er_from_user_mode+0x22/0xb0 [ 3277.558075][T14725] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3277.563998][T14725] do_syscall_64+0x35/0xb0 [ 3277.568423][T14725] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3277.574331][T14725] RIP: 0033:0x7ff38a48a6a1 [ 3277.578746][T14725] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3277.598461][T14725] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3277.606900][T14725] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3277.614893][T14725] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3277.622862][T14725] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3277.630830][T14725] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3277.638796][T14725] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3277.646785][T14725] [ 3277.661273][T14725] memory: usage 307200kB, limit 307200kB, failcnt 2864 [ 3277.668921][T14725] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3277.676137][T14725] Memory cgroup stats for /syz2: [ 3277.676357][T14725] anon 147456 [ 3277.676357][T14725] file 360448 [ 3277.676357][T14725] kernel 314064896 [ 3277.676357][T14725] kernel_stack 65536 [ 3277.676357][T14725] pagetables 81920 [ 3277.676357][T14725] percpu 5433376 [ 3277.676357][T14725] sock 0 [ 3277.676357][T14725] vmalloc 0 [ 3277.676357][T14725] shmem 356352 [ 3277.676357][T14725] zswap 0 [ 3277.676357][T14725] zswapped 0 [ 3277.676357][T14725] file_mapped 356352 [ 3277.676357][T14725] file_dirty 4096 [ 3277.676357][T14725] file_writeback 0 [ 3277.676357][T14725] swapcached 0 [ 3277.676357][T14725] anon_thp 0 [ 3277.676357][T14725] file_thp 0 [ 3277.676357][T14725] shmem_thp 0 [ 3277.676357][T14725] inactive_anon 204800 [ 3277.676357][T14725] active_anon 299008 [ 3277.676357][T14725] inactive_file 0 [ 3277.676357][T14725] active_file 4096 [ 3277.676357][T14725] unevictable 0 [ 3277.676357][T14725] slab_reclaimable 58856 [ 3277.676357][T14725] slab_unreclaimable 308387568 [ 3277.676357][T14725] slab 308446424 [ 3277.708204][T14730] bridge4118: port 1(bridge_slave_1) entered blocking state [ 3277.778998][T14725] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2 [ 3277.784813][T14730] bridge4118: port 1(bridge_slave_1) entered disabled state [ 3277.787001][T14725] ,task_memcg=/syz2,task=syz-executor.2,pid=14725,uid=0 [ 3277.831727][T14728] bridge4118: port 1(bridge_slave_1) entered blocking state [ 3277.839354][T14728] bridge4118: port 1(bridge_slave_1) entered forwarding state [ 3277.846089][T14725] Memory cgroup out of memory: Killed process 14725 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:14:59 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fb3000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3277.903121][T14735] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3277.915071][T14728] bond0: (slave bridge4118): Enslaving as an active interface with an up link [ 3277.917689][T14735] CPU: 0 PID: 14735 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3277.934115][T14735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3277.944200][T14735] Call Trace: [ 3277.947502][T14735] [ 3277.950462][T14735] dump_stack_lvl+0xcd/0x134 [ 3277.955094][T14735] dump_header+0x10b/0x7f9 [ 3277.959548][T14735] oom_kill_process.cold+0x10/0x15 [ 3277.964707][T14735] out_of_memory+0x358/0x14a0 [ 3277.969424][T14735] ? find_held_lock+0x2d/0x110 [ 3277.970246][T14732] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3277.974208][T14735] ? oom_killer_disable+0x270/0x270 [ 3277.988721][T14735] ? find_held_lock+0x2d/0x110 [ 3277.993532][T14735] mem_cgroup_out_of_memory+0x206/0x270 [ 3277.999126][T14735] ? mem_cgroup_margin+0x130/0x130 [ 3278.004275][T14735] ? lock_downgrade+0x6e0/0x6e0 [ 3278.009176][T14735] try_charge_memcg+0xf67/0x13f0 [ 3278.014153][T14735] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3278.020187][T14735] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3278.025929][T14735] ? lock_downgrade+0x6e0/0x6e0 [ 3278.030809][T14735] obj_cgroup_charge+0x2ab/0x5e0 [ 3278.035762][T14735] ? __anon_vma_prepare+0x2d6/0x560 [ 3278.041012][T14735] kmem_cache_alloc+0x96/0x3b0 [ 3278.045794][T14735] __anon_vma_prepare+0x2d6/0x560 [ 3278.050838][T14735] ? __pmd_alloc+0x2ff/0x5c0 [ 3278.055441][T14735] __handle_mm_fault+0x340e/0x39b0 [ 3278.060567][T14735] ? vm_iomap_memory+0x190/0x190 [ 3278.065537][T14735] handle_mm_fault+0x1c8/0x780 [ 3278.070312][T14735] do_user_addr_fault+0x475/0x1210 [ 3278.075446][T14735] exc_page_fault+0x94/0x170 [ 3278.080048][T14735] asm_exc_page_fault+0x22/0x30 [ 3278.084907][T14735] RIP: 0033:0x7f98a3484695 [ 3278.089325][T14735] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3278.108941][T14735] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3278.115035][T14735] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3278.123018][T14735] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3278.130996][T14735] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3278.138981][T14735] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032041f [ 3278.146962][T14735] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3278.154973][T14735] 03:14:59 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f3100008c020a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3278.179185][T14735] memory: usage 307188kB, limit 307200kB, failcnt 25039 [ 3278.186357][T14735] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3278.189997][T14747] bridge4118: port 1(bridge_slave_1) entered disabled state [ 3278.193943][T14735] Memory cgroup stats for /syz0: [ 3278.201129][T14735] anon 126976 [ 3278.201129][T14735] file 319488 [ 3278.201129][T14735] kernel 314114048 [ 3278.201129][T14735] kernel_stack 65536 [ 3278.201129][T14735] pagetables 81920 [ 3278.201129][T14735] percpu 5425088 [ 3278.201129][T14735] sock 0 [ 3278.201129][T14735] vmalloc 0 [ 3278.201129][T14735] shmem 319488 [ 3278.201129][T14735] zswap 0 [ 3278.201129][T14735] zswapped 0 [ 3278.201129][T14735] file_mapped 303104 [ 3278.201129][T14735] file_dirty 0 [ 3278.201129][T14735] file_writeback 0 [ 3278.201129][T14735] swapcached 0 [ 3278.201129][T14735] anon_thp 0 [ 3278.201129][T14735] file_thp 0 [ 3278.201129][T14735] shmem_thp 0 [ 3278.201129][T14735] inactive_anon 131072 [ 3278.201129][T14735] active_anon 315392 [ 3278.201129][T14735] inactive_file 0 [ 3278.201129][T14735] active_file 0 [ 3278.201129][T14735] unevictable 0 [ 3278.201129][T14735] slab_reclaimable 226056 [ 3278.201129][T14735] slab_unreclaimable 308279624 [ 3278.201129][T14735] slab 308505680 [ 3278.299223][T14735] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14735,uid=0 03:14:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fd2", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:14:59 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3278.315075][T14735] Memory cgroup out of memory: Killed process 14735 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3278.336564][T14750] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3278.345354][T14736] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3278.383330][T14750] CPU: 1 PID: 14750 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3278.393529][T14750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3278.403615][T14750] Call Trace: [ 3278.406918][T14750] [ 3278.409862][T14750] dump_stack_lvl+0xcd/0x134 [ 3278.414493][T14750] dump_header+0x10b/0x7f9 [ 3278.418946][T14750] oom_kill_process.cold+0x10/0x15 [ 3278.424089][T14750] out_of_memory+0x358/0x14a0 [ 3278.428815][T14750] ? oom_killer_disable+0x270/0x270 [ 3278.434070][T14750] ? find_held_lock+0x2d/0x110 [ 3278.438874][T14750] mem_cgroup_out_of_memory+0x206/0x270 [ 3278.444449][T14750] ? mem_cgroup_margin+0x130/0x130 [ 3278.449577][T14750] ? lock_downgrade+0x6e0/0x6e0 [ 3278.454460][T14750] try_charge_memcg+0xf67/0x13f0 [ 3278.459422][T14750] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3278.465426][T14750] ? lock_downgrade+0x6e0/0x6e0 [ 3278.470304][T14750] charge_memcg+0x31/0x320 [ 3278.474732][T14750] __mem_cgroup_charge+0x27/0x90 [ 3278.479678][T14750] ? _compound_head+0x5d/0x150 [ 3278.484457][T14750] wp_page_copy+0x27c/0x1b60 [ 3278.489067][T14750] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3278.494531][T14750] ? lock_downgrade+0x6e0/0x6e0 [ 3278.499390][T14750] ? vm_normal_page+0x146/0x2a0 [ 3278.504262][T14750] do_wp_page+0x1d1/0x1910 [ 3278.508691][T14750] __handle_mm_fault+0x1813/0x39b0 [ 3278.513818][T14750] ? vm_iomap_memory+0x190/0x190 [ 3278.518788][T14750] handle_mm_fault+0x1c8/0x780 [ 3278.523567][T14750] do_user_addr_fault+0x475/0x1210 [ 3278.528699][T14750] exc_page_fault+0x94/0x170 [ 3278.533301][T14750] asm_exc_page_fault+0x22/0x30 [ 3278.538179][T14750] RIP: 0033:0x7ff38a4374b0 [ 3278.542602][T14750] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3278.562222][T14750] RSP: 002b:00007ffe54c81760 EFLAGS: 00010246 [ 3278.568297][T14750] RAX: 00000000098f1ddc RBX: 00007ff38a59c018 RCX: 0000001b2ee20000 [ 3278.576272][T14750] RDX: 0000000000000000 RSI: 0000001b2ee20018 RDI: 000000000d570f0d [ 3278.584246][T14750] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3278.592219][T14750] R10: 00007ffe54c81930 R11: 0000000000000246 R12: 00007ff38a590000 [ 3278.600192][T14750] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3278.608227][T14750] ? __x64_sys_socket+0xd/0xb0 [ 3278.613020][T14750] [ 3278.654835][T14750] memory: usage 307160kB, limit 307200kB, failcnt 2907 [ 3278.662176][T14750] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3278.673155][T14750] Memory cgroup stats for /syz2: [ 3278.673397][T14750] anon 122880 [ 3278.673397][T14750] file 360448 [ 3278.673397][T14750] kernel 314048512 [ 3278.673397][T14750] kernel_stack 65536 [ 3278.673397][T14750] pagetables 69632 [ 3278.673397][T14750] percpu 5433376 [ 3278.673397][T14750] sock 0 [ 3278.673397][T14750] vmalloc 0 [ 3278.673397][T14750] shmem 356352 [ 3278.673397][T14750] zswap 0 [ 3278.673397][T14750] zswapped 0 [ 3278.673397][T14750] file_mapped 356352 [ 3278.673397][T14750] file_dirty 4096 [ 3278.673397][T14750] file_writeback 0 [ 3278.673397][T14750] swapcached 0 [ 3278.673397][T14750] anon_thp 0 [ 3278.673397][T14750] file_thp 0 [ 3278.673397][T14750] shmem_thp 0 [ 3278.673397][T14750] inactive_anon 180224 [ 3278.673397][T14750] active_anon 299008 [ 3278.673397][T14750] inactive_file 0 [ 3278.673397][T14750] active_file 4096 [ 3278.673397][T14750] unevictable 0 [ 3278.673397][T14750] slab_reclaimable 56928 [ 3278.673397][T14750] slab_unreclaimable 308389448 [ 3278.673397][T14750] slab 308446376 [ 3278.774936][T14750] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14750,uid=0 [ 3278.791283][T14750] Memory cgroup out of memory: Killed process 14750 (syz-executor.2) total-vm:54508kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3278.809164][T14741] bridge3170: port 1(bridge_slave_1) entered blocking state [ 3278.816547][T14741] bridge3170: port 1(bridge_slave_1) entered disabled state 03:15:00 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000a8070a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3278.865143][T14752] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3278.903690][T14752] CPU: 0 PID: 14752 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3278.913896][T14752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3278.923950][T14752] Call Trace: [ 3278.927239][T14752] [ 3278.930177][T14752] dump_stack_lvl+0xcd/0x134 [ 3278.934771][T14752] dump_header+0x10b/0x7f9 [ 3278.939190][T14752] oom_kill_process.cold+0x10/0x15 [ 3278.944309][T14752] out_of_memory+0x358/0x14a0 [ 3278.949005][T14752] ? find_held_lock+0x2d/0x110 [ 3278.953796][T14752] ? oom_killer_disable+0x270/0x270 [ 3278.959023][T14752] ? find_held_lock+0x2d/0x110 [ 3278.963803][T14752] mem_cgroup_out_of_memory+0x206/0x270 [ 3278.969379][T14752] ? mem_cgroup_margin+0x130/0x130 [ 3278.974497][T14752] ? lock_downgrade+0x6e0/0x6e0 [ 3278.979369][T14752] try_charge_memcg+0xf67/0x13f0 [ 3278.984346][T14752] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3278.990427][T14752] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3278.996329][T14752] ? lock_downgrade+0x6e0/0x6e0 [ 3279.001227][T14752] obj_cgroup_charge+0x2ab/0x5e0 [ 3279.006178][T14752] ? __anon_vma_prepare+0x2d6/0x560 [ 3279.011381][T14752] kmem_cache_alloc+0x96/0x3b0 [ 3279.016158][T14752] __anon_vma_prepare+0x2d6/0x560 [ 3279.021190][T14752] ? __pmd_alloc+0x2ff/0x5c0 [ 3279.025792][T14752] __handle_mm_fault+0x340e/0x39b0 [ 3279.030922][T14752] ? vm_iomap_memory+0x190/0x190 [ 3279.035904][T14752] handle_mm_fault+0x1c8/0x780 [ 3279.040679][T14752] do_user_addr_fault+0x475/0x1210 [ 3279.045819][T14752] exc_page_fault+0x94/0x170 [ 3279.050432][T14752] asm_exc_page_fault+0x22/0x30 [ 3279.055348][T14752] RIP: 0033:0x7f98a3484695 [ 3279.059775][T14752] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3279.079409][T14752] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3279.085483][T14752] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3279.093458][T14752] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3279.101535][T14752] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3279.109526][T14752] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00000000003207e3 [ 3279.117501][T14752] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3279.125493][T14752] [ 3279.138554][T14752] memory: usage 307200kB, limit 307200kB, failcnt 25114 [ 3279.156456][T14742] bond0: (slave bridge3170): Enslaving as