079.753093][T29505] file_writeback 0 [ 3079.753093][T29505] swapcached 0 [ 3079.753093][T29505] anon_thp 0 [ 3079.753093][T29505] file_thp 0 [ 3079.753093][T29505] shmem_thp 0 [ 3079.753093][T29505] inactive_anon 9596928 [ 3079.753093][T29505] active_anon 262144 [ 3079.753093][T29505] inactive_file 0 [ 3079.753093][T29505] active_file 0 [ 3079.753093][T29505] unevictable 0 [ 3079.753093][T29505] slab_reclaimable 172672 [ 3079.753093][T29505] slab_unreclaimable 297105072 [ 3079.753093][T29505] slab 297277744 [ 3079.753093][T29505] workingset_refault_anon 0 [ 3079.753093][T29505] workingset_refault_file 0 [ 3079.753093][T29505] workingset_activate_anon 0 [ 3079.753093][T29505] workingset_activate_file 0 [ 3079.753093][T29505] workingset_restore_anon 0 [ 3079.753093][T29505] workingset_restore_file 0 [ 3079.753093][T29505] workingset_nodereclaim 0 [ 3079.753093][T29505] pgscan 116 [ 3079.753093][T29505] pgsteal 111 [ 3079.753093][T29505] pgscan_kswapd 99 [ 3079.753093][T29505] pgscan_direct 17 [ 3079.753093][T29505] pgscan_khugepaged 0 [ 3079.753093][T29505] pgsteal_kswapd 97 [ 3079.753093][T29505] pgsteal_direct 14 [ 3079.753093][T29505] pgsteal_khugepaged 0 [ 3079.753093][T29505] pgfault 696141 [ 3079.753093][T29505] pgmajfault 6 [ 3079.753093][T29505] pgrefill 593 [ 3079.753093][T29505] pgactivate 5 [ 3079.753093][T29505] pgdeactivate 0 [ 3079.753093][T29505] pglazyfree 0 [ 3079.753093][T29505] pglazyfreed 0 [ 3079.753093][T29505] zswpin 0 [ 3079.753093][T29505] zswpout 0 15:36:51 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa4940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x909e0400}, 0x0) 15:36:51 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x91940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:51 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2d00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:51 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x336}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3080.024251][T29505] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29505,uid=0 [ 3080.042175][T29505] Memory cgroup out of memory: Killed process 29505 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:36:52 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3080.120075][T29642] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3080.216806][T29643] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3080.261458][T29643] CPU: 1 PID: 29643 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3080.271989][T29643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3080.282042][T29643] Call Trace: [ 3080.285318][T29643] [ 3080.288250][T29643] dump_stack_lvl+0x136/0x150 [ 3080.292940][T29643] dump_header+0x10a/0xd70 [ 3080.297358][T29643] oom_kill_process+0x25d/0x600 [ 3080.302214][T29643] out_of_memory+0x35c/0x1660 [ 3080.306904][T29643] ? find_held_lock+0x2d/0x110 [ 3080.311668][T29643] ? oom_killer_disable+0x2b0/0x2b0 [ 3080.316875][T29643] ? rcu_read_unlock+0x9/0x60 [ 3080.317709][T29641] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3080.321557][T29643] ? find_held_lock+0x2d/0x110 [ 3080.321589][T29643] mem_cgroup_out_of_memory+0x206/0x270 [ 3080.321619][T29643] ? mem_cgroup_margin+0x130/0x130 [ 3080.346386][T29643] ? lock_downgrade+0x690/0x690 [ 3080.351257][T29643] try_charge_memcg+0xf99/0x13a0 [ 3080.356212][T29643] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3080.362215][T29643] ? rcu_read_unlock+0x9/0x60 [ 3080.366890][T29643] ? lock_downgrade+0x690/0x690 [ 3080.371743][T29643] charge_memcg+0x90/0x3b0 [ 3080.376163][T29643] __mem_cgroup_charge+0x2b/0x90 [ 3080.381104][T29643] do_wp_page+0x8ea/0x33c0 [ 3080.385523][T29643] ? lock_sync+0x190/0x190 [ 3080.389944][T29643] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3080.395316][T29643] ? do_raw_spin_lock+0x124/0x2b0 [ 3080.400350][T29643] ? spin_bug+0x1c0/0x1c0 [ 3080.404689][T29643] __handle_mm_fault+0x1635/0x41c0 [ 3080.409801][T29643] ? vm_iomap_memory+0x190/0x190 [ 3080.414733][T29643] ? mas_walk+0x58f/0x730 [ 3080.419073][T29643] ? numa_migrate_prep+0x3a0/0x3a0 [ 3080.424185][T29643] handle_mm_fault+0x2af/0x9f0 [ 3080.428953][T29643] do_user_addr_fault+0x2ca/0x1210 [ 3080.434066][T29643] ? rcu_is_watching+0x12/0xb0 [ 3080.438837][T29643] exc_page_fault+0x98/0x170 [ 3080.443432][T29643] asm_exc_page_fault+0x26/0x30 [ 3080.448294][T29643] RIP: 0033:0x7fcdfee39610 [ 3080.452705][T29643] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3080.472313][T29643] RSP: 002b:00007ffda41c1dd0 EFLAGS: 00010246 [ 3080.478378][T29643] RAX: 000000003b57db16 RBX: 00007fcdfefac018 RCX: 0000001b2e120000 [ 3080.486344][T29643] RDX: 0000000000000000 RSI: 0000001b2e120018 RDI: 000000000c831dc6 [ 3080.494836][T29643] RBP: 000000003b57db16 R08: 0000000000001b16 R09: 000000003b57db1a [ 3080.502895][T29643] R10: 00007ffda41c1f90 R11: 0000000000000246 R12: 00007fcdfefa0000 [ 3080.510869][T29643] R13: 0000000000000001 R14: 0000000000000002 R15: ffffffff880502cb [ 3080.518838][T29643] ? __sys_socket+0xcb/0x250 [ 3080.523449][T29643] 15:36:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x919e0400}, 0x0) 15:36:52 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, 0x0, 0x0) 15:36:52 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8d940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3080.642963][T29643] memory: usage 307192kB, limit 307200kB, failcnt 37990 15:36:52 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, 0x0, 0x0) [ 3080.665630][T29756] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3080.704404][T29643] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3080.709185][T29757] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3080.733045][T29643] Memory cgroup stats for /syz4: [ 3080.733209][T29643] anon 2097152 [ 3080.733209][T29643] file 7716864 [ 3080.733209][T29643] kernel 304750592 [ 3080.733209][T29643] kernel_stack 688128 [ 3080.733209][T29643] pagetables 1163264 [ 3080.733209][T29643] sec_pagetables 0 [ 3080.733209][T29643] percpu 5219232 [ 3080.733209][T29643] sock 0 [ 3080.733209][T29643] vmalloc 8192 [ 3080.733209][T29643] shmem 7716864 [ 3080.733209][T29643] zswap 0 [ 3080.733209][T29643] zswapped 0 [ 3080.733209][T29643] file_mapped 196608 [ 3080.733209][T29643] file_dirty 0 [ 3080.733209][T29643] file_writeback 0 [ 3080.733209][T29643] swapcached 0 [ 3080.733209][T29643] anon_thp 0 [ 3080.733209][T29643] file_thp 0 [ 3080.733209][T29643] shmem_thp 0 [ 3080.733209][T29643] inactive_anon 9596928 [ 3080.733209][T29643] active_anon 217088 [ 3080.733209][T29643] inactive_file 0 [ 3080.733209][T29643] active_file 0 [ 3080.733209][T29643] unevictable 0 [ 3080.733209][T29643] slab_reclaimable 210480 [ 3080.733209][T29643] slab_unreclaimable 297121112 [ 3080.733209][T29643] slab 297331592 [ 3080.733209][T29643] workingset_refault_anon 0 [ 3080.733209][T29643] workingset_refault_file 0 [ 3080.733209][T29643] workingset_activate_anon 0 [ 3080.733209][T29643] workingset_activate_file 0 [ 3080.733209][T29643] workingset_restore_anon 0 [ 3080.733209][T29643] workingset_restore_file 0 [ 3080.733209][T29643] workingset_nodereclaim 0 [ 3080.733209][T29643] pgscan 116 [ 3080.733209][T29643] pgsteal 111 [ 3080.733209][T29643] pgscan_kswapd 99 [ 3080.733209][T29643] pgscan_direct 17 [ 3080.733209][T29643] pgscan_khugepaged 0 [ 3080.733209][T29643] pgsteal_kswapd 97 [ 3080.733209][T29643] pgsteal_direct 14 15:36:52 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, 0x0, 0x0) [ 3080.733209][T29643] pgsteal_khugepaged 0 [ 3080.733209][T29643] pgfault 696187 [ 3080.733209][T29643] pgmajfault 6 [ 3080.733209][T29643] pgrefill 593 [ 3080.733209][T29643] pgactivate 5 [ 3080.733209][T29643] pgdeactivate 0 [ 3080.733209][T29643] pglazyfree 0 [ 3080.733209][T29643] pglazyfreed 0 [ 3080.733209][T29643] zswpin 0 [ 3080.733209][T29643] zswpout 0 [ 3081.067732][ T1211] ieee802154 phy0 wpan0: encryption failed: -22 [ 3081.074095][ T1211] ieee802154 phy1 wpan1: encryption failed: -22 [ 3081.110626][T29643] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29643,uid=0 [ 3081.143013][T29643] Memory cgroup out of memory: Killed process 29643 (syz-executor.4) total-vm:54548kB, anon-rss:420kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 15:36:53 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa5940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x929e0400}, 0x0) 15:36:53 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0xd00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3081.282937][T29693] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3081.432495][T29640] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3081.492860][T29640] CPU: 1 PID: 29640 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3081.503295][T29640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3081.513347][T29640] Call Trace: [ 3081.516619][T29640] [ 3081.519547][T29640] dump_stack_lvl+0x136/0x150 [ 3081.524234][T29640] dump_header+0x10a/0xd70 [ 3081.528655][T29640] oom_kill_process+0x25d/0x600 [ 3081.533499][T29640] out_of_memory+0x35c/0x1660 [ 3081.538165][T29640] ? find_held_lock+0x2d/0x110 [ 3081.542916][T29640] ? oom_killer_disable+0x2b0/0x2b0 [ 3081.548099][T29640] ? rcu_read_unlock+0x9/0x60 [ 3081.552765][T29640] ? find_held_lock+0x2d/0x110 [ 3081.557519][T29640] mem_cgroup_out_of_memory+0x206/0x270 [ 3081.563058][T29640] ? mem_cgroup_margin+0x130/0x130 [ 3081.568158][T29640] ? lock_downgrade+0x690/0x690 [ 3081.573006][T29640] try_charge_memcg+0xf99/0x13a0 [ 3081.577940][T29640] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3081.583920][T29640] ? rcu_read_unlock+0x9/0x60 [ 3081.588583][T29640] ? lock_downgrade+0x690/0x690 [ 3081.593430][T29640] charge_memcg+0x90/0x3b0 [ 3081.597842][T29640] __mem_cgroup_charge+0x2b/0x90 [ 3081.602764][T29640] do_wp_page+0x8ea/0x33c0 [ 3081.607170][T29640] ? lock_sync+0x190/0x190 [ 3081.611573][T29640] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3081.616930][T29640] ? do_raw_spin_lock+0x124/0x2b0 [ 3081.621943][T29640] ? spin_bug+0x1c0/0x1c0 [ 3081.626270][T29640] __handle_mm_fault+0x1635/0x41c0 [ 3081.631371][T29640] ? vm_iomap_memory+0x190/0x190 [ 3081.636294][T29640] ? mas_walk+0x58f/0x730 [ 3081.640620][T29640] ? numa_migrate_prep+0x3a0/0x3a0 [ 3081.645732][T29640] ? do_user_addr_fault+0x367/0x1210 [ 3081.651018][T29640] handle_mm_fault+0x2af/0x9f0 [ 3081.655775][T29640] do_user_addr_fault+0x2ca/0x1210 [ 3081.660876][T29640] ? rcu_is_watching+0x12/0xb0 [ 3081.665751][T29640] exc_page_fault+0x98/0x170 [ 3081.670331][T29640] asm_exc_page_fault+0x26/0x30 [ 3081.675189][T29640] RIP: 0033:0x7f5bd0639610 [ 3081.679591][T29640] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3081.699181][T29640] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3081.705232][T29640] RAX: 0000000004219014 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3081.713192][T29640] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a28a722 [ 3081.721152][T29640] RBP: 0000000004219014 R08: 0000000000001014 R09: 0000000004219018 [ 3081.729112][T29640] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3081.737071][T29640] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83d6fdb1 [ 3081.745030][T29640] ? apparmor_socket_create+0x151/0x670 [ 3081.750584][T29640] [ 3081.879016][T29640] memory: usage 307200kB, limit 307200kB, failcnt 26175 [ 3081.891269][T29640] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3081.903577][T29640] Memory cgroup stats for /syz2: [ 3081.903695][T29640] anon 139264 [ 3081.903695][T29640] file 8388608 [ 3081.903695][T29640] kernel 306044928 [ 3081.903695][T29640] kernel_stack 65536 [ 3081.903695][T29640] pagetables 69632 [ 3081.903695][T29640] sec_pagetables 0 [ 3081.903695][T29640] percpu 5294912 [ 3081.903695][T29640] sock 0 [ 3081.903695][T29640] vmalloc 16384 [ 3081.903695][T29640] shmem 8380416 [ 3081.903695][T29640] zswap 0 [ 3081.903695][T29640] zswapped 0 [ 3081.903695][T29640] file_mapped 286720 [ 3081.903695][T29640] file_dirty 0 [ 3081.903695][T29640] file_writeback 0 [ 3081.903695][T29640] swapcached 0 [ 3081.903695][T29640] anon_thp 0 [ 3081.903695][T29640] file_thp 0 [ 3081.903695][T29640] shmem_thp 0 [ 3081.903695][T29640] inactive_anon 0 [ 3081.903695][T29640] active_anon 8519680 [ 3081.903695][T29640] inactive_file 0 [ 3081.903695][T29640] active_file 8192 [ 3081.903695][T29640] unevictable 0 [ 3081.903695][T29640] slab_reclaimable 39288 [ 3081.903695][T29640] slab_unreclaimable 300523984 [ 3081.903695][T29640] slab 300563272 [ 3081.903695][T29640] workingset_refault_anon 0 [ 3081.903695][T29640] workingset_refault_file 2 [ 3081.903695][T29640] workingset_activate_anon 0 [ 3081.903695][T29640] workingset_activate_file 0 [ 3081.903695][T29640] workingset_restore_anon 0 [ 3081.903695][T29640] workingset_restore_file 2 [ 3081.903695][T29640] workingset_nodereclaim 0 [ 3081.903695][T29640] pgscan 7988 [ 3081.903695][T29640] pgsteal 122 [ 3081.903695][T29640] pgscan_kswapd 106 [ 3081.903695][T29640] pgscan_direct 7882 [ 3081.903695][T29640] pgscan_khugepaged 0 [ 3081.903695][T29640] pgsteal_kswapd 97 [ 3081.903695][T29640] pgsteal_direct 25 [ 3081.903695][T29640] pgsteal_khugepaged 0 [ 3081.903695][T29640] pgfault 695485 [ 3081.903695][T29640] pgmajfault 0 [ 3081.903695][T29640] pgrefill 32120 [ 3081.903695][T29640] pgactivate 7866 [ 3081.903695][T29640] pgdeactivate 0 [ 3081.903695][T29640] pglazyfree 0 [ 3081.903695][T29640] pglazyfreed 0 [ 3081.903695][T29640] zswpin 0 [ 3081.903695][T29640] zswpout 0 [ 3082.130432][T29640] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29640,uid=0 [ 3082.164511][T29640] Memory cgroup out of memory: Killed process 29640 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3082.182706][T29639] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3082.199293][T29639] CPU: 1 PID: 29639 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3082.209723][T29639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3082.219774][T29639] Call Trace: [ 3082.223045][T29639] [ 3082.225974][T29639] dump_stack_lvl+0x136/0x150 [ 3082.230660][T29639] dump_header+0x10a/0xd70 [ 3082.235083][T29639] oom_kill_process+0x25d/0x600 [ 3082.239940][T29639] out_of_memory+0x35c/0x1660 [ 3082.244711][T29639] ? oom_killer_disable+0x2b0/0x2b0 [ 3082.249941][T29639] ? rcu_read_unlock+0x9/0x60 [ 3082.254647][T29639] ? find_held_lock+0x2d/0x110 [ 3082.259420][T29639] mem_cgroup_out_of_memory+0x206/0x270 [ 3082.264983][T29639] ? mem_cgroup_margin+0x130/0x130 [ 3082.270100][T29639] ? lock_downgrade+0x690/0x690 [ 3082.274970][T29639] try_charge_memcg+0xf99/0x13a0 [ 3082.279920][T29639] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3082.285909][T29639] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3082.291630][T29639] ? lock_downgrade+0x690/0x690 [ 3082.296516][T29639] ? lock_downgrade+0x690/0x690 [ 3082.301365][T29639] ? rcu_read_unlock+0x9/0x60 [ 3082.306034][T29639] obj_cgroup_charge+0x2af/0x5e0 [ 3082.310969][T29639] ? copy_process+0x3c0/0x75c0 [ 3082.315723][T29639] kmem_cache_alloc_node+0xa8/0x3e0 [ 3082.320915][T29639] copy_process+0x3c0/0x75c0 [ 3082.325507][T29639] ? pidfd_prepare+0x80/0x80 [ 3082.330089][T29639] ? lock_downgrade+0x690/0x690 [ 3082.334929][T29639] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3082.340900][T29639] ? folio_add_lru+0x47f/0x7c0 [ 3082.345657][T29639] kernel_clone+0xeb/0x890 [ 3082.350063][T29639] ? create_io_thread+0xe0/0xe0 [ 3082.354905][T29639] ? find_held_lock+0x2d/0x110 [ 3082.359660][T29639] ? find_held_lock+0x2d/0x110 [ 3082.364596][T29639] __do_sys_clone+0xba/0x100 [ 3082.369183][T29639] ? kernel_clone+0x890/0x890 [ 3082.373866][T29639] ? syscall_enter_from_user_mode+0x26/0x80 [ 3082.379756][T29639] do_syscall_64+0x39/0xb0 [ 3082.384255][T29639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3082.390143][T29639] RIP: 0033:0x7f5d2ac8d591 [ 3082.394549][T29639] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3082.414240][T29639] RSP: 002b:00007ffc24e00338 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3082.422640][T29639] RAX: ffffffffffffffda RBX: 00007f5d2b9ec700 RCX: 00007f5d2ac8d591 [ 3082.430602][T29639] RDX: 00007f5d2b9ec9d0 RSI: 00007f5d2b9ec2f0 RDI: 00000000003d0f00 [ 3082.438559][T29639] RBP: 00007ffc24e00580 R08: 00007f5d2b9ec700 R09: 00007f5d2b9ec700 [ 3082.446534][T29639] R10: 00007f5d2b9ec9d0 R11: 0000000000000206 R12: 00007ffc24e003ee [ 3082.454488][T29639] R13: 00007ffc24e003ef R14: 00007f5d2b9ec300 R15: 0000000000022000 [ 3082.462462][T29639] [ 3082.562344][T29639] memory: usage 307196kB, limit 307200kB, failcnt 26536 [ 3082.573254][T29639] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3082.584306][T29639] Memory cgroup stats for /syz1: [ 3082.584455][T29639] anon 442368 [ 3082.584455][T29639] file 262144 [ 3082.584455][T29639] kernel 313864192 [ 3082.584455][T29639] kernel_stack 163840 [ 3082.584455][T29639] pagetables 258048 [ 3082.584455][T29639] sec_pagetables 0 [ 3082.584455][T29639] percpu 5421792 [ 3082.584455][T29639] sock 0 [ 3082.584455][T29639] vmalloc 0 [ 3082.584455][T29639] shmem 258048 [ 3082.584455][T29639] zswap 0 [ 3082.584455][T29639] zswapped 0 [ 3082.584455][T29639] file_mapped 241664 [ 3082.584455][T29639] file_dirty 0 [ 3082.584455][T29639] file_writeback 0 [ 3082.584455][T29639] swapcached 0 [ 3082.584455][T29639] anon_thp 0 [ 3082.584455][T29639] file_thp 0 [ 3082.584455][T29639] shmem_thp 0 [ 3082.584455][T29639] inactive_anon 573440 [ 3082.584455][T29639] active_anon 126976 [ 3082.584455][T29639] inactive_file 0 [ 3082.584455][T29639] active_file 4096 [ 3082.584455][T29639] unevictable 0 [ 3082.584455][T29639] slab_reclaimable 34328 [ 3082.584455][T29639] slab_unreclaimable 307901752 [ 3082.584455][T29639] slab 307936080 [ 3082.584455][T29639] workingset_refault_anon 0 [ 3082.584455][T29639] workingset_refault_file 2 [ 3082.584455][T29639] workingset_activate_anon 0 [ 3082.584455][T29639] workingset_activate_file 0 [ 3082.584455][T29639] workingset_restore_anon 0 [ 3082.584455][T29639] workingset_restore_file 2 [ 3082.584455][T29639] workingset_nodereclaim 0 [ 3082.584455][T29639] pgscan 4328 [ 3082.584455][T29639] pgsteal 107 [ 3082.584455][T29639] pgscan_kswapd 92 [ 3082.584455][T29639] pgscan_direct 4236 [ 3082.584455][T29639] pgscan_khugepaged 0 [ 3082.584455][T29639] pgsteal_kswapd 88 [ 3082.584455][T29639] pgsteal_direct 19 [ 3082.584455][T29639] pgsteal_khugepaged 0 [ 3082.584455][T29639] pgfault 567725 [ 3082.584455][T29639] pgmajfault 2 [ 3082.584455][T29639] pgrefill 16619 [ 3082.584455][T29639] pgactivate 4221 [ 3082.584455][T29639] pgdeactivate 0 [ 3082.584455][T29639] pglazyfree 0 [ 3082.584455][T29639] pglazyfreed 0 [ 3082.584455][T29639] zswpin 0 [ 3082.584455][T29639] zswpout 0 [ 3082.853533][T29639] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=29639,uid=0 [ 3082.874319][T29639] Memory cgroup out of memory: Killed process 29639 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3082.952595][T29863] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3082.987026][T29863] CPU: 0 PID: 29863 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 15:36:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2e00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:54 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) 15:36:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x939e0400}, 0x0) 15:36:54 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x700}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:54 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x339}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3082.997460][T29863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3083.007514][T29863] Call Trace: [ 3083.010789][T29863] [ 3083.013723][T29863] dump_stack_lvl+0x136/0x150 [ 3083.018420][T29863] dump_header+0x10a/0xd70 [ 3083.022840][T29863] oom_kill_process+0x25d/0x600 [ 3083.027697][T29863] out_of_memory+0x35c/0x1660 [ 3083.032375][T29863] ? find_held_lock+0x2d/0x110 [ 3083.037148][T29863] ? oom_killer_disable+0x2b0/0x2b0 [ 3083.042347][T29863] ? rcu_read_unlock+0x9/0x60 [ 3083.047034][T29863] ? find_held_lock+0x2d/0x110 [ 3083.051805][T29863] mem_cgroup_out_of_memory+0x206/0x270 [ 3083.057366][T29863] ? mem_cgroup_margin+0x130/0x130 [ 3083.062479][T29863] ? lock_downgrade+0x690/0x690 [ 3083.063819][T29978] __nla_validate_parse: 1 callbacks suppressed [ 3083.063829][T29978] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3083.067335][T29863] try_charge_memcg+0xf99/0x13a0 [ 3083.067369][T29863] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3083.067400][T29863] ? rcu_read_unlock+0x9/0x60 [ 3083.067420][T29863] ? lock_downgrade+0x690/0x690 [ 3083.067451][T29863] charge_memcg+0x90/0x3b0 [ 3083.067477][T29863] __mem_cgroup_charge+0x2b/0x90 [ 3083.067495][T29863] __handle_mm_fault+0x2296/0x41c0 [ 3083.067517][T29863] ? mt_find+0x3b9/0xa60 [ 3083.067542][T29863] ? vm_iomap_memory+0x190/0x190 [ 3083.067572][T29863] ? mas_find+0x200/0x200 [ 3083.067611][T29863] handle_mm_fault+0x2af/0x9f0 [ 3083.067636][T29863] do_user_addr_fault+0x51a/0x1210 [ 3083.067664][T29863] exc_page_fault+0x98/0x170 [ 3083.067687][T29863] asm_exc_page_fault+0x26/0x30 [ 3083.067713][T29863] RIP: 0033:0x7fcdfee3b96f [ 3083.067728][T29863] Code: ff ff 4d 89 cd 48 85 c0 74 19 8b 95 44 ff ff ff 48 29 c6 48 01 c7 e8 10 09 05 00 85 c0 0f 85 0b 03 00 00 48 8b 85 48 ff ff ff <41> c7 45 18 01 00 00 00 4c 89 ef 49 89 85 90 06 00 00 48 8b 85 50 [ 3083.067745][T29863] RSP: 002b:00007ffda41c1dd0 EFLAGS: 00010246 [ 3083.067762][T29863] RAX: 00007fcdffb28000 RBX: 0000000000021000 RCX: 00007fcdfee8c277 [ 3083.067773][T29863] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007fcdffb29000 [ 3083.067785][T29863] RBP: 00007ffda41c1ea0 R08: 00000000ffffffff R09: 00007fcdffb48700 [ 3083.067797][T29863] R10: 0000000000020022 R11: 0000000000000206 R12: 00007ffda41c1fc0 [ 3083.067809][T29863] R13: 00007fcdffb48700 R14: 0000000000000000 R15: 0000000000022000 [ 3083.067832][T29863] 15:36:55 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)="05", 0x1}}, 0x0) [ 3083.320275][T29863] memory: usage 307188kB, limit 307200kB, failcnt 38138 [ 3083.331296][T29863] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3083.340825][T29863] Memory cgroup stats for /syz4: [ 3083.340976][T29863] anon 2138112 [ 3083.340976][T29863] file 7716864 [ 3083.340976][T29863] kernel 304697344 [ 3083.340976][T29863] kernel_stack 688128 [ 3083.340976][T29863] pagetables 1171456 [ 3083.340976][T29863] sec_pagetables 0 [ 3083.340976][T29863] percpu 5219168 [ 3083.340976][T29863] sock 0 [ 3083.340976][T29863] vmalloc 8192 [ 3083.340976][T29863] shmem 7716864 [ 3083.340976][T29863] zswap 0 [ 3083.340976][T29863] zswapped 0 [ 3083.340976][T29863] file_mapped 196608 [ 3083.340976][T29863] file_dirty 0 [ 3083.340976][T29863] file_writeback 0 [ 3083.340976][T29863] swapcached 0 [ 3083.340976][T29863] anon_thp 0 [ 3083.340976][T29863] file_thp 0 [ 3083.340976][T29863] shmem_thp 0 [ 3083.340976][T29863] inactive_anon 9596928 [ 3083.340976][T29863] active_anon 258048 [ 3083.340976][T29863] inactive_file 0 [ 3083.340976][T29863] active_file 0 [ 3083.340976][T29863] unevictable 0 [ 3083.340976][T29863] slab_reclaimable 174216 [ 3083.340976][T29863] slab_unreclaimable 297098400 [ 3083.340976][T29863] slab 297272616 [ 3083.340976][T29863] workingset_refault_anon 0 [ 3083.340976][T29863] workingset_refault_file 0 [ 3083.340976][T29863] workingset_activate_anon 0 [ 3083.340976][T29863] workingset_activate_file 0 [ 3083.340976][T29863] workingset_restore_anon 0 [ 3083.340976][T29863] workingset_restore_file 0 [ 3083.340976][T29863] workingset_nodereclaim 0 [ 3083.340976][T29863] pgscan 116 [ 3083.340976][T29863] pgsteal 111 [ 3083.340976][T29863] pgscan_kswapd 99 [ 3083.340976][T29863] pgscan_direct 17 [ 3083.340976][T29863] pgscan_khugepaged 0 [ 3083.340976][T29863] pgsteal_kswapd 97 [ 3083.340976][T29863] pgsteal_direct 14 [ 3083.340976][T29863] pgsteal_khugepaged 0 [ 3083.340976][T29863] pgfault 696250 [ 3083.340976][T29863] pgmajfault 6 [ 3083.340976][T29863] pgrefill 593 [ 3083.340976][T29863] pgactivate 5 [ 3083.340976][T29863] pgdeactivate 0 [ 3083.340976][T29863] pglazyfree 0 [ 3083.340976][T29863] pglazyfreed 0 [ 3083.340976][T29863] zswpin 0 [ 3083.340976][T29863] zswpout 0 15:36:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x949e0400}, 0x0) [ 3083.619794][T29863] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29863,uid=0 [ 3083.643817][T29863] Memory cgroup out of memory: Killed process 29863 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:36:55 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x84940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3083.683618][T29973] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3083.698368][T30086] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3083.753567][T29973] CPU: 1 PID: 29973 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3083.764005][T29973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3083.774140][T29973] Call Trace: [ 3083.777435][T29973] [ 3083.780369][T29973] dump_stack_lvl+0x136/0x150 [ 3083.785065][T29973] dump_header+0x10a/0xd70 [ 3083.789488][T29973] oom_kill_process+0x25d/0x600 [ 3083.794344][T29973] out_of_memory+0x35c/0x1660 [ 3083.799035][T29973] ? oom_killer_disable+0x2b0/0x2b0 [ 3083.802523][T30088] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3083.804226][T29973] ? rcu_read_unlock+0x9/0x60 [ 3083.804252][T29973] ? find_held_lock+0x2d/0x110 [ 3083.822939][T29973] mem_cgroup_out_of_memory+0x206/0x270 [ 3083.828498][T29973] ? mem_cgroup_margin+0x130/0x130 [ 3083.833621][T29973] ? lock_downgrade+0x690/0x690 [ 3083.838491][T29973] try_charge_memcg+0xf99/0x13a0 [ 3083.843442][T29973] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3083.849440][T29973] ? rcu_read_unlock+0x9/0x60 [ 3083.854154][T29973] ? lock_downgrade+0x690/0x690 [ 3083.859018][T29973] charge_memcg+0x90/0x3b0 [ 3083.863436][T29973] __mem_cgroup_charge+0x2b/0x90 [ 3083.868126][T30090] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3083.868354][T29973] ? copy_mc_to_kernel+0x86/0x90 [ 3083.882550][T29973] do_wp_page+0x8ea/0x33c0 [ 3083.886980][T29973] ? lock_sync+0x190/0x190 [ 3083.891400][T29973] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3083.896770][T29973] ? do_raw_spin_lock+0x124/0x2b0 [ 3083.901820][T29973] ? spin_bug+0x1c0/0x1c0 [ 3083.906164][T29973] __handle_mm_fault+0x1635/0x41c0 [ 3083.911274][T29973] ? vm_iomap_memory+0x190/0x190 [ 3083.916216][T29973] ? mas_walk+0x58f/0x730 [ 3083.920586][T29973] ? numa_migrate_prep+0x3a0/0x3a0 [ 3083.925691][T29973] handle_mm_fault+0x2af/0x9f0 [ 3083.930457][T29973] do_user_addr_fault+0x2ca/0x1210 [ 3083.935581][T29973] ? rcu_is_watching+0x12/0xb0 [ 3083.940355][T29973] exc_page_fault+0x98/0x170 [ 3083.944946][T29973] asm_exc_page_fault+0x26/0x30 [ 3083.949804][T29973] RIP: 0033:0x7f5bd06366e5 [ 3083.954217][T29973] Code: 0f 1f 44 00 00 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d de 19 17 00 48 01 ca 02 01 48 89 42 08 48 8b 0d 8d 72 17 00 48 8b 53 10 4c 8d 81 00 [ 3083.973821][T29973] RSP: 002b:00007fffe74b1750 EFLAGS: 00010206 [ 3083.979886][T29973] RAX: 0000000000000003 RBX: 00007f5bd07abf80 RCX: 00007f5bd07a80c0 [ 3083.987857][T29973] RDX: 00007f5bd07a80c0 RSI: 0000000000000080 RDI: 00007f5bd07abf80 [ 3083.995858][T29973] RBP: 00007f5bd07abf80 R08: 00007fffe753d080 R09: 0000000000000000 15:36:55 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa61c0000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:55 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, 0x0}, 0x0) 15:36:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x959e0400}, 0x0) [ 3084.003830][T29973] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00000000002f0aed [ 3084.011796][T29973] R13: 00007fffe74b1860 R14: 00007f5bd07abf80 R15: 0000000000000032 [ 3084.019773][T29973] [ 3084.035463][T29973] memory: usage 307200kB, limit 307200kB, failcnt 26209 [ 3084.042407][T29973] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3084.058792][T29973] Memory cgroup stats for /syz2: [ 3084.058940][T29973] anon 110592 [ 3084.058940][T29973] file 8388608 [ 3084.058940][T29973] kernel 306073600 [ 3084.058940][T29973] kernel_stack 65536 [ 3084.058940][T29973] pagetables 69632 [ 3084.058940][T29973] sec_pagetables 0 [ 3084.058940][T29973] percpu 5294976 [ 3084.058940][T29973] sock 0 [ 3084.058940][T29973] vmalloc 16384 [ 3084.058940][T29973] shmem 8380416 [ 3084.058940][T29973] zswap 0 [ 3084.058940][T29973] zswapped 0 [ 3084.058940][T29973] file_mapped 286720 [ 3084.058940][T29973] file_dirty 0 [ 3084.058940][T29973] file_writeback 0 [ 3084.058940][T29973] swapcached 0 [ 3084.058940][T29973] anon_thp 0 [ 3084.058940][T29973] file_thp 0 [ 3084.058940][T29973] shmem_thp 0 [ 3084.058940][T29973] inactive_anon 0 [ 3084.058940][T29973] active_anon 8491008 [ 3084.058940][T29973] inactive_file 0 [ 3084.058940][T29973] active_file 8192 [ 3084.058940][T29973] unevictable 0 [ 3084.058940][T29973] slab_reclaimable 51096 [ 3084.058940][T29973] slab_unreclaimable 300536608 [ 3084.058940][T29973] slab 300587704 15:36:56 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, 0x0}, 0x0) [ 3084.058940][T29973] workingset_refault_anon 0 [ 3084.058940][T29973] workingset_refault_file 2 [ 3084.058940][T29973] workingset_activate_anon 0 [ 3084.058940][T29973] workingset_activate_file 0 [ 3084.058940][T29973] workingset_restore_anon 0 [ 3084.058940][T29973] workingset_restore_file 2 [ 3084.058940][T29973] workingset_nodereclaim 0 [ 3084.058940][T29973] pgscan 8056 [ 3084.058940][T29973] pgsteal 122 [ 3084.058940][T29973] pgscan_kswapd 106 [ 3084.058940][T29973] pgscan_direct 7950 [ 3084.058940][T29973] pgscan_khugepaged 0 [ 3084.058940][T29973] pgsteal_kswapd 97 [ 3084.058940][T29973] pgsteal_direct 25 [ 3084.058940][T29973] pgsteal_khugepaged 0 [ 3084.058940][T29973] pgfault 695527 [ 3084.058940][T29973] pgmajfault 0 [ 3084.058940][T29973] pgrefill 32120 [ 3084.058940][T29973] pgactivate 7934 [ 3084.058940][T29973] pgdeactivate 0 [ 3084.058940][T29973] pglazyfree 0 [ 3084.058940][T29973] pglazyfreed 0 [ 3084.058940][T29973] zswpin 0 [ 3084.058940][T29973] zswpout 0 [ 3084.384245][T29973] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29973,uid=0 [ 3084.421519][T29973] Memory cgroup out of memory: Killed process 29973 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3084.525780][T30098] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3084.541933][T29982] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3084.572884][T29982] CPU: 1 PID: 29982 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3084.583302][T29982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3084.593346][T29982] Call Trace: [ 3084.596613][T29982] [ 3084.599532][T29982] dump_stack_lvl+0x136/0x150 [ 3084.604221][T29982] dump_header+0x10a/0xd70 [ 3084.608630][T29982] oom_kill_process+0x25d/0x600 [ 3084.613472][T29982] out_of_memory+0x35c/0x1660 [ 3084.618138][T29982] ? find_held_lock+0x2d/0x110 [ 3084.622895][T29982] ? oom_killer_disable+0x2b0/0x2b0 [ 3084.628082][T29982] ? rcu_read_unlock+0x9/0x60 [ 3084.632754][T29982] ? find_held_lock+0x2d/0x110 [ 3084.637514][T29982] mem_cgroup_out_of_memory+0x206/0x270 [ 3084.643059][T29982] ? mem_cgroup_margin+0x130/0x130 [ 3084.648161][T29982] ? lock_downgrade+0x690/0x690 [ 3084.653016][T29982] try_charge_memcg+0xf99/0x13a0 [ 3084.657954][T29982] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3084.663934][T29982] ? rcu_read_unlock+0x9/0x60 [ 3084.668604][T29982] ? lock_downgrade+0x690/0x690 [ 3084.673545][T29982] charge_memcg+0x90/0x3b0 [ 3084.677971][T29982] __mem_cgroup_charge+0x2b/0x90 [ 3084.682900][T29982] __handle_mm_fault+0x2296/0x41c0 [ 3084.688008][T29982] ? vm_iomap_memory+0x190/0x190 [ 3084.692938][T29982] ? mas_walk+0x58f/0x730 [ 3084.697293][T29982] ? numa_migrate_prep+0x3a0/0x3a0 [ 3084.702399][T29982] handle_mm_fault+0x2af/0x9f0 [ 3084.707161][T29982] do_user_addr_fault+0x2ca/0x1210 [ 3084.712264][T29982] ? rcu_is_watching+0x12/0xb0 [ 3084.717030][T29982] exc_page_fault+0x98/0x170 [ 3084.721615][T29982] asm_exc_page_fault+0x26/0x30 [ 3084.726465][T29982] RIP: 0033:0x7f5d2ac3e171 [ 3084.730869][T29982] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3084.750627][T29982] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3084.756692][T29982] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3084.764651][T29982] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 [ 3084.772644][T29982] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3084.780610][T29982] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3084.788750][T29982] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3084.796725][T29982] [ 3084.923258][T29982] memory: usage 307200kB, limit 307200kB, failcnt 26629 [ 3084.962968][T29982] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3084.970018][T29982] Memory cgroup stats for /syz1: [ 3084.970180][T29982] anon 434176 [ 3084.970180][T29982] file 262144 [ 3084.970180][T29982] kernel 313876480 [ 3084.970180][T29982] kernel_stack 163840 [ 3084.970180][T29982] pagetables 258048 [ 3084.970180][T29982] sec_pagetables 0 [ 3084.970180][T29982] percpu 5421856 [ 3084.970180][T29982] sock 0 [ 3084.970180][T29982] vmalloc 0 [ 3084.970180][T29982] shmem 258048 [ 3084.970180][T29982] zswap 0 [ 3084.970180][T29982] zswapped 0 [ 3084.970180][T29982] file_mapped 241664 [ 3084.970180][T29982] file_dirty 0 [ 3084.970180][T29982] file_writeback 0 [ 3084.970180][T29982] swapcached 0 [ 3084.970180][T29982] anon_thp 0 [ 3084.970180][T29982] file_thp 0 [ 3084.970180][T29982] shmem_thp 0 [ 3084.970180][T29982] inactive_anon 573440 [ 3084.970180][T29982] active_anon 118784 [ 3084.970180][T29982] inactive_file 0 [ 3084.970180][T29982] active_file 4096 [ 3084.970180][T29982] unevictable 0 [ 3084.970180][T29982] slab_reclaimable 34328 [ 3084.970180][T29982] slab_unreclaimable 307912352 [ 3084.970180][T29982] slab 307946680 [ 3084.970180][T29982] workingset_refault_anon 0 [ 3084.970180][T29982] workingset_refault_file 2 [ 3084.970180][T29982] workingset_activate_anon 0 [ 3084.970180][T29982] workingset_activate_file 0 [ 3084.970180][T29982] workingset_restore_anon 0 [ 3084.970180][T29982] workingset_restore_file 2 [ 3084.970180][T29982] workingset_nodereclaim 0 [ 3084.970180][T29982] pgscan 4374 [ 3084.970180][T29982] pgsteal 107 [ 3084.970180][T29982] pgscan_kswapd 92 [ 3084.970180][T29982] pgscan_direct 4282 [ 3084.970180][T29982] pgscan_khugepaged 0 [ 3084.970180][T29982] pgsteal_kswapd 88 [ 3084.970180][T29982] pgsteal_direct 19 [ 3084.970180][T29982] pgsteal_khugepaged 0 [ 3084.970180][T29982] pgfault 567789 [ 3084.970180][T29982] pgmajfault 2 [ 3084.970180][T29982] pgrefill 16619 [ 3084.970180][T29982] pgactivate 4267 [ 3084.970180][T29982] pgdeactivate 0 [ 3084.970180][T29982] pglazyfree 0 [ 3084.970180][T29982] pglazyfreed 0 [ 3084.970180][T29982] zswpin 0 [ 3084.970180][T29982] zswpout 0 [ 3085.224049][T29982] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=29981,uid=0 [ 3085.264459][T29982] Memory cgroup out of memory: Killed process 29981 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 15:36:57 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2f00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:57 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x949e0400}, 0x0) 15:36:57 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, 0x0}, 0x0) 15:36:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x969e0400}, 0x0) 15:36:57 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x500}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:57 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa6940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:36:57 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={0x0}}, 0x0) [ 3085.412401][T30106] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 15:36:57 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={0x0}}, 0x0) [ 3085.598415][T30099] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 15:36:57 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={0x0}}, 0x0) [ 3085.681887][T30099] CPU: 0 PID: 30099 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3085.692325][T30099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3085.702376][T30099] Call Trace: [ 3085.705656][T30099] [ 3085.708582][T30099] dump_stack_lvl+0x136/0x150 [ 3085.713267][T30099] dump_header+0x10a/0xd70 [ 3085.717679][T30099] oom_kill_process+0x25d/0x600 [ 3085.722545][T30099] out_of_memory+0x35c/0x1660 [ 3085.727218][T30099] ? find_held_lock+0x2d/0x110 [ 3085.731981][T30099] ? oom_killer_disable+0x2b0/0x2b0 [ 3085.737168][T30099] ? rcu_read_unlock+0x9/0x60 [ 3085.741840][T30099] ? find_held_lock+0x2d/0x110 [ 3085.746598][T30099] mem_cgroup_out_of_memory+0x206/0x270 [ 3085.752144][T30099] ? mem_cgroup_margin+0x130/0x130 [ 3085.757246][T30099] ? lock_downgrade+0x690/0x690 [ 3085.762189][T30099] try_charge_memcg+0xf99/0x13a0 [ 3085.767130][T30099] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3085.773108][T30099] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3085.778824][T30099] ? lock_downgrade+0x690/0x690 [ 3085.783676][T30099] ? lock_downgrade+0x690/0x690 [ 3085.788526][T30099] ? rcu_read_unlock+0x9/0x60 [ 3085.793212][T30099] obj_cgroup_charge+0x2af/0x5e0 [ 3085.798151][T30099] ? copy_process+0x3c0/0x75c0 [ 3085.802909][T30099] kmem_cache_alloc_node+0xa8/0x3e0 [ 3085.808108][T30099] copy_process+0x3c0/0x75c0 [ 3085.812697][T30099] ? __lock_acquire+0xc17/0x5f30 [ 3085.817634][T30099] ? pidfd_prepare+0x80/0x80 [ 3085.822225][T30099] ? psi_memstall_leave+0x174/0x250 [ 3085.827414][T30099] ? lock_downgrade+0x690/0x690 [ 3085.832265][T30099] kernel_clone+0xeb/0x890 [ 3085.836678][T30099] ? create_io_thread+0xe0/0xe0 [ 3085.841523][T30099] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3085.847761][T30099] ? lock_downgrade+0x690/0x690 [ 3085.852612][T30099] __do_sys_clone+0xba/0x100 [ 3085.857206][T30099] ? kernel_clone+0x890/0x890 [ 3085.861944][T30099] ? syscall_enter_from_user_mode+0x26/0x80 [ 3085.867836][T30099] do_syscall_64+0x39/0xb0 [ 3085.872252][T30099] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3085.878142][T30099] RIP: 0033:0x7fcdfee8d591 [ 3085.882546][T30099] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3085.902143][T30099] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3085.910542][T30099] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3085.918504][T30099] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3085.926468][T30099] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3085.934429][T30099] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3085.942385][T30099] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3085.950356][T30099] 15:36:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x9effffff}, 0x0) 15:36:57 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)}}, 0x0) [ 3086.112311][T30099] memory: usage 307180kB, limit 307200kB, failcnt 38382 [ 3086.124996][T30220] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:36:58 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)}}, 0x0) [ 3086.251176][T30099] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3086.258289][T30099] Memory cgroup stats for /syz4: [ 3086.258442][T30099] anon 2142208 [ 3086.258442][T30099] file 7716864 [ 3086.258442][T30099] kernel 304693248 [ 3086.258442][T30099] kernel_stack 688128 [ 3086.258442][T30099] pagetables 1171456 [ 3086.258442][T30099] sec_pagetables 0 [ 3086.258442][T30099] percpu 5219168 [ 3086.258442][T30099] sock 0 [ 3086.258442][T30099] vmalloc 8192 [ 3086.258442][T30099] shmem 7716864 [ 3086.258442][T30099] zswap 0 [ 3086.258442][T30099] zswapped 0 [ 3086.258442][T30099] file_mapped 196608 [ 3086.258442][T30099] file_dirty 0 [ 3086.258442][T30099] file_writeback 0 [ 3086.258442][T30099] swapcached 0 [ 3086.258442][T30099] anon_thp 0 [ 3086.258442][T30099] file_thp 0 [ 3086.258442][T30099] shmem_thp 0 [ 3086.258442][T30099] inactive_anon 9596928 [ 3086.258442][T30099] active_anon 262144 [ 3086.258442][T30099] inactive_file 0 [ 3086.258442][T30099] active_file 0 [ 3086.258442][T30099] unevictable 0 [ 3086.258442][T30099] slab_reclaimable 172672 [ 3086.258442][T30099] slab_unreclaimable 297097752 [ 3086.258442][T30099] slab 297270424 [ 3086.258442][T30099] workingset_refault_anon 0 [ 3086.258442][T30099] workingset_refault_file 0 [ 3086.258442][T30099] workingset_activate_anon 0 [ 3086.258442][T30099] workingset_activate_file 0 [ 3086.258442][T30099] workingset_restore_anon 0 [ 3086.258442][T30099] workingset_restore_file 0 [ 3086.258442][T30099] workingset_nodereclaim 0 [ 3086.258442][T30099] pgscan 116 [ 3086.258442][T30099] pgsteal 111 [ 3086.258442][T30099] pgscan_kswapd 99 [ 3086.258442][T30099] pgscan_direct 17 [ 3086.258442][T30099] pgscan_khugepaged 0 [ 3086.258442][T30099] pgsteal_kswapd 97 [ 3086.258442][T30099] pgsteal_direct 14 [ 3086.258442][T30099] pgsteal_khugepaged 0 [ 3086.258442][T30099] pgfault 696382 [ 3086.258442][T30099] pgmajfault 6 [ 3086.258442][T30099] pgrefill 593 [ 3086.258442][T30099] pgactivate 5 [ 3086.258442][T30099] pgdeactivate 0 [ 3086.258442][T30099] pglazyfree 0 [ 3086.258442][T30099] pglazyfreed 0 [ 3086.258442][T30099] zswpin 0 [ 3086.258442][T30099] zswpout 0 [ 3086.522286][T30099] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30099,uid=0 [ 3086.539633][T30099] Memory cgroup out of memory: Killed process 30099 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3086.581132][T30101] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3086.631982][T30101] CPU: 1 PID: 30101 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3086.642414][T30101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3086.652464][T30101] Call Trace: [ 3086.655749][T30101] [ 3086.658669][T30101] dump_stack_lvl+0x136/0x150 [ 3086.663358][T30101] dump_header+0x10a/0xd70 [ 3086.667773][T30101] oom_kill_process+0x25d/0x600 [ 3086.672603][T30101] out_of_memory+0x35c/0x1660 [ 3086.677271][T30101] ? find_held_lock+0x2d/0x110 [ 3086.682038][T30101] ? oom_killer_disable+0x2b0/0x2b0 [ 3086.687237][T30101] ? rcu_read_unlock+0x9/0x60 [ 3086.691912][T30101] ? find_held_lock+0x2d/0x110 [ 3086.696675][T30101] mem_cgroup_out_of_memory+0x206/0x270 [ 3086.702220][T30101] ? mem_cgroup_margin+0x130/0x130 [ 3086.707325][T30101] ? lock_downgrade+0x690/0x690 [ 3086.712163][T30101] try_charge_memcg+0xf99/0x13a0 [ 3086.717092][T30101] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3086.723066][T30101] ? rcu_read_unlock+0x9/0x60 [ 3086.727732][T30101] ? lock_downgrade+0x690/0x690 [ 3086.732604][T30101] charge_memcg+0x90/0x3b0 [ 3086.737024][T30101] __mem_cgroup_charge+0x2b/0x90 [ 3086.741961][T30101] do_wp_page+0x8ea/0x33c0 [ 3086.746377][T30101] ? lock_sync+0x190/0x190 [ 3086.750786][T30101] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3086.756137][T30101] ? do_raw_spin_lock+0x124/0x2b0 [ 3086.761163][T30101] ? spin_bug+0x1c0/0x1c0 [ 3086.765483][T30101] __handle_mm_fault+0x1635/0x41c0 [ 3086.770678][T30101] ? vm_iomap_memory+0x190/0x190 [ 3086.775606][T30101] ? mas_walk+0x58f/0x730 [ 3086.779956][T30101] ? numa_migrate_prep+0x3a0/0x3a0 [ 3086.785066][T30101] ? do_user_addr_fault+0x367/0x1210 [ 3086.790357][T30101] handle_mm_fault+0x2af/0x9f0 [ 3086.795120][T30101] do_user_addr_fault+0x2ca/0x1210 [ 3086.800230][T30101] ? rcu_is_watching+0x12/0xb0 [ 3086.804997][T30101] exc_page_fault+0x98/0x170 [ 3086.809575][T30101] asm_exc_page_fault+0x26/0x30 [ 3086.814413][T30101] RIP: 0033:0x7f5bd0639610 [ 3086.818818][T30101] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3086.838511][T30101] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3086.844585][T30101] RAX: 0000000004219014 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3086.852554][T30101] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a28a722 [ 3086.860518][T30101] RBP: 0000000004219014 R08: 0000000000001014 R09: 0000000004219018 [ 3086.868475][T30101] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3086.876438][T30101] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83d6fdb1 [ 3086.884409][T30101] ? apparmor_socket_create+0x151/0x670 [ 3086.889971][T30101] [ 3086.973428][T30101] memory: usage 307200kB, limit 307200kB, failcnt 26316 [ 3086.983240][T30101] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3087.014206][T30101] Memory cgroup stats for /syz2: [ 3087.014372][T30101] anon 139264 [ 3087.014372][T30101] file 8388608 [ 3087.014372][T30101] kernel 306044928 [ 3087.014372][T30101] kernel_stack 65536 [ 3087.014372][T30101] pagetables 69632 [ 3087.014372][T30101] sec_pagetables 0 [ 3087.014372][T30101] percpu 5294912 [ 3087.014372][T30101] sock 0 [ 3087.014372][T30101] vmalloc 16384 [ 3087.014372][T30101] shmem 8380416 [ 3087.014372][T30101] zswap 0 [ 3087.014372][T30101] zswapped 0 [ 3087.014372][T30101] file_mapped 286720 [ 3087.014372][T30101] file_dirty 0 [ 3087.014372][T30101] file_writeback 0 [ 3087.014372][T30101] swapcached 0 [ 3087.014372][T30101] anon_thp 0 [ 3087.014372][T30101] file_thp 0 [ 3087.014372][T30101] shmem_thp 0 [ 3087.014372][T30101] inactive_anon 0 [ 3087.014372][T30101] active_anon 8519680 [ 3087.014372][T30101] inactive_file 0 [ 3087.014372][T30101] active_file 8192 [ 3087.014372][T30101] unevictable 0 [ 3087.014372][T30101] slab_reclaimable 39288 [ 3087.014372][T30101] slab_unreclaimable 300524288 [ 3087.014372][T30101] slab 300563576 [ 3087.014372][T30101] workingset_refault_anon 0 [ 3087.014372][T30101] workingset_refault_file 2 [ 3087.014372][T30101] workingset_activate_anon 0 [ 3087.014372][T30101] workingset_activate_file 0 [ 3087.014372][T30101] workingset_restore_anon 0 [ 3087.014372][T30101] workingset_restore_file 2 [ 3087.014372][T30101] workingset_nodereclaim 0 [ 3087.014372][T30101] pgscan 8196 [ 3087.014372][T30101] pgsteal 122 [ 3087.014372][T30101] pgscan_kswapd 106 [ 3087.014372][T30101] pgscan_direct 8090 [ 3087.014372][T30101] pgscan_khugepaged 0 [ 3087.014372][T30101] pgsteal_kswapd 97 [ 3087.014372][T30101] pgsteal_direct 25 [ 3087.014372][T30101] pgsteal_khugepaged 0 [ 3087.014372][T30101] pgfault 695583 [ 3087.014372][T30101] pgmajfault 0 [ 3087.014372][T30101] pgrefill 32120 [ 3087.014372][T30101] pgactivate 8074 [ 3087.014372][T30101] pgdeactivate 0 [ 3087.014372][T30101] pglazyfree 0 [ 3087.014372][T30101] pglazyfreed 0 [ 3087.014372][T30101] zswpin 0 [ 3087.014372][T30101] zswpout 0 [ 3087.282487][T30101] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30101,uid=0 [ 3087.334130][T30101] Memory cgroup out of memory: Killed process 30101 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3087.393143][T30204] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3087.483568][T30204] warn_alloc: 1 callbacks suppressed [ 3087.483583][T30204] syz-executor.1: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0x404dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null) [ 3087.494381][T30157] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3087.494403][T30157] CPU: 1 PID: 30157 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3087.494420][T30157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3087.494429][T30157] Call Trace: [ 3087.494435][T30157] [ 3087.494441][T30157] dump_stack_lvl+0x136/0x150 [ 3087.494471][T30157] dump_header+0x10a/0xd70 [ 3087.494490][T30157] oom_kill_process+0x25d/0x600 [ 3087.494507][T30157] out_of_memory+0x35c/0x1660 [ 3087.494526][T30157] ? find_held_lock+0x2d/0x110 [ 3087.494546][T30157] ? oom_killer_disable+0x2b0/0x2b0 [ 3087.494567][T30157] ? rcu_read_unlock+0x9/0x60 [ 3087.494589][T30157] ? find_held_lock+0x2d/0x110 [ 3087.494611][T30157] mem_cgroup_out_of_memory+0x206/0x270 [ 3087.494631][T30157] ? mem_cgroup_margin+0x130/0x130 [ 3087.494651][T30157] ? lock_downgrade+0x690/0x690 [ 3087.494680][T30157] try_charge_memcg+0xf99/0x13a0 [ 3087.494707][T30157] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3087.494731][T30157] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3087.494754][T30157] ? lock_downgrade+0x690/0x690 [ 3087.494776][T30157] ? lock_downgrade+0x690/0x690 [ 3087.494795][T30157] ? rcu_read_unlock+0x9/0x60 [ 3087.494820][T30157] obj_cgroup_charge+0x2af/0x5e0 [ 3087.494846][T30157] ? copy_process+0x3c0/0x75c0 [ 3087.494866][T30157] kmem_cache_alloc_node+0xa8/0x3e0 [ 3087.494891][T30157] copy_process+0x3c0/0x75c0 [ 3087.494913][T30157] ? __lock_acquire+0xc17/0x5f30 [ 3087.494940][T30157] ? pidfd_prepare+0x80/0x80 [ 3087.494964][T30157] ? psi_memstall_leave+0x174/0x250 [ 3087.494980][T30157] ? lock_downgrade+0x690/0x690 [ 3087.495005][T30157] kernel_clone+0xeb/0x890 [ 3087.495026][T30157] ? create_io_thread+0xe0/0xe0 [ 3087.495052][T30157] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3087.495078][T30157] ? lock_downgrade+0x690/0x690 [ 3087.495105][T30157] __do_sys_clone+0xba/0x100 [ 3087.495125][T30157] ? kernel_clone+0x890/0x890 [ 3087.495153][T30157] ? syscall_enter_from_user_mode+0x26/0x80 [ 3087.495177][T30157] do_syscall_64+0x39/0xb0 [ 3087.495200][T30157] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3087.495224][T30157] RIP: 0033:0x7f5d2ac8d591 [ 3087.495237][T30157] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3087.495252][T30157] RSP: 002b:00007ffc24e00338 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3087.495268][T30157] RAX: ffffffffffffffda RBX: 00007f5d2b9ec700 RCX: 00007f5d2ac8d591 [ 3087.495279][T30157] RDX: 00007f5d2b9ec9d0 RSI: 00007f5d2b9ec2f0 RDI: 00000000003d0f00 [ 3087.495290][T30157] RBP: 00007ffc24e00580 R08: 00007f5d2b9ec700 R09: 00007f5d2b9ec700 [ 3087.495301][T30157] R10: 00007f5d2b9ec9d0 R11: 0000000000000206 R12: 00007ffc24e003ee [ 3087.495311][T30157] R13: 00007ffc24e003ef R14: 00007f5d2b9ec300 R15: 0000000000022000 [ 3087.495332][T30157] [ 3087.502787][T30157] memory: usage 307200kB, limit 307200kB, failcnt 26782 [ 3087.575862][T30204] ,cpuset=syz1,mems_allowed=0-1 [ 3087.630479][T30157] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3087.706664][T30204] [ 3087.840007][T30157] Memory cgroup stats for /syz1: [ 3087.903191][T30157] anon 442368 [ 3087.903191][T30157] file 262144 [ 3087.903191][T30157] kernel 313868288 [ 3087.903191][T30157] kernel_stack 163840 [ 3087.903191][T30157] pagetables 258048 [ 3087.903191][T30157] sec_pagetables 0 [ 3087.903191][T30157] percpu 5421792 [ 3087.903191][T30157] sock 0 [ 3087.903191][T30157] vmalloc 4096 [ 3087.903191][T30157] shmem 258048 [ 3087.903191][T30157] zswap 0 [ 3087.903191][T30157] zswapped 0 [ 3087.903191][T30157] file_mapped 241664 [ 3087.903191][T30157] file_dirty 0 [ 3087.903191][T30157] file_writeback 0 [ 3087.903191][T30157] swapcached 0 [ 3087.903191][T30157] anon_thp 0 [ 3087.903191][T30157] file_thp 0 [ 3087.903191][T30157] shmem_thp 0 [ 3087.903191][T30157] inactive_anon 0 [ 3087.903191][T30157] active_anon 700416 [ 3087.903191][T30157] inactive_file 0 [ 3087.903191][T30157] active_file 4096 [ 3087.903191][T30157] unevictable 0 [ 3087.903191][T30157] slab_reclaimable 34328 [ 3087.903191][T30157] slab_unreclaimable 307901752 [ 3087.903191][T30157] slab 307936080 [ 3087.903191][T30157] workingset_refault_anon 0 [ 3087.903191][T30157] workingset_refault_file 2 [ 3087.903191][T30157] workingset_activate_anon 0 [ 3087.903191][T30157] workingset_activate_file 0 [ 3087.903191][T30157] workingset_restore_anon 0 [ 3087.903191][T30157] workingset_restore_file 2 [ 3087.903191][T30157] workingset_nodereclaim 0 [ 3087.903191][T30157] pgscan 4435 [ 3087.903191][T30157] pgsteal 107 [ 3087.903191][T30157] pgscan_kswapd 92 [ 3087.903191][T30157] pgscan_direct 4343 [ 3087.903191][T30157] pgscan_khugepaged 0 [ 3087.903191][T30157] pgsteal_kswapd 88 [ 3087.903191][T30157] pgsteal_direct 19 [ 3087.903191][T30157] pgsteal_khugepaged 0 [ 3087.903191][T30157] pgfault 567856 [ 3087.903191][T30157] pgmajfault 2 [ 3087.903191][T30157] pgrefill 16619 [ 3087.903191][T30157] pgactivate 4328 [ 3087.903191][T30157] pgdeactivate 0 [ 3087.903191][T30157] pglazyfree 0 [ 3087.903191][T30157] pglazyfreed 0 [ 3087.903191][T30157] zswpin 0 [ 3087.903191][T30157] zswpout 0 [ 3087.921875][T30204] CPU: 0 PID: 30204 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3088.104292][T30204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3088.114346][T30204] Call Trace: [ 3088.117625][T30204] [ 3088.120550][T30204] dump_stack_lvl+0x136/0x150 [ 3088.125244][T30204] warn_alloc+0x213/0x360 [ 3088.129590][T30204] ? zone_watermark_ok_safe+0x2e0/0x2e0 [ 3088.135146][T30204] ? find_held_lock+0x2d/0x110 [ 3088.139917][T30204] ? lock_downgrade+0x690/0x690 [ 3088.144773][T30204] ? mark_held_locks+0x9f/0xe0 [ 3088.149549][T30204] __vmalloc_node_range+0x1021/0x14a0 [ 3088.154934][T30204] ? alloc_netdev_mqs+0x9c/0x1250 [ 3088.159981][T30204] ? delayed_vfree_work+0x70/0x70 [ 3088.165017][T30204] ? __kmem_cache_alloc_node+0xb4/0x320 [ 3088.170584][T30204] ? kvmalloc_node+0x76/0x1a0 [ 3088.175254][T30204] ? rcu_is_watching+0x12/0xb0 [ 3088.180011][T30204] ? alloc_netdev_mqs+0x9c/0x1250 [ 3088.185041][T30204] kvmalloc_node+0x156/0x1a0 [ 3088.189646][T30204] ? alloc_netdev_mqs+0x9c/0x1250 [ 3088.194674][T30204] alloc_netdev_mqs+0x9c/0x1250 [ 3088.199528][T30204] ? security_capable+0x93/0xc0 [ 3088.204378][T30204] ? br_netpoll_disable+0x60/0x60 [ 3088.209396][T30204] rtnl_create_link+0xc17/0xf20 [ 3088.214240][T30204] __rtnl_newlink+0xfd4/0x1840 [ 3088.219000][T30204] ? find_held_lock+0x2d/0x110 [ 3088.223757][T30204] ? rtnl_link_unregister+0x250/0x250 [ 3088.229124][T30204] ? __kmem_cache_alloc_node+0x48/0x320 [ 3088.234676][T30204] ? rtnl_newlink+0x4a/0xa0 [ 3088.239179][T30204] rtnl_newlink+0x68/0xa0 [ 3088.243585][T30204] ? __rtnl_newlink+0x1840/0x1840 [ 3088.248604][T30204] rtnetlink_rcv_msg+0x43d/0xd50 [ 3088.253539][T30204] ? rtnl_stats_set+0x4d0/0x4d0 [ 3088.258381][T30204] ? __dev_queue_xmit+0xa2a/0x3b10 [ 3088.263599][T30204] netlink_rcv_skb+0x165/0x440 [ 3088.268353][T30204] ? rtnl_stats_set+0x4d0/0x4d0 [ 3088.273193][T30204] ? netlink_ack+0x1360/0x1360 [ 3088.277959][T30204] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3088.283240][T30204] netlink_unicast+0x547/0x7f0 [ 3088.287997][T30204] ? netlink_attachskb+0x890/0x890 [ 3088.293098][T30204] ? __virt_addr_valid+0x61/0x2e0 [ 3088.298118][T30204] ? __phys_addr_symbol+0x30/0x70 [ 3088.303136][T30204] ? __check_object_size+0x323/0x730 [ 3088.308420][T30204] netlink_sendmsg+0x925/0xe30 [ 3088.313178][T30204] ? netlink_unicast+0x7f0/0x7f0 [ 3088.318132][T30204] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3088.323405][T30204] ? netlink_unicast+0x7f0/0x7f0 [ 3088.328334][T30204] sock_sendmsg+0xde/0x190 [ 3088.332740][T30204] ____sys_sendmsg+0x71c/0x900 [ 3088.337492][T30204] ? copy_msghdr_from_user+0xfc/0x150 [ 3088.342857][T30204] ? kernel_sendmsg+0x50/0x50 [ 3088.347528][T30204] ? futex_unqueue+0xb7/0x120 [ 3088.352200][T30204] ? futex_wait+0x503/0x680 [ 3088.356697][T30204] ___sys_sendmsg+0x110/0x1b0 [ 3088.361371][T30204] ? do_recvmmsg+0x6f0/0x6f0 [ 3088.365958][T30204] ? __fget_files+0x248/0x480 [ 3088.370632][T30204] ? lock_downgrade+0x690/0x690 [ 3088.375485][T30204] ? __fget_files+0x26a/0x480 [ 3088.380164][T30204] ? __fget_light+0xe5/0x270 [ 3088.384754][T30204] __sys_sendmsg+0xf7/0x1c0 [ 3088.389251][T30204] ? __sys_sendmsg_sock+0x40/0x40 [ 3088.394266][T30204] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3088.400168][T30204] ? syscall_enter_from_user_mode+0x26/0x80 [ 3088.406061][T30204] ? lockdep_hardirqs_on+0x7d/0x100 [ 3088.411252][T30204] do_syscall_64+0x39/0xb0 [ 3088.415665][T30204] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3088.421556][T30204] RIP: 0033:0x7f5d2ac8c169 [ 3088.425987][T30204] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3088.445587][T30204] RSP: 002b:00007f5d2ba0d168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3088.453989][T30204] RAX: ffffffffffffffda RBX: 00007f5d2adabf80 RCX: 00007f5d2ac8c169 [ 3088.461959][T30204] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3088.469919][T30204] RBP: 00007f5d2ace7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3088.477877][T30204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3088.485834][T30204] R13: 00007ffc24e003ef R14: 00007f5d2ba0d300 R15: 0000000000022000 [ 3088.493806][T30204] [ 3088.624250][T30204] Mem-Info: [ 3088.631228][T30204] active_anon:191606 inactive_anon:29504 isolated_anon:0 [ 3088.631228][T30204] active_file:7515 inactive_file:1400 isolated_file:0 [ 3088.631228][T30204] unevictable:768 dirty:13 writeback:0 [ 3088.631228][T30204] slab_reclaimable:23969 slab_unreclaimable:611054 [ 3088.631228][T30204] mapped:19968 shmem:27259 pagetables:2093 [ 3088.631228][T30204] sec_pagetables:0 bounce:0 [ 3088.631228][T30204] kernel_misc_reclaimable:0 [ 3088.631228][T30204] free:664747 free_pcp:10966 free_cma:0 [ 3088.681293][T30157] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=30157,uid=0 [ 3088.681397][T30157] Memory cgroup out of memory: Killed process 30157 (syz-executor.1) total-vm:54680kB, anon-rss:488kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3088.752552][T30204] Node 0 active_anon:761288kB inactive_anon:118356kB active_file:28804kB inactive_file:464kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:79872kB dirty:48kB writeback:0kB shmem:105228kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 49152kB writeback_tmp:0kB kernel_stack:11504kB pagetables:7540kB sec_pagetables:0kB all_unreclaimable? no [ 3088.824108][T30204] Node 1 active_anon:4576kB inactive_anon:220kB active_file:1256kB inactive_file:5136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:3808kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:852kB pagetables:832kB sec_pagetables:0kB all_unreclaimable? no [ 3088.892110][T30204] Node 0 DMA free:10708kB boost:0kB min:200kB low:248kB high:296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:88kB free_cma:0kB [ 3088.949925][T30204] lowmem_reserve[]: 0 2617 2619 2619 2619 [ 3088.961336][T30204] Node 0 DMA32 free:44292kB boost:0kB min:35440kB low:44300kB high:53160kB reserved_highatomic:0KB active_anon:761248kB inactive_anon:118352kB active_file:27576kB inactive_file:384kB unevictable:1536kB writepending:48kB present:3129332kB managed:2684936kB mlocked:0kB bounce:0kB free_pcp:29580kB local_pcp:16724kB free_cma:0kB [ 3089.030217][T30204] lowmem_reserve[]: 0 0 1 1 1 [ 3089.040538][T30204] Node 0 Normal free:16kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:40kB inactive_anon:4kB active_file:1228kB inactive_file:76kB unevictable:0kB writepending:0kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 3089.100077][T30204] lowmem_reserve[]: 0 0 0 0 0 [ 3089.110542][T30204] Node 1 Normal free:2603972kB boost:0kB min:54444kB low:68052kB high:81660kB reserved_highatomic:0KB active_anon:4576kB inactive_anon:220kB active_file:1256kB inactive_file:5136kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:14044kB local_pcp:2076kB free_cma:0kB [ 3089.172666][T30204] lowmem_reserve[]: 0 0 0 0 0 [ 3089.182756][T30204] Node 0 DMA: 3*4kB (UE) 3*8kB (UME) 1*16kB (M) 1*32kB (E) 2*64kB (ME) 4*128kB (UME) 3*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10708kB [ 3089.222907][T30204] Node 0 DMA32: 499*4kB (ME) 427*8kB (ME) 172*16kB (UME) 155*32kB (ME) 47*64kB (UME) 20*128kB (UME) 10*256kB (ME) 9*512kB (UME) 6*1024kB (UM) 6*2048kB (M) 0*4096kB = 44292kB [ 3089.253844][T30204] Node 0 Normal: 4*4kB (UM) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 3089.273476][T30204] Node 1 Normal: 941*4kB (UM) 1336*8kB (UME) 581*16kB (UME) 226*32kB (UME) 257*64kB (UME) 119*128kB (UME) 69*256kB (UME) 43*512kB (UM) 29*1024kB (UM) 11*2048kB (UM) 598*4096kB (UM) = 2603972kB [ 