an active interface with an up link [ 3279.161496][T14752] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3279.177277][T14752] Memory cgroup stats for /syz0: [ 3279.177571][T14752] anon 126976 [ 3279.177571][T14752] file 319488 [ 3279.177571][T14752] kernel 314126336 [ 3279.177571][T14752] kernel_stack 65536 [ 3279.177571][T14752] pagetables 81920 [ 3279.177571][T14752] percpu 5425088 [ 3279.177571][T14752] sock 0 [ 3279.177571][T14752] vmalloc 0 [ 3279.177571][T14752] shmem 319488 [ 3279.177571][T14752] zswap 0 [ 3279.177571][T14752] zswapped 0 [ 3279.177571][T14752] file_mapped 303104 [ 3279.177571][T14752] file_dirty 0 [ 3279.177571][T14752] file_writeback 0 [ 3279.177571][T14752] swapcached 0 [ 3279.177571][T14752] anon_thp 0 [ 3279.177571][T14752] file_thp 0 [ 3279.177571][T14752] shmem_thp 0 [ 3279.177571][T14752] inactive_anon 131072 [ 3279.177571][T14752] active_anon 315392 [ 3279.177571][T14752] inactive_file 0 [ 3279.177571][T14752] active_file 0 [ 3279.177571][T14752] unevictable 0 [ 3279.177571][T14752] slab_reclaimable 226056 03:15:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000003a200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3279.177571][T14752] slab_unreclaimable 308290720 [ 3279.177571][T14752] slab 308516776 [ 3279.255983][T14744] bridge2526: port 1(bridge_slave_1) entered disabled state 03:15:00 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fd3", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3279.304492][T14752] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14752,uid=0 [ 3279.320923][T14752] Memory cgroup out of memory: Killed process 14752 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3279.361946][T14744] bridge2527: port 1(bridge_slave_1) entered blocking state [ 3279.378887][T14744] bridge2527: port 1(bridge_slave_1) entered disabled state [ 3279.391074][T14757] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3279.415564][T14757] CPU: 1 PID: 14757 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3279.425789][T14757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3279.435901][T14757] Call Trace: [ 3279.439228][T14757] [ 3279.442174][T14757] dump_stack_lvl+0xcd/0x134 [ 3279.446807][T14757] dump_header+0x10b/0x7f9 [ 3279.451268][T14757] oom_kill_process.cold+0x10/0x15 [ 3279.456452][T14757] out_of_memory+0x358/0x14a0 [ 3279.461179][T14757] ? find_held_lock+0x2d/0x110 [ 3279.465978][T14757] ? oom_killer_disable+0x270/0x270 [ 3279.471221][T14757] ? find_held_lock+0x2d/0x110 [ 3279.476011][T14757] mem_cgroup_out_of_memory+0x206/0x270 [ 3279.481583][T14757] ? mem_cgroup_margin+0x130/0x130 [ 3279.486727][T14757] ? lock_downgrade+0x6e0/0x6e0 [ 3279.491618][T14757] try_charge_memcg+0xf67/0x13f0 [ 3279.496575][T14757] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3279.502571][T14757] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3279.508301][T14757] ? lock_downgrade+0x6e0/0x6e0 [ 3279.513164][T14757] ? lock_downgrade+0x6e0/0x6e0 [ 3279.518020][T14757] ? rcu_read_unlock+0x9/0x60 [ 3279.522730][T14757] obj_cgroup_charge+0x2ab/0x5e0 [ 3279.527683][T14757] ? copy_process+0x4ce/0x7090 [ 3279.532466][T14757] kmem_cache_alloc_node+0x92/0x3f0 [ 3279.537691][T14757] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3279.542907][T14757] copy_process+0x4ce/0x7090 [ 3279.547510][T14757] ? __lock_acquire+0xbc3/0x56d0 [ 3279.552464][T14757] ? __cleanup_sighand+0xb0/0xb0 [ 3279.557432][T14757] kernel_clone+0xe7/0xab0 [ 3279.561867][T14757] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3279.567862][T14757] ? create_io_thread+0xe0/0xe0 [ 3279.572739][T14757] ? find_held_lock+0x2d/0x110 [ 3279.577517][T14757] ? __ct_user_exit+0xff/0x150 [ 3279.582300][T14757] __do_sys_clone+0xba/0x100 [ 3279.586900][T14757] ? kernel_clone+0xab0/0xab0 [ 3279.591614][T14757] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3279.597521][T14757] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3279.603434][T14757] do_syscall_64+0x35/0xb0 [ 3279.607875][T14757] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3279.613780][T14757] RIP: 0033:0x7ff38a48a6a1 [ 3279.618198][T14757] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3279.637818][T14757] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3279.646253][T14757] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3279.654235][T14757] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3279.662212][T14757] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3279.670881][T14757] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3279.678941][T14757] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3279.686935][T14757] [ 3279.700979][T14757] memory: usage 307200kB, limit 307200kB, failcnt 2956 [ 3279.708299][T14757] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3279.715461][T14757] Memory cgroup stats for /syz2: [ 3279.715697][T14757] anon 147456 [ 3279.715697][T14757] file 360448 [ 3279.715697][T14757] kernel 314064896 [ 3279.715697][T14757] kernel_stack 65536 [ 3279.715697][T14757] pagetables 81920 [ 3279.715697][T14757] percpu 5433376 [ 3279.715697][T14757] sock 0 [ 3279.715697][T14757] vmalloc 0 [ 3279.715697][T14757] shmem 356352 [ 3279.715697][T14757] zswap 0 [ 3279.715697][T14757] zswapped 0 [ 3279.715697][T14757] file_mapped 356352 [ 3279.715697][T14757] file_dirty 4096 [ 3279.715697][T14757] file_writeback 0 [ 3279.715697][T14757] swapcached 0 [ 3279.715697][T14757] anon_thp 0 [ 3279.715697][T14757] file_thp 0 [ 3279.715697][T14757] shmem_thp 0 [ 3279.715697][T14757] inactive_anon 204800 [ 3279.715697][T14757] active_anon 299008 [ 3279.715697][T14757] inactive_file 4096 [ 3279.715697][T14757] active_file 0 [ 3279.715697][T14757] unevictable 0 [ 3279.715697][T14757] slab_reclaimable 58856 [ 3279.715697][T14757] slab_unreclaimable 308391408 [ 3279.715697][T14757] slab 308450264 03:15:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fb4000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f759, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3279.740698][T14745] bond0: (slave bridge2527): Enslaving as an active interface with an up link [ 3279.834843][T14756] bridge1269: port 1(bridge_slave_1) entered disabled state [ 3279.847813][T14757] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14757,uid=0 [ 3279.865495][T14757] Memory cgroup out of memory: Killed process 14757 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3279.892522][T14756] bridge1272: port 1(bridge_slave_1) entered blocking state [ 3279.909016][T14763] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3279.914146][T14756] bridge1272: port 1(bridge_slave_1) entered disabled state [ 3279.935232][T14763] CPU: 1 PID: 14763 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3279.945441][T14763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3279.955516][T14763] Call Trace: [ 3279.958814][T14763] [ 3279.961754][T14763] dump_stack_lvl+0xcd/0x134 03:15:01 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3279.966391][T14763] dump_header+0x10b/0x7f9 [ 3279.970856][T14763] oom_kill_process.cold+0x10/0x15 [ 3279.976007][T14763] out_of_memory+0x358/0x14a0 [ 3279.980729][T14763] ? find_held_lock+0x2d/0x110 [ 3279.985525][T14763] ? oom_killer_disable+0x270/0x270 [ 3279.990767][T14763] ? find_held_lock+0x2d/0x110 [ 3279.995568][T14763] mem_cgroup_out_of_memory+0x206/0x270 [ 3280.001150][T14763] ? mem_cgroup_margin+0x130/0x130 [ 3280.006294][T14763] ? lock_downgrade+0x6e0/0x6e0 [ 3280.011198][T14763] try_charge_memcg+0xf67/0x13f0 [ 3280.016180][T14763] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3280.022194][T14763] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3280.027946][T14763] ? lock_downgrade+0x6e0/0x6e0 [ 3280.032849][T14763] obj_cgroup_charge+0x2ab/0x5e0 [ 3280.037825][T14763] ? __anon_vma_prepare+0x60/0x560 [ 3280.042969][T14763] kmem_cache_alloc+0x96/0x3b0 [ 3280.047774][T14763] __anon_vma_prepare+0x60/0x560 [ 3280.052742][T14763] ? __pmd_alloc+0x2ff/0x5c0 [ 3280.054518][T14762] __nla_validate_parse: 3 callbacks suppressed [ 3280.054534][T14762] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3280.057355][T14763] __handle_mm_fault+0x340e/0x39b0 [ 3280.057397][T14763] ? vm_iomap_memory+0x190/0x190 [ 3280.057447][T14763] handle_mm_fault+0x1c8/0x780 [ 3280.057478][T14763] do_user_addr_fault+0x475/0x1210 [ 3280.057520][T14763] exc_page_fault+0x94/0x170 [ 3280.057553][T14763] asm_exc_page_fault+0x22/0x30 [ 3280.057577][T14763] RIP: 0033:0x7f98a3484695 [ 3280.057598][T14763] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3280.057621][T14763] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3280.132486][T14763] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3280.140496][T14763] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3280.148498][T14763] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3280.156501][T14763] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000320bfa 03:15:01 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000b0070a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3280.164506][T14763] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3280.172564][T14763] [ 3280.174002][T14764] bridge3170: port 1(bridge_slave_1) entered disabled state [ 3280.222654][T14763] memory: usage 307200kB, limit 307200kB, failcnt 25187 [ 3280.230754][T14763] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3280.241269][T14763] Memory cgroup stats for /syz0: [ 3280.241484][T14763] anon 126976 [ 3280.241484][T14763] file 319488 [ 3280.241484][T14763] kernel 314126336 [ 3280.241484][T14763] kernel_stack 65536 [ 3280.241484][T14763] pagetables 81920 [ 3280.241484][T14763] percpu 5425088 [ 3280.241484][T14763] sock 0 [ 3280.241484][T14763] vmalloc 0 [ 3280.241484][T14763] shmem 319488 [ 3280.241484][T14763] zswap 0 [ 3280.241484][T14763] zswapped 0 [ 3280.241484][T14763] file_mapped 303104 [ 3280.241484][T14763] file_dirty 0 [ 3280.241484][T14763] file_writeback 0 [ 3280.241484][T14763] swapcached 0 [ 3280.241484][T14763] anon_thp 0 [ 3280.241484][T14763] file_thp 0 [ 3280.241484][T14763] shmem_thp 0 [ 3280.241484][T14763] inactive_anon 131072 [ 3280.241484][T14763] active_anon 315392 [ 3280.241484][T14763] inactive_file 0 [ 3280.241484][T14763] active_file 0 [ 3280.241484][T14763] unevictable 0 [ 3280.241484][T14763] slab_reclaimable 226056 [ 3280.241484][T14763] slab_unreclaimable 308290600 [ 3280.241484][T14763] slab 308516656 [ 3280.253395][T14764] bridge3171: port 1(bridge_slave_1) entered blocking state [ 3280.346224][T14763] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14763,uid=0 [ 3280.354659][T14764] bridge3171: port 1(bridge_slave_1) entered disabled state [ 3280.370127][T14763] Memory cgroup out of memory: Killed process 14763 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3280.404712][T14777] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3280.423589][T14777] CPU: 0 PID: 14777 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3280.433785][T14777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3280.443851][T14777] Call Trace: [ 3280.447136][T14777] [ 3280.450076][T14777] dump_stack_lvl+0xcd/0x134 [ 3280.454694][T14777] dump_header+0x10b/0x7f9 [ 3280.459239][T14777] oom_kill_process.cold+0x10/0x15 [ 3280.459776][T14766] bond0: (slave bridge3171): Enslaving as an active interface with an up link [ 3280.464366][T14777] out_of_memory+0x358/0x14a0 [ 3280.464409][T14777] ? oom_killer_disable+0x270/0x270 [ 3280.464443][T14777] ? find_held_lock+0x2d/0x110 [ 3280.488003][T14777] mem_cgroup_out_of_memory+0x206/0x270 [ 3280.493579][T14777] ? mem_cgroup_margin+0x130/0x130 [ 3280.498721][T14777] ? lock_downgrade+0x6e0/0x6e0 [ 3280.503622][T14777] try_charge_memcg+0xf67/0x13f0 [ 3280.508613][T14777] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3280.513844][T14784] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 03:15:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000003a200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3280.514636][T14777] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3280.529672][T14777] ? lock_downgrade+0x6e0/0x6e0 [ 3280.534557][T14777] ? lock_downgrade+0x6e0/0x6e0 [ 3280.539436][T14777] ? rcu_read_unlock+0x9/0x60 [ 3280.544159][T14777] obj_cgroup_charge+0x2ab/0x5e0 [ 3280.549124][T14777] ? copy_process+0x4ce/0x7090 [ 3280.553932][T14777] kmem_cache_alloc_node+0x92/0x3f0 [ 3280.559160][T14777] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3280.564391][T14777] copy_process+0x4ce/0x7090 [ 3280.569016][T14777] ? __lock_acquire+0xbc3/0x56d0 [ 3280.573989][T14777] ? __cleanup_sighand+0xb0/0xb0 [ 3280.578989][T14777] kernel_clone+0xe7/0xab0 [ 3280.580579][T14784] bridge3171: port 1(bridge_slave_1) entered disabled state [ 3280.583509][T14777] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3280.583549][T14777] ? create_io_thread+0xe0/0xe0 [ 3280.583586][T14777] ? find_held_lock+0x2d/0x110 [ 3280.606731][T14777] ? __ct_user_exit+0xff/0x150 [ 3280.611506][T14777] __do_sys_clone+0xba/0x100 [ 3280.616093][T14777] ? kernel_clone+0xab0/0xab0 [ 3280.620786][T14777] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3280.626698][T14777] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3280.632609][T14777] do_syscall_64+0x35/0xb0 [ 3280.637034][T14777] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3280.642947][T14777] RIP: 0033:0x7ff38a48a6a1 [ 