3089.312909][T30204] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3089.334032][T30204] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3089.360919][T30204] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3089.381495][T30204] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3089.400209][T30204] 36014 total pagecache pages [ 3089.410607][T30204] 0 pages in swap cache [ 3089.419686][T30204] Free swap = 0kB [ 3089.423386][T30204] Total swap = 0kB 15:37:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3000}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x2e00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:01 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000200)={&(0x7f00000000c0), 0x18, &(0x7f00000001c0)={&(0x7f0000000100)}}, 0x0) 15:37:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xc3ffffff}, 0x0) 15:37:01 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa7940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:01 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x600}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3089.432524][T30204] 2097051 pages RAM [ 3089.447920][T30204] 0 pages HighMem/MovableOnly [ 3089.452652][T30204] 392162 pages reserved [ 3089.462319][T30204] 0 pages cma reserved 15:37:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa61c0000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3089.532825][T30228] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3089.721170][T30230] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3089.740577][T30230] CPU: 1 PID: 30230 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3089.751002][T30230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3089.761057][T30230] Call Trace: [ 3089.764328][T30230] [ 3089.767250][T30230] dump_stack_lvl+0x136/0x150 [ 3089.771925][T30230] dump_header+0x10a/0xd70 [ 3089.776332][T30230] oom_kill_process+0x25d/0x600 [ 3089.781257][T30230] out_of_memory+0x35c/0x1660 [ 3089.785927][T30230] ? find_held_lock+0x2d/0x110 [ 3089.790684][T30230] ? oom_killer_disable+0x2b0/0x2b0 [ 3089.795870][T30230] ? rcu_read_unlock+0x9/0x60 [ 3089.800536][T30230] ? find_held_lock+0x2d/0x110 [ 3089.805294][T30230] mem_cgroup_out_of_memory+0x206/0x270 [ 3089.810830][T30230] ? mem_cgroup_margin+0x130/0x130 [ 3089.816019][T30230] ? lock_downgrade+0x690/0x690 [ 3089.820869][T30230] try_charge_memcg+0xf99/0x13a0 [ 3089.825807][T30230] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3089.831783][T30230] ? rcu_read_unlock+0x9/0x60 [ 3089.836446][T30230] ? lock_downgrade+0x690/0x690 [ 3089.841303][T30230] charge_memcg+0x90/0x3b0 [ 3089.845717][T30230] __mem_cgroup_charge+0x2b/0x90 [ 3089.850639][T30230] do_wp_page+0x8ea/0x33c0 [ 3089.855042][T30230] ? lock_sync+0x190/0x190 [ 3089.859449][T30230] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3089.864805][T30230] ? do_raw_spin_lock+0x124/0x2b0 [ 3089.869824][T30230] ? spin_bug+0x1c0/0x1c0 [ 3089.874148][T30230] __handle_mm_fault+0x1635/0x41c0 [ 3089.879249][T30230] ? vm_iomap_memory+0x190/0x190 [ 3089.884173][T30230] ? mas_walk+0x58f/0x730 [ 3089.888498][T30230] ? numa_migrate_prep+0x3a0/0x3a0 [ 3089.893593][T30230] ? do_user_addr_fault+0x367/0x1210 [ 3089.898874][T30230] handle_mm_fault+0x2af/0x9f0 [ 3089.903647][T30230] do_user_addr_fault+0x2ca/0x1210 [ 3089.908752][T30230] ? rcu_is_watching+0x12/0xb0 [ 3089.913513][T30230] exc_page_fault+0x98/0x170 [ 3089.918094][T30230] asm_exc_page_fault+0x26/0x30 [ 3089.922938][T30230] RIP: 0033:0x7f5bd0639610 [ 3089.927337][T30230] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3089.946932][T30230] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3089.952984][T30230] RAX: 00000000b5cac872 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3089.960945][T30230] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a2432a4 [ 3089.968919][T30230] RBP: 00000000b5cac872 R08: 0000000000000872 R09: 00000000b5cac876 [ 3089.976876][T30230] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3089.984834][T30230] R13: 0000000000000001 R14: 0000000000000009 R15: ffffffff83d6fc82 [ 3089.992792][T30230] ? apparmor_socket_create+0x22/0x670 [ 3089.998257][T30230] [ 3090.111928][T30230] memory: usage 307200kB, limit 307200kB, failcnt 26371 [ 3090.122120][T30230] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3090.145641][T30230] Memory cgroup stats for /syz2: [ 3090.145794][T30230] anon 135168 [ 3090.145794][T30230] file 8388608 [ 3090.145794][T30230] kernel 306049024 [ 3090.145794][T30230] kernel_stack 65536 [ 3090.145794][T30230] pagetables 69632 [ 3090.145794][T30230] sec_pagetables 0 [ 3090.145794][T30230] percpu 5294912 [ 3090.145794][T30230] sock 0 [ 3090.145794][T30230] vmalloc 16384 [ 3090.145794][T30230] shmem 8380416 [ 3090.145794][T30230] zswap 0 [ 3090.145794][T30230] zswapped 0 [ 3090.145794][T30230] file_mapped 286720 [ 3090.145794][T30230] file_dirty 0 [ 3090.145794][T30230] file_writeback 0 [ 3090.145794][T30230] swapcached 0 [ 3090.145794][T30230] anon_thp 0 [ 3090.145794][T30230] file_thp 0 [ 3090.145794][T30230] shmem_thp 0 [ 3090.145794][T30230] inactive_anon 0 [ 3090.145794][T30230] active_anon 8515584 [ 3090.145794][T30230] inactive_file 0 [ 3090.145794][T30230] active_file 8192 [ 3090.145794][T30230] unevictable 0 [ 3090.145794][T30230] slab_reclaimable 42240 [ 3090.145794][T30230] slab_unreclaimable 300524632 [ 3090.145794][T30230] slab 300566872 [ 3090.145794][T30230] workingset_refault_anon 0 [ 3090.145794][T30230] workingset_refault_file 2 [ 3090.145794][T30230] workingset_activate_anon 0 [ 3090.145794][T30230] workingset_activate_file 0 [ 3090.145794][T30230] workingset_restore_anon 0 [ 3090.145794][T30230] workingset_restore_file 2 [ 3090.145794][T30230] workingset_nodereclaim 0 [ 3090.145794][T30230] pgscan 8292 [ 3090.145794][T30230] pgsteal 122 [ 3090.145794][T30230] pgscan_kswapd 106 [ 3090.145794][T30230] pgscan_direct 8186 [ 3090.145794][T30230] pgscan_khugepaged 0 [ 3090.145794][T30230] pgsteal_kswapd 97 [ 3090.145794][T30230] pgsteal_direct 25 [ 3090.145794][T30230] pgsteal_khugepaged 0 [ 3090.145794][T30230] pgfault 695637 [ 3090.145794][T30230] pgmajfault 0 [ 3090.145794][T30230] pgrefill 32120 [ 3090.145794][T30230] pgactivate 8170 [ 3090.145794][T30230] pgdeactivate 0 [ 3090.145794][T30230] pglazyfree 0 [ 3090.145794][T30230] pglazyfreed 0 [ 3090.145794][T30230] zswpin 0 [ 3090.145794][T30230] zswpout 0 [ 3090.342678][T30230] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30230,uid=0 [ 3090.383470][T30230] Memory cgroup out of memory: Killed process 30230 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3090.434148][T30251] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3090.464131][T30249] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3090.466244][T30251] CPU: 0 PID: 30251 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3090.483843][T30251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3090.493898][T30251] Call Trace: [ 3090.497173][T30251] [ 3090.500098][T30251] dump_stack_lvl+0x136/0x150 [ 3090.504792][T30251] dump_header+0x10a/0xd70 [ 3090.509213][T30251] oom_kill_process+0x25d/0x600 [ 3090.514061][T30251] out_of_memory+0x35c/0x1660 [ 3090.518743][T30251] ? oom_killer_disable+0x2b0/0x2b0 [ 3090.523943][T30251] ? rcu_read_unlock+0x9/0x60 [ 3090.528617][T30251] ? find_held_lock+0x2d/0x110 [ 3090.530954][T30293] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3090.533372][T30251] mem_cgroup_out_of_memory+0x206/0x270 [ 3090.533400][T30251] ? mem_cgroup_margin+0x130/0x130 [ 3090.553281][T30251] ? lock_downgrade+0x690/0x690 [ 3090.558147][T30251] try_charge_memcg+0xf99/0x13a0 [ 3090.563101][T30251] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3090.569098][T30251] ? rcu_read_unlock+0x9/0x60 [ 3090.573782][T30251] ? lock_downgrade+0x690/0x690 [ 3090.578645][T30251] charge_memcg+0x90/0x3b0 15:37:02 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x700}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xe4ffffff}, 0x0) [ 3090.583069][T30251] __mem_cgroup_charge+0x2b/0x90 [ 3090.588002][T30251] do_wp_page+0x8ea/0x33c0 [ 3090.592419][T30251] ? lock_sync+0x190/0x190 [ 3090.596835][T30251] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3090.602292][T30251] ? do_raw_spin_lock+0x124/0x2b0 [ 3090.607326][T30251] ? spin_bug+0x1c0/0x1c0 [ 3090.611671][T30251] __handle_mm_fault+0x1635/0x41c0 [ 3090.616792][T30251] ? vm_iomap_memory+0x190/0x190 [ 3090.621736][T30251] ? mas_walk+0x58f/0x730 [ 3090.626085][T30251] ? numa_migrate_prep+0x3a0/0x3a0 [ 3090.631202][T30251] ? do_user_addr_fault+0x367/0x1210 [ 3090.636495][T30251] handle_mm_fault+0x2af/0x9f0 [ 3090.641263][T30251] do_user_addr_fault+0x2ca/0x1210 [ 3090.646375][T30251] ? rcu_is_watching+0x12/0xb0 [ 3090.651153][T30251] exc_page_fault+0x98/0x170 [ 3090.655741][T30251] asm_exc_page_fault+0x26/0x30 [ 3090.660596][T30251] RIP: 0033:0x7f5d2ac39610 [ 3090.665003][T30251] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3090.684609][T30251] RSP: 002b:00007ffc24e00390 EFLAGS: 00010246 [ 3090.690759][T30251] RAX: 00000000899363ac RBX: 00007f5d2adac018 RCX: 0000001b2dc20000 [ 3090.698727][T30251] RDX: 0000000000000000 RSI: 0000001b2dc20018 RDI: 000000000c826fe4 [ 3090.706698][T30251] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3090.714668][T30251] R10: 00007ffc24e00550 R11: 0000000000000246 R12: 00007f5d2ada0000 [ 3090.722636][T30251] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3090.730607][T30251] ? __sock_create+0x46/0x850 [ 3090.735299][T30251] 15:37:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x83940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3090.884354][T30251] memory: usage 307144kB, limit 307200kB, failcnt 26850 [ 3090.940553][T30349] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) [ 3091.022862][T30251] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3091.024464][T30351] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3091.040149][T30251] Memory cgroup stats for /syz1: [ 3091.040305][T30251] anon 401408 [ 3091.040305][T30251] file 262144 [ 3091.040305][T30251] kernel 313851904 [ 3091.040305][T30251] kernel_stack 163840 [ 3091.040305][T30251] pagetables 249856 [ 3091.040305][T30251] sec_pagetables 0 [ 3091.040305][T30251] percpu 5421792 [ 3091.040305][T30251] sock 0 [ 3091.040305][T30251] vmalloc 0 [ 3091.040305][T30251] shmem 258048 [ 3091.040305][T30251] zswap 0 [ 3091.040305][T30251] zswapped 0 [ 3091.040305][T30251] file_mapped 241664 [ 3091.040305][T30251] file_dirty 0 [ 3091.040305][T30251] file_writeback 0 [ 3091.040305][T30251] swapcached 0 [ 3091.040305][T30251] anon_thp 0 [ 3091.040305][T30251] file_thp 0 [ 3091.040305][T30251] shmem_thp 0 [ 3091.040305][T30251] inactive_anon 573440 [ 3091.040305][T30251] active_anon 86016 [ 3091.040305][T30251] inactive_file 0 [ 3091.040305][T30251] active_file 4096 [ 3091.040305][T30251] unevictable 0 [ 3091.040305][T30251] slab_reclaimable 32400 [ 3091.040305][T30251] slab_unreclaimable 307899632 [ 3091.040305][T30251] slab 307932032 [ 3091.040305][T30251] workingset_refault_anon 0 [ 3091.040305][T30251] workingset_refault_file 2 [ 3091.040305][T30251] workingset_activate_anon 0 [ 3091.040305][T30251] workingset_activate_file 0 [ 3091.040305][T30251] workingset_restore_anon 0 [ 3091.040305][T30251] workingset_restore_file 2 [ 3091.040305][T30251] workingset_nodereclaim 0 [ 3091.040305][T30251] pgscan 4466 [ 3091.040305][T30251] pgsteal 107 [ 3091.040305][T30251] pgscan_kswapd 92 [ 3091.040305][T30251] pgscan_direct 4374 [ 3091.040305][T30251] pgscan_khugepaged 0 [ 3091.040305][T30251] pgsteal_kswapd 88 [ 3091.040305][T30251] pgsteal_direct 19 [ 3091.040305][T30251] pgsteal_khugepaged 0 [ 3091.040305][T30251] pgfault 567907 [ 3091.040305][T30251] pgmajfault 2 [ 3091.040305][T30251] pgrefill 16619 [ 3091.040305][T30251] pgactivate 4359 [ 3091.040305][T30251] pgdeactivate 0 [ 3091.040305][T30251] pglazyfree 0 [ 3091.040305][T30251] pglazyfreed 0 [ 3091.040305][T30251] zswpin 0 [ 3091.040305][T30251] zswpout 0 [ 3091.123832][T30354] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 15:37:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xec3e5f09}, 0x0) [ 3091.411632][T30251] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=30251,uid=0 [ 3091.473592][T30251] Memory cgroup out of memory: Killed process 30251 (syz-executor.1) total-vm:54548kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 15:37:03 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3100}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x80940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xf0ffffff}, 0x0) [ 3091.623801][T30229] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3091.650356][T30229] CPU: 1 PID: 30229 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3091.660803][T30229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3091.670858][T30229] Call Trace: [ 3091.674139][T30229] [ 3091.677079][T30229] dump_stack_lvl+0x136/0x150 [ 3091.677486][T30463] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3091.681759][T30229] dump_header+0x10a/0xd70 [ 3091.681784][T30229] oom_kill_process+0x25d/0x600 [ 3091.681824][T30229] out_of_memory+0x35c/0x1660 [ 3091.704972][T30229] ? find_held_lock+0x2d/0x110 [ 3091.709739][T30229] ? oom_killer_disable+0x2b0/0x2b0 [ 3091.714934][T30229] ? rcu_read_unlock+0x9/0x60 [ 3091.719614][T30229] ? find_held_lock+0x2d/0x110 [ 3091.724381][T30229] mem_cgroup_out_of_memory+0x206/0x270 [ 3091.729928][T30229] ? mem_cgroup_margin+0x130/0x130 [ 3091.735033][T30229] ? lock_downgrade+0x690/0x690 [ 3091.739887][T30229] try_charge_memcg+0xf99/0x13a0 [ 3091.744826][T30229] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3091.750799][T30229] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3091.756509][T30229] ? lock_downgrade+0x690/0x690 [ 3091.761354][T30229] ? lock_downgrade+0x690/0x690 [ 3091.766205][T30229] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3091.771921][T30229] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3091.778094][T30229] copy_process+0x4f9/0x75c0 [ 3091.782721][T30229] ? pidfd_prepare+0x80/0x80 [ 3091.787306][T30229] ? lock_downgrade+0x690/0x690 [ 3091.792149][T30229] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3091.798123][T30229] ? folio_add_lru+0x47f/0x7c0 [ 3091.802898][T30229] kernel_clone+0xeb/0x890 [ 3091.807321][T30229] ? create_io_thread+0xe0/0xe0 [ 3091.812165][T30229] ? find_held_lock+0x2d/0x110 [ 3091.816921][T30229] ? find_held_lock+0x2d/0x110 [ 3091.821676][T30229] __do_sys_clone+0xba/0x100 [ 3091.826256][T30229] ? kernel_clone+0x890/0x890 [ 3091.830931][T30229] ? syscall_enter_from_user_mode+0x26/0x80 [ 3091.836819][T30229] do_syscall_64+0x39/0xb0 [ 3091.841228][T30229] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3091.847117][T30229] RIP: 0033:0x7fcdfee8d591 [ 3091.851524][T30229] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 15:37:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x10}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3091.871117][T30229] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3091.879518][T30229] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3091.887479][T30229] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3091.895453][T30229] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3091.903409][T30229] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3091.911363][T30229] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3091.919333][T30229] [ 3092.098850][T30565] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3092.123778][T30229] memory: usage 307200kB, limit 307200kB, failcnt 38498 [ 3092.125480][T30467] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3092.138549][T30229] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3092.183768][T30229] Memory cgroup stats for /syz4: [ 3092.183929][T30229] anon 2142208 [ 3092.183929][T30229] file 7716864 [ 3092.183929][T30229] kernel 304713728 [ 3092.183929][T30229] kernel_stack 688128 [ 3092.183929][T30229] pagetables 1171456 [ 3092.183929][T30229] sec_pagetables 0 [ 3092.183929][T30229] percpu 5219168 [ 3092.183929][T30229] sock 0 [ 3092.183929][T30229] vmalloc 8192 [ 3092.183929][T30229] shmem 7716864 [ 3092.183929][T30229] zswap 0 [ 3092.183929][T30229] zswapped 0 [ 3092.183929][T30229] file_mapped 196608 [ 3092.183929][T30229] file_dirty 0 [ 3092.183929][T30229] file_writeback 0 [ 3092.183929][T30229] swapcached 0 [ 3092.183929][T30229] anon_thp 0 [ 3092.183929][T30229] file_thp 0 [ 3092.183929][T30229] shmem_thp 0 [ 3092.183929][T30229] inactive_anon 9596928 [ 3092.183929][T30229] active_anon 262144 [ 3092.183929][T30229] inactive_file 0 [ 3092.183929][T30229] active_file 0 [ 3092.183929][T30229] unevictable 0 [ 3092.183929][T30229] slab_reclaimable 172672 [ 3092.183929][T30229] slab_unreclaimable 297105072 [ 3092.183929][T30229] slab 297277744 [ 3092.183929][T30229] workingset_refault_anon 0 [ 3092.183929][T30229] workingset_refault_file 0 [ 3092.183929][T30229] workingset_activate_anon 0 [ 3092.183929][T30229] workingset_activate_file 0 [ 3092.183929][T30229] workingset_restore_anon 0 [ 3092.183929][T30229] workingset_restore_file 0 [ 3092.183929][T30229] workingset_nodereclaim 0 [ 3092.183929][T30229] pgscan 116 [ 3092.183929][T30229] pgsteal 111 [ 3092.183929][T30229] pgscan_kswapd 99 [ 3092.183929][T30229] pgscan_direct 17 [ 3092.183929][T30229] pgscan_khugepaged 0 [ 3092.183929][T30229] pgsteal_kswapd 97 [ 3092.183929][T30229] pgsteal_direct 14 [ 3092.183929][T30229] pgsteal_khugepaged 0 [ 3092.183929][T30229] pgfault 696446 [ 3092.183929][T30229] pgmajfault 6 [ 3092.183929][T30229] pgrefill 593 [ 3092.183929][T30229] pgactivate 5 [ 3092.183929][T30229] pgdeactivate 0 [ 3092.183929][T30229] pglazyfree 0 [ 3092.183929][T30229] pglazyfreed 0 [ 3092.183929][T30229] zswpin 0 [ 3092.183929][T30229] zswpout 0 [ 3092.493291][T30229] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30229,uid=0 [ 3092.533186][T30229] Memory cgroup out of memory: Killed process 30229 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:37:04 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa8940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x49e95}, 0x0) 15:37:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xfcffffff}, 0x0) [ 3092.621081][T30458] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3092.659350][T30458] CPU: 0 PID: 30458 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3092.669955][T30458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3092.680011][T30458] Call Trace: [ 3092.683293][T30458] [ 3092.686226][T30458] dump_stack_lvl+0x136/0x150 [ 3092.690918][T30458] dump_header+0x10a/0xd70 [ 3092.693398][T30573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3092.695330][T30458] oom_kill_process+0x25d/0x600 [ 3092.695354][T30458] out_of_memory+0x35c/0x1660 [ 3092.695375][T30458] ? find_held_lock+0x2d/0x110 [ 3092.695397][T30458] ? oom_killer_disable+0x2b0/0x2b0 [ 3092.695415][T30458] ? rcu_read_unlock+0x9/0x60 [ 3092.695435][T30458] ? find_held_lock+0x2d/0x110 [ 3092.695456][T30458] mem_cgroup_out_of_memory+0x206/0x270 [ 3092.695478][T30458] ? mem_cgroup_margin+0x130/0x130 [ 3092.695499][T30458] ? lock_downgrade+0x690/0x690 [ 3092.695530][T30458] try_charge_memcg+0xf99/0x13a0 [ 3092.695560][T30458] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3092.695589][T30458] ? rcu_read_unlock+0x9/0x60 [ 3092.695608][T30458] ? lock_downgrade+0x690/0x690 [ 3092.695640][T30458] charge_memcg+0x90/0x3b0 [ 3092.695667][T30458] __mem_cgroup_charge+0x2b/0x90 [ 3092.695684][T30458] do_wp_page+0x8ea/0x33c0 [ 3092.695706][T30458] ? lock_sync+0x190/0x190 [ 3092.695727][T30458] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3092.695745][T30458] ? do_raw_spin_lock+0x124/0x2b0 [ 3092.695770][T30458] ? spin_bug+0x1c0/0x1c0 [ 3092.695800][T30458] __handle_mm_fault+0x1635/0x41c0 [ 3092.695822][T30458] ? vm_iomap_memory+0x190/0x190 [ 3092.695840][T30458] ? mas_walk+0x58f/0x730 [ 3092.695868][T30458] ? numa_migrate_prep+0x3a0/0x3a0 [ 3092.695883][T30458] ? do_user_addr_fault+0x367/0x1210 [ 3092.695911][T30458] handle_mm_fault+0x2af/0x9f0 [ 3092.695932][T30458] do_user_addr_fault+0x2ca/0x1210 [ 3092.695953][T30458] ? rcu_is_watching+0x12/0xb0 [ 3092.695981][T30458] exc_page_fault+0x98/0x170 [ 3092.696003][T30458] asm_exc_page_fault+0x26/0x30 [ 3092.696028][T30458] RIP: 0033:0x7f5bd0639610 [ 3092.696043][T30458] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3092.696066][T30458] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3092.696082][T30458] RAX: 0000000004219014 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3092.696094][T30458] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a28a722 [ 3092.696105][T30458] RBP: 0000000004219014 R08: 0000000000001014 R09: 0000000004219018 [ 3092.696115][T30458] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3092.696127][T30458] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83d6fdb1 [ 3092.696139][T30458] ? apparmor_socket_create+0x151/0x670 [ 3092.696172][T30458] [ 3092.872861][T30458] memory: usage 307200kB, limit 307200kB, failcnt 26508 [ 3092.978680][T30458] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3092.992600][T30458] Memory cgroup stats for /syz2: [ 3092.992756][T30458] anon 139264 [ 3092.992756][T30458] file 8388608 [ 3092.992756][T30458] kernel 306044928 [ 3092.992756][T30458] kernel_stack 65536 [ 3092.992756][T30458] pagetables 69632 [ 3092.992756][T30458] sec_pagetables 0 [ 3092.992756][T30458] percpu 5294912 [ 3092.992756][T30458] sock 0 [ 3092.992756][T30458] vmalloc 16384 [ 3092.992756][T30458] shmem 8380416 [ 3092.992756][T30458] zswap 0 [ 3092.992756][T30458] zswapped 0 [ 3092.992756][T30458] file_mapped 286720 [ 3092.992756][T30458] file_dirty 4096 [ 3092.992756][T30458] file_writeback 0 [ 3092.992756][T30458] swapcached 0 [ 3092.992756][T30458] anon_thp 0 [ 3092.992756][T30458] file_thp 0 [ 3092.992756][T30458] shmem_thp 0 [ 3092.992756][T30458] inactive_anon 8417280 [ 3092.992756][T30458] active_anon 102400 [ 3092.992756][T30458] inactive_file 4096 [ 3092.992756][T30458] active_file 4096 [ 3092.992756][T30458] unevictable 0 [ 3092.992756][T30458] slab_reclaimable 39288 [ 3092.992756][T30458] slab_unreclaimable 300523984 [ 3092.992756][T30458] slab 300563272 [ 3092.992756][T30458] workingset_refault_anon 0 [ 3092.992756][T30458] workingset_refault_file 2 [ 3092.992756][T30458] workingset_activate_anon 0 [ 3092.992756][T30458] workingset_activate_file 0 [ 3092.992756][T30458] workingset_restore_anon 0 [ 3092.992756][T30458] workingset_restore_file 2 [ 3092.992756][T30458] workingset_nodereclaim 0 [ 3092.992756][T30458] pgscan 8387 [ 3092.992756][T30458] pgsteal 122 [ 3092.992756][T30458] pgscan_kswapd 106 [ 3092.992756][T30458] pgscan_direct 8281 [ 3092.992756][T30458] pgscan_khugepaged 0 [ 3092.992756][T30458] pgsteal_kswapd 97 [ 3092.992756][T30458] pgsteal_direct 25 [ 3092.992756][T30458] pgsteal_khugepaged 0 [ 3092.992756][T30458] pgfault 695695 [ 3092.992756][T30458] pgmajfault 0 [ 3092.992756][T30458] pgrefill 32186 [ 3092.992756][T30458] pgactivate 8265 [ 3092.992756][T30458] pgdeactivate 0 [ 3092.992756][T30458] pglazyfree 0 [ 3092.992756][T30458] pglazyfreed 0 [ 3092.992756][T30458] zswpin 0 [ 3092.992756][T30458] zswpout 0 [ 3093.312989][T30458] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30458,uid=0 [ 3093.351432][T30458] Memory cgroup out of memory: Killed process 30458 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3093.412069][T30460] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3093.443889][T30460] CPU: 1 PID: 30460 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3093.454311][T30460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3093.464455][T30460] Call Trace: [ 3093.467734][T30460] [ 3093.470660][T30460] dump_stack_lvl+0x136/0x150 [ 3093.475333][T30460] dump_header+0x10a/0xd70 [ 3093.479733][T30460] oom_kill_process+0x25d/0x600 [ 3093.484590][T30460] out_of_memory+0x35c/0x1660 [ 3093.489276][T30460] ? oom_killer_disable+0x2b0/0x2b0 [ 3093.494464][T30460] ? rcu_read_unlock+0x9/0x60 [ 3093.499133][T30460] ? find_held_lock+0x2d/0x110 [ 3093.503903][T30460] mem_cgroup_out_of_memory+0x206/0x270 [ 3093.509459][T30460] ? mem_cgroup_margin+0x130/0x130 [ 3093.514571][T30460] ? lock_downgrade+0x690/0x690 [ 3093.519434][T30460] try_charge_memcg+0xf99/0x13a0 [ 3093.524380][T30460] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3093.530361][T30460] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3093.536064][T30460] ? lock_downgrade+0x690/0x690 [ 3093.540921][T30460] ? lock_downgrade+0x690/0x690 [ 3093.545815][T30460] obj_cgroup_charge+0x2af/0x5e0 [ 3093.550769][T30460] ? vm_area_dup+0x23/0x300 [ 3093.555272][T30460] kmem_cache_alloc+0xb1/0x3b0 [ 3093.560042][T30460] vm_area_dup+0x23/0x300 [ 3093.564380][T30460] __split_vma+0x199/0x830 [ 3093.568800][T30460] ? expand_stack+0x20/0x20 [ 3093.573308][T30460] ? vma_shrink+0x5c0/0x5c0 [ 3093.577814][T30460] ? mark_held_locks+0x9f/0xe0 [ 3093.582583][T30460] ? percpu_counter_add_batch+0x199/0x1e0 [ 3093.588297][T30460] ? lockdep_hardirqs_on+0x7d/0x100 [ 3093.593480][T30460] split_vma+0xc6/0x110 [ 3093.597630][T30460] mprotect_fixup+0x891/0xbd0 [ 3093.602315][T30460] ? change_protection+0x3e40/0x3e40 [ 3093.607695][T30460] do_mprotect_pkey+0x87f/0xd50 [ 3093.612552][T30460] ? mprotect_fixup+0xbd0/0xbd0 [ 3093.617412][T30460] ? up_write+0x1b4/0x520 [ 3093.621738][T30460] ? do_futex+0x360/0x360 [ 3093.626053][T30460] __x64_sys_mprotect+0x78/0xb0 [ 3093.630894][T30460] do_syscall_64+0x39/0xb0 [ 3093.635335][T30460] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3093.641244][T30460] RIP: 0033:0x7f5d2ac8c277 [ 3093.645663][T30460] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3093.665278][T30460] RSP: 002b:00007ffc24e00388 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 3093.673699][T30460] RAX: ffffffffffffffda RBX: 0000000000021000 RCX: 00007f5d2ac8c277 [ 3093.681655][T30460] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f5d2b9cd000 [ 3093.689614][T30460] RBP: 00007ffc24e00460 R08: 00000000ffffffff R09: 00007f5d2b9ec700 [ 3093.697582][T30460] R10: 0000000000020022 R11: 0000000000000206 R12: 00007ffc24e00580 [ 3093.705550][T30460] R13: 00007f5d2b9ec700 R14: 0000000000000000 R15: 0000000000022000 [ 3093.713530][T30460] 15:37:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x900}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a030000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa7940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xfe0f0000}, 0x0) [ 3093.813180][T30460] memory: usage 307188kB, limit 307200kB, failcnt 26947 [ 3093.824432][T30460] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3093.840419][T30460] Memory cgroup stats for /syz1: [ 3093.840570][T30460] anon 434176 [ 3093.840570][T30460] file 262144 [ 3093.840570][T30460] kernel 313864192 [ 3093.840570][T30460] kernel_stack 163840 [ 3093.840570][T30460] pagetables 258048 [ 3093.840570][T30460] sec_pagetables 0 [ 3093.840570][T30460] percpu 5421792 [ 3093.840570][T30460] sock 0 [ 3093.840570][T30460] vmalloc 0 [ 3093.840570][T30460] shmem 258048 [ 3093.840570][T30460] zswap 0 [ 3093.840570][T30460] zswapped 0 [ 3093.840570][T30460] file_mapped 241664 [ 3093.840570][T30460] file_dirty 0 [ 3093.840570][T30460] file_writeback 0 [ 3093.840570][T30460] swapcached 0 [ 3093.840570][T30460] anon_thp 0 [ 3093.840570][T30460] file_thp 0 [ 3093.840570][T30460] shmem_thp 0 [ 3093.840570][T30460] inactive_anon 0 [ 3093.840570][T30460] active_anon 692224 [ 3093.840570][T30460] inactive_file 4096 [ 3093.840570][T30460] active_file 0 [ 3093.840570][T30460] unevictable 0 [ 3093.840570][T30460] slab_reclaimable 34328 [ 3093.840570][T30460] slab_unreclaimable 307900680 [ 3093.840570][T30460] slab 307935008 [ 3093.840570][T30460] workingset_refault_anon 0 [ 3093.840570][T30460] workingset_refault_file 2 [ 3093.840570][T30460] workingset_activate_anon 0 [ 3093.840570][T30460] workingset_activate_file 0 [ 3093.840570][T30460] workingset_restore_anon 0 [ 3093.840570][T30460] workingset_restore_file 2 [ 3093.840570][T30460] workingset_nodereclaim 0 [ 3093.840570][T30460] pgscan 4508 [ 3093.840570][T30460] pgsteal 107 [ 3093.840570][T30460] pgscan_kswapd 92 [ 3093.840570][T30460] pgscan_direct 4416 [ 3093.840570][T30460] pgscan_khugepaged 0 [ 3093.840570][T30460] pgsteal_kswapd 88 [ 3093.840570][T30460] pgsteal_direct 19 [ 3093.840570][T30460] pgsteal_khugepaged 0 [ 3093.840570][T30460] pgfault 567970 [ 3093.840570][T30460] pgmajfault 2 [ 3093.840570][T30460] pgrefill 16619 [ 3093.840570][T30460] pgactivate 4401 [ 3093.840570][T30460] pgdeactivate 0 [ 3093.840570][T30460] pglazyfree 0 [ 3093.840570][T30460] pglazyfreed 0 [ 3093.840570][T30460] zswpin 0 [ 3093.840570][T30460] zswpout 0 15:37:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a010000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3094.122742][T30460] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=30460,uid=0 [ 3094.212485][T30460] Memory cgroup out of memory: Killed process 30460 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 15:37:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3200}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xfeff0000}, 0x0) [ 3094.454052][T30576] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3094.542991][T30576] CPU: 0 PID: 30576 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3094.553423][T30576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3094.557000][T30716] __nla_validate_parse: 3 callbacks suppressed [ 3094.557012][T30716] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3094.563455][T30576] Call Trace: [ 3094.563463][T30576] [ 3094.563470][T30576] dump_stack_lvl+0x136/0x150 [ 3094.563509][T30576] dump_header+0x10a/0xd70 [ 3094.594326][T30576] oom_kill_process+0x25d/0x600 [ 3094.599184][T30576] out_of_memory+0x35c/0x1660 [ 3094.603859][T30576] ? find_held_lock+0x2d/0x110 [ 3094.608622][T30576] ? oom_killer_disable+0x2b0/0x2b0 [ 3094.613818][T30576] ? rcu_read_unlock+0x9/0x60 [ 3094.618493][T30576] ? find_held_lock+0x2d/0x110 [ 3094.623260][T30576] mem_cgroup_out_of_memory+0x206/0x270 [ 3094.628805][T30576] ? mem_cgroup_margin+0x130/0x130 [ 3094.633923][T30576] ? lock_downgrade+0x690/0x690 [ 3094.638795][T30576] try_charge_memcg+0xf99/0x13a0 [ 3094.643753][T30797] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3094.643749][T30576] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3094.658998][T30576] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3094.664723][T30576] ? lock_downgrade+0x690/0x690 [ 3094.669583][T30576] ? lock_downgrade+0x690/0x690 [ 3094.674437][T30576] ? rcu_read_unlock+0x9/0x60 [ 3094.679117][T30576] obj_cgroup_charge+0x2af/0x5e0 [ 3094.684069][T30576] ? copy_process+0x3c0/0x75c0 [ 3094.688841][T30576] kmem_cache_alloc_node+0xa8/0x3e0 [ 3094.694049][T30576] copy_process+0x3c0/0x75c0 [ 3094.698654][T30576] ? pidfd_prepare+0x80/0x80 [ 3094.703250][T30576] ? lock_downgrade+0x690/0x690 [ 3094.708102][T30576] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3094.714091][T30576] ? folio_add_lru+0x47f/0x7c0 [ 3094.718861][T30576] kernel_clone+0xeb/0x890 [ 3094.723278][T30576] ? create_io_thread+0xe0/0xe0 [ 3094.728132][T30576] ? find_held_lock+0x2d/0x110 [ 3094.732898][T30576] ? find_held_lock+0x2d/0x110 [ 3094.737663][T30576] __do_sys_clone+0xba/0x100 [ 3094.742253][T30576] ? kernel_clone+0x890/0x890 [ 3094.746942][T30576] ? syscall_enter_from_user_mode+0x26/0x80 [ 3094.752863][T30576] do_syscall_64+0x39/0xb0 [ 3094.757285][T30576] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3094.763178][T30576] RIP: 0033:0x7fcdfee8d591 [ 3094.767589][T30576] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 15:37:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xfeffffff}, 0x0) [ 3094.787299][T30576] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3094.795726][T30576] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3094.803702][T30576] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3094.811676][T30576] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3094.819644][T30576] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3094.827701][T30576] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3094.835696][T30576] [ 3094.836705][T30799] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x79940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3094.933699][T30576] memory: usage 307180kB, limit 307200kB, failcnt 38584 [ 3094.950363][T30576] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3094.962654][T30576] Memory cgroup stats for /syz4: [ 3094.962805][T30576] anon 2142208 [ 3094.962805][T30576] file 7716864 [ 3094.962805][T30576] kernel 304693248 [ 3094.962805][T30576] kernel_stack 688128 [ 3094.962805][T30576] pagetables 1171456 [ 3094.962805][T30576] sec_pagetables 0 [ 3094.962805][T30576] percpu 5219168 [ 3094.962805][T30576] sock 0 [ 3094.962805][T30576] vmalloc 8192 [ 3094.962805][T30576] shmem 7716864 [ 3094.962805][T30576] zswap 0 [ 3094.962805][T30576] zswapped 0 [ 3094.962805][T30576] file_mapped 196608 [ 3094.962805][T30576] file_dirty 0 [ 3094.962805][T30576] file_writeback 0 [ 3094.962805][T30576] swapcached 0 [ 3094.962805][T30576] anon_thp 0 [ 3094.962805][T30576] file_thp 0 [ 3094.962805][T30576] shmem_thp 0 [ 3094.962805][T30576] inactive_anon 9596928 [ 3094.962805][T30576] active_anon 262144 [ 3094.962805][T30576] inactive_file 0 [ 3094.962805][T30576] active_file 0 [ 3094.962805][T30576] unevictable 0 [ 3094.962805][T30576] slab_reclaimable 172672 [ 3094.962805][T30576] slab_unreclaimable 297097752 [ 3094.962805][T30576] slab 297270424 [ 3094.962805][T30576] workingset_refault_anon 0 [ 3094.962805][T30576] workingset_refault_file 0 [ 3094.962805][T30576] workingset_activate_anon 0 [ 3094.962805][T30576] workingset_activate_file 0 [ 3094.962805][T30576] workingset_restore_anon 0 [ 3094.962805][T30576] workingset_restore_file 0 [ 3094.962805][T30576] workingset_nodereclaim 0 [ 3094.962805][T30576] pgscan 116 [ 3094.962805][T30576] pgsteal 111 [ 3094.962805][T30576] pgscan_kswapd 99 [ 3094.962805][T30576] pgscan_direct 17 [ 3094.962805][T30576] pgscan_khugepaged 0 [ 3094.962805][T30576] pgsteal_kswapd 97 [ 3094.962805][T30576] pgsteal_direct 14 [ 3094.962805][T30576] pgsteal_khugepaged 0 [ 3094.962805][T30576] pgfault 696511 [ 3094.962805][T30576] pgmajfault 6 [ 3094.962805][T30576] pgrefill 593 [ 3094.962805][T30576] pgactivate 5 [ 3094.962805][T30576] pgdeactivate 0 [ 3094.962805][T30576] pglazyfree 0 [ 3094.962805][T30576] pglazyfreed 0 [ 3094.962805][T30576] zswpin 0 [ 3094.962805][T30576] zswpout 0 [ 3095.250968][T30576] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30576,uid=0 [ 3095.281411][T30854] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3095.291194][T30576] Memory cgroup out of memory: Killed process 30576 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:37:07 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa9940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x79940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3095.414088][T30687] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3095.436584][T30891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3095.444968][T30687] CPU: 0 PID: 30687 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3095.456261][T30687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3095.466312][T30687] Call Trace: [ 3095.469586][T30687] [ 3095.472513][T30687] dump_stack_lvl+0x136/0x150 [ 3095.477202][T30687] dump_header+0x10a/0xd70 [ 3095.481619][T30687] oom_kill_process+0x25d/0x600 [ 3095.486466][T30687] out_of_memory+0x35c/0x1660 [ 3095.491150][T30687] ? oom_killer_disable+0x2b0/0x2b0 [ 3095.496352][T30687] ? rcu_read_unlock+0x9/0x60 [ 3095.501035][T30687] ? find_held_lock+0x2d/0x110 [ 3095.505806][T30687] mem_cgroup_out_of_memory+0x206/0x270 15:37:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xff0f0000}, 0x0) [ 3095.511352][T30687] ? mem_cgroup_margin+0x130/0x130 [ 3095.516458][T30687] ? lock_downgrade+0x690/0x690 [ 3095.521324][T30687] try_charge_memcg+0xf99/0x13a0 [ 3095.526279][T30687] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3095.532268][T30687] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3095.538015][T30687] ? lock_downgrade+0x690/0x690 [ 3095.542869][T30687] ? lock_downgrade+0x690/0x690 [ 3095.547726][T30687] ? rcu_read_unlock+0x9/0x60 [ 3095.552410][T30687] obj_cgroup_charge+0x2af/0x5e0 [ 3095.557349][T30687] ? copy_process+0x3c0/0x75c0 [ 3095.562111][T30687] kmem_cache_alloc_node+0xa8/0x3e0 [ 3095.567307][T30687] copy_process+0x3c0/0x75c0 [ 3095.571893][T30687] ? __lock_acquire+0xc17/0x5f30 [ 3095.576836][T30687] ? pidfd_prepare+0x80/0x80 [ 3095.581321][T30908] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3095.581420][T30687] ? psi_memstall_leave+0x174/0x250 [ 3095.595950][T30687] ? lock_downgrade+0x690/0x690 [ 3095.600805][T30687] kernel_clone+0xeb/0x890 [ 3095.605229][T30687] ? create_io_thread+0xe0/0xe0 [ 3095.610113][T30687] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3095.616386][T30687] ? lock_downgrade+0x690/0x690 [ 3095.621253][T30687] __do_sys_clone+0xba/0x100 [ 3095.625938][T30687] ? kernel_clone+0x890/0x890 [ 3095.630636][T30687] ? syscall_enter_from_user_mode+0x26/0x80 [ 3095.636543][T30687] do_syscall_64+0x39/0xb0 [ 3095.640971][T30687] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3095.646876][T30687] RIP: 0033:0x7f5bd068d591 [ 3095.651386][T30687] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3095.671000][T30687] RSP: 002b:00007fffe74b1648 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3095.679412][T30687] RAX: ffffffffffffffda RBX: 00007f5bcf1fe700 RCX: 00007f5bd068d591 [ 3095.687387][T30687] RDX: 00007f5bcf1fe9d0 RSI: 00007f5bcf1fe2f0 RDI: 00000000003d0f00 [ 3095.695358][T30687] RBP: 00007fffe74b1890 R08: 00007f5bcf1fe700 R09: 00007f5bcf1fe700 [ 3095.703325][T30687] R10: 00007f5bcf1fe9d0 R11: 0000000000000206 R12: 00007fffe74b16fe [ 3095.711292][T30687] R13: 00007fffe74b16ff R14: 00007f5bcf1fe300 R15: 0000000000022000 [ 3095.719274][T30687] [ 3095.842191][T30687] memory: usage 307180kB, limit 307200kB, failcnt 26642 [ 3095.862927][T30687] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3095.890390][T30687] Memory cgroup stats for /syz2: [ 3095.890750][T30687] anon 114688 [ 3095.890750][T30687] file 8388608 [ 3095.890750][T30687] kernel 306049024 [ 3095.890750][T30687] kernel_stack 65536 [ 3095.890750][T30687] pagetables 73728 [ 3095.890750][T30687] sec_pagetables 0 [ 3095.890750][T30687] percpu 5294912 [ 3095.890750][T30687] sock 0 [ 3095.890750][T30687] vmalloc 16384 [ 3095.890750][T30687] shmem 8380416 [ 3095.890750][T30687] zswap 0 [ 3095.890750][T30687] zswapped 0 [ 3095.890750][T30687] file_mapped 286720 [ 3095.890750][T30687] file_dirty 4096 [ 3095.890750][T30687] file_writeback 0 [ 3095.890750][T30687] swapcached 0 [ 3095.890750][T30687] anon_thp 0 [ 3095.890750][T30687] file_thp 0 [ 3095.890750][T30687] shmem_thp 0 [ 3095.890750][T30687] inactive_anon 0 [ 3095.890750][T30687] active_anon 8495104 [ 3095.890750][T30687] inactive_file 8192 [ 3095.890750][T30687] active_file 0 [ 3095.890750][T30687] unevictable 0 [ 3095.890750][T30687] slab_reclaimable 39288 [ 3095.890750][T30687] slab_unreclaimable 300525664 [ 3095.890750][T30687] slab 300564952 [ 3095.890750][T30687] workingset_refault_anon 0 [ 3095.890750][T30687] workingset_refault_file 2 [ 3095.890750][T30687] workingset_activate_anon 0 [ 3095.890750][T30687] workingset_activate_file 0 [ 3095.890750][T30687] workingset_restore_anon 0 [ 3095.890750][T30687] workingset_restore_file 2 [ 3095.890750][T30687] workingset_nodereclaim 0 [ 3095.890750][T30687] pgscan 8434 [ 3095.890750][T30687] pgsteal 122 [ 3095.890750][T30687] pgscan_kswapd 106 [ 3095.890750][T30687] pgscan_direct 8328 [ 3095.890750][T30687] pgscan_khugepaged 0 [ 3095.890750][T30687] pgsteal_kswapd 97 [ 3095.890750][T30687] pgsteal_direct 25 [ 3095.890750][T30687] pgsteal_khugepaged 0 [ 3095.890750][T30687] pgfault 695738 [ 3095.890750][T30687] pgmajfault 0 [ 3095.890750][T30687] pgrefill 32281 [ 3095.890750][T30687] pgactivate 8312 [ 3095.890750][T30687] pgdeactivate 0 [ 3095.890750][T30687] pglazyfree 0 [ 3095.890750][T30687] pglazyfreed 0 [ 3095.890750][T30687] zswpin 0 [ 3095.890750][T30687] zswpout 0 [ 3096.083660][T30687] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30687,uid=0 [ 3096.123629][T30687] Memory cgroup out of memory: Killed process 30687 (syz-executor.2) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3096.172999][T30795] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3096.202056][T30795] CPU: 0 PID: 30795 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3096.212478][T30795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 15:37:08 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0xa00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0300}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:08 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xff7f0000}, 0x0) [ 3096.222531][T30795] Call Trace: [ 3096.225813][T30795] [ 3096.228740][T30795] dump_stack_lvl+0x136/0x150 [ 3096.233432][T30795] dump_header+0x10a/0xd70 [ 3096.237852][T30795] oom_kill_process+0x25d/0x600 [ 3096.242705][T30795] out_of_memory+0x35c/0x1660 [ 3096.247397][T30795] ? oom_killer_disable+0x2b0/0x2b0 [ 3096.252600][T30795] ? rcu_read_unlock+0x9/0x60 [ 3096.257288][T30795] ? find_held_lock+0x2d/0x110 [ 3096.262062][T30795] mem_cgroup_out_of_memory+0x206/0x270 [ 3096.267621][T30795] ? mem_cgroup_margin+0x130/0x130 [ 3096.272745][T30795] ? lock_downgrade+0x690/0x690 [ 3096.277614][T30795] try_charge_memcg+0xf99/0x13a0 [ 3096.282571][T30795] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3096.288577][T30795] ? rcu_read_unlock+0x9/0x60 [ 3096.293257][T30795] ? lock_downgrade+0x690/0x690 [ 3096.298131][T30795] charge_memcg+0x90/0x3b0 [ 3096.302568][T30795] __mem_cgroup_charge+0x2b/0x90 [ 3096.307513][T30795] __handle_mm_fault+0x2296/0x41c0 [ 3096.312634][T30795] ? vm_iomap_memory+0x190/0x190 [ 3096.317582][T30795] ? mas_walk+0x58f/0x730 [ 3096.321964][T30795] ? numa_migrate_prep+0x3a0/0x3a0 [ 3096.327091][T30795] handle_mm_fault+0x2af/0x9f0 [ 3096.332041][T30795] do_user_addr_fault+0x2ca/0x1210 [ 3096.337164][T30795] ? rcu_is_watching+0x12/0xb0 [ 3096.342027][T30795] exc_page_fault+0x98/0x170 [ 3096.346617][T30795] asm_exc_page_fault+0x26/0x30 [ 3096.351471][T30795] RIP: 0033:0x7f5d2ac3e171 [ 3096.355881][T30795] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3096.375487][T30795] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3096.381554][T30795] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3096.389613][T30795] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 [ 3096.397585][T30795] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3096.405554][T30795] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3096.411701][T31021] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3096.413511][T30795] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3096.413537][T30795] [ 3096.564484][T30795] memory: usage 307188kB, limit 307200kB, failcnt 27045 [ 3096.582819][T30795] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3096.604172][T30795] Memory cgroup stats for /syz1: 15:37:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xffff0300}, 0x0) [ 3096.604365][T30795] anon 434176 [ 3096.604365][T30795] file 262144 [ 3096.604365][T30795] kernel 313864192 [ 3096.604365][T30795] kernel_stack 163840 [ 3096.604365][T30795] pagetables 258048 [ 3096.604365][T30795] sec_pagetables 0 [ 3096.604365][T30795] percpu 5421792 [ 3096.604365][T30795] sock 0 [ 3096.604365][T30795] vmalloc 0 [ 3096.604365][T30795] shmem 258048 [ 3096.604365][T30795] zswap 0 [ 3096.604365][T30795] zswapped 0 [ 3096.604365][T30795] file_mapped 241664 [ 3096.604365][T30795] file_dirty 0 [ 3096.604365][T30795] file_writeback 0 [ 3096.604365][T30795] swapcached 0 [ 3096.604365][T30795] anon_thp 0 [ 3096.604365][T30795] file_thp 0 [ 3096.604365][T30795] shmem_thp 0 [ 3096.604365][T30795] inactive_anon 573440 [ 3096.604365][T30795] active_anon 118784 [ 3096.604365][T30795] inactive_file 0 [ 3096.604365][T30795] active_file 4096 [ 3096.604365][T30795] unevictable 0 [ 3096.604365][T30795] slab_reclaimable 34328 [ 3096.604365][T30795] slab_unreclaimable 307900376 [ 3096.604365][T30795] slab 307934704 [ 3096.604365][T30795] workingset_refault_anon 0 [ 3096.604365][T30795] workingset_refault_file 2 [ 3096.604365][T30795] workingset_activate_anon 0 [ 3096.604365][T30795] workingset_activate_file 0 [ 3096.604365][T30795] workingset_restore_anon 0 [ 3096.604365][T30795] workingset_restore_file 2 [ 3096.604365][T30795] workingset_nodereclaim 0 [ 3096.604365][T30795] pgscan 4552 [ 3096.604365][T30795] pgsteal 107 [ 3096.604365][T30795] pgscan_kswapd 92 [ 3096.604365][T30795] pgscan_direct 4460 [ 3096.604365][T30795] pgscan_khugepaged 0 [ 3096.604365][T30795] pgsteal_kswapd 88 [ 3096.604365][T30795] pgsteal_direct 19 [ 3096.604365][T30795] pgsteal_khugepaged 0 [ 3096.604365][T30795] pgfault 568033 [ 3096.604365][T30795] pgmajfault 2 [ 3096.604365][T30795] pgrefill 16619 [ 3096.604365][T30795] pgactivate 4445 [ 3096.604365][T30795] pgdeactivate 0 [ 3096.604365][T30795] pglazyfree 0 [ 3096.604365][T30795] pglazyfreed 0 [ 3096.604365][T30795] zswpin 0 [ 3096.604365][T30795] zswpout 0 [ 3096.610406][T31017] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3096.888187][T30795] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=30766,uid=0 [ 3096.912022][T30795] Memory cgroup out of memory: Killed process 30766 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3096.965121][T31018] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 15:37:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3300}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3097.021601][T31016] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3097.063195][T31016] CPU: 0 PID: 31016 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3097.073618][T31016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3097.083671][T31016] Call Trace: [ 3097.086944][T31016] [ 3097.089871][T31016] dump_stack_lvl+0x136/0x150 [ 3097.094569][T31016] dump_header+0x10a/0xd70 [ 3097.098993][T31016] oom_kill_process+0x25d/0x600 [ 3097.103850][T31016] out_of_memory+0x35c/0x1660 [ 3097.108532][T31016] ? find_held_lock+0x2d/0x110 [ 3097.113305][T31016] ? oom_killer_disable+0x2b0/0x2b0 [ 3097.118507][T31016] ? rcu_read_unlock+0x9/0x60 [ 3097.123188][T31016] ? find_held_lock+0x2d/0x110 [ 3097.127958][T31016] mem_cgroup_out_of_memory+0x206/0x270 [ 3097.133510][T31016] ? mem_cgroup_margin+0x130/0x130 [ 3097.138627][T31016] ? lock_downgrade+0x690/0x690 [ 3097.143585][T31016] try_charge_memcg+0xf99/0x13a0 [ 3097.148538][T31016] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3097.154525][T31016] ? rcu_read_unlock+0x9/0x60 [ 3097.159205][T31016] ? lock_downgrade+0x690/0x690 [ 3097.164080][T31016] charge_memcg+0x90/0x3b0 [ 3097.168499][T31016] __mem_cgroup_charge+0x2b/0x90 [ 3097.173429][T31016] do_wp_page+0x8ea/0x33c0 [ 3097.177840][T31016] ? lock_sync+0x190/0x190 [ 3097.182260][T31016] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3097.187626][T31016] ? do_raw_spin_lock+0x124/0x2b0 [ 3097.192655][T31016] ? spin_bug+0x1c0/0x1c0 [ 3097.196998][T31016] __handle_mm_fault+0x1635/0x41c0 [ 3097.202107][T31016] ? vm_iomap_memory+0x190/0x190 [ 3097.207030][T31016] ? mas_walk+0x58f/0x730 [ 3097.211369][T31016] ? numa_migrate_prep+0x3a0/0x3a0 [ 3097.216474][T31016] ? do_user_addr_fault+0x367/0x1210 [ 3097.221761][T31016] handle_mm_fault+0x2af/0x9f0 [ 3097.226517][T31016] do_user_addr_fault+0x2ca/0x1210 [ 3097.231639][T31016] ? rcu_is_watching+0x12/0xb0 [ 3097.236410][T31016] exc_page_fault+0x98/0x170 [ 3097.241002][T31016] asm_exc_page_fault+0x26/0x30 [ 3097.245861][T31016] RIP: 0033:0x7f5bd0639610 [ 3097.250272][T31016] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3097.269875][T31016] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3097.275941][T31016] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3097.283904][T31016] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3097.291858][T31016] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3097.299827][T31016] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3097.307795][T31016] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3097.315763][T31016] ? __sock_create+0x46/0x850 [ 3097.320452][T31016] [ 3097.364331][T31016] memory: usage 307200kB, limit 307200kB, failcnt 26777 15:37:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x14}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:09 executing program 5: socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040), &(0x7f00000000c0)=0x10) [ 3097.433175][T31016] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3097.464521][T31016] Memory cgroup stats for /syz2: [ 3097.503353][T31234] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3097.603570][T31016] anon 122880 [ 3097.603570][T31016] file 8388608 [ 3097.603570][T31016] kernel 306061312 [ 3097.603570][T31016] kernel_stack 65536 [ 3097.603570][T31016] pagetables 69632 [ 3097.603570][T31016] sec_pagetables 0 [ 3097.603570][T31016] percpu 5294976 [ 3097.603570][T31016] sock 0 [ 3097.603570][T31016] vmalloc 16384 [ 3097.603570][T31016] shmem 8380416 [ 3097.603570][T31016] zswap 0 [ 3097.603570][T31016] zswapped 0 [ 3097.603570][T31016] file_mapped 286720 [ 3097.603570][T31016] file_dirty 8192 [ 3097.603570][T31016] file_writeback 0 [ 3097.603570][T31016] swapcached 0 [ 3097.603570][T31016] anon_thp 0 [ 3097.603570][T31016] file_thp 0 [ 3097.603570][T31016] shmem_thp 0 [ 3097.603570][T31016] inactive_anon 8417280 [ 3097.603570][T31016] active_anon 86016 [ 3097.603570][T31016] inactive_file 8192 [ 3097.603570][T31016] active_file 0 [ 3097.603570][T31016] unevictable 0 [ 3097.603570][T31016] slab_reclaimable 39288 [ 3097.603570][T31016] slab_unreclaimable 300535960 [ 3097.603570][T31016] slab 300575248 [ 3097.603570][T31016] workingset_refault_anon 0 [ 3097.603570][T31016] workingset_refault_file 2 [ 3097.603570][T31016] workingset_activate_anon 0 [ 3097.603570][T31016] workingset_activate_file 0 [ 3097.603570][T31016] workingset_restore_anon 0 [ 3097.603570][T31016] workingset_restore_file 2 [ 3097.603570][T31016] workingset_nodereclaim 0 [ 3097.603570][T31016] pgscan 8434 [ 3097.603570][T31016] pgsteal 122 [ 3097.603570][T31016] pgscan_kswapd 106 [ 3097.603570][T31016] pgscan_direct 8328 [ 3097.603570][T31016] pgscan_khugepaged 0 [ 3097.603570][T31016] pgsteal_kswapd 97 [ 3097.603570][T31016] pgsteal_direct 25 [ 3097.603570][T31016] pgsteal_khugepaged 0 [ 3097.603570][T31016] pgfault 695785 [ 3097.603570][T31016] pgmajfault 0 [ 3097.603570][T31016] pgrefill 32459 [ 3097.603570][T31016] pgactivate 8312 [ 3097.603570][T31016] pgdeactivate 0 [ 3097.603570][T31016] pglazyfree 0 [ 3097.603570][T31016] pglazyfreed 0 [ 3097.603570][T31016] zswpin 0 [ 3097.603570][T31016] zswpout 0 15:37:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xffffa888}, 0x0) [ 3097.899180][T31016] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31016,uid=0 [ 3097.946895][T31016] Memory cgroup out of memory: Killed process 31016 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3098.020899][T31240] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3098.032386][T31240] CPU: 1 PID: 31240 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3098.042900][T31240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3098.052959][T31240] Call Trace: [ 3098.056238][T31240] [ 3098.059163][T31240] dump_stack_lvl+0x136/0x150 [ 3098.063854][T31240] dump_header+0x10a/0xd70 [ 3098.068281][T31240] oom_kill_process+0x25d/0x600 [ 3098.073145][T31240] out_of_memory+0x35c/0x1660 [ 3098.077830][T31240] ? find_held_lock+0x2d/0x110 [ 3098.082601][T31240] ? oom_killer_disable+0x2b0/0x2b0 [ 3098.087799][T31240] ? rcu_read_unlock+0x9/0x60 [ 3098.092481][T31240] ? find_held_lock+0x2d/0x110 [ 3098.097248][T31240] mem_cgroup_out_of_memory+0x206/0x270 [ 3098.102797][T31240] ? mem_cgroup_margin+0x130/0x130 [ 3098.107913][T31240] ? lock_downgrade+0x690/0x690 [ 3098.112780][T31240] try_charge_memcg+0xf99/0x13a0 [ 3098.117748][T31240] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3098.123745][T31240] ? rcu_read_unlock+0x9/0x60 [ 3098.128424][T31240] ? lock_downgrade+0x690/0x690 [ 3098.133284][T31240] charge_memcg+0x90/0x3b0 [ 3098.137707][T31240] __mem_cgroup_charge+0x2b/0x90 [ 3098.142640][T31240] __handle_mm_fault+0x2296/0x41c0 [ 3098.147751][T31240] ? vm_iomap_memory+0x190/0x190 [ 3098.152685][T31240] ? mas_walk+0x58f/0x730 [ 3098.157023][T31240] ? numa_migrate_prep+0x3a0/0x3a0 [ 3098.162136][T31240] handle_mm_fault+0x2af/0x9f0 [ 3098.166903][T31240] do_user_addr_fault+0x2ca/0x1210 [ 3098.172020][T31240] ? rcu_is_watching+0x12/0xb0 [ 3098.176789][T31240] exc_page_fault+0x98/0x170 [ 3098.181384][T31240] asm_exc_page_fault+0x26/0x30 [ 3098.186252][T31240] RIP: 0033:0x7f5d2ac30eac [ 3098.190661][T31240] Code: c0 e8 98 5a ff ff b8 ff ff ff ff e9 33 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 54 31 c0 55 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 90 6b 0a 00 48 89 34 24 48 8b 14 24 48 8b [ 3098.210350][T31240] RSP: 002b:00007f5d2ba0c0e0 EFLAGS: 00010202 [ 3098.216405][T31240] RAX: 0000000000000000 RBX: 00007f5d2adabf80 RCX: 0000000000000000 [ 3098.224368][T31240] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000200003c0 [ 3098.232324][T31240] RBP: 00007f5d2ace7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3098.240281][T31240] R10: 00000000200003c0 R11: 0000000000000000 R12: 0000000000000000 [ 3098.248257][T31240] R13: 00007ffc24e003ef R14: 00007f5d2ba0d300 R15: 0000000000022000 [ 3098.256226][T31240] [ 3098.338065][T31240] memory: usage 307200kB, limit 307200kB, failcnt 27128 [ 3098.349075][T31240] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3098.359793][T31240] Memory cgroup stats for /syz1: [ 3098.359957][T31240] anon 430080 [ 3098.359957][T31240] file 262144 [ 3098.359957][T31240] kernel 313880576 [ 3098.359957][T31240] kernel_stack 163840 [ 3098.359957][T31240] pagetables 258048 [ 3098.359957][T31240] sec_pagetables 0 [ 3098.359957][T31240] percpu 5421856 [ 3098.359957][T31240] sock 0 [ 3098.359957][T31240] vmalloc 0 [ 3098.359957][T31240] shmem 258048 [ 3098.359957][T31240] zswap 0 [ 3098.359957][T31240] zswapped 0 [ 3098.359957][T31240] file_mapped 241664 [ 3098.359957][T31240] file_dirty 0 [ 3098.359957][T31240] file_writeback 0 [ 3098.359957][T31240] swapcached 0 [ 3098.359957][T31240] anon_thp 0 [ 3098.359957][T31240] file_thp 0 [ 3098.359957][T31240] shmem_thp 0 [ 3098.359957][T31240] inactive_anon 573440 [ 3098.359957][T31240] active_anon 114688 [ 3098.359957][T31240] inactive_file 4096 [ 3098.359957][T31240] active_file 0 [ 3098.359957][T31240] unevictable 0 [ 3098.359957][T31240] slab_reclaimable 34328 [ 3098.359957][T31240] slab_unreclaimable 307912352 [ 3098.359957][T31240] slab 307946680 [ 3098.359957][T31240] workingset_refault_anon 0 [ 3098.359957][T31240] workingset_refault_file 2 [ 3098.359957][T31240] workingset_activate_anon 0 [ 3098.359957][T31240] workingset_activate_file 0 [ 3098.359957][T31240] workingset_restore_anon 0 [ 3098.359957][T31240] workingset_restore_file 2 [ 3098.359957][T31240] workingset_nodereclaim 0 [ 3098.359957][T31240] pgscan 4589 [ 3098.359957][T31240] pgsteal 107 [ 3098.359957][T31240] pgscan_kswapd 92 [ 3098.359957][T31240] pgscan_direct 4497 [ 3098.359957][T31240] pgscan_khugepaged 0 [ 3098.359957][T31240] pgsteal_kswapd 88 [ 3098.359957][T31240] pgsteal_direct 19 [ 3098.359957][T31240] pgsteal_khugepaged 0 [ 3098.359957][T31240] pgfault 568095 [ 3098.359957][T31240] pgmajfault 2 [ 3098.359957][T31240] pgrefill 16619 [ 3098.359957][T31240] pgactivate 4482 [ 3098.359957][T31240] pgdeactivate 0 [ 3098.359957][T31240] pglazyfree 0 [ 3098.359957][T31240] pglazyfreed 0 [ 3098.359957][T31240] zswpin 0 [ 3098.359957][T31240] zswpout 0 15:37:10 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xaa020000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6f940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:10 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0xb00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xfffff000}, 0x0) [ 3098.668639][T31240] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=31232,uid=0 [ 3098.693160][T31240] Memory cgroup out of memory: Killed process 31232 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3098.826407][T31244] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3098.854489][T31244] CPU: 1 PID: 31244 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3098.864941][T31244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3098.875001][T31244] Call Trace: [ 3098.878286][T31244] [ 3098.881220][T31244] dump_stack_lvl+0x136/0x150 [ 3098.885908][T31244] dump_header+0x10a/0xd70 [ 3098.890324][T31244] oom_kill_process+0x25d/0x600 [ 3098.895174][T31244] out_of_memory+0x35c/0x1660 [ 3098.899852][T31244] ? find_held_lock+0x2d/0x110 [ 3098.904702][T31244] ? oom_killer_disable+0x2b0/0x2b0 [ 3098.909897][T31244] ? rcu_read_unlock+0x9/0x60 [ 3098.914570][T31244] ? find_held_lock+0x2d/0x110 [ 3098.919344][T31244] mem_cgroup_out_of_memory+0x206/0x270 [ 3098.924892][T31244] ? mem_cgroup_margin+0x130/0x130 [ 3098.930002][T31244] ? lock_downgrade+0x690/0x690 [ 3098.934863][T31244] try_charge_memcg+0xf99/0x13a0 [ 3098.939815][T31244] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3098.945805][T31244] ? rcu_read_unlock+0x9/0x60 [ 3098.950480][T31244] ? lock_downgrade+0x690/0x690 [ 3098.955342][T31244] charge_memcg+0x90/0x3b0 [ 3098.959769][T31244] __mem_cgroup_charge+0x2b/0x90 [ 3098.964802][T31244] do_wp_page+0x8ea/0x33c0 [ 3098.969259][T31244] ? lock_sync+0x190/0x190 [ 3098.973683][T31244] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3098.979062][T31244] ? do_raw_spin_lock+0x124/0x2b0 [ 3098.984095][T31244] ? spin_bug+0x1c0/0x1c0 [ 3098.988435][T31244] __handle_mm_fault+0x1635/0x41c0 [ 3098.993551][T31244] ? vm_iomap_memory+0x190/0x190 [ 3098.998495][T31244] ? mas_walk+0x58f/0x730 [ 3099.002842][T31244] ? numa_migrate_prep+0x3a0/0x3a0 [ 3099.007982][T31244] ? do_user_addr_fault+0x367/0x1210 [ 3099.013283][T31244] handle_mm_fault+0x2af/0x9f0 [ 3099.018073][T31244] do_user_addr_fault+0x2ca/0x1210 [ 3099.023190][T31244] ? rcu_is_watching+0x12/0xb0 [ 3099.027969][T31244] exc_page_fault+0x98/0x170 [ 3099.032567][T31244] asm_exc_page_fault+0x26/0x30 [ 3099.037427][T31244] RIP: 0033:0x7fcdfee39610 [ 3099.041845][T31244] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3099.061448][T31244] RSP: 002b:00007ffda41c1dd0 EFLAGS: 00010246 [ 3099.067522][T31244] RAX: 00000000899363ac RBX: 00007fcdfefac018 RCX: 0000001b2e120000 15:37:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xffffff7f}, 0x0) 15:37:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6a030000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3099.075488][T31244] RDX: 0000000000000000 RSI: 0000001b2e120018 RDI: 000000000c826fe4 [ 3099.083455][T31244] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3099.091419][T31244] R10: 00007ffda41c1f90 R11: 0000000000000246 R12: 00007fcdfefa0000 [ 3099.099384][T31244] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3099.107347][T31244] ? __sock_create+0x46/0x850 [ 3099.112025][T31244] 15:37:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3400}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3099.232608][T31244] memory: usage 307200kB, limit 307200kB, failcnt 38789 15:37:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x25, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3099.349712][T31366] netlink: 'syz-executor.5': attribute type 37 has an invalid length. [ 3099.411263][T31244] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3099.442842][T31244] Memory cgroup stats for /syz4: [ 3099.442981][T31244] anon 2101248 [ 3099.442981][T31244] file 7716864 [ 3099.442981][T31244] kernel 304689152 [ 3099.442981][T31244] kernel_stack 688128 [ 3099.442981][T31244] pagetables 1163264 [ 3099.442981][T31244] sec_pagetables 0 [ 3099.442981][T31244] percpu 5219168 [ 3099.442981][T31244] sock 0 [ 3099.442981][T31244] vmalloc 8192 [ 3099.442981][T31244] shmem 7716864 [ 3099.442981][T31244] zswap 0 [ 3099.442981][T31244] zswapped 0 [ 3099.442981][T31244] file_mapped 196608 [ 3099.442981][T31244] file_dirty 0 [ 3099.442981][T31244] file_writeback 0 [ 3099.442981][T31244] swapcached 0 [ 3099.442981][T31244] anon_thp 0 [ 3099.442981][T31244] file_thp 0 [ 3099.442981][T31244] shmem_thp 0 [ 3099.442981][T31244] inactive_anon 9596928 [ 3099.442981][T31244] active_anon 221184 [ 3099.442981][T31244] inactive_file 0 [ 3099.442981][T31244] active_file 0 [ 3099.442981][T31244] unevictable 0 [ 3099.442981][T31244] slab_reclaimable 179600 [ 3099.442981][T31244] slab_unreclaimable 297095976 [ 3099.442981][T31244] slab 297275576 [ 3099.442981][T31244] workingset_refault_anon 0 [ 3099.442981][T31244] workingset_refault_file 0 [ 3099.442981][T31244] workingset_activate_anon 0 [ 3099.442981][T31244] workingset_activate_file 0 [ 3099.442981][T31244] workingset_restore_anon 0 [ 3099.442981][T31244] workingset_restore_file 0 [ 3099.442981][T31244] workingset_nodereclaim 0 [ 3099.442981][T31244] pgscan 116 [ 3099.442981][T31244] pgsteal 111 [ 3099.442981][T31244] pgscan_kswapd 99 [ 3099.442981][T31244] pgscan_direct 17 [ 3099.442981][T31244] pgscan_khugepaged 0 [ 3099.442981][T31244] pgsteal_kswapd 97 [ 3099.442981][T31244] pgsteal_direct 14 [ 3099.442981][T31244] pgsteal_khugepaged 0 [ 3099.442981][T31244] pgfault 696625 [ 3099.442981][T31244] pgmajfault 6 [ 3099.442981][T31244] pgrefill 593 [ 3099.442981][T31244] pgactivate 5 [ 3099.442981][T31244] pgdeactivate 0 [ 3099.442981][T31244] pglazyfree 0 [ 3099.442981][T31244] pglazyfreed 0 [ 3099.442981][T31244] zswpin 0 [ 3099.442981][T31244] zswpout 0 15:37:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0xa, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xda030000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3099.664988][T31422] __nla_validate_parse: 6 callbacks suppressed [ 3099.665002][T31422] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3099.698301][T31423] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 15:37:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x9, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3099.743781][T31244] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=31244,uid=0 [ 3099.758960][T31423] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 3099.782835][T31244] Memory cgroup out of memory: Killed process 31244 (syz-executor.4) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3099.833468][T31246] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3099.890421][T31246] CPU: 1 PID: 31246 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3099.900862][T31246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3099.910919][T31246] Call Trace: [ 3099.914195][T31246] [ 3099.917128][T31246] dump_stack_lvl+0x136/0x150 [ 3099.921842][T31246] dump_header+0x10a/0xd70 [ 3099.926267][T31246] oom_kill_process+0x25d/0x600 [ 3099.931124][T31246] out_of_memory+0x35c/0x1660 [ 3099.935813][T31246] ? oom_killer_disable+0x2b0/0x2b0 [ 3099.941016][T31246] ? rcu_read_unlock+0x9/0x60 [ 3099.945701][T31246] ? find_held_lock+0x2d/0x110 [ 3099.950470][T31246] mem_cgroup_out_of_memory+0x206/0x270 [ 3099.956020][T31246] ? mem_cgroup_margin+0x130/0x130 [ 3099.961137][T31246] ? lock_downgrade+0x690/0x690 [ 3099.966001][T31246] try_charge_memcg+0xf99/0x13a0 [ 3099.970951][T31246] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3099.976946][T31246] ? rcu_read_unlock+0x9/0x60 [ 3099.979241][T31441] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3099.981616][T31246] ? lock_downgrade+0x690/0x690 [ 3099.981653][T31246] charge_memcg+0x90/0x3b0 [ 3100.000163][T31246] __mem_cgroup_charge+0x2b/0x90 [ 3100.005099][T31246] ? copy_mc_to_kernel+0x86/0x90 [ 3100.010047][T31246] do_wp_page+0x8ea/0x33c0 [ 3100.014504][T31246] ? lock_sync+0x190/0x190 [ 3100.018935][T31246] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3100.024306][T31246] ? do_raw_spin_lock+0x124/0x2b0 [ 3100.029336][T31246] ? spin_bug+0x1c0/0x1c0 [ 3100.033677][T31246] __handle_mm_fault+0x1635/0x41c0 15:37:11 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xaa030000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3100.038792][T31246] ? vm_iomap_memory+0x190/0x190 [ 3100.043729][T31246] ? mas_walk+0x58f/0x730 [ 3100.048073][T31246] ? numa_migrate_prep+0x3a0/0x3a0 [ 3100.053184][T31246] handle_mm_fault+0x2af/0x9f0 [ 3100.057952][T31246] do_user_addr_fault+0x2ca/0x1210 [ 3100.063072][T31246] ? rcu_is_watching+0x12/0xb0 [ 3100.067847][T31246] exc_page_fault+0x98/0x170 [ 3100.072439][T31246] asm_exc_page_fault+0x26/0x30 [ 3100.077299][T31246] RIP: 0033:0x7f5bd06366e5 [ 3100.081715][T31246] Code: 0f 1f 44 00 00 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d de 19 17 00 48 01 ca 02 01 48 89 42 08 48 8b 0d 8d 72 17 00 48 8b 53 10 4c 8d 81 00 [ 3100.101329][T31246] RSP: 002b:00007fffe74b1750 EFLAGS: 00010206 [ 3100.107396][T31246] RAX: 0000000000000003 RBX: 00007f5bd07abf80 RCX: 00007f5bd07a80c0 [ 3100.115365][T31246] RDX: 00007f5bd07a80c0 RSI: 0000000000000080 RDI: 00007f5bd07abf80 [ 3100.123331][T31246] RBP: 00007f5bd07abf80 R08: 00007fffe753d080 R09: 0000000000000000 [ 3100.131309][T31246] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00000000002f48b7 [ 3100.139279][T31246] R13: 00007fffe74b1860 R14: 00007f5bd07abf80 R15: 0000000000000032 [ 3100.147262][T31246] [ 3100.211056][T31441] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3100.226939][T31445] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 15:37:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xffffff9e}, 0x0) [ 3100.303383][T31246] memory: usage 307172kB, limit 307200kB, failcnt 26838 [ 3100.330756][T31475] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3100.333205][T31246] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3100.347886][T31246] Memory cgroup stats for /syz2: [ 3100.348044][T31246] anon 110592 [ 3100.348044][T31246] file 8388608 [ 3100.348044][T31246] kernel 306044928 [ 3100.348044][T31246] kernel_stack 65536 [ 3100.348044][T31246] pagetables 69632 [ 3100.348044][T31246] sec_pagetables 0 [ 3100.348044][T31246] percpu 5294912 [ 3100.348044][T31246] sock 0 [ 3100.348044][T31246] vmalloc 16384 [ 3100.348044][T31246] shmem 8380416 [ 3100.348044][T31246] zswap 0 [ 3100.348044][T31246] zswapped 0 [ 3100.348044][T31246] file_mapped 286720 [ 3100.348044][T31246] file_dirty 8192 [ 3100.348044][T31246] file_writeback 0 [ 3100.348044][T31246] swapcached 0 [ 3100.348044][T31246] anon_thp 0 [ 3100.348044][T31246] file_thp 0 [ 3100.348044][T31246] shmem_thp 0 [ 3100.348044][T31246] inactive_anon 8417280 [ 3100.348044][T31246] active_anon 73728 [ 3100.348044][T31246] inactive_file 8192 [ 3100.348044][T31246] active_file 0 [ 3100.348044][T31246] unevictable 0 [ 3100.348044][T31246] slab_reclaimable 39288 [ 3100.348044][T31246] slab_unreclaimable 300524288 [ 3100.348044][T31246] slab 300563576 [ 3100.348044][T31246] workingset_refault_anon 0 [ 3100.348044][T31246] workingset_refault_file 2 [ 3100.348044][T31246] workingset_activate_anon 0 [ 3100.348044][T31246] workingset_activate_file 0 [ 3100.348044][T31246] workingset_restore_anon 0 [ 3100.348044][T31246] workingset_restore_file 2 [ 3100.348044][T31246] workingset_nodereclaim 0 [ 3100.348044][T31246] pgscan 8434 [ 3100.348044][T31246] pgsteal 122 [ 3100.348044][T31246] pgscan_kswapd 106 [ 3100.348044][T31246] pgscan_direct 8328 [ 3100.348044][T31246] pgscan_khugepaged 0 [ 3100.348044][T31246] pgsteal_kswapd 97 [ 3100.348044][T31246] pgsteal_direct 25 [ 3100.348044][T31246] pgsteal_khugepaged 0 [ 3100.348044][T31246] pgfault 695829 [ 3100.348044][T31246] pgmajfault 0 [ 3100.348044][T31246] pgrefill 32565 [ 3100.348044][T31246] pgactivate 8312 [ 3100.348044][T31246] pgdeactivate 0 [ 3100.348044][T31246] pglazyfree 0 [ 3100.348044][T31246] pglazyfreed 0 [ 3100.348044][T31246] zswpin 0 [ 3100.348044][T31246] zswpout 0 [ 3100.571925][T31246] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31246,uid=0 [ 3100.611282][T31246] Memory cgroup out of memory: Killed process 31246 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:37:12 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0xc00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xffffffc3}, 0x0) [ 3100.673682][T31442] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3100.747101][T31580] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3100.762059][T31579] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3100.784380][T31581] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3100.790596][T31442] CPU: 1 PID: 31442 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3100.804074][T31442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3100.814136][T31442] Call Trace: [ 3100.817411][T31442] [ 3100.820364][T31442] dump_stack_lvl+0x136/0x150 [ 3100.825060][T31442] dump_header+0x10a/0xd70 [ 3100.829478][T31442] oom_kill_process+0x25d/0x600 [ 3100.834326][T31442] out_of_memory+0x35c/0x1660 [ 3100.839007][T31442] ? oom_killer_disable+0x2b0/0x2b0 [ 3100.844198][T31442] ? rcu_read_unlock+0x9/0x60 [ 3100.848875][T31442] ? find_held_lock+0x2d/0x110 [ 3100.853638][T31442] mem_cgroup_out_of_memory+0x206/0x270 [ 3100.859184][T31442] ? mem_cgroup_margin+0x130/0x130 [ 3100.864293][T31442] ? lock_downgrade+0x690/0x690 [ 3100.869159][T31442] try_charge_memcg+0xf99/0x13a0 [ 3100.874105][T31442] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3100.880085][T31442] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3100.885796][T31442] ? lock_downgrade+0x690/0x690 [ 3100.890661][T31442] ? lock_downgrade+0x690/0x690 [ 3100.895502][T31442] ? rcu_read_unlock+0x9/0x60 [ 3100.900175][T31442] obj_cgroup_charge+0x2af/0x5e0 [ 3100.905111][T31442] ? copy_process+0x3c0/0x75c0 [ 3100.909863][T31442] kmem_cache_alloc_node+0xa8/0x3e0 [ 3100.915058][T31442] copy_process+0x3c0/0x75c0 [ 3100.919648][T31442] ? pidfd_prepare+0x80/0x80 [ 3100.924245][T31442] ? lock_downgrade+0x690/0x690 [ 3100.929089][T31442] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3100.935065][T31442] ? folio_add_lru+0x47f/0x7c0 [ 3100.939824][T31442] kernel_clone+0xeb/0x890 [ 3100.944231][T31442] ? create_io_thread+0xe0/0xe0 [ 3100.949075][T31442] ? find_held_lock+0x2d/0x110 [ 3100.953830][T31442] ? find_held_lock+0x2d/0x110 [ 3100.958588][T31442] __do_sys_clone+0xba/0x100 [ 3100.963172][T31442] ? kernel_clone+0x890/0x890 [ 3100.967847][T31442] ? syscall_enter_from_user_mode+0x26/0x80 [ 3100.973733][T31442] do_syscall_64+0x39/0xb0 [ 3100.978144][T31442] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3100.984030][T31442] RIP: 0033:0x7fcdfee8d591 [ 3100.988431][T31442] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3101.008043][T31442] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3101.016440][T31442] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3101.024396][T31442] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3101.032355][T31442] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3101.040312][T31442] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3101.048268][T31442] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3101.056241][T31442] [ 3101.234427][T31442] memory: usage 307196kB, limit 307200kB, failcnt 38849 [ 3101.253661][T31442] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3101.280469][T31442] Memory cgroup stats for /syz4: [ 3101.280636][T31442] anon 2093056 [ 3101.280636][T31442] file 7716864 [ 3101.280636][T31442] kernel 304758784 [ 3101.280636][T31442] kernel_stack 688128 [ 3101.280636][T31442] pagetables 1163264 [ 3101.280636][T31442] sec_pagetables 0 [ 3101.280636][T31442] percpu 5219232 [ 3101.280636][T31442] sock 0 [ 3101.280636][T31442] vmalloc 8192 [ 3101.280636][T31442] shmem 7716864 [ 3101.280636][T31442] zswap 0 [ 3101.280636][T31442] zswapped 0 [ 3101.280636][T31442] file_mapped 196608 [ 3101.280636][T31442] file_dirty 0 [ 3101.280636][T31442] file_writeback 0 [ 3101.280636][T31442] swapcached 0 [ 3101.280636][T31442] anon_thp 0 [ 3101.280636][T31442] file_thp 0 [ 3101.280636][T31442] shmem_thp 0 [ 3101.280636][T31442] inactive_anon 9596928 [ 3101.280636][T31442] active_anon 212992 [ 3101.280636][T31442] inactive_file 0 [ 3101.280636][T31442] active_file 0 [ 3101.280636][T31442] unevictable 0 [ 3101.280636][T31442] slab_reclaimable 214840 [ 3101.280636][T31442] slab_unreclaimable 297122144 [ 3101.280636][T31442] slab 297336984 [ 3101.280636][T31442] workingset_refault_anon 0 [ 3101.280636][T31442] workingset_refault_file 0 [ 3101.280636][T31442] workingset_activate_anon 0 [ 3101.280636][T31442] workingset_activate_file 0 [ 3101.280636][T31442] workingset_restore_anon 0 [ 3101.280636][T31442] workingset_restore_file 0 [ 3101.280636][T31442] workingset_nodereclaim 0 [ 3101.280636][T31442] pgscan 116 [ 3101.280636][T31442] pgsteal 111 [ 3101.280636][T31442] pgscan_kswapd 99 [ 3101.280636][T31442] pgscan_direct 17 [ 3101.280636][T31442] pgscan_khugepaged 0 [ 3101.280636][T31442] pgsteal_kswapd 97 [ 3101.280636][T31442] pgsteal_direct 14 [ 3101.280636][T31442] pgsteal_khugepaged 0 [ 3101.280636][T31442] pgfault 696671 [ 3101.280636][T31442] pgmajfault 6 [ 3101.280636][T31442] pgrefill 593 [ 3101.280636][T31442] pgactivate 5 [ 3101.280636][T31442] pgdeactivate 0 [ 3101.280636][T31442] pglazyfree 0 [ 3101.280636][T31442] pglazyfreed 0 [ 3101.280636][T31442] zswpin 0 [ 3101.280636][T31442] zswpout 0 [ 3101.552186][T31442] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=31442,uid=0 [ 3101.574241][T31442] Memory cgroup out of memory: Killed process 31442 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3101.621972][T31583] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3101.654289][T31371] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3101.688571][T31583] CPU: 0 PID: 31583 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3101.698990][T31583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3101.709042][T31583] Call Trace: [ 3101.712325][T31583] [ 3101.715258][T31583] dump_stack_lvl+0x136/0x150 [ 3101.719944][T31583] dump_header+0x10a/0xd70 [ 3101.724360][T31583] oom_kill_process+0x25d/0x600 [ 3101.729211][T31583] out_of_memory+0x35c/0x1660 [ 3101.733886][T31583] ? find_held_lock+0x2d/0x110 15:37:13 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3500}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:13 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:13 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3c120000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:13 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xffffffe4}, 0x0) 15:37:13 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xaa940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3101.738660][T31583] ? oom_killer_disable+0x2b0/0x2b0 [ 3101.743949][T31583] ? rcu_read_unlock+0x9/0x60 [ 3101.748630][T31583] ? find_held_lock+0x2d/0x110 [ 3101.753399][T31583] mem_cgroup_out_of_memory+0x206/0x270 [ 3101.758951][T31583] ? mem_cgroup_margin+0x130/0x130 [ 3101.764074][T31583] ? lock_downgrade+0x690/0x690 [ 3101.768943][T31583] try_charge_memcg+0xf99/0x13a0 [ 3101.773893][T31583] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3101.779891][T31583] ? rcu_read_unlock+0x9/0x60 [ 3101.784576][T31583] ? lock_downgrade+0x690/0x690 [ 3101.789440][T31583] charge_memcg+0x90/0x3b0 [ 3101.793862][T31583] __mem_cgroup_charge+0x2b/0x90 [ 3101.798797][T31583] do_wp_page+0x8ea/0x33c0 [ 3101.803219][T31583] ? lock_sync+0x190/0x190 [ 3101.807644][T31583] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3101.813018][T31583] ? do_raw_spin_lock+0x124/0x2b0 [ 3101.818059][T31583] ? spin_bug+0x1c0/0x1c0 [ 3101.822400][T31583] __handle_mm_fault+0x1635/0x41c0 [ 3101.827513][T31583] ? vm_iomap_memory+0x190/0x190 [ 3101.832450][T31583] ? mas_walk+0x58f/0x730 [ 3101.836793][T31583] ? numa_migrate_prep+0x3a0/0x3a0 [ 3101.841900][T31583] ? do_user_addr_fault+0x367/0x1210 [ 3101.847194][T31583] handle_mm_fault+0x2af/0x9f0 [ 3101.851967][T31583] do_user_addr_fault+0x2ca/0x1210 [ 3101.857089][T31583] ? rcu_is_watching+0x12/0xb0 [ 3101.861962][T31583] exc_page_fault+0x98/0x170 [ 3101.866555][T31583] asm_exc_page_fault+0x26/0x30 [ 3101.871414][T31583] RIP: 0033:0x7f5bd0639610 [ 3101.875851][T31583] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3101.895457][T31583] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3101.901522][T31583] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3101.909492][T31583] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3101.917462][T31583] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3101.925433][T31583] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3101.933401][T31583] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3101.941370][T31583] ? __sock_create+0x46/0x850 [ 3101.946067][T31583] 15:37:13 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3102.040042][T31583] memory: usage 307200kB, limit 307200kB, failcnt 26949 15:37:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xfffffff0}, 0x0) [ 3102.131403][T31583] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3102.152008][T31583] Memory cgroup stats for /syz2: [ 3102.152216][T31583] anon 122880 [ 3102.152216][T31583] file 8388608 [ 3102.152216][T31583] kernel 306061312 [ 3102.152216][T31583] kernel_stack 65536 [ 3102.152216][T31583] pagetables 69632 [ 3102.152216][T31583] sec_pagetables 0 [ 3102.152216][T31583] percpu 5294976 [ 3102.152216][T31583] sock 0 [ 3102.152216][T31583] vmalloc 16384 [ 3102.152216][T31583] shmem 8380416 [ 3102.152216][T31583] zswap 0 [ 3102.152216][T31583] zswapped 0 [ 3102.152216][T31583] file_mapped 286720 [ 3102.152216][T31583] file_dirty 8192 [ 3102.152216][T31583] file_writeback 0 [ 3102.152216][T31583] swapcached 0 [ 3102.152216][T31583] anon_thp 0 [ 3102.152216][T31583] file_thp 0 [ 3102.152216][T31583] shmem_thp 0 [ 3102.152216][T31583] inactive_anon 8417280 [ 3102.152216][T31583] active_anon 86016 [ 3102.152216][T31583] inactive_file 8192 [ 3102.152216][T31583] active_file 0 [ 3102.152216][T31583] unevictable 0 [ 3102.152216][T31583] slab_reclaimable 39288 [ 3102.152216][T31583] slab_unreclaimable 300535960 [ 3102.152216][T31583] slab 300575248 [ 3102.152216][T31583] workingset_refault_anon 0 [ 3102.152216][T31583] workingset_refault_file 2 [ 3102.152216][T31583] workingset_activate_anon 0 [ 3102.152216][T31583] workingset_activate_file 0 [ 3102.152216][T31583] workingset_restore_anon 0 [ 3102.152216][T31583] workingset_restore_file 2 [ 3102.152216][T31583] workingset_nodereclaim 0 [ 3102.152216][T31583] pgscan 8434 [ 3102.152216][T31583] pgsteal 122 [ 3102.152216][T31583] pgscan_kswapd 106 [ 3102.152216][T31583] pgscan_direct 8328 [ 3102.152216][T31583] pgscan_khugepaged 0 [ 3102.152216][T31583] pgsteal_kswapd 97 [ 3102.152216][T31583] pgsteal_direct 25 [ 3102.152216][T31583] pgsteal_khugepaged 0 [ 3102.152216][T31583] pgfault 695877 [ 3102.152216][T31583] pgmajfault 0 [ 3102.152216][T31583] pgrefill 32709 [ 3102.152216][T31583] pgactivate 8312 [ 3102.152216][T31583] pgdeactivate 0 [ 3102.152216][T31583] pglazyfree 0 [ 3102.152216][T31583] pglazyfreed 0 [ 3102.152216][T31583] zswpin 0 [ 3102.152216][T31583] zswpout 0 15:37:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xff7f0000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3102.490382][T31583] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31583,uid=0 [ 3102.543876][T31583] Memory cgroup out of memory: Killed process 31583 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:37:14 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0xd00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xfffffffc}, 0x0) 15:37:14 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2a020000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3102.698524][T31810] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3102.743393][T31810] CPU: 0 PID: 31810 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3102.753840][T31810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3102.763895][T31810] Call Trace: [ 3102.767168][T31810] [ 3102.770099][T31810] dump_stack_lvl+0x136/0x150 [ 3102.774794][T31810] dump_header+0x10a/0xd70 [ 3102.779212][T31810] oom_kill_process+0x25d/0x600 [ 3102.784181][T31810] out_of_memory+0x35c/0x1660 [ 3102.788873][T31810] ? find_held_lock+0x2d/0x110 [ 3102.793635][T31810] ? oom_killer_disable+0x2b0/0x2b0 [ 3102.798826][T31810] ? rcu_read_unlock+0x9/0x60 [ 3102.803503][T31810] ? find_held_lock+0x2d/0x110 [ 3102.808266][T31810] mem_cgroup_out_of_memory+0x206/0x270 [ 3102.813811][T31810] ? mem_cgroup_margin+0x130/0x130 [ 3102.818922][T31810] ? lock_downgrade+0x690/0x690 [ 3102.823787][T31810] try_charge_memcg+0xf99/0x13a0 [ 3102.828734][T31810] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3102.834723][T31810] ? rcu_read_unlock+0x9/0x60 [ 3102.839400][T31810] ? lock_downgrade+0x690/0x690 [ 3102.844264][T31810] charge_memcg+0x90/0x3b0 [ 3102.848688][T31810] __mem_cgroup_charge+0x2b/0x90 [ 3102.853624][T31810] ? copy_mc_to_kernel+0x86/0x90 [ 3102.858564][T31810] do_wp_page+0x8ea/0x33c0 [ 3102.862991][T31810] ? lock_sync+0x190/0x190 [ 3102.867408][T31810] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3102.872782][T31810] ? do_raw_spin_lock+0x124/0x2b0 [ 3102.877811][T31810] ? spin_bug+0x1c0/0x1c0 [ 3102.882147][T31810] __handle_mm_fault+0x1635/0x41c0 [ 3102.887249][T31810] ? vm_iomap_memory+0x190/0x190 [ 3102.892171][T31810] ? mas_walk+0x58f/0x730 [ 3102.896534][T31810] ? numa_migrate_prep+0x3a0/0x3a0 [ 3102.901635][T31810] handle_mm_fault+0x2af/0x9f0 [ 3102.906390][T31810] do_user_addr_fault+0x2ca/0x1210 [ 3102.911490][T31810] ? rcu_is_watching+0x12/0xb0 [ 3102.916255][T31810] exc_page_fault+0x98/0x170 [ 3102.920838][T31810] asm_exc_page_fault+0x26/0x30 [ 3102.925677][T31810] RIP: 0033:0x7f5bd065a871 [ 3102.930078][T31810] Code: 12 00 4c 29 e8 4b 8d 0c 2f 48 8b 6c 24 18 48 39 d3 48 89 4b 60 0f 95 c2 48 83 c8 01 0f b6 d2 48 c1 e2 02 4c 09 ea 48 83 ca 01 <49> 89 57 08 48 89 41 08 49 83 c7 10 eb b3 48 8d 3d aa 12 0a 00 e8 [ 3102.949677][T31810] RSP: 002b:00007fffe74b15a0 EFLAGS: 00010206 [ 3102.955731][T31810] RAX: 00000000000206e1 RBX: 00007f5bd07895e0 RCX: 0000555556ee0920 [ 3102.963686][T31810] RDX: 0000000000000121 RSI: 0000000000000000 RDI: 0000000000000004 [ 3102.971643][T31810] RBP: 0000000000000110 R08: 0000000000000003 R09: 00007f5bd0789640 [ 3102.979609][T31810] R10: 0000000000020022 R11: 0000000000000120 R12: 0000000000000010 15:37:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3600}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3102.987564][T31810] R13: 0000000000000120 R14: 0000000000000012 R15: 0000555556ee0800 [ 3102.995538][T31810] 15:37:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xfffffffe}, 0x0) 15:37:15 executing program 5: r0 = syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x808008, &(0x7f00000000c0)={[{@force}, {@nls={'nls', 0x3d, 'macgaelic'}}]}, 0x0, 0x655, &(0x7f0000000a00)="$eJzs3U1sHGcZB/D/rJ21N0iu26YtICSsRoqgEYntpSRIoAaEkA8VisSlVytxGisbt7Jd5FYIXD6vcOuhhyIUDj0hDkhFHCrKGQmJExcfuEXi7gPCaGZn1+vY8VfSrBN+P2n2fWfej3nm8czs7FqWA/zfmnstp9ZTZO78q2vl+saddmfjTvt2r55kLEkjGe0WKZaS4pPkSrpLPldurKcr7refl+9+9P659z5sd9dG66Xq39hv3C579lyvl0wlGanLB7Bjvms753vl6NMV3aDqhJ3tJQ6GbWuX9aMMP/x1C5xY229RO00mp5OM188Bqe8OjUcb3XH8+l/7tR7pLgcAAACPqac2s5m1TAw7DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHic1P//v6iXRq8+laL3//+b1bZm1b057Hgf1MfDDgAAAAAAAAAAHoIvbmYza5norW8V1e/8X6xWzlSvn8lbWclClnMha5nPalaznJkkk1X7u9Vrc21+dXV55n4jt7a2flyPnO2PzMDI2V2hFftHvjX2wAcPAAAAAAAAAE+On2Ru+/f/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwEhTJSLeoljO9+mQao0nGkzTLfuvJn3v1x9nHww4AAAAAHoGnNrOZtUwU/+2ubxXVZ/7nq8/943krS1nNYlbTyUKuV98FdD/1N/6+3u5s3GnfLpfd837r30cKo5ox3e8e9t7zdNXjubr/epLv5vs5n6lczXIW84PMZzULmcp3qtp8ikxWc/3zm0kd5654x8qXKztCuXpQrJ+tImnlRhar2C7kWv9rkEavz8De/thM7snQu2V2ildqh8zR9bosfwa/qsuTYbI68lP9jEzXuS+z8fTG/XJfOeJ5cu+eZtLofwd1Zr89NY6X89N1Web6Fyc657Np9M++5/fPefLlf/zl6s3O0q2bN1bOn5xDOqZ7M9HuZ2I8Lxw+E+uHy8TIXhvHH/woHoZmnY1ujNt3y2TuwLvli9XYiSzme3kj17OQS5nOTC5nOl/PbNoDZ1grz+2f1+paaxztWjv7pbrSSvLLujzYozh9y7w+PZDXwTvdZNU2uGX7OnzmEFk64h1p9PN1pdzHTwfecYbv3kzMDGTi2f0z8Zut8nWls3Rr+eb8m4fc37m6LM+An+88E377MI7n+Mrz5Znyh1Wt7Tw7yrZn92ybqdrO9Nsau9qe67cddKU262e43TN1216o2v6z687ZrJ9veuN2POXkjXT6TyEAnGCnXzrdbN1t/a31QetnrZutV8e/PXZ57AvNnPrr6J9Gft/4XeMbxUv5ID/KxLAjBQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJ8HK2+/cmu90FpZPYCWNExHGk1EZS3LUUcXoww3jD0lORjZU9qy0sr1l2Hcm4NN2cfX2mxdX3n7nK4u3519feH1hafbypcuX2l+b+erFG4udhenu67CjBD4N2+/+w44EAAAAAAAAAAAAOKxH8XcFwz5GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PE291pOrafIzPSF6XJ94067Uy69+nbP0SSNJMUPk+KT5Eq6SyYHpivut5+X7370/rn3PmxvzzXa69/Yb9zhrNdLppKM1OXBxg4137XB+RrHCa/oH2GZsLO9xMGw/S8AAP//DDUP7Q==") getdents64(r0, 0x0, 0x0) [ 3103.200091][T31852] loop5: detected capacity change from 0 to 1024 15:37:15 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0xffffffff}, 0x0) 15:37:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfa030000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3103.482341][T31810] memory: usage 307184kB, limit 307200kB, failcnt 27021 [ 3103.512333][T31810] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3103.532922][T31810] Memory cgroup stats for /syz2: [ 3103.533082][T31810] anon 98304 [ 3103.533082][T31810] file 8388608 [ 3103.533082][T31810] kernel 306069504 [ 3103.533082][T31810] kernel_stack 32768 [ 3103.533082][T31810] pagetables 69632 [ 3103.533082][T31810] sec_pagetables 0 [ 3103.533082][T31810] percpu 5294976 [ 3103.533082][T31810] sock 0 [ 3103.533082][T31810] vmalloc 16384 [ 3103.533082][T31810] shmem 8380416 [ 3103.533082][T31810] zswap 0 [ 3103.533082][T31810] zswapped 0 [ 3103.533082][T31810] file_mapped 286720 [ 3103.533082][T31810] file_dirty 8192 [ 3103.533082][T31810] file_writeback 0 [ 3103.533082][T31810] swapcached 0 [ 3103.533082][T31810] anon_thp 0 [ 3103.533082][T31810] file_thp 0 [ 3103.533082][T31810] shmem_thp 0 [ 3103.533082][T31810] inactive_anon 0 [ 3103.533082][T31810] active_anon 8478720 [ 3103.533082][T31810] inactive_file 8192 [ 3103.533082][T31810] active_file 0 [ 3103.533082][T31810] unevictable 0 [ 3103.533082][T31810] slab_reclaimable 75552 [ 3103.533082][T31810] slab_unreclaimable 300540688 [ 3103.533082][T31810] slab 300616240 [ 3103.533082][T31810] workingset_refault_anon 0 [ 3103.533082][T31810] workingset_refault_file 2 [ 3103.533082][T31810] workingset_activate_anon 0 [ 3103.533082][T31810] workingset_activate_file 0 [ 3103.533082][T31810] workingset_restore_anon 0 [ 3103.533082][T31810] workingset_restore_file 2 [ 3103.533082][T31810] workingset_nodereclaim 0 [ 3103.533082][T31810] pgscan 8434 [ 3103.533082][T31810] pgsteal 122 [ 3103.533082][T31810] pgscan_kswapd 106 [ 3103.533082][T31810] pgscan_direct 8328 [ 3103.533082][T31810] pgscan_khugepaged 0 [ 3103.533082][T31810] pgsteal_kswapd 97 [ 3103.533082][T31810] pgsteal_direct 25 [ 3103.533082][T31810] pgsteal_khugepaged 0 [ 3103.533082][T31810] pgfault 695916 [ 3103.533082][T31810] pgmajfault 0 [ 3103.533082][T31810] pgrefill 32793 [ 3103.533082][T31810] pgactivate 8312 [ 3103.533082][T31810] pgdeactivate 0 [ 3103.533082][T31810] pglazyfree 0 [ 3103.533082][T31810] pglazyfreed 0 [ 3103.533082][T31810] zswpin 0 [ 3103.533082][T31810] zswpout 0 [ 3103.801853][T31810] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31810,uid=0 [ 3103.830129][T31810] Memory cgroup out of memory: Killed process 31810 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3103.933840][T31588] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3103.980641][T31588] CPU: 1 PID: 31588 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3103.991077][T31588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3104.001132][T31588] Call Trace: [ 3104.004414][T31588] [ 3104.007343][T31588] dump_stack_lvl+0x136/0x150 [ 3104.012034][T31588] dump_header+0x10a/0xd70 [ 3104.016461][T31588] oom_kill_process+0x25d/0x600 [ 3104.021319][T31588] out_of_memory+0x35c/0x1660 [ 3104.026002][T31588] ? find_held_lock+0x2d/0x110 [ 3104.030780][T31588] ? oom_killer_disable+0x2b0/0x2b0 [ 3104.035975][T31588] ? rcu_read_unlock+0x9/0x60 [ 3104.040653][T31588] ? find_held_lock+0x2d/0x110 [ 3104.045501][T31588] mem_cgroup_out_of_memory+0x206/0x270 [ 3104.051047][T31588] ? mem_cgroup_margin+0x130/0x130 [ 3104.056167][T31588] ? lock_downgrade+0x690/0x690 [ 3104.061027][T31588] try_charge_memcg+0xf99/0x13a0 [ 3104.065973][T31588] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3104.071963][T31588] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3104.077677][T31588] ? lock_downgrade+0x690/0x690 [ 3104.082522][T31588] ? lock_downgrade+0x690/0x690 [ 3104.087379][T31588] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3104.092923][T31588] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3104.099072][T31588] copy_process+0x4f9/0x75c0 [ 3104.103660][T31588] ? pidfd_prepare+0x80/0x80 [ 3104.108245][T31588] ? lock_downgrade+0x690/0x690 [ 3104.113086][T31588] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3104.119062][T31588] ? folio_add_lru+0x47f/0x7c0 [ 3104.123818][T31588] kernel_clone+0xeb/0x890 [ 3104.128227][T31588] ? create_io_thread+0xe0/0xe0 [ 3104.133071][T31588] ? find_held_lock+0x2d/0x110 [ 3104.137852][T31588] ? find_held_lock+0x2d/0x110 [ 3104.142612][T31588] __do_sys_clone+0xba/0x100 [ 3104.147199][T31588] ? kernel_clone+0x890/0x890 [ 3104.151875][T31588] ? syscall_enter_from_user_mode+0x26/0x80 [ 3104.157775][T31588] do_syscall_64+0x39/0xb0 [ 3104.162282][T31588] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3104.168169][T31588] RIP: 0033:0x7fcdfee8d591 [ 3104.172569][T31588] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3104.192261][T31588] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3104.200663][T31588] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3104.208709][T31588] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3104.216673][T31588] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3104.224629][T31588] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3104.232584][T31588] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3104.240553][T31588] [ 3104.323207][T31588] memory: usage 307200kB, limit 307200kB, failcnt 38957 [ 3104.330995][T31588] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3104.338713][T31588] Memory cgroup stats for /syz4: [ 3104.338932][T31588] anon 2142208 [ 3104.338932][T31588] file 7716864 [ 3104.338932][T31588] kernel 304713728 [ 3104.338932][T31588] kernel_stack 688128 [ 3104.338932][T31588] pagetables 1171456 [ 3104.338932][T31588] sec_pagetables 0 [ 3104.338932][T31588] percpu 5219168 [ 3104.338932][T31588] sock 0 [ 3104.338932][T31588] vmalloc 8192 [ 3104.338932][T31588] shmem 7716864 [ 3104.338932][T31588] zswap 0 [ 3104.338932][T31588] zswapped 0 [ 3104.338932][T31588] file_mapped 196608 [ 3104.338932][T31588] file_dirty 0 [ 3104.338932][T31588] file_writeback 0 [ 3104.338932][T31588] swapcached 0 [ 3104.338932][T31588] anon_thp 0 [ 3104.338932][T31588] file_thp 0 [ 3104.338932][T31588] shmem_thp 0 [ 3104.338932][T31588] inactive_anon 9596928 [ 3104.338932][T31588] active_anon 262144 [ 3104.338932][T31588] inactive_file 0 [ 3104.338932][T31588] active_file 0 [ 3104.338932][T31588] unevictable 0 [ 3104.338932][T31588] slab_reclaimable 172672 [ 3104.338932][T31588] slab_unreclaimable 297105072 [ 3104.338932][T31588] slab 297277744 [ 3104.338932][T31588] workingset_refault_anon 0 [ 3104.338932][T31588] workingset_refault_file 0 [ 3104.338932][T31588] workingset_activate_anon 0 [ 3104.338932][T31588] workingset_activate_file 0 [ 3104.338932][T31588] workingset_restore_anon 0 [ 3104.338932][T31588] workingset_restore_file 0 [ 3104.338932][T31588] workingset_nodereclaim 0 [ 3104.338932][T31588] pgscan 116 [ 3104.338932][T31588] pgsteal 111 [ 3104.338932][T31588] pgscan_kswapd 99 [ 3104.338932][T31588] pgscan_direct 17 [ 3104.338932][T31588] pgscan_khugepaged 0 [ 3104.338932][T31588] pgsteal_kswapd 97 [ 3104.338932][T31588] pgsteal_direct 14 [ 3104.338932][T31588] pgsteal_khugepaged 0 [ 3104.338932][T31588] pgfault 696735 [ 3104.338932][T31588] pgmajfault 6 [ 3104.338932][T31588] pgrefill 593 [ 3104.338932][T31588] pgactivate 5 [ 3104.338932][T31588] pgdeactivate 0 [ 3104.338932][T31588] pglazyfree 0 [ 3104.338932][T31588] pglazyfreed 0 [ 3104.338932][T31588] zswpin 0 [ 3104.338932][T31588] zswpout 0 [ 3104.613112][T31588] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=31588,uid=0 [ 3104.652836][T31588] Memory cgroup out of memory: Killed process 31588 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:37:16 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xab940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:16 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x2) 15:37:16 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:16 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0xe00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:16 executing program 5: syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x808008, &(0x7f00000000c0)={[{@force}, {@nls={'nls', 0x3d, 'macgaelic'}}]}, 0x0, 0x655, &(0x7f0000000a00)="$eJzs3U1sHGcZB/D/rJ21N0iu26YtICSsRoqgEYntpSRIoAaEkA8VisSlVytxGisbt7Jd5FYIXD6vcOuhhyIUDj0hDkhFHCrKGQmJExcfuEXi7gPCaGZn1+vY8VfSrBN+P2n2fWfej3nm8czs7FqWA/zfmnstp9ZTZO78q2vl+saddmfjTvt2r55kLEkjGe0WKZaS4pPkSrpLPldurKcr7refl+9+9P659z5sd9dG66Xq39hv3C579lyvl0wlGanLB7Bjvms753vl6NMV3aDqhJ3tJQ6GbWuX9aMMP/x1C5xY229RO00mp5OM188Bqe8OjUcb3XH8+l/7tR7pLgcAAACPqac2s5m1TAw7DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHic1P//v6iXRq8+laL3//+b1bZm1b057Hgf1MfDDgAAAAAAAAAAHoIvbmYza5norW8V1e/8X6xWzlSvn8lbWclClnMha5nPalaznJkkk1X7u9Vrc21+dXV55n4jt7a2flyPnO2PzMDI2V2hFftHvjX2wAcPAAAAAAAAAE+On2Ru+/f/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwEhTJSLeoljO9+mQao0nGkzTLfuvJn3v1x9nHww4AAAAAHoGnNrOZtUwU/+2ubxXVZ/7nq8/943krS1nNYlbTyUKuV98FdD/1N/6+3u5s3GnfLpfd837r30cKo5ox3e8e9t7zdNXjubr/epLv5vs5n6lczXIW84PMZzULmcp3qtp8ikxWc/3zm0kd5654x8qXKztCuXpQrJ+tImnlRhar2C7kWv9rkEavz8De/thM7snQu2V2ildqh8zR9bosfwa/qsuTYbI68lP9jEzXuS+z8fTG/XJfOeJ5cu+eZtLofwd1Zr89NY6X89N1Web6Fyc657Np9M++5/fPefLlf/zl6s3O0q2bN1bOn5xDOqZ7M9HuZ2I8Lxw+E+uHy8TIXhvHH/woHoZmnY1ujNt3y2TuwLvli9XYiSzme3kj17OQS5nOTC5nOl/PbNoDZ1grz+2f1+paaxztWjv7pbrSSvLLujzYozh9y7w+PZDXwTvdZNU2uGX7OnzmEFk64h1p9PN1pdzHTwfecYbv3kzMDGTi2f0z8Zut8nWls3Rr+eb8m4fc37m6LM+An+88E377MI7n+Mrz5Znyh1Wt7Tw7yrZn92ybqdrO9Nsau9qe67cddKU262e43TN1216o2v6z687ZrJ9veuN2POXkjXT6TyEAnGCnXzrdbN1t/a31QetnrZutV8e/PXZ57AvNnPrr6J9Gft/4XeMbxUv5ID/KxLAjBQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJ8HK2+/cmu90FpZPYCWNExHGk1EZS3LUUcXoww3jD0lORjZU9qy0sr1l2Hcm4NN2cfX2mxdX3n7nK4u3519feH1hafbypcuX2l+b+erFG4udhenu67CjBD4N2+/+w44EAAAAAAAAAAAAOKxH8XcFwz5GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PE291pOrafIzPSF6XJ94067Uy69+nbP0SSNJMUPk+KT5Eq6SyYHpivut5+X7370/rn3PmxvzzXa69/Yb9zhrNdLppKM1OXBxg4137XB+RrHCa/oH2GZsLO9xMGw/S8AAP//DDUP7Q==") getdents64(0xffffffffffffffff, &(0x7f00000002c0)=""/163, 0xa3) 15:37:16 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3700}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:16 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3104.842662][T31927] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3104.879276][T31935] __nla_validate_parse: 9 callbacks suppressed [ 3104.879288][T31935] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3104.897728][T31927] CPU: 0 PID: 31927 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3104.908148][T31927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3104.918200][T31927] Call Trace: [ 3104.921480][T31927] [ 3104.924408][T31927] dump_stack_lvl+0x136/0x150 [ 3104.929099][T31927] dump_header+0x10a/0xd70 [ 3104.933516][T31927] oom_kill_process+0x25d/0x600 [ 3104.938371][T31927] out_of_memory+0x35c/0x1660 [ 3104.943049][T31927] ? find_held_lock+0x2d/0x110 [ 3104.947816][T31927] ? oom_killer_disable+0x2b0/0x2b0 [ 3104.953011][T31927] ? rcu_read_unlock+0x9/0x60 [ 3104.957688][T31927] ? find_held_lock+0x2d/0x110 [ 3104.962459][T31927] mem_cgroup_out_of_memory+0x206/0x270 [ 3104.968016][T31927] ? mem_cgroup_margin+0x130/0x130 [ 3104.973134][T31927] ? lock_downgrade+0x690/0x690 [ 3104.978001][T31927] try_charge_memcg+0xf99/0x13a0 [ 3104.982953][T31927] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3104.988947][T31927] ? rcu_read_unlock+0x9/0x60 [ 3104.993629][T31927] ? lock_downgrade+0x690/0x690 [ 3104.998589][T31927] charge_memcg+0x90/0x3b0 [ 3105.003105][T31927] __mem_cgroup_charge+0x2b/0x90 [ 3105.008132][T31927] ? copy_mc_to_kernel+0x86/0x90 [ 3105.013078][T31927] do_wp_page+0x8ea/0x33c0 [ 3105.013226][T31934] loop5: detected capacity change from 0 to 1024 [ 3105.017484][T31927] ? lock_sync+0x190/0x190 [ 3105.017511][T31927] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3105.017531][T31927] ? do_raw_spin_lock+0x124/0x2b0 [ 3105.017556][T31927] ? spin_bug+0x1c0/0x1c0 [ 3105.017591][T31927] __handle_mm_fault+0x1635/0x41c0 [ 3105.017614][T31927] ? vm_iomap_memory+0x190/0x190 [ 3105.017632][T31927] ? mas_walk+0x58f/0x730 [ 3105.017669][T31927] ? numa_migrate_prep+0x3a0/0x3a0 [ 3105.017692][T31927] handle_mm_fault+0x2af/0x9f0 [ 3105.017718][T31927] do_user_addr_fault+0x2ca/0x1210 15:37:16 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3105.017743][T31927] ? rcu_is_watching+0x12/0xb0 [ 3105.017774][T31927] exc_page_fault+0x98/0x170 [ 3105.017797][T31927] asm_exc_page_fault+0x26/0x30 [ 3105.017823][T31927] RIP: 0033:0x7f5bd06366e5 [ 3105.017839][T31927] Code: 0f 1f 44 00 00 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d de 19 17 00 48 01 ca 02 01 48 89 42 08 48 8b 0d 8d 72 17 00 48 8b 53 10 4c 8d 81 00 [ 3105.017857][T31927] RSP: 002b:00007fffe74b1750 EFLAGS: 00010206 [ 3105.017873][T31927] RAX: 0000000000000003 RBX: 00007f5bd07abf80 RCX: 00007f5bd07a80c0 [ 3105.017885][T31927] RDX: 00007f5bd07a80c0 RSI: 0000000000000080 RDI: 00007f5bd07abf80 [ 3105.017897][T31927] RBP: 00007f5bd07abf80 R08: 00007fffe753d080 R09: 0000000000000000 [ 3105.017908][T31927] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00000000002f5fec [ 3105.017920][T31927] R13: 00007fffe74b1860 R14: 00007f5bd07abf80 R15: 0000000000000032 [ 3105.017945][T31927] [ 3105.253331][T31927] memory: usage 307200kB, limit 307200kB, failcnt 27052 [ 3105.266672][T31927] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3105.286353][T31927] Memory cgroup stats for /syz2: [ 3105.287276][T31927] anon 110592 [ 3105.287276][T31927] file 8388608 [ 3105.287276][T31927] kernel 306061312 [ 3105.287276][T31927] kernel_stack 65536 [ 3105.287276][T31927] pagetables 69632 [ 3105.287276][T31927] sec_pagetables 0 [ 3105.287276][T31927] percpu 5294976 [ 3105.287276][T31927] sock 0 [ 3105.287276][T31927] vmalloc 16384 [ 3105.287276][T31927] shmem 8380416 [ 3105.287276][T31927] zswap 0 [ 3105.287276][T31927] zswapped 0 [ 3105.287276][T31927] file_mapped 286720 [ 3105.287276][T31927] file_dirty 8192 [ 3105.287276][T31927] file_writeback 0 [ 3105.287276][T31927] swapcached 0 [ 3105.287276][T31927] anon_thp 0 [ 3105.287276][T31927] file_thp 0 [ 3105.287276][T31927] shmem_thp 0 [ 3105.287276][T31927] inactive_anon 0 [ 3105.287276][T31927] active_anon 8491008 [ 3105.287276][T31927] inactive_file 8192 [ 3105.287276][T31927] active_file 0 [ 3105.287276][T31927] unevictable 0 [ 3105.287276][T31927] slab_reclaimable 39288 [ 3105.287276][T31927] slab_unreclaimable 300535960 [ 3105.287276][T31927] slab 300575248 [ 3105.287276][T31927] workingset_refault_anon 0 [ 3105.287276][T31927] workingset_refault_file 2 [ 3105.287276][T31927] workingset_activate_anon 0 [ 3105.287276][T31927] workingset_activate_file 0 [ 3105.287276][T31927] workingset_restore_anon 0 [ 3105.287276][T31927] workingset_restore_file 2 [ 3105.287276][T31927] workingset_nodereclaim 0 [ 3105.287276][T31927] pgscan 8434 [ 3105.287276][T31927] pgsteal 122 [ 3105.287276][T31927] pgscan_kswapd 106 [ 3105.287276][T31927] pgscan_direct 8328 [ 3105.287276][T31927] pgscan_khugepaged 0 [ 3105.287276][T31927] pgsteal_kswapd 97 [ 3105.287276][T31927] pgsteal_direct 25 [ 3105.287276][T31927] pgsteal_khugepaged 0 [ 3105.287276][T31927] pgfault 695958 [ 3105.287276][T31927] pgmajfault 0 [ 3105.287276][T31927] pgrefill 32855 [ 3105.287276][T31927] pgactivate 8312 [ 3105.287276][T31927] pgdeactivate 0 [ 3105.287276][T31927] pglazyfree 0 [ 3105.287276][T31927] pglazyfreed 0 [ 3105.287276][T31927] zswpin 0 [ 3105.287276][T31927] zswpout 0 15:37:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x3) 15:37:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3600}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3105.574684][T31927] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31927,uid=0 [ 3105.620782][T32044] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:17 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x4) [ 3105.740974][T31927] Memory cgroup out of memory: Killed process 31927 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3105.750968][T32046] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3105.789937][T31926] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3105.859276][T31926] CPU: 1 PID: 31926 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3105.869718][T31926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3105.879760][T31926] Call Trace: [ 3105.883025][T31926] [ 3105.885943][T31926] dump_stack_lvl+0x136/0x150 [ 3105.890613][T31926] dump_header+0x10a/0xd70 [ 3105.895016][T31926] oom_kill_process+0x25d/0x600 [ 3105.899873][T31926] out_of_memory+0x35c/0x1660 [ 3105.904624][T31926] ? find_held_lock+0x2d/0x110 [ 3105.909376][T31926] ? oom_killer_disable+0x2b0/0x2b0 [ 3105.914568][T31926] ? rcu_read_unlock+0x9/0x60 [ 3105.919268][T31926] ? find_held_lock+0x2d/0x110 [ 3105.924117][T31926] mem_cgroup_out_of_memory+0x206/0x270 [ 3105.929662][T31926] ? mem_cgroup_margin+0x130/0x130 [ 3105.934772][T31926] ? lock_downgrade+0x690/0x690 [ 3105.939638][T31926] try_charge_memcg+0xf99/0x13a0 [ 3105.944585][T31926] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3105.950586][T31926] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3105.956301][T31926] ? lock_downgrade+0x690/0x690 [ 3105.961134][T31926] ? lock_downgrade+0x690/0x690 [ 3105.965980][T31926] ? rcu_read_unlock+0x9/0x60 [ 3105.970665][T31926] obj_cgroup_charge+0x2af/0x5e0 [ 3105.975612][T31926] ? copy_process+0x3c0/0x75c0 [ 3105.980375][T31926] kmem_cache_alloc_node+0xa8/0x3e0 [ 3105.985666][T31926] copy_process+0x3c0/0x75c0 [ 3105.990258][T31926] ? pidfd_prepare+0x80/0x80 [ 3105.994830][T31926] ? lock_downgrade+0x690/0x690 [ 3105.999660][T31926] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3106.005624][T31926] ? folio_add_lru+0x47f/0x7c0 [ 3106.010369][T31926] kernel_clone+0xeb/0x890 [ 3106.014785][T31926] ? create_io_thread+0xe0/0xe0 [ 3106.019664][T31926] ? find_held_lock+0x2d/0x110 [ 3106.024426][T31926] ? find_held_lock+0x2d/0x110 [ 3106.029189][T31926] __do_sys_clone+0xba/0x100 [ 3106.033778][T31926] ? kernel_clone+0x890/0x890 [ 3106.038464][T31926] ? syscall_enter_from_user_mode+0x26/0x80 [ 3106.044438][T31926] do_syscall_64+0x39/0xb0 [ 3106.048855][T31926] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3106.054732][T31926] RIP: 0033:0x7f5d2ac8d591 [ 3106.059124][T31926] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3106.078716][T31926] RSP: 002b:00007ffc24e00338 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3106.087126][T31926] RAX: ffffffffffffffda RBX: 00007f5d2b9ec700 RCX: 00007f5d2ac8d591 [ 3106.095086][T31926] RDX: 00007f5d2b9ec9d0 RSI: 00007f5d2b9ec2f0 RDI: 00000000003d0f00 [ 3106.103035][T31926] RBP: 00007ffc24e00580 R08: 00007f5d2b9ec700 R09: 00007f5d2b9ec700 [ 3106.110991][T31926] R10: 00007f5d2b9ec9d0 R11: 0000000000000206 R12: 00007ffc24e003ee [ 3106.118953][T31926] R13: 00007ffc24e003ef R14: 00007f5d2b9ec300 R15: 0000000000022000 [ 3106.126933][T31926] [ 3106.162987][T31926] memory: usage 307196kB, limit 307200kB, failcnt 27561 [ 3106.169966][T31926] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3106.200295][T31926] Memory cgroup stats for /syz1: [ 3106.200436][T31926] anon 442368 [ 3106.200436][T31926] file 262144 [ 3106.200436][T31926] kernel 313864192 [ 3106.200436][T31926] kernel_stack 163840 [ 3106.200436][T31926] pagetables 258048 [ 3106.200436][T31926] sec_pagetables 0 [ 3106.200436][T31926] percpu 5421792 [ 3106.200436][T31926] sock 0 [ 3106.200436][T31926] vmalloc 0 [ 3106.200436][T31926] shmem 258048 [ 3106.200436][T31926] zswap 0 [ 3106.200436][T31926] zswapped 0 [ 3106.200436][T31926] file_mapped 241664 [ 3106.200436][T31926] file_dirty 4096 [ 3106.200436][T31926] file_writeback 0 [ 3106.200436][T31926] swapcached 0 [ 3106.200436][T31926] anon_thp 0 [ 3106.200436][T31926] file_thp 0 [ 3106.200436][T31926] shmem_thp 0 [ 3106.200436][T31926] inactive_anon 573440 [ 3106.200436][T31926] active_anon 126976 [ 3106.200436][T31926] inactive_file 0 [ 3106.200436][T31926] active_file 4096 [ 3106.200436][T31926] unevictable 0 [ 3106.200436][T31926] slab_reclaimable 34328 [ 3106.200436][T31926] slab_unreclaimable 307901752 [ 3106.200436][T31926] slab 307936080 [ 3106.200436][T31926] workingset_refault_anon 0 [ 3106.200436][T31926] workingset_refault_file 2 [ 3106.200436][T31926] workingset_activate_anon 0 [ 3106.200436][T31926] workingset_activate_file 0 [ 3106.200436][T31926] workingset_restore_anon 0 [ 3106.200436][T31926] workingset_restore_file 2 [ 3106.200436][T31926] workingset_nodereclaim 0 [ 3106.200436][T31926] pgscan 4642 [ 3106.200436][T31926] pgsteal 107 [ 3106.200436][T31926] pgscan_kswapd 92 [ 3106.200436][T31926] pgscan_direct 4550 [ 3106.200436][T31926] pgscan_khugepaged 0 [ 3106.200436][T31926] pgsteal_kswapd 88 [ 3106.200436][T31926] pgsteal_direct 19 [ 3106.200436][T31926] pgsteal_khugepaged 0 [ 3106.200436][T31926] pgfault 568359 [ 3106.200436][T31926] pgmajfault 2 [ 3106.200436][T31926] pgrefill 16901 [ 3106.200436][T31926] pgactivate 4535 [ 3106.200436][T31926] pgdeactivate 0 [ 3106.200436][T31926] pglazyfree 0 [ 3106.200436][T31926] pglazyfreed 0 [ 3106.200436][T31926] zswpin 0 [ 3106.200436][T31926] zswpout 0 [ 3106.502356][T31926] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=31926,uid=0 [ 3106.532792][T31926] Memory cgroup out of memory: Killed process 31926 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3106.594045][T31938] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3106.601064][T32148] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3106.673750][T31938] CPU: 0 PID: 31938 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3106.684178][T31938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3106.694236][T31938] Call Trace: [ 3106.697508][T31938] [ 3106.700436][T31938] dump_stack_lvl+0x136/0x150 [ 3106.705175][T31938] dump_header+0x10a/0xd70 [ 3106.709591][T31938] oom_kill_process+0x25d/0x600 [ 3106.714441][T31938] out_of_memory+0x35c/0x1660 [ 3106.719121][T31938] ? oom_killer_disable+0x2b0/0x2b0 [ 3106.724318][T31938] ? rcu_read_unlock+0x9/0x60 [ 3106.728988][T31938] ? find_held_lock+0x2d/0x110 [ 3106.733743][T31938] mem_cgroup_out_of_memory+0x206/0x270 [ 3106.739283][T31938] ? mem_cgroup_margin+0x130/0x130 [ 3106.744387][T31938] ? lock_downgrade+0x690/0x690 [ 3106.749244][T31938] try_charge_memcg+0xf99/0x13a0 [ 3106.754181][T31938] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3106.760175][T31938] ? rcu_read_unlock+0x9/0x60 [ 3106.764843][T31938] ? lock_downgrade+0x690/0x690 [ 3106.769784][T31938] charge_memcg+0x90/0x3b0 [ 3106.774198][T31938] __mem_cgroup_charge+0x2b/0x90 [ 3106.779122][T31938] __handle_mm_fault+0x2296/0x41c0 [ 3106.784228][T31938] ? vm_iomap_memory+0x190/0x190 [ 3106.789152][T31938] ? mas_walk+0x58f/0x730 [ 3106.793484][T31938] ? numa_migrate_prep+0x3a0/0x3a0 [ 3106.798591][T31938] handle_mm_fault+0x2af/0x9f0 [ 3106.803351][T31938] do_user_addr_fault+0x2ca/0x1210 [ 3106.808459][T31938] ? rcu_is_watching+0x12/0xb0 [ 3106.813222][T31938] exc_page_fault+0x98/0x170 [ 3106.817808][T31938] asm_exc_page_fault+0x26/0x30 [ 3106.822656][T31938] RIP: 0033:0x7fcdfee3e171 [ 3106.827059][T31938] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3106.846749][T31938] RSP: 002b:00007fcdffb68000 EFLAGS: 00010206 [ 3106.852804][T31938] RAX: 0000000000000001 RBX: 00007fcdffb680f0 RCX: 0000000000000000 [ 3106.860761][T31938] RDX: 0000000000000020 RSI: 00007fcdffb68140 RDI: 0000000000000004 [ 3106.868806][T31938] RBP: 0000000000000000 R08: 00007fcdffb68054 R09: 000000000000000c [ 3106.876762][T31938] R10: 0000000000000000 R11: 00000000200003cf R12: 00007fcdffb680a8 [ 3106.884809][T31938] R13: 00007fcdffb68140 R14: 0000000000000004 R15: 0000000000000000 [ 3106.892778][T31938] [ 3107.040938][T31938] memory: usage 307184kB, limit 307200kB, failcnt 39063 [ 3107.051221][T31938] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3107.080981][T31938] Memory cgroup stats for /syz4: [ 3107.081151][T31938] anon 2138112 [ 3107.081151][T31938] file 7716864 [ 3107.081151][T31938] kernel 304701440 [ 3107.081151][T31938] kernel_stack 688128 [ 3107.081151][T31938] pagetables 1171456 [ 3107.081151][T31938] sec_pagetables 0 [ 3107.081151][T31938] percpu 5219168 [ 3107.081151][T31938] sock 0 [ 3107.081151][T31938] vmalloc 8192 [ 3107.081151][T31938] shmem 7716864 [ 3107.081151][T31938] zswap 0 [ 3107.081151][T31938] zswapped 0 [ 3107.081151][T31938] file_mapped 196608 [ 3107.081151][T31938] file_dirty 0 [ 3107.081151][T31938] file_writeback 0 [ 3107.081151][T31938] swapcached 0 [ 3107.081151][T31938] anon_thp 0 [ 3107.081151][T31938] file_thp 0 [ 3107.081151][T31938] shmem_thp 0 [ 3107.081151][T31938] inactive_anon 9596928 [ 3107.081151][T31938] active_anon 258048 [ 3107.081151][T31938] inactive_file 0 [ 3107.081151][T31938] active_file 0 [ 3107.081151][T31938] unevictable 0 [ 3107.081151][T31938] slab_reclaimable 172672 [ 3107.081151][T31938] slab_unreclaimable 297105376 [ 3107.081151][T31938] slab 297278048 [ 3107.081151][T31938] workingset_refault_anon 0 [ 3107.081151][T31938] workingset_refault_file 0 [ 3107.081151][T31938] workingset_activate_anon 0 [ 3107.081151][T31938] workingset_activate_file 0 [ 3107.081151][T31938] workingset_restore_anon 0 [ 3107.081151][T31938] workingset_restore_file 0 [ 3107.081151][T31938] workingset_nodereclaim 0 [ 3107.081151][T31938] pgscan 116 [ 3107.081151][T31938] pgsteal 111 [ 3107.081151][T31938] pgscan_kswapd 99 [ 3107.081151][T31938] pgscan_direct 17 [ 3107.081151][T31938] pgscan_khugepaged 0 [ 3107.081151][T31938] pgsteal_kswapd 97 [ 3107.081151][T31938] pgsteal_direct 14 [ 3107.081151][T31938] pgsteal_khugepaged 0 [ 3107.081151][T31938] pgfault 696799 [ 3107.081151][T31938] pgmajfault 6 [ 3107.081151][T31938] pgrefill 593 [ 3107.081151][T31938] pgactivate 5 [ 3107.081151][T31938] pgdeactivate 0 [ 3107.081151][T31938] pglazyfree 0 [ 3107.081151][T31938] pglazyfreed 0 [ 3107.081151][T31938] zswpin 0 [ 3107.081151][T31938] zswpout 0 [ 3107.353851][T31938] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=31931,uid=0 [ 3107.392035][T31938] Memory cgroup out of memory: Killed process 31931 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:37:19 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xac940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:19 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:19 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0xf00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:19 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x5) 15:37:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x92030000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:19 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3800}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3107.534188][T32151] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:19 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3107.654149][T32154] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3107.690107][T32154] CPU: 1 PID: 32154 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3107.700547][T32154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3107.710586][T32154] Call Trace: [ 3107.713850][T32154] [ 3107.716767][T32154] dump_stack_lvl+0x136/0x150 [ 3107.721446][T32154] dump_header+0x10a/0xd70 [ 3107.725853][T32154] oom_kill_process+0x25d/0x600 [ 3107.730695][T32154] out_of_memory+0x35c/0x1660 [ 3107.735448][T32154] ? find_held_lock+0x2d/0x110 [ 3107.740201][T32154] ? oom_killer_disable+0x2b0/0x2b0 [ 3107.745384][T32154] ? rcu_read_unlock+0x9/0x60 [ 3107.750046][T32154] ? find_held_lock+0x2d/0x110 [ 3107.754804][T32154] mem_cgroup_out_of_memory+0x206/0x270 [ 3107.760340][T32154] ? mem_cgroup_margin+0x130/0x130 [ 3107.765457][T32154] ? lock_downgrade+0x690/0x690 [ 3107.770324][T32154] try_charge_memcg+0xf99/0x13a0 [ 3107.775260][T32154] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3107.781235][T32154] ? rcu_read_unlock+0x9/0x60 [ 3107.785900][T32154] ? lock_downgrade+0x690/0x690 [ 3107.790746][T32154] charge_memcg+0x90/0x3b0 [ 3107.795176][T32154] __mem_cgroup_charge+0x2b/0x90 [ 3107.800101][T32154] do_wp_page+0x8ea/0x33c0 [ 3107.804508][T32154] ? lock_sync+0x190/0x190 [ 3107.808917][T32154] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3107.814277][T32154] ? do_raw_spin_lock+0x124/0x2b0 [ 3107.819294][T32154] ? spin_bug+0x1c0/0x1c0 [ 3107.823620][T32154] __handle_mm_fault+0x1635/0x41c0 [ 3107.828722][T32154] ? vm_iomap_memory+0x190/0x190 [ 3107.833645][T32154] ? mas_walk+0x58f/0x730 [ 3107.837975][T32154] ? numa_migrate_prep+0x3a0/0x3a0 [ 3107.843157][T32154] ? do_user_addr_fault+0x367/0x1210 [ 3107.848435][T32154] handle_mm_fault+0x2af/0x9f0 [ 3107.853189][T32154] do_user_addr_fault+0x2ca/0x1210 [ 3107.858293][T32154] ? rcu_is_watching+0x12/0xb0 [ 3107.863141][T32154] exc_page_fault+0x98/0x170 [ 3107.867722][T32154] asm_exc_page_fault+0x26/0x30 [ 3107.872566][T32154] RIP: 0033:0x7f5bd0639610 [ 3107.876968][T32154] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3107.896564][T32154] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3107.902618][T32154] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3107.910574][T32154] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3107.918531][T32154] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3107.926488][T32154] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3107.934443][T32154] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3107.942401][T32154] ? __sock_create+0x46/0x850 [ 3107.947080][T32154] [ 3107.979007][T32159] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3108.060855][T32154] memory: usage 307200kB, limit 307200kB, failcnt 27095 [ 3108.072669][T32154] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:37:20 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3108.120830][T32154] Memory cgroup stats for /syz2: [ 3108.121488][T32154] anon 122880 [ 3108.121488][T32154] file 8388608 [ 3108.121488][T32154] kernel 306053120 [ 3108.121488][T32154] kernel_stack 65536 [ 3108.121488][T32154] pagetables 69632 [ 3108.121488][T32154] sec_pagetables 0 [ 3108.121488][T32154] percpu 5294976 [ 3108.121488][T32154] sock 0 [ 3108.121488][T32154] vmalloc 16384 [ 3108.121488][T32154] shmem 8380416 [ 3108.121488][T32154] zswap 0 [ 3108.121488][T32154] zswapped 0 [ 3108.121488][T32154] file_mapped 286720 [ 3108.121488][T32154] file_dirty 8192 [ 3108.121488][T32154] file_writeback 0 [ 3108.121488][T32154] swapcached 0 [ 3108.121488][T32154] anon_thp 0 [ 3108.121488][T32154] file_thp 0 [ 3108.121488][T32154] shmem_thp 0 [ 3108.121488][T32154] inactive_anon 0 [ 3108.121488][T32154] active_anon 8503296 [ 3108.121488][T32154] inactive_file 8192 [ 3108.121488][T32154] active_file 0 [ 3108.121488][T32154] unevictable 0 [ 3108.121488][T32154] slab_reclaimable 39288 [ 3108.121488][T32154] slab_unreclaimable 300534224 [ 3108.121488][T32154] slab 300573512 [ 3108.121488][T32154] workingset_refault_anon 0 [ 3108.121488][T32154] workingset_refault_file 2 [ 3108.121488][T32154] workingset_activate_anon 0 [ 3108.121488][T32154] workingset_activate_file 0 [ 3108.121488][T32154] workingset_restore_anon 0 [ 3108.121488][T32154] workingset_restore_file 2 [ 3108.121488][T32154] workingset_nodereclaim 0 [ 3108.121488][T32154] pgscan 8434 [ 3108.121488][T32154] pgsteal 122 [ 3108.121488][T32154] pgscan_kswapd 106 [ 3108.121488][T32154] pgscan_direct 8328 [ 3108.121488][T32154] pgscan_khugepaged 0 [ 3108.121488][T32154] pgsteal_kswapd 97 [ 3108.121488][T32154] pgsteal_direct 25 [ 3108.121488][T32154] pgsteal_khugepaged 0 [ 3108.121488][T32154] pgfault 696006 [ 3108.121488][T32154] pgmajfault 0 [ 3108.121488][T32154] pgrefill 32927 [ 3108.121488][T32154] pgactivate 8312 [ 3108.121488][T32154] pgdeactivate 0 [ 3108.121488][T32154] pglazyfree 0 [ 3108.121488][T32154] pglazyfreed 0 [ 3108.121488][T32154] zswpin 0 [ 3108.121488][T32154] zswpout 0 15:37:20 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:20 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x6) [ 3108.439783][T32154] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32154,uid=0 [ 3108.471349][T32154] Memory cgroup out of memory: Killed process 32154 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:37:20 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xab940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3108.520083][T32272] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3108.543047][T32156] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3108.624017][T32156] CPU: 1 PID: 32156 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3108.634463][T32156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3108.644520][T32156] Call Trace: [ 3108.647806][T32156] [ 3108.650739][T32156] dump_stack_lvl+0x136/0x150 [ 3108.655435][T32156] dump_header+0x10a/0xd70 [ 3108.659857][T32156] oom_kill_process+0x25d/0x600 [ 3108.664713][T32156] out_of_memory+0x35c/0x1660 [ 3108.669407][T32156] ? oom_killer_disable+0x2b0/0x2b0 [ 3108.674610][T32156] ? rcu_read_unlock+0x9/0x60 [ 3108.679293][T32156] ? find_held_lock+0x2d/0x110 [ 3108.684066][T32156] mem_cgroup_out_of_memory+0x206/0x270 [ 3108.689619][T32156] ? mem_cgroup_margin+0x130/0x130 [ 3108.694731][T32156] ? lock_downgrade+0x690/0x690 [ 3108.699596][T32156] try_charge_memcg+0xf99/0x13a0 [ 3108.704548][T32156] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3108.710547][T32156] ? rcu_read_unlock+0x9/0x60 [ 3108.715231][T32156] ? lock_downgrade+0x690/0x690 [ 3108.720082][T32156] charge_memcg+0x90/0x3b0 [ 3108.724494][T32156] __mem_cgroup_charge+0x2b/0x90 [ 3108.729419][T32156] __handle_mm_fault+0x2296/0x41c0 [ 3108.734524][T32156] ? vm_iomap_memory+0x190/0x190 [ 3108.739459][T32156] ? mas_walk+0x58f/0x730 [ 3108.743801][T32156] ? numa_migrate_prep+0x3a0/0x3a0 [ 3108.748916][T32156] handle_mm_fault+0x2af/0x9f0 [ 3108.753679][T32156] do_user_addr_fault+0x2ca/0x1210 [ 3108.758784][T32156] ? rcu_is_watching+0x12/0xb0 [ 3108.763567][T32156] exc_page_fault+0x98/0x170 [ 3108.768152][T32156] asm_exc_page_fault+0x26/0x30 [ 3108.772999][T32156] RIP: 0033:0x7f5d2ac30eac [ 3108.777400][T32156] Code: c0 e8 98 5a ff ff b8 ff ff ff ff e9 33 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 54 31 c0 55 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 90 6b 0a 00 48 89 34 24 48 8b 14 24 48 8b [ 3108.797020][T32156] RSP: 002b:00007f5d2ba0c0e0 EFLAGS: 00010202 [ 3108.803105][T32156] RAX: 0000000000000000 