3280.647365][T14777] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3280.667002][T14777] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3280.675509][T14777] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3280.683487][T14777] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3280.691463][T14777] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3280.699440][T14777] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3280.707421][T14777] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3280.715416][T14777] 03:15:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fd4", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3280.731398][T14777] memory: usage 307200kB, limit 307200kB, failcnt 3037 [ 3280.746642][T14777] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3280.757882][T14777] Memory cgroup stats for /syz2: [ 3280.758112][T14777] anon 147456 [ 3280.758112][T14777] file 360448 [ 3280.758112][T14777] kernel 314064896 [ 3280.758112][T14777] kernel_stack 65536 [ 3280.758112][T14777] pagetables 81920 [ 3280.758112][T14777] percpu 5433376 [ 3280.758112][T14777] sock 0 [ 3280.758112][T14777] vmalloc 0 [ 3280.758112][T14777] shmem 356352 [ 3280.758112][T14777] zswap 0 [ 3280.758112][T14777] zswapped 0 [ 3280.758112][T14777] file_mapped 356352 [ 3280.758112][T14777] file_dirty 4096 [ 3280.758112][T14777] file_writeback 0 [ 3280.758112][T14777] swapcached 0 [ 3280.758112][T14777] anon_thp 0 [ 3280.758112][T14777] file_thp 0 [ 3280.758112][T14777] shmem_thp 0 [ 3280.758112][T14777] inactive_anon 204800 [ 3280.758112][T14777] active_anon 299008 [ 3280.758112][T14777] inactive_file 0 [ 3280.758112][T14777] active_file 4096 [ 3280.758112][T14777] unevictable 0 [ 3280.758112][T14777] slab_reclaimable 58856 [ 3280.758112][T14777] slab_unreclaimable 308391408 [ 3280.758112][T14777] slab 308450264 [ 3280.773093][T14784] bridge3172: port 1(bridge_slave_1) entered blocking state [ 3280.856670][T14777] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14777,uid=0 [ 3280.879530][T14777] Memory cgroup out of memory: Killed process 14777 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3280.898456][T14786] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3280.912110][T14784] bridge3172: port 1(bridge_slave_1) entered disabled state [ 3280.922551][T14786] CPU: 1 PID: 14786 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3280.932749][T14786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3280.942829][T14786] Call Trace: [ 3280.946133][T14786] [ 3280.949087][T14786] dump_stack_lvl+0xcd/0x134 [ 3280.953727][T14786] dump_header+0x10b/0x7f9 [ 3280.958187][T14786] oom_kill_process.cold+0x10/0x15 [ 3280.963338][T14786] out_of_memory+0x358/0x14a0 [ 3280.968057][T14786] ? oom_killer_disable+0x270/0x270 [ 3280.973270][T14786] ? find_held_lock+0x2d/0x110 [ 3280.978035][T14786] mem_cgroup_out_of_memory+0x206/0x270 [ 3280.983599][T14786] ? mem_cgroup_margin+0x130/0x130 [ 3280.988733][T14786] ? lock_downgrade+0x6e0/0x6e0 [ 3280.993589][T14786] try_charge_memcg+0xf67/0x13f0 [ 3280.998558][T14786] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3281.004572][T14786] ? lock_downgrade+0x6e0/0x6e0 [ 3281.009459][T14786] charge_memcg+0x31/0x320 [ 3281.013914][T14786] __mem_cgroup_charge+0x27/0x90 [ 3281.019067][T14786] ? _compound_head+0x5d/0x150 [ 3281.023870][T14786] wp_page_copy+0x27c/0x1b60 [ 3281.028497][T14786] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3281.034048][T14786] ? lock_downgrade+0x6e0/0x6e0 [ 3281.038935][T14786] ? vm_normal_page+0x146/0x2a0 [ 3281.043807][T14786] do_wp_page+0x52c/0x1910 [ 3281.048226][T14786] __handle_mm_fault+0x1813/0x39b0 [ 3281.053354][T14786] ? vm_iomap_memory+0x190/0x190 [ 3281.058327][T14786] handle_mm_fault+0x1c8/0x780 [ 3281.063101][T14786] do_user_addr_fault+0x475/0x1210 [ 3281.068336][T14786] exc_page_fault+0x94/0x170 [ 3281.072951][T14786] asm_exc_page_fault+0x22/0x30 [ 3281.077804][T14786] RIP: 0033:0x7f98a3434565 [ 3281.082212][T14786] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d 5e 3b 16 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d 89 ba 56 00 4c 39 ea 0f [ 3281.101834][T14786] RSP: 002b:00007ffe69a68b40 EFLAGS: 00010206 [ 3281.107948][T14786] RAX: 0000000000000003 RBX: 00007f98a359bf80 RCX: 00007f98a35980c0 [ 3281.115946][T14786] RDX: 00007f98a35980c0 RSI: 0000000000000080 RDI: 00007f98a359bf80 [ 3281.123934][T14786] RBP: 00007f98a359bf80 R08: 00007ffe69b83080 R09: 0000000000000000 [ 3281.131911][T14786] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000320f63 [ 3281.139970][T14786] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3281.147977][T14786] [ 3281.154711][T14786] memory: usage 307156kB, limit 307200kB, failcnt 25233 [ 3281.162587][T14786] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3281.169651][T14786] Memory cgroup stats for /syz0: [ 3281.169821][T14786] anon 90112 [ 3281.169821][T14786] file 319488 [ 3281.169821][T14786] kernel 314118144 [ 3281.169821][T14786] kernel_stack 65536 [ 3281.169821][T14786] pagetables 73728 [ 3281.169821][T14786] percpu 5425088 [ 3281.169821][T14786] sock 0 [ 3281.169821][T14786] vmalloc 0 [ 3281.169821][T14786] shmem 319488 [ 3281.169821][T14786] zswap 0 [ 3281.169821][T14786] zswapped 0 [ 3281.169821][T14786] file_mapped 303104 [ 3281.169821][T14786] file_dirty 0 [ 3281.169821][T14786] file_writeback 0 [ 3281.169821][T14786] swapcached 0 [ 3281.169821][T14786] anon_thp 0 [ 3281.169821][T14786] file_thp 0 [ 3281.169821][T14786] shmem_thp 0 [ 3281.169821][T14786] inactive_anon 86016 [ 3281.169821][T14786] active_anon 315392 [ 3281.169821][T14786] inactive_file 0 [ 3281.169821][T14786] active_file 0 [ 3281.169821][T14786] unevictable 0 [ 3281.169821][T14786] slab_reclaimable 224128 [ 3281.169821][T14786] slab_unreclaimable 308289952 [ 3281.169821][T14786] slab 308514080 [ 3281.264435][T14786] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14786,uid=0 03:15:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fd5", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3281.281022][T14770] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3281.294961][T14786] Memory cgroup out of memory: Killed process 14786 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3281.358783][T14773] bridge2527: port 1(bridge_slave_1) entered disabled state [ 3281.370188][T14788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3281.383778][T14788] CPU: 0 PID: 14788 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3281.393962][T14788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3281.397527][T14775] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3281.404014][T14788] Call Trace: [ 3281.404028][T14788] [ 3281.404038][T14788] dump_stack_lvl+0xcd/0x134 [ 3281.404076][T14788] dump_header+0x10b/0x7f9 [ 3281.404114][T14788] oom_kill_process.cold+0x10/0x15 [ 3281.433735][T14788] out_of_memory+0x358/0x14a0 [ 3281.438462][T14788] ? find_held_lock+0x2d/0x110 [ 3281.443262][T14788] ? oom_killer_disable+0x270/0x270 [ 3281.448497][T14788] ? find_held_lock+0x2d/0x110 [ 3281.453283][T14788] mem_cgroup_out_of_memory+0x206/0x270 03:15:02 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f755, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3281.458859][T14788] ? mem_cgroup_margin+0x130/0x130 [ 3281.463987][T14788] ? lock_downgrade+0x6e0/0x6e0 [ 3281.468885][T14788] try_charge_memcg+0xf67/0x13f0 [ 3281.473947][T14788] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3281.475062][T14779] bridge4119: port 1(bridge_slave_1) entered blocking state [ 3281.479929][T14788] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3281.479963][T14788] ? lock_downgrade+0x6e0/0x6e0 [ 3281.479991][T14788] ? lock_downgrade+0x6e0/0x6e0 [ 3281.480015][T14788] ? rcu_read_unlock+0x9/0x60 [ 3281.507391][T14788] obj_cgroup_charge+0x2ab/0x5e0 [ 3281.507611][T14779] bridge4119: port 1(bridge_slave_1) entered disabled state [ 3281.512351][T14788] kmem_cache_alloc_trace+0xa3/0x3e0 [ 3281.512386][T14788] ? copy_semundo+0x187/0x2f0 [ 3281.512417][T14788] ? apparmor_task_alloc+0x2bb/0x3b0 [ 3281.534970][T14788] copy_semundo+0x187/0x2f0 [ 3281.539513][T14788] copy_process+0x2409/0x7090 [ 3281.544243][T14788] ? __cleanup_sighand+0xb0/0xb0 [ 3281.549231][T14788] kernel_clone+0xe7/0xab0 [ 3281.553677][T14788] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3281.559686][T14788] ? create_io_thread+0xe0/0xe0 [ 3281.563474][T14780] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3281.564559][T14788] ? find_held_lock+0x2d/0x110 [ 3281.564597][T14788] ? __ct_user_exit+0xff/0x150 [ 3281.564633][T14788] __do_sys_clone+0xba/0x100 [ 3281.588019][T14788] ? kernel_clone+0xab0/0xab0 [ 3281.592747][T14788] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3281.598671][T14788] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3281.604603][T14788] do_syscall_64+0x35/0xb0 03:15:02 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000fc070a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3281.609032][T14788] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3281.614949][T14788] RIP: 0033:0x7f98a348a6a1 [ 3281.619500][T14788] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3281.635824][T14781] bridge4119: port 1(bridge_slave_1) entered blocking state [ 3281.639100][T14788] RSP: 002b:00007ffe69a68a48 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3281.639131][T14788] RAX: ffffffffffffffda RBX: 00007f98a4666700 RCX: 00007f98a348a6a1 [ 3281.639150][T14788] RDX: 00007f98a46669d0 RSI: 00007f98a46662f0 RDI: 00000000003d0f00 [ 3281.639165][T14788] RBP: 00007ffe69a68c90 R08: 00007f98a4666700 R09: 00007f98a4666700 [ 3281.639181][T14788] R10: 00007f98a46669d0 R11: 0000000000000206 R12: 00007ffe69a68afe [ 3281.639197][T14788] R13: 00007ffe69a68aff R14: 00007f98a4666300 R15: 0000000000022000 [ 3281.639232][T14788] [ 3281.646563][T14781] bridge4119: port 1(bridge_slave_1) entered forwarding state [ 3281.686451][T14788] memory: usage 307144kB, limit 307200kB, failcnt 25287 [ 3281.718993][T14788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3281.727389][T14788] Memory cgroup stats for /syz0: [ 3281.728015][T14788] anon 81920 [ 3281.728015][T14788] file 319488 [ 3281.728015][T14788] kernel 314114048 [ 3281.728015][T14788] kernel_stack 65536 [ 3281.728015][T14788] pagetables 69632 [ 3281.728015][T14788] percpu 5425088 [ 3281.728015][T14788] sock 0 [ 3281.728015][T14788] vmalloc 0 [ 3281.728015][T14788] shmem 319488 [ 3281.728015][T14788] zswap 0 [ 3281.728015][T14788] zswapped 0 [ 3281.728015][T14788] file_mapped 303104 [ 3281.728015][T14788] file_dirty 0 [ 3281.728015][T14788] file_writeback 0 [ 3281.728015][T14788] swapcached 0 [ 3281.728015][T14788] anon_thp 0 [ 3281.728015][T14788] file_thp 0 [ 3281.728015][T14788] shmem_thp 0 [ 3281.728015][T14788] inactive_anon 86016 [ 3281.728015][T14788] active_anon 315392 [ 3281.728015][T14788] inactive_file 0 [ 3281.728015][T14788] active_file 0 [ 3281.728015][T14788] unevictable 0 [ 3281.728015][T14788] slab_reclaimable 222200 [ 3281.728015][T14788] slab_unreclaimable 308289144 [ 3281.728015][T14788] slab 308511344 [ 3281.830432][T14788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14788,uid=0 03:15:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fd6", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3281.846671][T14788] Memory cgroup out of memory: Killed process 14788 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3281.864705][T14781] bond0: (slave bridge4119): Enslaving as an active interface with an up link [ 3281.873007][T14791] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3281.879447][T14782] bridge1272: port 1(bridge_slave_1) entered disabled state [ 3281.897757][T14791] CPU: 1 PID: 14791 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3281.907969][T14791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3281.918050][T14791] Call Trace: [ 3281.921344][T14791] [ 3281.924287][T14791] dump_stack_lvl+0xcd/0x134 [ 3281.928914][T14791] dump_header+0x10b/0x7f9 [ 3281.933383][T14791] oom_kill_process.cold+0x10/0x15 [ 3281.938542][T14791] out_of_memory+0x358/0x14a0 [ 3281.943272][T14791] ? oom_killer_disable+0x270/0x270 [ 3281.948546][T14791] ? find_held_lock+0x2d/0x110 [ 3281.953353][T14791] mem_cgroup_out_of_memory+0x206/0x270 [ 3281.958935][T14791] ? mem_cgroup_margin+0x130/0x130 [ 3281.964080][T14791] ? lock_downgrade+0x6e0/0x6e0 [ 3281.968989][T14791] try_charge_memcg+0xf67/0x13f0 [ 3281.973968][T14791] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3281.979989][T14791] ? lock_downgrade+0x6e0/0x6e0 [ 3281.984890][T14791] charge_memcg+0x31/0x320 [ 3281.989342][T14791] __mem_cgroup_charge+0x27/0x90 [ 3281.994303][T14791] ? _compound_head+0x5d/0x150 [ 3281.999102][T14791] wp_page_copy+0x27c/0x1b60 [ 3282.003729][T14791] ? restore_exclusive_pte+0x8b0/0x8b0 03:15:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fb5000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3282.009215][T14791] ? lock_downgrade+0x6e0/0x6e0 [ 3282.014088][T14791] ? vm_normal_page+0x146/0x2a0 [ 3282.019001][T14791] do_wp_page+0x1d1/0x1910 [ 3282.023452][T14791] __handle_mm_fault+0x1813/0x39b0 [ 3282.028605][T14791] ? vm_iomap_memory+0x190/0x190 [ 3282.033622][T14791] handle_mm_fault+0x1c8/0x780 [ 3282.038422][T14791] do_user_addr_fault+0x475/0x1210 [ 3282.043578][T14791] exc_page_fault+0x94/0x170 [ 3282.048205][T14791] asm_exc_page_fault+0x22/0x30 [ 3282.053081][T14791] RIP: 0033:0x7ff38a4374b0 [ 3282.057526][T14791] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3282.077148][T14791] RSP: 002b:00007ffe54c81760 EFLAGS: 00010246 [ 3282.083245][T14791] RAX: 000000002feed7de RBX: 00007ff38a59c018 RCX: 0000001b2ee20000 [ 3282.091226][T14791] RDX: 0000000000000000 RSI: 0000001b2ee20018 RDI: 000000000a19aef0 [ 3282.099225][T14791] RBP: 000000002feed7de R08: 00000000000017de R09: 000000002feed7e2 [ 3282.107216][T14791] R10: 00007ffe54c81930 R11: 0000000000000246 R12: 00007ff38a590000 [ 3282.115187][T14791] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83bb623b [ 3282.123159][T14791] ? security_socket_create+0x3b/0xc0 [ 3282.128832][T14791] [ 3282.138484][T14791] memory: usage 307152kB, limit 307200kB, failcnt 3106 [ 3282.145432][T14782] bridge1273: port 1(bridge_slave_1) entered blocking state [ 3282.145580][T14791] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3282.160472][T14791] Memory cgroup stats for /syz2: [ 3282.160694][T14791] anon 126976 [ 3282.160694][T14791] file 360448 [ 3282.160694][T14791] kernel 314036224 [ 3282.160694][T14791] kernel_stack 65536 [ 3282.160694][T14791] pagetables 69632 [ 3282.160694][T14791] percpu 5433376 [ 3282.160694][T14791] sock 0 [ 3282.160694][T14791] vmalloc 0 [ 3282.160694][T14791] shmem 356352 [ 3282.160694][T14791] zswap 0 [ 3282.160694][T14791] zswapped 0 [ 3282.160694][T14791] file_mapped 356352 [ 3282.160694][T14791] file_dirty 4096 [ 3282.160694][T14791] file_writeback 0 [ 3282.160694][T14791] swapcached 0 [ 3282.160694][T14791] anon_thp 0 [ 3282.160694][T14791] file_thp 0 [ 3282.160694][T14791] shmem_thp 0 [ 3282.160694][T14791] inactive_anon 184320 [ 3282.160694][T14791] active_anon 299008 [ 3282.160694][T14791] inactive_file 0 [ 3282.160694][T14791] active_file 4096 [ 3282.160694][T14791] unevictable 0 [ 3282.160694][T14791] slab_reclaimable 56928 [ 3282.160694][T14791] slab_unreclaimable 308378352 [ 3282.160694][T14791] slab 308435280 [ 3282.171433][T14782] bridge1273: port 1(bridge_slave_1) entered disabled state 03:15:03 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3282.256694][T14791] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14791,uid=0 [ 3282.298616][T14791] Memory cgroup out of memory: Killed process 14791 (syz-executor.2) total-vm:54508kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 03:15:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000040090a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3282.359276][T14796] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3282.387235][T14796] CPU: 0 PID: 14796 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3282.387252][T14785] bond0: (slave bridge3172): Enslaving as an active interface with an up link [ 3282.406300][T14796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3282.416390][T14796] Call Trace: [ 3282.419693][T14796] [ 3282.422646][T14796] dump_stack_lvl+0xcd/0x134 [ 3282.427278][T14796] dump_header+0x10b/0x7f9 [ 3282.431736][T14796] oom_kill_process.cold+0x10/0x15 [ 3282.436895][T14796] out_of_memory+0x358/0x14a0 [ 3282.441608][T14796] ? find_held_lock+0x2d/0x110 [ 3282.446386][T14796] ? oom_killer_disable+0x270/0x270 [ 3282.447536][T14793] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3282.451608][T14796] ? find_held_lock+0x2d/0x110 [ 3282.451644][T14796] mem_cgroup_out_of_memory+0x206/0x270 [ 3282.471250][T14796] ? mem_cgroup_margin+0x130/0x130 [ 3282.476428][T14796] ? lock_downgrade+0x6e0/0x6e0 [ 3282.481330][T14796] try_charge_memcg+0xf67/0x13f0 [ 3282.486303][T14796] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3282.492316][T14796] ? lock_downgrade+0x6e0/0x6e0 [ 3282.497645][T14796] charge_memcg+0x31/0x320 [ 3282.502093][T14796] __mem_cgroup_charge+0x27/0x90 [ 3282.507064][T14796] ? _compound_head+0x5d/0x150 [ 3282.511875][T14796] wp_page_copy+0x27c/0x1b60 [ 3282.516502][T14796] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3282.521994][T14796] ? lock_downgrade+0x6e0/0x6e0 [ 3282.526897][T14796] ? vm_normal_page+0x146/0x2a0 [ 3282.531792][T14796] do_wp_page+0x1d1/0x1910 [ 3282.536244][T14796] __handle_mm_fault+0x1813/0x39b0 [ 3282.541397][T14796] ? vm_iomap_memory+0x190/0x190 [ 3282.546396][T14796] handle_mm_fault+0x1c8/0x780 [ 3282.551195][T14796] do_user_addr_fault+0x475/0x1210 03:15:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f754, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3282.556352][T14796] exc_page_fault+0x94/0x170 [ 3282.557035][T14795] bridge2528: port 1(bridge_slave_1) entered blocking state [ 3282.560959][T14796] asm_exc_page_fault+0x22/0x30 [ 3282.560989][T14796] RIP: 0033:0x7f98a34374b0 [ 3282.561011][T14796] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3282.561034][T14796] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3282.561057][T14796] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3282.571326][T14795] bridge2528: port 1(bridge_slave_1) entered disabled state [ 3282.573153][T14796] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3282.573173][T14796] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3282.573195][T14796] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3282.573212][T14796] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3282.573230][T14796] ? __x64_sys_socket+0xd/0xb0 [ 3282.610879][T14809] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3282.611256][T14796] [ 3282.635155][T14796] memory: usage 307184kB, limit 307200kB, failcnt 25362 [ 3282.689116][T14796] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3282.696269][T14796] Memory cgroup stats for /syz0: [ 3282.696641][T14796] anon 118784 [ 3282.696641][T14796] file 319488 [ 3282.696641][T14796] kernel 314118144 [ 3282.696641][T14796] kernel_stack 65536 [ 3282.696641][T14796] pagetables 73728 [ 3282.696641][T14796] percpu 5425088 [ 3282.696641][T14796] sock 0 [ 3282.696641][T14796] vmalloc 0 [ 3282.696641][T14796] shmem 319488 [ 3282.696641][T14796] zswap 0 [ 3282.696641][T14796] zswapped 0 [ 3282.696641][T14796] file_mapped 303104 [ 3282.696641][T14796] file_dirty 0 [ 3282.696641][T14796] file_writeback 0 [ 3282.696641][T14796] swapcached 0 [ 3282.696641][T14796] anon_thp 0 [ 3282.696641][T14796] file_thp 0 [ 3282.696641][T14796] shmem_thp 0 [ 3282.696641][T14796] inactive_anon 122880 [ 3282.696641][T14796] active_anon 315392 [ 3282.696641][T14796] inactive_file 0 [ 3282.696641][T14796] active_file 0 [ 3282.696641][T14796] unevictable 0 [ 3282.696641][T14796] slab_reclaimable 224128 [ 3282.696641][T14796] slab_unreclaimable 308289952 [ 3282.696641][T14796] slab 308514080 [ 3282.793302][T14799] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 03:15:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fd7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3282.798116][T14796] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14796,uid=0 [ 3282.818457][T14796] Memory cgroup out of memory: Killed process 14796 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3282.931661][T14816] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3282.942285][T14816] CPU: 0 PID: 14816 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3282.946026][T14800] bond0: (slave bridge2528): Enslaving as an active interface with an up link [ 3282.952447][T14816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3282.952463][T14816] Call Trace: [ 3282.952471][T14816] 03:15:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f755, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3282.952482][T14816] dump_stack_lvl+0xcd/0x134 [ 3282.952521][T14816] dump_header+0x10b/0x7f9 [ 3282.952553][T14816] oom_kill_process.cold+0x10/0x15 [ 3282.952584][T14816] out_of_memory+0x358/0x14a0 [ 3282.952617][T14816] ? find_held_lock+0x2d/0x110 [ 3282.952642][T14816] ? oom_killer_disable+0x270/0x270 [ 3282.952672][T14816] ? find_held_lock+0x2d/0x110 [ 3282.952700][T14816] mem_cgroup_out_of_memory+0x206/0x270 [ 3282.952725][T14816] ? mem_cgroup_margin+0x130/0x130 [ 3282.952749][T14816] ? lock_downgrade+0x6e0/0x6e0 [ 3282.952794][T14816] try_charge_memcg+0xf67/0x13f0 [ 3282.952829][T14816] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3282.952869][T14816] ? lock_downgrade+0x6e0/0x6e0 [ 3282.952911][T14816] charge_memcg+0x31/0x320 [ 3282.952944][T14816] __mem_cgroup_charge+0x27/0x90 [ 3282.952970][T14816] ? _compound_head+0x5d/0x150 [ 3282.953000][T14816] wp_page_copy+0x27c/0x1b60 [ 3282.953036][T14816] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3282.953061][T14816] ? lock_downgrade+0x6e0/0x6e0 [ 3282.953084][T14816] ? vm_normal_page+0x146/0x2a0 [ 3282.953126][T14816] do_wp_page+0x1d1/0x1910 [ 3282.953167][T14816] __handle_mm_fault+0x1813/0x39b0 [ 3282.953204][T14816] ? vm_iomap_memory+0x190/0x190 [ 3282.953258][T14816] handle_mm_fault+0x1c8/0x780 [ 3282.953289][T14816] do_user_addr_fault+0x475/0x1210 [ 3283.048167][T14801] bridge4119: port 1(bridge_slave_1) entered disabled state [ 3283.052444][T14816] exc_page_fault+0x94/0x170 [ 3283.113244][T14816] asm_exc_page_fault+0x22/0x30 [ 3283.118110][T14816] RIP: 0033:0x7f98a34374b0 [ 3283.122546][T14816] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3283.142158][T14816] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3283.148231][T14816] RAX: 00000000bd27bad8 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3283.156232][T14816] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0c76 [ 3283.164320][T14816] RBP: 00000000bd27bad8 R08: 0000000000001ad8 R09: 00000000bd27badc [ 3283.172310][T14816] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3283.180302][T14816] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a3270f [ 3283.188296][T14816] ? trace_user_exit.constprop.0+0x13f/0x210 [ 3283.194320][T14816] [ 3283.203146][T14816] memory: usage 307188kB, limit 307200kB, failcnt 25451 [ 3283.210233][T14816] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3283.217121][T14816] Memory cgroup stats for /syz0: [ 3283.217303][T14816] anon 106496 [ 3283.217303][T14816] file 319488 [ 3283.217303][T14816] kernel 314134528 [ 3283.217303][T14816] kernel_stack 65536 [ 3283.217303][T14816] pagetables 73728 [ 3283.217303][T14816] percpu 5425088 [ 3283.217303][T14816] sock 0 [ 3283.217303][T14816] vmalloc 0 [ 3283.217303][T14816] shmem 319488 [ 3283.217303][T14816] zswap 0 [ 3283.217303][T14816] zswapped 0 [ 3283.217303][T14816] file_mapped 303104 [ 3283.217303][T14816] file_dirty 0 [ 3283.217303][T14816] file_writeback 0 [ 3283.217303][T14816] swapcached 0 [ 3283.217303][T14816] anon_thp 0 [ 3283.217303][T14816] file_thp 0 [ 3283.217303][T14816] shmem_thp 0 [ 3283.217303][T14816] inactive_anon 73728 [ 3283.217303][T14816] active_anon 315392 [ 3283.217303][T14816] inactive_file 0 [ 3283.217303][T14816] active_file 0 [ 3283.217303][T14816] unevictable 0 [ 3283.217303][T14816] slab_reclaimable 224128 [ 3283.217303][T14816] slab_unreclaimable 308301352 [ 3283.217303][T14816] slab 308525480 [ 3283.276273][T14801] bridge4120: port 1(bridge_slave_1) entered blocking state [ 3283.315975][T14816] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14816,uid=0 [ 3283.335329][T14816] Memory cgroup out of memory: Killed process 14816 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3283.353457][T14806] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3283.372392][T14806] CPU: 0 PID: 14806 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3283.382017][T14801] bridge4120: port 1(bridge_slave_1) entered disabled state [ 3283.382572][T14806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3283.382589][T14806] Call Trace: [ 3283.382598][T14806] [ 3283.382608][T14806] dump_stack_lvl+0xcd/0x134 [ 3283.410762][T14806] dump_header+0x10b/0x7f9 [ 3283.413817][T14802] bridge4120: port 1(bridge_slave_1) entered blocking state [ 3283.415189][T14806] oom_kill_process.cold+0x10/0x15 [ 3283.415233][T14806] out_of_memory+0x358/0x14a0 [ 3283.422592][T14802] bridge4120: port 1(bridge_slave_1) entered forwarding state [ 3283.427586][T14806] ? oom_killer_disable+0x270/0x270 [ 3283.427621][T14806] ? find_held_lock+0x2d/0x110 [ 3283.427652][T14806] mem_cgroup_out_of_memory+0x206/0x270 [ 3283.455352][T14806] ? mem_cgroup_margin+0x130/0x130 [ 3283.460496][T14806] ? lock_downgrade+0x6e0/0x6e0 [ 3283.465382][T14806] try_charge_memcg+0xf67/0x13f0 [ 3283.470442][T14806] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3283.476453][T14806] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3283.482215][T14806] ? lock_downgrade+0x6e0/0x6e0 [ 3283.487109][T14806] ? lock_downgrade+0x6e0/0x6e0 [ 3283.491983][T14806] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3283.497542][T14806] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3283.503713][T14806] copy_process+0x607/0x7090 [ 3283.508317][T14806] ? __lock_acquire+0xbc3/0x56d0 [ 3283.513286][T14806] ? __cleanup_sighand+0xb0/0xb0 [ 3283.518249][T14806] kernel_clone+0xe7/0xab0 [ 3283.522672][T14806] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3283.528662][T14806] ? create_io_thread+0xe0/0xe0 [ 3283.533528][T14806] ? find_held_lock+0x2d/0x110 [ 3283.538305][T14806] ? __ct_user_exit+0xff/0x150 [ 3283.543101][T14806] __do_sys_clone+0xba/0x100 [ 3283.547717][T14806] ? kernel_clone+0xab0/0xab0 [ 3283.552414][T14806] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3283.558333][T14806] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3283.564242][T14806] do_syscall_64+0x35/0xb0 [ 3283.568666][T14806] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3283.574571][T14806] RIP: 0033:0x7ff38a48a6a1 [ 3283.578993][T14806] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3283.598691][T14806] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3283.607112][T14806] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3283.615173][T14806] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3283.623144][T14806] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 