RBX: 00007f5d2adabf80 RCX: 0000000000000000 [ 3108.811077][T32156] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000200003c0 [ 3108.819046][T32156] RBP: 00007f5d2ace7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3108.827008][T32156] R10: 00000000200003c0 R11: 0000000000000000 R12: 0000000000000000 [ 3108.835054][T32156] R13: 00007ffc24e003ef R14: 00007f5d2ba0d300 R15: 0000000000022000 [ 3108.843207][T32156] [ 3108.932097][T32156] memory: usage 307184kB, limit 307200kB, failcnt 27708 [ 3108.940757][T32277] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3108.952000][T32156] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3108.959266][T32156] Memory cgroup stats for /syz1: [ 3108.959436][T32156] anon 430080 [ 3108.959436][T32156] file 262144 [ 3108.959436][T32156] kernel 313864192 [ 3108.959436][T32156] kernel_stack 163840 [ 3108.959436][T32156] pagetables 258048 [ 3108.959436][T32156] sec_pagetables 0 [ 3108.959436][T32156] percpu 5421792 [ 3108.959436][T32156] sock 0 [ 3108.959436][T32156] vmalloc 0 [ 3108.959436][T32156] shmem 258048 [ 3108.959436][T32156] zswap 0 [ 3108.959436][T32156] zswapped 0 [ 3108.959436][T32156] file_mapped 241664 [ 3108.959436][T32156] file_dirty 4096 [ 3108.959436][T32156] file_writeback 0 [ 3108.959436][T32156] swapcached 0 [ 3108.959436][T32156] anon_thp 0 [ 3108.959436][T32156] file_thp 0 [ 3108.959436][T32156] shmem_thp 0 [ 3108.959436][T32156] inactive_anon 0 [ 3108.959436][T32156] active_anon 688128 [ 3108.959436][T32156] inactive_file 0 [ 3108.959436][T32156] active_file 4096 [ 3108.959436][T32156] unevictable 0 [ 3108.959436][T32156] slab_reclaimable 34328 [ 3108.959436][T32156] slab_unreclaimable 307902056 [ 3108.959436][T32156] slab 307936384 [ 3108.959436][T32156] workingset_refault_anon 0 [ 3108.959436][T32156] workingset_refault_file 2 [ 3108.959436][T32156] workingset_activate_anon 0 [ 3108.959436][T32156] workingset_activate_file 0 [ 3108.959436][T32156] workingset_restore_anon 0 [ 3108.959436][T32156] workingset_restore_file 2 [ 3108.959436][T32156] workingset_nodereclaim 0 [ 3108.959436][T32156] pgscan 4642 [ 3108.959436][T32156] pgsteal 107 [ 3108.959436][T32156] pgscan_kswapd 92 [ 3108.959436][T32156] pgscan_direct 4550 [ 3108.959436][T32156] pgscan_khugepaged 0 [ 3108.959436][T32156] pgsteal_kswapd 88 [ 3108.959436][T32156] pgsteal_direct 19 [ 3108.959436][T32156] pgsteal_khugepaged 0 [ 3108.959436][T32156] pgfault 568420 [ 3108.959436][T32156] pgmajfault 2 [ 3108.959436][T32156] pgrefill 17016 [ 3108.959436][T32156] pgactivate 4535 [ 3108.959436][T32156] pgdeactivate 0 [ 3108.959436][T32156] pglazyfree 0 [ 3108.959436][T32156] pglazyfreed 0 [ 3108.959436][T32156] zswpin 0 [ 3108.959436][T32156] zswpout 0 [ 3109.242585][T32156] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=32155,uid=0 [ 3109.313551][T32156] Memory cgroup out of memory: Killed process 32155 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3109.355100][T32162] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 15:37:21 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xad940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:21 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1100}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:21 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x7) 15:37:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3900}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:21 executing program 5: r0 = syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x808008, &(0x7f0000000000)={[{@force}, {@nls={'nls', 0x3d, 'macturkish'}}]}, 0x0, 0x655, &(0x7f0000000a00)="$eJzs3U1sHGcZB/D/rJ21N0iu26YtICSsRoqgEYntpSRIoAaEkA8VisSlVytxGisbt7Jd5FYIXD6vcOuhhyIUDj0hDkhFHCrKGQmJExcfuEXi7gPCaGZn1+vY8VfSrBN+P2n2fWfej3nm8czs7FqWA/zfmnstp9ZTZO78q2vl+saddmfjTvt2r55kLEkjGe0WKZaS4pPkSrpLPldurKcr7refl+9+9P659z5sd9dG66Xq39hv3C579lyvl0wlGanLB7Bjvms753vl6NMV3aDqhJ3tJQ6GbWuX9aMMP/x1C5xY229RO00mp5OM188Bqe8OjUcb3XH8+l/7tR7pLgcAAACPqac2s5m1TAw7DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHic1P//v6iXRq8+laL3//+b1bZm1b057Hgf1MfDDgAAAAAAAAAAHoIvbmYza5norW8V1e/8X6xWzlSvn8lbWclClnMha5nPalaznJkkk1X7u9Vrc21+dXV55n4jt7a2flyPnO2PzMDI2V2hFftHvjX2wAcPAAAAAAAAAE+On2Ru+/f/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwEhTJSLeoljO9+mQao0nGkzTLfuvJn3v1x9nHww4AAAAAHoGnNrOZtUwU/+2ubxXVZ/7nq8/943krS1nNYlbTyUKuV98FdD/1N/6+3u5s3GnfLpfd837r30cKo5ox3e8e9t7zdNXjubr/epLv5vs5n6lczXIW84PMZzULmcp3qtp8ikxWc/3zm0kd5654x8qXKztCuXpQrJ+tImnlRhar2C7kWv9rkEavz8De/thM7snQu2V2ildqh8zR9bosfwa/qsuTYbI68lP9jEzXuS+z8fTG/XJfOeJ5cu+eZtLofwd1Zr89NY6X89N1Web6Fyc657Np9M++5/fPefLlf/zl6s3O0q2bN1bOn5xDOqZ7M9HuZ2I8Lxw+E+uHy8TIXhvHH/woHoZmnY1ujNt3y2TuwLvli9XYiSzme3kj17OQS5nOTC5nOl/PbNoDZ1grz+2f1+paaxztWjv7pbrSSvLLujzYozh9y7w+PZDXwTvdZNU2uGX7OnzmEFk64h1p9PN1pdzHTwfecYbv3kzMDGTi2f0z8Zut8nWls3Rr+eb8m4fc37m6LM+An+88E377MI7n+Mrz5Znyh1Wt7Tw7yrZn92ybqdrO9Nsau9qe67cddKU262e43TN1216o2v6z687ZrJ9veuN2POXkjXT6TyEAnGCnXzrdbN1t/a31QetnrZutV8e/PXZ57AvNnPrr6J9Gft/4XeMbxUv5ID/KxLAjBQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJ8HK2+/cmu90FpZPYCWNExHGk1EZS3LUUcXoww3jD0lORjZU9qy0sr1l2Hcm4NN2cfX2mxdX3n7nK4u3519feH1hafbypcuX2l+b+erFG4udhenu67CjBD4N2+/+w44EAAAAAAAAAAAAOKxH8XcFwz5GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PE291pOrafIzPSF6XJ94067Uy69+nbP0SSNJMUPk+KT5Eq6SyYHpivut5+X7370/rn3PmxvzzXa69/Yb9zhrNdLppKM1OXBxg4137XB+RrHCa/oH2GZsLO9xMGw/S8AAP//DDUP7Q==") ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, 0x0) [ 3109.555602][T32383] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3109.576403][T32381] loop5: detected capacity change from 0 to 1024 15:37:21 executing program 3: connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:21 executing program 3: connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:21 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x899e040000000000}, 0x0) [ 3109.710073][T32386] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3109.782658][T32386] CPU: 1 PID: 32386 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3109.793102][T32386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3109.803157][T32386] Call Trace: [ 3109.806430][T32386] [ 3109.809384][T32386] dump_stack_lvl+0x136/0x150 [ 3109.814065][T32386] dump_header+0x10a/0xd70 [ 3109.818475][T32386] oom_kill_process+0x25d/0x600 [ 3109.823321][T32386] out_of_memory+0x35c/0x1660 [ 3109.827991][T32386] ? find_held_lock+0x2d/0x110 [ 3109.832750][T32386] ? oom_killer_disable+0x2b0/0x2b0 [ 3109.837942][T32386] ? rcu_read_unlock+0x9/0x60 [ 3109.842616][T32386] ? find_held_lock+0x2d/0x110 [ 3109.847376][T32386] mem_cgroup_out_of_memory+0x206/0x270 [ 3109.852917][T32386] ? mem_cgroup_margin+0x130/0x130 [ 3109.858024][T32386] ? lock_downgrade+0x690/0x690 [ 3109.862881][T32386] try_charge_memcg+0xf99/0x13a0 [ 3109.867826][T32386] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3109.873804][T32386] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3109.879521][T32386] ? lock_downgrade+0x690/0x690 [ 3109.884374][T32386] ? lock_downgrade+0x690/0x690 [ 3109.889228][T32386] obj_cgroup_charge+0x2af/0x5e0 [ 3109.894169][T32386] ? sock_alloc_inode+0x27/0x1d0 [ 3109.899097][T32386] kmem_cache_alloc_lru+0x142/0x600 [ 3109.904303][T32386] sock_alloc_inode+0x27/0x1d0 [ 3109.909063][T32386] ? sock_free_inode+0x30/0x30 [ 3109.913829][T32386] alloc_inode+0x61/0x230 [ 3109.918168][T32386] new_inode_pseudo+0x17/0x80 [ 3109.922839][T32386] sock_alloc+0x40/0x270 [ 3109.927077][T32386] __sock_create+0xbd/0x850 [ 3109.931575][T32386] __sys_socket+0x133/0x250 [ 3109.936069][T32386] ? __sys_socket_file+0x1d0/0x1d0 [ 3109.941170][T32386] ? kcov_ioctl+0x384/0x6f0 [ 3109.945759][T32386] __x64_sys_socket+0x73/0xb0 [ 3109.950425][T32386] do_syscall_64+0x39/0xb0 [ 3109.954840][T32386] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3109.960730][T32386] RIP: 0033:0x7f5d2ac8c169 [ 3109.965130][T32386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3109.984724][T32386] RSP: 002b:00007f5d2ba0d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 3109.993129][T32386] RAX: ffffffffffffffda RBX: 00007f5d2adabf80 RCX: 00007f5d2ac8c169 [ 3110.001092][T32386] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 3110.009053][T32386] RBP: 00007f5d2ace7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3110.017011][T32386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3110.025058][T32386] R13: 00007ffc24e003ef R14: 00007f5d2ba0d300 R15: 0000000000022000 [ 3110.033030][T32386] 15:37:22 executing program 3: connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3110.172176][T32386] memory: usage 307200kB, limit 307200kB, failcnt 27778 [ 3110.190311][T32386] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3110.206714][T32386] Memory cgroup stats for /syz1: [ 3110.206862][T32386] anon 393216 [ 3110.206862][T32386] file 262144 [ 3110.206862][T32386] kernel 313917440 [ 3110.206862][T32386] kernel_stack 163840 [ 3110.206862][T32386] pagetables 249856 [ 3110.206862][T32386] sec_pagetables 0 [ 3110.206862][T32386] percpu 5421856 [ 3110.206862][T32386] sock 0 [ 3110.206862][T32386] vmalloc 0 [ 3110.206862][T32386] shmem 258048 [ 3110.206862][T32386] zswap 0 [ 3110.206862][T32386] zswapped 0 [ 3110.206862][T32386] file_mapped 241664 [ 3110.206862][T32386] file_dirty 4096 [ 3110.206862][T32386] file_writeback 0 [ 3110.206862][T32386] swapcached 0 [ 3110.206862][T32386] anon_thp 0 [ 3110.206862][T32386] file_thp 0 [ 3110.206862][T32386] shmem_thp 0 [ 3110.206862][T32386] inactive_anon 573440 [ 3110.206862][T32386] active_anon 77824 [ 3110.206862][T32386] inactive_file 0 [ 3110.206862][T32386] active_file 4096 [ 3110.206862][T32386] unevictable 0 [ 3110.206862][T32386] slab_reclaimable 43048 [ 3110.206862][T32386] slab_unreclaimable 307920304 [ 3110.206862][T32386] slab 307963352 [ 3110.206862][T32386] workingset_refault_anon 0 [ 3110.206862][T32386] workingset_refault_file 2 [ 3110.206862][T32386] workingset_activate_anon 0 [ 3110.206862][T32386] workingset_activate_file 0 [ 3110.206862][T32386] workingset_restore_anon 0 [ 3110.206862][T32386] workingset_restore_file 2 [ 3110.206862][T32386] workingset_nodereclaim 0 [ 3110.206862][T32386] pgscan 4642 [ 3110.206862][T32386] pgsteal 107 [ 3110.206862][T32386] pgscan_kswapd 92 [ 3110.206862][T32386] pgscan_direct 4550 [ 3110.206862][T32386] pgscan_khugepaged 0 [ 3110.206862][T32386] pgsteal_kswapd 88 [ 3110.206862][T32386] pgsteal_direct 19 [ 3110.206862][T32386] pgsteal_khugepaged 0 [ 3110.206862][T32386] pgfault 568467 [ 3110.206862][T32386] pgmajfault 2 [ 3110.206862][T32386] pgrefill 17077 [ 3110.206862][T32386] pgactivate 4535 [ 3110.206862][T32386] pgdeactivate 0 [ 3110.206862][T32386] pglazyfree 0 [ 3110.206862][T32386] pglazyfreed 0 [ 3110.206862][T32386] zswpin 0 [ 3110.206862][T32386] zswpout 0 [ 3110.262282][T32499] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x8) 15:37:22 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3110.560865][T32386] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=32384,uid=0 [ 3110.603622][T32386] Memory cgroup out of memory: Killed process 32384 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3110.731046][T32388] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3110.755437][T32388] CPU: 1 PID: 32388 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3110.765863][T32388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3110.776001][T32388] Call Trace: [ 3110.779265][T32388] [ 3110.782190][T32388] dump_stack_lvl+0x136/0x150 [ 3110.786875][T32388] dump_header+0x10a/0xd70 [ 3110.791282][T32388] oom_kill_process+0x25d/0x600 [ 3110.796148][T32388] out_of_memory+0x35c/0x1660 [ 3110.800894][T32388] ? oom_killer_disable+0x2b0/0x2b0 [ 3110.806086][T32388] ? rcu_read_unlock+0x9/0x60 [ 3110.810759][T32388] ? find_held_lock+0x2d/0x110 [ 3110.815522][T32388] mem_cgroup_out_of_memory+0x206/0x270 [ 3110.821157][T32388] ? mem_cgroup_margin+0x130/0x130 [ 3110.826354][T32388] ? lock_downgrade+0x690/0x690 [ 3110.831212][T32388] try_charge_memcg+0xf99/0x13a0 [ 3110.836152][T32388] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3110.842124][T32388] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3110.847836][T32388] ? lock_downgrade+0x690/0x690 [ 3110.852675][T32388] ? lock_downgrade+0x690/0x690 [ 3110.857522][T32388] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3110.863067][T32388] __alloc_pages+0x1f3/0x4a0 [ 3110.867648][T32388] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3110.874398][T32388] ? __lock_acquire+0xc17/0x5f30 [ 3110.879350][T32388] ? find_held_lock+0x2d/0x110 [ 3110.884103][T32388] alloc_pages+0x1aa/0x270 [ 3110.888509][T32388] __pmd_alloc+0x3f/0x5d0 [ 3110.892841][T32388] __handle_mm_fault+0x93e/0x41c0 [ 3110.897851][T32388] ? mt_find+0x3b9/0xa60 [ 3110.902096][T32388] ? vm_iomap_memory+0x190/0x190 [ 3110.907016][T32388] ? mas_find+0x200/0x200 [ 3110.911346][T32388] handle_mm_fault+0x2af/0x9f0 [ 3110.916095][T32388] do_user_addr_fault+0x51a/0x1210 [ 3110.921196][T32388] exc_page_fault+0x98/0x170 [ 3110.925774][T32388] asm_exc_page_fault+0x26/0x30 [ 3110.930616][T32388] RIP: 0033:0x7fcdfee86cc5 [ 3110.935011][T32388] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3110.954603][T32388] RSP: 002b:00007ffda41c1ea8 EFLAGS: 00010202 [ 3110.960651][T32388] RAX: 00000000200003c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3110.968607][T32388] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200003c0 [ 3110.976560][T32388] RBP: 00007ffda41c1f68 R08: 00007fcdfee00000 R09: 00007fcdfea00000 [ 3110.984517][T32388] R10: 00007fcdfea000c8 R11: 0000000000000246 R12: 00000000002f751c [ 3110.992469][T32388] R13: 00007ffda41c1f90 R14: 00007fcdfefac050 R15: 0000000000000032 [ 3111.000435][T32388] [ 3111.081246][T32388] memory: usage 307200kB, limit 307200kB, failcnt 39321 [ 3111.086207][T32604] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3111.093482][T32388] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3111.104446][T32388] Memory cgroup stats for /syz4: [ 3111.104696][T32388] anon 2129920 [ 3111.104696][T32388] file 7716864 [ 3111.104696][T32388] kernel 304726016 [ 3111.104696][T32388] kernel_stack 720896 [ 3111.104696][T32388] pagetables 1163264 [ 3111.104696][T32388] sec_pagetables 0 [ 3111.104696][T32388] percpu 5219168 [ 3111.104696][T32388] sock 0 [ 3111.104696][T32388] vmalloc 8192 [ 3111.104696][T32388] shmem 7716864 [ 3111.104696][T32388] zswap 0 [ 3111.104696][T32388] zswapped 0 [ 3111.104696][T32388] file_mapped 196608 [ 3111.104696][T32388] file_dirty 0 [ 3111.104696][T32388] file_writeback 0 [ 3111.104696][T32388] swapcached 0 [ 3111.104696][T32388] anon_thp 0 [ 3111.104696][T32388] file_thp 0 [ 3111.104696][T32388] shmem_thp 0 [ 3111.104696][T32388] inactive_anon 9596928 [ 3111.104696][T32388] active_anon 249856 [ 3111.104696][T32388] inactive_file 0 [ 3111.104696][T32388] active_file 0 [ 3111.104696][T32388] unevictable 0 [ 3111.104696][T32388] slab_reclaimable 172672 [ 3111.104696][T32388] slab_unreclaimable 297105000 [ 3111.104696][T32388] slab 297277672 [ 3111.104696][T32388] workingset_refault_anon 0 [ 3111.104696][T32388] workingset_refault_file 0 [ 3111.104696][T32388] workingset_activate_anon 0 [ 3111.104696][T32388] workingset_activate_file 0 [ 3111.104696][T32388] workingset_restore_anon 0 [ 3111.104696][T32388] workingset_restore_file 0 [ 3111.104696][T32388] workingset_nodereclaim 0 [ 3111.104696][T32388] pgscan 116 [ 3111.104696][T32388] pgsteal 111 [ 3111.104696][T32388] pgscan_kswapd 99 [ 3111.104696][T32388] pgscan_direct 17 [ 3111.104696][T32388] pgscan_khugepaged 0 [ 3111.104696][T32388] pgsteal_kswapd 97 [ 3111.104696][T32388] pgsteal_direct 14 [ 3111.104696][T32388] pgsteal_khugepaged 0 [ 3111.104696][T32388] pgfault 696928 [ 3111.104696][T32388] pgmajfault 6 [ 3111.104696][T32388] pgrefill 593 [ 3111.104696][T32388] pgactivate 5 [ 3111.104696][T32388] pgdeactivate 0 [ 3111.104696][T32388] pglazyfree 0 [ 3111.104696][T32388] pglazyfreed 0 [ 3111.104696][T32388] zswpin 0 [ 3111.104696][T32388] zswpout 0 [ 3111.312293][T32388] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=32388,uid=0 [ 3111.353118][T32388] Memory cgroup out of memory: Killed process 32388 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3111.389762][T32378] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3111.409482][T32378] CPU: 0 PID: 32378 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3111.419900][T32378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3111.430032][T32378] Call Trace: [ 3111.433294][T32378] [ 3111.436208][T32378] dump_stack_lvl+0x136/0x150 [ 3111.440882][T32378] dump_header+0x10a/0xd70 [ 3111.445310][T32378] oom_kill_process+0x25d/0x600 [ 3111.450147][T32378] out_of_memory+0x35c/0x1660 [ 3111.454812][T32378] ? oom_killer_disable+0x2b0/0x2b0 [ 3111.459996][T32378] ? rcu_read_unlock+0x9/0x60 [ 3111.464659][T32378] ? find_held_lock+0x2d/0x110 [ 3111.469409][T32378] mem_cgroup_out_of_memory+0x206/0x270 [ 3111.474941][T32378] ? mem_cgroup_margin+0x130/0x130 [ 3111.480124][T32378] ? lock_downgrade+0x690/0x690 [ 3111.485058][T32378] try_charge_memcg+0xf99/0x13a0 [ 3111.489991][T32378] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3111.495968][T32378] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3111.501676][T32378] ? lock_downgrade+0x690/0x690 [ 3111.506517][T32378] ? lock_downgrade+0x690/0x690 [ 3111.511361][T32378] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3111.516898][T32378] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3111.523042][T32378] copy_process+0x4f9/0x75c0 [ 3111.527620][T32378] ? __lock_acquire+0xc17/0x5f30 [ 3111.532548][T32378] ? pidfd_prepare+0x80/0x80 [ 3111.537130][T32378] ? psi_memstall_leave+0x174/0x250 [ 3111.542312][T32378] ? lock_downgrade+0x690/0x690 [ 3111.547154][T32378] kernel_clone+0xeb/0x890 [ 3111.551564][T32378] ? create_io_thread+0xe0/0xe0 [ 3111.556403][T32378] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3111.562631][T32378] ? lock_downgrade+0x690/0x690 [ 3111.567475][T32378] __do_sys_clone+0xba/0x100 [ 3111.572052][T32378] ? kernel_clone+0x890/0x890 [ 3111.576723][T32378] ? syscall_enter_from_user_mode+0x26/0x80 [ 3111.582606][T32378] do_syscall_64+0x39/0xb0 [ 3111.587013][T32378] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3111.592897][T32378] RIP: 0033:0x7f5bd068d591 [ 3111.597296][T32378] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3111.616903][T32378] RSP: 002b:00007fffe74b1648 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3111.625299][T32378] RAX: ffffffffffffffda RBX: 00007f5bcf1fe700 RCX: 00007f5bd068d591 [ 3111.633254][T32378] RDX: 00007f5bcf1fe9d0 RSI: 00007f5bcf1fe2f0 RDI: 00000000003d0f00 [ 3111.641205][T32378] RBP: 00007fffe74b1890 R08: 00007f5bcf1fe700 R09: 00007f5bcf1fe700 [ 3111.649161][T32378] R10: 00007f5bcf1fe9d0 R11: 0000000000000206 R12: 00007fffe74b16fe [ 3111.657117][T32378] R13: 00007fffe74b16ff R14: 00007f5bcf1fe300 R15: 0000000000022000 [ 3111.665081][T32378] 15:37:23 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xae940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3111.812698][T32378] memory: usage 307200kB, limit 307200kB, failcnt 27212 [ 3111.831461][T32378] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3111.850395][T32378] Memory cgroup stats for /syz2: [ 3111.850543][T32378] anon 114688 [ 3111.850543][T32378] file 8388608 [ 3111.850543][T32378] kernel 306069504 [ 3111.850543][T32378] kernel_stack 65536 [ 3111.850543][T32378] pagetables 73728 [ 3111.850543][T32378] sec_pagetables 0 [ 3111.850543][T32378] percpu 5294912 [ 3111.850543][T32378] sock 0 [ 3111.850543][T32378] vmalloc 16384 [ 3111.850543][T32378] shmem 8380416 [ 3111.850543][T32378] zswap 0 [ 3111.850543][T32378] zswapped 0 [ 3111.850543][T32378] file_mapped 286720 [ 3111.850543][T32378] file_dirty 0 [ 3111.850543][T32378] file_writeback 0 [ 3111.850543][T32378] swapcached 0 [ 3111.850543][T32378] anon_thp 0 [ 3111.850543][T32378] file_thp 0 [ 3111.850543][T32378] shmem_thp 0 [ 3111.850543][T32378] inactive_anon 0 [ 3111.850543][T32378] active_anon 8495104 [ 3111.850543][T32378] inactive_file 0 [ 3111.850543][T32378] active_file 8192 [ 3111.850543][T32378] unevictable 0 [ 3111.850543][T32378] slab_reclaimable 39288 [ 3111.850543][T32378] slab_unreclaimable 300532984 [ 3111.850543][T32378] slab 300572272 [ 3111.850543][T32378] workingset_refault_anon 0 [ 3111.850543][T32378] workingset_refault_file 2 [ 3111.850543][T32378] workingset_activate_anon 0 [ 3111.850543][T32378] workingset_activate_file 0 [ 3111.850543][T32378] workingset_restore_anon 0 [ 3111.850543][T32378] workingset_restore_file 2 [ 3111.850543][T32378] workingset_nodereclaim 0 [ 3111.850543][T32378] pgscan 8484 [ 3111.850543][T32378] pgsteal 122 [ 3111.850543][T32378] pgscan_kswapd 106 [ 3111.850543][T32378] pgscan_direct 8378 [ 3111.850543][T32378] pgscan_khugepaged 0 [ 3111.850543][T32378] pgsteal_kswapd 97 [ 3111.850543][T32378] pgsteal_direct 25 [ 3111.850543][T32378] pgsteal_khugepaged 0 [ 3111.850543][T32378] pgfault 696051 [ 3111.850543][T32378] pgmajfault 0 [ 3111.850543][T32378] pgrefill 33025 [ 3111.850543][T32378] pgactivate 8362 [ 3111.850543][T32378] pgdeactivate 0 [ 3111.850543][T32378] pglazyfree 0 [ 3111.850543][T32378] pglazyfreed 0 [ 3111.850543][T32378] zswpin 0 [ 3111.850543][T32378] zswpout 0 [ 3112.123269][T32378] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32378,uid=0 [ 3112.162846][T32378] Memory cgroup out of memory: Killed process 32378 (syz-executor.2) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:37:24 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1200}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:24 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3a00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:24 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x9) 15:37:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x870a0000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3112.221586][T32607] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 15:37:24 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3112.415837][T32614] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3112.434942][T32614] CPU: 1 PID: 32614 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3112.445369][T32614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3112.455421][T32614] Call Trace: [ 3112.458696][T32614] 15:37:24 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3112.460163][T32607] syz-executor.4: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0x404dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null) [ 3112.461611][T32614] dump_stack_lvl+0x136/0x150 [ 3112.461644][T32614] dump_header+0x10a/0xd70 [ 3112.479406][T32607] ,cpuset= [ 3112.484054][T32614] oom_kill_process+0x25d/0x600 [ 3112.484086][T32614] out_of_memory+0x35c/0x1660 [ 3112.489466][T32607] syz4 [ 3112.491477][T32614] ? find_held_lock+0x2d/0x110 [ 3112.496604][T32607] ,mems_allowed=0-1 [ 3112.500942][T32614] ? oom_killer_disable+0x2b0/0x2b0 [ 3112.500971][T32614] ? rcu_read_unlock+0x9/0x60 [ 3112.503691][T32607] [ 3112.508370][T32614] ? find_held_lock+0x2d/0x110 [ 3112.508402][T32614] mem_cgroup_out_of_memory+0x206/0x270 [ 3112.508436][T32614] ? mem_cgroup_margin+0x130/0x130 [ 3112.508461][T32614] ? lock_downgrade+0x690/0x690 [ 3112.508500][T32614] try_charge_memcg+0xf99/0x13a0 [ 3112.508540][T32614] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3112.508575][T32614] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3112.508604][T32614] ? lock_downgrade+0x690/0x690 [ 3112.508632][T32614] ? lock_downgrade+0x690/0x690 [ 3112.508671][T32614] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3112.508709][T32614] __alloc_pages+0x1f3/0x4a0 [ 3112.508739][T32614] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3112.508774][T32614] ? __lock_acquire+0xc17/0x5f30 [ 3112.508811][T32614] ? find_held_lock+0x2d/0x110 [ 3112.508840][T32614] alloc_pages+0x1aa/0x270 [ 3112.508872][T32614] __pmd_alloc+0x3f/0x5d0 [ 3112.508896][T32614] __handle_mm_fault+0x93e/0x41c0 [ 3112.508924][T32614] ? mt_find+0x3b9/0xa60 [ 3112.508953][T32614] ? vm_iomap_memory+0x190/0x190 [ 3112.508975][T32614] ? mas_find+0x200/0x200 [ 3112.509021][T32614] handle_mm_fault+0x2af/0x9f0 [ 3112.509049][T32614] do_user_addr_fault+0x51a/0x1210 [ 3112.509080][T32614] exc_page_fault+0x98/0x170 [ 3112.509109][T32614] asm_exc_page_fault+0x26/0x30 [ 3112.509141][T32614] RIP: 0033:0x7f5d2ac86cc5 [ 3112.509157][T32614] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3112.509179][T32614] RSP: 002b:00007ffc24e00468 EFLAGS: 00010202 [ 3112.509198][T32614] RAX: 00000000200003c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3112.509211][T32614] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200003c0 [ 3112.509225][T32614] RBP: 00007ffc24e00528 R08: 00007f5d2ac00000 R09: 00007f5d2a800000 [ 3112.509238][T32614] R10: 00007f5d2a8000c8 R11: 0000000000000246 R12: 00000000002f7da7 [ 3112.509252][T32614] R13: 00007ffc24e00550 R14: 00007f5d2adabf80 R15: 0000000000000032 [ 3112.509280][T32614] [ 3112.584721][T32614] memory: usage 307200kB, limit 307200kB, failcnt 27849 [ 3112.644682][T32607] CPU: 0 PID: 32607 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3112.714974][T32614] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3112.717408][T32607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3112.717421][T32607] Call Trace: [ 3112.717427][T32607] [ 3112.717435][T32607] dump_stack_lvl+0x136/0x150 [ 3112.736442][T32614] Memory cgroup stats for [ 3112.741423][T32607] warn_alloc+0x213/0x360 [ 3112.741458][T32607] ? zone_watermark_ok_safe+0x2e0/0x2e0 [ 3112.804340][T32614] /syz1 [ 3112.807652][T32607] ? find_held_lock+0x2d/0x110 [ 3112.814948][T32614] : [ 3112.824507][T32607] ? lock_downgrade+0x690/0x690 [ 3112.824547][T32607] ? mark_held_locks+0x9f/0xe0 [ 3112.824593][T32607] __vmalloc_node_range+0x1021/0x14a0 [ 3112.828129][T32614] anon 425984 [ 3112.828129][T32614] file 262144 [ 3112.828129][T32614] kernel 313868288 [ 3112.828129][T32614] kernel_stack 163840 [ 3112.828129][T32614] pagetables 249856 [ 3112.828129][T32614] sec_pagetables 0 [ 3112.828129][T32614] percpu 5421856 [ 3112.828129][T32614] sock 0 [ 3112.828129][T32614] vmalloc 0 [ 3112.828129][T32614] shmem 258048 [ 3112.828129][T32614] zswap 0 [ 3112.828129][T32614] zswapped 0 [ 3112.828129][T32614] file_mapped 241664 [ 3112.828129][T32614] file_dirty 0 [ 3112.828129][T32614] file_writeback 0 [ 3112.828129][T32614] swapcached 0 [ 3112.828129][T32614] anon_thp 0 [ 3112.828129][T32614] file_thp 0 [ 3112.828129][T32614] shmem_thp 0 [ 3112.828129][T32614] inactive_anon 0 [ 3112.828129][T32614] active_anon 684032 [ 3112.828129][T32614] inactive_file 4096 [ 3112.828129][T32614] active_file 0 [ 3112.828129][T32614] unevictable 0 [ 3112.828129][T32614] slab_reclaimable 34328 [ 3112.828129][T32614] slab_unreclaimable 307911952 [ 3112.828129][T32614] slab 307946280 [ 3112.828129][T32614] workingset_refault_anon 0 [ 3112.828129][T32614] workingset_refault_file 2 [ 3112.828129][T32614] workingset_activate_anon 0 [ 3112.828129][T32614] workingset_activate_file 0 [ 3112.828129][T32614] workingset_restore_anon 0 [ 3112.828129][T32614] workingset_restore_file 2 [ 3112.828129][T32614] workingset_nodereclaim 0 [ 3112.828129][T32614] pgscan 4669 [ 3112.828129][T32614] pgsteal 107 [ 3112.828129][T32614] pgscan_kswapd 92 [ 3112.828129][T32614] pgscan_direct 4577 [ 3112.828129][T32614] pgscan_khugepaged 0 [ 3112.828129][T32614] pgsteal_kswapd 88 [ 3112.828129][T32614] pgsteal_direct 19 [ 3112.828129][T32614] pgsteal_khugepaged 0 [ 3112.828129][T32614] pgfault 568527 [ 3112.828129][T32614] pgmajfault 2 [ 3112.828129][T32614] pgrefill 17077 [ 3112.828129][T32614] pgactivate 4562 [ 3112.828129][T32614] pgdeactivate 0 [ 3112.828129][T32614] pglazyfree 0 [ 3112.828129][T32614] pglazyfreed 0 [ 3112.828129][T32614] zswpin 0 [ 3112.828129][T32614] zswpout 0 [ 3112.830791][T32607] ? alloc_netdev_mqs+0x9c/0x1250 [ 3112.830845][T32607] ? delayed_vfree_work+0x70/0x70 [ 3112.838824][T32614] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 3112.839888][T32607] ? __kmem_cache_alloc_node+0xb4/0x320 [ 3112.839920][T32607] ? kvmalloc_node+0x76/0x1a0 [ 3112.844339][T32614] ,cpuset= [ 3112.849753][T32607] ? rcu_is_watching+0x12/0xb0 [ 3112.849795][T32607] ? alloc_netdev_mqs+0x9c/0x1250 [ 3112.849837][T32607] kvmalloc_node+0x156/0x1a0 [ 3112.853393][T32614] syz1 [ 3112.857509][T32607] ? alloc_netdev_mqs+0x9c/0x1250 [ 3112.857545][T32607] alloc_netdev_mqs+0x9c/0x1250 [ 3112.857568][T32607] ? security_capable+0x93/0xc0 [ 3112.857584][T32607] ? br_netpoll_disable+0x60/0x60 [ 3112.857604][T32607] rtnl_create_link+0xc17/0xf20 [ 3112.860875][T32614] ,mems_allowed=0-1 [ 3112.865108][T32607] __rtnl_newlink+0xfd4/0x1840 [ 3112.865150][T32607] ? find_held_lock+0x2d/0x110 [ 3112.865182][T32607] ? rtnl_link_unregister+0x250/0x250 [ 3112.870048][T32614] ,oom_memcg= [ 3112.875276][T32607] ? __kmem_cache_alloc_node+0x48/0x320 [ 3112.875332][T32607] ? rtnl_newlink+0x4a/0xa0 [ 3112.875370][T32607] rtnl_newlink+0x68/0xa0 [ 3112.875397][T32607] ? __rtnl_newlink+0x1840/0x1840 [ 3113.168303][T32607] rtnetlink_rcv_msg+0x43d/0xd50 [ 3113.173256][T32607] ? rtnl_stats_set+0x4d0/0x4d0 [ 3113.178115][T32607] ? __dev_queue_xmit+0xa2a/0x3b10 [ 3113.181515][T32614] /syz1 [ 3113.183225][T32607] netlink_rcv_skb+0x165/0x440 [ 3113.183360][T32614] ,task_memcg= [ 3113.186003][T32607] ? rtnl_stats_set+0x4d0/0x4d0 [ 3113.186032][T32607] ? netlink_ack+0x1360/0x1360 [ 3113.186069][T32607] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3113.186097][T32607] netlink_unicast+0x547/0x7f0 [ 3113.186124][T32607] ? netlink_attachskb+0x890/0x890 [ 3113.186145][T32607] ? __virt_addr_valid+0x61/0x2e0 [ 3113.186176][T32607] ? __phys_addr_symbol+0x30/0x70 [ 3113.186204][T32607] ? __check_object_size+0x323/0x730 [ 3113.186232][T32607] netlink_sendmsg+0x925/0xe30 [ 3113.186259][T32607] ? netlink_unicast+0x7f0/0x7f0 [ 3113.186286][T32607] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3113.186309][T32607] ? netlink_unicast+0x7f0/0x7f0 [ 3113.186331][T32607] sock_sendmsg+0xde/0x190 [ 3113.186353][T32607] ____sys_sendmsg+0x71c/0x900 [ 3113.186376][T32607] ? copy_msghdr_from_user+0xfc/0x150 [ 3113.186404][T32607] ? kernel_sendmsg+0x50/0x50 [ 3113.186438][T32607] ___sys_sendmsg+0x110/0x1b0 15:37:25 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3113.186463][T32607] ? do_recvmmsg+0x6f0/0x6f0 [ 3113.186492][T32607] ? __fget_files+0x248/0x480 [ 3113.186524][T32607] ? lock_downgrade+0x690/0x690 [ 3113.186561][T32607] ? futex_wake_mark+0x1a0/0x1a0 [ 3113.186590][T32607] ? __fget_files+0x26a/0x480 [ 3113.186626][T32607] ? __fget_light+0xe5/0x270 [ 3113.186661][T32607] __sys_sendmsg+0xf7/0x1c0 [ 3113.186686][T32607] ? __sys_sendmsg_sock+0x40/0x40 [ 3113.186713][T32607] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3113.186758][T32607] ? syscall_enter_from_user_mode+0x26/0x80 [ 3113.186785][T32607] ? lockdep_hardirqs_on+0x7d/0x100 [ 3113.186812][T32607] do_syscall_64+0x39/0xb0 [ 3113.186845][T32607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3113.186876][T32607] RIP: 0033:0x7fcdfee8c169 [ 3113.186892][T32607] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3113.186915][T32607] RSP: 002b:00007fcdffb69168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3113.186936][T32607] RAX: ffffffffffffffda RBX: 00007fcdfefabf80 RCX: 00007fcdfee8c169 [ 3113.186950][T32607] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3113.186963][T32607] RBP: 00007fcdfeee7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3113.186977][T32607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3113.186990][T32607] R13: 00007ffda41c1e2f R14: 00007fcdffb69300 R15: 0000000000022000 15:37:25 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3113.187017][T32607] [ 3113.357886][T32607] Mem-Info: [ 3113.451839][T32614] /syz1,task=syz-executor.1,pid=32614,uid=0 [ 3113.581161][T32614] Memory cgroup out of memory: Killed process 32614 (syz-executor.1) total-vm:54548kB, anon-rss:488kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3113.591751][T32607] active_anon:189638 inactive_anon:31573 isolated_anon:0 [ 3113.591751][T32607] active_file:7512 inactive_file:1418 isolated_file:0 15:37:25 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3b00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3113.591751][T32607] unevictable:768 dirty:16 writeback:0 [ 3113.591751][T32607] slab_reclaimable:23914 slab_unreclaimable:613000 [ 3113.591751][T32607] mapped:19968 shmem:27275 pagetables:2157 [ 3113.591751][T32607] sec_pagetables:0 bounce:0 [ 3113.591751][T32607] kernel_misc_reclaimable:0 [ 3113.591751][T32607] free:661529 free_pcp:13193 free_cma:0 [ 3113.658921][T32616] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3113.723650][T32607] Node 0 active_anon:761288kB inactive_anon:118356kB active_file:28792kB inactive_file:476kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:79872kB dirty:56kB writeback:0kB shmem:105228kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 49152kB writeback_tmp:0kB kernel_stack:11504kB pagetables:7540kB sec_pagetables:0kB all_unreclaimable? no [ 3113.766635][T32616] CPU: 0 PID: 32616 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3113.766657][T32616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3113.766666][T32616] Call Trace: [ 3113.766671][T32616] [ 3113.766677][T32616] dump_stack_lvl+0x136/0x150 [ 3113.766708][T32616] dump_header+0x10a/0xd70 [ 3113.766727][T32616] oom_kill_process+0x25d/0x600 [ 3113.766744][T32616] out_of_memory+0x35c/0x1660 [ 3113.766762][T32616] ? find_held_lock+0x2d/0x110 [ 3113.766782][T32616] ? oom_killer_disable+0x2b0/0x2b0 [ 3113.766799][T32616] ? rcu_read_unlock+0x9/0x60 [ 3113.766818][T32616] ? find_held_lock+0x2d/0x110 [ 3113.766838][T32616] mem_cgroup_out_of_memory+0x206/0x270 [ 3113.766860][T32616] ? mem_cgroup_margin+0x130/0x130 [ 3113.766878][T32616] ? lock_downgrade+0x690/0x690 [ 3113.766907][T32616] try_charge_memcg+0xf99/0x13a0 [ 3113.766934][T32616] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3113.766961][T32616] ? rcu_read_unlock+0x9/0x60 [ 3113.766979][T32616] ? lock_downgrade+0x690/0x690 [ 3113.767007][T32616] charge_memcg+0x90/0x3b0 [ 3113.767032][T32616] __mem_cgroup_charge+0x2b/0x90 [ 3113.767049][T32616] do_wp_page+0x8ea/0x33c0 [ 3113.767069][T32616] ? lock_sync+0x190/0x190 [ 3113.767090][T32616] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3113.767107][T32616] ? do_raw_spin_lock+0x124/0x2b0 [ 3113.767129][T32616] ? spin_bug+0x1c0/0x1c0 [ 3113.767155][T32616] __handle_mm_fault+0x1635/0x41c0 [ 3113.767176][T32616] ? vm_iomap_memory+0x190/0x190 [ 3113.767192][T32616] ? mas_walk+0x58f/0x730 [ 3113.767218][T32616] ? numa_migrate_prep+0x3a0/0x3a0 [ 3113.767232][T32616] ? do_user_addr_fault+0x367/0x1210 [ 3113.767258][T32616] handle_mm_fault+0x2af/0x9f0 [ 3113.767278][T32616] do_user_addr_fault+0x2ca/0x1210 [ 3113.767298][T32616] ? rcu_is_watching+0x12/0xb0 [ 3113.767324][T32616] exc_page_fault+0x98/0x170 [ 3113.767344][T32616] asm_exc_page_fault+0x26/0x30 [ 3113.767367][T32616] RIP: 0033:0x7f5bd0639610 [ 3113.767382][T32616] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3113.767398][T32616] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3113.767412][T32616] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3113.767423][T32616] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3113.767434][T32616] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3113.767444][T32616] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3113.767456][T32616] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3113.767466][T32616] ? __sock_create+0x46/0x850 [ 3113.767492][T32616] [ 3113.767498][T32616] memory: usage 307200kB, limit 307200kB, failcnt 27317 [ 3113.767509][T32616] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3113.767519][T32616] Memory cgroup stats for /syz2: [ 3113.767670][T32616] anon 122880 [ 3113.767670][T32616] file 8388608 [ 3113.767670][T32616] kernel 306061312 [ 3113.767670][T32616] kernel_stack 65536 [ 3113.767670][T32616] pagetables 69632 [ 3113.767670][T32616] sec_pagetables 0 [ 3113.767670][T32616] percpu 5294976 [ 3113.767670][T32616] sock 0 [ 3113.767670][T32616] vmalloc 16384 [ 3113.767670][T32616] shmem 8380416 [ 3113.767670][T32616] zswap 0 [ 3113.767670][T32616] zswapped 0 [ 3113.767670][T32616] file_mapped 286720 [ 3113.767670][T32616] file_dirty 4096 [ 3113.767670][T32616] file_writeback 0 [ 3113.767670][T32616] swapcached 0 [ 3113.767670][T32616] anon_thp 0 [ 3113.767670][T32616] file_thp 0 [ 3113.767670][T32616] shmem_thp 0 [ 3113.767670][T32616] inactive_anon 0 [ 3113.767670][T32616] active_anon 8503296 [ 3113.767670][T32616] inactive_file 4096 [ 3113.767670][T32616] active_file 4096 [ 3113.767670][T32616] unevictable 0 [ 3113.767670][T32616] slab_reclaimable 39288 [ 3113.767670][T32616] slab_unreclaimable 300535960 [ 3113.767670][T32616] slab 300575248 [ 3113.767670][T32616] workingset_refault_anon 0 [ 3113.767670][T32616] workingset_refault_file 2 [ 3113.767670][T32616] workingset_activate_anon 0 [ 3113.767670][T32616] workingset_activate_file 0 [ 3113.767670][T32616] workingset_restore_anon 0 [ 3113.767670][T32616] workingset_restore_file 2 [ 3113.767670][T32616] workingset_nodereclaim 0 [ 3113.767670][T32616] pgscan 8517 [ 3113.767670][T32616] pgsteal 122 [ 3113.767670][T32616] pgscan_kswapd 106 [ 3113.767670][T32616] pgscan_direct 8411 [ 3113.767670][T32616] pgscan_khugepaged 0 [ 3113.767670][T32616] pgsteal_kswapd 97 [ 3113.767670][T32616] pgsteal_direct 25 [ 3113.767670][T32616] pgsteal_khugepaged 0 [ 3113.767670][T32616] pgfault 696098 [ 3113.767670][T32616] pgmajfault 0 [ 3113.767670][T32616] pgrefill 33090 [ 3113.767670][T32616] pgactivate 8395 [ 3113.767670][T32616] pgdeactivate 0 [ 3113.767670][T32616] pglazyfree 0 [ 3113.767670][T32616] pglazyfreed 0 [ 3113.767670][T32616] zswpin 0 [ 3113.767670][T32616] zswpout 0 [ 3113.767715][T32616] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32616,uid=0 [ 3113.767820][T32616] Memory cgroup out of memory: Killed process 32616 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3113.782078][T32606] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3113.782100][T32606] CPU: 0 PID: 32606 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3113.782117][T32606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3113.782127][T32606] Call Trace: [ 3113.782132][T32606] [ 3113.782138][T32606] dump_stack_lvl+0x136/0x150 [ 3113.782165][T32606] dump_header+0x10a/0xd70 [ 3113.782185][T32606] oom_kill_process+0x25d/0x600 [ 3113.782202][T32606] out_of_memory+0x35c/0x1660 [ 3113.782220][T32606] ? find_held_lock+0x2d/0x110 [ 3113.782239][T32606] ? oom_killer_disable+0x2b0/0x2b0 [ 3113.782255][T32606] ? rcu_read_unlock+0x9/0x60 [ 3113.782273][T32606] ? find_held_lock+0x2d/0x110 [ 3113.782292][T32606] mem_cgroup_out_of_memory+0x206/0x270 [ 3113.782314][T32606] ? mem_cgroup_margin+0x130/0x130 [ 3113.782332][T32606] ? lock_downgrade+0x690/0x690 [ 3113.782361][T32606] try_charge_memcg+0xf99/0x13a0 [ 3113.782389][T32606] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3113.782413][T32606] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3113.782434][T32606] ? lock_downgrade+0x690/0x690 [ 3113.782456][T32606] ? lock_downgrade+0x690/0x690 [ 3113.782484][T32606] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3113.782510][T32606] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3113.782534][T32606] copy_process+0x4f9/0x75c0 [ 3113.782570][T32606] ? pidfd_prepare+0x80/0x80 [ 3113.782591][T32606] ? lock_downgrade+0x690/0x690 [ 3113.782614][T32606] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3113.782636][T32606] ? folio_add_lru+0x47f/0x7c0 [ 3113.782659][T32606] kernel_clone+0xeb/0x890 [ 3113.782679][T32606] ? create_io_thread+0xe0/0xe0 [ 3113.782700][T32606] ? find_held_lock+0x2d/0x110 [ 3113.782722][T32606] ? find_held_lock+0x2d/0x110 [ 3113.782744][T32606] __do_sys_clone+0xba/0x100 [ 3113.782765][T32606] ? kernel_clone+0x890/0x890 [ 3113.782793][T32606] ? syscall_enter_from_user_mode+0x26/0x80 [ 3113.782817][T32606] do_syscall_64+0x39/0xb0 [ 3113.782841][T32606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3113.782863][T32606] RIP: 0033:0x7fcdfee8d591 [ 3113.782876][T32606] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3113.782892][T32606] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3113.782908][T32606] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3113.782919][T32606] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3113.782929][T32606] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3113.782940][T32606] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3113.782950][T32606] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3113.782971][T32606] [ 3113.782977][T32606] memory: usage 307200kB, limit 307200kB, failcnt 39510 [ 3113.782987][T32606] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3113.782997][T32606] Memory cgroup stats for /syz4: [ 3113.783111][T32606] anon 2142208 [ 3113.783111][T32606] file 7716864 [ 3113.783111][T32606] kernel 304713728 [ 3113.783111][T32606] kernel_stack 688128 [ 3113.783111][T32606] pagetables 1171456 [ 3113.783111][T32606] sec_pagetables 0 [ 3113.783111][T32606] percpu 5219168 [ 3113.783111][T32606] sock 0 [ 3113.783111][T32606] vmalloc 12288 [ 3113.783111][T32606] shmem 7716864 [ 3113.783111][T32606] zswap 0 [ 3113.783111][T32606] zswapped 0 [ 3113.783111][T32606] file_mapped 196608 [ 3113.783111][T32606] file_dirty 0 [ 3113.783111][T32606] file_writeback 0 [ 3113.783111][T32606] swapcached 0 [ 3113.783111][T32606] anon_thp 0 [ 3113.783111][T32606] file_thp 0 [ 3113.783111][T32606] shmem_thp 0 [ 3113.783111][T32606] inactive_anon 9596928 [ 3113.783111][T32606] active_anon 262144 [ 3113.783111][T32606] inactive_file 0 [ 3113.783111][T32606] active_file 0 [ 3113.783111][T32606] unevictable 0 [ 3113.783111][T32606] slab_reclaimable 172672 [ 3113.783111][T32606] slab_unreclaimable 297105376 [ 3113.783111][T32606] slab 297278048 [ 3113.783111][T32606] workingset_refault_anon 0 [ 3113.783111][T32606] workingset_refault_file 0 [ 3113.783111][T32606] workingset_activate_anon 0 [ 3113.783111][T32606] workingset_activate_file 0 [ 3113.783111][T32606] workingset_restore_anon 0 [ 3113.783111][T32606] workingset_restore_file 0 [ 3113.783111][T32606] workingset_nodereclaim 0 [ 3113.783111][T32606] pgscan 116 [ 3113.783111][T32606] pgsteal 111 [ 3113.783111][T32606] pgscan_kswapd 99 [ 3113.783111][T32606] pgscan_direct 17 [ 3113.783111][T32606] pgscan_khugepaged 0 [ 3113.783111][T32606] pgsteal_kswapd 97 [ 3113.783111][T32606] pgsteal_direct 14 [ 3113.783111][T32606] pgsteal_khugepaged 0 [ 3113.783111][T32606] pgfault 696996 [ 3113.783111][T32606] pgmajfault 6 [ 3113.783111][T32606] pgrefill 593 [ 3113.783111][T32606] pgactivate 5 [ 3113.783111][T32606] pgdeactivate 0 [ 3113.783111][T32606] pglazyfree 0 [ 3113.783111][T32606] pglazyfreed 0 [ 3113.783111][T32606] zswpin 0 [ 3113.783111][T32606] zswpout 0 [ 3113.783155][T32606] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=32606,uid=0 [ 3113.783240][T32606] Memory cgroup out of memory: Killed process 32606 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3113.935657][T32730] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3114.022489][T32607] Node 1 active_anon:4868kB inactive_anon:284kB active_file:1256kB inactive_file:5196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:3872kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:1060kB pagetables:1100kB sec_pagetables:0kB all_unreclaimable? no [ 3114.111214][T32730] CPU: 0 PID: 32730 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3114.172566][T32607] Node 0 [ 3114.325965][T32730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3114.325981][T32730] Call Trace: [ 3114.325987][T32730] [ 3114.325996][T32730] dump_stack_lvl+0x136/0x150 [ 3114.326035][T32730] dump_header+0x10a/0xd70 [ 3114.326057][T32730] oom_kill_process+0x25d/0x600 [ 3114.326078][T32730] out_of_memory+0x35c/0x1660 [ 3114.326107][T32730] ? oom_killer_disable+0x2b0/0x2b0 [ 3114.326130][T32730] ? rcu_read_unlock+0x9/0x60 [ 3114.326157][T32730] ? find_held_lock+0x2d/0x110 [ 3114.326190][T32730] mem_cgroup_out_of_memory+0x206/0x270 [ 3114.326217][T32730] ? mem_cgroup_margin+0x130/0x130 [ 3114.326244][T32730] ? lock_downgrade+0x690/0x690 [ 3114.326279][T32730] try_charge_memcg+0xf99/0x13a0 [ 3114.326325][T32730] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3114.326365][T32730] ? rcu_read_unlock+0x9/0x60 [ 3114.326387][T32730] ? lock_downgrade+0x690/0x690 [ 3114.326433][T32730] charge_memcg+0x90/0x3b0 [ 3114.326471][T32730] __mem_cgroup_charge+0x2b/0x90 [ 3114.326491][T32730] ? copy_mc_to_kernel+0x86/0x90 [ 3114.326523][T32730] do_wp_page+0x8ea/0x33c0 [ 3114.326553][T32730] ? lock_sync+0x190/0x190 [ 3114.326587][T32730] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3114.326610][T32730] ? do_raw_spin_lock+0x124/0x2b0 [ 3114.326644][T32730] ? spin_bug+0x1c0/0x1c0 [ 3114.326681][T32730] __handle_mm_fault+0x1635/0x41c0 [ 3114.326709][T32730] ? vm_iomap_memory+0x190/0x190 [ 3114.326731][T32730] ? mas_walk+0x58f/0x730 [ 3114.326769][T32730] ? numa_migrate_prep+0x3a0/0x3a0 [ 3114.326816][T32730] handle_mm_fault+0x2af/0x9f0 [ 3114.326846][T32730] do_user_addr_fault+0x2ca/0x1210 [ 3114.326876][T32730] ? rcu_is_watching+0x12/0xb0 [ 3114.326910][T32730] exc_page_fault+0x98/0x170 [ 3114.326936][T32730] asm_exc_page_fault+0x26/0x30 [ 3114.326965][T32730] RIP: 0033:0x7f5d2ac366e5 [ 3114.326981][T32730] Code: 0f 1f 44 00 00 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d de 19 17 00 48 01 ca 02 01 48 89 42 08 48 8b 0d 8d 72 17 00 48 8b 53 10 4c 8d 81 00 [ 3114.327001][T32730] RSP: 002b:00007ffc24e00440 EFLAGS: 00010206 [ 3114.327018][T32730] RAX: 0000000000000003 RBX: 00007f5d2adabf80 RCX: 00007f5d2ada80c0 [ 3114.327032][T32730] RDX: 00007f5d2ada80c0 RSI: 0000000000000080 RDI: 00007f5d2adabf80 [ 3114.327043][T32730] RBP: 00007f5d2adabf80 R08: 00007ffc24e73080 R09: 0000000000000000 [ 3114.327056][T32730] R10: 00007ffc24e00550 R11: 0000000000000246 R12: 00000000002f82cc [ 3114.327068][T32730] R13: 00007ffc24e00550 R14: 00007f5d2adabf80 R15: 0000000000000032 [ 3114.327092][T32730] [ 3114.570305][T32730] memory: usage 307192kB, limit 307200kB, failcnt 27872 [ 3114.734099][T32607] DMA free:10708kB boost:0kB min:200kB low:248kB high:296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:88kB free_cma:0kB [ 3114.813218][T32730] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3115.209819][T32607] lowmem_reserve[]: [ 3115.294683][T32730] Memory cgroup stats for [ 3115.322152][T32607] 0 [ 3115.327256][T32730] /syz1 [ 3115.351454][T32607] 2617 [ 3115.378488][T32730] : [ 3115.393837][T32607] 2619 2619 2619 [ 3115.393863][T32607] Node 0 DMA32 free:44292kB boost:0kB min:35440kB low:44300kB high:53160kB reserved_highatomic:0KB active_anon:753028kB inactive_anon:126572kB active_file:27568kB inactive_file:392kB unevictable:1536kB writepending:56kB present:3129332kB managed:2684936kB mlocked:0kB bounce:0kB free_pcp:36708kB local_pcp:21440kB free_cma:0kB [ 3115.393914][T32607] lowmem_reserve[]: 0 0 1 1 1 15:37:27 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xaf940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:27 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1300}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:27 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xa) [ 3115.393947][T32607] Node 0 Normal free:16kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:40kB inactive_anon:4kB active_file:1228kB inactive_file:76kB unevictable:0kB writepending:0kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 3115.393993][T32607] lowmem_reserve[]: 0 0 0 0 0 [ 3115.394025][T32607] Node 1 Normal free:2591100kB boost:0kB min:54444kB low:68052kB high:81660kB reserved_highatomic:0KB active_anon:4232kB inactive_anon:312kB active_file:1256kB inactive_file:5196kB unevictable:1536kB writepending:8kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:17028kB local_pcp:8440kB free_cma:0kB [ 3115.394081][T32607] lowmem_reserve[]: 0 0 0 0 0 [ 3115.394112][T32607] Node 0 DMA: 3*4kB (UE) 3*8kB (UME) 1*16kB (M) 1*32kB (E) 2*64kB (ME) 4*128kB (UME) 3*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10708kB [ 3115.394257][T32607] Node 0 DMA32: 499*4kB (ME) 427*8kB (ME) 172*16kB (UME) 155*32kB (ME) 47*64kB (UME) 20*128kB (UME) 10*256kB (ME) 9*512kB (UME) 6*1024kB (UM) 6*2048kB (M) 0*4096kB = 44292kB [ 3115.394394][T32607] Node 0 Normal: 4*4kB (UM) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 3115.394488][T32607] Node 1 Normal: 413*4kB (M) 1033*8kB (UME) 536*16kB (UME) 226*32kB (UME) 150*64kB (UME) 113*128kB (UME) 69*256kB (UME) 43*512kB (UM) 29*1024kB (UM) 11*2048kB (UM) 598*4096kB (UM) = 2591100kB [ 3115.410022][T32607] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3115.410037][T32607] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3115.410050][T32607] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3115.410064][T32607] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3115.410077][T32607] 36052 total pagecache pages [ 3115.410083][T32607] 0 pages in swap cache [ 3115.410089][T32607] Free swap = 0kB [ 3115.410095][T32607] Total swap = 0kB [ 3115.410101][T32607] 2097051 pages RAM [ 3115.410107][T32607] 0 pages HighMem/MovableOnly [ 3115.410113][T32607] 392162 pages reserved [ 3115.410118][T32607] 0 pages cma reserved [ 3115.470189][T32619] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3115.649211][T32730] anon 389120 [ 3115.649211][T32730] file 262144 [ 3115.649211][T32730] kernel 313868288 [ 3115.649211][T32730] kernel_stack 163840 [ 3115.649211][T32730] pagetables 249856 [ 3115.649211][T32730] sec_pagetables 0 [ 3115.649211][T32730] percpu 5421856 [ 3115.649211][T32730] sock 0 [ 3115.649211][T32730] vmalloc 0 [ 3115.649211][T32730] shmem 258048 [ 3115.649211][T32730] zswap 0 [ 3115.649211][T32730] zswapped 0 [ 3115.649211][T32730] file_mapped 241664 [ 3115.649211][T32730] file_dirty 0 [ 3115.649211][T32730] file_writeback 0 [ 3115.649211][T32730] swapcached 0 [ 3115.649211][T32730] anon_thp 0 [ 3115.649211][T32730] file_thp 0 [ 3115.649211][T32730] shmem_thp 0 [ 3115.649211][T32730] inactive_anon 573440 [ 3115.649211][T32730] active_anon 73728 [ 3115.649211][T32730] inactive_file 0 [ 3115.649211][T32730] active_file 4096 [ 3115.649211][T32730] unevictable 0 [ 3115.649211][T32730] slab_reclaimable 32400 [ 3115.649211][T32730] slab_unreclaimable 307911304 [ 3115.649211][T32730] slab 307943704 [ 3115.649211][T32730] workingset_refault_anon 0 [ 3115.649211][T32730] workingset_refault_file 2 [ 3115.649211][T32730] workingset_activate_anon 0 [ 3115.649211][T32730] workingset_activate_file 0 [ 3115.649211][T32730] workingset_restore_anon 0 [ 3115.649211][T32730] workingset_restore_file 2 [ 3115.649211][T32730] workingset_nodereclaim 0 [ 3115.649211][T32730] pgscan 4681 [ 3115.649211][T32730] pgsteal 107 [ 3115.649211][T32730] pgscan_kswapd 92 [ 3115.649211][T32730] pgscan_direct 4589 [ 3115.649211][T32730] pgscan_khugepaged 0 [ 3115.649211][T32730] pgsteal_kswapd 88 [ 3115.649211][T32730] pgsteal_direct 19 [ 3115.649211][T32730] pgsteal_khugepaged 0 [ 3115.649211][T32730] pgfault 568570 [ 3115.649211][T32730] pgmajfault 2 [ 3115.649211][T32730] pgrefill 17077 [ 3115.649211][T32730] pgactivate 4574 [ 3115.649211][T32730] pgdeactivate 0 [ 3115.649211][T32730] pglazyfree 0 [ 3115.649211][T32730] pglazyfreed 0 [ 3115.649211][T32730] zswpin 0 [ 3115.649211][T32730] zswpout 0 15:37:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xad940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xb) 15:37:27 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3116.071198][ T376] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:28 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:28 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:28 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xc) [ 3116.290967][ T399] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3116.350639][T32730] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=32730,uid=0 [ 3116.352821][ T487] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3116.366307][T32730] Memory cgroup out of memory: Killed process 32730 (syz-executor.1) total-vm:54548kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 15:37:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3c00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3116.480050][T32734] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3116.509991][T32734] CPU: 1 PID: 32734 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3116.520410][T32734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3116.530545][T32734] Call Trace: [ 3116.533824][T32734] [ 3116.536752][T32734] dump_stack_lvl+0x136/0x150 [ 3116.541464][T32734] dump_header+0x10a/0xd70 [ 3116.545876][T32734] oom_kill_process+0x25d/0x600 [ 3116.550732][T32734] out_of_memory+0x35c/0x1660 [ 3116.555412][T32734] ? find_held_lock+0x2d/0x110 [ 3116.560175][T32734] ? oom_killer_disable+0x2b0/0x2b0 [ 3116.565367][T32734] ? rcu_read_unlock+0x9/0x60 [ 3116.570044][T32734] ? find_held_lock+0x2d/0x110 [ 3116.574814][T32734] mem_cgroup_out_of_memory+0x206/0x270 [ 3116.580358][T32734] ? mem_cgroup_margin+0x130/0x130 [ 3116.585466][T32734] ? lock_downgrade+0x690/0x690 [ 3116.590327][T32734] try_charge_memcg+0xf99/0x13a0 [ 3116.591299][ T565] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3116.595291][T32734] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3116.595322][T32734] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3116.616255][T32734] ? lock_downgrade+0x690/0x690 [ 3116.621109][T32734] ? lock_downgrade+0x690/0x690 [ 3116.625963][T32734] ? rcu_read_unlock+0x9/0x60 [ 3116.630643][T32734] obj_cgroup_charge+0x2af/0x5e0 [ 3116.635587][T32734] ? copy_process+0x3c0/0x75c0 [ 3116.640350][T32734] kmem_cache_alloc_node+0xa8/0x3e0 [ 3116.645555][T32734] copy_process+0x3c0/0x75c0 [ 3116.650147][T32734] ? __lock_acquire+0xc17/0x5f30 [ 3116.655116][T32734] ? pidfd_prepare+0x80/0x80 [ 3116.659712][T32734] ? psi_memstall_leave+0x174/0x250 [ 3116.664905][T32734] ? lock_downgrade+0x690/0x690 [ 3116.669766][T32734] kernel_clone+0xeb/0x890 [ 3116.674184][T32734] ? create_io_thread+0xe0/0xe0 [ 3116.679034][T32734] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3116.685284][T32734] ? lock_downgrade+0x690/0x690 [ 3116.690145][T32734] __do_sys_clone+0xba/0x100 [ 3116.694735][T32734] ? kernel_clone+0x890/0x890 [ 3116.699411][T32734] ? syscall_enter_from_user_mode+0x26/0x80 [ 3116.705303][T32734] do_syscall_64+0x39/0xb0 [ 3116.709729][T32734] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3116.715621][T32734] RIP: 0033:0x7f5bd068d591 [ 3116.720030][T32734] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3116.739637][T32734] RSP: 002b:00007fffe74b1648 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3116.748054][T32734] RAX: ffffffffffffffda RBX: 00007f5bcf1fe700 RCX: 00007f5bd068d591 [ 3116.756032][T32734] RDX: 00007f5bcf1fe9d0 RSI: 00007f5bcf1fe2f0 RDI: 00000000003d0f00 [ 3116.764000][T32734] RBP: 00007fffe74b1890 R08: 00007f5bcf1fe700 R09: 00007f5bcf1fe700 [ 3116.771974][T32734] R10: 00007f5bcf1fe9d0 R11: 0000000000000206 R12: 00007fffe74b16fe [ 3116.779943][T32734] R13: 00007fffe74b16ff R14: 00007f5bcf1fe300 R15: 0000000000022000 [ 3116.787923][T32734] [ 3116.857409][T32734] memory: usage 307196kB, limit 307200kB, failcnt 27413 [ 3116.864453][T32734] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3116.913513][T32734] Memory cgroup stats for /syz2: [ 3116.913665][T32734] anon 114688 [ 3116.913665][T32734] file 8388608 [ 3116.913665][T32734] kernel 306049024 [ 3116.913665][T32734] kernel_stack 65536 [ 3116.913665][T32734] pagetables 73728 [ 3116.913665][T32734] sec_pagetables 0 [ 3116.913665][T32734] percpu 5294912 [ 3116.913665][T32734] sock 0 [ 3116.913665][T32734] vmalloc 16384 [ 3116.913665][T32734] shmem 8380416 [ 3116.913665][T32734] zswap 0 [ 3116.913665][T32734] zswapped 0 [ 3116.913665][T32734] file_mapped 286720 [ 3116.913665][T32734] file_dirty 4096 [ 3116.913665][T32734] file_writeback 0 [ 3116.913665][T32734] swapcached 0 [ 3116.913665][T32734] anon_thp 0 [ 3116.913665][T32734] file_thp 0 [ 3116.913665][T32734] shmem_thp 0 [ 3116.913665][T32734] inactive_anon 8417280 [ 3116.913665][T32734] active_anon 77824 [ 3116.913665][T32734] inactive_file 8192 [ 3116.913665][T32734] active_file 0 [ 3116.913665][T32734] unevictable 0 [ 3116.913665][T32734] slab_reclaimable 39288 [ 3116.913665][T32734] slab_unreclaimable 300525360 [ 3116.913665][T32734] slab 300564648 [ 3116.913665][T32734] workingset_refault_anon 0 [ 3116.913665][T32734] workingset_refault_file 2 [ 3116.913665][T32734] workingset_activate_anon 0 [ 3116.913665][T32734] workingset_activate_file 0 [ 3116.913665][T32734] workingset_restore_anon 0 [ 3116.913665][T32734] workingset_restore_file 2 [ 3116.913665][T32734] workingset_nodereclaim 0 [ 3116.913665][T32734] pgscan 8560 [ 3116.913665][T32734] pgsteal 122 [ 3116.913665][T32734] pgscan_kswapd 106 [ 3116.913665][T32734] pgscan_direct 8454 [ 3116.913665][T32734] pgscan_khugepaged 0 [ 3116.913665][T32734] pgsteal_kswapd 97 [ 3116.913665][T32734] pgsteal_direct 25 [ 3116.913665][T32734] pgsteal_khugepaged 0 [ 3116.913665][T32734] pgfault 696141 [ 3116.913665][T32734] pgmajfault 0 [ 3116.913665][T32734] pgrefill 33177 [ 3116.913665][T32734] pgactivate 8438 [ 3116.913665][T32734] pgdeactivate 0 [ 3116.913665][T32734] pglazyfree 0 [ 3116.913665][T32734] pglazyfreed 0 [ 3116.913665][T32734] zswpin 0 [ 3116.913665][T32734] zswpout 0 [ 3117.151246][T32734] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32734,uid=0 [ 3117.194213][T32734] Memory cgroup out of memory: Killed process 32734 (syz-executor.2) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3117.251844][T32735] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3117.293299][T32735] CPU: 0 PID: 32735 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3117.303803][T32735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3117.313842][T32735] Call Trace: [ 3117.317109][T32735] [ 3117.320037][T32735] dump_stack_lvl+0x136/0x150 [ 3117.324743][T32735] dump_header+0x10a/0xd70 [ 3117.329160][T32735] oom_kill_process+0x25d/0x600 [ 3117.334004][T32735] out_of_memory+0x35c/0x1660 [ 3117.338667][T32735] ? find_held_lock+0x2d/0x110 [ 3117.343428][T32735] ? oom_killer_disable+0x2b0/0x2b0 [ 3117.348612][T32735] ? rcu_read_unlock+0x9/0x60 [ 3117.353290][T32735] ? find_held_lock+0x2d/0x110 [ 3117.358062][T32735] mem_cgroup_out_of_memory+0x206/0x270 [ 3117.363789][T32735] ? mem_cgroup_margin+0x130/0x130 [ 3117.368888][T32735] ? lock_downgrade+0x690/0x690 [ 3117.373757][T32735] try_charge_memcg+0xf99/0x13a0 [ 3117.378707][T32735] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3117.384693][T32735] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3117.390418][T32735] ? lock_downgrade+0x690/0x690 [ 3117.395272][T32735] ? lock_downgrade+0x690/0x690 [ 3117.400136][T32735] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3117.405690][T32735] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3117.411845][T32735] copy_process+0x4f9/0x75c0 [ 3117.416432][T32735] ? __lock_acquire+0xc17/0x5f30 [ 3117.421544][T32735] ? pidfd_prepare+0x80/0x80 [ 3117.426133][T32735] ? psi_memstall_leave+0x174/0x250 [ 3117.431322][T32735] ? lock_downgrade+0x690/0x690 [ 3117.436173][T32735] kernel_clone+0xeb/0x890 [ 3117.440585][T32735] ? create_io_thread+0xe0/0xe0 [ 3117.445433][T32735] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3117.451676][T32735] ? lock_downgrade+0x690/0x690 [ 3117.456523][T32735] __do_sys_clone+0xba/0x100 [ 3117.461108][T32735] ? kernel_clone+0x890/0x890 [ 3117.465790][T32735] ? syscall_enter_from_user_mode+0x26/0x80 [ 3117.471686][T32735] do_syscall_64+0x39/0xb0 [ 3117.476097][T32735] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3117.481990][T32735] RIP: 0033:0x7fcdfee8d591 [ 3117.486395][T32735] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3117.506002][T32735] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3117.514403][T32735] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3117.522360][T32735] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3117.530318][T32735] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3117.538284][T32735] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3117.546247][T32735] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3117.554219][T32735] [ 3117.673330][T32735] memory: usage 307200kB, limit 307200kB, failcnt 39688 [ 3117.694151][T32735] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3117.711670][T32735] Memory cgroup stats for /syz4: [ 3117.711797][T32735] anon 2142208 [ 3117.711797][T32735] file 7716864 [ 3117.711797][T32735] kernel 304713728 [ 3117.711797][T32735] kernel_stack 688128 [ 3117.711797][T32735] pagetables 1171456 [ 3117.711797][T32735] sec_pagetables 0 [ 3117.711797][T32735] percpu 5219168 [ 3117.711797][T32735] sock 0 [ 3117.711797][T32735] vmalloc 8192 [ 3117.711797][T32735] shmem 7716864 [ 3117.711797][T32735] zswap 0 [ 3117.711797][T32735] zswapped 0 [ 3117.711797][T32735] file_mapped 196608 [ 3117.711797][T32735] file_dirty 0 [ 3117.711797][T32735] file_writeback 0 [ 3117.711797][T32735] swapcached 0 [ 3117.711797][T32735] anon_thp 0 [ 3117.711797][T32735] file_thp 0 [ 3117.711797][T32735] shmem_thp 0 [ 3117.711797][T32735] inactive_anon 9596928 [ 3117.711797][T32735] active_anon 262144 [ 3117.711797][T32735] inactive_file 0 [ 3117.711797][T32735] active_file 0 [ 3117.711797][T32735] unevictable 0 [ 3117.711797][T32735] slab_reclaimable 172672 [ 3117.711797][T32735] slab_unreclaimable 297105072 [ 3117.711797][T32735] slab 297277744 [ 3117.711797][T32735] workingset_refault_anon 0 [ 3117.711797][T32735] workingset_refault_file 0 [ 3117.711797][T32735] workingset_activate_anon 0 [ 3117.711797][T32735] workingset_activate_file 0 [ 3117.711797][T32735] workingset_restore_anon 0 [ 3117.711797][T32735] workingset_restore_file 0 [ 3117.711797][T32735] workingset_nodereclaim 0 [ 3117.711797][T32735] pgscan 116 [ 3117.711797][T32735] pgsteal 111 [ 3117.711797][T32735] pgscan_kswapd 99 [ 3117.711797][T32735] pgscan_direct 17 [ 3117.711797][T32735] pgscan_khugepaged 0 [ 3117.711797][T32735] pgsteal_kswapd 97 [ 3117.711797][T32735] pgsteal_direct 14 [ 3117.711797][T32735] pgsteal_khugepaged 0 [ 3117.711797][T32735] pgfault 697062 [ 3117.711797][T32735] pgmajfault 6 [ 3117.711797][T32735] pgrefill 593 [ 3117.711797][T32735] pgactivate 5 [ 3117.711797][T32735] pgdeactivate 0 [ 3117.711797][T32735] pglazyfree 0 [ 3117.711797][T32735] pglazyfreed 0 [ 3117.711797][T32735] zswpin 0 [ 3117.711797][T32735] zswpout 0 [ 3117.984310][T32735] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=32735,uid=0 [ 3118.025034][T32735] Memory cgroup out of memory: Killed process 32735 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3118.062164][ T585] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3118.093823][ T585] CPU: 0 PID: 585 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3118.104086][ T585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3118.114140][ T585] Call Trace: [ 3118.117414][ T585] [ 3118.120338][ T585] dump_stack_lvl+0x136/0x150 [ 3118.125027][ T585] dump_header+0x10a/0xd70 [ 3118.129454][ T585] oom_kill_process+0x25d/0x600 [ 3118.134306][ T585] out_of_memory+0x35c/0x1660 [ 3118.138988][ T585] ? oom_killer_disable+0x2b0/0x2b0 [ 3118.144191][ T585] ? rcu_read_unlock+0x9/0x60 [ 3118.148872][ T585] ? find_held_lock+0x2d/0x110 [ 3118.153668][ T585] mem_cgroup_out_of_memory+0x206/0x270 [ 3118.159249][ T585] ? mem_cgroup_margin+0x130/0x130 [ 3118.164373][ T585] ? lock_downgrade+0x690/0x690 [ 3118.169246][ T585] try_charge_memcg+0xf99/0x13a0 [ 3118.174202][ T585] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3118.180203][ T585] ? rcu_read_unlock+0x9/0x60 [ 3118.184885][ T585] ? lock_downgrade+0x690/0x690 [ 3118.189753][ T585] charge_memcg+0x90/0x3b0 [ 3118.194181][ T585] __mem_cgroup_charge+0x2b/0x90 [ 3118.199125][ T585] __handle_mm_fault+0x2296/0x41c0 [ 3118.204242][ T585] ? vm_iomap_memory+0x190/0x190 [ 3118.209172][ T585] ? mas_walk+0x58f/0x730 [ 3118.213512][ T585] ? numa_migrate_prep+0x3a0/0x3a0 [ 3118.218622][ T585] handle_mm_fault+0x2af/0x9f0 [ 3118.223387][ T585] do_user_addr_fault+0x2ca/0x1210 [ 3118.228494][ T585] ? rcu_is_watching+0x12/0xb0 [ 3118.233266][ T585] exc_page_fault+0x98/0x170 [ 3118.237859][ T585] asm_exc_page_fault+0x26/0x30 [ 3118.242804][ T585] RIP: 0033:0x7f5d2ac3e171 [ 3118.247210][ T585] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3118.266816][ T585] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3118.272902][ T585] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3118.280862][ T585] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 15:37:29 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb0940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:29 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, 0x0, 0x0, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xad940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3118.288826][ T585] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3118.296816][ T585] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3118.304781][ T585] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3118.312753][ T585] 15:37:30 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xe) 15:37:30 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1400}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:30 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, 0x0, 0x0, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3118.417008][ T598] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3118.440676][ T585] memory: usage 307200kB, limit 307200kB, failcnt 27943 [ 3118.481675][ T585] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3118.502259][ T585] Memory cgroup stats for /syz1: [ 3118.502390][ T585] anon 434176 [ 3118.502390][ T585] file 262144 [ 3118.502390][ T585] kernel 313864192 [ 3118.502390][ T585] kernel_stack 163840 [ 3118.502390][ T585] pagetables 258048 [ 3118.502390][ T585] sec_pagetables 0 [ 3118.502390][ T585] percpu 5421792 [ 3118.502390][ T585] sock 0 [ 3118.502390][ T585] vmalloc 0 [ 3118.502390][ T585] shmem 258048 [ 3118.502390][ T585] zswap 0 [ 3118.502390][ T585] zswapped 0 [ 3118.502390][ T585] file_mapped 241664 [ 3118.502390][ T585] file_dirty 0 [ 3118.502390][ T585] file_writeback 0 [ 3118.502390][ T585] swapcached 0 [ 3118.502390][ T585] anon_thp 0 [ 3118.502390][ T585] file_thp 0 [ 3118.502390][ T585] shmem_thp 0 [ 3118.502390][ T585] inactive_anon 573440 15:37:30 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xf) [ 3118.502390][ T585] active_anon 118784 [ 3118.502390][ T585] inactive_file 4096 [ 3118.502390][ T585] active_file 0 [ 3118.502390][ T585] unevictable 0 [ 3118.502390][ T585] slab_reclaimable 34328 [ 3118.502390][ T585] slab_unreclaimable 307902992 [ 3118.502390][ T585] slab 307937320 [ 3118.502390][ T585] workingset_refault_anon 0 [ 3118.502390][ T585] workingset_refault_file 2 [ 3118.502390][ T585] workingset_activate_anon 0 [ 3118.502390][ T585] workingset_activate_file 0 [ 3118.502390][ T585] workingset_restore_anon 0 [ 3118.502390][ T585] workingset_restore_file 2 [ 3118.502390][ T585] workingset_nodereclaim 0 [ 3118.502390][ T585] pgscan 4716 [ 3118.502390][ T585] pgsteal 107 [ 3118.502390][ T585] pgscan_kswapd 92 [ 3118.502390][ T585] pgscan_direct 4624 [ 3118.502390][ T585] pgscan_khugepaged 0 [ 3118.502390][ T585] pgsteal_kswapd 88 [ 3118.502390][ T585] pgsteal_direct 19 [ 3118.502390][ T585] pgsteal_khugepaged 0 [ 3118.502390][ T585] pgfault 568634 [ 3118.502390][ T585] pgmajfault 2 [ 3118.502390][ T585] pgrefill 17077 [ 3118.502390][ T585] pgactivate 4609 [ 3118.502390][ T585] pgdeactivate 0 15:37:30 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, 0x0, 0x0, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3118.502390][ T585] pglazyfree 0 [ 3118.502390][ T585] pglazyfreed 0 [ 3118.502390][ T585] zswpin 0 [ 3118.502390][ T585] zswpout 0 15:37:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x82010000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:30 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980), 0x0, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3118.772258][ T710] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3118.881578][ T585] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=584,uid=0 15:37:30 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980), 0x0, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3118.913135][ T712] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3118.954917][ T585] Memory cgroup out of memory: Killed process 584 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 15:37:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3d00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3119.013344][ T596] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3119.029182][ T596] CPU: 0 PID: 596 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3119.039433][ T596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3119.049482][ T596] Call Trace: [ 3119.052753][ T596] [ 3119.055680][ T596] dump_stack_lvl+0x136/0x150 [ 3119.060361][ T596] dump_header+0x10a/0xd70 [ 3119.064776][ T596] oom_kill_process+0x25d/0x600 [ 3119.069624][ T596] out_of_memory+0x35c/0x1660 [ 3119.074302][ T596] ? find_held_lock+0x2d/0x110 [ 3119.079064][ T596] ? oom_killer_disable+0x2b0/0x2b0 [ 3119.084260][ T596] ? rcu_read_unlock+0x9/0x60 [ 3119.088939][ T596] ? find_held_lock+0x2d/0x110 [ 3119.093706][ T596] mem_cgroup_out_of_memory+0x206/0x270 [ 3119.099253][ T596] ? mem_cgroup_margin+0x130/0x130 [ 3119.104372][ T596] ? lock_downgrade+0x690/0x690 [ 3119.109237][ T596] try_charge_memcg+0xf99/0x13a0 [ 3119.114185][ T596] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3119.120193][ T596] ? rcu_read_unlock+0x9/0x60 [ 3119.124866][ T596] ? lock_downgrade+0x690/0x690 [ 3119.129716][ T596] charge_memcg+0x90/0x3b0 [ 3119.134129][ T596] __mem_cgroup_charge+0x2b/0x90 [ 3119.139055][ T596] do_wp_page+0x8ea/0x33c0 [ 3119.143464][ T596] ? lock_sync+0x190/0x190 [ 3119.147872][ T596] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3119.153230][ T596] ? do_raw_spin_lock+0x124/0x2b0 [ 3119.158249][ T596] ? spin_bug+0x1c0/0x1c0 [ 3119.162577][ T596] __handle_mm_fault+0x1635/0x41c0 [ 3119.167685][ T596] ? vm_iomap_memory+0x190/0x190 [ 3119.172609][ T596] ? mas_walk+0x58f/0x730 [ 3119.176939][ T596] ? numa_migrate_prep+0x3a0/0x3a0 [ 3119.182035][ T596] ? do_user_addr_fault+0x367/0x1210 [ 3119.187313][ T596] handle_mm_fault+0x2af/0x9f0 [ 3119.192070][ T596] do_user_addr_fault+0x2ca/0x1210 [ 3119.197174][ T596] ? rcu_is_watching+0x12/0xb0 [ 3119.202021][ T596] exc_page_fault+0x98/0x170 [ 3119.206604][ T596] asm_exc_page_fault+0x26/0x30 [ 3119.211447][ T596] RIP: 0033:0x7f5bd0639610 [ 3119.215849][ T596] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3119.235444][ T596] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3119.241495][ T596] RAX: 0000000048ac4d0b RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3119.249453][ T596] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 0000000000000022 [ 3119.257410][ T596] RBP: 0000000048ac4d0b R08: 0000000000000d0b R09: 0000000048ac4d0f [ 3119.265367][ T596] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3119.273322][ T596] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff88050461 [ 3119.281277][ T596] ? __x64_sys_socket+0x11/0xb0 [ 3119.286126][ T596] [ 3119.407280][ T596] memory: usage 307184kB, limit 307200kB, failcnt 27523 [ 3119.423789][ T596] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3119.430761][ T596] Memory cgroup stats for /syz2: [ 3119.430916][ T596] anon 114688 [ 3119.430916][ T596] file 8388608 [ 3119.430916][ T596] kernel 306044928 [ 3119.430916][ T596] kernel_stack 65536 [ 3119.430916][ T596] pagetables 69632 [ 3119.430916][ T596] sec_pagetables 0 [ 3119.430916][ T596] percpu 5294912 [ 3119.430916][ T596] sock 0 [ 3119.430916][ T596] vmalloc 16384 [ 3119.430916][ T596] shmem 8380416 [ 3119.430916][ T596] zswap 0 [ 3119.430916][ T596] zswapped 0 [ 3119.430916][ T596] file_mapped 286720 [ 3119.430916][ T596] file_dirty 4096 [ 3119.430916][ T596] file_writeback 0 [ 3119.430916][ T596] swapcached 0 [ 3119.430916][ T596] anon_thp 0 [ 3119.430916][ T596] file_thp 0 [ 3119.430916][ T596] shmem_thp 0 [ 3119.430916][ T596] inactive_anon 8417280 [ 3119.430916][ T596] active_anon 77824 [ 3119.430916][ T596] inactive_file 8192 [ 3119.430916][ T596] active_file 0 [ 3119.430916][ T596] unevictable 0 [ 3119.430916][ T596] slab_reclaimable 39288 [ 3119.430916][ T596] slab_unreclaimable 300524936 [ 3119.430916][ T596] slab 300564224 [ 3119.430916][ T596] workingset_refault_anon 0 [ 3119.430916][ T596] workingset_refault_file 2 [ 3119.430916][ T596] workingset_activate_anon 0 [ 3119.430916][ T596] workingset_activate_file 0 [ 3119.430916][ T596] workingset_restore_anon 0 [ 3119.430916][ T596] workingset_restore_file 2 [ 3119.430916][ T596] workingset_nodereclaim 0 [ 3119.430916][ T596] pgscan 8592 [ 3119.430916][ T596] pgsteal 122 [ 3119.430916][ T596] pgscan_kswapd 106 [ 3119.430916][ T596] pgscan_direct 8486 [ 3119.430916][ T596] pgscan_khugepaged 0 [ 3119.430916][ T596] pgsteal_kswapd 97 [ 3119.430916][ T596] pgsteal_direct 25 [ 3119.430916][ T596] pgsteal_khugepaged 0 [ 3119.430916][ T596] pgfault 696186 [ 3119.430916][ T596] pgmajfault 0 [ 3119.430916][ T596] pgrefill 33241 [ 3119.430916][ T596] pgactivate 8470 [ 3119.430916][ T596] pgdeactivate 0 [ 3119.430916][ T596] pglazyfree 0 [ 3119.430916][ T596] pglazyfreed 0 [ 3119.430916][ T596] zswpin 0 [ 3119.430916][ T596] zswpout 0 [ 3119.712755][ T596] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=596,uid=0 [ 3119.751243][ T596] Memory cgroup out of memory: Killed process 596 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3119.792491][ T602] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3119.822215][ T718] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3119.868854][ T718] CPU: 1 PID: 718 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3119.879109][ T718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3119.889166][ T718] Call Trace: [ 3119.892440][ T718] [ 3119.895369][ T718] dump_stack_lvl+0x136/0x150 [ 3119.900061][ T718] dump_header+0x10a/0xd70 [ 3119.904482][ T718] oom_kill_process+0x25d/0x600 [ 3119.909338][ T718] out_of_memory+0x35c/0x1660 [ 3119.914018][ T718] ? find_held_lock+0x2d/0x110 [ 3119.918784][ T718] ? oom_killer_disable+0x2b0/0x2b0 [ 3119.923979][ T718] ? rcu_read_unlock+0x9/0x60 [ 3119.928657][ T718] ? find_held_lock+0x2d/0x110 [ 3119.933422][ T718] mem_cgroup_out_of_memory+0x206/0x270 [ 3119.938968][ T718] ? mem_cgroup_margin+0x130/0x130 [ 3119.944104][ T718] ? lock_downgrade+0x690/0x690 [ 3119.948969][ T718] try_charge_memcg+0xf99/0x13a0 [ 3119.953921][ T718] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3119.959919][ T718] ? rcu_read_unlock+0x9/0x60 [ 3119.964602][ T718] ? lock_downgrade+0x690/0x690 [ 3119.969465][ T718] charge_memcg+0x90/0x3b0 [ 3119.973887][ T718] __mem_cgroup_charge+0x2b/0x90 [ 3119.978826][ T718] do_wp_page+0x8ea/0x33c0 [ 3119.983243][ T718] ? lock_sync+0x190/0x190 [ 3119.987662][ T718] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3119.993033][ T718] ? do_raw_spin_lock+0x124/0x2b0 [ 3119.998061][ T718] ? spin_bug+0x1c0/0x1c0 [ 3120.002391][ T718] __handle_mm_fault+0x1635/0x41c0 [ 3120.007494][ T718] ? vm_iomap_memory+0x190/0x190 [ 3120.012417][ T718] ? mas_walk+0x58f/0x730 [ 3120.016746][ T718] ? numa_migrate_prep+0x3a0/0x3a0 [ 3120.021914][ T718] ? do_user_addr_fault+0x367/0x1210 [ 3120.027192][ T718] handle_mm_fault+0x2af/0x9f0 [ 3120.031944][ T718] do_user_addr_fault+0x2ca/0x1210 [ 3120.037048][ T718] ? rcu_is_watching+0x12/0xb0 [ 3120.041825][ T718] exc_page_fault+0x98/0x170 [ 3120.046409][ T718] asm_exc_page_fault+0x26/0x30 [ 3120.051252][ T718] RIP: 0033:0x7f5d2ac39610 [ 3120.055654][ T718] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3120.075246][ T718] RSP: 002b:00007ffc24e00390 EFLAGS: 00010246 [ 3120.081297][ T718] RAX: 0000000048ac4d0b RBX: 00007f5d2adac0e8 RCX: 0000001b2dc20000 [ 3120.089255][ T718] RDX: 0000000000000000 RSI: 0000001b2dc20018 RDI: 0000000000000022 [ 3120.097212][ T718] RBP: 0000000048ac4d0b R08: 0000000000000d0b R09: 0000000048ac4d0f [ 3120.105167][ T718] R10: 00007ffc24e00550 R11: 0000000000000246 R12: 00007f5d2ada0000 15:37:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x82010000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x10) 15:37:32 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980), 0x0, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3120.113121][ T718] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff88050461 [ 3120.121078][ T718] ? __x64_sys_socket+0x11/0xb0 [ 3120.125945][ T718] 15:37:32 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1500}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:32 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb1940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3120.231237][ T727] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 15:37:32 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3120.312952][ T718] memory: usage 307200kB, limit 307200kB, failcnt 28026 15:37:32 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x11) 15:37:32 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3120.439883][ T718] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3120.446957][ T718] Memory cgroup stats for /syz1: [ 3120.447115][ T718] anon 397312 [ 3120.447115][ T718] file 262144 [ 3120.447115][ T718] kernel 313913344 [ 3120.447115][ T718] kernel_stack 196608 [ 3120.447115][ T718] pagetables 249856 [ 3120.447115][ T718] sec_pagetables 0 [ 3120.447115][ T718] percpu 5421856 [ 3120.447115][ T718] sock 0 [ 3120.447115][ T718] vmalloc 0 [ 3120.447115][ T718] shmem 258048 [ 3120.447115][ T718] zswap 0 [ 3120.447115][ T718] zswapped 0 [ 3120.447115][ T718] file_mapped 241664 [ 3120.447115][ T718] file_dirty 0 [ 3120.447115][ T718] file_writeback 0 [ 3120.447115][ T718] swapcached 0 [ 3120.447115][ T718] anon_thp 0 [ 3120.447115][ T718] file_thp 0 [ 3120.447115][ T718] shmem_thp 0 [ 3120.447115][ T718] inactive_anon 0 [ 3120.447115][ T718] active_anon 655360 [ 3120.447115][ T718] inactive_file 4096 [ 3120.447115][ T718] active_file 0 [ 3120.447115][ T718] unevictable 0 [ 3120.447115][ T718] slab_reclaimable 34328 [ 3120.447115][ T718] slab_unreclaimable 307921280 [ 3120.447115][ T718] slab 307955608 [ 3120.447115][ T718] workingset_refault_anon 0 [ 3120.447115][ T718] workingset_refault_file 2 [ 3120.447115][ T718] workingset_activate_anon 0 [ 3120.447115][ T718] workingset_activate_file 0 [ 3120.447115][ T718] workingset_restore_anon 0 [ 3120.447115][ T718] workingset_restore_file 2 [ 3120.447115][ T718] workingset_nodereclaim 0 [ 3120.447115][ T718] pgscan 4751 [ 3120.447115][ T718] pgsteal 107 [ 3120.447115][ T718] pgscan_kswapd 92 [ 3120.447115][ T718] pgscan_direct 4659 15:37:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x12) 15:37:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3120.447115][ T718] pgscan_khugepaged 0 [ 3120.447115][ T718] pgsteal_kswapd 88 [ 3120.447115][ T718] pgsteal_direct 19 [ 3120.447115][ T718] pgsteal_khugepaged 0 [ 3120.447115][ T718] pgfault 568682 [ 3120.447115][ T718] pgmajfault 2 [ 3120.447115][ T718] pgrefill 17077 [ 3120.447115][ T718] pgactivate 4644 [ 3120.447115][ T718] pgdeactivate 0 [ 3120.447115][ T718] pglazyfree 0 [ 3120.447115][ T718] pglazyfreed 0 [ 3120.447115][ T718] zswpin 0 [ 3120.447115][ T718] zswpout 0 [ 3120.729042][ T854] __nla_validate_parse: 1 callbacks suppressed [ 3120.729056][ T854] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3120.751856][ T718] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=718,uid=0 [ 3120.756361][ T853] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3120.783962][ T718] Memory cgroup out of memory: Killed process 718 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3120.844191][ T723] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3120.912440][ T723] CPU: 1 PID: 723 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3120.922698][ T723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3120.932748][ T723] Call Trace: [ 3120.936021][ T723] [ 3120.938949][ T723] dump_stack_lvl+0x136/0x150 [ 3120.943635][ T723] dump_header+0x10a/0xd70 [ 3120.948054][ T723] oom_kill_process+0x25d/0x600 [ 3120.953121][ T723] out_of_memory+0x35c/0x1660 [ 3120.957804][ T723] ? find_held_lock+0x2d/0x110 [ 3120.962567][ T723] ? oom_killer_disable+0x2b0/0x2b0 [ 3120.967766][ T723] ? rcu_read_unlock+0x9/0x60 [ 3120.972456][ T723] ? find_held_lock+0x2d/0x110 [ 3120.977215][ T723] mem_cgroup_out_of_memory+0x206/0x270 [ 3120.982761][ T723] ? mem_cgroup_margin+0x130/0x130 [ 3120.987880][ T723] ? lock_downgrade+0x690/0x690 [ 3120.992746][ T723] try_charge_memcg+0xf99/0x13a0 [ 3120.997694][ T723] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3121.003691][ T723] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3121.009411][ T723] ? lock_downgrade+0x690/0x690 [ 3121.014268][ T723] ? lock_downgrade+0x690/0x690 [ 3121.019135][ T723] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3121.024684][ T723] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3121.030848][ T723] copy_process+0x1442/0x75c0 [ 3121.035523][ T723] ? __lock_acquire+0xc17/0x5f30 [ 3121.040458][ T723] ? pidfd_prepare+0x80/0x80 [ 3121.045054][ T723] ? psi_memstall_leave+0x174/0x250 [ 3121.050247][ T723] ? lock_downgrade+0x690/0x690 [ 3121.055107][ T723] kernel_clone+0xeb/0x890 [ 3121.059521][ T723] ? create_io_thread+0xe0/0xe0 [ 3121.064381][ T723] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3121.070615][ T723] ? lock_downgrade+0x690/0x690 [ 3121.075464][ T723] __do_sys_clone+0xba/0x100 [ 3121.080068][ T723] ? kernel_clone+0x890/0x890 [ 3121.084749][ T723] ? syscall_enter_from_user_mode+0x26/0x80 [ 3121.090635][ T723] do_syscall_64+0x39/0xb0 [ 3121.095049][ T723] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3121.100943][ T723] RIP: 0033:0x7f5bd068d591 [ 3121.105356][ T723] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3121.125055][ T723] RSP: 002b:00007fffe74b1648 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3121.133470][ T723] RAX: ffffffffffffffda RBX: 00007f5bd1304700 RCX: 00007f5bd068d591 [ 3121.141432][ T723] RDX: 00007f5bd13049d0 RSI: 00007f5bd13042f0 RDI: 00000000003d0f00 [ 3121.149487][ T723] RBP: 00007fffe74b1890 R08: 00007f5bd1304700 R09: 00007f5bd1304700 [ 3121.157452][ T723] R10: 00007f5bd13049d0 R11: 0000000000000206 R12: 00007fffe74b16fe [ 3121.165417][ T723] R13: 00007fffe74b16ff R14: 00007f5bd1304300 R15: 0000000000022000 [ 3121.173394][ T723] 15:37:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3e00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:33 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x13) 15:37:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x73470500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3121.260783][ T982] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3121.280094][ T723] memory: usage 307188kB, limit 307200kB, failcnt 27613 [ 3121.291928][ T723] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3121.351853][ T723] Memory cgroup stats for /syz2: [ 3121.352028][ T723] anon 102400 [ 3121.352028][ T723] file 8388608 [ 3121.352028][ T723] kernel 306069504 [ 3121.352028][ T723] kernel_stack 32768 [ 3121.352028][ T723] pagetables 69632 [ 3121.352028][ T723] sec_pagetables 0 [ 3121.352028][ T723] percpu 5294976 [ 3121.352028][ T723] sock 0 [ 3121.352028][ T723] vmalloc 16384 [ 3121.352028][ T723] shmem 8380416 [ 3121.352028][ T723] zswap 0 [ 3121.352028][ T723] zswapped 0 [ 3121.352028][ T723] file_mapped 286720 [ 3121.352028][ T723] file_dirty 4096 [ 3121.352028][ T723] file_writeback 0 [ 3121.352028][ T723] swapcached 0 [ 3121.352028][ T723] anon_thp 0 [ 3121.352028][ T723] file_thp 0 [ 3121.352028][ T723] shmem_thp 0 [ 3121.352028][ T723] inactive_anon 8417280 [ 3121.352028][ T723] active_anon 65536 [ 3121.352028][ T723] inactive_file 4096 [ 3121.352028][ T723] active_file 4096 [ 3121.352028][ T723] unevictable 0 [ 3121.352028][ T723] slab_reclaimable 62976 [ 3121.352028][ T723] slab_unreclaimable 300539712 [ 3121.352028][ T723] slab 300602688 [ 3121.352028][ T723] workingset_refault_anon 0 [ 3121.352028][ T723] workingset_refault_file 2 [ 3121.352028][ T723] workingset_activate_anon 0 [ 3121.352028][ T723] workingset_activate_file 0 [ 3121.352028][ T723] workingset_restore_anon 0 [ 3121.352028][ T723] workingset_restore_file 2 [ 3121.352028][ T723] workingset_nodereclaim 0 [ 3121.352028][ T723] pgscan 8620 [ 3121.352028][ T723] pgsteal 122 [ 3121.352028][ T723] pgscan_kswapd 106 [ 3121.352028][ T723] pgscan_direct 8514 [ 3121.352028][ T723] pgscan_khugepaged 0 [ 3121.352028][ T723] pgsteal_kswapd 97 [ 3121.352028][ T723] pgsteal_direct 25 [ 3121.352028][ T723] pgsteal_khugepaged 0 [ 3121.352028][ T723] pgfault 696226 [ 3121.352028][ T723] pgmajfault 0 [ 3121.352028][ T723] pgrefill 33296 [ 3121.352028][ T723] pgactivate 8498 [ 3121.352028][ T723] pgdeactivate 0 [ 3121.352028][ T723] pglazyfree 0 [ 3121.352028][ T723] pglazyfreed 0 [ 3121.352028][ T723] zswpin 0 [ 3121.352028][ T723] zswpout 0 [ 3121.539701][ T983] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3121.650569][ T723] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=723,uid=0 [ 3121.679208][ T723] Memory cgroup out of memory: Killed process 723 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:37:33 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1600}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3121.738799][ T731] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3121.810814][ T986] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3121.825719][ T986] CPU: 0 PID: 986 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3121.835966][ T986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3121.846023][ T986] Call Trace: [ 3121.849301][ T986] [ 3121.852228][ T986] dump_stack_lvl+0x136/0x150 [ 3121.856923][ T986] dump_header+0x10a/0xd70 [ 3121.861349][ T986] oom_kill_process+0x25d/0x600 [ 3121.866201][ T986] out_of_memory+0x35c/0x1660 [ 3121.870888][ T986] ? find_held_lock+0x2d/0x110 [ 3121.875656][ T986] ? oom_killer_disable+0x2b0/0x2b0 [ 3121.880855][ T986] ? rcu_read_unlock+0x9/0x60 [ 3121.885536][ T986] ? find_held_lock+0x2d/0x110 [ 3121.890304][ T986] mem_cgroup_out_of_memory+0x206/0x270 [ 3121.895857][ T986] ? mem_cgroup_margin+0x130/0x130 [ 3121.900973][ T986] ? lock_downgrade+0x690/0x690 [ 3121.905848][ T986] try_charge_memcg+0xf99/0x13a0 [ 3121.910802][ T986] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3121.916794][ T986] ? rcu_read_unlock+0x9/0x60 [ 3121.921473][ T986] ? lock_downgrade+0x690/0x690 [ 3121.926343][ T986] charge_memcg+0x90/0x3b0 [ 3121.930771][ T986] __mem_cgroup_charge+0x2b/0x90 [ 3121.935710][ T986] __handle_mm_fault+0x2296/0x41c0 [ 3121.940823][ T986] ? vm_iomap_memory+0x190/0x190 [ 3121.945759][ T986] ? mas_walk+0x58f/0x730 [ 3121.950104][ T986] ? numa_migrate_prep+0x3a0/0x3a0 [ 3121.955218][ T986] handle_mm_fault+0x2af/0x9f0 [ 3121.959987][ T986] do_user_addr_fault+0x2ca/0x1210 [ 3121.965107][ T986] ? rcu_is_watching+0x12/0xb0 [ 3121.969881][ T986] exc_page_fault+0x98/0x170 [ 3121.974471][ T986] asm_exc_page_fault+0x26/0x30 [ 3121.979321][ T986] RIP: 0033:0x7f5d2ac3e171 [ 3121.983735][ T986] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3122.003350][ T986] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3122.009419][ T986] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3122.017388][ T986] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 [ 3122.025356][ T986] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3122.033327][ T986] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3122.041296][ T986] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3122.049280][ T986] [ 3122.063544][ T986] memory: usage 307200kB, limit 307200kB, failcnt 28163 [ 3122.093905][ T986] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3122.121998][ T986] Memory cgroup stats for /syz1: [ 3122.122162][ T986] anon 434176 [ 3122.122162][ T986] file 262144 [ 3122.122162][ T986] kernel 313876480 [ 3122.122162][ T986] kernel_stack 163840 [ 3122.122162][ T986] pagetables 258048 [ 3122.122162][ T986] sec_pagetables 0 [ 3122.122162][ T986] percpu 5421856 [ 3122.122162][ T986] sock 0 [ 3122.122162][ T986] vmalloc 0 [ 3122.122162][ T986] shmem 258048 [ 3122.122162][ T986] zswap 0 [ 3122.122162][ T986] zswapped 0 [ 3122.122162][ T986] file_mapped 241664 [ 3122.122162][ T986] file_dirty 0 [ 3122.122162][ T986] file_writeback 0 [ 3122.122162][ T986] swapcached 0 [ 3122.122162][ T986] anon_thp 0 [ 3122.122162][ T986] file_thp 0 [ 3122.122162][ T986] shmem_thp 0 [ 3122.122162][ T986] inactive_anon 573440 [ 3122.122162][ T986] active_anon 118784 [ 3122.122162][ T986] inactive_file 4096 [ 3122.122162][ T986] active_file 0 [ 3122.122162][ T986] unevictable 0 [ 3122.122162][ T986] slab_reclaimable 34328 [ 3122.122162][ T986] slab_unreclaimable 307912352 [ 3122.122162][ T986] slab 307946680 [ 3122.122162][ T986] workingset_refault_anon 0 [ 3122.122162][ T986] workingset_refault_file 2 [ 3122.122162][ T986] workingset_activate_anon 0 [ 3122.122162][ T986] workingset_activate_file 0 [ 3122.122162][ T986] workingset_restore_anon 0 [ 3122.122162][ T986] workingset_restore_file 2 [ 3122.122162][ T986] workingset_nodereclaim 0 [ 3122.122162][ T986] pgscan 4798 [ 3122.122162][ T986] pgsteal 107 [ 3122.122162][ T986] pgscan_kswapd 92 [ 3122.122162][ T986] pgscan_direct 4706 [ 3122.122162][ T986] pgscan_khugepaged 0 [ 3122.122162][ T986] pgsteal_kswapd 88 [ 3122.122162][ T986] pgsteal_direct 19 [ 3122.122162][ T986] pgsteal_khugepaged 0 [ 3122.122162][ T986] pgfault 568745 [ 3122.122162][ T986] pgmajfault 2 [ 3122.122162][ T986] pgrefill 17077 [ 3122.122162][ T986] pgactivate 4691 [ 3122.122162][ T986] pgdeactivate 0 [ 3122.122162][ T986] pglazyfree 0 [ 3122.122162][ T986] pglazyfreed 0 [ 3122.122162][ T986] zswpin 0 [ 3122.122162][ T986] zswpout 0 [ 3122.392855][ T986] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=980,uid=0 [ 3122.414498][ T986] Memory cgroup out of memory: Killed process 980 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3122.464454][ T731] syz-executor.4 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=2, oom_score_adj=1000 [ 3122.511216][ T731] CPU: 1 PID: 731 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3122.521481][ T731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3122.531542][ T731] Call Trace: [ 3122.534814][ T731] [ 3122.537726][ T731] dump_stack_lvl+0x136/0x150 [ 3122.542386][ T731] dump_header+0x10a/0xd70 [ 3122.546788][ T731] oom_kill_process+0x25d/0x600 [ 3122.551626][ T731] out_of_memory+0x35c/0x1660 [ 3122.556298][ T731] ? oom_killer_disable+0x2b0/0x2b0 [ 3122.561582][ T731] ? rcu_read_unlock+0x9/0x60 [ 3122.566262][ T731] ? find_held_lock+0x2d/0x110 [ 3122.571026][ T731] mem_cgroup_out_of_memory+0x206/0x270 [ 3122.576582][ T731] ? mem_cgroup_margin+0x130/0x130 [ 3122.581692][ T731] ? lock_downgrade+0x690/0x690 [ 3122.586544][ T731] try_charge_memcg+0xf99/0x13a0 [ 3122.591466][ T731] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3122.597426][ T731] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3122.603132][ T731] ? lock_downgrade+0x690/0x690 [ 3122.607980][ T731] ? lock_downgrade+0x690/0x690 [ 3122.612841][ T731] obj_cgroup_charge+0x2af/0x5e0 [ 3122.617787][ T731] __kmem_cache_alloc_node+0xa3/0x320 [ 3122.623166][ T731] ? __devinet_sysctl_register+0x98/0x280 [ 3122.628899][ T731] ? __devinet_sysctl_register+0x98/0x280 [ 3122.634645][ T731] __kmalloc_node_track_caller+0x4f/0x1a0 [ 3122.640356][ T731] kmemdup+0x2c/0x60 [ 3122.644244][ T731] __devinet_sysctl_register+0x98/0x280 [ 3122.649804][ T731] ? inet_netconf_notify_devconf+0x260/0x260 [ 3122.655785][ T731] ? br_changelink+0x27/0x1660 [ 3122.660544][ T731] ? __rtnl_newlink+0x10c2/0x1840 [ 3122.665560][ T731] ? rtnl_newlink+0x68/0xa0 [ 3122.670055][ T731] ? rtnetlink_rcv_msg+0x43d/0xd50 [ 3122.675160][ T731] ? netlink_rcv_skb+0x165/0x440 [ 3122.680090][ T731] ? netlink_unicast+0x547/0x7f0 [ 3122.685016][ T731] ? netlink_sendmsg+0x925/0xe30 [ 3122.689941][ T731] ? sock_sendmsg+0xde/0x190 [ 3122.694535][ T731] ? ____sys_sendmsg+0x71c/0x900 [ 3122.699471][ T731] ? ___sys_sendmsg+0x110/0x1b0 [ 3122.704314][ T731] devinet_sysctl_register+0x160/0x230 [ 3122.709773][ T731] inetdev_init+0x286/0x580 [ 3122.714273][ T731] inetdev_event+0xe7c/0x1720 [ 3122.718949][ T731] ? devinet_init_net+0x650/0x650 [ 3122.723975][ T731] ? preempt_schedule_notrace_thunk+0x1a/0x20 [ 3122.730045][ T731] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 3122.735956][ T731] notifier_call_chain+0xb6/0x3c0 [ 3122.740981][ T731] call_netdevice_notifiers_info+0xb9/0x130 [ 3122.746878][ T731] register_netdevice+0xfb4/0x1640 [ 3122.751992][ T731] ? unregister_netdevice_queue+0x3c0/0x3c0 [ 3122.757887][ T731] ? validate_linkmsg+0x6e4/0x9c0 [ 3122.762906][ T731] br_dev_newlink+0x27/0x110 [ 3122.767493][ T731] ? br_changelink+0x1660/0x1660 [ 3122.772426][ T731] __rtnl_newlink+0x10c2/0x1840 [ 3122.777274][ T731] ? find_held_lock+0x2d/0x110 [ 3122.782120][ T731] ? rtnl_link_unregister+0x250/0x250 [ 3122.787483][ T731] ? __kmem_cache_alloc_node+0x48/0x320 [ 3122.793036][ T731] ? rtnl_newlink+0x4a/0xa0 [ 3122.797546][ T731] rtnl_newlink+0x68/0xa0 [ 3122.801876][ T731] ? __rtnl_newlink+0x1840/0x1840 [ 3122.806891][ T731] rtnetlink_rcv_msg+0x43d/0xd50 [ 3122.811824][ T731] ? rtnl_stats_set+0x4d0/0x4d0 [ 3122.816665][ T731] ? __dev_queue_xmit+0xa2a/0x3b10 [ 3122.821778][ T731] netlink_rcv_skb+0x165/0x440 [ 3122.826642][ T731] ? rtnl_stats_set+0x4d0/0x4d0 [ 3122.831483][ T731] ? netlink_ack+0x1360/0x1360 [ 3122.836268][ T731] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3122.841549][ T731] netlink_unicast+0x547/0x7f0 [ 3122.846395][ T731] ? netlink_attachskb+0x890/0x890 [ 3122.851495][ T731] ? __virt_addr_valid+0x61/0x2e0 [ 3122.856518][ T731] ? __phys_addr_symbol+0x30/0x70 [ 3122.861629][ T731] ? __check_object_size+0x323/0x730 [ 3122.866908][ T731] netlink_sendmsg+0x925/0xe30 [ 3122.871665][ T731] ? netlink_unicast+0x7f0/0x7f0 [ 3122.876596][ T731] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3122.881869][ T731] ? netlink_unicast+0x7f0/0x7f0 [ 3122.886798][ T731] sock_sendmsg+0xde/0x190 [ 3122.891205][ T731] ____sys_sendmsg+0x71c/0x900 [ 3122.895961][ T731] ? copy_msghdr_from_user+0xfc/0x150 [ 3122.901327][ T731] ? kernel_sendmsg+0x50/0x50 [ 3122.905996][ T731] ? futex_unqueue+0xb7/0x120 [ 3122.910668][ T731] ? futex_wait+0x503/0x680 [ 3122.915163][ T731] ___sys_sendmsg+0x110/0x1b0 [ 3122.919834][ T731] ? do_recvmmsg+0x6f0/0x6f0 [ 3122.924416][ T731] ? __fget_files+0x248/0x480 [ 3122.929095][ T731] ? lock_downgrade+0x690/0x690 [ 3122.933949][ T731] ? __fget_files+0x26a/0x480 [ 3122.938651][ T731] ? __fget_light+0xe5/0x270 [ 3122.943243][ T731] __sys_sendmsg+0xf7/0x1c0 [ 3122.947740][ T731] ? __sys_sendmsg_sock+0x40/0x40 [ 3122.952756][ T731] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3122.958656][ T731] ? syscall_enter_from_user_mode+0x26/0x80 [ 3122.964546][ T731] ? lockdep_hardirqs_on+0x7d/0x100 [ 3122.969748][ T731] do_syscall_64+0x39/0xb0 [ 3122.974161][ T731] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3122.980054][ T731] RIP: 0033:0x7fcdfee8c169 [ 3122.984461][ T731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3123.004060][ T731] RSP: 002b:00007fcdffb69168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3123.012466][ T731] RAX: ffffffffffffffda RBX: 00007fcdfefabf80 RCX: 00007fcdfee8c169 [ 3123.020428][ T731] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3123.028386][ T731] RBP: 00007fcdfeee7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3123.036344][ T731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3123.044301][ T731] R13: 00007ffda41c1e2f R14: 00007fcdffb69300 R15: 0000000000022000 [ 3123.052273][ T731] [ 3123.170663][ T731] memory: usage 307200kB, limit 307200kB, failcnt 39981 [ 3123.183514][ T731] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3123.194495][ T731] Memory cgroup stats for /syz4: [ 3123.198286][ T731] anon 2138112 [ 3123.198286][ T731] file 7716864 [ 3123.198286][ T731] kernel 304717824 [ 3123.198286][ T731] kernel_stack 688128 [ 3123.198286][ T731] pagetables 1171456 [ 3123.198286][ T731] sec_pagetables 0 [ 3123.198286][ T731] percpu 5219168 [ 3123.198286][ T731] sock 0 [ 3123.198286][ T731] vmalloc 8192 [ 3123.198286][ T731] shmem 7716864 [ 3123.198286][ T731] zswap 0 [ 3123.198286][ T731] zswapped 0 [ 3123.198286][ T731] file_mapped 196608 [ 3123.198286][ T731] file_dirty 0 [ 3123.198286][ T731] file_writeback 0 [ 3123.198286][ T731] swapcached 0 [ 3123.198286][ T731] anon_thp 0 [ 3123.198286][ T731] file_thp 0 [ 3123.198286][ T731] shmem_thp 0 [ 3123.198286][ T731] inactive_anon 9596928 [ 3123.198286][ T731] active_anon 258048 [ 3123.198286][ T731] inactive_file 0 [ 3123.198286][ T731] active_file 0 [ 3123.198286][ T731] unevictable 0 [ 3123.198286][ T731] slab_reclaimable 172672 [ 3123.198286][ T731] slab_unreclaimable 297119920 [ 3123.198286][ T731] slab 297292592 [ 3123.198286][ T731] workingset_refault_anon 0 [ 3123.198286][ T731] workingset_refault_file 0 [ 3123.198286][ T731] workingset_activate_anon 0 [ 3123.198286][ T731] workingset_activate_file 0 [ 3123.198286][ T731] workingset_restore_anon 0 [ 3123.198286][ T731] workingset_restore_file 0 [ 3123.198286][ T731] workingset_nodereclaim 0 [ 3123.198286][ T731] pgscan 116 [ 3123.198286][ T731] pgsteal 111 [ 3123.198286][ T731] pgscan_kswapd 99 [ 3123.198286][ T731] pgscan_direct 17 [ 3123.198286][ T731] pgscan_khugepaged 0 [ 3123.198286][ T731] pgsteal_kswapd 97 [ 3123.198286][ T731] pgsteal_direct 14 [ 3123.198286][ T731] pgsteal_khugepaged 0 [ 3123.198286][ T731] pgfault 697193 [ 3123.198286][ T731] pgmajfault 6 [ 3123.198286][ T731] pgrefill 593 [ 3123.198286][ T731] pgactivate 5 [ 3123.198286][ T731] pgdeactivate 0 [ 3123.198286][ T731] pglazyfree 0 [ 3123.198286][ T731] pglazyfreed 0 [ 3123.198286][ T731] zswpin 0 [ 3123.198286][ T731] zswpout 0 [ 3123.492516][ T731] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=729,uid=0 [ 3123.533464][ T731] Memory cgroup out of memory: Killed process 731 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3123.579620][ T1091] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3123.622659][ T1091] CPU: 0 PID: 1091 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3123.632996][ T1091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3123.643047][ T1091] Call Trace: [ 3123.646333][ T1091] [ 3123.649257][ T1091] dump_stack_lvl+0x136/0x150 [ 3123.653940][ T1091] dump_header+0x10a/0xd70 [ 3123.658353][ T1091] oom_kill_process+0x25d/0x600 [ 3123.663198][ T1091] out_of_memory+0x35c/0x1660 [ 3123.667952][ T1091] ? find_held_lock+0x2d/0x110 [ 3123.672717][ T1091] ? oom_killer_disable+0x2b0/0x2b0 [ 3123.677914][ T1091] ? rcu_read_unlock+0x9/0x60 [ 3123.682585][ T1091] ? find_held_lock+0x2d/0x110 [ 3123.687343][ T1091] mem_cgroup_out_of_memory+0x206/0x270 [ 3123.692891][ T1091] ? mem_cgroup_margin+0x130/0x130 [ 3123.698003][ T1091] ? lock_downgrade+0x690/0x690 [ 3123.702856][ T1091] try_charge_memcg+0xf99/0x13a0 [ 3123.707792][ T1091] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3123.713779][ T1091] ? rcu_read_unlock+0x9/0x60 [ 3123.718448][ T1091] ? lock_downgrade+0x690/0x690 [ 3123.723300][ T1091] charge_memcg+0x90/0x3b0 [ 3123.727711][ T1091] __mem_cgroup_charge+0x2b/0x90 [ 3123.732644][ T1091] do_wp_page+0x8ea/0x33c0 [ 3123.737064][ T1091] ? lock_sync+0x190/0x190 [ 3123.741481][ T1091] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3123.746850][ T1091] ? do_raw_spin_lock+0x124/0x2b0 [ 3123.751876][ T1091] ? spin_bug+0x1c0/0x1c0 [ 3123.756207][ T1091] __handle_mm_fault+0x1635/0x41c0 [ 3123.761320][ T1091] ? vm_iomap_memory+0x190/0x190 [ 3123.766248][ T1091] ? mas_walk+0x58f/0x730 [ 3123.770585][ T1091] ? numa_migrate_prep+0x3a0/0x3a0 [ 3123.775689][ T1091] ? do_user_addr_fault+0x367/0x1210 [ 3123.780987][ T1091] handle_mm_fault+0x2af/0x9f0 [ 3123.785837][ T1091] do_user_addr_fault+0x2ca/0x1210 [ 3123.790982][ T1091] ? rcu_is_watching+0x12/0xb0 [ 3123.795748][ T1091] exc_page_fault+0x98/0x170 [ 3123.800341][ T1091] asm_exc_page_fault+0x26/0x30 [ 3123.805189][ T1091] RIP: 0033:0x7f5bd0639610 [ 3123.809603][ T1091] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3123.829205][ T1091] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3123.835284][ T1091] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3123.843262][ T1091] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3123.851217][ T1091] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3123.859179][ T1091] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3123.867142][ T1091] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3123.875107][ T1091] ? __sock_create+0x46/0x850 [ 3123.879795][ T1091] [ 3123.900896][ T1091] memory: usage 307200kB, limit 307200kB, failcnt 27729 [ 3123.923876][ T1091] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3123.970268][ T1091] Memory cgroup stats for /syz2: [ 3123.970414][ T1091] anon 122880 [ 3123.970414][ T1091] file 8388608 [ 3123.970414][ T1091] kernel 306044928 [ 3123.970414][ T1091] kernel_stack 65536 [ 3123.970414][ T1091] pagetables 69632 [ 3123.970414][ T1091] sec_pagetables 0 [ 3123.970414][ T1091] percpu 5294912 [ 3123.970414][ T1091] sock 0 [ 3123.970414][ T1091] vmalloc 16384 [ 3123.970414][ T1091] shmem 8380416 [ 3123.970414][ T1091] zswap 0 [ 3123.970414][ T1091] zswapped 0 [ 3123.970414][ T1091] file_mapped 286720 [ 3123.970414][ T1091] file_dirty 4096 [ 3123.970414][ T1091] file_writeback 0 [ 3123.970414][ T1091] swapcached 0 [ 3123.970414][ T1091] anon_thp 0 [ 3123.970414][ T1091] file_thp 0 [ 3123.970414][ T1091] shmem_thp 0 [ 3123.970414][ T1091] inactive_anon 8417280 [ 3123.970414][ T1091] active_anon 86016 [ 3123.970414][ T1091] inactive_file 4096 [ 3123.970414][ T1091] active_file 4096 [ 3123.970414][ T1091] unevictable 0 [ 3123.970414][ T1091] slab_reclaimable 39288 [ 3123.970414][ T1091] slab_unreclaimable 300526600 [ 3123.970414][ T1091] slab 300565888 [ 3123.970414][ T1091] workingset_refault_anon 0 [ 3123.970414][ T1091] workingset_refault_file 2 [ 3123.970414][ T1091] workingset_activate_anon 0 [ 3123.970414][ T1091] workingset_activate_file 0 [ 3123.970414][ T1091] workingset_restore_anon 0 [ 3123.970414][ T1091] workingset_restore_file 2 [ 3123.970414][ T1091] workingset_nodereclaim 0 [ 3123.970414][ T1091] pgscan 8656 [ 3123.970414][ T1091] pgsteal 122 [ 3123.970414][ T1091] pgscan_kswapd 106 [ 3123.970414][ T1091] pgscan_direct 8550 [ 3123.970414][ T1091] pgscan_khugepaged 0 [ 3123.970414][ T1091] pgsteal_kswapd 97 [ 3123.970414][ T1091] pgsteal_direct 25 [ 3123.970414][ T1091] pgsteal_khugepaged 0 [ 3123.970414][ T1091] pgfault 696273 [ 3123.970414][ T1091] pgmajfault 0 [ 3123.970414][ T1091] pgrefill 33368 [ 3123.970414][ T1091] pgactivate 8534 [ 3123.970414][ T1091] pgdeactivate 0 [ 3123.970414][ T1091] pglazyfree 0 [ 3123.970414][ T1091] pglazyfreed 0 [ 3123.970414][ T1091] zswpin 0 [ 3123.970414][ T1091] zswpout 0 [ 3124.291680][ T1091] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1091,uid=0 [ 3124.321888][ T1091] Memory cgroup out of memory: Killed process 1091 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 15:37:36 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb2030000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:36 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6d470500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x24) 15:37:36 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x3f00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:36 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1700}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3124.501732][ T1095] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:36 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:36 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3124.657155][ T1101] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3124.749921][ T1101] CPU: 1 PID: 1101 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3124.760271][ T1101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3124.770328][ T1101] Call Trace: [ 3124.773606][ T1101] [ 3124.776536][ T1101] dump_stack_lvl+0x136/0x150 [ 3124.780413][ T1102] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3124.781211][ T1101] dump_header+0x10a/0xd70 [ 3124.781237][ T1101] oom_kill_process+0x25d/0x600 15:37:36 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3124.781258][ T1101] out_of_memory+0x35c/0x1660 [ 3124.804594][ T1101] ? find_held_lock+0x2d/0x110 [ 3124.809358][ T1101] ? oom_killer_disable+0x2b0/0x2b0 [ 3124.814558][ T1101] ? rcu_read_unlock+0x9/0x60 [ 3124.819238][ T1101] ? find_held_lock+0x2d/0x110 [ 3124.824000][ T1101] mem_cgroup_out_of_memory+0x206/0x270 [ 3124.829550][ T1101] ? mem_cgroup_margin+0x130/0x130 [ 3124.834669][ T1101] ? lock_downgrade+0x690/0x690 [ 3124.839540][ T1101] try_charge_memcg+0xf99/0x13a0 [ 3124.844499][ T1101] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3124.850494][ T1101] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3124.856218][ T1101] ? lock_downgrade+0x690/0x690 [ 3124.861071][ T1101] ? lock_downgrade+0x690/0x690 [ 3124.865930][ T1101] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3124.871477][ T1101] __alloc_pages+0x1f3/0x4a0 [ 3124.876077][ T1101] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3124.882851][ T1101] ? __lock_acquire+0xc17/0x5f30 [ 3124.886248][ T1112] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3124.887791][ T1101] ? find_held_lock+0x2d/0x110 [ 3124.887817][ T1101] alloc_pages+0x1aa/0x270 [ 3124.906249][ T1101] __pmd_alloc+0x3f/0x5d0 [ 3124.910581][ T1101] __handle_mm_fault+0x93e/0x41c0 [ 3124.915605][ T1101] ? mt_find+0x3b9/0xa60 [ 3124.919847][ T1101] ? vm_iomap_memory+0x190/0x190 [ 3124.924780][ T1101] ? mas_find+0x200/0x200 [ 3124.929188][ T1101] handle_mm_fault+0x2af/0x9f0 [ 3124.933954][ T1101] do_user_addr_fault+0x51a/0x1210 [ 3124.939074][ T1101] exc_page_fault+0x98/0x170 [ 3124.943660][ T1101] asm_exc_page_fault+0x26/0x30 [ 3124.948507][ T1101] RIP: 0033:0x7fcdfee86cc5 [ 3124.952916][ T1101] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3124.972518][ T1101] RSP: 002b:00007ffda41c1ea8 EFLAGS: 00010202 [ 3124.978582][ T1101] RAX: 00000000200003c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3124.986552][ T1101] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200003c0 [ 3124.994517][ T1101] RBP: 00007ffda41c1f68 R08: 00007fcdfee00000 R09: 00007fcdfea00000 [ 3125.002486][ T1101] R10: 00007fcdfea000c8 R11: 0000000000000246 R12: 00000000002fad79 [ 3125.010454][ T1101] R13: 00007ffda41c1f90 R14: 00007fcdfefabf80 R15: 0000000000000032 [ 3125.018433][ T1101] 15:37:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x48) 15:37:37 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3125.114792][ T1101] memory: usage 307180kB, limit 307200kB, failcnt 40117 [ 3125.121873][ T1101] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3125.165328][ T1101] Memory cgroup stats for /syz4: [ 3125.165488][ T1101] anon 2125824 [ 3125.165488][ T1101] file 7716864 [ 3125.165488][ T1101] kernel 304709632 [ 3125.165488][ T1101] kernel_stack 688128 [ 3125.165488][ T1101] pagetables 1163264 [ 3125.165488][ T1101] sec_pagetables 0 [ 3125.165488][ T1101] percpu 5219232 [ 3125.165488][ T1101] sock 0 [ 3125.165488][ T1101] vmalloc 8192 [ 3125.165488][ T1101] shmem 7716864 [ 3125.165488][ T1101] zswap 0 [ 3125.165488][ T1101] zswapped 0 [ 3125.165488][ T1101] file_mapped 196608 [ 3125.165488][ T1101] file_dirty 0 [ 3125.165488][ T1101] file_writeback 0 [ 3125.165488][ T1101] swapcached 0 [ 3125.165488][ T1101] anon_thp 0 [ 3125.165488][ T1101] file_thp 0 [ 3125.165488][ T1101] shmem_thp 0 [ 3125.165488][ T1101] inactive_anon 9596928 [ 3125.165488][ T1101] active_anon 245760 [ 3125.165488][ T1101] inactive_file 0 [ 3125.165488][ T1101] active_file 0 [ 3125.165488][ T1101] unevictable 0 [ 3125.165488][ T1101] slab_reclaimable 172672 [ 3125.165488][ T1101] slab_unreclaimable 297115864 [ 3125.165488][ T1101] slab 297288536 [ 3125.165488][ T1101] workingset_refault_anon 0 [ 3125.165488][ T1101] workingset_refault_file 0 [ 3125.165488][ T1101] workingset_activate_anon 0 [ 3125.165488][ T1101] workingset_activate_file 0 [ 3125.165488][ T1101] workingset_restore_anon 0 [ 3125.165488][ T1101] workingset_restore_file 0 [ 3125.165488][ T1101] workingset_nodereclaim 0 [ 3125.165488][ T1101] pgscan 116 [ 3125.165488][ T1101] pgsteal 111 [ 3125.165488][ T1101] pgscan_kswapd 99 [ 3125.165488][ T1101] pgscan_direct 17 [ 3125.165488][ T1101] pgscan_khugepaged 0 [ 3125.165488][ T1101] pgsteal_kswapd 97 15:37:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6d470500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3125.165488][ T1101] pgsteal_direct 14 [ 3125.165488][ T1101] pgsteal_khugepaged 0 [ 3125.165488][ T1101] pgfault 697253 [ 3125.165488][ T1101] pgmajfault 6 [ 3125.165488][ T1101] pgrefill 593 [ 3125.165488][ T1101] pgactivate 5 [ 3125.165488][ T1101] pgdeactivate 0 [ 3125.165488][ T1101] pglazyfree 0 [ 3125.165488][ T1101] pglazyfreed 0 [ 3125.165488][ T1101] zswpin 0 [ 3125.165488][ T1101] zswpout 0 [ 3125.225815][ T1225] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3125.543112][ T1101] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=1101,uid=0 [ 3125.593634][ T1101] Memory cgroup out of memory: Killed process 1101 (syz-executor.4) total-vm:54548kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3125.653868][ T1262] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3125.660725][ T1098] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3125.713772][ T1098] CPU: 0 PID: 1098 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3125.724124][ T1098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3125.734183][ T1098] Call Trace: [ 3125.737463][ T1098] [ 3125.740389][ T1098] dump_stack_lvl+0x136/0x150 [ 3125.745085][ T1098] dump_header+0x10a/0xd70 [ 3125.749504][ T1098] oom_kill_process+0x25d/0x600 [ 3125.754353][ T1098] out_of_memory+0x35c/0x1660 [ 3125.759041][ T1098] ? find_held_lock+0x2d/0x110 [ 3125.763811][ T1098] ? oom_killer_disable+0x2b0/0x2b0 [ 3125.769013][ T1098] ? rcu_read_unlock+0x9/0x60 [ 3125.773702][ T1098] ? find_held_lock+0x2d/0x110 [ 3125.778489][ T1098] mem_cgroup_out_of_memory+0x206/0x270 [ 3125.784043][ T1098] ? mem_cgroup_margin+0x130/0x130 [ 3125.789162][ T1098] ? lock_downgrade+0x690/0x690 [ 3125.794032][ T1098] try_charge_memcg+0xf99/0x13a0 [ 3125.798986][ T1098] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3125.804981][ T1098] ? rcu_read_unlock+0x9/0x60 [ 3125.809661][ T1098] ? lock_downgrade+0x690/0x690 [ 3125.814517][ T1098] charge_memcg+0x90/0x3b0 [ 3125.818957][ T1098] __mem_cgroup_charge+0x2b/0x90 [ 3125.823890][ T1098] do_wp_page+0x8ea/0x33c0 [ 3125.828478][ T1098] ? lock_sync+0x190/0x190 [ 3125.832893][ T1098] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3125.838258][ T1098] ? do_raw_spin_lock+0x124/0x2b0 [ 3125.843284][ T1098] ? spin_bug+0x1c0/0x1c0 [ 3125.847614][ T1098] __handle_mm_fault+0x1635/0x41c0 [ 3125.852722][ T1098] ? vm_iomap_memory+0x190/0x190 [ 3125.857651][ T1098] ? mas_walk+0x58f/0x730 [ 3125.861985][ T1098] ? numa_migrate_prep+0x3a0/0x3a0 [ 3125.867088][ T1098] ? do_user_addr_fault+0x367/0x1210 [ 3125.872385][ T1098] handle_mm_fault+0x2af/0x9f0 [ 3125.877145][ T1098] do_user_addr_fault+0x2ca/0x1210 [ 3125.882256][ T1098] ? rcu_is_watching+0x12/0xb0 [ 3125.887021][ T1098] exc_page_fault+0x98/0x170 [ 3125.891607][ T1098] asm_exc_page_fault+0x26/0x30 [ 3125.896455][ T1098] RIP: 0033:0x7f5bd0639610 [ 3125.900863][ T1098] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3125.920545][ T1098] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3125.926605][ T1098] RAX: 00000000899363ac RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3125.934577][ T1098] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000c826fe4 [ 3125.942565][ T1098] RBP: 00000000899363ac R08: 00000000000003ac R09: 00000000899363b0 [ 3125.950525][ T1098] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3125.958508][ T1098] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff8804dd36 [ 3125.966475][ T1098] ? __sock_create+0x46/0x850 [ 3125.971153][ T1098] 15:37:37 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb2940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:37 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3126.062990][ T1098] memory: usage 307200kB, limit 307200kB, failcnt 27805 [ 3126.091153][ T1098] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:37:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x4a) [ 3126.121963][ T1098] Memory cgroup stats for /syz2: [ 3126.122124][ T1098] anon 122880 [ 3126.122124][ T1098] file 8388608 [ 3126.122124][ T1098] kernel 306061312 [ 3126.122124][ T1098] kernel_stack 65536 [ 3126.122124][ T1098] pagetables 69632 [ 3126.122124][ T1098] sec_pagetables 0 [ 3126.122124][ T1098] percpu 5294976 [ 3126.122124][ T1098] sock 0 [ 3126.122124][ T1098] vmalloc 16384 [ 3126.122124][ T1098] shmem 8380416 [ 3126.122124][ T1098] zswap 0 [ 3126.122124][ T1098] zswapped 0 [ 3126.122124][ T1098] file_mapped 286720 [ 3126.122124][ T1098] file_dirty 4096 [ 3126.122124][ T1098] file_writeback 0 [ 3126.122124][ T1098] swapcached 0 [ 3126.122124][ T1098] anon_thp 0 [ 3126.122124][ T1098] file_thp 0 [ 3126.122124][ T1098] shmem_thp 0 [ 3126.122124][ T1098] inactive_anon 8417280 [ 3126.122124][ T1098] active_anon 86016 [ 3126.122124][ T1098] inactive_file 4096 [ 3126.122124][ T1098] active_file 4096 [ 3126.122124][ T1098] unevictable 0 [ 3126.122124][ T1098] slab_reclaimable 39288 [ 3126.122124][ T1098] slab_unreclaimable 300535960 [ 3126.122124][ T1098] slab 300575248 [ 3126.122124][ T1098] workingset_refault_anon 0 [ 3126.122124][ T1098] workingset_refault_file 2 [ 3126.122124][ T1098] workingset_activate_anon 0 [ 3126.122124][ T1098] workingset_activate_file 0 [ 3126.122124][ T1098] workingset_restore_anon 0 [ 3126.122124][ T1098] workingset_restore_file 2 [ 3126.122124][ T1098] workingset_nodereclaim 0 [ 3126.122124][ T1098] pgscan 8690 [ 3126.122124][ T1098] pgsteal 122 [ 3126.122124][ T1098] pgscan_kswapd 106 [ 3126.122124][ T1098] pgscan_direct 8584 [ 3126.122124][ T1098] pgscan_khugepaged 0 [ 3126.122124][ T1098] pgsteal_kswapd 97 [ 3126.122124][ T1098] pgsteal_direct 25 [ 3126.122124][ T1098] pgsteal_khugepaged 0 [ 3126.122124][ T1098] pgfault 696321 [ 3126.122124][ T1098] pgmajfault 0 [ 3126.122124][ T1098] pgrefill 33436 [ 3126.122124][ T1098] pgactivate 8568 [ 3126.122124][ T1098] pgdeactivate 0 [ 3126.122124][ T1098] pglazyfree 0 [ 3126.122124][ T1098] pglazyfreed 0 [ 3126.122124][ T1098] zswpin 0 [ 3126.122124][ T1098] zswpout 0 [ 3126.236625][ T1338] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:38 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3126.492757][ T1098] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1098,uid=0 [ 3126.551922][ T1098] Memory cgroup out of memory: Killed process 1098 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3126.642741][ T1097] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3126.659691][ T1097] CPU: 0 PID: 1097 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3126.670121][ T1097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3126.680172][ T1097] Call Trace: [ 3126.683448][ T1097] [ 3126.686374][ T1097] dump_stack_lvl+0x136/0x150 [ 3126.691067][ T1097] dump_header+0x10a/0xd70 [ 3126.695494][ T1097] oom_kill_process+0x25d/0x600 [ 3126.700342][ T1097] out_of_memory+0x35c/0x1660 [ 3126.705019][ T1097] ? find_held_lock+0x2d/0x110 [ 3126.709787][ T1097] ? oom_killer_disable+0x2b0/0x2b0 [ 3126.714985][ T1097] ? rcu_read_unlock+0x9/0x60 [ 3126.719674][ T1097] ? find_held_lock+0x2d/0x110 [ 3126.724540][ T1097] mem_cgroup_out_of_memory+0x206/0x270 [ 3126.730099][ T1097] ? mem_cgroup_margin+0x130/0x130 [ 3126.735215][ T1097] ? lock_downgrade+0x690/0x690 [ 3126.740077][ T1097] try_charge_memcg+0xf99/0x13a0 [ 3126.745029][ T1097] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3126.751027][ T1097] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3126.756751][ T1097] ? lock_downgrade+0x690/0x690 [ 3126.761604][ T1097] ? lock_downgrade+0x690/0x690 [ 3126.766447][ T1097] ? rcu_read_unlock+0x9/0x60 [ 3126.771217][ T1097] obj_cgroup_charge+0x2af/0x5e0 [ 3126.776165][ T1097] ? copy_process+0x3c0/0x75c0 [ 3126.780930][ T1097] kmem_cache_alloc_node+0xa8/0x3e0 [ 3126.786150][ T1097] copy_process+0x3c0/0x75c0 [ 3126.790771][ T1097] ? pidfd_prepare+0x80/0x80 [ 3126.795369][ T1097] ? lock_downgrade+0x690/0x690 [ 3126.800223][ T1097] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3126.806208][ T1097] ? folio_add_lru+0x47f/0x7c0 [ 3126.810975][ T1097] kernel_clone+0xeb/0x890 [ 3126.815389][ T1097] ? create_io_thread+0xe0/0xe0 [ 3126.820247][ T1097] ? find_held_lock+0x2d/0x110 [ 3126.825016][ T1097] ? find_held_lock+0x2d/0x110 [ 3126.829785][ T1097] __do_sys_clone+0xba/0x100 [ 3126.834373][ T1097] ? kernel_clone+0x890/0x890 [ 3126.839053][ T1097] ? syscall_enter_from_user_mode+0x26/0x80 [ 3126.844959][ T1097] do_syscall_64+0x39/0xb0 [ 3126.849385][ T1097] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3126.855285][ T1097] RIP: 0033:0x7f5d2ac8d591 [ 3126.859693][ T1097] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3126.879296][ T1097] RSP: 002b:00007ffc24e00338 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3126.887703][ T1097] RAX: ffffffffffffffda RBX: 00007f5d2b9ec700 RCX: 00007f5d2ac8d591 [ 3126.895680][ T1097] RDX: 00007f5d2b9ec9d0 RSI: 00007f5d2b9ec2f0 RDI: 00000000003d0f00 [ 3126.903645][ T1097] RBP: 00007ffc24e00580 R08: 00007f5d2b9ec700 R09: 00007f5d2b9ec700 [ 3126.911604][ T1097] R10: 00007f5d2b9ec9d0 R11: 0000000000000206 R12: 00007ffc24e003ee [ 3126.919565][ T1097] R13: 00007ffc24e003ef R14: 00007f5d2b9ec300 R15: 0000000000022000 [ 3126.927544][ T1097] [ 3126.933184][ T1097] memory: usage 307196kB, limit 307200kB, failcnt 28327 [ 3126.964070][ T1097] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3126.982891][ T1097] Memory cgroup stats for /syz1: [ 3126.983141][ T1097] anon 442368 [ 3126.983141][ T1097] file 262144 [ 3126.983141][ T1097] kernel 313864192 [ 3126.983141][ T1097] kernel_stack 163840 [ 3126.983141][ T1097] pagetables 258048 [ 3126.983141][ T1097] sec_pagetables 0 [ 3126.983141][ T1097] percpu 5421792 [ 3126.983141][ T1097] sock 0 [ 3126.983141][ T1097] vmalloc 0 [ 3126.983141][ T1097] shmem 258048 [ 3126.983141][ T1097] zswap 0 [ 3126.983141][ T1097] zswapped 0 [ 3126.983141][ T1097] file_mapped 241664 [ 3126.983141][ T1097] file_dirty 0 [ 3126.983141][ T1097] file_writeback 0 [ 3126.983141][ T1097] swapcached 0 [ 3126.983141][ T1097] anon_thp 0 [ 3126.983141][ T1097] file_thp 0 [ 3126.983141][ T1097] shmem_thp 0 [ 3126.983141][ T1097] inactive_anon 