03:15:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fd8", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3283.631120][T14806] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3283.639097][T14806] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3283.647096][T14806] [ 3283.652532][T14802] bond0: (slave bridge4120): Enslaving as an active interface with an up link 03:15:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000001b6000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3283.679960][T14810] bridge1273: port 1(bridge_slave_1) entered disabled state [ 3283.689127][T14806] memory: usage 307200kB, limit 307200kB, failcnt 3184 [ 3283.696015][T14806] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3283.703368][T14806] Memory cgroup stats for /syz2: [ 3283.703576][T14806] anon 147456 [ 3283.703576][T14806] file 360448 [ 3283.703576][T14806] kernel 314064896 [ 3283.703576][T14806] kernel_stack 65536 [ 3283.703576][T14806] pagetables 81920 [ 3283.703576][T14806] percpu 5433376 [ 3283.703576][T14806] sock 0 [ 3283.703576][T14806] vmalloc 0 [ 3283.703576][T14806] shmem 356352 [ 3283.703576][T14806] zswap 0 [ 3283.703576][T14806] zswapped 0 [ 3283.703576][T14806] file_mapped 356352 [ 3283.703576][T14806] file_dirty 4096 [ 3283.703576][T14806] file_writeback 0 [ 3283.703576][T14806] swapcached 0 [ 3283.703576][T14806] anon_thp 0 [ 3283.703576][T14806] file_thp 0 [ 3283.703576][T14806] shmem_thp 0 [ 3283.703576][T14806] inactive_anon 204800 [ 3283.703576][T14806] active_anon 299008 [ 3283.703576][T14806] inactive_file 0 [ 3283.703576][T14806] active_file 4096 [ 3283.703576][T14806] unevictable 0 03:15:05 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000029800000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3283.703576][T14806] slab_reclaimable 58856 [ 3283.703576][T14806] slab_unreclaimable 308387568 [ 3283.703576][T14806] slab 308446424 [ 3283.807327][T14812] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3283.865472][T14813] bridge3172: port 1(bridge_slave_1) entered disabled state [ 3283.869920][T14806] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14806,uid=0 [ 3283.891422][T14806] Memory cgroup out of memory: Killed process 14806 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3283.929469][T14823] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3283.942025][T14813] bridge3173: port 1(bridge_slave_1) entered blocking state [ 3283.949885][T14823] CPU: 0 PID: 14823 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3283.960086][T14823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3283.960178][T14813] bridge3173: port 1(bridge_slave_1) entered disabled state [ 3283.970137][T14823] Call Trace: [ 3283.970147][T14823] [ 3283.970158][T14823] dump_stack_lvl+0xcd/0x134 [ 3283.970196][T14823] dump_header+0x10b/0x7f9 [ 3283.970230][T14823] oom_kill_process.cold+0x10/0x15 [ 3283.970263][T14823] out_of_memory+0x358/0x14a0 [ 3284.002638][T14823] ? find_held_lock+0x2d/0x110 [ 3284.007430][T14823] ? oom_killer_disable+0x270/0x270 [ 3284.012659][T14823] ? find_held_lock+0x2d/0x110 [ 3284.017454][T14823] mem_cgroup_out_of_memory+0x206/0x270 [ 3284.023017][T14823] ? mem_cgroup_margin+0x130/0x130 [ 3284.028155][T14823] ? lock_downgrade+0x6e0/0x6e0 [ 3284.033048][T14823] try_charge_memcg+0xf67/0x13f0 [ 3284.038016][T14823] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3284.044026][T14823] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3284.049774][T14823] ? lock_downgrade+0x6e0/0x6e0 [ 3284.054656][T14823] ? lock_downgrade+0x6e0/0x6e0 [ 3284.059539][T14823] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3284.065102][T14823] __alloc_pages+0x1ef/0x510 [ 3284.069716][T14823] ? __alloc_pages_slowpath.constprop.0+0x2240/0x2240 [ 3284.072187][T14814] bond0: (slave bridge3173): Enslaving as an active interface with an up link [ 3284.076505][T14823] ? find_held_lock+0x2d/0x110 [ 3284.076560][T14823] alloc_pages+0x1a6/0x270 [ 3284.076603][T14823] pte_alloc_one+0x16/0x230 [ 3284.076641][T14823] __pte_alloc+0x69/0x250 [ 3284.076668][T14823] ? pmd_install+0x150/0x150 [ 3284.076691][T14823] ? hugepage_vma_check+0x44e/0x780 [ 3284.076719][T14823] ? __pmd_alloc+0x2ff/0x5c0 [ 3284.076752][T14823] __handle_mm_fault+0x310b/0x39b0 [ 3284.076794][T14823] ? vm_iomap_memory+0x190/0x190 [ 3284.076849][T14823] handle_mm_fault+0x1c8/0x780 [ 3284.076883][T14823] do_user_addr_fault+0x475/0x1210 [ 3284.076925][T14823] exc_page_fault+0x94/0x170 [ 3284.076958][T14823] asm_exc_page_fault+0x22/0x30 [ 3284.076982][T14823] RIP: 0033:0x7f98a3484695 [ 3284.077004][T14823] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3284.077026][T14823] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 03:15:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f754, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3284.077055][T14823] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3284.077074][T14823] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3284.077089][T14823] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3284.077107][T14823] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000321bb2 [ 3284.077125][T14823] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3284.077164][T14823] [ 3284.101544][T14823] memory: usage 307196kB, limit 307200kB, failcnt 25534 03:15:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000240a0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3284.256345][T14820] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3284.320326][T14821] bridge2528: port 1(bridge_slave_1) entered disabled state [ 3284.320707][T14823] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3284.336005][T14823] Memory cgroup stats for /syz0: [ 3284.336234][T14823] anon 126976 [ 3284.336234][T14823] file 319488 [ 3284.336234][T14823] kernel 314122240 [ 3284.336234][T14823] kernel_stack 65536 [ 3284.336234][T14823] pagetables 77824 [ 3284.336234][T14823] percpu 5425088 [ 3284.336234][T14823] sock 0 [ 3284.336234][T14823] vmalloc 0 [ 3284.336234][T14823] shmem 319488 [ 3284.336234][T14823] zswap 0 [ 3284.336234][T14823] zswapped 0 [ 3284.336234][T14823] file_mapped 303104 [ 3284.336234][T14823] file_dirty 0 [ 3284.336234][T14823] file_writeback 0 [ 3284.336234][T14823] swapcached 0 [ 3284.336234][T14823] anon_thp 0 [ 3284.336234][T14823] file_thp 0 [ 3284.336234][T14823] shmem_thp 0 [ 3284.336234][T14823] inactive_anon 131072 [ 3284.336234][T14823] active_anon 315392 [ 3284.336234][T14823] inactive_file 0 [ 3284.336234][T14823] active_file 0 [ 3284.336234][T14823] unevictable 0 [ 3284.336234][T14823] slab_reclaimable 226056 [ 3284.336234][T14823] slab_unreclaimable 308290600 [ 3284.336234][T14823] slab 308516656 [ 3284.437019][T14823] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14823,uid=0 [ 3284.453691][T14823] Memory cgroup out of memory: Killed process 14823 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 03:15:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fd9", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3284.470525][T14821] bridge2529: port 1(bridge_slave_1) entered blocking state [ 3284.492913][T14821] bridge2529: port 1(bridge_slave_1) entered disabled state [ 3284.515705][T14837] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3284.545753][T14837] CPU: 1 PID: 14837 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3284.555974][T14837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3284.566050][T14837] Call Trace: [ 3284.567098][T14822] bond0: (slave bridge2529): Enslaving as an active interface with an up link [ 3284.569333][T14837] [ 3284.569347][T14837] dump_stack_lvl+0xcd/0x134 [ 3284.569381][T14837] dump_header+0x10b/0x7f9 [ 3284.569416][T14837] oom_kill_process.cold+0x10/0x15 [ 3284.569451][T14837] out_of_memory+0x358/0x14a0 [ 3284.569483][T14837] ? find_held_lock+0x2d/0x110 [ 3284.569509][T14837] ? oom_killer_disable+0x270/0x270 [ 3284.610033][T14837] ? find_held_lock+0x2d/0x110 [ 3284.614908][T14837] mem_cgroup_out_of_memory+0x206/0x270 [ 3284.620492][T14837] ? mem_cgroup_margin+0x130/0x130 [ 3284.625637][T14837] ? lock_downgrade+0x6e0/0x6e0 [ 3284.630537][T14837] try_charge_memcg+0xf67/0x13f0 [ 3284.635526][T14837] ? mem_cgroup_handle_over_high+0x510/0x510 03:15:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f755, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3284.641541][T14837] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3284.647298][T14837] ? lock_downgrade+0x6e0/0x6e0 [ 3284.652194][T14837] ? lock_downgrade+0x6e0/0x6e0 [ 3284.657084][T14837] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3284.662656][T14837] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3284.668845][T14837] copy_process+0x607/0x7090 [ 3284.673484][T14837] ? __lock_acquire+0xbc3/0x56d0 [ 3284.678471][T14837] ? __cleanup_sighand+0xb0/0xb0 [ 3284.683991][T14837] kernel_clone+0xe7/0xab0 [ 3284.688441][T14837] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3284.694448][T14837] ? create_io_thread+0xe0/0xe0 [ 3284.699328][T14837] ? find_held_lock+0x2d/0x110 [ 3284.704116][T14837] ? __ct_user_exit+0xff/0x150 [ 3284.708903][T14837] __do_sys_clone+0xba/0x100 [ 3284.713509][T14837] ? kernel_clone+0xab0/0xab0 [ 3284.718209][T14837] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3284.724115][T14837] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3284.730039][T14837] do_syscall_64+0x35/0xb0 [ 3284.734478][T14837] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3284.740384][T14837] RIP: 0033:0x7ff38a48a6a1 [ 3284.744805][T14837] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3284.764419][T14837] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3284.772841][T14837] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3284.780817][T14837] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3284.788793][T14837] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3284.796797][T14837] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3284.804780][T14837] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3284.812797][T14837] [ 3284.826499][T14837] memory: usage 307200kB, limit 307200kB, failcnt 3257 [ 3284.842010][T14828] bridge4120: port 1(bridge_slave_1) entered disabled state [ 3284.853264][T14837] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3284.860408][T14837] Memory cgroup stats for /syz2: [ 3284.860627][T14837] anon 147456 [ 3284.860627][T14837] file 360448 [ 3284.860627][T14837] kernel 314064896 [ 3284.860627][T14837] kernel_stack 65536 [ 3284.860627][T14837] pagetables 81920 [ 3284.860627][T14837] percpu 5433376 [ 3284.860627][T14837] sock 0 [ 3284.860627][T14837] vmalloc 0 [ 3284.860627][T14837] shmem 356352 [ 3284.860627][T14837] zswap 0 [ 3284.860627][T14837] zswapped 0 [ 3284.860627][T14837] file_mapped 356352 [ 3284.860627][T14837] file_dirty 4096 [ 3284.860627][T14837] file_writeback 0 [ 3284.860627][T14837] swapcached 0 [ 3284.860627][T14837] anon_thp 0 [ 3284.860627][T14837] file_thp 0 [ 3284.860627][T14837] shmem_thp 0 [ 3284.860627][T14837] inactive_anon 204800 [ 3284.860627][T14837] active_anon 299008 [ 3284.860627][T14837] inactive_file 0 [ 3284.860627][T14837] active_file 4096 [ 3284.860627][T14837] unevictable 0 [ 3284.860627][T14837] slab_reclaimable 58856 [ 3284.860627][T14837] slab_unreclaimable 308387568 [ 3284.860627][T14837] slab 308446424 [ 3284.920745][T14828] bridge4121: port 1(bridge_slave_1) entered blocking state [ 3284.964106][T14828] bridge4121: port 1(bridge_slave_1) entered disabled state [ 3284.975961][T14837] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14837,uid=0 [ 3285.001797][T14837] Memory cgroup out of memory: Killed process 14837 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3285.002559][T14831] bridge4121: port 1(bridge_slave_1) entered blocking state [ 3285.026554][T14831] bridge4121: port 1(bridge_slave_1) entered forwarding state [ 3285.053532][T14848] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3285.086369][T14848] CPU: 1 PID: 14848 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3285.089353][T14831] bond0: (slave bridge4121): Enslaving as an active interface with an up link [ 3285.096562][T14848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3285.096580][T14848] Call Trace: [ 3285.096590][T14848] [ 3285.096602][T14848] dump_stack_lvl+0xcd/0x134 [ 3285.096643][T14848] dump_header+0x10b/0x7f9 [ 3285.130835][T14848] oom_kill_process.cold+0x10/0x15 [ 3285.135994][T14848] out_of_memory+0x358/0x14a0 [ 3285.140720][T14848] ? find_held_lock+0x2d/0x110 [ 3285.145550][T14848] ? oom_killer_disable+0x270/0x270 [ 3285.145864][T14833] __nla_validate_parse: 1 callbacks suppressed [ 3285.145880][T14833] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3285.150769][T14848] ? find_held_lock+0x2d/0x110 [ 3285.150809][T14848] mem_cgroup_out_of_memory+0x206/0x270 [ 3285.150840][T14848] ? mem_cgroup_margin+0x130/0x130 [ 3285.150862][T14848] ? lock_downgrade+0x6e0/0x6e0 [ 3285.150913][T14848] try_charge_memcg+0xf67/0x13f0 [ 3285.150949][T14848] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3285.150978][T14848] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3285.151004][T14848] ? lock_downgrade+0x6e0/0x6e0 [ 3285.151033][T14848] ? lock_downgrade+0x6e0/0x6e0 [ 3285.151078][T14848] obj_cgroup_charge+0x2ab/0x5e0 [ 3285.151115][T14848] kmem_cache_alloc_lru+0x13e/0x720 [ 3285.151142][T14848] ? sock_alloc_inode+0x23/0x1d0 [ 3285.228177][T14848] sock_alloc_inode+0x23/0x1d0 [ 3285.232993][T14848] ? sock_free_inode+0x20/0x20 [ 3285.237764][T14848] alloc_inode+0x61/0x230 [ 3285.242110][T14848] new_inode_pseudo+0x13/0x80 [ 3285.246796][T14848] sock_alloc+0x3c/0x260 [ 3285.251049][T14848] __sock_create+0xb9/0x790 [ 3285.255564][T14848] ? lock_downgrade+0x6e0/0x6e0 [ 3285.260430][T14848] __sys_socket+0x12f/0x240 [ 3285.264963][T14848] ? __sys_socket_file+0x1f0/0x1f0 [ 3285.270100][T14848] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3285.276017][T14848] __x64_sys_socket+0x6f/0xb0 [ 3285.280715][T14848] do_syscall_64+0x35/0xb0 [ 3285.285148][T14848] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3285.291057][T14848] RIP: 0033:0x7f98a3489279 [ 3285.295478][T14848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3285.315093][T14848] RSP: 002b:00007f98a4645168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 3285.323518][T14848] RAX: ffffffffffffffda RBX: 00007f98a359c050 RCX: 00007f98a3489279 [ 3285.331503][T14848] RDX: 0000000000000000 RSI: 0000000000000803 RDI: 0000000000000010 [ 3285.339506][T14848] RBP: 00007f98a34e3189 R08: 0000000000000000 R09: 0000000000000000 03:15:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fb6000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3285.347482][T14848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3285.355463][T14848] R13: 00007ffe69a68aff R14: 00007f98a4645300 R15: 0000000000022000 [ 3285.363479][T14848] [ 3285.374692][T14848] memory: usage 307200kB, limit 307200kB, failcnt 25659 [ 3285.389953][T14848] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3285.393019][T14839] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3285.397068][T14848] Memory cgroup stats for /syz0: [ 3285.408093][T14848] anon 94208 [ 3285.408093][T14848] file 319488 [ 3285.408093][T14848] kernel 314142720 [ 3285.408093][T14848] kernel_stack 98304 [ 3285.408093][T14848] pagetables 73728 [ 3285.408093][T14848] percpu 5425088 [ 3285.408093][T14848] sock 0 [ 3285.408093][T14848] vmalloc 0 [ 3285.408093][T14848] shmem 319488 [ 3285.408093][T14848] zswap 0 [ 3285.408093][T14848] zswapped 0 [ 3285.408093][T14848] file_mapped 303104 [ 3285.408093][T14848] file_dirty 0 03:15:06 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000029800000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3285.408093][T14848] file_writeback 0 [ 3285.408093][T14848] swapcached 0 [ 3285.408093][T14848] anon_thp 0 [ 3285.408093][T14848] file_thp 0 [ 3285.408093][T14848] shmem_thp 0 [ 3285.408093][T14848] inactive_anon 98304 [ 3285.408093][T14848] active_anon 315392 [ 3285.408093][T14848] inactive_file 0 [ 3285.408093][T14848] active_file 0 [ 3285.408093][T14848] unevictable 0 [ 3285.408093][T14848] slab_reclaimable 224128 [ 3285.408093][T14848] slab_unreclaimable 308289472 [ 3285.408093][T14848] slab 308513600 03:15:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000003da", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3285.482279][T14840] bridge3173: port 1(bridge_slave_1) entered disabled state [ 3285.508585][T14848] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14842,uid=0 [ 3285.525855][T14848] Memory cgroup out of memory: Killed process 14842 (syz-executor.0) total-vm:54640kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3285.570547][T14840] bridge3174: port 1(bridge_slave_1) entered blocking state [ 3285.580043][T14840] bridge3174: port 1(bridge_slave_1) entered disabled state [ 3285.622004][T14856] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3285.634524][T14856] CPU: 1 PID: 14856 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3285.644713][T14856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3285.654790][T14856] Call Trace: [ 3285.658089][T14856] [ 3285.661042][T14856] dump_stack_lvl+0xcd/0x134 [ 3285.665661][T14856] dump_header+0x10b/0x7f9 [ 3285.670107][T14856] oom_kill_process.cold+0x10/0x15 [ 3285.675256][T14856] out_of_memory+0x358/0x14a0 [ 3285.679994][T14856] ? find_held_lock+0x2d/0x110 [ 3285.684774][T14856] ? oom_killer_disable+0x270/0x270 [ 3285.690010][T14856] ? find_held_lock+0x2d/0x110 [ 3285.694802][T14856] mem_cgroup_out_of_memory+0x206/0x270 [ 3285.700375][T14856] ? mem_cgroup_margin+0x130/0x130 [ 3285.705148][T14841] bond0: (slave bridge3174): Enslaving as an active interface with an up link [ 3285.705488][T14856] ? lock_downgrade+0x6e0/0x6e0 [ 3285.719210][T14856] try_charge_memcg+0xf67/0x13f0 [ 3285.724189][T14856] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3285.730210][T14856] ? lock_downgrade+0x6e0/0x6e0 [ 3285.735106][T14856] charge_memcg+0x31/0x320 [ 3285.739556][T14856] __mem_cgroup_charge+0x27/0x90 [ 3285.744515][T14856] ? _compound_head+0x5d/0x150 [ 3285.749302][T14856] wp_page_copy+0x27c/0x1b60 [ 3285.753929][T14856] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3285.759413][T14856] ? lock_downgrade+0x6e0/0x6e0 [ 3285.764291][T14856] ? vm_normal_page+0x146/0x2a0 03:15:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f754, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:07 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f3100002c0a0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3285.769188][T14856] do_wp_page+0x1d1/0x1910 [ 3285.773723][T14856] __handle_mm_fault+0x1813/0x39b0 [ 3285.778865][T14856] ? vm_iomap_memory+0x190/0x190 [ 3285.783866][T14856] handle_mm_fault+0x1c8/0x780 [ 3285.788672][T14856] do_user_addr_fault+0x475/0x1210 [ 3285.793825][T14856] exc_page_fault+0x94/0x170 [ 3285.798448][T14856] asm_exc_page_fault+0x22/0x30 [ 3285.803411][T14856] RIP: 0033:0x7f98a34374b0 [ 3285.807849][T14856] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3285.827484][T14856] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3285.833578][T14856] RAX: 00000000dea4ea4f RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3285.841573][T14856] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0dbe [ 3285.849569][T14856] RBP: 00000000dea4ea4f R08: 0000000000000a4f R09: 00000000dea4ea53 [ 3285.857569][T14856] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3285.865564][T14856] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff897edae4 [ 3285.873562][T14856] ? __ct_user_exit+0x104/0x150 [ 3285.878470][T14856] [ 3285.902753][T14856] memory: usage 307180kB, limit 307200kB, failcnt 25698 [ 3285.910026][T14856] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3285.915881][T14847] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3285.923179][T14856] Memory cgroup stats for /syz0: [ 3285.930119][T14856] anon 114688 [ 3285.930119][T14856] file 319488 [ 3285.930119][T14856] kernel 314118144 [ 3285.930119][T14856] kernel_stack 65536 [ 3285.930119][T14856] pagetables 73728 [ 3285.930119][T14856] percpu 5425088 [ 3285.930119][T14856] sock 0 [ 3285.930119][T14856] vmalloc 0 [ 3285.930119][T14856] shmem 319488 [ 3285.930119][T14856] zswap 0 [ 3285.930119][T14856] zswapped 0 [ 3285.930119][T14856] file_mapped 303104 [ 3285.930119][T14856] file_dirty 0 [ 3285.930119][T14856] file_writeback 0 [ 3285.930119][T14856] swapcached 0 [ 3285.930119][T14856] anon_thp 0 [ 3285.930119][T14856] file_thp 0 [ 3285.930119][T14856] shmem_thp 0 [ 3285.930119][T14856] inactive_anon 118784 [ 3285.930119][T14856] active_anon 315392 [ 3285.930119][T14856] inactive_file 0 [ 3285.930119][T14856] active_file 0 [ 3285.930119][T14856] unevictable 0 [ 3285.930119][T14856] slab_reclaimable 224128 [ 3285.930119][T14856] slab_unreclaimable 308289952 [ 3285.930119][T14856] slab 308514080 [ 3286.051672][T14846] bridge2529: port 1(bridge_slave_1) entered disabled state [ 3286.059574][T14856] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14856,uid=0 [ 3286.075753][T14856] Memory cgroup out of memory: Killed process 14856 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:15:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fda", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3286.096477][T14861] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3286.127197][T14852] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3286.138029][T14861] CPU: 0 PID: 14861 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3286.148400][T14861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3286.158475][T14861] Call Trace: [ 3286.161770][T14861] [ 3286.164719][T14861] dump_stack_lvl+0xcd/0x134 [ 3286.169347][T14861] dump_header+0x10b/0x7f9 [ 3286.173803][T14861] oom_kill_process.cold+0x10/0x15 [ 3286.178949][T14861] out_of_memory+0x358/0x14a0 [ 3286.183673][T14861] ? oom_killer_disable+0x270/0x270 [ 3286.188906][T14861] ? find_held_lock+0x2d/0x110 [ 3286.193692][T14861] mem_cgroup_out_of_memory+0x206/0x270 [ 3286.199257][T14861] ? mem_cgroup_margin+0x130/0x130 [ 3286.204392][T14861] ? lock_downgrade+0x6e0/0x6e0 [ 3286.209291][T14861] try_charge_memcg+0xf67/0x13f0 [ 3286.214267][T14861] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3286.219165][T14854] bridge4121: port 1(bridge_slave_1) entered disabled state 03:15:07 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f750, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3286.220254][T14861] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3286.220288][T14861] ? lock_downgrade+0x6e0/0x6e0 [ 3286.220319][T14861] ? lock_downgrade+0x6e0/0x6e0 [ 3286.242982][T14861] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3286.248546][T14861] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3286.254742][T14861] copy_process+0x145a/0x7090 [ 3286.259441][T14861] ? __lock_acquire+0xbc3/0x56d0 [ 3286.264389][T14861] ? __cleanup_sighand+0xb0/0xb0 [ 3286.269353][T14861] kernel_clone+0xe7/0xab0 [ 3286.273819][T14861] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3286.279824][T14861] ? create_io_thread+0xe0/0xe0 [ 3286.284677][T14861] ? find_held_lock+0x2d/0x110 [ 3286.289447][T14861] ? __ct_user_exit+0xff/0x150 [ 3286.294225][T14861] __do_sys_clone+0xba/0x100 [ 3286.298844][T14861] ? kernel_clone+0xab0/0xab0 [ 3286.303571][T14861] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3286.309499][T14861] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3286.315441][T14861] do_syscall_64+0x35/0xb0 [ 3286.319872][T14861] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3286.325768][T14861] RIP: 0033:0x7ff38a48a6a1 [ 3286.330183][T14861] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3286.349805][T14861] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3286.358248][T14861] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3286.366244][T14861] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3286.374338][T14861] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3286.382304][T14861] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3286.390271][T14861] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3286.398273][T14861] [ 3286.412401][T14861] memory: usage 307200kB, limit 307200kB, failcnt 3340 [ 3286.419610][T14861] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3286.426670][T14861] Memory cgroup stats for /syz2: [ 3286.426887][T14861] anon 147456 [ 3286.426887][T14861] file 360448 [ 3286.426887][T14861] kernel 314064896 [ 3286.426887][T14861] kernel_stack 65536 [ 3286.426887][T14861] pagetables 81920 [ 3286.426887][T14861] percpu 5433376 [ 3286.426887][T14861] sock 0 [ 3286.426887][T14861] vmalloc 0 [ 3286.426887][T14861] shmem 356352 [ 3286.426887][T14861] zswap 0 [ 3286.426887][T14861] zswapped 0 [ 3286.426887][T14861] file_mapped 356352 [ 3286.426887][T14861] file_dirty 4096 [ 3286.426887][T14861] file_writeback 0 [ 3286.426887][T14861] swapcached 0 [ 3286.426887][T14861] anon_thp 0 [ 3286.426887][T14861] file_thp 0 [ 3286.426887][T14861] shmem_thp 0 [ 3286.426887][T14861] inactive_anon 204800 [ 3286.426887][T14861] active_anon 299008 [ 3286.426887][T14861] inactive_file 0 [ 3286.426887][T14861] active_file 4096 [ 3286.426887][T14861] unevictable 0 [ 3286.426887][T14861] slab_reclaimable 58856 [ 3286.426887][T14861] slab_unreclaimable 308387568 [ 3286.426887][T14861] slab 308446424 [ 3286.455727][T14854] bridge4122: port 1(bridge_slave_1) entered blocking state [ 3286.537053][T14854] bridge4122: port 1(bridge_slave_1) entered disabled state [ 3286.557733][T14861] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14861,uid=0 [ 3286.567020][T14858] bridge4122: port 1(bridge_slave_1) entered blocking state [ 3286.580769][T14858] bridge4122: port 1(bridge_slave_1) entered forwarding state [ 3286.617848][T14861] Memory cgroup out of memory: Killed process 14861 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3286.631037][T14858] bond0: (slave bridge4122): Enslaving as an active interface with an up link [ 3286.660429][T14859] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 03:15:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fb7000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3286.685986][T14870] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3286.698726][T14870] CPU: 1 PID: 14870 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3286.708930][T14870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3286.719014][T14870] Call Trace: [ 3286.722311][T14870] [ 3286.725261][T14870] dump_stack_lvl+0xcd/0x134 [ 3286.729889][T14870] dump_header+0x10b/0x7f9 [ 3286.734335][T14870] oom_kill_process.cold+0x10/0x15 [ 3286.739477][T14870] out_of_memory+0x358/0x14a0 [ 3286.744189][T14870] ? find_held_lock+0x2d/0x110 [ 3286.744210][T14863] bridge1274: port 1(bridge_slave_1) entered blocking state [ 3286.748961][T14870] ? oom_killer_disable+0x270/0x270 [ 3286.749002][T14870] ? find_held_lock+0x2d/0x110 [ 3286.749029][T14870] mem_cgroup_out_of_memory+0x206/0x270 [ 3286.749056][T14870] ? mem_cgroup_margin+0x130/0x130 [ 3286.749077][T14870] ? lock_downgrade+0x6e0/0x6e0 [ 3286.749127][T14870] try_charge_memcg+0xf67/0x13f0 [ 3286.749163][T14870] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3286.749189][T14870] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3286.749213][T14870] ? lock_downgrade+0x6e0/0x6e0 [ 3286.749261][T14870] obj_cgroup_charge+0x2ab/0x5e0 [ 3286.749291][T14870] ? __anon_vma_prepare+0x2d6/0x560 [ 3286.813478][T14870] kmem_cache_alloc+0x96/0x3b0 [ 3286.818272][T14870] __anon_vma_prepare+0x2d6/0x560 [ 3286.823320][T14870] ? __pmd_alloc+0x2ff/0x5c0 [ 3286.827928][T14870] __handle_mm_fault+0x340e/0x39b0 [ 3286.833060][T14870] ? vm_iomap_memory+0x190/0x190 [ 3286.838031][T14870] handle_mm_fault+0x1c8/0x780 [ 3286.842810][T14870] do_user_addr_fault+0x475/0x1210 [ 3286.847971][T14870] exc_page_fault+0x94/0x170 [ 3286.852576][T14870] asm_exc_page_fault+0x22/0x30 [ 3286.857447][T14870] RIP: 0033:0x7f98a3484695 [ 3286.861871][T14870] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3286.881484][T14870] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3286.887576][T14870] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3286.895550][T14870] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3286.903523][T14870] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3286.911497][T14870] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000322662 [ 3286.919470][T14870] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3286.927468][T14870] [ 3286.942935][T14863] bridge1274: port 1(bridge_slave_1) entered disabled state [ 3286.954632][T14870] memory: usage 307200kB, limit 307200kB, failcnt 25770 [ 3286.971557][T14870] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3286.978686][T14865] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3286.988443][T14870] Memory cgroup stats for /syz0: [ 3286.988689][T14870] anon 126976 [ 3286.988689][T14870] file 319488 [ 3286.988689][T14870] kernel 314126336 [ 3286.988689][T14870] kernel_stack 65536 [ 3286.988689][T14870] pagetables 81920 [ 3286.988689][T14870] percpu 5425088 [ 3286.988689][T14870] sock 0 [ 3286.988689][T14870] vmalloc 0 [ 3286.988689][T14870] shmem 319488 [ 3286.988689][T14870] zswap 0 [ 3286.988689][T14870] zswapped 0 [ 3286.988689][T14870] file_mapped 303104 [ 3286.988689][T14870] file_dirty 0 [ 3286.988689][T14870] file_writeback 0 [ 3286.988689][T14870] swapcached 0 [ 3286.988689][T14870] anon_thp 0 [ 3286.988689][T14870] file_thp 0 [ 3286.988689][T14870] shmem_thp 0 [ 3286.988689][T14870] inactive_anon 131072 [ 3286.988689][T14870] active_anon 315392 [ 3286.988689][T14870] inactive_file 0 [ 3286.988689][T14870] active_file 0 [ 3286.988689][T14870] unevictable 0 [ 3286.988689][T14870] slab_reclaimable 226056 [ 3286.988689][T14870] slab_unreclaimable 308290720 [ 3286.988689][T14870] slab 308516776 [ 3287.084341][T14880] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 03:15:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fdb", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3287.087603][T14870] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14870,uid=0 [ 3287.109654][T14870] Memory cgroup out of memory: Killed process 14870 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:08 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000780a0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3287.234100][T14868] bond0: (slave bridge1274): Enslaving as an active interface with an up link [ 3287.255560][T14867] bridge3174: port 1(bridge_slave_1) entered disabled state 03:15:08 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000029800000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3287.276418][T14882] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3287.284991][T14867] bridge3175: port 1(bridge_slave_1) entered blocking state [ 3287.304260][T14882] CPU: 1 PID: 14882 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3287.314479][T14882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3287.315070][T14867] bridge3175: port 1(bridge_slave_1) entered disabled state [ 3287.324640][T14882] Call Trace: [ 3287.324651][T14882] [ 3287.324661][T14882] dump_stack_lvl+0xcd/0x134 [ 3287.324695][T14882] dump_header+0x10b/0x7f9 [ 3287.324726][T14882] oom_kill_process.cold+0x10/0x15 [ 3287.324759][T14882] out_of_memory+0x358/0x14a0 [ 3287.324792][T14882] ? find_held_lock+0x2d/0x110 [ 3287.324818][T14882] ? oom_killer_disable+0x270/0x270 [ 3287.324850][T14882] ? find_held_lock+0x2d/0x110 [ 3287.324878][T14882] mem_cgroup_out_of_memory+0x206/0x270 [ 3287.324906][T14882] ? mem_cgroup_margin+0x130/0x130 [ 3287.324929][T14882] ? lock_downgrade+0x6e0/0x6e0 [ 3287.324974][T14882] try_charge_memcg+0xf67/0x13f0 [ 3287.325007][T14882] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3287.398443][T14882] ? lock_downgrade+0x6e0/0x6e0 [ 3287.403344][T14882] charge_memcg+0x31/0x320 [ 3287.407792][T14882] __mem_cgroup_charge+0x27/0x90 [ 3287.412754][T14882] ? _compound_head+0x5d/0x150 [ 3287.417539][T14882] wp_page_copy+0x27c/0x1b60 [ 3287.422154][T14882] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3287.427621][T14882] ? lock_downgrade+0x6e0/0x6e0 [ 3287.432492][T14882] ? vm_normal_page+0x146/0x2a0 [ 3287.437368][T14882] do_wp_page+0x1d1/0x1910 [ 3287.441798][T14882] __handle_mm_fault+0x1813/0x39b0 [ 3287.446927][T14882] ? vm_iomap_memory+0x190/0x190 [ 3287.451914][T14882] handle_mm_fault+0x1c8/0x780 [ 3287.456709][T14882] do_user_addr_fault+0x475/0x1210 [ 3287.461860][T14882] exc_page_fault+0x94/0x170 [ 3287.466498][T14882] asm_exc_page_fault+0x22/0x30 [ 3287.471365][T14882] RIP: 0033:0x7f98a34374b0 [ 3287.475791][T14882] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3287.495422][T14882] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3287.501500][T14882] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3287.509474][T14882] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3287.517467][T14882] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3287.525444][T14882] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3287.533421][T14882] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3287.541397][T14882] ? __x64_sys_socket+0xd/0xb0 [ 3287.546194][T14882] [ 3287.558051][T14882] memory: usage 307200kB, limit 307200kB, failcnt 25832 [ 3287.589569][T14882] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3287.596705][T14882] Memory cgroup stats for /syz0: [ 3287.596846][T14882] anon 118784 [ 3287.596846][T14882] file 319488 [ 3287.596846][T14882] kernel 314118144 [ 3287.596846][T14882] kernel_stack 65536 [ 3287.596846][T14882] pagetables 73728 [ 3287.596846][T14882] percpu 5425088 [ 3287.596846][T14882] sock 0 [ 3287.596846][T14882] vmalloc 0 [ 3287.596846][T14882] shmem 319488 [ 3287.596846][T14882] zswap 0 [ 3287.596846][T14882] zswapped 0 [ 3287.596846][T14882] file_mapped 303104 [ 3287.596846][T14882] file_dirty 0 [ 3287.596846][T14882] file_writeback 0 [ 3287.596846][T14882] swapcached 0 [ 3287.596846][T14882] anon_thp 0 [ 3287.596846][T14882] file_thp 0 [ 3287.596846][T14882] shmem_thp 0 [ 3287.596846][T14882] inactive_anon 122880 [ 3287.596846][T14882] active_anon 315392 [ 3287.596846][T14882] inactive_file 0 [ 3287.596846][T14882] active_file 0 [ 3287.596846][T14882] unevictable 0 [ 3287.596846][T14882] slab_reclaimable 224128 [ 3287.596846][T14882] slab_unreclaimable 308290256 [ 3287.596846][T14882] slab 308514384 [ 3287.612245][T14869] bond0: (slave bridge3175): Enslaving as an active interface with an up link [ 3287.705519][T14882] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14882,uid=0 [ 3287.723380][T14882] Memory cgroup out of memory: Killed process 14882 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:15:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fdc", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3287.742032][T14883] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3287.755730][T14873] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3287.769599][T14883] CPU: 0 PID: 14883 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3287.779783][T14883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3287.789858][T14883] Call Trace: [ 3287.793152][T14883] [ 3287.796098][T14883] dump_stack_lvl+0xcd/0x134 [ 3287.800723][T14883] dump_header+0x10b/0x7f9 [ 3287.805166][T14883] oom_kill_process.cold+0x10/0x15 [ 3287.810305][T14883] out_of_memory+0x358/0x14a0 [ 3287.814565][T14874] bridge2530: port 1(bridge_slave_1) entered blocking state [ 3287.815017][T14883] ? oom_killer_disable+0x270/0x270 [ 3287.815055][T14883] ? find_held_lock+0x2d/0x110 [ 3287.823115][T14874] bridge2530: port 1(bridge_slave_1) entered disabled state [ 3287.827505][T14883] mem_cgroup_out_of_memory+0x206/0x270 [ 3287.827539][T14883] ? mem_cgroup_margin+0x130/0x130 [ 3287.827567][T14883] ? lock_downgrade+0x6e0/0x6e0 [ 3287.827609][T14883] try_charge_memcg+0xf67/0x13f0 [ 3287.827644][T14883] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3287.827670][T14883] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3287.827697][T14883] ? lock_downgrade+0x6e0/0x6e0 [ 3287.827731][T14883] ? lock_downgrade+0x6e0/0x6e0 [ 3287.827771][T14883] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3287.827803][T14883] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3287.827839][T14883] copy_process+0x607/0x7090 [ 3287.827871][T14883] ? __lock_acquire+0xbc3/0x56d0 [ 3287.827910][T14883] ? __cleanup_sighand+0xb0/0xb0 [ 3287.827975][T14883] kernel_clone+0xe7/0xab0 [ 3287.828001][T14883] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3287.828029][T14883] ? create_io_thread+0xe0/0xe0 [ 3287.828061][T14883] ? find_held_lock+0x2d/0x110 [ 3287.828090][T14883] ? __ct_user_exit+0xff/0x150 [ 3287.932790][T14883] __do_sys_clone+0xba/0x100 [ 3287.937409][T14883] ? kernel_clone+0xab0/0xab0 [ 3287.942158][T14883] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3287.948086][T14883] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3287.949468][T14875] bond0: (slave bridge2530): Enslaving as an active interface with an up link [ 3287.953998][T14883] do_syscall_64+0x35/0xb0 [ 3287.954031][T14883] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3287.973188][T14883] RIP: 0033:0x7ff38a48a6a1 03:15:09 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f750, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3287.977624][T14883] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3287.997258][T14883] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3288.005704][T14883] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3288.013704][T14883] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3288.021708][T14883] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3288.022322][T14893] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 03:15:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f3100002c0a0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3288.029689][T14883] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3288.029711][T14883] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3288.029753][T14883] [ 3288.068295][T14883] memory: usage 307200kB, limit 307200kB, failcnt 3419 [ 3288.081921][T14883] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3288.093087][T14883] Memory cgroup stats for /syz2: [ 3288.093423][T14883] anon 147456 [ 3288.093423][T14883] file 360448 [ 3288.093423][T14883] kernel 314064896 [ 3288.093423][T14883] kernel_stack 65536 [ 3288.093423][T14883] pagetables 81920 [ 3288.093423][T14883] percpu 5433376 [ 3288.093423][T14883] sock 0 [ 3288.093423][T14883] vmalloc 0 [ 3288.093423][T14883] shmem 356352 [ 3288.093423][T14883] zswap 0 [ 3288.093423][T14883] zswapped 0 [ 3288.093423][T14883] file_mapped 356352 [ 3288.093423][T14883] file_dirty 4096 [ 3288.093423][T14883] file_writeback 0 [ 3288.093423][T14883] swapcached 0 [ 3288.093423][T14883] anon_thp 0 [ 3288.093423][T14883] file_thp 0 [ 3288.093423][T14883] shmem_thp 0 [ 3288.093423][T14883] inactive_anon 204800 [ 3288.093423][T14883] active_anon 299008 [ 3288.093423][T14883] inactive_file 0 [ 3288.093423][T14883] active_file 4096 [ 3288.093423][T14883] unevictable 0 [ 3288.093423][T14883] slab_reclaimable 58856 [ 3288.093423][T14883] slab_unreclaimable 308387568 [ 3288.093423][T14883] slab 308446424 [ 3288.188890][T14881] bridge4122: port 1(bridge_slave_1) entered disabled state [ 3288.222853][T14881] bridge4123: port 1(bridge_slave_1) entered blocking state [ 3288.230688][T14881] bridge4123: port 1(bridge_slave_1) entered disabled state [ 3288.232992][T14883] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14883,uid=0 [ 3288.259546][T14880] bridge4123: port 1(bridge_slave_1) entered blocking state [ 3288.267141][T14880] bridge4123: port 1(bridge_slave_1) entered forwarding state [ 3288.275139][T14883] Memory cgroup out of memory: Killed process 14883 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:09 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000c00a0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3288.331516][T14880] bond0: (slave bridge4123): Enslaving as an active interface with an up link [ 3288.337832][T14891] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3288.353517][T14887] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3288.375219][T14891] CPU: 