0 [ 3126.983141][ T1097] active_anon 700416 [ 3126.983141][ T1097] inactive_file 4096 [ 3126.983141][ T1097] active_file 0 [ 3126.983141][ T1097] unevictable 0 [ 3126.983141][ T1097] slab_reclaimable 34328 [ 3126.983141][ T1097] slab_unreclaimable 307901752 [ 3126.983141][ T1097] slab 307936080 [ 3126.983141][ T1097] workingset_refault_anon 0 [ 3126.983141][ T1097] workingset_refault_file 2 [ 3126.983141][ T1097] workingset_activate_anon 0 [ 3126.983141][ T1097] workingset_activate_file 0 [ 3126.983141][ T1097] workingset_restore_anon 0 [ 3126.983141][ T1097] workingset_restore_file 2 [ 3126.983141][ T1097] workingset_nodereclaim 0 [ 3126.983141][ T1097] pgscan 4873 [ 3126.983141][ T1097] pgsteal 107 [ 3126.983141][ T1097] pgscan_kswapd 92 [ 3126.983141][ T1097] pgscan_direct 4781 [ 3126.983141][ T1097] pgscan_khugepaged 0 [ 3126.983141][ T1097] pgsteal_kswapd 88 [ 3126.983141][ T1097] pgsteal_direct 19 [ 3126.983141][ T1097] pgsteal_khugepaged 0 [ 3126.983141][ T1097] pgfault 568812 [ 3126.983141][ T1097] pgmajfault 2 [ 3126.983141][ T1097] pgrefill 17077 [ 3126.983141][ T1097] pgactivate 4766 [ 3126.983141][ T1097] pgdeactivate 0 [ 3126.983141][ T1097] pglazyfree 0 [ 3126.983141][ T1097] pglazyfreed 0 [ 3126.983141][ T1097] zswpin 0 [ 3126.983141][ T1097] zswpout 0 [ 3127.244279][ T1097] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=1097,uid=0 [ 3127.281936][ T1097] Memory cgroup out of memory: Killed process 1097 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 15:37:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x4000}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5949d}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:39 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1800}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:39 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x4c) [ 3127.422780][ T1367] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3127.485154][ T1446] syz-executor.2 invoked oom-killer: gfp_mask=0xdc0(GFP_KERNEL|__GFP_ZERO), order=0, oom_score_adj=1000 15:37:39 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="82", 0x1}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3127.632808][ T1446] CPU: 1 PID: 1446 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3127.643180][ T1446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3127.653240][ T1446] Call Trace: [ 3127.656516][ T1446] [ 3127.659444][ T1446] dump_stack_lvl+0x136/0x150 [ 3127.664141][ T1446] dump_header+0x10a/0xd70 [ 3127.668569][ T1446] oom_kill_process+0x25d/0x600 [ 3127.673428][ T1446] out_of_memory+0x35c/0x1660 [ 3127.678119][ T1446] ? find_held_lock+0x2d/0x110 [ 3127.682900][ T1446] ? oom_killer_disable+0x2b0/0x2b0 [ 3127.688101][ T1446] ? rcu_read_unlock+0x9/0x60 [ 3127.692781][ T1446] ? find_held_lock+0x2d/0x110 [ 3127.697550][ T1446] mem_cgroup_out_of_memory+0x206/0x270 [ 3127.703101][ T1446] ? mem_cgroup_margin+0x130/0x130 [ 3127.708217][ T1446] ? lock_downgrade+0x690/0x690 [ 3127.713082][ T1446] try_charge_memcg+0xf99/0x13a0 [ 3127.718034][ T1446] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3127.724029][ T1446] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3127.729760][ T1446] ? lock_downgrade+0x690/0x690 [ 3127.730291][ T1367] warn_alloc: 1 callbacks suppressed [ 3127.730302][ T1367] syz-executor.4: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0x404dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null) [ 3127.734607][ T1446] ? lock_downgrade+0x690/0x690 [ 3127.734634][ T1446] ? rcu_read_unlock+0x9/0x60 [ 3127.734662][ T1446] obj_cgroup_charge+0x2af/0x5e0 [ 3127.734695][ T1446] ? __alloc_file+0x21/0x270 [ 3127.734714][ T1446] kmem_cache_alloc+0xb1/0x3b0 [ 3127.734738][ T1446] ? d_instantiate+0x79/0xa0 [ 3127.734759][ T1446] __alloc_file+0x21/0x270 [ 3127.734778][ T1446] alloc_empty_file+0x71/0x190 [ 3127.734798][ T1446] alloc_file+0x5e/0x800 [ 3127.734820][ T1446] alloc_file_pseudo+0x169/0x250 [ 3127.734840][ T1446] ? alloc_file+0x800/0x800 [ 3127.734857][ T1446] ? do_raw_spin_unlock+0x175/0x230 [ 3127.734882][ T1446] ? _raw_spin_unlock+0x28/0x40 [ 3127.734905][ T1446] ? alloc_fd+0x2e4/0x750 [ 3127.734930][ T1446] sock_alloc_file+0x53/0x190 [ 3127.734948][ T1446] __sys_socket+0x1a8/0x250 [ 3127.734968][ T1446] ? __sys_socket_file+0x1d0/0x1d0 [ 3127.734995][ T1446] __x64_sys_socket+0x73/0xb0 [ 3127.735013][ T1446] do_syscall_64+0x39/0xb0 [ 3127.735041][ T1446] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3127.735078][ T1446] RIP: 0033:0x7f5bd068c169 [ 3127.735093][ T1446] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3127.735109][ T1446] RSP: 002b:00007f5bd1304168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 3127.735127][ T1446] RAX: ffffffffffffffda RBX: 00007f5bd07abf80 RCX: 00007f5bd068c169 [ 3127.735140][ T1446] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 3127.735151][ T1446] RBP: 00007f5bd06e7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3127.735162][ T1446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3127.735172][ T1446] R13: 00007fffe74b16ff R14: 00007f5bd1304300 R15: 0000000000022000 [ 3127.735194][ T1446] [ 3127.991117][ T1367] ,cpuset=syz4,mems_allowed=0-1 [ 3128.001470][ T1367] CPU: 1 PID: 1367 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3128.011794][ T1367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3128.021874][ T1367] Call Trace: [ 3128.025144][ T1367] [ 3128.028072][ T1367] dump_stack_lvl+0x136/0x150 [ 3128.032761][ T1367] warn_alloc+0x213/0x360 [ 3128.037096][ T1367] ? zone_watermark_ok_safe+0x2e0/0x2e0 15:37:39 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="82", 0x1}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3128.042651][ T1367] ? find_held_lock+0x2d/0x110 [ 3128.047417][ T1367] ? lock_downgrade+0x690/0x690 [ 3128.052276][ T1367] ? mark_held_locks+0x9f/0xe0 [ 3128.057050][ T1367] __vmalloc_node_range+0x1021/0x14a0 [ 3128.062437][ T1367] ? alloc_netdev_mqs+0x9c/0x1250 [ 3128.067472][ T1367] ? delayed_vfree_work+0x70/0x70 [ 3128.072498][ T1367] ? __kmem_cache_alloc_node+0xb4/0x320 [ 3128.078068][ T1367] ? kvmalloc_node+0x76/0x1a0 [ 3128.082755][ T1367] ? rcu_is_watching+0x12/0xb0 [ 3128.087516][ T1367] ? alloc_netdev_mqs+0x9c/0x1250 [ 3128.092537][ T1367] kvmalloc_node+0x156/0x1a0 [ 3128.097129][ T1367] ? alloc_netdev_mqs+0x9c/0x1250 [ 3128.102151][ T1367] alloc_netdev_mqs+0x9c/0x1250 [ 3128.107002][ T1367] ? security_capable+0x93/0xc0 [ 3128.111844][ T1367] ? br_netpoll_disable+0x60/0x60 [ 3128.116859][ T1367] rtnl_create_link+0xc17/0xf20 [ 3128.121698][ T1367] __rtnl_newlink+0xfd4/0x1840 [ 3128.126459][ T1367] ? find_held_lock+0x2d/0x110 [ 3128.131218][ T1367] ? rtnl_link_unregister+0x250/0x250 [ 3128.136584][ T1367] ? __kmem_cache_alloc_node+0x48/0x320 [ 3128.142133][ T1367] ? rtnl_newlink+0x4a/0xa0 [ 3128.146631][ T1367] rtnl_newlink+0x68/0xa0 [ 3128.150949][ T1367] ? __rtnl_newlink+0x1840/0x1840 [ 3128.155965][ T1367] rtnetlink_rcv_msg+0x43d/0xd50 [ 3128.160894][ T1367] ? rtnl_stats_set+0x4d0/0x4d0 [ 3128.165753][ T1367] ? __dev_queue_xmit+0xa2a/0x3b10 [ 3128.170864][ T1367] netlink_rcv_skb+0x165/0x440 [ 3128.175619][ T1367] ? rtnl_stats_set+0x4d0/0x4d0 [ 3128.180461][ T1367] ? netlink_ack+0x1360/0x1360 [ 3128.185224][ T1367] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3128.190514][ T1367] netlink_unicast+0x547/0x7f0 [ 3128.195283][ T1367] ? netlink_attachskb+0x890/0x890 [ 3128.200385][ T1367] ? __virt_addr_valid+0x61/0x2e0 [ 3128.205409][ T1367] ? __phys_addr_symbol+0x30/0x70 [ 3128.210429][ T1367] ? __check_object_size+0x323/0x730 [ 3128.215707][ T1367] netlink_sendmsg+0x925/0xe30 [ 3128.220464][ T1367] ? netlink_unicast+0x7f0/0x7f0 [ 3128.225481][ T1367] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3128.230760][ T1367] ? netlink_unicast+0x7f0/0x7f0 [ 3128.235688][ T1367] sock_sendmsg+0xde/0x190 [ 3128.240095][ T1367] ____sys_sendmsg+0x71c/0x900 [ 3128.244851][ T1367] ? copy_msghdr_from_user+0xfc/0x150 [ 3128.250220][ T1367] ? kernel_sendmsg+0x50/0x50 [ 3128.254889][ T1367] ? futex_unqueue+0xb7/0x120 [ 3128.259557][ T1367] ? futex_wait+0x503/0x680 [ 3128.264065][ T1367] ___sys_sendmsg+0x110/0x1b0 [ 3128.268735][ T1367] ? do_recvmmsg+0x6f0/0x6f0 [ 3128.273317][ T1367] ? __fget_files+0x248/0x480 [ 3128.277993][ T1367] ? lock_downgrade+0x690/0x690 [ 3128.282849][ T1367] ? __fget_files+0x26a/0x480 [ 3128.287532][ T1367] ? __fget_light+0xe5/0x270 [ 3128.292124][ T1367] __sys_sendmsg+0xf7/0x1c0 [ 3128.296617][ T1367] ? __sys_sendmsg_sock+0x40/0x40 [ 3128.301636][ T1367] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3128.307539][ T1367] ? syscall_enter_from_user_mode+0x26/0x80 [ 3128.313425][ T1367] ? lockdep_hardirqs_on+0x7d/0x100 [ 3128.318618][ T1367] do_syscall_64+0x39/0xb0 [ 3128.323036][ T1367] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3128.328935][ T1367] RIP: 0033:0x7fcdfee8c169 [ 3128.333340][ T1367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3128.352936][ T1367] RSP: 002b:00007fcdffb69168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3128.361339][ T1367] RAX: ffffffffffffffda RBX: 00007fcdfefabf80 RCX: 00007fcdfee8c169 [ 3128.369321][ T1367] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3128.377299][ T1367] RBP: 00007fcdfeee7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3128.385257][ T1367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3128.393212][ T1367] R13: 00007ffda41c1e2f R14: 00007fcdffb69300 R15: 0000000000022000 [ 3128.401182][ T1367] [ 3128.404331][ T1446] memory: usage 307188kB, limit 307200kB, failcnt 27895 [ 3128.413068][ T1446] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3128.432410][ T1446] Memory cgroup stats for /syz2: [ 3128.432579][ T1446] anon 110592 [ 3128.432579][ T1446] file 8388608 [ 3128.432579][ T1446] kernel 306061312 [ 3128.432579][ T1446] kernel_stack 65536 [ 3128.432579][ T1446] pagetables 69632 [ 3128.432579][ T1446] sec_pagetables 0 [ 3128.432579][ T1446] percpu 5294976 [ 3128.432579][ T1446] sock 0 [ 3128.432579][ T1446] vmalloc 16384 [ 3128.432579][ T1446] shmem 8380416 [ 3128.432579][ T1446] zswap 0 [ 3128.432579][ T1446] zswapped 0 [ 3128.432579][ T1446] file_mapped 286720 [ 3128.432579][ T1446] file_dirty 8192 [ 3128.432579][ T1446] file_writeback 0 [ 3128.432579][ T1446] swapcached 0 [ 3128.432579][ T1446] anon_thp 0 [ 3128.432579][ T1446] file_thp 0 [ 3128.432579][ T1446] shmem_thp 0 [ 3128.432579][ T1446] inactive_anon 8437760 [ 3128.432579][ T1446] active_anon 53248 [ 3128.432579][ T1446] inactive_file 8192 [ 3128.432579][ T1446] active_file 0 [ 3128.432579][ T1446] unevictable 0 [ 3128.432579][ T1446] slab_reclaimable 39288 [ 3128.432579][ T1446] slab_unreclaimable 300535312 [ 3128.432579][ T1446] slab 300574600 [ 3128.432579][ T1446] workingset_refault_anon 0 [ 3128.432579][ T1446] workingset_refault_file 2 [ 3128.432579][ T1446] workingset_activate_anon 0 [ 3128.432579][ T1446] workingset_activate_file 0 [ 3128.432579][ T1446] workingset_restore_anon 0 [ 3128.432579][ T1446] workingset_restore_file 2 [ 3128.432579][ T1446] workingset_nodereclaim 0 [ 3128.432579][ T1446] pgscan 8697 [ 3128.432579][ T1446] pgsteal 122 [ 3128.432579][ T1446] pgscan_kswapd 106 [ 3128.432579][ T1446] pgscan_direct 8591 [ 3128.432579][ T1446] pgscan_khugepaged 0 [ 3128.432579][ T1446] pgsteal_kswapd 97 [ 3128.432579][ T1446] pgsteal_direct 25 [ 3128.432579][ T1446] pgsteal_khugepaged 0 [ 3128.432579][ T1446] pgfault 696365 [ 3128.432579][ T1446] pgmajfault 0 [ 3128.432579][ T1446] pgrefill 33573 [ 3128.432579][ T1446] pgactivate 8575 [ 3128.432579][ T1446] pgdeactivate 0 [ 3128.432579][ T1446] pglazyfree 0 [ 3128.432579][ T1446] pglazyfreed 0 [ 3128.432579][ T1446] zswpin 0 [ 3128.432579][ T1446] zswpout 0 [ 3128.540491][ T1367] Mem-Info: 15:37:40 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="82", 0x1}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3128.728126][ T1367] active_anon:189530 inactive_anon:31579 isolated_anon:0 [ 3128.728126][ T1367] active_file:7513 inactive_file:1426 isolated_file:0 [ 3128.728126][ T1367] unevictable:768 dirty:33 writeback:0 [ 3128.728126][ T1367] slab_reclaimable:23940 slab_unreclaimable:613438 [ 3128.728126][ T1367] mapped:19968 shmem:27266 pagetables:2150 [ 3128.728126][ T1367] sec_pagetables:0 bounce:0 [ 3128.728126][ T1367] kernel_misc_reclaimable:0 [ 3128.728126][ T1367] free:660805 free_pcp:13305 free_cma:0 [ 3128.770590][ T1446] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1445,uid=0 [ 3128.829766][ T1367] Node 0 active_anon:753896kB inactive_anon:126084kB active_file:28796kB inactive_file:484kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:79872kB dirty:112kB writeback:0kB shmem:105248kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 49152kB writeback_tmp:0kB kernel_stack:11632kB pagetables:7724kB sec_pagetables:0kB all_unreclaimable? no [ 3128.841646][ T1446] Memory cgroup out of memory: Killed process 1445 (syz-executor.2) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3128.933698][ T1367] Node 1 active_anon:4224kB inactive_anon:232kB active_file:1256kB inactive_file:5220kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:20kB writeback:0kB shmem:3816kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:952kB pagetables:776kB sec_pagetables:0kB all_unreclaimable? no [ 3128.968719][ T1367] Node 0 DMA free:10708kB boost:0kB min:200kB low:248kB high:296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:64kB free_cma:0kB [ 3129.025320][ T1444] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3129.025349][ T1444] CPU: 1 PID: 1444 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3129.025367][ T1444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3129.025377][ T1444] Call Trace: [ 3129.025382][ T1444] [ 3129.025389][ T1444] dump_stack_lvl+0x136/0x150 [ 3129.025419][ T1444] dump_header+0x10a/0xd70 [ 3129.025440][ T1444] oom_kill_process+0x25d/0x600 [ 3129.025458][ T1444] out_of_memory+0x35c/0x1660 [ 3129.025477][ T1444] ? find_held_lock+0x2d/0x110 [ 3129.025497][ T1444] ? oom_killer_disable+0x2b0/0x2b0 [ 3129.025514][ T1444] ? rcu_read_unlock+0x9/0x60 [ 3129.025534][ T1444] ? find_held_lock+0x2d/0x110 [ 3129.025555][ T1444] mem_cgroup_out_of_memory+0x206/0x270 [ 3129.025578][ T1444] ? mem_cgroup_margin+0x130/0x130 [ 3129.025605][ T1444] ? lock_downgrade+0x690/0x690 [ 3129.025636][ T1444] try_charge_memcg+0xf99/0x13a0 [ 3129.025666][ T1444] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3129.025696][ T1444] ? rcu_read_unlock+0x9/0x60 [ 3129.025714][ T1444] ? lock_downgrade+0x690/0x690 [ 3129.025743][ T1444] charge_memcg+0x90/0x3b0 [ 3129.025770][ T1444] __mem_cgroup_charge+0x2b/0x90 [ 3129.025786][ T1444] do_wp_page+0x8ea/0x33c0 [ 3129.025807][ T1444] ? lock_sync+0x190/0x190 [ 3129.025828][ T1444] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3129.025845][ T1444] ? do_raw_spin_lock+0x124/0x2b0 [ 3129.025869][ T1444] ? spin_bug+0x1c0/0x1c0 [ 3129.025898][ T1444] __handle_mm_fault+0x1635/0x41c0 [ 3129.025920][ T1444] ? vm_iomap_memory+0x190/0x190 [ 3129.025941][ T1444] ? mas_walk+0x58f/0x730 [ 3129.025969][ T1444] ? numa_migrate_prep+0x3a0/0x3a0 [ 3129.025985][ T1444] ? do_user_addr_fault+0x367/0x1210 [ 3129.026010][ T1444] handle_mm_fault+0x2af/0x9f0 [ 3129.026032][ T1444] do_user_addr_fault+0x2ca/0x1210 [ 3129.026053][ T1444] ? rcu_is_watching+0x12/0xb0 [ 3129.026080][ T1444] exc_page_fault+0x98/0x170 [ 3129.026101][ T1444] asm_exc_page_fault+0x26/0x30 [ 3129.026123][ T1444] RIP: 0033:0x7f5d2ac39610 [ 3129.026136][ T1444] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3129.026151][ T1444] RSP: 002b:00007ffc24e00390 EFLAGS: 00010246 [ 3129.026167][ T1444] RAX: 0000000048ac4d0b RBX: 00007f5d2adac0e8 RCX: 0000001b2dc20000 [ 3129.026177][ T1444] RDX: 0000000000000000 RSI: 0000001b2dc20018 RDI: 0000000000000022 [ 3129.026187][ T1444] RBP: 0000000048ac4d0b R08: 0000000000000d0b R09: 0000000048ac4d0f [ 3129.026198][ T1444] R10: 00007ffc24e00550 R11: 0000000000000246 R12: 00007f5d2ada0000 [ 3129.026208][ T1444] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff88050461 [ 3129.026218][ T1444] ? __x64_sys_socket+0x11/0xb0 [ 3129.026246][ T1444] [ 3129.026343][ T1444] memory: usage 307200kB, limit 307200kB, failcnt 28468 [ 3129.026356][ T1444] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3129.026366][ T1444] Memory cgroup stats for /syz1: [ 3129.026512][ T1444] anon 397312 [ 3129.026512][ T1444] file 262144 [ 3129.026512][ T1444] kernel 313913344 [ 3129.026512][ T1444] kernel_stack 196608 [ 3129.026512][ T1444] pagetables 249856 [ 3129.026512][ T1444] sec_pagetables 0 [ 3129.026512][ T1444] percpu 5421856 [ 3129.026512][ T1444] sock 0 [ 3129.026512][ T1444] vmalloc 0 [ 3129.026512][ T1444] shmem 258048 [ 3129.026512][ T1444] zswap 0 [ 3129.026512][ T1444] zswapped 0 [ 3129.026512][ T1444] file_mapped 241664 [ 3129.026512][ T1444] file_dirty 4096 [ 3129.026512][ T1444] file_writeback 0 [ 3129.026512][ T1444] swapcached 0 [ 3129.026512][ T1444] anon_thp 0 [ 3129.026512][ T1444] file_thp 0 [ 3129.026512][ T1444] shmem_thp 0 [ 3129.026512][ T1444] inactive_anon 32768 [ 3129.026512][ T1444] active_anon 622592 [ 3129.026512][ T1444] inactive_file 0 [ 3129.026512][ T1444] active_file 4096 [ 3129.026512][ T1444] unevictable 0 [ 3129.026512][ T1444] slab_reclaimable 30472 [ 3129.026512][ T1444] slab_unreclaimable 307919984 [ 3129.026512][ T1444] slab 307950456 [ 3129.026512][ T1444] workingset_refault_anon 0 [ 3129.026512][ T1444] workingset_refault_file 2 [ 3129.026512][ T1444] workingset_activate_anon 0 [ 3129.026512][ T1444] workingset_activate_file 0 [ 3129.026512][ T1444] workingset_restore_anon 0 [ 3129.026512][ T1444] workingset_restore_file 2 [ 3129.026512][ T1444] workingset_nodereclaim 0 [ 3129.026512][ T1444] pgscan 4873 [ 3129.026512][ T1444] pgsteal 107 [ 3129.026512][ T1444] pgscan_kswapd 92 [ 3129.026512][ T1444] pgscan_direct 4781 [ 3129.026512][ T1444] pgscan_khugepaged 0 [ 3129.026512][ T1444] pgsteal_kswapd 88 [ 3129.026512][ T1444] pgsteal_direct 19 [ 3129.026512][ T1444] pgsteal_khugepaged 0 [ 3129.026512][ T1444] pgfault 568859 [ 3129.026512][ T1444] pgmajfault 2 [ 3129.026512][ T1444] pgrefill 17177 [ 3129.026512][ T1444] pgactivate 4766 [ 3129.026512][ T1444] pgdeactivate 0 [ 3129.026512][ T1444] pglazyfree 0 [ 3129.026512][ T1444] pglazyfreed 0 [ 3129.026512][ T1444] zswpin 0 [ 3129.026512][ T1444] zswpout 0 [ 3129.026557][ T1444] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=1444,uid=0 [ 3129.026661][ T1444] Memory cgroup out of memory: Killed process 1444 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3129.044612][ T1335] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3129.044634][ T1335] CPU: 1 PID: 1335 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3129.044651][ T1335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3129.044661][ T1335] Call Trace: [ 3129.044665][ T1335] [ 3129.044671][ T1335] dump_stack_lvl+0x136/0x150 [ 3129.044700][ T1335] dump_header+0x10a/0xd70 [ 3129.044719][ T1335] oom_kill_process+0x25d/0x600 [ 3129.044736][ T1335] out_of_memory+0x35c/0x1660 [ 3129.044753][ T1335] ? find_held_lock+0x2d/0x110 [ 3129.044772][ T1335] ? oom_killer_disable+0x2b0/0x2b0 [ 3129.044789][ T1335] ? rcu_read_unlock+0x9/0x60 [ 3129.044808][ T1335] ? find_held_lock+0x2d/0x110 [ 3129.044826][ T1335] mem_cgroup_out_of_memory+0x206/0x270 [ 3129.044849][ T1335] ? mem_cgroup_margin+0x130/0x130 [ 3129.044868][ T1335] ? lock_downgrade+0x690/0x690 [ 3129.044897][ T1335] try_charge_memcg+0xf99/0x13a0 [ 3129.044925][ T1335] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3129.044949][ T1335] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3129.044971][ T1335] ? lock_downgrade+0x690/0x690 [ 3129.044993][ T1335] ? lock_downgrade+0x690/0x690 [ 3129.045021][ T1335] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3129.045047][ T1335] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3129.045075][ T1335] copy_process+0x4f9/0x75c0 [ 3129.045106][ T1335] ? pidfd_prepare+0x80/0x80 [ 3129.045131][ T1335] ? lock_downgrade+0x690/0x690 [ 3129.045153][ T1335] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3129.045176][ T1335] ? folio_add_lru+0x47f/0x7c0 [ 3129.045201][ T1335] kernel_clone+0xeb/0x890 [ 3129.045222][ T1335] ? create_io_thread+0xe0/0xe0 [ 3129.045244][ T1335] ? find_held_lock+0x2d/0x110 [ 3129.045264][ T1335] ? find_held_lock+0x2d/0x110 [ 3129.045285][ T1335] __do_sys_clone+0xba/0x100 [ 3129.045306][ T1335] ? kernel_clone+0x890/0x890 [ 3129.045334][ T1335] ? syscall_enter_from_user_mode+0x26/0x80 [ 3129.045358][ T1335] do_syscall_64+0x39/0xb0 [ 3129.045381][ T1335] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3129.045405][ T1335] RIP: 0033:0x7fcdfee8d591 [ 3129.045418][ T1335] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3129.045432][ T1335] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3129.045448][ T1335] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3129.045458][ T1335] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3129.045468][ T1335] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3129.045480][ T1335] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3129.045490][ T1335] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3129.045509][ T1335] [ 3129.045624][ T1335] memory: usage 307200kB, limit 307200kB, failcnt 40312 [ 3129.045636][ T1335] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3129.045646][ T1335] Memory cgroup stats for /syz4: [ 3129.045763][ T1335] anon 2142208 [ 3129.045763][ T1335] file 7716864 [ 3129.045763][ T1335] kernel 304713728 [ 3129.045763][ T1335] kernel_stack 688128 [ 3129.045763][ T1335] pagetables 1171456 [ 3129.045763][ T1335] sec_pagetables 0 [ 3129.045763][ T1335] percpu 5219168 [ 3129.045763][ T1335] sock 0 [ 3129.045763][ T1335] vmalloc 12288 [ 3129.045763][ T1335] shmem 7716864 [ 3129.045763][ T1335] zswap 0 [ 3129.045763][ T1335] zswapped 0 [ 3129.045763][ T1335] file_mapped 196608 [ 3129.045763][ T1335] file_dirty 0 [ 3129.045763][ T1335] file_writeback 0 [ 3129.045763][ T1335] swapcached 0 [ 3129.045763][ T1335] anon_thp 0 [ 3129.045763][ T1335] file_thp 0 [ 3129.045763][ T1335] shmem_thp 0 [ 3129.045763][ T1335] inactive_anon 9596928 [ 3129.045763][ T1335] active_anon 262144 [ 3129.045763][ T1335] inactive_file 0 [ 3129.045763][ T1335] active_file 0 [ 3129.045763][ T1335] unevictable 0 [ 3129.045763][ T1335] slab_reclaimable 172672 [ 3129.045763][ T1335] slab_unreclaimable 297105376 [ 3129.045763][ T1335] slab 297278048 [ 3129.045763][ T1335] workingset_refault_anon 0 [ 3129.045763][ T1335] workingset_refault_file 0 [ 3129.045763][ T1335] workingset_activate_anon 0 [ 3129.045763][ T1335] workingset_activate_file 0 [ 3129.045763][ T1335] workingset_restore_anon 0 [ 3129.045763][ T1335] workingset_restore_file 0 [ 3129.045763][ T1335] workingset_nodereclaim 0 [ 3129.045763][ T1335] pgscan 116 [ 3129.045763][ T1335] pgsteal 111 [ 3129.045763][ T1335] pgscan_kswapd 99 [ 3129.045763][ T1335] pgscan_direct 17 [ 3129.045763][ T1335] pgscan_khugepaged 0 [ 3129.045763][ T1335] pgsteal_kswapd 97 [ 3129.045763][ T1335] pgsteal_direct 14 [ 3129.045763][ T1335] pgsteal_khugepaged 0 [ 3129.045763][ T1335] pgfault 697321 [ 3129.045763][ T1335] pgmajfault 6 [ 3129.045763][ T1335] pgrefill 593 [ 3129.045763][ T1335] pgactivate 5 [ 3129.045763][ T1335] pgdeactivate 0 [ 3129.045763][ T1335] pglazyfree 0 [ 3129.045763][ T1335] pglazyfreed 0 [ 3129.045763][ T1335] zswpin 0 [ 3129.045763][ T1335] zswpout 0 [ 3129.045806][ T1335] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=1335,uid=0 [ 3129.045893][ T1335] Memory cgroup out of memory: Killed process 1335 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3130.082279][ T1367] lowmem_reserve[]: 0 2617 2619 2619 2619 [ 3130.114250][ T1367] Node 0 DMA32 free:44548kB boost:0kB min:35440kB low:44300kB high:53160kB reserved_highatomic:0KB active_anon:753872kB inactive_anon:126076kB active_file:27568kB inactive_file:404kB unevictable:1536kB writepending:108kB present:3129332kB managed:2684936kB mlocked:0kB bounce:0kB free_pcp:30740kB local_pcp:18396kB free_cma:0kB [ 3130.182817][ T1367] lowmem_reserve[]: 0 0 1 1 1 [ 3130.199729][ T1367] Node 0 Normal free:16kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:40kB inactive_anon:4kB active_file:1228kB inactive_file:76kB unevictable:0kB writepending:4kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 3130.252290][ T1367] lowmem_reserve[]: 0 0 0 0 0 [ 3130.262500][ T1367] Node 1 Normal free:2587948kB boost:0kB min:54444kB low:68052kB high:81660kB reserved_highatomic:0KB active_anon:3900kB inactive_anon:232kB active_file:1256kB inactive_file:5220kB unevictable:1536kB writepending:20kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:20864kB local_pcp:10700kB free_cma:0kB [ 3130.370995][ T1367] lowmem_reserve[]: 0 0 0 0 0 [ 3130.382471][ T1367] Node 0 DMA: 3*4kB (UE) 3*8kB (UME) 1*16kB (M) 1*32kB (E) 2*64kB (ME) 4*128kB (UME) 3*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10708kB [ 3130.430657][ T1367] Node 0 DMA32: 499*4kB (ME) 427*8kB (ME) 172*16kB (UME) 161*32kB (UME) 48*64kB (UME) 20*128kB (UME) 10*256kB (ME) 9*512kB (UME) 6*1024kB (UM) 6*2048kB (M) 0*4096kB = 44548kB [ 3130.464119][ T1367] Node 0 Normal: 4*4kB (UM) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 3130.503421][ T1367] Node 1 Normal: 413*4kB (M) 1033*8kB (UME) 521*16kB (UME) 225*32kB (ME) 149*64kB (ME) 91*128kB (UME) 69*256kB (UME) 43*512kB (UM) 29*1024kB (UM) 11*2048kB (UM) 598*4096kB (UM) = 2587948kB [ 3130.551299][ T1367] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3130.571330][ T1367] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3130.633715][ T1367] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3130.664892][ T1367] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3130.674226][ T1367] 36054 total pagecache pages [ 3130.702049][ T1367] 0 pages in swap cache [ 3130.711919][ T1367] Free swap = 0kB [ 3130.722456][ T1367] Total swap = 0kB [ 3130.732369][ T1367] 2097051 pages RAM [ 3130.743452][ T1367] 0 pages HighMem/MovableOnly [ 3130.754009][ T1367] 392162 pages reserved [ 3130.779655][ T1367] 0 pages cma reserved [ 3130.803905][ T1559] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 15:37:42 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb3940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:42 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x0) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1900}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x4100}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x60) [ 3130.991006][ T1573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3131.020783][ T1568] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3131.061371][ T1568] CPU: 1 PID: 1568 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3131.071713][ T1568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3131.081767][ T1568] Call Trace: [ 3131.085043][ T1568] [ 3131.087978][ T1568] dump_stack_lvl+0x136/0x150 [ 3131.092670][ T1568] dump_header+0x10a/0xd70 [ 3131.097093][ T1568] oom_kill_process+0x25d/0x600 [ 3131.101977][ T1568] out_of_memory+0x35c/0x1660 [ 3131.106660][ T1568] ? find_held_lock+0x2d/0x110 [ 3131.111427][ T1568] ? oom_killer_disable+0x2b0/0x2b0 [ 3131.116625][ T1568] ? rcu_read_unlock+0x9/0x60 [ 3131.121304][ T1568] ? find_held_lock+0x2d/0x110 [ 3131.126076][ T1568] mem_cgroup_out_of_memory+0x206/0x270 [ 3131.131632][ T1568] ? mem_cgroup_margin+0x130/0x130 [ 3131.136753][ T1568] ? lock_downgrade+0x690/0x690 [ 3131.141627][ T1568] try_charge_memcg+0xf99/0x13a0 [ 3131.146571][ T1568] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3131.152556][ T1568] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3131.158286][ T1568] ? lock_downgrade+0x690/0x690 [ 3131.163228][ T1568] ? lock_downgrade+0x690/0x690 [ 3131.168123][ T1568] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3131.173703][ T1568] __alloc_pages+0x1f3/0x4a0 [ 3131.178308][ T1568] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3131.185086][ T1568] ? __lock_acquire+0xc17/0x5f30 [ 3131.190046][ T1568] ? find_held_lock+0x2d/0x110 [ 3131.194817][ T1568] alloc_pages+0x1aa/0x270 [ 3131.199331][ T1568] __pmd_alloc+0x3f/0x5d0 [ 3131.203751][ T1568] __handle_mm_fault+0x93e/0x41c0 15:37:43 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5949d}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:43 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x0) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3131.208779][ T1568] ? mt_find+0x3b9/0xa60 [ 3131.213029][ T1568] ? vm_iomap_memory+0x190/0x190 [ 3131.217975][ T1568] ? mas_find+0x200/0x200 [ 3131.222333][ T1568] handle_mm_fault+0x2af/0x9f0 [ 3131.227147][ T1568] do_user_addr_fault+0x51a/0x1210 [ 3131.232277][ T1568] exc_page_fault+0x98/0x170 [ 3131.236875][ T1568] asm_exc_page_fault+0x26/0x30 [ 3131.241731][ T1568] RIP: 0033:0x7f5d2ac86cc5 [ 3131.246139][ T1568] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3131.265752][ T1568] RSP: 002b:00007ffc24e00468 EFLAGS: 00010202 [ 3131.271820][ T1568] RAX: 00000000200003c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3131.279794][ T1568] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200003c0 [ 3131.287856][ T1568] RBP: 00007ffc24e00528 R08: 00007f5d2ac00000 R09: 00007f5d2a800000 [ 3131.295912][ T1568] R10: 00007f5d2a8000c8 R11: 0000000000000246 R12: 00000000002fc64f [ 3131.303881][ T1568] R13: 00007ffc24e00550 R14: 00007f5d2adabf80 R15: 0000000000000032 [ 3131.311867][ T1568] 15:37:43 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x68) [ 3131.402711][ T1680] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3131.431447][ T1568] memory: usage 307184kB, limit 307200kB, failcnt 28546 [ 3131.443835][ T1568] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3131.462524][ T1683] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3131.490615][ T1568] Memory cgroup stats for /syz1: [ 3131.490759][ T1568] anon 425984 [ 3131.490759][ T1568] file 262144 [ 3131.490759][ T1568] kernel 313868288 [ 3131.490759][ T1568] kernel_stack 163840 [ 3131.490759][ T1568] pagetables 249856 [ 3131.490759][ T1568] sec_pagetables 0 [ 3131.490759][ T1568] percpu 5421792 [ 3131.490759][ T1568] sock 0 [ 3131.490759][ T1568] vmalloc 0 [ 3131.490759][ T1568] shmem 258048 [ 3131.490759][ T1568] zswap 0 [ 3131.490759][ T1568] zswapped 0 [ 3131.490759][ T1568] file_mapped 241664 [ 3131.490759][ T1568] file_dirty 4096 [ 3131.490759][ T1568] file_writeback 0 [ 3131.490759][ T1568] swapcached 0 [ 3131.490759][ T1568] anon_thp 0 [ 3131.490759][ T1568] file_thp 0 [ 3131.490759][ T1568] shmem_thp 0 [ 3131.490759][ T1568] inactive_anon 53248 [ 3131.490759][ T1568] active_anon 630784 [ 3131.490759][ T1568] inactive_file 0 [ 3131.490759][ T1568] active_file 4096 [ 3131.490759][ T1568] unevictable 0 [ 3131.490759][ T1568] slab_reclaimable 46904 [ 3131.490759][ T1568] slab_unreclaimable 307900928 [ 3131.490759][ T1568] slab 307947832 [ 3131.490759][ T1568] workingset_refault_anon 0 [ 3131.490759][ T1568] workingset_refault_file 2 [ 3131.490759][ T1568] workingset_activate_anon 0 [ 3131.490759][ T1568] workingset_activate_file 0 15:37:43 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x0) sendto$inet6(r0, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3131.490759][ T1568] workingset_restore_anon 0 [ 3131.490759][ T1568] workingset_restore_file 2 [ 3131.490759][ T1568] workingset_nodereclaim 0 [ 3131.490759][ T1568] pgscan 4873 [ 3131.490759][ T1568] pgsteal 107 [ 3131.490759][ T1568] pgscan_kswapd 92 [ 3131.490759][ T1568] pgscan_direct 4781 [ 3131.490759][ T1568] pgscan_khugepaged 0 [ 3131.490759][ T1568] pgsteal_kswapd 88 [ 3131.490759][ T1568] pgsteal_direct 19 [ 3131.490759][ T1568] pgsteal_khugepaged 0 [ 3131.490759][ T1568] pgfault 568920 [ 3131.490759][ T1568] pgmajfault 2 [ 3131.490759][ T1568] pgrefill 17246 [ 3131.490759][ T1568] pgactivate 4766 [ 3131.490759][ T1568] pgdeactivate 0 [ 3131.490759][ T1568] pglazyfree 0 [ 3131.490759][ T1568] pglazyfreed 0 [ 3131.490759][ T1568] zswpin 0 [ 3131.490759][ T1568] zswpout 0 15:37:43 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x7f940500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:43 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x6c) [ 3131.823941][ T1568] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=1568,uid=0 [ 3131.829846][ T1689] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 15:37:43 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3131.892969][ T1568] Memory cgroup out of memory: Killed process 1568 (syz-executor.1) total-vm:54548kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3131.900506][ T1690] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3132.031235][ T1569] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3132.091289][ T1569] CPU: 1 PID: 1569 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3132.101644][ T1569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3132.111695][ T1569] Call Trace: [ 3132.114971][ T1569] [ 3132.117902][ T1569] dump_stack_lvl+0x136/0x150 [ 3132.122594][ T1569] dump_header+0x10a/0xd70 [ 3132.127020][ T1569] oom_kill_process+0x25d/0x600 [ 3132.131885][ T1569] out_of_memory+0x35c/0x1660 [ 3132.136554][ T1569] ? find_held_lock+0x2d/0x110 [ 3132.141322][ T1569] ? oom_killer_disable+0x2b0/0x2b0 [ 3132.146515][ T1569] ? rcu_read_unlock+0x9/0x60 [ 3132.151191][ T1569] ? find_held_lock+0x2d/0x110 [ 3132.155955][ T1569] mem_cgroup_out_of_memory+0x206/0x270 [ 3132.161505][ T1569] ? mem_cgroup_margin+0x130/0x130 [ 3132.166608][ T1569] ? lock_downgrade+0x690/0x690 [ 3132.171449][ T1569] try_charge_memcg+0xf99/0x13a0 [ 3132.176388][ T1569] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3132.182459][ T1569] ? rcu_read_unlock+0x9/0x60 [ 3132.187131][ T1569] ? lock_downgrade+0x690/0x690 [ 3132.191998][ T1569] charge_memcg+0x90/0x3b0 [ 3132.196422][ T1569] __mem_cgroup_charge+0x2b/0x90 [ 3132.201357][ T1569] do_wp_page+0x8ea/0x33c0 [ 3132.205863][ T1569] ? lock_sync+0x190/0x190 [ 3132.210278][ T1569] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3132.215644][ T1569] ? do_raw_spin_lock+0x124/0x2b0 [ 3132.220662][ T1569] ? spin_bug+0x1c0/0x1c0 [ 3132.225008][ T1569] __handle_mm_fault+0x1635/0x41c0 [ 3132.230109][ T1569] ? vm_iomap_memory+0x190/0x190 [ 3132.235039][ T1569] ? mas_walk+0x58f/0x730 [ 3132.239368][ T1569] ? numa_migrate_prep+0x3a0/0x3a0 [ 3132.244559][ T1569] ? do_user_addr_fault+0x367/0x1210 [ 3132.249846][ T1569] handle_mm_fault+0x2af/0x9f0 [ 3132.254601][ T1569] do_user_addr_fault+0x2ca/0x1210 [ 3132.259787][ T1569] ? rcu_is_watching+0x12/0xb0 [ 3132.264548][ T1569] exc_page_fault+0x98/0x170 [ 3132.269146][ T1569] asm_exc_page_fault+0x26/0x30 [ 3132.273992][ T1569] RIP: 0033:0x7f5bd0639610 [ 3132.278391][ T1569] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3132.297987][ T1569] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3132.304041][ T1569] RAX: 0000000004219014 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3132.312004][ T1569] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a28a722 [ 3132.319961][ T1569] RBP: 0000000004219014 R08: 0000000000001014 R09: 0000000004219018 [ 3132.327937][ T1569] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3132.335901][ T1569] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83d6fdb1 [ 3132.343858][ T1569] ? apparmor_socket_create+0x151/0x670 [ 3132.349437][ T1569] [ 3132.482962][ T1569] memory: usage 307200kB, limit 307200kB, failcnt 27988 [ 3132.500170][ T1569] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3132.511273][ T1569] Memory cgroup stats for /syz2: [ 3132.511432][ T1569] anon 139264 [ 3132.511432][ T1569] file 8388608 [ 3132.511432][ T1569] kernel 306044928 [ 3132.511432][ T1569] kernel_stack 65536 [ 3132.511432][ T1569] pagetables 69632 [ 3132.511432][ T1569] sec_pagetables 0 [ 3132.511432][ T1569] percpu 5294912 [ 3132.511432][ T1569] sock 0 [ 3132.511432][ T1569] vmalloc 16384 [ 3132.511432][ T1569] shmem 8380416 [ 3132.511432][ T1569] zswap 0 [ 3132.511432][ T1569] zswapped 0 [ 3132.511432][ T1569] file_mapped 286720 [ 3132.511432][ T1569] file_dirty 8192 [ 3132.511432][ T1569] file_writeback 0 [ 3132.511432][ T1569] swapcached 0 [ 3132.511432][ T1569] anon_thp 0 [ 3132.511432][ T1569] file_thp 0 [ 3132.511432][ T1569] shmem_thp 0 [ 3132.511432][ T1569] inactive_anon 61440 [ 3132.511432][ T1569] active_anon 8458240 [ 3132.511432][ T1569] inactive_file 8192 [ 3132.511432][ T1569] active_file 0 [ 3132.511432][ T1569] unevictable 0 [ 3132.511432][ T1569] slab_reclaimable 39288 [ 3132.511432][ T1569] slab_unreclaimable 300523984 [ 3132.511432][ T1569] slab 300563272 [ 3132.511432][ T1569] workingset_refault_anon 0 [ 3132.511432][ T1569] workingset_refault_file 2 [ 3132.511432][ T1569] workingset_activate_anon 0 [ 3132.511432][ T1569] workingset_activate_file 0 [ 3132.511432][ T1569] workingset_restore_anon 0 [ 3132.511432][ T1569] workingset_restore_file 2 [ 3132.511432][ T1569] workingset_nodereclaim 0 [ 3132.511432][ T1569] pgscan 8697 [ 3132.511432][ T1569] pgsteal 122 [ 3132.511432][ T1569] pgscan_kswapd 106 [ 3132.511432][ T1569] pgscan_direct 8591 [ 3132.511432][ T1569] pgscan_khugepaged 0 [ 3132.511432][ T1569] pgsteal_kswapd 97 [ 3132.511432][ T1569] pgsteal_direct 25 [ 3132.511432][ T1569] pgsteal_khugepaged 0 [ 3132.511432][ T1569] pgfault 696420 [ 3132.511432][ T1569] pgmajfault 0 [ 3132.511432][ T1569] pgrefill 33739 [ 3132.511432][ T1569] pgactivate 8575 [ 3132.511432][ T1569] pgdeactivate 0 [ 3132.511432][ T1569] pglazyfree 0 [ 3132.511432][ T1569] pglazyfreed 0 [ 3132.511432][ T1569] zswpin 0 [ 3132.511432][ T1569] zswpout 0 [ 3132.781374][ T1569] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1569,uid=0 [ 3132.814038][ T1569] Memory cgroup out of memory: Killed process 1569 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3132.905986][ T1577] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3132.968873][ T1577] syz-executor.4 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=2, oom_score_adj=1000 [ 3133.012709][ T1577] CPU: 0 PID: 1577 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3133.023048][ T1577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3133.033088][ T1577] Call Trace: [ 3133.036355][ T1577] [ 3133.039283][ T1577] dump_stack_lvl+0x136/0x150 [ 3133.043970][ T1577] dump_header+0x10a/0xd70 [ 3133.048384][ T1577] oom_kill_process+0x25d/0x600 [ 3133.053233][ T1577] out_of_memory+0x35c/0x1660 [ 3133.057903][ T1577] ? find_held_lock+0x2d/0x110 [ 3133.062666][ T1577] ? oom_killer_disable+0x2b0/0x2b0 [ 3133.067857][ T1577] ? rcu_read_unlock+0x9/0x60 [ 3133.072537][ T1577] ? find_held_lock+0x2d/0x110 [ 3133.077307][ T1577] mem_cgroup_out_of_memory+0x206/0x270 [ 3133.082858][ T1577] ? mem_cgroup_margin+0x130/0x130 [ 3133.087957][ T1577] ? lock_downgrade+0x690/0x690 [ 3133.092814][ T1577] try_charge_memcg+0xf99/0x13a0 [ 3133.097749][ T1577] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3133.103734][ T1577] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3133.109445][ T1577] ? lock_downgrade+0x690/0x690 [ 3133.114302][ T1577] obj_cgroup_charge+0x2af/0x5e0 [ 3133.119243][ T1577] __kmem_cache_alloc_node+0xa3/0x320 [ 3133.124710][ T1577] ? __devinet_sysctl_register+0x98/0x280 [ 3133.130440][ T1577] ? __devinet_sysctl_register+0x98/0x280 [ 3133.136163][ T1577] __kmalloc_node_track_caller+0x4f/0x1a0 [ 3133.141881][ T1577] kmemdup+0x2c/0x60 [ 3133.145778][ T1577] __devinet_sysctl_register+0x98/0x280 [ 3133.151333][ T1577] ? inet_netconf_notify_devconf+0x260/0x260 [ 3133.157316][ T1577] ? br_changelink+0x27/0x1660 [ 3133.162085][ T1577] ? __rtnl_newlink+0x10c2/0x1840 [ 3133.167107][ T1577] ? rtnl_newlink+0x68/0xa0 [ 3133.171607][ T1577] ? rtnetlink_rcv_msg+0x43d/0xd50 [ 3133.176711][ T1577] ? netlink_rcv_skb+0x165/0x440 [ 3133.181658][ T1577] ? netlink_unicast+0x547/0x7f0 [ 3133.186602][ T1577] ? netlink_sendmsg+0x925/0xe30 [ 3133.191539][ T1577] ? sock_sendmsg+0xde/0x190 [ 3133.196126][ T1577] ? ____sys_sendmsg+0x71c/0x900 [ 3133.201068][ T1577] ? ___sys_sendmsg+0x110/0x1b0 [ 3133.205926][ T1577] devinet_sysctl_register+0x160/0x230 [ 3133.211413][ T1577] inetdev_init+0x286/0x580 [ 3133.215924][ T1577] inetdev_event+0xe7c/0x1720 [ 3133.220616][ T1577] ? del_default_gids+0xe0/0xe0 [ 3133.225467][ T1577] ? is_ndev_for_default_gid_filter.part.0+0x320/0x320 [ 3133.232317][ T1577] ? devinet_init_net+0x650/0x650 [ 3133.237341][ T1577] ? skb_dequeue+0x129/0x180 [ 3133.241961][ T1577] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 3133.247858][ T1577] notifier_call_chain+0xb6/0x3c0 [ 3133.252892][ T1577] call_netdevice_notifiers_info+0xb9/0x130 [ 3133.258790][ T1577] register_netdevice+0xfb4/0x1640 [ 3133.263928][ T1577] ? unregister_netdevice_queue+0x3c0/0x3c0 [ 3133.269817][ T1577] ? validate_linkmsg+0x6e4/0x9c0 [ 3133.274845][ T1577] br_dev_newlink+0x27/0x110 [ 3133.279455][ T1577] ? br_changelink+0x1660/0x1660 [ 3133.284401][ T1577] __rtnl_newlink+0x10c2/0x1840 [ 3133.289258][ T1577] ? rtnl_link_unregister+0x250/0x250 [ 3133.294646][ T1577] ? rtnl_newlink+0x4a/0xa0 [ 3133.299159][ T1577] rtnl_newlink+0x68/0xa0 [ 3133.303485][ T1577] ? __rtnl_newlink+0x1840/0x1840 [ 3133.308502][ T1577] rtnetlink_rcv_msg+0x43d/0xd50 [ 3133.313440][ T1577] ? rtnl_stats_set+0x4d0/0x4d0 [ 3133.318284][ T1577] ? __dev_queue_xmit+0xa2a/0x3b10 [ 3133.323399][ T1577] netlink_rcv_skb+0x165/0x440 [ 3133.328243][ T1577] ? rtnl_stats_set+0x4d0/0x4d0 [ 3133.333090][ T1577] ? netlink_ack+0x1360/0x1360 [ 3133.337860][ T1577] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3133.343144][ T1577] netlink_unicast+0x547/0x7f0 [ 3133.347909][ T1577] ? netlink_attachskb+0x890/0x890 [ 3133.353018][ T1577] ? __virt_addr_valid+0x61/0x2e0 [ 3133.358046][ T1577] ? __phys_addr_symbol+0x30/0x70 [ 3133.363085][ T1577] ? __check_object_size+0x323/0x730 [ 3133.368368][ T1577] netlink_sendmsg+0x925/0xe30 [ 3133.373147][ T1577] ? netlink_unicast+0x7f0/0x7f0 [ 3133.378090][ T1577] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3133.383372][ T1577] ? netlink_unicast+0x7f0/0x7f0 [ 3133.388301][ T1577] sock_sendmsg+0xde/0x190 [ 3133.392715][ T1577] ____sys_sendmsg+0x71c/0x900 [ 3133.397474][ T1577] ? copy_msghdr_from_user+0xfc/0x150 [ 3133.402847][ T1577] ? kernel_sendmsg+0x50/0x50 [ 3133.407521][ T1577] ? futex_unqueue+0xb7/0x120 [ 3133.412196][ T1577] ? futex_wait+0x503/0x680 [ 3133.416694][ T1577] ___sys_sendmsg+0x110/0x1b0 [ 3133.421371][ T1577] ? do_recvmmsg+0x6f0/0x6f0 [ 3133.425961][ T1577] ? __fget_files+0x248/0x480 [ 3133.430647][ T1577] ? lock_downgrade+0x690/0x690 [ 3133.435509][ T1577] ? __fget_files+0x26a/0x480 [ 3133.440203][ T1577] ? __fget_light+0xe5/0x270 [ 3133.444809][ T1577] __sys_sendmsg+0xf7/0x1c0 [ 3133.449314][ T1577] ? __sys_sendmsg_sock+0x40/0x40 [ 3133.454339][ T1577] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3133.460239][ T1577] ? syscall_enter_from_user_mode+0x26/0x80 [ 3133.466136][ T1577] ? lockdep_hardirqs_on+0x7d/0x100 [ 3133.471353][ T1577] do_syscall_64+0x39/0xb0 [ 3133.475774][ T1577] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3133.481678][ T1577] RIP: 0033:0x7fcdfee8c169 [ 3133.486088][ T1577] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3133.505699][ T1577] RSP: 002b:00007fcdffb69168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3133.514111][ T1577] RAX: ffffffffffffffda RBX: 00007fcdfefabf80 RCX: 00007fcdfee8c169 [ 3133.522073][ T1577] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3133.530032][ T1577] RBP: 00007fcdfeee7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3133.537996][ T1577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3133.545964][ T1577] R13: 00007ffda41c1e2f R14: 00007fcdffb69300 R15: 0000000000022000 [ 3133.553940][ T1577] [ 3133.682689][ T1577] memory: usage 307200kB, limit 307200kB, failcnt 40443 [ 3133.701478][ T1577] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3133.720885][ T1577] Memory cgroup stats for /syz4: [ 3133.721044][ T1577] anon 2138112 [ 3133.721044][ T1577] file 7716864 [ 3133.721044][ T1577] kernel 304717824 [ 3133.721044][ T1577] kernel_stack 688128 [ 3133.721044][ T1577] pagetables 1171456 [ 3133.721044][ T1577] sec_pagetables 0 [ 3133.721044][ T1577] percpu 5219168 [ 3133.721044][ T1577] sock 0 [ 3133.721044][ T1577] vmalloc 8192 [ 3133.721044][ T1577] shmem 7716864 [ 3133.721044][ T1577] zswap 0 [ 3133.721044][ T1577] zswapped 0 [ 3133.721044][ T1577] file_mapped 196608 [ 3133.721044][ T1577] file_dirty 0 [ 3133.721044][ T1577] file_writeback 0 [ 3133.721044][ T1577] swapcached 0 [ 3133.721044][ T1577] anon_thp 0 [ 3133.721044][ T1577] file_thp 0 [ 3133.721044][ T1577] shmem_thp 0 [ 3133.721044][ T1577] inactive_anon 9596928 [ 3133.721044][ T1577] active_anon 258048 [ 3133.721044][ T1577] inactive_file 0 [ 3133.721044][ T1577] active_file 0 [ 3133.721044][ T1577] unevictable 0 [ 3133.721044][ T1577] slab_reclaimable 172672 [ 3133.721044][ T1577] slab_unreclaimable 297119920 [ 3133.721044][ T1577] slab 297292592 [ 3133.721044][ T1577] workingset_refault_anon 0 [ 3133.721044][ T1577] workingset_refault_file 0 [ 3133.721044][ T1577] workingset_activate_anon 0 [ 3133.721044][ T1577] workingset_activate_file 0 [ 3133.721044][ T1577] workingset_restore_anon 0 [ 3133.721044][ T1577] workingset_restore_file 0 [ 3133.721044][ T1577] workingset_nodereclaim 0 [ 3133.721044][ T1577] pgscan 116 [ 3133.721044][ T1577] pgsteal 111 [ 3133.721044][ T1577] pgscan_kswapd 99 [ 3133.721044][ T1577] pgscan_direct 17 [ 3133.721044][ T1577] pgscan_khugepaged 0 [ 3133.721044][ T1577] pgsteal_kswapd 97 [ 3133.721044][ T1577] pgsteal_direct 14 [ 3133.721044][ T1577] pgsteal_khugepaged 0 [ 3133.721044][ T1577] pgfault 697386 [ 3133.721044][ T1577] pgmajfault 6 [ 3133.721044][ T1577] pgrefill 593 [ 3133.721044][ T1577] pgactivate 5 [ 3133.721044][ T1577] pgdeactivate 0 [ 3133.721044][ T1577] pglazyfree 0 [ 3133.721044][ T1577] pglazyfreed 0 [ 3133.721044][ T1577] zswpin 0 [ 3133.721044][ T1577] zswpout 0 [ 3134.021120][ T1577] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=1572,uid=0 [ 3134.069990][ T1577] Memory cgroup out of memory: Killed process 1577 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:37:46 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb4940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:46 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x4200}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:46 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) 15:37:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x79470500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x74) 15:37:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1a00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:46 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x38, 0x0, 0x0, 0xfffffffffffffdfd) [ 3134.311703][ T1701] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:46 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 3134.536776][ T1705] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3134.572986][ T1705] CPU: 0 PID: 1705 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3134.583324][ T1705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3134.593366][ T1705] Call Trace: [ 3134.596635][ T1705] [ 3134.599562][ T1705] dump_stack_lvl+0x136/0x150 [ 3134.604339][ T1705] dump_header+0x10a/0xd70 [ 3134.608755][ T1705] oom_kill_process+0x25d/0x600 [ 3134.613601][ T1705] out_of_memory+0x35c/0x1660 [ 3134.618274][ T1705] ? find_held_lock+0x2d/0x110 [ 3134.623038][ T1705] ? oom_killer_disable+0x2b0/0x2b0 [ 3134.628230][ T1705] ? rcu_read_unlock+0x9/0x60 [ 3134.632902][ T1705] ? find_held_lock+0x2d/0x110 [ 3134.637663][ T1705] mem_cgroup_out_of_memory+0x206/0x270 [ 3134.643217][ T1705] ? mem_cgroup_margin+0x130/0x130 [ 3134.648323][ T1705] ? lock_downgrade+0x690/0x690 [ 3134.653183][ T1705] try_charge_memcg+0xf99/0x13a0 [ 3134.658123][ T1705] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3134.664110][ T1705] ? rcu_read_unlock+0x9/0x60 [ 3134.668781][ T1705] ? lock_downgrade+0x690/0x690 [ 3134.673639][ T1705] charge_memcg+0x90/0x3b0 [ 3134.678055][ T1705] __mem_cgroup_charge+0x2b/0x90 [ 3134.682994][ T1705] __handle_mm_fault+0x2296/0x41c0 [ 3134.688108][ T1705] ? vm_iomap_memory+0x190/0x190 [ 3134.693042][ T1705] ? mas_walk+0x58f/0x730 [ 3134.697380][ T1705] ? numa_migrate_prep+0x3a0/0x3a0 [ 3134.702502][ T1705] handle_mm_fault+0x2af/0x9f0 [ 3134.707265][ T1705] do_user_addr_fault+0x2ca/0x1210 [ 3134.712380][ T1705] ? rcu_is_watching+0x12/0xb0 [ 3134.717145][ T1705] exc_page_fault+0x98/0x170 [ 3134.721735][ T1705] asm_exc_page_fault+0x26/0x30 [ 3134.726583][ T1705] RIP: 0033:0x7f5d2ac3e171 [ 3134.730994][ T1705] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3134.750596][ T1705] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3134.756654][ T1705] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3134.764625][ T1705] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 [ 3134.772615][ T1705] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3134.780575][ T1705] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3134.788549][ T1705] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3134.796537][ T1705] 15:37:46 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 15:37:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x7a) [ 3134.944611][ T1699] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 15:37:46 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="8202", 0x2}], 0x1}}], 0x1, 0x4000c800) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 3135.101085][ T1705] memory: usage 307200kB, limit 307200kB, failcnt 28628 [ 3135.127860][ T1816] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3135.142478][ T1705] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3135.163489][ T1705] Memory cgroup stats for /syz1: [ 3135.163780][ T1705] anon 438272 [ 3135.163780][ T1705] file 262144 [ 3135.163780][ T1705] kernel 313872384 [ 3135.163780][ T1705] kernel_stack 163840 [ 3135.163780][ T1705] pagetables 258048 [ 3135.163780][ T1705] sec_pagetables 0 [ 3135.163780][ T1705] percpu 5421792 [ 3135.163780][ T1705] sock 0 [ 3135.163780][ T1705] vmalloc 0 [ 3135.163780][ T1705] shmem 258048 [ 3135.163780][ T1705] zswap 0 [ 3135.163780][ T1705] zswapped 0 [ 3135.163780][ T1705] file_mapped 241664 [ 3135.163780][ T1705] file_dirty 4096 [ 3135.163780][ T1705] file_writeback 0 [ 3135.163780][ T1705] swapcached 0 [ 3135.163780][ T1705] anon_thp 0 [ 3135.163780][ T1705] file_thp 0 [ 3135.163780][ T1705] shmem_thp 0 [ 3135.163780][ T1705] inactive_anon 630784 [ 3135.163780][ T1705] active_anon 65536 [ 3135.163780][ T1705] inactive_file 0 [ 3135.163780][ T1705] active_file 4096 [ 3135.163780][ T1705] unevictable 0 15:37:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x79470500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3135.163780][ T1705] slab_reclaimable 34328 [ 3135.163780][ T1705] slab_unreclaimable 307909376 [ 3135.163780][ T1705] slab 307943704 [ 3135.163780][ T1705] workingset_refault_anon 0 [ 3135.163780][ T1705] workingset_refault_file 2 [ 3135.163780][ T1705] workingset_activate_anon 0 [ 3135.163780][ T1705] workingset_activate_file 0 [ 3135.163780][ T1705] workingset_restore_anon 0 [ 3135.163780][ T1705] workingset_restore_file 2 [ 3135.163780][ T1705] workingset_nodereclaim 0 [ 3135.163780][ T1705] pgscan 4873 [ 3135.163780][ T1705] pgsteal 107 [ 3135.163780][ T1705] pgscan_kswapd 92 [ 3135.163780][ T1705] pgscan_direct 4781 [ 3135.163780][ T1705] pgscan_khugepaged 0 [ 3135.163780][ T1705] pgsteal_kswapd 88 [ 3135.163780][ T1705] pgsteal_direct 19 [ 3135.163780][ T1705] pgsteal_khugepaged 0 [ 3135.163780][ T1705] pgfault 568984 [ 3135.163780][ T1705] pgmajfault 2 [ 3135.163780][ T1705] pgrefill 17315 [ 3135.163780][ T1705] pgactivate 4766 [ 3135.163780][ T1705] pgdeactivate 0 [ 3135.163780][ T1705] pglazyfree 0 [ 3135.163780][ T1705] pglazyfreed 0 [ 3135.163780][ T1705] zswpin 0 [ 3135.163780][ T1705] zswpout 0 [ 3135.326163][ T1918] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3135.461952][ T1705] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=1694,uid=0 [ 3135.491744][ T1705] Memory cgroup out of memory: Killed process 1694 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3135.564993][ T1706] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3135.578419][ T1706] CPU: 0 PID: 1706 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3135.588748][ T1706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3135.598797][ T1706] Call Trace: [ 3135.602071][ T1706] [ 3135.604999][ T1706] dump_stack_lvl+0x136/0x150 [ 3135.609682][ T1706] dump_header+0x10a/0xd70 [ 3135.614109][ T1706] oom_kill_process+0x25d/0x600 [ 3135.618991][ T1706] out_of_memory+0x35c/0x1660 [ 3135.623665][ T1706] ? oom_killer_disable+0x2b0/0x2b0 [ 3135.628851][ T1706] ? rcu_read_unlock+0x9/0x60 [ 3135.633520][ T1706] ? find_held_lock+0x2d/0x110 [ 3135.638273][ T1706] mem_cgroup_out_of_memory+0x206/0x270 [ 3135.643823][ T1706] ? mem_cgroup_margin+0x130/0x130 [ 3135.648939][ T1706] ? lock_downgrade+0x690/0x690 [ 3135.653802][ T1706] try_charge_memcg+0xf99/0x13a0 [ 3135.658740][ T1706] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3135.664725][ T1706] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3135.670440][ T1706] ? lock_downgrade+0x690/0x690 [ 3135.675281][ T1706] ? lock_downgrade+0x690/0x690 [ 3135.680128][ T1706] ? rcu_read_unlock+0x9/0x60 [ 3135.684802][ T1706] obj_cgroup_charge+0x2af/0x5e0 [ 3135.689745][ T1706] ? copy_process+0x3c0/0x75c0 [ 3135.694505][ T1706] kmem_cache_alloc_node+0xa8/0x3e0 [ 3135.699695][ T1706] copy_process+0x3c0/0x75c0 [ 3135.704297][ T1706] ? pidfd_prepare+0x80/0x80 [ 3135.708900][ T1706] ? lock_downgrade+0x690/0x690 [ 3135.713764][ T1706] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3135.719731][ T1706] ? folio_add_lru+0x47f/0x7c0 [ 3135.724506][ T1706] kernel_clone+0xeb/0x890 [ 3135.728917][ T1706] ? create_io_thread+0xe0/0xe0 [ 3135.733765][ T1706] ? find_held_lock+0x2d/0x110 [ 3135.738518][ T1706] ? find_held_lock+0x2d/0x110 [ 3135.743281][ T1706] __do_sys_clone+0xba/0x100 [ 3135.747859][ T1706] ? kernel_clone+0x890/0x890 [ 3135.752542][ T1706] ? syscall_enter_from_user_mode+0x26/0x80 [ 3135.758445][ T1706] do_syscall_64+0x39/0xb0 [ 3135.762862][ T1706] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3135.768744][ T1706] RIP: 0033:0x7fcdfee8d591 [ 3135.773177][ T1706] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3135.792762][ T1706] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3135.801173][ T1706] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3135.809130][ T1706] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3135.817093][ T1706] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3135.825062][ T1706] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3135.833031][ T1706] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3135.840988][ T1706] [ 3135.844117][ T1706] memory: usage 307200kB, limit 307200kB, failcnt 40544 [ 3135.861980][ T1706] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3135.874477][ T1706] Memory cgroup stats for /syz4: [ 3135.881956][ T1706] anon 2142208 [ 3135.881956][ T1706] file 7716864 [ 3135.881956][ T1706] kernel 304709632 [ 3135.881956][ T1706] kernel_stack 688128 [ 3135.881956][ T1706] pagetables 1171456 [ 3135.881956][ T1706] sec_pagetables 0 [ 3135.881956][ T1706] percpu 5219232 [ 3135.881956][ T1706] sock 0 [ 3135.881956][ T1706] vmalloc 8192 [ 3135.881956][ T1706] shmem 7716864 [ 3135.881956][ T1706] zswap 0 [ 3135.881956][ T1706] zswapped 0 [ 3135.881956][ T1706] file_mapped 196608 [ 3135.881956][ T1706] file_dirty 0 [ 3135.881956][ T1706] file_writeback 0 [ 3135.881956][ T1706] swapcached 0 [ 3135.881956][ T1706] anon_thp 0 [ 3135.881956][ T1706] file_thp 0 [ 3135.881956][ T1706] shmem_thp 0 [ 3135.881956][ T1706] inactive_anon 9596928 [ 3135.881956][ T1706] active_anon 262144 [ 3135.881956][ T1706] inactive_file 0 [ 3135.881956][ T1706] active_file 0 [ 3135.881956][ T1706] unevictable 0 [ 3135.881956][ T1706] slab_reclaimable 172672 [ 3135.881956][ T1706] slab_unreclaimable 297111480 [ 3135.881956][ T1706] slab 297284152 [ 3135.881956][ T1706] workingset_refault_anon 0 [ 3135.881956][ T1706] workingset_refault_file 0 [ 3135.881956][ T1706] workingset_activate_anon 0 [ 3135.881956][ T1706] workingset_activate_file 0 [ 3135.881956][ T1706] workingset_restore_anon 0 [ 3135.881956][ T1706] workingset_restore_file 0 [ 3135.881956][ T1706] workingset_nodereclaim 0 [ 3135.881956][ T1706] pgscan 116 [ 3135.881956][ T1706] pgsteal 111 [ 3135.881956][ T1706] pgscan_kswapd 99 [ 3135.881956][ T1706] pgscan_direct 17 [ 3135.881956][ T1706] pgscan_khugepaged 0 [ 3135.881956][ T1706] pgsteal_kswapd 97 [ 3135.881956][ T1706] pgsteal_direct 14 [ 3135.881956][ T1706] pgsteal_khugepaged 0 [ 3135.881956][ T1706] pgfault 697452 [ 3135.881956][ T1706] pgmajfault 6 [ 3135.881956][ T1706] pgrefill 593 [ 3135.881956][ T1706] pgactivate 5 [ 3135.881956][ T1706] pgdeactivate 0 [ 3135.881956][ T1706] pglazyfree 0 [ 3135.881956][ T1706] pglazyfreed 0 [ 3135.881956][ T1706] zswpin 0 [ 3135.881956][ T1706] zswpout 0 [ 3136.190261][ T1706] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=1706,uid=0 [ 3136.214148][ T1706] Memory cgroup out of memory: Killed process 1706 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3136.252067][ T1700] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3136.310703][ T1700] CPU: 0 PID: 1700 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3136.321051][ T1700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3136.331106][ T1700] Call Trace: [ 3136.334385][ T1700] [ 3136.337316][ T1700] dump_stack_lvl+0x136/0x150 [ 3136.342005][ T1700] dump_header+0x10a/0xd70 [ 3136.346424][ T1700] oom_kill_process+0x25d/0x600 [ 3136.351276][ T1700] out_of_memory+0x35c/0x1660 [ 3136.355959][ T1700] ? oom_killer_disable+0x2b0/0x2b0 [ 3136.361164][ T1700] ? rcu_read_unlock+0x9/0x60 [ 3136.365845][ T1700] ? find_held_lock+0x2d/0x110 [ 3136.370617][ T1700] mem_cgroup_out_of_memory+0x206/0x270 [ 3136.376168][ T1700] ? mem_cgroup_margin+0x130/0x130 [ 3136.381281][ T1700] ? lock_downgrade+0x690/0x690 [ 3136.386147][ T1700] try_charge_memcg+0xf99/0x13a0 [ 3136.391098][ T1700] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3136.397093][ T1700] ? rcu_read_unlock+0x9/0x60 [ 3136.401771][ T1700] ? lock_downgrade+0x690/0x690 [ 3136.406646][ T1700] charge_memcg+0x90/0x3b0 15:37:48 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb5940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:48 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xf0) 15:37:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x73470500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x76940500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:48 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x4300}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3136.411070][ T1700] __mem_cgroup_charge+0x2b/0x90 [ 3136.416010][ T1700] do_wp_page+0x8ea/0x33c0 [ 3136.420425][ T1700] ? lock_sync+0x190/0x190 [ 3136.424842][ T1700] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3136.430213][ T1700] ? do_raw_spin_lock+0x124/0x2b0 [ 3136.435244][ T1700] ? spin_bug+0x1c0/0x1c0 [ 3136.439580][ T1700] __handle_mm_fault+0x1635/0x41c0 [ 3136.444692][ T1700] ? vm_iomap_memory+0x190/0x190 [ 3136.449626][ T1700] ? mas_walk+0x58f/0x730 [ 3136.453967][ T1700] ? numa_migrate_prep+0x3a0/0x3a0 [ 3136.459079][ T1700] ? do_user_addr_fault+0x367/0x1210 [ 3136.464458][ T1700] handle_mm_fault+0x2af/0x9f0 [ 3136.469227][ T1700] do_user_addr_fault+0x2ca/0x1210 [ 3136.474343][ T1700] ? rcu_is_watching+0x12/0xb0 [ 3136.479118][ T1700] exc_page_fault+0x98/0x170 [ 3136.483712][ T1700] asm_exc_page_fault+0x26/0x30 [ 3136.488576][ T1700] RIP: 0033:0x7f5bd0639610 [ 3136.492992][ T1700] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3136.512601][ T1700] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3136.518669][ T1700] RAX: 0000000004219014 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3136.526634][ T1700] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a28a722 [ 3136.534605][ T1700] RBP: 0000000004219014 R08: 0000000000001014 R09: 0000000004219018 [ 3136.542579][ T1700] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3136.550550][ T1700] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83d6fdb1 [ 3136.552231][ T1929] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3136.558511][ T1700] ? apparmor_socket_create+0x151/0x670 [ 3136.558550][ T1700] [ 3136.662963][ T1700] memory: usage 307200kB, limit 307200kB, failcnt 28091 [ 3136.682633][ T1700] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3136.694468][ T1700] Memory cgroup stats for /syz2: [ 3136.703203][ T1700] anon 139264 [ 3136.703203][ T1700] file 8388608 [ 3136.703203][ T1700] kernel 306044928 [ 3136.703203][ T1700] kernel_stack 65536 [ 3136.703203][ T1700] pagetables 69632 [ 3136.703203][ T1700] sec_pagetables 0 [ 3136.703203][ T1700] percpu 5294912 [ 3136.703203][ T1700] sock 0 [ 3136.703203][ T1700] vmalloc 16384 [ 3136.703203][ T1700] shmem 8380416 [ 3136.703203][ T1700] zswap 0 [ 3136.703203][ T1700] zswapped 0 [ 3136.703203][ T1700] file_mapped 286720 [ 3136.703203][ T1700] file_dirty 8192 [ 3136.703203][ T1700] file_writeback 0 [ 3136.703203][ T1700] swapcached 0 [ 3136.703203][ T1700] anon_thp 0 [ 3136.703203][ T1700] file_thp 0 [ 3136.703203][ T1700] shmem_thp 0 [ 3136.703203][ T1700] inactive_anon 8482816 [ 3136.703203][ T1700] active_anon 36864 [ 3136.703203][ T1700] inactive_file 8192 [ 3136.703203][ T1700] active_file 0 [ 3136.703203][ T1700] unevictable 0 [ 3136.703203][ T1700] slab_reclaimable 39288 [ 3136.703203][ T1700] slab_unreclaimable 300523984 [ 3136.703203][ T1700] slab 300563272 [ 3136.703203][ T1700] workingset_refault_anon 0 [ 3136.703203][ T1700] workingset_refault_file 2 [ 3136.703203][ T1700] workingset_activate_anon 0 [ 3136.703203][ T1700] workingset_activate_file 0 [ 3136.703203][ T1700] workingset_restore_anon 0 [ 3136.703203][ T1700] workingset_restore_file 2 [ 3136.703203][ T1700] workingset_nodereclaim 0 [ 3136.703203][ T1700] pgscan 8697 [ 3136.703203][ T1700] pgsteal 122 [ 3136.703203][ T1700] pgscan_kswapd 106 [ 3136.703203][ T1700] pgscan_direct 8591 [ 3136.703203][ T1700] pgscan_khugepaged 0 [ 3136.703203][ T1700] pgsteal_kswapd 97 [ 3136.703203][ T1700] pgsteal_direct 25 [ 3136.703203][ T1700] pgsteal_khugepaged 0 [ 3136.703203][ T1700] pgfault 696476 [ 3136.703203][ T1700] pgmajfault 0 [ 3136.703203][ T1700] pgrefill 33871 [ 3136.703203][ T1700] pgactivate 8575 [ 3136.703203][ T1700] pgdeactivate 0 [ 3136.703203][ T1700] pglazyfree 0 [ 3136.703203][ T1700] pglazyfreed 0 [ 3136.703203][ T1700] zswpin 0 [ 3136.703203][ T1700] zswpout 0 [ 3136.984361][ T1926] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3137.031098][ T1700] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1700,uid=0 [ 3137.032487][ T1963] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3137.047129][ T1700] Memory cgroup out of memory: Killed process 1700 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3137.170652][ T1927] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3137.186540][ T1927] CPU: 1 PID: 1927 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3137.196874][ T1927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3137.206930][ T1927] Call Trace: [ 3137.210207][ T1927] [ 3137.213149][ T1927] dump_stack_lvl+0x136/0x150 [ 3137.217844][ T1927] dump_header+0x10a/0xd70 [ 3137.222267][ T1927] oom_kill_process+0x25d/0x600 [ 3137.227120][ T1927] out_of_memory+0x35c/0x1660 [ 3137.231790][ T1927] ? find_held_lock+0x2d/0x110 [ 3137.236552][ T1927] ? oom_killer_disable+0x2b0/0x2b0 [ 3137.241754][ T1927] ? rcu_read_unlock+0x9/0x60 [ 3137.246432][ T1927] ? find_held_lock+0x2d/0x110 [ 3137.251200][ T1927] mem_cgroup_out_of_memory+0x206/0x270 [ 3137.256752][ T1927] ? mem_cgroup_margin+0x130/0x130 [ 3137.261866][ T1927] ? lock_downgrade+0x690/0x690 [ 3137.266727][ T1927] try_charge_memcg+0xf99/0x13a0 [ 3137.271665][ T1927] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3137.277655][ T1927] ? rcu_read_unlock+0x9/0x60 [ 3137.282336][ T1927] ? lock_downgrade+0x690/0x690 [ 3137.287193][ T1927] charge_memcg+0x90/0x3b0 [ 3137.291611][ T1927] __mem_cgroup_charge+0x2b/0x90 [ 3137.296539][ T1927] __handle_mm_fault+0x2296/0x41c0 [ 3137.301648][ T1927] ? vm_iomap_memory+0x190/0x190 [ 3137.306583][ T1927] ? mas_walk+0x58f/0x730 [ 3137.310914][ T1927] ? numa_migrate_prep+0x3a0/0x3a0 [ 3137.316020][ T1927] handle_mm_fault+0x2af/0x9f0 [ 3137.320785][ T1927] do_user_addr_fault+0x2ca/0x1210 [ 3137.325895][ T1927] ? rcu_is_watching+0x12/0xb0 [ 3137.330660][ T1927] exc_page_fault+0x98/0x170 [ 3137.335246][ T1927] asm_exc_page_fault+0x26/0x30 [ 3137.340096][ T1927] RIP: 0033:0x7f5d2ac3e171 [ 3137.344507][ T1927] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3137.364283][ T1927] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 15:37:49 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1b00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x300) [ 3137.370338][ T1927] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3137.378297][ T1927] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 [ 3137.386255][ T1927] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3137.394210][ T1927] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3137.402165][ T1927] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3137.410137][ T1927] 15:37:49 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb00}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x31a) 15:37:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3137.556152][ T2118] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3137.710033][ T1927] memory: usage 307200kB, limit 307200kB, failcnt 28732 [ 3137.744213][ T1927] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:37:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x326) [ 3137.874104][ T1927] Memory cgroup stats for /syz1: [ 3137.874282][ T1927] anon 438272 [ 3137.874282][ T1927] file 262144 [ 3137.874282][ T1927] kernel 313872384 [ 3137.874282][ T1927] kernel_stack 163840 [ 3137.874282][ T1927] pagetables 258048 [ 3137.874282][ T1927] sec_pagetables 0 [ 3137.874282][ T1927] percpu 5421792 [ 3137.874282][ T1927] sock 0 [ 3137.874282][ T1927] vmalloc 0 [ 3137.874282][ T1927] shmem 258048 [ 3137.874282][ T1927] zswap 0 [ 3137.874282][ T1927] zswapped 0 [ 3137.874282][ T1927] file_mapped 241664 [ 3137.874282][ T1927] file_dirty 4096 [ 3137.874282][ T1927] file_writeback 0 [ 3137.874282][ T1927] swapcached 0 [ 3137.874282][ T1927] anon_thp 0 [ 3137.874282][ T1927] file_thp 0 [ 3137.874282][ T1927] shmem_thp 0 [ 3137.874282][ T1927] inactive_anon 643072 [ 3137.874282][ T1927] active_anon 53248 [ 3137.874282][ T1927] inactive_file 4096 [ 3137.874282][ T1927] active_file 0 [ 3137.874282][ T1927] unevictable 0 [ 3137.874282][ T1927] slab_reclaimable 34328 [ 3137.874282][ T1927] slab_unreclaimable 307909376 [ 3137.874282][ T1927] slab 307943704 [ 3137.874282][ T1927] workingset_refault_anon 0 [ 3137.874282][ T1927] workingset_refault_file 2 [ 3137.874282][ T1927] workingset_activate_anon 0 [ 3137.874282][ T1927] workingset_activate_file 0 [ 3137.874282][ T1927] workingset_restore_anon 0 [ 3137.874282][ T1927] workingset_restore_file 2 [ 3137.874282][ T1927] workingset_nodereclaim 0 [ 3137.874282][ T1927] pgscan 4873 [ 3137.874282][ T1927] pgsteal 107 [ 3137.874282][ T1927] pgscan_kswapd 92 [ 3137.874282][ T1927] pgscan_direct 4781 [ 3137.874282][ T1927] pgscan_khugepaged 0 [ 3137.874282][ T1927] pgsteal_kswapd 88 [ 3137.874282][ T1927] pgsteal_direct 19 [ 3137.874282][ T1927] pgsteal_khugepaged 0 [ 3137.874282][ T1927] pgfault 569048 [ 3137.874282][ T1927] pgmajfault 2 [ 3137.874282][ T1927] pgrefill 17414 [ 3137.874282][ T1927] pgactivate 4766 [ 3137.874282][ T1927] pgdeactivate 0 [ 3137.874282][ T1927] pglazyfree 0 [ 3137.874282][ T1927] pglazyfreed 0 [ 3137.874282][ T1927] zswpin 0 [ 3137.874282][ T1927] zswpout 0 [ 3137.875990][ T2297] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3137.921721][ T1927] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=1920,uid=0 15:37:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x6c000000, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3138.244985][ T2312] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3138.301908][ T1927] Memory cgroup out of memory: Killed process 1920 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3138.405331][ T2314] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3138.421802][ T1921] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3138.464577][ T1921] CPU: 0 PID: 1921 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3138.474931][ T1921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3138.485070][ T1921] Call Trace: [ 3138.488349][ T1921] [ 3138.491278][ T1921] dump_stack_lvl+0x136/0x150 [ 3138.495969][ T1921] dump_header+0x10a/0xd70 [ 3138.500385][ T1921] oom_kill_process+0x25d/0x600 [ 3138.505236][ T1921] out_of_memory+0x35c/0x1660 [ 3138.509916][ T1921] ? find_held_lock+0x2d/0x110 [ 3138.514682][ T1921] ? oom_killer_disable+0x2b0/0x2b0 [ 3138.519877][ T1921] ? rcu_read_unlock+0x9/0x60 [ 3138.524553][ T1921] ? find_held_lock+0x2d/0x110 [ 3138.529319][ T1921] mem_cgroup_out_of_memory+0x206/0x270 [ 3138.534867][ T1921] ? mem_cgroup_margin+0x130/0x130 [ 3138.539979][ T1921] ? lock_downgrade+0x690/0x690 [ 3138.544845][ T1921] try_charge_memcg+0xf99/0x13a0 [ 3138.549795][ T1921] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3138.555777][ T1921] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3138.561592][ T1921] ? lock_downgrade+0x690/0x690 [ 3138.566451][ T1921] ? lock_downgrade+0x690/0x690 [ 3138.571315][ T1921] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3138.576873][ T1921] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3138.583030][ T1921] copy_process+0x1442/0x75c0 [ 3138.587713][ T1921] ? __lock_acquire+0xc17/0x5f30 [ 3138.592660][ T1921] ? pidfd_prepare+0x80/0x80 [ 3138.597261][ T1921] ? psi_memstall_leave+0x174/0x250 [ 3138.602545][ T1921] ? lock_downgrade+0x690/0x690 [ 3138.607407][ T1921] kernel_clone+0xeb/0x890 [ 3138.611833][ T1921] ? create_io_thread+0xe0/0xe0 [ 3138.616688][ T1921] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3138.622938][ T1921] ? lock_downgrade+0x690/0x690 [ 3138.627801][ T1921] __do_sys_clone+0xba/0x100 [ 3138.632394][ T1921] ? kernel_clone+0x890/0x890 [ 3138.637123][ T1921] ? syscall_enter_from_user_mode+0x26/0x80 [ 3138.643030][ T1921] do_syscall_64+0x39/0xb0 [ 3138.647464][ T1921] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3138.653363][ T1921] RIP: 0033:0x7fcdfee8d591 [ 3138.657781][ T1921] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3138.677386][ T1921] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3138.685808][ T1921] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3138.693776][ T1921] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3138.701745][ T1921] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3138.709714][ T1921] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3138.717683][ T1921] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3138.725662][ T1921] [ 3138.822978][ T1921] memory: usage 307200kB, limit 307200kB, failcnt 40664 [ 3138.842841][ T1921] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3138.882051][ T1921] Memory cgroup stats for /syz4: [ 3138.882211][ T1921] anon 2142208 [ 3138.882211][ T1921] file 7716864 [ 3138.882211][ T1921] kernel 304713728 [ 3138.882211][ T1921] kernel_stack 688128 [ 3138.882211][ T1921] pagetables 1171456 [ 3138.882211][ T1921] sec_pagetables 0 [ 3138.882211][ T1921] percpu 5219168 [ 3138.882211][ T1921] sock 0 [ 3138.882211][ T1921] vmalloc 8192 [ 3138.882211][ T1921] shmem 7716864 [ 3138.882211][ T1921] zswap 0 [ 3138.882211][ T1921] zswapped 0 [ 3138.882211][ T1921] file_mapped 196608 [ 3138.882211][ T1921] file_dirty 0 [ 3138.882211][ T1921] file_writeback 0 [ 3138.882211][ T1921] swapcached 0 [ 3138.882211][ T1921] anon_thp 0 [ 3138.882211][ T1921] file_thp 0 [ 3138.882211][ T1921] shmem_thp 0 [ 3138.882211][ T1921] inactive_anon 9596928 [ 3138.882211][ T1921] active_anon 262144 [ 3138.882211][ T1921] inactive_file 0 [ 3138.882211][ T1921] active_file 0 [ 3138.882211][ T1921] unevictable 0 [ 3138.882211][ T1921] slab_reclaimable 172672 [ 3138.882211][ T1921] slab_unreclaimable 297105072 [ 3138.882211][ T1921] slab 297277744 [ 3138.882211][ T1921] workingset_refault_anon 0 [ 3138.882211][ T1921] workingset_refault_file 0 [ 3138.882211][ T1921] workingset_activate_anon 0 [ 3138.882211][ T1921] workingset_activate_file 0 [ 3138.882211][ T1921] workingset_restore_anon 0 [ 3138.882211][ T1921] workingset_restore_file 0 [ 3138.882211][ T1921] workingset_nodereclaim 0 [ 3138.882211][ T1921] pgscan 116 [ 3138.882211][ T1921] pgsteal 111 [ 3138.882211][ T1921] pgscan_kswapd 99 [ 3138.882211][ T1921] pgscan_direct 17 [ 3138.882211][ T1921] pgscan_khugepaged 0 [ 3138.882211][ T1921] pgsteal_kswapd 97 [ 3138.882211][ T1921] pgsteal_direct 14 [ 3138.882211][ T1921] pgsteal_khugepaged 0 [ 3138.882211][ T1921] pgfault 697515 [ 3138.882211][ T1921] pgmajfault 6 [ 3138.882211][ T1921] pgrefill 593 [ 3138.882211][ T1921] pgactivate 5 [ 3138.882211][ T1921] pgdeactivate 0 [ 3138.882211][ T1921] pglazyfree 0 [ 3138.882211][ T1921] pglazyfreed 0 [ 3138.882211][ T1921] zswpin 0 [ 3138.882211][ T1921] zswpout 0 [ 3139.152379][ T1921] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=1921,uid=0 [ 3139.174479][ T1921] Memory cgroup out of memory: Killed process 1921 (syz-executor.4) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3139.312895][ T2054] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3139.342619][ T2054] CPU: 1 PID: 2054 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3139.352975][ T2054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3139.363014][ T2054] Call Trace: [ 3139.366276][ T2054] [ 3139.369190][ T2054] dump_stack_lvl+0x136/0x150 [ 3139.373857][ T2054] dump_header+0x10a/0xd70 [ 3139.378260][ T2054] oom_kill_process+0x25d/0x600 [ 3139.383100][ T2054] out_of_memory+0x35c/0x1660 [ 3139.387765][ T2054] ? find_held_lock+0x2d/0x110 [ 3139.392527][ T2054] ? oom_killer_disable+0x2b0/0x2b0 [ 3139.397723][ T2054] ? rcu_read_unlock+0x9/0x60 [ 3139.402487][ T2054] ? find_held_lock+0x2d/0x110 [ 3139.407252][ T2054] mem_cgroup_out_of_memory+0x206/0x270 [ 3139.412795][ T2054] ? mem_cgroup_margin+0x130/0x130 [ 3139.417887][ T2054] ? lock_downgrade+0x690/0x690 [ 3139.422726][ T2054] try_charge_memcg+0xf99/0x13a0 [ 3139.427649][ T2054] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3139.433640][ T2054] ? rcu_read_unlock+0x9/0x60 [ 3139.438301][ T2054] ? lock_downgrade+0x690/0x690 [ 3139.443160][ T2054] charge_memcg+0x90/0x3b0 [ 3139.447604][ T2054] __mem_cgroup_charge+0x2b/0x90 [ 3139.452538][ T2054] do_wp_page+0x8ea/0x33c0 [ 3139.456960][ T2054] ? lock_sync+0x190/0x190 [ 3139.461378][ T2054] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3139.466759][ T2054] ? do_raw_spin_lock+0x124/0x2b0 [ 3139.471764][ T2054] ? spin_bug+0x1c0/0x1c0 [ 3139.476080][ T2054] __handle_mm_fault+0x1635/0x41c0 [ 3139.481192][ T2054] ? vm_iomap_memory+0x190/0x190 [ 3139.486119][ T2054] ? mas_walk+0x58f/0x730 [ 3139.490463][ T2054] ? numa_migrate_prep+0x3a0/0x3a0 [ 3139.495565][ T2054] ? do_user_addr_fault+0x367/0x1210 [ 3139.500852][ T2054] handle_mm_fault+0x2af/0x9f0 [ 3139.505619][ T2054] do_user_addr_fault+0x2ca/0x1210 [ 3139.510729][ T2054] ? rcu_is_watching+0x12/0xb0 [ 3139.515490][ T2054] exc_page_fault+0x98/0x170 [ 3139.520065][ T2054] asm_exc_page_fault+0x26/0x30 [ 3139.524907][ T2054] RIP: 0033:0x7f5bd0639610 [ 3139.529297][ T2054] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3139.548890][ T2054] RSP: 002b:00007fffe74b16a0 EFLAGS: 00010246 [ 3139.554952][ T2054] RAX: 0000000004219014 RBX: 00007f5bd07ac018 RCX: 0000001b2dd20000 [ 3139.562913][ T2054] RDX: 0000000000000000 RSI: 0000001b2dd20018 RDI: 000000000a28a722 [ 3139.570861][ T2054] RBP: 0000000004219014 R08: 0000000000001014 R09: 0000000004219018 [ 3139.578809][ T2054] R10: 00007fffe74b1860 R11: 0000000000000246 R12: 00007f5bd07a0000 [ 3139.586764][ T2054] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83d6fdb1 [ 3139.594732][ T2054] ? apparmor_socket_create+0x151/0x670 [ 3139.600292][ T2054] 15:37:51 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb6940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:51 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x4400}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x5a010000, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x370) 15:37:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3139.702001][ T2054] memory: usage 307200kB, limit 307200kB, failcnt 28225 [ 3139.710443][ T2054] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3139.725866][ T2323] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3139.751068][ T2054] Memory cgroup stats for /syz2: [ 3139.751218][ T2054] anon 139264 [ 3139.751218][ T2054] file 8388608 [ 3139.751218][ T2054] kernel 306044928 [ 3139.751218][ T2054] kernel_stack 65536 [ 3139.751218][ T2054] pagetables 69632 [ 3139.751218][ T2054] sec_pagetables 0 [ 3139.751218][ T2054] percpu 5294912 [ 3139.751218][ T2054] sock 0 [ 3139.751218][ T2054] vmalloc 16384 [ 3139.751218][ T2054] shmem 8380416 [ 3139.751218][ T2054] zswap 0 [ 3139.751218][ T2054] zswapped 0 [ 3139.751218][ T2054] file_mapped 286720 [ 3139.751218][ T2054] file_dirty 8192 [ 3139.751218][ T2054] file_writeback 0 [ 3139.751218][ T2054] swapcached 0 [ 3139.751218][ T2054] anon_thp 0 [ 3139.751218][ T2054] file_thp 0 [ 3139.751218][ T2054] shmem_thp 0 [ 3139.751218][ T2054] inactive_anon 20480 [ 3139.751218][ T2054] active_anon 8499200 [ 3139.751218][ T2054] inactive_file 8192 [ 3139.751218][ T2054] active_file 0 [ 3139.751218][ T2054] unevictable 0 [ 3139.751218][ T2054] slab_reclaimable 39288 [ 3139.751218][ T2054] slab_unreclaimable 300523984 [ 3139.751218][ T2054] slab 300563272 [ 3139.751218][ T2054] workingset_refault_anon 0 [ 3139.751218][ T2054] workingset_refault_file 2 [ 3139.751218][ T2054] workingset_activate_anon 0 [ 3139.751218][ T2054] workingset_activate_file 0 [ 3139.751218][ T2054] workingset_restore_anon 0 [ 3139.751218][ T2054] workingset_restore_file 2 [ 3139.751218][ T2054] workingset_nodereclaim 0 [ 3139.751218][ T2054] pgscan 8697 [ 3139.751218][ T2054] pgsteal 122 [ 3139.751218][ T2054] pgscan_kswapd 106 [ 3139.751218][ T2054] pgscan_direct 8591 [ 3139.751218][ T2054] pgscan_khugepaged 0 [ 3139.751218][ T2054] pgsteal_kswapd 97 [ 3139.751218][ T2054] pgsteal_direct 25 [ 3139.751218][ T2054] pgsteal_khugepaged 0 [ 3139.751218][ T2054] pgfault 696534 [ 3139.751218][ T2054] pgmajfault 0 [ 3139.751218][ T2054] pgrefill 34057 [ 3139.751218][ T2054] pgactivate 8575 [ 3139.751218][ T2054] pgdeactivate 0 [ 3139.751218][ T2054] pglazyfree 0 [ 3139.751218][ T2054] pglazyfreed 0 [ 3139.751218][ T2054] zswpin 0 [ 3139.751218][ T2054] zswpout 0 [ 3139.938959][ T2331] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3139.993031][ T2054] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2054,uid=0 [ 3140.073266][ T2327] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3140.134125][ T2054] Memory cgroup out of memory: Killed process 2054 (syz-executor.2) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3140.229013][ T2328] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 15:37:52 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1c00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:52 executing program 5: r0 = socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ip_vti0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'gre0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_GET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="28000000100001045f963ebc0000008000000000", @ANYRES32=r3, @ANYBLOB="2191e4000000000708000a00", @ANYRES32=r5], 0x28}}, 0x0) 15:37:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x500) [ 3140.463124][ T2328] CPU: 1 PID: 2328 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3140.467104][ T2330] syz-executor.4: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0x404dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null) [ 3140.473466][ T2328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3140.473479][ T2328] Call Trace: [ 3140.473485][ T2328] [ 3140.473492][ T2328] dump_stack_lvl+0x136/0x150 [ 3140.491593][ T2330] ,cpuset= [ 3140.501201][ T2328] dump_header+0x10a/0xd70 [ 3140.501233][ T2328] oom_kill_process+0x25d/0x600 [ 3140.501262][ T2328] out_of_memory+0x35c/0x1660 [ 3140.505375][ T2330] syz4 [ 3140.507443][ T2328] ? find_held_lock+0x2d/0x110 [ 3140.512141][ T2330] ,mems_allowed=0-1 [ 3140.515090][ T2328] ? oom_killer_disable+0x2b0/0x2b0 [ 3140.515121][ T2328] ? rcu_read_unlock+0x9/0x60 [ 3140.515152][ T2328] ? find_held_lock+0x2d/0x110 [ 3140.520020][ T2330] [ 3140.524378][ T2328] mem_cgroup_out_of_memory+0x206/0x270 [ 3140.562717][ T2328] ? mem_cgroup_margin+0x130/0x130 [ 3140.567837][ T2328] ? lock_downgrade+0x690/0x690 [ 3140.572717][ T2328] try_charge_memcg+0xf99/0x13a0 [ 3140.577662][ T2328] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3140.583652][ T2328] ? rcu_read_unlock+0x9/0x60 [ 3140.588330][ T2328] ? lock_downgrade+0x690/0x690 [ 3140.593192][ T2328] charge_memcg+0x90/0x3b0 [ 3140.597615][ T2328] __mem_cgroup_charge+0x2b/0x90 [ 3140.602550][ T2328] __handle_mm_fault+0x2296/0x41c0 [ 3140.607665][ T2328] ? vm_iomap_memory+0x190/0x190 [ 3140.612589][ T2328] ? mas_walk+0x58f/0x730 [ 3140.616923][ T2328] ? numa_migrate_prep+0x3a0/0x3a0 [ 3140.622029][ T2328] handle_mm_fault+0x2af/0x9f0 [ 3140.626789][ T2328] do_user_addr_fault+0x2ca/0x1210 [ 3140.631896][ T2328] ? rcu_is_watching+0x12/0xb0 [ 3140.636662][ T2328] exc_page_fault+0x98/0x170 [ 3140.641247][ T2328] asm_exc_page_fault+0x26/0x30 [ 3140.646098][ T2328] RIP: 0033:0x7f5d2ac3e171 [ 3140.650506][ T2328] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3140.670191][ T2328] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3140.676246][ T2328] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3140.684209][ T2328] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 [ 3140.692173][ T2328] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3140.700135][ T2328] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3140.708098][ T2328] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3140.716158][ T2328] 15:37:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x5c470500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3140.825257][ T2330] CPU: 0 PID: 2330 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3140.835620][ T2330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3140.845763][ T2330] Call Trace: [ 3140.849043][ T2330] [ 3140.851979][ T2330] dump_stack_lvl+0x136/0x150 [ 3140.856674][ T2330] warn_alloc+0x213/0x360 [ 3140.861016][ T2330] ? zone_watermark_ok_safe+0x2e0/0x2e0 [ 3140.866571][ T2330] ? find_held_lock+0x2d/0x110 [ 3140.871350][ T2330] ? lock_downgrade+0x690/0x690 [ 3140.876210][ T2330] ? mark_held_locks+0x9f/0xe0 [ 3140.880994][ T2330] __vmalloc_node_range+0x1021/0x14a0 [ 3140.886554][ T2330] ? alloc_netdev_mqs+0x9c/0x1250 [ 3140.891592][ T2330] ? delayed_vfree_work+0x70/0x70 [ 3140.896620][ T2330] ? __kmem_cache_alloc_node+0xb4/0x320 [ 3140.902176][ T2330] ? kvmalloc_node+0x76/0x1a0 [ 3140.906872][ T2330] ? rcu_is_watching+0x12/0xb0 [ 3140.911649][ T2330] ? alloc_netdev_mqs+0x9c/0x1250 [ 3140.916683][ T2330] kvmalloc_node+0x156/0x1a0 [ 3140.921286][ T2330] ? alloc_netdev_mqs+0x9c/0x1250 [ 3140.924056][ T2328] memory: usage 307200kB, limit 307200kB, failcnt 28880 [ 3140.926308][ T2330] alloc_netdev_mqs+0x9c/0x1250 [ 3140.926343][ T2330] ? security_capable+0x93/0xc0 [ 3140.926364][ T2330] ? br_netpoll_disable+0x60/0x60 [ 3140.926389][ T2330] rtnl_create_link+0xc17/0xf20 [ 3140.926415][ T2330] __rtnl_newlink+0xfd4/0x1840 [ 3140.926443][ T2330] ? find_held_lock+0x2d/0x110 [ 3140.926470][ T2330] ? rtnl_link_unregister+0x250/0x250 [ 3140.926494][ T2330] ? __kmem_cache_alloc_node+0x48/0x320 [ 3140.926538][ T2330] ? rtnl_newlink+0x4a/0xa0 [ 3140.926566][ T2330] rtnl_newlink+0x68/0xa0 [ 3140.926587][ T2330] ? __rtnl_newlink+0x1840/0x1840 [ 3140.926611][ T2330] rtnetlink_rcv_msg+0x43d/0xd50 [ 3140.926637][ T2330] ? rtnl_stats_set+0x4d0/0x4d0 [ 3140.926660][ T2330] ? find_held_lock+0x2d/0x110 [ 3140.926690][ T2330] ? rcu_preempt_deferred_qs_irqrestore+0x57b/0xd60 [ 3140.926716][ T2330] ? lock_downgrade+0x690/0x690 [ 3140.926748][ T2330] netlink_rcv_skb+0x165/0x440 [ 3140.926772][ T2330] ? rtnl_stats_set+0x4d0/0x4d0 [ 3140.926796][ T2330] ? netlink_ack+0x1360/0x1360 [ 3140.926817][ T2330] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 3140.926861][ T2330] ? __rcu_read_unlock+0x2a0/0x570 [ 3140.926884][ T2330] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3140.926911][ T2330] netlink_unicast+0x547/0x7f0 [ 3140.926937][ T2330] ? netlink_attachskb+0x890/0x890 [ 3140.926958][ T2330] ? __virt_addr_valid+0x61/0x2e0 [ 3140.926988][ T2330] ? __phys_addr_symbol+0x30/0x70 [ 3140.927017][ T2330] ? __check_object_size+0x323/0x730 [ 3140.927044][ T2330] netlink_sendmsg+0x925/0xe30 [ 3140.927072][ T2330] ? netlink_unicast+0x7f0/0x7f0 [ 3140.927106][ T2330] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3140.927129][ T2330] ? netlink_unicast+0x7f0/0x7f0 [ 3140.927152][ T2330] sock_sendmsg+0xde/0x190 [ 3140.927175][ T2330] ____sys_sendmsg+0x71c/0x900 [ 3140.927198][ T2330] ? copy_msghdr_from_user+0xfc/0x150 [ 3140.927223][ T2330] ? kernel_sendmsg+0x50/0x50 [ 3140.927248][ T2330] ? futex_unqueue+0xb7/0x120 [ 3140.927269][ T2330] ? futex_wait+0x503/0x680 [ 3140.927296][ T2330] ___sys_sendmsg+0x110/0x1b0 [ 3140.927323][ T2330] ? do_recvmmsg+0x6f0/0x6f0 [ 3140.927348][ T2330] ? __fget_files+0x248/0x480 [ 3140.927380][ T2330] ? lock_downgrade+0x690/0x690 [ 3140.927416][ T2330] ? __fget_files+0x26a/0x480 [ 3140.927451][ T2330] ? __fget_light+0xe5/0x270 [ 3140.927488][ T2330] __sys_sendmsg+0xf7/0x1c0 [ 3140.927514][ T2330] ? __sys_sendmsg_sock+0x40/0x40 [ 3140.927541][ T2330] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 3140.927583][ T2330] ? syscall_enter_from_user_mode+0x26/0x80 [ 3140.927607][ T2330] ? lockdep_hardirqs_on+0x7d/0x100 [ 3140.927634][ T2330] do_syscall_64+0x39/0xb0 [ 3140.927665][ T2330] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3140.927696][ T2330] RIP: 0033:0x7fcdfee8c169 [ 3140.927714][ T2330] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3140.927732][ T2330] RSP: 002b:00007fcdffb69168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3140.927754][ T2330] RAX: ffffffffffffffda RBX: 00007fcdfefabf80 RCX: 00007fcdfee8c169 [ 3140.927768][ T2330] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3140.927781][ T2330] RBP: 00007fcdfeee7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3140.927796][ T2330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3140.927809][ T2330] R13: 00007ffda41c1e2f R14: 00007fcdffb69300 R15: 0000000000022000 [ 3140.927834][ T2330] [ 3141.114456][ T2330] Mem-Info: [ 3141.199994][ T2328] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3141.424456][ T2328] Memory cgroup stats for /syz1: [ 3141.424676][ T2328] anon 438272 [ 3141.424676][ T2328] file 262144 [ 3141.424676][ T2328] kernel 313872384 [ 3141.424676][ T2328] kernel_stack 163840 [ 3141.424676][ T2328] pagetables 258048 [ 3141.424676][ T2328] sec_pagetables 0 [ 3141.424676][ T2328] percpu 5421792 [ 3141.424676][ T2328] sock 0 [ 3141.424676][ T2328] vmalloc 0 [ 3141.424676][ T2328] shmem 258048 [ 3141.424676][ T2328] zswap 0 [ 3141.424676][ T2328] zswapped 0 [ 3141.424676][ T2328] file_mapped 241664 [ 3141.424676][ T2328] file_dirty 4096 [ 3141.424676][ T2328] file_writeback 0 [ 3141.424676][ T2328] swapcached 0 [ 3141.424676][ T2328] anon_thp 0 [ 3141.424676][ T2328] file_thp 0 [ 3141.424676][ T2328] shmem_thp 0 [ 3141.424676][ T2328] inactive_anon 0 [ 3141.424676][ T2328] active_anon 696320 [ 3141.424676][ T2328] inactive_file 0 [ 3141.424676][ T2328] active_file 4096 [ 3141.424676][ T2328] unevictable 0 [ 3141.424676][ T2328] slab_reclaimable 34328 [ 3141.424676][ T2328] slab_unreclaimable 307909376 [ 3141.424676][ T2328] slab 307943704 [ 3141.424676][ T2328] workingset_refault_anon 0 [ 3141.424676][ T2328] workingset_refault_file 2 [ 3141.424676][ T2328] workingset_activate_anon 0 [ 3141.424676][ T2328] workingset_activate_file 0 [ 3141.424676][ T2328] workingset_restore_anon 0 [ 3141.424676][ T2328] workingset_restore_file 2 [ 3141.424676][ T2328] workingset_nodereclaim 0 [ 3141.424676][ T2328] pgscan 4873 [ 3141.424676][ T2328] pgsteal 107 [ 3141.424676][ T2328] pgscan_kswapd 92 [ 3141.424676][ T2328] pgscan_direct 4781 [ 3141.424676][ T2328] pgscan_khugepaged 0 [ 3141.424676][ T2328] pgsteal_kswapd 88 [ 3141.424676][ T2328] pgsteal_direct 19 [ 3141.424676][ T2328] pgsteal_khugepaged 0 [ 3141.424676][ T2328] pgfault 569114 [ 3141.424676][ T2328] pgmajfault 2 [ 3141.424676][ T2328] pgrefill 17545 [ 3141.424676][ T2328] pgactivate 4766 [ 3141.424676][ T2328] pgdeactivate 0 [ 3141.424676][ T2328] pglazyfree 0 [ 3141.424676][ T2328] pglazyfreed 0 [ 3141.424676][ T2328] zswpin 0 [ 3141.424676][ T2328] zswpout 0 [ 3141.615303][ T2330] active_anon:189629 inactive_anon:31604 isolated_anon:0 [ 3141.615303][ T2330] active_file:7513 inactive_file:1432 isolated_file:0 [ 3141.615303][ T2330] unevictable:768 dirty:36 writeback:0 [ 3141.615303][ T2330] slab_reclaimable:23926 slab_unreclaimable:614926 [ 3141.615303][ T2330] mapped:19968 shmem:27302 pagetables:2171 [ 3141.615303][ T2330] sec_pagetables:0 bounce:0 [ 3141.615303][ T2330] kernel_misc_reclaimable:0 [ 3141.615303][ T2330] free:660682 free_pcp:11553 free_cma:0 [ 3141.709882][ T2328] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=2325,uid=0 [ 3141.726316][ T2328] Memory cgroup out of memory: Killed process 2325 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 3141.735642][ T2330] Node 0 active_anon:754276kB inactive_anon:126144kB active_file:28796kB inactive_file:496kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:79872kB dirty:120kB writeback:0kB shmem:105352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 49152kB writeback_tmp:0kB kernel_stack:11608kB pagetables:7620kB sec_pagetables:0kB all_unreclaimable? no [ 3141.811900][ T2330] Node 1 active_anon:4240kB inactive_anon:272kB active_file:1256kB inactive_file:5232kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:24kB writeback:0kB shmem:3856kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:1152kB pagetables:1064kB sec_pagetables:0kB all_unreclaimable? no [ 3141.833262][ T2324] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 15:37:53 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x4500}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3141.933747][ T2330] Node 0 DMA free:10708kB boost:0kB min:200kB low:248kB high:296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:64kB free_cma:0kB [ 3141.996388][ T2324] CPU: 1 PID: 2324 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3141.996413][ T2324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3141.996422][ T2324] Call Trace: [ 3141.996427][ T2324] [ 3141.996434][ T2324] dump_stack_lvl+0x136/0x150 [ 3141.996465][ T2324] dump_header+0x10a/0xd70 [ 3141.996484][ T2324] oom_kill_process+0x25d/0x600 [ 3141.996502][ T2324] out_of_memory+0x35c/0x1660 [ 3141.996520][ T2324] ? find_held_lock+0x2d/0x110 [ 3141.996540][ T2324] ? oom_killer_disable+0x2b0/0x2b0 [ 3141.996556][ T2324] ? rcu_read_unlock+0x9/0x60 [ 3141.996575][ T2324] ? find_held_lock+0x2d/0x110 [ 3141.996595][ T2324] mem_cgroup_out_of_memory+0x206/0x270 [ 3141.996617][ T2324] ? mem_cgroup_margin+0x130/0x130 [ 3141.996637][ T2324] ? lock_downgrade+0x690/0x690 [ 3141.996666][ T2324] try_charge_memcg+0xf99/0x13a0 [ 3141.996694][ T2324] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3141.996718][ T2324] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3141.996740][ T2324] ? lock_downgrade+0x690/0x690 [ 3141.996763][ T2324] ? lock_downgrade+0x690/0x690 [ 3141.996795][ T2324] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3141.996821][ T2324] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3141.996846][ T2324] copy_process+0x4f9/0x75c0 [ 3141.996869][ T2324] ? __lock_acquire+0xc17/0x5f30 [ 3141.996895][ T2324] ? pidfd_prepare+0x80/0x80 [ 3141.996920][ T2324] ? psi_memstall_leave+0x174/0x250 [ 3141.996936][ T2324] ? lock_downgrade+0x690/0x690 [ 3141.996962][ T2324] kernel_clone+0xeb/0x890 [ 3141.996984][ T2324] ? create_io_thread+0xe0/0xe0 [ 3141.997006][ T2324] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3141.997028][ T2324] ? lock_downgrade+0x690/0x690 [ 3141.997056][ T2324] __do_sys_clone+0xba/0x100 [ 3141.997077][ T2324] ? kernel_clone+0x890/0x890 [ 3141.997111][ T2324] ? syscall_enter_from_user_mode+0x26/0x80 [ 3141.997136][ T2324] do_syscall_64+0x39/0xb0 [ 3141.997160][ T2324] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3141.997184][ T2324] RIP: 0033:0x7fcdfee8d591 [ 3141.997198][ T2324] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3141.997214][ T2324] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3141.997231][ T2324] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3141.997243][ T2324] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3141.997253][ T2324] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3141.997264][ T2324] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3141.997274][ T2324] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3141.997295][ T2324] [ 3141.997412][ T2324] memory: usage 307200kB, limit 307200kB, failcnt 40854 [ 3141.997425][ T2324] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3141.997435][ T2324] Memory cgroup stats for /syz4: [ 3141.997570][ T2324] anon 2142208 [ 3141.997570][ T2324] file 7716864 [ 3141.997570][ T2324] kernel 304713728 [ 3141.997570][ T2324] kernel_stack 688128 [ 3141.997570][ T2324] pagetables 1171456 [ 3141.997570][ T2324] sec_pagetables 0 [ 3141.997570][ T2324] percpu 5219168 [ 3141.997570][ T2324] sock 0 [ 3141.997570][ T2324] vmalloc 12288 [ 3141.997570][ T2324] shmem 7716864 [ 3141.997570][ T2324] zswap 0 [ 3141.997570][ T2324] zswapped 0 [ 3141.997570][ T2324] file_mapped 196608 [ 3141.997570][ T2324] file_dirty 0 [ 3141.997570][ T2324] file_writeback 0 [ 3141.997570][ T2324] swapcached 0 [ 3141.997570][ T2324] anon_thp 0 [ 3141.997570][ T2324] file_thp 0 [ 3141.997570][ T2324] shmem_thp 0 [ 3141.997570][ T2324] inactive_anon 9596928 [ 3141.997570][ T2324] active_anon 262144 [ 3141.997570][ T2324] inactive_file 0 [ 3141.997570][ T2324] active_file 0 [ 3141.997570][ T2324] unevictable 0 [ 3141.997570][ T2324] slab_reclaimable 172672 [ 3141.997570][ T2324] slab_unreclaimable 297105376 [ 3141.997570][ T2324] slab 297278048 [ 3141.997570][ T2324] workingset_refault_anon 0 [ 3141.997570][ T2324] workingset_refault_file 0 [ 3141.997570][ T2324] workingset_activate_anon 0 [ 3141.997570][ T2324] workingset_activate_file 0 [ 3141.997570][ T2324] workingset_restore_anon 0 [ 3141.997570][ T2324] workingset_restore_file 0 [ 3141.997570][ T2324] workingset_nodereclaim 0 [ 3141.997570][ T2324] pgscan 116 [ 3141.997570][ T2324] pgsteal 111 [ 3141.997570][ T2324] pgscan_kswapd 99 [ 3141.997570][ T2324] pgscan_direct 17 [ 3141.997570][ T2324] pgscan_khugepaged 0 [ 3141.997570][ T2324] pgsteal_kswapd 97 [ 3141.997570][ T2324] pgsteal_direct 14 [ 3141.997570][ T2324] pgsteal_khugepaged 0 [ 3141.997570][ T2324] pgfault 697582 [ 3141.997570][ T2324] pgmajfault 6 [ 3141.997570][ T2324] pgrefill 593 [ 3141.997570][ T2324] pgactivate 5 [ 3141.997570][ T2324] pgdeactivate 0 [ 3141.997570][ T2324] pglazyfree 0 [ 3141.997570][ T2324] pglazyfreed 0 [ 3141.997570][ T2324] zswpin 0 [ 3141.997570][ T2324] zswpout 0 [ 3141.997612][ T2324] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=2324,uid=0 [ 3141.997705][ T2324] Memory cgroup out of memory: Killed process 2324 (syz-executor.4) total-vm:54680kB, anon-rss:460kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3142.130600][ T2439] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3142.258448][ T2330] lowmem_reserve[]: [ 3142.564424][ T2439] CPU: 1 PID: 2439 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3142.578567][ T2439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3142.588621][ T2439] Call Trace: [ 3142.591901][ T2439] [ 3142.594829][ T2439] dump_stack_lvl+0x136/0x150 [ 3142.599517][ T2439] dump_header+0x10a/0xd70 [ 3142.603934][ T2439] oom_kill_process+0x25d/0x600 [ 3142.608783][ T2439] out_of_memory+0x35c/0x1660 [ 3142.613456][ T2439] ? find_held_lock+0x2d/0x110 [ 3142.618220][ T2439] ? oom_killer_disable+0x2b0/0x2b0 [ 3142.623417][ T2439] ? rcu_read_unlock+0x9/0x60 [ 3142.628101][ T2439] ? find_held_lock+0x2d/0x110 [ 3142.632869][ T2439] mem_cgroup_out_of_memory+0x206/0x270 [ 3142.638421][ T2439] ? mem_cgroup_margin+0x130/0x130 [ 3142.643533][ T2439] ? lock_downgrade+0x690/0x690 [ 3142.648408][ T2439] try_charge_memcg+0xf99/0x13a0 [ 3142.653345][ T2439] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3142.659325][ T2439] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3142.665051][ T2439] ? lock_downgrade+0x690/0x690 [ 3142.669918][ T2439] ? lock_downgrade+0x690/0x690 [ 3142.674771][ T2439] ? rcu_read_unlock+0x9/0x60 [ 3142.679448][ T2439] obj_cgroup_charge+0x2af/0x5e0 [ 3142.684390][ T2439] ? copy_process+0x3c0/0x75c0 [ 3142.689155][ T2439] kmem_cache_alloc_node+0xa8/0x3e0 [ 3142.694363][ T2439] copy_process+0x3c0/0x75c0 [ 3142.698958][ T2439] ? __lock_acquire+0xc17/0x5f30 [ 3142.703904][ T2439] ? pidfd_prepare+0x80/0x80 [ 3142.708504][ T2439] ? psi_memstall_leave+0x174/0x250 [ 3142.713697][ T2439] ? lock_downgrade+0x690/0x690 [ 3142.718726][ T2439] kernel_clone+0xeb/0x890 [ 3142.723143][ T2439] ? create_io_thread+0xe0/0xe0 [ 3142.727998][ T2439] ? percpu_ref_put_many.constprop.0+0x6a/0x1b0 [ 3142.734240][ T2439] ? lock_downgrade+0x690/0x690 [ 3142.739099][ T2439] __do_sys_clone+0xba/0x100 [ 3142.743695][ T2439] ? kernel_clone+0x890/0x890 [ 3142.748379][ T2439] ? syscall_enter_from_user_mode+0x26/0x80 [ 3142.754276][ T2439] do_syscall_64+0x39/0xb0 [ 3142.758699][ T2439] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3142.764595][ T2439] RIP: 0033:0x7f5bd068d591 [ 3142.769006][ T2439] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3142.788611][ T2439] RSP: 002b:00007fffe74b1648 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3142.797023][ T2439] RAX: ffffffffffffffda RBX: 00007f5bcf1fe700 RCX: 00007f5bd068d591 [ 3142.805014][ T2439] RDX: 00007f5bcf1fe9d0 RSI: 00007f5bcf1fe2f0 RDI: 00000000003d0f00 [ 3142.812983][ T2439] RBP: 00007fffe74b1890 R08: 00007f5bcf1fe700 R09: 00007f5bcf1fe700 [ 3142.820949][ T2439] R10: 00007f5bcf1fe9d0 R11: 0000000000000206 R12: 00007fffe74b16fe [ 3142.828916][ T2439] R13: 00007fffe74b16ff R14: 00007f5bcf1fe300 R15: 0000000000022000 [ 3142.836895][ T2439] [ 3142.884932][ T1211] ieee802154 phy0 wpan0: encryption failed: -22 [ 3142.891245][ T1211] ieee802154 phy1 wpan1: encryption failed: -22 [ 3142.932803][ T2330] 0 2617 2619 2619 2619 [ 3142.937122][ T2330] Node 0 DMA32 free:44056kB boost:0kB min:35440kB low:44300kB high:53160kB reserved_highatomic:0KB active_anon:753664kB inactive_anon:126712kB active_file:27568kB inactive_file:416kB unevictable:1536kB writepending:16kB present:3129332kB managed:2684936kB mlocked:0kB bounce:0kB free_pcp:23220kB local_pcp:15296kB free_cma:0kB [ 3143.011328][ T2330] lowmem_reserve[]: 0 0 1 1 1 [ 3143.021994][ T2330] Node 0 Normal free:16kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:40kB inactive_anon:4kB active_file:1228kB inactive_file:76kB unevictable:0kB writepending:4kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 3143.100412][ T2439] memory: usage 307180kB, limit 307200kB, failcnt 28340 [ 3143.122498][ T2439] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3143.140878][ T2439] Memory cgroup stats for /syz2: [ 3143.141026][ T2439] anon 114688 [ 3143.141026][ T2439] file 8388608 [ 3143.141026][ T2439] kernel 306049024 [ 3143.141026][ T2439] kernel_stack 65536 [ 3143.141026][ T2439] pagetables 73728 [ 3143.141026][ T2439] sec_pagetables 0 [ 3143.141026][ T2439] percpu 5294912 [ 3143.141026][ T2439] sock 0 [ 3143.141026][ T2439] vmalloc 16384 [ 3143.141026][ T2439] shmem 8380416 [ 3143.141026][ T2439] zswap 0 [ 3143.141026][ T2439] zswapped 0 [ 3143.141026][ T2439] file_mapped 286720 [ 3143.141026][ T2439] file_dirty 0 [ 3143.141026][ T2439] file_writeback 0 [ 3143.141026][ T2439] swapcached 0 [ 3143.141026][ T2439] anon_thp 0 [ 3143.141026][ T2439] file_thp 0 [ 3143.141026][ T2439] shmem_thp 0 [ 3143.141026][ T2439] inactive_anon 8421376 [ 3143.141026][ T2439] active_anon 73728 [ 3143.141026][ T2439] inactive_file 8192 [ 3143.141026][ T2439] active_file 0 [ 3143.141026][ T2439] unevictable 0 [ 3143.141026][ T2439] slab_reclaimable 39288 [ 3143.141026][ T2439] slab_unreclaimable 300525664 [ 3143.141026][ T2439] slab 300564952 [ 3143.141026][ T2439] workingset_refault_anon 0 [ 3143.141026][ T2439] workingset_refault_file 2 [ 3143.141026][ T2439] workingset_activate_anon 0 [ 3143.141026][ T2439] workingset_activate_file 0 [ 3143.141026][ T2439] workingset_restore_anon 0 [ 3143.141026][ T2439] workingset_restore_file 2 [ 3143.141026][ T2439] workingset_nodereclaim 0 [ 3143.141026][ T2439] pgscan 8697 [ 3143.141026][ T2439] pgsteal 122 [ 3143.141026][ T2439] pgscan_kswapd 106 [ 3143.141026][ T2439] pgscan_direct 8591 [ 3143.141026][ T2439] pgscan_khugepaged 0 [ 3143.141026][ T2439] pgsteal_kswapd 97 [ 3143.141026][ T2439] pgsteal_direct 25 [ 3143.141026][ T2439] pgsteal_khugepaged 0 [ 3143.141026][ T2439] pgfault 696577 [ 3143.141026][ T2439] pgmajfault 0 [ 3143.141026][ T2439] pgrefill 34207 [ 3143.141026][ T2439] pgactivate 8575 [ 3143.141026][ T2439] pgdeactivate 0 [ 3143.141026][ T2439] pglazyfree 0 [ 3143.141026][ T2439] pglazyfreed 0 [ 3143.141026][ T2439] zswpin 0 [ 3143.141026][ T2439] zswpout 0 [ 3143.159569][ T2330] lowmem_reserve[]: [ 3143.439629][ T2439] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 3143.441308][ T2330] 0 [ 3143.443542][ T2439] ,cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2439,uid=0 [ 3143.464455][ T2330] 0 0 0 0 [ 3143.491667][ T2439] Memory cgroup out of memory: Killed process 2439 (syz-executor.2) total-vm:54680kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3143.543144][ T2330] Node 1 Normal free:2587948kB boost:0kB min:54444kB low:68052kB high:81660kB reserved_highatomic:0KB active_anon:4316kB inactive_anon:188kB active_file:1256kB inactive_file:5232kB unevictable:1536kB writepending:24kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:24052kB local_pcp:13196kB free_cma:0kB [ 3143.588522][ T2528] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3143.588548][ T2528] CPU: 0 PID: 2528 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3143.588566][ T2528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3143.588575][ T2528] Call Trace: [ 3143.588581][ T2528] [ 3143.588587][ T2528] dump_stack_lvl+0x136/0x150 [ 3143.588616][ T2528] dump_header+0x10a/0xd70 [ 3143.588636][ T2528] oom_kill_process+0x25d/0x600 [ 3143.588653][ T2528] out_of_memory+0x35c/0x1660 [ 3143.588671][ T2528] ? find_held_lock+0x2d/0x110 [ 3143.588692][ T2528] ? oom_killer_disable+0x2b0/0x2b0 [ 3143.588709][ T2528] ? rcu_read_unlock+0x9/0x60 [ 3143.588727][ T2528] ? find_held_lock+0x2d/0x110 [ 3143.588747][ T2528] mem_cgroup_out_of_memory+0x206/0x270 [ 3143.588768][ T2528] ? mem_cgroup_margin+0x130/0x130 [ 3143.588788][ T2528] ? lock_downgrade+0x690/0x690 [ 3143.588817][ T2528] try_charge_memcg+0xf99/0x13a0 15:37:55 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1d00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x4600}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3143.588845][ T2528] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3143.588873][ T2528] ? rcu_read_unlock+0x9/0x60 [ 3143.588891][ T2528] ? lock_downgrade+0x690/0x690 [ 3143.588924][ T2528] charge_memcg+0x90/0x3b0 [ 3143.588949][ T2528] __mem_cgroup_charge+0x2b/0x90 [ 3143.588965][ T2528] do_wp_page+0x8ea/0x33c0 [ 3143.588985][ T2528] ? lock_sync+0x190/0x190 [ 3143.589005][ T2528] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3143.589023][ T2528] ? do_raw_spin_lock+0x124/0x2b0 [ 3143.589045][ T2528] ? spin_bug+0x1c0/0x1c0 [ 3143.589076][ T2528] __handle_mm_fault+0x1635/0x41c0 [ 3143.589097][ T2528] ? vm_iomap_memory+0x190/0x190 [ 3143.589113][ T2528] ? mas_walk+0x58f/0x730 [ 3143.589138][ T2528] ? numa_migrate_prep+0x3a0/0x3a0 [ 3143.589152][ T2528] ? do_user_addr_fault+0x367/0x1210 [ 3143.589177][ T2528] handle_mm_fault+0x2af/0x9f0 [ 3143.589198][ T2528] do_user_addr_fault+0x2ca/0x1210 [ 3143.589218][ T2528] ? rcu_is_watching+0x12/0xb0 [ 3143.589244][ T2528] exc_page_fault+0x98/0x170 [ 3143.589264][ T2528] asm_exc_page_fault+0x26/0x30 [ 3143.589288][ T2528] RIP: 0033:0x7f5d2ac39610 [ 3143.589301][ T2528] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3143.589316][ T2528] RSP: 002b:00007ffc24e00390 EFLAGS: 00010246 [ 3143.589330][ T2528] RAX: 0000000048ac4d0b RBX: 00007f5d2adac0e8 RCX: 0000001b2dc20000 [ 3143.589341][ T2528] RDX: 0000000000000000 RSI: 0000001b2dc20018 RDI: 0000000000000022 [ 3143.589352][ T2528] RBP: 0000000048ac4d0b R08: 0000000000000d0b R09: 0000000048ac4d0f [ 3143.589361][ T2528] R10: 00007ffc24e00550 R11: 0000000000000246 R12: 00007f5d2ada0000 [ 3143.589372][ T2528] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff88050461 [ 3143.589382][ T2528] ? __x64_sys_socket+0x11/0xb0 [ 3143.589410][ T2528] [ 3143.590351][ T2528] memory: usage 307200kB, limit 307200kB, failcnt 28994 [ 3143.590364][ T2528] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3143.590374][ T2528] Memory cgroup stats for /syz1: [ 3143.590511][ T2528] anon 397312 [ 3143.590511][ T2528] file 262144 [ 3143.590511][ T2528] kernel 313913344 [ 3143.590511][ T2528] kernel_stack 196608 [ 3143.590511][ T2528] pagetables 249856 [ 3143.590511][ T2528] sec_pagetables 0 [ 3143.590511][ T2528] percpu 5421856 [ 3143.590511][ T2528] sock 0 [ 3143.590511][ T2528] vmalloc 0 [ 3143.590511][ T2528] shmem 258048 [ 3143.590511][ T2528] zswap 0 [ 3143.590511][ T2528] zswapped 0 [ 3143.590511][ T2528] file_mapped 241664 [ 3143.590511][ T2528] file_dirty 0 [ 3143.590511][ T2528] file_writeback 0 [ 3143.590511][ T2528] swapcached 0 [ 3143.590511][ T2528] anon_thp 0 [ 3143.590511][ T2528] file_thp 0 [ 3143.590511][ T2528] shmem_thp 0 [ 3143.590511][ T2528] inactive_anon 589824 [ 3143.590511][ T2528] active_anon 65536 [ 3143.590511][ T2528] inactive_file 0 [ 3143.590511][ T2528] active_file 4096 [ 3143.590511][ T2528] unevictable 0 [ 3143.590511][ T2528] slab_reclaimable 34328 [ 3143.590511][ T2528] slab_unreclaimable 307921280 [ 3143.590511][ T2528] slab 307955608 [ 3143.590511][ T2528] workingset_refault_anon 0 [ 3143.590511][ T2528] workingset_refault_file 2 [ 3143.590511][ T2528] workingset_activate_anon 0 [ 3143.590511][ T2528] workingset_activate_file 0 [ 3143.590511][ T2528] workingset_restore_anon 0 [ 3143.590511][ T2528] workingset_restore_file 2 [ 3143.590511][ T2528] workingset_nodereclaim 0 [ 3143.590511][ T2528] pgscan 4884 [ 3143.590511][ T2528] pgsteal 107 [ 3143.590511][ T2528] pgscan_kswapd 92 [ 3143.590511][ T2528] pgscan_direct 4792 [ 3143.590511][ T2528] pgscan_khugepaged 0 [ 3143.590511][ T2528] pgsteal_kswapd 88 [ 3143.590511][ T2528] pgsteal_direct 19 [ 3143.590511][ T2528] pgsteal_khugepaged 0 [ 3143.590511][ T2528] pgfault 569160 [ 3143.590511][ T2528] pgmajfault 2 [ 3143.590511][ T2528] pgrefill 17623 [ 3143.590511][ T2528] pgactivate 4777 [ 3143.590511][ T2528] pgdeactivate 0 [ 3143.590511][ T2528] pglazyfree 0 [ 3143.590511][ T2528] pglazyfreed 0 [ 3143.590511][ T2528] zswpin 0 [ 3143.590511][ T2528] zswpout 0 [ 3143.590640][ T2528] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=2528,uid=0 [ 3143.590742][ T2528] Memory cgroup out of memory: Killed process 2528 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3143.825715][ T5037] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3143.970753][ T2330] lowmem_reserve[]: [ 3144.206320][ T29] oom_reaper: reaped process 2324 (syz-executor.4), now anon-rss:0kB, file-rss:8080kB, shmem-rss:0kB [ 3144.241932][ T5037] CPU: 1 PID: 5037 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3144.252276][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3144.257207][ T2330] 0 [ 3144.262312][ T5037] Call Trace: [ 3144.262319][ T5037] [ 3144.262327][ T5037] dump_stack_lvl+0x136/0x150 [ 3144.265117][ T2330] 0 [ 3144.268089][ T5037] dump_header+0x10a/0xd70 [ 3144.268118][ T5037] oom_kill_process+0x25d/0x600 [ 3144.268142][ T5037] out_of_memory+0x35c/0x1660 [ 3144.271127][ T2330] 0 [ 3144.275698][ T5037] ? find_held_lock+0x2d/0x110 [ 3144.275732][ T5037] ? oom_killer_disable+0x2b0/0x2b0 [ 3144.275758][ T5037] ? rcu_read_unlock+0x9/0x60 [ 3144.278513][ T2330] 0 [ 3144.282718][ T5037] ? find_held_lock+0x2d/0x110 [ 3144.282754][ T5037] mem_cgroup_out_of_memory+0x206/0x270 [ 3144.287691][ T2330] 0 [ 3144.292236][ T5037] ? mem_cgroup_margin+0x130/0x130 [ 3144.292268][ T5037] ? lock_downgrade+0x690/0x690 [ 3144.334029][ T2330] [ 3144.334494][ T5037] try_charge_memcg+0xf99/0x13a0 [ 3144.336920][ T2330] Node 0 [ 3144.341705][ T5037] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3144.341743][ T5037] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3144.356410][ T5037] ? lock_downgrade+0x690/0x690 [ 3144.361266][ T5037] ? lock_downgrade+0x690/0x690 [ 3144.366128][ T5037] obj_cgroup_charge+0x2af/0x5e0 [ 3144.371070][ T5037] ? vm_area_dup+0x23/0x300 [ 3144.375574][ T5037] kmem_cache_alloc+0xb1/0x3b0 [ 3144.380335][ T5037] vm_area_dup+0x23/0x300 [ 3144.384657][ T5037] dup_mmap+0x713/0x19d0 [ 3144.388896][ T5037] ? replace_mm_exe_file+0x4c0/0x4c0 [ 3144.394178][ T5037] ? lockdep_hardirqs_on+0x7d/0x100 [ 3144.399368][ T5037] ? mm_init+0xc7a/0x1030 [ 3144.403693][ T5037] copy_process+0x6663/0x75c0 [ 3144.408374][ T5037] ? pidfd_prepare+0x80/0x80 [ 3144.412960][ T5037] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3144.418952][ T5037] kernel_clone+0xeb/0x890 [ 3144.423363][ T5037] ? create_io_thread+0xe0/0xe0 [ 3144.428203][ T5037] ? do_user_addr_fault+0x2b1/0x1210 [ 3144.433478][ T5037] ? reacquire_held_locks+0x216/0x4e0 [ 3144.438841][ T5037] ? do_user_addr_fault+0x2b1/0x1210 [ 3144.444121][ T5037] ? find_held_lock+0x2d/0x110 [ 3144.448877][ T5037] __do_sys_clone+0xba/0x100 [ 3144.453459][ T5037] ? kernel_clone+0x890/0x890 [ 3144.458136][ T5037] ? syscall_enter_from_user_mode+0x26/0x80 [ 3144.464022][ T5037] do_syscall_64+0x39/0xb0 [ 3144.468433][ T5037] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3144.474319][ T5037] RIP: 0033:0x7f5bd0689e9b [ 3144.478721][ T5037] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 [ 3144.498314][ T5037] RSP: 002b:00007fffe74b1940 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3144.506711][ T5037] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5bd0689e9b [ 3144.514668][ T5037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3144.522622][ T5037] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555556edf400 [ 3144.530578][ T5037] R10: 0000555556edf6d0 R11: 0000000000000246 R12: 0000000000000001 [ 3144.538534][ T5037] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fffe74b1a20 [ 3144.546508][ T5037] [ 3144.648937][ T2330] DMA: 3*4kB (UE) 3*8kB (UME) 1*16kB (M) 1*32kB (E) 2*64kB (ME) 4*128kB (UME) 3*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10708kB [ 3144.664884][ T2330] Node 0 DMA32: 500*4kB (UME) 427*8kB (ME) 171*16kB (ME) 156*32kB (UME) 47*64kB (UME) 20*128kB (UME) 11*256kB (UME) 8*512kB (ME) 6*1024kB (UM) 6*2048kB (M) 0*4096kB = 44056kB [ 3144.682498][ T2330] Node 0 Normal: 4*4kB (UM) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 3144.682670][ T5037] memory: usage 307072kB, limit 307200kB, failcnt 28442 [ 3144.694662][ T2330] Node 1 Normal: 413*4kB (M) 1033*8kB (UME) 521*16kB (UME) 225*32kB (ME) 149*64kB (ME) 91*128kB (UME) 69*256kB (UME) 43*512kB (UM) 29*1024kB (UM) 11*2048kB (UM) 598*4096kB (UM) = 2587948kB [ 3144.694865][ T2330] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3144.694885][ T2330] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3144.694904][ T2330] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3144.694922][ T2330] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3144.694940][ T2330] 36047 total pagecache pages [ 3144.694950][ T2330] 0 pages in swap cache [ 3144.694958][ T2330] Free swap = 0kB [ 3144.694966][ T2330] Total swap = 0kB [ 3144.694974][ T2330] 2097051 pages RAM [ 3144.694983][ T2330] 0 pages HighMem/MovableOnly [ 3144.694991][ T2330] 392162 pages reserved [ 3144.694999][ T2330] 0 pages cma reserved 15:37:56 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb7940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3144.835951][ T2442] __nla_validate_parse: 1 callbacks suppressed [ 3144.835965][ T2442] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 15:37:56 executing program 5: r0 = socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ip_vti0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'gre0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_GET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="28000000100001045f963ebc0000008000000000", @ANYRES32=r3, @ANYBLOB="2191e4000000000708000a00", @ANYRES32=r5], 0x28}}, 0x0) 15:37:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x600) [ 3144.951669][ T5037] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3145.012786][ T5037] Memory cgroup stats for /syz2: [ 3145.013178][ T5037] anon 57344 [ 3145.013178][ T5037] file 8388608 [ 3145.013178][ T5037] kernel 305995776 [ 3145.013178][ T5037] kernel_stack 32768 [ 3145.013178][ T5037] pagetables 57344 [ 3145.013178][ T5037] sec_pagetables 0 [ 3145.013178][ T5037] percpu 5294976 [ 3145.013178][ T5037] sock 0 [ 3145.013178][ T5037] vmalloc 16384 [ 3145.013178][ T5037] shmem 8380416 [ 3145.013178][ T5037] zswap 0 [ 3145.013178][ T5037] zswapped 0 [ 3145.013178][ T5037] file_mapped 286720 [ 3145.013178][ T5037] file_dirty 0 [ 3145.013178][ T5037] file_writeback 0 [ 3145.013178][ T5037] swapcached 0 [ 3145.013178][ T5037] anon_thp 0 [ 3145.013178][ T5037] file_thp 0 [ 3145.013178][ T5037] shmem_thp 0 [ 3145.013178][ T5037] inactive_anon 8417280 [ 3145.013178][ T5037] active_anon 20480 [ 3145.013178][ T5037] inactive_file 0 [ 3145.013178][ T5037] active_file 8192 [ 3145.013178][ T5037] unevictable 0 15:37:57 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x55470500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3145.013178][ T5037] slab_reclaimable 33456 [ 3145.013178][ T5037] slab_unreclaimable 300525032 [ 3145.013178][ T5037] slab 300558488 [ 3145.013178][ T5037] workingset_refault_anon 0 [ 3145.013178][ T5037] workingset_refault_file 2 [ 3145.013178][ T5037] workingset_activate_anon 0 [ 3145.013178][ T5037] workingset_activate_file 0 [ 3145.013178][ T5037] workingset_restore_anon 0 [ 3145.013178][ T5037] workingset_restore_file 2 [ 3145.013178][ T5037] workingset_nodereclaim 0 [ 3145.013178][ T5037] pgscan 8831 [ 3145.013178][ T5037] pgsteal 122 [ 3145.013178][ T5037] pgscan_kswapd 106 [ 3145.013178][ T5037] pgscan_direct 8725 [ 3145.013178][ T5037] pgscan_khugepaged 0 [ 3145.013178][ T5037] pgsteal_kswapd 97 [ 3145.013178][ T5037] pgsteal_direct 25 [ 3145.013178][ T5037] pgsteal_khugepaged 0 [ 3145.013178][ T5037] pgfault 696586 [ 3145.013178][ T5037] pgmajfault 0 [ 3145.013178][ T5037] pgrefill 34207 [ 3145.013178][ T5037] pgactivate 8709 [ 3145.013178][ T5037] pgdeactivate 0 [ 3145.013178][ T5037] pglazyfree 0 [ 3145.013178][ T5037] pglazyfreed 0 [ 3145.013178][ T5037] zswpin 0 [ 3145.013178][ T5037] zswpout 0 15:37:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x5c470500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3145.273258][ T5037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=5037,uid=0 [ 3145.294817][ T2557] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 15:37:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x700) [ 3145.364964][ T2559] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3145.386876][ T5037] Memory cgroup out of memory: Killed process 5037 (syz-executor.2) total-vm:50576kB, anon-rss:368kB, file-rss:9088kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 3145.415504][ T2560] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3145.526217][ T2571] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3145.543173][ T2562] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3145.588195][ T2571] CPU: 0 PID: 2571 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3145.598537][ T2571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3145.608682][ T2571] Call Trace: [ 3145.611957][ T2571] [ 3145.614893][ T2571] dump_stack_lvl+0x136/0x150 [ 3145.619587][ T2571] dump_header+0x10a/0xd70 [ 3145.624105][ T2571] oom_kill_process+0x25d/0x600 [ 3145.628953][ T2571] out_of_memory+0x35c/0x1660 [ 3145.633635][ T2571] ? find_held_lock+0x2d/0x110 [ 3145.638403][ T2571] ? oom_killer_disable+0x2b0/0x2b0 [ 3145.643686][ T2571] ? rcu_read_unlock+0x9/0x60 [ 3145.648365][ T2571] ? find_held_lock+0x2d/0x110 [ 3145.653136][ T2571] mem_cgroup_out_of_memory+0x206/0x270 [ 3145.658690][ T2571] ? mem_cgroup_margin+0x130/0x130 [ 3145.663809][ T2571] ? lock_downgrade+0x690/0x690 [ 3145.668697][ T2571] try_charge_memcg+0xf99/0x13a0 [ 3145.673646][ T2571] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3145.679633][ T2571] ? rcu_read_unlock+0x9/0x60 [ 3145.684314][ T2571] ? lock_downgrade+0x690/0x690 [ 3145.689182][ T2571] charge_memcg+0x90/0x3b0 [ 3145.693609][ T2571] __mem_cgroup_charge+0x2b/0x90 [ 3145.698542][ T2571] __handle_mm_fault+0x2296/0x41c0 [ 3145.703658][ T2571] ? vm_iomap_memory+0x190/0x190 [ 3145.708592][ T2571] ? mas_walk+0x58f/0x730 [ 3145.712930][ T2571] ? numa_migrate_prep+0x3a0/0x3a0 [ 3145.718044][ T2571] handle_mm_fault+0x2af/0x9f0 [ 3145.722818][ T2571] do_user_addr_fault+0x2ca/0x1210 [ 3145.728024][ T2571] ? rcu_is_watching+0x12/0xb0 [ 3145.732819][ T2571] exc_page_fault+0x98/0x170 [ 3145.737409][ T2571] asm_exc_page_fault+0x26/0x30 [ 3145.742271][ T2571] RIP: 0033:0x7f5d2ac3e171 [ 3145.746687][ T2571] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3145.766385][ T2571] RSP: 002b:00007f5d2ba0c000 EFLAGS: 00010206 [ 3145.772455][ T2571] RAX: 0000000000000001 RBX: 00007f5d2ba0c0f0 RCX: 0000000000000000 [ 3145.780425][ T2571] RDX: 0000000000000020 RSI: 00007f5d2ba0c140 RDI: 0000000000000004 15:37:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x900) 15:37:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x34510500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3145.788395][ T2571] RBP: 0000000000000000 R08: 00007f5d2ba0c054 R09: 000000000000000c [ 3145.796365][ T2571] R10: 0000000000000000 R11: 00000000200003cf R12: 00007f5d2ba0c0a8 [ 3145.804342][ T2571] R13: 00007f5d2ba0c140 R14: 0000000000000004 R15: 0000000000000000 [ 3145.812312][ T2571] [ 3145.871865][ T2571] memory: usage 307200kB, limit 307200kB, failcnt 29133 [ 3145.891095][ T2571] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3145.903978][ T2571] Memory cgroup stats for /syz1: [ 3145.904142][ T2571] anon 434176 [ 3145.904142][ T2571] file 262144 [ 3145.904142][ T2571] kernel 313876480 [ 3145.904142][ T2571] kernel_stack 163840 [ 3145.904142][ T2571] pagetables 258048 [ 3145.904142][ T2571] sec_pagetables 0 [ 3145.904142][ T2571] percpu 5421856 [ 3145.904142][ T2571] sock 0 [ 3145.904142][ T2571] vmalloc 0 [ 3145.904142][ T2571] shmem 258048 [ 3145.904142][ T2571] zswap 0 [ 3145.904142][ T2571] zswapped 0 [ 3145.904142][ T2571] file_mapped 241664 [ 3145.904142][ T2571] file_dirty 0 [ 3145.904142][ T2571] file_writeback 0 [ 3145.904142][ T2571] swapcached 0 [ 3145.904142][ T2571] anon_thp 0 [ 3145.904142][ T2571] file_thp 0 [ 3145.904142][ T2571] shmem_thp 0 [ 3145.904142][ T2571] inactive_anon 0 [ 3145.904142][ T2571] active_anon 692224 [ 3145.904142][ T2571] inactive_file 0 [ 3145.904142][ T2571] active_file 4096 [ 3145.904142][ T2571] unevictable 0 [ 3145.904142][ T2571] slab_reclaimable 34328 [ 3145.904142][ T2571] slab_unreclaimable 307912352 [ 3145.904142][ T2571] slab 307946680 [ 3145.904142][ T2571] workingset_refault_anon 0 [ 3145.904142][ T2571] workingset_refault_file 2 [ 3145.904142][ T2571] workingset_activate_anon 0 [ 3145.904142][ T2571] workingset_activate_file 0 [ 3145.904142][ T2571] workingset_restore_anon 0 [ 3145.904142][ T2571] workingset_restore_file 2 [ 3145.904142][ T2571] workingset_nodereclaim 0 [ 3145.904142][ T2571] pgscan 4933 [ 3145.904142][ T2571] pgsteal 107 [ 3145.904142][ T2571] pgscan_kswapd 92 [ 3145.904142][ T2571] pgscan_direct 4841 [ 3145.904142][ T2571] pgscan_khugepaged 0 [ 3145.904142][ T2571] pgsteal_kswapd 88 [ 3145.904142][ T2571] pgsteal_direct 19 [ 3145.904142][ T2571] pgsteal_khugepaged 0 [ 3145.904142][ T2571] pgfault 569223 [ 3145.904142][ T2571] pgmajfault 2 [ 3145.904142][ T2571] pgrefill 17623 [ 3145.904142][ T2571] pgactivate 4826 [ 3145.904142][ T2571] pgdeactivate 0 [ 3145.904142][ T2571] pglazyfree 0 [ 3145.904142][ T2571] pglazyfreed 0 [ 3145.904142][ T2571] zswpin 0 [ 3145.904142][ T2571] zswpout 0 15:37:58 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x2030000, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3146.204219][ T2571] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=2549,uid=0 [ 3146.240438][ T2571] Memory cgroup out of memory: Killed process 2549 (syz-executor.1) total-vm:54680kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 15:37:58 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x4700}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3146.390741][ T2675] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3146.423168][ T2550] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3146.450275][ T2550] CPU: 1 PID: 2550 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3146.460610][ T2550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3146.470659][ T2550] Call Trace: [ 3146.473937][ T2550] [ 3146.476866][ T2550] dump_stack_lvl+0x136/0x150 [ 3146.481558][ T2550] dump_header+0x10a/0xd70 [ 3146.485979][ T2550] oom_kill_process+0x25d/0x600 [ 3146.490830][ T2550] out_of_memory+0x35c/0x1660 [ 3146.495508][ T2550] ? find_held_lock+0x2d/0x110 15:37:58 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1e00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xa00) [ 3146.500275][ T2550] ? oom_killer_disable+0x2b0/0x2b0 [ 3146.505471][ T2550] ? rcu_read_unlock+0x9/0x60 [ 3146.510148][ T2550] ? find_held_lock+0x2d/0x110 [ 3146.514915][ T2550] mem_cgroup_out_of_memory+0x206/0x270 [ 3146.520463][ T2550] ? mem_cgroup_margin+0x130/0x130 [ 3146.525574][ T2550] ? lock_downgrade+0x690/0x690 [ 3146.530436][ T2550] try_charge_memcg+0xf99/0x13a0 [ 3146.535382][ T2550] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3146.541368][ T2550] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3146.547094][ T2550] ? lock_downgrade+0x690/0x690 [ 3146.551949][ T2550] ? lock_downgrade+0x690/0x690 [ 3146.556818][ T2550] __memcg_kmem_charge_page+0x16e/0x3c0 [ 3146.562460][ T2550] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3146.568618][ T2550] copy_process+0x4f9/0x75c0 [ 3146.573226][ T2550] ? pidfd_prepare+0x80/0x80 [ 3146.573318][ T2787] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3146.577810][ T2550] ? lock_downgrade+0x690/0x690 [ 3146.577842][ T2550] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3146.577870][ T2550] ? folio_add_lru+0x47f/0x7c0 [ 3146.602671][ T2550] kernel_clone+0xeb/0x890 [ 3146.607121][ T2550] ? create_io_thread+0xe0/0xe0 [ 3146.611971][ T2550] ? find_held_lock+0x2d/0x110 [ 3146.616737][ T2550] ? find_held_lock+0x2d/0x110 [ 3146.621504][ T2550] __do_sys_clone+0xba/0x100 [ 3146.626177][ T2550] ? kernel_clone+0x890/0x890 [ 3146.630862][ T2550] ? syscall_enter_from_user_mode+0x26/0x80 [ 3146.636766][ T2550] do_syscall_64+0x39/0xb0 [ 3146.641197][ T2550] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3146.647100][ T2550] RIP: 0033:0x7fcdfee8d591 [ 3146.651511][ T2550] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3146.671116][ T2550] RSP: 002b:00007ffda41c1d78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3146.679526][ T2550] RAX: ffffffffffffffda RBX: 00007fcdffb48700 RCX: 00007fcdfee8d591 [ 3146.687492][ T2550] RDX: 00007fcdffb489d0 RSI: 00007fcdffb482f0 RDI: 00000000003d0f00 [ 3146.695462][ T2550] RBP: 00007ffda41c1fc0 R08: 00007fcdffb48700 R09: 00007fcdffb48700 [ 3146.703428][ T2550] R10: 00007fcdffb489d0 R11: 0000000000000206 R12: 00007ffda41c1e2e [ 3146.711388][ T2550] R13: 00007ffda41c1e2f R14: 00007fcdffb48300 R15: 0000000000022000 [ 3146.719358][ T2550] [ 3146.842990][ T2550] memory: usage 307200kB, limit 307200kB, failcnt 40945 [ 3146.871503][ T2550] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3146.884068][ T2550] Memory cgroup stats for /syz4: [ 3146.884225][ T2550] anon 2142208 [ 3146.884225][ T2550] file 7716864 [ 3146.884225][ T2550] kernel 304713728 [ 3146.884225][ T2550] kernel_stack 688128 [ 3146.884225][ T2550] pagetables 1171456 [ 3146.884225][ T2550] sec_pagetables 0 [ 3146.884225][ T2550] percpu 5219168 [ 3146.884225][ T2550] sock 0 [ 3146.884225][ T2550] vmalloc 8192 [ 3146.884225][ T2550] shmem 7716864 [ 3146.884225][ T2550] zswap 0 [ 3146.884225][ T2550] zswapped 0 [ 3146.884225][ T2550] file_mapped 196608 [ 3146.884225][ T2550] file_dirty 0 [ 3146.884225][ T2550] file_writeback 0 [ 3146.884225][ T2550] swapcached 0 [ 3146.884225][ T2550] anon_thp 0 [ 3146.884225][ T2550] file_thp 0 [ 3146.884225][ T2550] shmem_thp 0 [ 3146.884225][ T2550] inactive_anon 9596928 [ 3146.884225][ T2550] active_anon 262144 [ 3146.884225][ T2550] inactive_file 0 [ 3146.884225][ T2550] active_file 0 [ 3146.884225][ T2550] unevictable 0 [ 3146.884225][ T2550] slab_reclaimable 172672 [ 3146.884225][ T2550] slab_unreclaimable 297105072 [ 3146.884225][ T2550] slab 297277744 [ 3146.884225][ T2550] workingset_refault_anon 0 [ 3146.884225][ T2550] workingset_refault_file 0 [ 3146.884225][ T2550] workingset_activate_anon 0 [ 3146.884225][ T2550] workingset_activate_file 0 [ 3146.884225][ T2550] workingset_restore_anon 0 [ 3146.884225][ T2550] workingset_restore_file 0 [ 3146.884225][ T2550] workingset_nodereclaim 0 [ 3146.884225][ T2550] pgscan 116 [ 3146.884225][ T2550] pgsteal 111 [ 3146.884225][ T2550] pgscan_kswapd 99 [ 3146.884225][ T2550] pgscan_direct 17 [ 3146.884225][ T2550] pgscan_khugepaged 0 [ 3146.884225][ T2550] pgsteal_kswapd 97 [ 3146.884225][ T2550] pgsteal_direct 14 [ 3146.884225][ T2550] pgsteal_khugepaged 0 [ 3146.884225][ T2550] pgfault 697648 [ 3146.884225][ T2550] pgmajfault 6 [ 3146.884225][ T2550] pgrefill 593 [ 3146.884225][ T2550] pgactivate 5 [ 3146.884225][ T2550] pgdeactivate 0 [ 3146.884225][ T2550] pglazyfree 0 [ 3146.884225][ T2550] pglazyfreed 0 [ 3146.884225][ T2550] zswpin 0 [ 3146.884225][ T2550] zswpout 0 [ 3147.083724][ T6323] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3147.255727][ T2550] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=2550,uid=0 [ 3147.382624][ T2550] Memory cgroup out of memory: Killed process 2550 (syz-executor.4) total-vm:54680kB, anon-rss:512kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 15:37:59 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb8940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:59 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x43470500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:59 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x829e0400}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:37:59 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1f00}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3147.469597][ T2788] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3147.491972][ T2788] CPU: 1 PID: 2788 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3147.502327][ T2788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3147.512479][ T2788] Call Trace: [ 3147.515763][ T2788] [ 3147.518697][ T2788] dump_stack_lvl+0x136/0x150 [ 3147.523398][ T2788] dump_header+0x10a/0xd70 [ 3147.527824][ T2788] oom_kill_process+0x25d/0x600 [ 3147.532684][ T2788] out_of_memory+0x35c/0x1660 [ 3147.537374][ T2788] ? find_held_lock+0x2d/0x110 [ 3147.542145][ T2788] ? oom_killer_disable+0x2b0/0x2b0 [ 3147.547339][ T2788] ? rcu_read_unlock+0x9/0x60 [ 3147.552018][ T2788] ? find_held_lock+0x2d/0x110 [ 3147.556784][ T2788] mem_cgroup_out_of_memory+0x206/0x270 [ 3147.562336][ T2788] ? mem_cgroup_margin+0x130/0x130 [ 3147.567455][ T2788] ? lock_downgrade+0x690/0x690 [ 3147.572321][ T2788] try_charge_memcg+0xf99/0x13a0 [ 3147.577285][ T2788] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3147.583286][ T2788] ? rcu_read_unlock+0x9/0x60 [ 3147.587971][ T2788] ? lock_downgrade+0x690/0x690 [ 3147.592834][ T2788] charge_memcg+0x90/0x3b0 [ 3147.597262][ T2788] __mem_cgroup_charge+0x2b/0x90 [ 3147.602203][ T2788] do_wp_page+0x8ea/0x33c0 [ 3147.606623][ T2788] ? lock_sync+0x190/0x190 [ 3147.611047][ T2788] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3147.616421][ T2788] ? do_raw_spin_lock+0x124/0x2b0 [ 3147.621454][ T2788] ? spin_bug+0x1c0/0x1c0 [ 3147.625805][ T2788] __handle_mm_fault+0x1635/0x41c0 [ 3147.630928][ T2788] ? vm_iomap_memory+0x190/0x190 [ 3147.635871][ T2788] ? mas_walk+0x58f/0x730 [ 3147.640211][ T2788] ? numa_migrate_prep+0x3a0/0x3a0 [ 3147.645325][ T2788] ? do_user_addr_fault+0x367/0x1210 [ 3147.650634][ T2788] handle_mm_fault+0x2af/0x9f0 [ 3147.655420][ T2788] do_user_addr_fault+0x2ca/0x1210 [ 3147.660537][ T2788] ? rcu_is_watching+0x12/0xb0 [ 3147.665321][ T2788] exc_page_fault+0x98/0x170 [ 3147.669929][ T2788] asm_exc_page_fault+0x26/0x30 [ 3147.674803][ T2788] RIP: 0033:0x7f5d2ac39610 [ 3147.679236][ T2788] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3147.698849][ T2788] RSP: 002b:00007ffc24e00390 EFLAGS: 00010246 [ 3147.704925][ T2788] RAX: 0000000048ac4d0b RBX: 00007f5d2adac0e8 RCX: 0000001b2dc20000 [ 3147.712894][ T2788] RDX: 0000000000000000 RSI: 0000001b2dc20018 RDI: 0000000000000022 [ 3147.720863][ T2788] RBP: 0000000048ac4d0b R08: 0000000000000d0b R09: 0000000048ac4d0f [ 3147.728816][ T2788] R10: 00007ffc24e00550 R11: 0000000000000246 R12: 00007f5d2ada0000 [ 3147.736777][ T2788] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff88050461 [ 3147.744747][ T2788] ? __x64_sys_socket+0x11/0xb0 [ 3147.749715][ T2788] 15:37:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xb00) [ 3147.835395][ T2901] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3147.894504][ T2902] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 15:37:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xc00) 15:37:59 executing program 5: socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'ip_vti0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'gre0\x00', 0x0}) r3 = socket(0x10, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="28000000100001045f963ebc0000008000000000", @ANYRES32=r2, @ANYBLOB="2191e4000007000008000a00"], 0x28}}, 0x0) 15:37:59 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x594b2, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:38:00 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x33470500, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3148.155766][ T3009] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3148.564601][ T2788] memory: usage 307184kB, limit 307200kB, failcnt 29232 [ 3148.584597][ T2788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3148.591515][ T2788] Memory cgroup stats for /syz1: [ 3148.591669][ T2788] anon 397312 [ 3148.591669][ T2788] file 262144 [ 3148.591669][ T2788] kernel 313896960 [ 3148.591669][ T2788] kernel_stack 196608 [ 3148.591669][ T2788] pagetables 249856 [ 3148.591669][ T2788] sec_pagetables 0 [ 3148.591669][ T2788] percpu 5421792 [ 3148.591669][ T2788] sock 0 [ 3148.591669][ T2788] vmalloc 0 [ 3148.591669][ T2788] shmem 258048 [ 3148.591669][ T2788] zswap 0 [ 3148.591669][ T2788] zswapped 0 [ 3148.591669][ T2788] file_mapped 241664 [ 3148.591669][ T2788] file_dirty 0 [ 3148.591669][ T2788] file_writeback 0 [ 3148.591669][ T2788] swapcached 0 [ 3148.591669][ T2788] anon_thp 0 [ 3148.591669][ T2788] file_thp 0 [ 3148.591669][ T2788] shmem_thp 0 [ 3148.591669][ T2788] inactive_anon 577536 [ 3148.591669][ T2788] active_anon 77824 [ 3148.591669][ T2788] inactive_file 4096 [ 3148.591669][ T2788] active_file 0 [ 3148.591669][ T2788] unevictable 0 [ 3148.591669][ T2788] slab_reclaimable 34328 [ 3148.591669][ T2788] slab_unreclaimable 307909608 [ 3148.591669][ T2788] slab 307943936 [ 3148.591669][ T2788] workingset_refault_anon 0 [ 3148.591669][ T2788] workingset_refault_file 2 [ 3148.591669][ T2788] workingset_activate_anon 0 [ 3148.591669][ T2788] workingset_activate_file 0 [ 3148.591669][ T2788] workingset_restore_anon 0 [ 3148.591669][ T2788] workingset_restore_file 2 [ 3148.591669][ T2788] workingset_nodereclaim 0 [ 3148.591669][ T2788] pgscan 4965 [ 3148.591669][ T2788] pgsteal 107 [ 3148.591669][ T2788] pgscan_kswapd 92 [ 3148.591669][ T2788] pgscan_direct 4873 [ 3148.591669][ T2788] pgscan_khugepaged 0 [ 3148.591669][ T2788] pgsteal_kswapd 88 [ 3148.591669][ T2788] pgsteal_direct 19 [ 3148.591669][ T2788] pgsteal_khugepaged 0 [ 3148.591669][ T2788] pgfault 569269 [ 3148.591669][ T2788] pgmajfault 2 [ 3148.591669][ T2788] pgrefill 17623 [ 3148.591669][ T2788] pgactivate 4858 [ 3148.591669][ T2788] pgdeactivate 0 [ 3148.591669][ T2788] pglazyfree 0 [ 3148.591669][ T2788] pglazyfreed 0 [ 3148.591669][ T2788] zswpin 0 [ 3148.591669][ T2788] zswpout 0 [ 3149.194604][ T2788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=2788,uid=0 [ 3149.224643][ T2788] Memory cgroup out of memory: Killed process 2788 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 15:38:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9, 0x4800}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:38:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0xe00) 15:38:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x594a9, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3149.265094][ T2895] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3149.288488][ T2895] CPU: 1 PID: 2895 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3149.298823][ T2895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3149.308875][ T2895] Call Trace: [ 3149.312156][ T2895] [ 3149.315087][ T2895] dump_stack_lvl+0x136/0x150 [ 3149.319781][ T2895] dump_header+0x10a/0xd70 [ 3149.324205][ T2895] oom_kill_process+0x25d/0x600 [ 3149.329062][ T2895] out_of_memory+0x35c/0x1660 [ 3149.333752][ T2895] ? oom_killer_disable+0x2b0/0x2b0 [ 3149.338956][ T2895] ? rcu_read_unlock+0x9/0x60 [ 3149.343642][ T2895] ? find_held_lock+0x2d/0x110 [ 3149.348411][ T2895] mem_cgroup_out_of_memory+0x206/0x270 [ 3149.353965][ T2895] ? mem_cgroup_margin+0x130/0x130 [ 3149.359088][ T2895] ? lock_downgrade+0x690/0x690 [ 3149.363967][ T2895] try_charge_memcg+0xf99/0x13a0 [ 3149.368921][ T2895] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3149.374918][ T2895] ? rcu_read_unlock+0x9/0x60 [ 3149.379595][ T2895] ? lock_downgrade+0x690/0x690 [ 3149.384460][ T2895] charge_memcg+0x90/0x3b0 [ 3149.388883][ T2895] __mem_cgroup_charge+0x2b/0x90 [ 3149.393816][ T2895] do_wp_page+0x8ea/0x33c0 [ 3149.398233][ T2895] ? lock_sync+0x190/0x190 [ 3149.402738][ T2895] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3149.408110][ T2895] ? do_raw_spin_lock+0x124/0x2b0 [ 3149.413138][ T2895] ? spin_bug+0x1c0/0x1c0 [ 3149.417474][ T2895] __handle_mm_fault+0x1635/0x41c0 [ 3149.422589][ T2895] ? vm_iomap_memory+0x190/0x190 [ 3149.427522][ T2895] ? mas_walk+0x58f/0x730 [ 3149.431864][ T2895] ? numa_migrate_prep+0x3a0/0x3a0 [ 3149.436972][ T2895] ? do_user_addr_fault+0x367/0x1210 [ 3149.442266][ T2895] handle_mm_fault+0x2af/0x9f0 [ 3149.447038][ T2895] do_user_addr_fault+0x2ca/0x1210 [ 3149.452152][ T2895] ? rcu_is_watching+0x12/0xb0 [ 3149.456927][ T2895] exc_page_fault+0x98/0x170 [ 3149.461522][ T2895] asm_exc_page_fault+0x26/0x30 [ 3149.466386][ T2895] RIP: 0033:0x7fcdfee39610 [ 3149.470798][ T2895] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3149.490406][ T2895] RSP: 002b:00007ffda41c1dd0 EFLAGS: 00010246 [ 3149.496461][ T2895] RAX: 000000003b57db16 RBX: 00007fcdfefac018 RCX: 0000001b2e120000 [ 3149.504507][ T2895] RDX: 0000000000000000 RSI: 0000001b2e120018 RDI: 000000000c831dc6 [ 3149.512469][ T2895] RBP: 000000003b57db16 R08: 0000000000001b16 R09: 000000003b57db1a [ 3149.520427][ T2895] R10: 00007ffda41c1f90 R11: 0000000000000246 R12: 00007fcdfefa0000 [ 3149.528385][ T2895] R13: 0000000000000001 R14: 0000000000000002 R15: ffffffff880502cb [ 3149.536343][ T2895] ? __sys_socket+0xcb/0x250 [ 3149.540936][ T2895] [ 3150.061685][ T2895] memory: usage 307124kB, limit 307200kB, failcnt 41009 [ 3150.112311][ T2895] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3150.154829][ T2895] Memory cgroup stats for /syz4: [ 3150.154977][ T2895] anon 2097152 [ 3150.154977][ T2895] file 7716864 [ 3150.154977][ T2895] kernel 304680960 [ 3150.154977][ T2895] kernel_stack 688128 [ 3150.154977][ T2895] pagetables 1163264 [ 3150.154977][ T2895] sec_pagetables 0 [ 3150.154977][ T2895] percpu 5219168 [ 3150.154977][ T2895] sock 0 [ 3150.154977][ T2895] vmalloc 8192 [ 3150.154977][ T2895] shmem 7716864 [ 3150.154977][ T2895] zswap 0 [ 3150.154977][ T2895] zswapped 0 [ 3150.154977][ T2895] file_mapped 196608 [ 3150.154977][ T2895] file_dirty 0 [ 3150.154977][ T2895] file_writeback 0 [ 3150.154977][ T2895] swapcached 0 [ 3150.154977][ T2895] anon_thp 0 [ 3150.154977][ T2895] file_thp 0 [ 3150.154977][ T2895] shmem_thp 0 [ 3150.154977][ T2895] inactive_anon 9596928 [ 3150.154977][ T2895] active_anon 217088 [ 3150.154977][ T2895] inactive_file 0 [ 3150.154977][ T2895] active_file 0 [ 3150.154977][ T2895] unevictable 0 [ 3150.154977][ T2895] slab_reclaimable 170744 [ 3150.154977][ T2895] slab_unreclaimable 297095328 [ 3150.154977][ T2895] slab 297266072 [ 3150.154977][ T2895] workingset_refault_anon 0 [ 3150.154977][ T2895] workingset_refault_file 0 [ 3150.154977][ T2895] workingset_activate_anon 0 [ 3150.154977][ T2895] workingset_activate_file 0 [ 3150.154977][ T2895] workingset_restore_anon 0 [ 3150.154977][ T2895] workingset_restore_file 0 [ 3150.154977][ T2895] workingset_nodereclaim 0 [ 3150.154977][ T2895] pgscan 116 [ 3150.154977][ T2895] pgsteal 111 [ 3150.154977][ T2895] pgscan_kswapd 99 [ 3150.154977][ T2895] pgscan_direct 17 [ 3150.154977][ T2895] pgscan_khugepaged 0 [ 3150.154977][ T2895] pgsteal_kswapd 97 [ 3150.154977][ T2895] pgsteal_direct 14 [ 3150.154977][ T2895] pgsteal_khugepaged 0 [ 3150.154977][ T2895] pgfault 697694 [ 3150.154977][ T2895] pgmajfault 6 [ 3150.154977][ T2895] pgrefill 593 [ 3150.154977][ T2895] pgactivate 5 [ 3150.154977][ T2895] pgdeactivate 0 [ 3150.154977][ T2895] pglazyfree 0 [ 3150.154977][ T2895] pglazyfreed 0 [ 3150.154977][ T2895] zswpin 0 [ 3150.154977][ T2895] zswpout 0 [ 3150.511819][ T2895] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=2895,uid=0 [ 3150.567946][ T2895] Memory cgroup out of memory: Killed process 2895 (syz-executor.4) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 15:38:02 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb9940500}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:38:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0xb000000, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) 15:38:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100001040000045075e440124c865d00", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x7000000, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) [ 3150.650185][ T3221] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3150.744791][ T3221] CPU: 1 PID: 3221 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3150.755161][ T3221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3150.765231][ T3221] Call Trace: [ 3150.768516][ T3221] [ 3150.771454][ T3221] dump_stack_lvl+0x136/0x150 [ 3150.776160][ T3221] dump_header+0x10a/0xd70 [ 3150.780596][ T3221] oom_kill_process+0x25d/0x600 [ 3150.785464][ T3221] out_of_memory+0x35c/0x1660 [ 3150.790164][ T3221] ? find_held_lock+0x2d/0x110 [ 3150.794927][ T3221] ? oom_killer_disable+0x2b0/0x2b0 [ 3150.800111][ T3221] ? rcu_read_unlock+0x9/0x60 [ 3150.804791][ T3221] ? find_held_lock+0x2d/0x110 [ 3150.809585][ T3221] mem_cgroup_out_of_memory+0x206/0x270 [ 3150.815140][ T3221] ? mem_cgroup_margin+0x130/0x130 [ 3150.820254][ T3221] ? lock_downgrade+0x690/0x690 [ 3150.825149][ T3221] try_charge_memcg+0xf99/0x13a0 [ 3150.830100][ T3221] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3150.836092][ T3221] ? get_mem_cgroup_from_objcg+0xa1/0x280 [ 3150.841831][ T3221] ? lock_downgrade+0x690/0x690 [ 3150.846688][ T3221] ? lock_downgrade+0x690/0x690 [ 3150.851546][ T3221] obj_cgroup_charge+0x2af/0x5e0 [ 3150.856490][ T3221] ? sock_alloc_inode+0x27/0x1d0 [ 3150.861416][ T3221] kmem_cache_alloc_lru+0x142/0x600 [ 3150.866703][ T3221] sock_alloc_inode+0x27/0x1d0 [ 3150.871461][ T3221] ? sock_free_inode+0x30/0x30 [ 3150.876213][ T3221] alloc_inode+0x61/0x230 [ 3150.880537][ T3221] new_inode_pseudo+0x17/0x80 [ 3150.885216][ T3221] sock_alloc+0x40/0x270 [ 3150.889450][ T3221] __sock_create+0xbd/0x850 [ 3150.893948][ T3221] __sys_socket+0x133/0x250 [ 3150.898443][ T3221] ? __sys_socket_file+0x1d0/0x1d0 [ 3150.903544][ T3221] ? kcov_ioctl+0x384/0x6f0 [ 3150.908051][ T3221] __x64_sys_socket+0x73/0xb0 [ 3150.912726][ T3221] do_syscall_64+0x39/0xb0 [ 3150.917145][ T3221] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3150.923039][ T3221] RIP: 0033:0x7f5d2ac8c169 [ 3150.927445][ T3221] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3150.947045][ T3221] RSP: 002b:00007f5d2ba0d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 3150.955449][ T3221] RAX: ffffffffffffffda RBX: 00007f5d2adabf80 RCX: 00007f5d2ac8c169 [ 3150.963594][ T3221] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 3150.971569][ T3221] RBP: 00007f5d2ace7ca1 R08: 0000000000000000 R09: 0000000000000000 [ 3150.979540][ T3221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3150.987512][ T3221] R13: 00007ffc24e003ef R14: 00007f5d2ba0d300 R15: 0000000000022000 [ 3150.995491][ T3221] [ 3151.016985][ T6323] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3151.093291][ T3221] memory: usage 307200kB, limit 307200kB, failcnt 29320 [ 3151.094623][ T3229] __nla_validate_parse: 4 callbacks suppressed [ 3151.094634][ T3229] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3151.105218][ T3221] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3151.151402][ T3221] Memory cgroup stats for /syz1: [ 3151.151543][ T3221] anon 389120 [ 3151.151543][ T3221] file 262144 [ 3151.151543][ T3221] kernel 313921536 [ 3151.151543][ T3221] kernel_stack 163840 [ 3151.151543][ T3221] pagetables 249856 [ 3151.151543][ T3221] sec_pagetables 0 [ 3151.151543][ T3221] percpu 5421856 [ 3151.151543][ T3221] sock 0 [ 3151.151543][ T3221] vmalloc 0 [ 3151.151543][ T3221] shmem 258048 [ 3151.151543][ T3221] zswap 0 [ 3151.151543][ T3221] zswapped 0 [ 3151.151543][ T3221] file_mapped 241664 [ 3151.151543][ T3221] file_dirty 0 [ 3151.151543][ T3221] file_writeback 0 [ 3151.151543][ T3221] swapcached 0 [ 3151.151543][ T3221] anon_thp 0 [ 3151.151543][ T3221] file_thp 0 [ 3151.151543][ T3221] shmem_thp 0 [ 3151.151543][ T3221] inactive_anon 610304 [ 3151.151543][ T3221] active_anon 36864 [ 3151.151543][ T3221] inactive_file 4096 [ 3151.151543][ T3221] active_file 0 [ 3151.151543][ T3221] unevictable 0 [ 3151.151543][ T3221] slab_reclaimable 63536 [ 3151.151543][ T3221] slab_unreclaimable 307932376 [ 3151.151543][ T3221] slab 307995912 [ 3151.151543][ T3221] workingset_refault_anon 0 [ 3151.151543][ T3221] workingset_refault_file 2 [ 3151.151543][ T3221] workingset_activate_anon 0 [ 3151.151543][ T3221] workingset_activate_file 0 [ 3151.151543][ T3221] workingset_restore_anon 0 [ 3151.151543][ T3221] workingset_restore_file 2 [ 3151.151543][ T3221] workingset_nodereclaim 0 [ 3151.151543][ T3221] pgscan 5003 [ 3151.151543][ T3221] pgsteal 107 [ 3151.151543][ T3221] pgscan_kswapd 92 [ 3151.151543][ T3221] pgscan_direct 4911 [ 3151.151543][ T3221] pgscan_khugepaged 0 [ 3151.151543][ T3221] pgsteal_kswapd 88 [ 3151.151543][ T3221] pgsteal_direct 19 [ 3151.151543][ T3221] pgsteal_khugepaged 0 [ 3151.151543][ T3221] pgfault 569314 [ 3151.151543][ T3221] pgmajfault 2 [ 3151.151543][ T3221] pgrefill 17623 [ 3151.151543][ T3221] pgactivate 4896 [ 3151.151543][ T3221] pgdeactivate 0 [ 3151.151543][ T3221] pglazyfree 0 [ 3151.151543][ T3221] pglazyfreed 0 [ 3151.151543][ T3221] zswpin 0 [ 3151.151543][ T3221] zswpout 0 [ 3151.199546][ T3227] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3151.444111][ T3221] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=3120,uid=0 [ 3151.583456][ T3221] Memory cgroup out of memory: Killed process 3120 (syz-executor.1) total-vm:54680kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3151.651134][ T3221] socket: no more sockets [ 3151.719575][ T3224] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3151.767911][ T3224] CPU: 0 PID: 3224 Comm: syz-executor.4 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3151.778265][ T3224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3151.788318][ T3224] Call Trace: [ 3151.791596][ T3224] [ 3151.794522][ T3224] dump_stack_lvl+0x136/0x150 [ 3151.799213][ T3224] dump_header+0x10a/0xd70 [ 3151.803633][ T3224] oom_kill_process+0x25d/0x600 [ 3151.808484][ T3224] out_of_memory+0x35c/0x1660 [ 3151.813165][ T3224] ? oom_killer_disable+0x2b0/0x2b0 [ 3151.818359][ T3224] ? rcu_read_unlock+0x9/0x60 [ 3151.823029][ T3224] ? find_held_lock+0x2d/0x110 [ 3151.827792][ T3224] mem_cgroup_out_of_memory+0x206/0x270 [ 3151.833334][ T3224] ? mem_cgroup_margin+0x130/0x130 [ 3151.838435][ T3224] ? lock_downgrade+0x690/0x690 [ 3151.843287][ T3224] try_charge_memcg+0xf99/0x13a0 [ 3151.848227][ T3224] ? mem_cgroup_handle_over_high+0x520/0x520 [ 3151.854208][ T3224] ? rcu_read_unlock+0x9/0x60 [ 3151.858876][ T3224] ? lock_downgrade+0x690/0x690 [ 3151.863725][ T3224] charge_memcg+0x90/0x3b0 [ 3151.868138][ T3224] __mem_cgroup_charge+0x2b/0x90 [ 3151.873066][ T3224] do_wp_page+0x8ea/0x33c0 [ 3151.877480][ T3224] ? lock_sync+0x190/0x190 [ 3151.881888][ T3224] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 3151.887247][ T3224] ? do_raw_spin_lock+0x124/0x2b0 [ 3151.892266][ T3224] ? spin_bug+0x1c0/0x1c0 [ 3151.896597][ T3224] __handle_mm_fault+0x1635/0x41c0 [ 3151.901701][ T3224] ? vm_iomap_memory+0x190/0x190 [ 3151.906712][ T3224] ? mas_walk+0x58f/0x730 [ 3151.911042][ T3224] ? numa_migrate_prep+0x3a0/0x3a0 [ 3151.916143][ T3224] ? do_user_addr_fault+0x367/0x1210 [ 3151.921515][ T3224] handle_mm_fault+0x2af/0x9f0 [ 3151.926273][ T3224] do_user_addr_fault+0x2ca/0x1210 [ 3151.931378][ T3224] ? rcu_is_watching+0x12/0xb0 [ 3151.936143][ T3224] exc_page_fault+0x98/0x170 [ 3151.940725][ T3224] asm_exc_page_fault+0x26/0x30 [ 3151.945574][ T3224] RIP: 0033:0x7fcdfee39610 [ 3151.949974][ T3224] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3151.969570][ T3224] RSP: 002b:00007ffda41c1dd0 EFLAGS: 00010246 [ 3151.975627][ T3224] RAX: 00000000daf2970c RBX: 00007fcdfefac018 RCX: 0000001b2e120000 [ 3151.983584][ T3224] RDX: 0000000000000000 RSI: 0000001b2e120018 RDI: 000000000c826fd8 [ 3151.991541][ T3224] RBP: 00000000daf2970c R08: 000000000000170c R09: 00000000daf29710 [ 3151.999498][ T3224] R10: 00007ffda41c1f90 R11: 0000000000000246 R12: 00007fcdfefa0000 [ 3152.007456][ T3224] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff8804dd52 [ 3152.015414][ T3224] ? __sock_create+0x62/0x850 [ 3152.020095][ T3224] [ 3152.139897][ T3224] memory: usage 307200kB, limit 307200kB, failcnt 41058 [ 3152.151992][ T3224] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3152.170600][ T3224] Memory cgroup stats for /syz4: [ 3152.170746][ T3224] anon 2105344 [ 3152.170746][ T3224] file 7716864 [ 3152.170746][ T3224] kernel 304697344 [ 3152.170746][ T3224] kernel_stack 688128 [ 3152.170746][ T3224] pagetables 1163264 [ 3152.170746][ T3224] sec_pagetables 0 [ 3152.170746][ T3224] percpu 5219232 [ 3152.170746][ T3224] sock 0 [ 3152.170746][ T3224] vmalloc 8192 [ 3152.170746][ T3224] shmem 7716864 [ 3152.170746][ T3224] zswap 0 [ 3152.170746][ T3224] zswapped 0 [ 3152.170746][ T3224] file_mapped 196608 [ 3152.170746][ T3224] file_dirty 0 [ 3152.170746][ T3224] file_writeback 0 [ 3152.170746][ T3224] swapcached 0 [ 3152.170746][ T3224] anon_thp 0 [ 3152.170746][ T3224] file_thp 0 [ 3152.170746][ T3224] shmem_thp 0 [ 3152.170746][ T3224] inactive_anon 9596928 [ 3152.170746][ T3224] active_anon 225280 [ 3152.170746][ T3224] inactive_file 0 [ 3152.170746][ T3224] active_file 0 [ 3152.170746][ T3224] unevictable 0 [ 3152.170746][ T3224] slab_reclaimable 170744 [ 3152.170746][ T3224] slab_unreclaimable 297107000 [ 3152.170746][ T3224] slab 297277744 [ 3152.170746][ T3224] workingset_refault_anon 0 [ 3152.170746][ T3224] workingset_refault_file 0 [ 3152.170746][ T3224] workingset_activate_anon 0 [ 3152.170746][ T3224] workingset_activate_file 0 [ 3152.170746][ T3224] workingset_restore_anon 0 [ 3152.170746][ T3224] workingset_restore_file 0 [ 3152.170746][ T3224] workingset_nodereclaim 0 [ 3152.170746][ T3224] pgscan 116 [ 3152.170746][ T3224] pgsteal 111 [ 3152.170746][ T3224] pgscan_kswapd 99 [ 3152.170746][ T3224] pgscan_direct 17 [ 3152.170746][ T3224] pgscan_khugepaged 0 [ 3152.170746][ T3224] pgsteal_kswapd 97 [ 3152.170746][ T3224] pgsteal_direct 14 [ 3152.170746][ T3224] pgsteal_khugepaged 0 [ 3152.170746][ T3224] pgfault 697747 [ 3152.170746][ T3224] pgmajfault 6 [ 3152.170746][ T3224] pgrefill 593 [ 3152.170746][ T3224] pgactivate 5 [ 3152.170746][ T3224] pgdeactivate 0 [ 3152.170746][ T3224] pglazyfree 0 [ 3152.170746][ T3224] pglazyfreed 0 [ 3152.170746][ T3224] zswpin 0 [ 3152.170746][ T3224] zswpout 0 [ 3152.474654][ T3224] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=3224,uid=0 [ 3152.514665][ T3224] Memory cgroup out of memory: Killed process 3224 (syz-executor.4) total-vm:54548kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3152.606516][ T5042] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 3152.661573][ T3235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 3152.683166][ T3235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 3152.691563][ T3235] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 3152.698910][ T3235] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 3152.706079][ T3235] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 3152.775136][ T5052] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 3152.801842][ T5052] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 3152.822263][ T5052] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 3152.852648][ T5052] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 3152.871541][ T5052] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 3152.878710][ T5052] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 3153.468634][ T3233] chnl_net:caif_netlink_parms(): no params data found [ 3153.767970][ T3233] bridge0: port 1(bridge_slave_0) entered blocking state [ 3153.775164][ T3233] bridge0: port 1(bridge_slave_0) entered disabled state [ 3153.784101][ T3233] bridge_slave_0: entered allmulticast mode [ 3153.795626][ T3233] bridge_slave_0: entered promiscuous mode [ 3153.807322][ T3233] bridge0: port 2(bridge_slave_1) entered blocking state [ 3153.814439][ T3233] bridge0: port 2(bridge_slave_1) entered disabled state [ 3153.823096][ T3233] bridge_slave_1: entered allmulticast mode [ 3153.911669][ T3233] bridge_slave_1: entered promiscuous mode [ 3154.251707][ T3233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3154.351568][ T3233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3154.637931][ T3233] team0: Port device team_slave_0 added [ 3154.744183][ T3233] team0: Port device team_slave_1 added [ 3154.901298][ T5052] Bluetooth: hci1: command 0x0409 tx timeout [ 3155.162939][ T3233] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3155.221105][ T3233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3155.290471][ T3233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3155.323852][ T3233] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3155.362983][ T3233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3155.434381][ T3233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3155.994652][ T3233] hsr_slave_0: entered promiscuous mode [ 3156.115042][ T3233] hsr_slave_1: entered promiscuous mode [ 3156.223663][ T3233] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3156.256282][ T3233] Cannot create hsr debugfs directory [ 3157.041454][ T5052] Bluetooth: hci1: command 0x041b tx timeout [ 3159.070676][ T3235] Bluetooth: hci1: command 0x040f tx timeout [ 3161.145722][ T3235] Bluetooth: hci1: command 0x0419 tx timeout [ 3161.362136][ T6323] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3162.243608][ T6323] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3203.983823][ T1211] ieee802154 phy0 wpan0: encryption failed: -22 [ 3204.002823][ T1211] ieee802154 phy1 wpan1: encryption failed: -22 [ 3205.624353][ T3233] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 3205.733604][ T3233] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 3205.821847][ T3233] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 3205.853100][ T3233] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 3218.681676][ T6323] bond0: left allmulticast mode [ 3218.690983][ T6323] bond_slave_0: left allmulticast mode [ 3218.701575][ T6323] bond_slave_1: left allmulticast mode [ 3218.713820][ T6323] bridge18: port 1(bond0) entered disabled state [ 3218.779397][ T6323] hsr_slave_0: left promiscuous mode [ 3218.809239][ T6323] hsr_slave_1: left promiscuous mode [ 3218.879838][ T6323] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3218.912993][ T6323] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3218.960151][ T6323] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3218.993567][ T6323] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3219.033247][ T3235] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 3219.063567][ T3235] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 3219.073509][ T6323] bridge_slave_1: left allmulticast mode [ 3219.073555][ T6323] bridge_slave_1: left promiscuous mode [ 3219.073671][ T6323] bridge0: port 2(bridge_slave_1) entered disabled state [ 3219.111264][ T3235] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 3219.129578][ T3235] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 3219.136585][ T6323] bridge_slave_0: left allmulticast mode [ 3219.136603][ T6323] bridge_slave_0: left promiscuous mode [ 3219.136843][ T6323] bridge0: port 1(bridge_slave_0) entered disabled state [ 3219.171750][ T3235] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 3219.183507][ T3235] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 3219.351189][ T6323] bridge2117: left allmulticast mode [ 3219.360037][ T6323] bridge2117: left promiscuous mode [ 3219.370364][ T6323] bridge2113: left allmulticast mode [ 3219.380647][ T6323] bridge2113: left promiscuous mode [ 3219.391162][ T6323] bridge2111: left allmulticast mode [ 3219.400341][ T6323] bridge2111: left promiscuous mode [ 3219.410559][ T6323] bridge2105: left allmulticast mode [ 3219.420359][ T6323] bridge2105: left promiscuous mode [ 3219.430201][ T6323] bridge2102: left allmulticast mode [ 3219.438951][ T6323] bridge2102: left promiscuous mode [ 3219.444226][ T6323] bridge2097: left allmulticast mode [ 3219.454405][ T6323] bridge2097: left promiscuous mode [ 3219.482973][ T6323] bridge2093: left allmulticast mode [ 3219.492133][ T6323] bridge2093: left promiscuous mode [ 3219.502283][ T6323] bridge2083: left allmulticast mode [ 3219.510885][ T6323] bridge2083: left promiscuous mode [ 3219.520893][ T6323] bridge2074: left allmulticast mode [ 3219.530534][ T6323] bridge2074: left promiscuous mode [ 3219.554154][ T6323] bridge2069: left allmulticast mode [ 3219.562784][ T6323] bridge2069: left promiscuous mode [ 3219.579546][ T6323] bridge2068: left allmulticast mode [ 3219.589456][ T6323] bridge2068: left promiscuous mode [ 3219.600051][ T6323] bridge1930: left allmulticast mode [ 3219.610101][ T6323] bridge1930: left promiscuous mode [ 3219.619052][ T6323] bridge1928: left promiscuous mode [ 3219.624309][ T6323] bridge1926: left promiscuous mode [ 3219.649988][ T6323] bridge1924: left promiscuous mode [ 3219.660274][ T6323] bridge1922: left promiscuous mode [ 3219.670406][ T6323] bridge1920: left promiscuous mode [ 3219.679819][ T6323] bridge1918: left promiscuous mode [ 3219.690683][ T6323] bridge1916: left promiscuous mode [ 3219.700425][ T6323] bridge1914: left promiscuous mode [ 3219.710605][ T6323] bridge1912: left promiscuous mode [ 3219.719689][ T6323] bridge1910: left promiscuous mode [ 3219.740618][ T6323] bridge1906: left promiscuous mode [ 3219.750948][ T6323] bridge1904: left promiscuous mode [ 3219.760734][ T6323] bridge1902: left promiscuous mode [ 3219.771048][ T6323] bridge1900: left promiscuous mode [ 3219.781238][ T6323] bridge1898: left promiscuous mode [ 3219.800990][ T6323] bridge1896: left promiscuous mode [ 3219.811555][ T6323] bridge1894: left promiscuous mode [ 3219.822131][ T6323] bridge1892: left promiscuous mode [ 3219.831615][ T6323] bridge1890: left promiscuous mode [ 3219.841806][ T6323] bridge1888: left promiscuous mode [ 3219.850225][ T6323] bridge1886: left promiscuous mode [ 3219.872242][ T6323] bridge1884: left promiscuous mode [ 3219.884119][ T6323] bridge1882: left promiscuous mode [ 3219.899918][ T6323] bridge1880: left promiscuous mode [ 3219.920406][ T6323] bridge1878: left promiscuous mode [ 3219.931530][ T6323] bridge1876: left promiscuous mode [ 3219.942579][ T6323] bridge1874: left promiscuous mode [ 3219.952924][ T6323] bridge1872: left promiscuous mode [ 3219.962266][ T6323] bridge1870: left promiscuous mode [ 3219.973128][ T6323] bridge1868: left promiscuous mode [ 3219.983942][ T6323] bridge1866: left promiscuous mode [ 3219.994429][ T6323] bridge1864: left promiscuous mode [ 3220.003654][ T6323] bridge1862: left promiscuous mode [ 3220.020827][ T6323] bridge1860: left promiscuous mode [ 3220.029978][ T6323] bridge1858: left promiscuous mode [ 3220.040291][ T6323] bridge1856: left promiscuous mode [ 3220.050218][ T6323] bridge1854: left promiscuous mode [ 3220.059987][ T6323] bridge1852: left promiscuous mode [ 3220.068653][ T6323] bridge1850: left promiscuous mode [ 3220.073908][ T6323] bridge1846: left promiscuous mode [ 3220.093710][ T6323] bridge1843: left allmulticast mode [ 3220.103990][ T6323] bridge1843: left promiscuous mode [ 3220.114583][ T6323] bridge1841: left allmulticast mode [ 3220.119878][ T6323] bridge1841: left promiscuous mode [ 3220.134293][ T6323] bridge1840: left allmulticast mode [ 3220.143611][ T6323] bridge1840: left promiscuous mode [ 3220.153126][ T6323] bridge1839: left allmulticast mode [ 3220.163654][ T6323] bridge1838: left allmulticast mode [ 3220.172706][ T6323] bridge1837: left allmulticast mode [ 3220.183181][ T6323] bridge1835: left allmulticast mode [ 3220.191481][ T6323] bridge1832: left allmulticast mode [ 3220.201357][ T6323] bridge1831: left allmulticast mode [ 3220.211229][ T6323] bridge1830: left allmulticast mode [ 3220.221230][ T6323] bridge1829: left allmulticast mode [ 3220.229941][ T6323] bridge1827: left allmulticast mode [ 3220.241910][ T6323] bridge1825: left allmulticast mode [ 3220.251307][ T6323] bridge1823: left allmulticast mode [ 3220.261077][ T6323] bridge1821: left allmulticast mode [ 3220.271133][ T6323] bridge1820: left allmulticast mode [ 3220.281349][ T6323] bridge1819: left allmulticast mode [ 3220.291587][ T6323] bridge1818: left allmulticast mode [ 3220.300287][ T6323] bridge1817: left allmulticast mode [ 3220.310712][ T6323] bridge1816: left allmulticast mode [ 3220.320540][ T6323] bridge1814: left allmulticast mode [ 3220.330371][ T6323] bridge1812: left allmulticast mode [ 3220.339281][ T6323] bridge1811: left allmulticast mode [ 3220.362260][ T6323] bridge1810: left allmulticast mode [ 3220.371460][ T6323] bridge1809: left allmulticast mode [ 3220.381459][ T6323] bridge1807: left allmulticast mode [ 3220.389660][ T6323] bridge1806: left allmulticast mode [ 3220.399668][ T6323] bridge1801: left allmulticast mode [ 3220.409896][ T6323] bridge1798: left promiscuous mode [ 3220.419519][ T6323] bridge1797: left allmulticast mode [ 3220.429684][ T6323] bridge1794: left allmulticast mode [ 3220.440232][ T6323] bridge1793: left allmulticast mode [ 3220.449868][ T6323] bridge1788: left allmulticast mode [ 3220.459028][ T6323] bridge1781: left allmulticast mode [ 3220.464311][ T6323] bridge1780: left allmulticast mode [ 3220.474003][ T6323] bridge1779: left allmulticast mode [ 3220.482226][ T6323] bridge1770: left allmulticast mode [ 3220.491790][ T6323] bridge1767: left promiscuous mode [ 3220.500323][ T6323] bridge1721: left allmulticast mode [ 3220.523678][ T6323] bridge10: left allmulticast mode [ 3220.532164][ T6323] bridge10: left promiscuous mode [ 3220.542800][ T6323] bridge9: left allmulticast mode [ 3220.552272][ T6323] bridge9: left promiscuous mode [ 3220.560240][ T6323] bridge8: left allmulticast mode [ 3220.571590][ T6323] bridge8: left promiscuous mode [ 3220.601044][ T6323] veth1_macvtap: left promiscuous mode [ 3220.620882][ T6323] veth0_macvtap: left promiscuous mode [ 3220.633190][ T6323] veth1_vlan: left promiscuous mode [ 3220.643002][ T6323] veth0_vlan: left promiscuous mode [ 3221.300599][ T3235] Bluetooth: hci6: command 0x0409 tx timeout [ 3223.378328][ T3235] Bluetooth: hci6: command 0x041b tx timeout [ 3225.456027][ T3235] Bluetooth: hci6: command 0x040f tx timeout [ 3227.538939][ T3235] Bluetooth: hci6: command 0x0419 tx timeout [ 3265.379273][ T1211] ieee802154 phy0 wpan0: encryption failed: -22 [ 3265.390194][ T1211] ieee802154 phy1 wpan1: encryption failed: -22 [ 3277.699030][ T3235] Bluetooth: hci1: command 0x0406 tx timeout [ 3285.823691][ T5042] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 3285.850796][ T5042] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 3285.869274][ T5042] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 3285.881792][ T5042] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 3285.897389][ T5042] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 3288.021213][ T5042] Bluetooth: hci7: command 0x0409 tx timeout [ 3290.099783][ T5042] Bluetooth: hci7: command 0x041b tx timeout [ 3292.179630][ T3235] Bluetooth: hci7: command 0x040f tx timeout [ 3294.261426][ T5042] Bluetooth: hci7: command 0x0419 tx timeout [ 3326.830041][ T1211] ieee802154 phy0 wpan0: encryption failed: -22 [ 3326.840918][ T1211] ieee802154 phy1 wpan1: encryption failed: -22 [ 3344.262937][ T3235] Bluetooth: hci6: command 0x0406 tx timeout [ 3352.532259][ T3235] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 3352.550815][ T3235] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 3352.562524][ T3235] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 3352.583578][ T3235] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 3352.601377][ T3235] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 3352.613622][ T3235] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 3354.334687][ T28] INFO: task kworker/0:11:26295 blocked for more than 143 seconds. [ 3354.342614][ T28] Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3354.362510][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3354.380998][ T28] task:kworker/0:11 state:D stack:21992 pid:26295 ppid:2 flags:0x00004000 [ 3354.393771][ T28] Workqueue: ipv6_addrconf addrconf_dad_work [ 3354.403043][ T28] Call Trace: [ 3354.410532][ T28] [ 3354.413472][ T28] __schedule+0xc9a/0x5880 [ 3354.421007][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3354.431264][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3354.441696][ T28] ? find_held_lock+0x2d/0x110 [ 3354.449589][ T28] ? io_schedule_timeout+0x150/0x150 [ 3354.459210][ T28] ? lock_downgrade+0x690/0x690 [ 3354.464078][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 3354.471827][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 3354.480890][ T28] schedule+0xde/0x1a0 [ 3354.489542][ T28] schedule_preempt_disabled+0x13/0x20 [ 3354.503193][ T28] __mutex_lock+0xa3b/0x1350 [ 3354.511092][ T28] ? addrconf_dad_work+0xa7/0x1390 [ 3354.520450][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 3354.529645][ T28] ? lock_downgrade+0x690/0x690 [ 3354.538664][ T28] addrconf_dad_work+0xa7/0x1390 [ 3354.543616][ T28] ? addrconf_dad_completed+0xe00/0xe00 [ 3354.551817][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 3354.561439][ T28] process_one_work+0x99a/0x15e0 [ 3354.570441][ T28] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 3354.579846][ T28] ? spin_bug+0x1c0/0x1c0 [ 3354.584196][ T28] ? _raw_spin_lock_irq+0x45/0x50 [ 3354.592460][ T28] worker_thread+0x67d/0x10c0 [ 3354.602153][ T28] ? process_one_work+0x15e0/0x15e0 [ 3354.612023][ T28] kthread+0x344/0x440 [ 3354.623691][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 3354.632557][ T28] ret_from_fork+0x1f/0x30 [ 3354.641478][ T28] [ 3354.653144][ T28] INFO: task kworker/1:14:26768 blocked for more than 143 seconds. [ 3354.668915][ T28] Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3354.689016][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3354.702780][ T28] task:kworker/1:14 state:D stack:22000 pid:26768 ppid:2 flags:0x00004000 [ 3354.721817][ T28] Workqueue: ipv6_addrconf addrconf_dad_work [ 3354.731982][ T28] Call Trace: [ 3354.744006][ T5042] Bluetooth: hci8: command 0x0409 tx timeout [ 3354.758447][ T28] [ 3354.761405][ T28] __schedule+0xc9a/0x5880 [ 3354.779975][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3354.790523][ T28] ? find_held_lock+0x2d/0x110 [ 3354.800094][ T28] ? io_schedule_timeout+0x150/0x150 [ 3354.810511][ T28] ? lock_downgrade+0x690/0x690 [ 3354.820113][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 3354.832439][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 3354.842851][ T28] schedule+0xde/0x1a0 [ 3354.852245][ T28] schedule_preempt_disabled+0x13/0x20 [ 3354.862378][ T28] __mutex_lock+0xa3b/0x1350 [ 3354.870687][ T28] ? addrconf_dad_work+0xa7/0x1390 [ 3354.880438][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 3354.889227][ T28] ? lock_downgrade+0x690/0x690 [ 3354.894090][ T28] addrconf_dad_work+0xa7/0x1390 [ 3354.903738][ T28] ? addrconf_dad_completed+0xe00/0xe00 [ 3354.912293][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 3354.922321][ T28] process_one_work+0x99a/0x15e0 [ 3354.930996][ T28] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 3354.942375][ T28] ? spin_bug+0x1c0/0x1c0 [ 3354.949771][ T28] ? _raw_spin_lock_irq+0x45/0x50 [ 3354.963092][ T28] worker_thread+0x67d/0x10c0 [ 3354.970457][ T28] ? process_one_work+0x15e0/0x15e0 [ 3354.980084][ T28] kthread+0x344/0x440 [ 3354.984167][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 3354.993814][ T28] ret_from_fork+0x1f/0x30 [ 3355.002761][ T28] [ 3355.008949][ T28] INFO: task syz-executor.2:3233 blocked for more than 144 seconds. [ 3355.021434][ T28] Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3355.032169][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3355.044311][ T28] task:syz-executor.2 state:D stack:23984 pid:3233 ppid:1 flags:0x00000004 [ 3355.079571][ T28] Call Trace: [ 3355.082911][ T28] [ 3355.089211][ T28] __schedule+0xc9a/0x5880 [ 3355.093620][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3355.104090][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3355.113404][ T28] ? io_schedule_timeout+0x150/0x150 [ 3355.122865][ T28] ? __mutex_lock+0xa36/0x1350 [ 3355.131094][ T28] schedule+0xde/0x1a0 [ 3355.141503][ T28] schedule_preempt_disabled+0x13/0x20 [ 3355.151515][ T28] __mutex_lock+0xa3b/0x1350 [ 3355.160674][ T28] ? rtnetlink_rcv_msg+0x3e8/0xd50 [ 3355.168552][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 3355.174091][ T28] ? rtnetlink_rcv_msg+0x3b2/0xd50 [ 3355.183759][ T28] rtnetlink_rcv_msg+0x3e8/0xd50 [ 3355.192374][ T28] ? rtnl_stats_set+0x4d0/0x4d0 [ 3355.201386][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3355.211500][ T28] ? do_syscall_64+0x39/0xb0 [ 3355.220975][ T28] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3355.230379][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3355.240430][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3355.249987][ T28] netlink_rcv_skb+0x165/0x440 [ 3355.259135][ T28] ? rtnl_stats_set+0x4d0/0x4d0 [ 3355.264001][ T28] ? netlink_ack+0x1360/0x1360 [ 3355.271911][ T28] ? lock_sync+0x190/0x190 [ 3355.280507][ T28] ? netlink_deliver_tap+0x1b1/0xcf0 [ 3355.289835][ T28] netlink_unicast+0x547/0x7f0 [ 3355.304377][ T28] ? netlink_attachskb+0x890/0x890 [ 3355.312322][ T28] ? __virt_addr_valid+0x61/0x2e0 [ 3355.321929][ T28] ? __phys_addr_symbol+0x30/0x70 [ 3355.332113][ T28] ? __check_object_size+0x323/0x730 [ 3355.341693][ T28] netlink_sendmsg+0x925/0xe30 [ 3355.349948][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 3355.359752][ T28] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3355.369244][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 3355.374189][ T28] sock_sendmsg+0xde/0x190 [ 3355.383341][ T28] __sys_sendto+0x23a/0x340 [ 3355.390773][ T28] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3355.401106][ T28] ? percpu_counter_add_batch+0x199/0x1e0 [ 3355.410632][ T28] ? blkcg_maybe_throttle_current+0x342/0xd60 [ 3355.420721][ T28] ? task_work_run+0x1fe/0x270 [ 3355.429346][ T28] ? blkcg_exit_disk+0x50/0x50 [ 3355.434126][ T28] ? unlock_page_memcg+0x2d0/0x2d0 [ 3355.442572][ T28] __x64_sys_sendto+0xe1/0x1b0 [ 3355.470051][ T28] ? syscall_enter_from_user_mode+0x26/0x80 [ 3355.480691][ T28] do_syscall_64+0x39/0xb0 [ 3355.489373][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3355.499646][ T28] RIP: 0033:0x7f8fbd03e19c [ 3355.504073][ T28] RSP: 002b:00007fff2337bef0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 3355.522207][ T28] RAX: ffffffffffffffda RBX: 00007f8fbdcd4620 RCX: 00007f8fbd03e19c [ 3355.532927][ T28] RDX: 0000000000000028 RSI: 00007f8fbdcd4670 RDI: 0000000000000003 [ 3355.544053][ T28] RBP: 0000000000000000 R08: 00007fff2337bf44 R09: 000000000000000c [ 3355.569836][ T28] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 3355.582643][ T28] R13: 00007f8fbdcd4670 R14: 0000000000000003 R15: 0000000000000000 [ 3355.594167][ T28] [ 3355.601479][ T28] [ 3355.601479][ T28] Showing all locks held in the system: [ 3355.611949][ T28] 1 lock held by rcu_tasks_kthre/13: [ 3355.621653][ T28] #0: ffffffff8c7984b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 3355.640317][ T28] 1 lock held by rcu_tasks_trace/14: [ 3355.649510][ T28] #0: ffffffff8c7981b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 3355.663587][ T28] 1 lock held by khungtaskd/28: [ 3355.673871][ T28] #0: ffffffff8c7990c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 [ 3355.693858][ T28] 2 locks held by getty/4751: [ 3355.702378][ T28] #0: ffff888028852098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 3355.720457][ T28] #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 3355.733426][ T28] 5 locks held by kworker/u4:10/6323: [ 3355.743394][ T28] #0: ffff888014267938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 [ 3355.763313][ T28] #1: ffffc900039a7db0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 [ 3355.798899][ T28] #2: ffffffff8e101850 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9f/0xb10 [ 3355.811695][ T28] #3: ffffffff8e115228 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x92/0x5b0 [ 3355.829329][ T28] #4: ffffffff8c7a4538 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x64a/0x770 [ 3355.843398][ T28] 3 locks held by kworker/0:11/26295: [ 3355.853262][ T28] #0: ffff888027e31538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 [ 3355.873832][ T28] #1: ffffc9000548fdb0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 [ 3355.892054][ T28] #2: ffffffff8e115228 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xa7/0x1390 [ 3355.910071][ T28] 3 locks held by kworker/1:13/26765: [ 3355.919826][ T28] #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 [ 3355.933425][ T28] #1: ffffc90005807db0 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 [ 3355.952554][ T28] #2: ffffffff8e115228 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 3355.970977][ T28] 3 locks held by kworker/1:14/26768: [ 3355.981638][ T28] #0: ffff888027e31538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 [ 3356.003924][ T28] #1: ffffc900059b7db0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 [ 3356.033504][ T28] #2: ffffffff8e115228 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xa7/0x1390 [ 3356.051720][ T28] 2 locks held by kworker/0:0/1507: [ 3356.059891][ T28] #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 [ 3356.073374][ T28] #1: ffffc9000b20fdb0 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 [ 3356.091441][ T28] 3 locks held by kworker/0:1/2646: [ 3356.111846][ T28] #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 [ 3356.129805][ T28] #1: ffffc90006197db0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 [ 3356.143092][ T28] #2: ffffffff8e115228 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xf/0x70 [ 3356.160826][ T28] 1 lock held by syz-executor.2/3233: [ 3356.170335][ T28] #0: ffffffff8e115228 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e8/0xd50 [ 3356.184064][ T28] 1 lock held by syz-executor.2/3539: [ 3356.194031][ T28] #0: ffffffff8e115228 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e8/0xd50 [ 3356.213172][ T28] 1 lock held by syz-executor.2/3544: [ 3356.221586][ T28] #0: ffffffff8e115228 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e8/0xd50 [ 3356.233910][ T28] 1 lock held by syz-executor.2/3552: [ 3356.243666][ T28] #0: ffffffff8e115228 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e8/0xd50 [ 3356.272997][ T28] [ 3356.278454][ T28] ============================================= [ 3356.278454][ T28] [ 3356.291484][ T28] NMI backtrace for cpu 1 [ 3356.295810][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3356.305602][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3356.315815][ T28] Call Trace: [ 3356.319078][ T28] [ 3356.322044][ T28] dump_stack_lvl+0xd9/0x150 [ 3356.326637][ T28] nmi_cpu_backtrace+0x29c/0x350 [ 3356.331569][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 3356.336755][ T28] nmi_trigger_cpumask_backtrace+0x2a4/0x300 [ 3356.342730][ T28] watchdog+0xe16/0x1090 [ 3356.346973][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 3356.352970][ T28] kthread+0x344/0x440 [ 3356.357052][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 3356.362706][ T28] ret_from_fork+0x1f/0x30 [ 3356.367149][ T28] [ 3356.408842][ T28] Sending NMI from CPU 1 to CPUs 0: [ 3356.414113][ C0] NMI backtrace for cpu 0 [ 3356.414122][ C0] CPU: 0 PID: 5421 Comm: kworker/u4:9 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3356.414136][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3356.414144][ C0] Workqueue: bat_events batadv_nc_worker [ 3356.414163][ C0] RIP: 0010:__lock_acquire+0x264/0x5f30 [ 3356.414181][ C0] Code: 24 28 0f b7 74 24 10 49 8d 47 20 48 89 c2 48 89 44 24 38 66 81 e6 ff 1f 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 14 02 <84> d2 74 09 80 fa 03 0f 8e 7f 15 00 00 41 0f b7 47 20 49 8d 7f 08 [ 3356.414192][ C0] RSP: 0018:ffffc9000593fa28 EFLAGS: 00000012 [ 3356.414201][ C0] RAX: dffffc0000000000 RBX: 1ffff92000b27f76 RCX: 0000000000000002 [ 3356.414209][ C0] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 00000000000006ca [ 3356.414216][ C0] RBP: ffff888026379dc0 R08: 0000000000000000 R09: 0000000000000000 [ 3356.414223][ C0] R10: 1ffff11004c6f51a R11: 0000000000000000 R12: ffffffff8c7990c0 [ 3356.414230][ C0] R13: 0000000000000000 R14: ffff88802637a8b0 R15: ffff88802637a8d8 [ 3356.414240][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 3356.414251][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3356.414259][ C0] CR2: 000056171807c068 CR3: 000000000c571000 CR4: 0000000000350ef0 [ 3356.414267][ C0] Call Trace: [ 3356.414271][ C0] [ 3356.414275][ C0] ? nmi_cpu_backtrace+0x1d0/0x350 [ 3356.414294][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 3356.414306][ C0] ? nmi_handle+0x13d/0x400 [ 3356.414323][ C0] ? irqentry_nmi_enter+0x80/0x90 [ 3356.414337][ C0] ? __lock_acquire+0x264/0x5f30 [ 3356.414352][ C0] ? default_do_nmi+0x6b/0x170 [ 3356.414364][ C0] ? exc_nmi+0x171/0x1e0 [ 3356.414375][ C0] ? end_repeat_nmi+0x16/0x31 [ 3356.414387][ C0] ? __lock_acquire+0x264/0x5f30 [ 3356.414402][ C0] ? __lock_acquire+0x264/0x5f30 [ 3356.414417][ C0] ? __lock_acquire+0x264/0x5f30 [ 3356.414431][ C0] [ 3356.414434][ C0] [ 3356.414443][ C0] ? __lock_acquire+0x1987/0x5f30 [ 3356.414460][ C0] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 3356.414480][ C0] lock_acquire+0x1b1/0x520 [ 3356.414496][ C0] ? batadv_nc_worker+0xf7/0xfe0 [ 3356.414510][ C0] ? lock_sync+0x190/0x190 [ 3356.414524][ C0] ? batadv_nc_worker+0x84a/0xfe0 [ 3356.414535][ C0] ? lock_downgrade+0x690/0x690 [ 3356.414552][ C0] batadv_nc_worker+0x131/0xfe0 [ 3356.414564][ C0] ? batadv_nc_worker+0xf7/0xfe0 [ 3356.414578][ C0] process_one_work+0x99a/0x15e0 [ 3356.414600][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 3356.414617][ C0] ? spin_bug+0x1c0/0x1c0 [ 3356.414631][ C0] ? _raw_spin_lock_irq+0x45/0x50 [ 3356.414648][ C0] worker_thread+0x67d/0x10c0 [ 3356.414664][ C0] ? process_one_work+0x15e0/0x15e0 [ 3356.414680][ C0] kthread+0x344/0x440 [ 3356.414692][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 3356.414706][ C0] ret_from_fork+0x1f/0x30 [ 3356.414725][ C0] [ 3356.432160][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 3356.432172][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 3356.432188][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 3356.432196][ T28] Call Trace: [ 3356.432201][ T28] [ 3356.432206][ T28] dump_stack_lvl+0xd9/0x150 [ 3356.432235][ T28] panic+0x686/0x730 [ 3356.432255][ T28] ? panic_smp_self_stop+0xa0/0xa0 [ 3356.432277][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 3356.432292][ T28] ? preempt_schedule_thunk+0x1a/0x20 [ 3356.432315][ T28] ? watchdog+0xbe8/0x1090 [ 3356.432338][ T28] watchdog+0xbf9/0x1090 [ 3356.432358][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 3356.432379][ T28] kthread+0x344/0x440 [ 3356.432395][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 3356.432415][ T28] ret_from_fork+0x1f/0x30 [ 3356.432441][ T28] [ 3356.440069][ T28] Kernel Offset: disabled [ 3356.788440][ T28] Rebooting in 86400 seconds..