1 PID: 14891 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3288.385439][T14891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3288.395526][T14891] Call Trace: [ 3288.398822][T14891] [ 3288.401806][T14891] dump_stack_lvl+0xcd/0x134 [ 3288.406434][T14891] dump_header+0x10b/0x7f9 [ 3288.410877][T14891] oom_kill_process.cold+0x10/0x15 [ 3288.416037][T14891] out_of_memory+0x358/0x14a0 [ 3288.420762][T14891] ? find_held_lock+0x2d/0x110 [ 3288.425550][T14891] ? oom_killer_disable+0x270/0x270 [ 3288.430774][T14891] ? find_held_lock+0x2d/0x110 [ 3288.435564][T14891] mem_cgroup_out_of_memory+0x206/0x270 [ 3288.436464][T14889] bridge1274: port 1(bridge_slave_1) entered disabled state [ 3288.441134][T14891] ? mem_cgroup_margin+0x130/0x130 [ 3288.441165][T14891] ? lock_downgrade+0x6e0/0x6e0 [ 3288.441207][T14891] try_charge_memcg+0xf67/0x13f0 [ 3288.441242][T14891] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3288.469380][T14891] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3288.475134][T14891] ? lock_downgrade+0x6e0/0x6e0 [ 3288.480025][T14891] ? lock_downgrade+0x6e0/0x6e0 [ 3288.484928][T14891] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3288.490518][T14891] __alloc_pages+0x1ef/0x510 [ 3288.495139][T14891] ? __alloc_pages_slowpath.constprop.0+0x2240/0x2240 [ 3288.501952][T14891] ? find_held_lock+0x2d/0x110 [ 3288.506761][T14891] alloc_pages+0x1a6/0x270 [ 3288.511217][T14891] pte_alloc_one+0x16/0x230 [ 3288.515748][T14891] __pte_alloc+0x69/0x250 [ 3288.520107][T14891] ? pmd_install+0x150/0x150 [ 3288.524899][T14891] ? hugepage_vma_check+0x44e/0x780 [ 3288.530134][T14891] ? __pmd_alloc+0x2ff/0x5c0 [ 3288.534757][T14891] __handle_mm_fault+0x310b/0x39b0 [ 3288.539908][T14891] ? vm_iomap_memory+0x190/0x190 [ 3288.544903][T14891] handle_mm_fault+0x1c8/0x780 [ 3288.549792][T14891] do_user_addr_fault+0x475/0x1210 [ 3288.554948][T14891] exc_page_fault+0x94/0x170 [ 3288.559577][T14891] asm_exc_page_fault+0x22/0x30 [ 3288.564452][T14891] RIP: 0033:0x7f98a3484695 [ 3288.568990][T14891] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3288.588632][T14891] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3288.594729][T14891] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3288.602724][T14891] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3288.610756][T14891] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3288.618752][T14891] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000322ced 03:15:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fb8000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3288.626739][T14891] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3288.634722][T14891] [ 3288.653760][T14889] bridge1275: port 1(bridge_slave_1) entered blocking state [ 3288.658276][T14891] memory: usage 307200kB, limit 307200kB, failcnt 25909 [ 3288.668250][T14891] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3288.675118][T14891] Memory cgroup stats for /syz0: [ 3288.675334][T14891] anon 126976 [ 3288.675334][T14891] file 319488 [ 3288.675334][T14891] kernel 314126336 [ 3288.675334][T14891] kernel_stack 65536 [ 3288.675334][T14891] pagetables 77824 [ 3288.675334][T14891] percpu 5425088 [ 3288.675334][T14891] sock 0 [ 3288.675334][T14891] vmalloc 0 [ 3288.675334][T14891] shmem 319488 [ 3288.675334][T14891] zswap 0 [ 3288.675334][T14891] zswapped 0 [ 3288.675334][T14891] file_mapped 303104 [ 3288.675334][T14891] file_dirty 0 [ 3288.675334][T14891] file_writeback 0 [ 3288.675334][T14891] swapcached 0 [ 3288.675334][T14891] anon_thp 0 [ 3288.675334][T14891] file_thp 0 [ 3288.675334][T14891] shmem_thp 0 [ 3288.675334][T14891] inactive_anon 131072 [ 3288.675334][T14891] active_anon 315392 [ 3288.675334][T14891] inactive_file 0 [ 3288.675334][T14891] active_file 0 [ 3288.675334][T14891] unevictable 0 [ 3288.675334][T14891] slab_reclaimable 226056 [ 3288.675334][T14891] slab_unreclaimable 308290600 [ 3288.675334][T14891] slab 308516656 [ 3288.771854][T14889] bridge1275: port 1(bridge_slave_1) entered disabled state [ 3288.774140][T14891] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14891,uid=0 03:15:10 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000e08900000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3288.800321][T14891] Memory cgroup out of memory: Killed process 14891 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 03:15:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fdd", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3288.869278][T14893] bridge2530: port 1(bridge_slave_1) entered disabled state 03:15:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000008200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3288.914154][T14893] bridge2531: port 1(bridge_slave_1) entered blocking state [ 3288.930664][T14893] bridge2531: port 1(bridge_slave_1) entered disabled state [ 3288.983406][T14900] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3289.009118][T14900] CPU: 0 PID: 14900 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3289.019338][T14900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3289.029424][T14900] Call Trace: 03:15:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x25f750, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3289.032727][T14900] [ 3289.035674][T14900] dump_stack_lvl+0xcd/0x134 [ 3289.040302][T14900] dump_header+0x10b/0x7f9 [ 3289.043298][T14897] bond0: (slave bridge2531): Enslaving as an active interface with an up link [ 3289.044732][T14900] oom_kill_process.cold+0x10/0x15 [ 3289.044775][T14900] out_of_memory+0x358/0x14a0 [ 3289.044810][T14900] ? find_held_lock+0x2d/0x110 [ 3289.068178][T14900] ? oom_killer_disable+0x270/0x270 [ 3289.073416][T14900] ? find_held_lock+0x2d/0x110 [ 3289.078218][T14900] mem_cgroup_out_of_memory+0x206/0x270 [ 3289.083821][T14900] ? mem_cgroup_margin+0x130/0x130 [ 3289.088967][T14900] ? lock_downgrade+0x6e0/0x6e0 [ 3289.093865][T14900] try_charge_memcg+0xf67/0x13f0 [ 3289.098841][T14900] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3289.104849][T14900] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3289.110601][T14900] ? lock_downgrade+0x6e0/0x6e0 [ 3289.115483][T14900] ? lock_downgrade+0x6e0/0x6e0 [ 3289.120381][T14900] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3289.125979][T14900] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3289.132171][T14900] copy_process+0x607/0x7090 [ 3289.136801][T14900] ? __lock_acquire+0xbc3/0x56d0 [ 3289.141766][T14900] ? __cleanup_sighand+0xb0/0xb0 [ 3289.146740][T14900] kernel_clone+0xe7/0xab0 [ 3289.151195][T14900] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3289.157385][T14900] ? create_io_thread+0xe0/0xe0 [ 3289.162278][T14900] ? find_held_lock+0x2d/0x110 [ 3289.167079][T14900] ? __ct_user_exit+0xff/0x150 [ 3289.171875][T14900] __do_sys_clone+0xba/0x100 [ 3289.176491][T14900] ? kernel_clone+0xab0/0xab0 [ 3289.179293][T14918] bridge2531: port 1(bridge_slave_1) entered disabled state [ 3289.181185][T14900] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3289.181223][T14900] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3289.181263][T14900] do_syscall_64+0x35/0xb0 [ 3289.204743][T14900] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3289.210672][T14900] RIP: 0033:0x7ff38a48a6a1 [ 3289.215099][T14900] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3289.234724][T14900] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3289.243147][T14900] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3289.251137][T14900] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3289.259105][T14900] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3289.267071][T14900] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3289.275055][T14900] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3289.283087][T14900] [ 3289.293612][T14900] memory: usage 307200kB, limit 307200kB, failcnt 3539 [ 3289.303818][T14900] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3289.311090][T14900] Memory cgroup stats for /syz2: [ 3289.311318][T14900] anon 147456 [ 3289.311318][T14900] file 360448 [ 3289.311318][T14900] kernel 314064896 [ 3289.311318][T14900] kernel_stack 65536 [ 3289.311318][T14900] pagetables 81920 [ 3289.311318][T14900] percpu 5433376 [ 3289.311318][T14900] sock 0 [ 3289.311318][T14900] vmalloc 0 [ 3289.311318][T14900] shmem 356352 [ 3289.311318][T14900] zswap 0 [ 3289.311318][T14900] zswapped 0 [ 3289.311318][T14900] file_mapped 356352 [ 3289.311318][T14900] file_dirty 0 [ 3289.311318][T14900] file_writeback 0 [ 3289.311318][T14900] swapcached 0 [ 3289.311318][T14900] anon_thp 0 [ 3289.311318][T14900] file_thp 0 [ 3289.311318][T14900] shmem_thp 0 [ 3289.311318][T14900] inactive_anon 204800 [ 3289.311318][T14900] active_anon 299008 [ 3289.311318][T14900] inactive_file 0 [ 3289.311318][T14900] active_file 4096 [ 3289.311318][T14900] unevictable 0 [ 3289.311318][T14900] slab_reclaimable 58856 [ 3289.311318][T14900] slab_unreclaimable 308387568 [ 3289.311318][T14900] slab 308446424 [ 3289.324255][T14918] bridge2532: port 1(bridge_slave_1) entered blocking state [ 3289.419391][T14900] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14900,uid=0 [ 3289.435115][T14900] Memory cgroup out of memory: Killed process 14900 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3289.439703][T14918] bridge2532: port 1(bridge_slave_1) entered disabled state [ 3289.478717][T14910] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3289.501005][T14910] CPU: 1 PID: 14910 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3289.511206][T14910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3289.521287][T14910] Call Trace: [ 3289.524590][T14910] [ 3289.527549][T14910] dump_stack_lvl+0xcd/0x134 [ 3289.532168][T14910] dump_header+0x10b/0x7f9 [ 3289.536618][T14910] oom_kill_process.cold+0x10/0x15 [ 3289.541749][T14910] out_of_memory+0x358/0x14a0 [ 3289.544402][T14906] bridge4123: port 1(bridge_slave_1) entered disabled state [ 3289.546432][T14910] ? find_held_lock+0x2d/0x110 [ 3289.546467][T14910] ? oom_killer_disable+0x270/0x270 [ 3289.546501][T14910] ? find_held_lock+0x2d/0x110 [ 3289.568506][T14910] mem_cgroup_out_of_memory+0x206/0x270 [ 3289.574085][T14910] ? mem_cgroup_margin+0x130/0x130 [ 3289.579202][T14910] ? lock_downgrade+0x6e0/0x6e0 [ 3289.584077][T14910] try_charge_memcg+0xf67/0x13f0 [ 3289.589037][T14910] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3289.595037][T14910] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3289.600763][T14910] ? lock_downgrade+0x6e0/0x6e0 [ 3289.605646][T14910] obj_cgroup_charge+0x2ab/0x5e0 [ 3289.610598][T14910] ? __anon_vma_prepare+0x2d6/0x560 [ 3289.615806][T14910] kmem_cache_alloc+0x96/0x3b0 [ 3289.620586][T14910] __anon_vma_prepare+0x2d6/0x560 [ 3289.625632][T14910] ? __pmd_alloc+0x2ff/0x5c0 [ 3289.630232][T14910] __handle_mm_fault+0x340e/0x39b0 [ 3289.635359][T14910] ? vm_iomap_memory+0x190/0x190 [ 3289.640349][T14910] handle_mm_fault+0x1c8/0x780 [ 3289.645131][T14910] do_user_addr_fault+0x475/0x1210 [ 3289.650263][T14910] exc_page_fault+0x94/0x170 [ 3289.654870][T14910] asm_exc_page_fault+0x22/0x30 [ 3289.659726][T14910] RIP: 0033:0x7f98a3484695 [ 3289.664250][T14910] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3289.683867][T14910] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3289.690025][T14910] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3289.698006][T14910] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3289.705980][T14910] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3289.713956][T14910] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032315e [ 3289.721935][T14910] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3289.729933][T14910] [ 3289.740954][T14910] memory: usage 307200kB, limit 307200kB, failcnt 25982 [ 3289.758074][T14910] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3289.782910][T14910] Memory cgroup stats for /syz0: [ 3289.783137][T14910] anon 126976 [ 3289.783137][T14910] file 319488 [ 3289.783137][T14910] kernel 314126336 [ 3289.783137][T14910] kernel_stack 65536 [ 3289.783137][T14910] pagetables 81920 [ 3289.783137][T14910] percpu 5425088 [ 3289.783137][T14910] sock 0 [ 3289.783137][T14910] vmalloc 0 [ 3289.783137][T14910] shmem 319488 [ 3289.783137][T14910] zswap 0 [ 3289.783137][T14910] zswapped 0 [ 3289.783137][T14910] file_mapped 303104 [ 3289.783137][T14910] file_dirty 0 [ 3289.783137][T14910] file_writeback 0 [ 3289.783137][T14910] swapcached 0 [ 3289.783137][T14910] anon_thp 0 [ 3289.783137][T14910] file_thp 0 [ 3289.783137][T14910] shmem_thp 0 [ 3289.783137][T14910] inactive_anon 131072 [ 3289.783137][T14910] active_anon 315392 [ 3289.783137][T14910] inactive_file 0 [ 3289.783137][T14910] active_file 0 [ 3289.783137][T14910] unevictable 0 [ 3289.783137][T14910] slab_reclaimable 226056 [ 3289.783137][T14910] slab_unreclaimable 308290720 [ 3289.783137][T14910] slab 308516776 03:15:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fde", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3289.821192][T14906] bridge4124: port 1(bridge_slave_1) entered blocking state [ 3289.883410][T14910] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14910,uid=0 [ 3289.900907][T14910] Memory cgroup out of memory: Killed process 14910 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3289.926212][T14906] bridge4124: port 1(bridge_slave_1) entered disabled state [ 3289.966693][T14908] bridge4124: port 1(bridge_slave_1) entered blocking state [ 3289.974214][T14908] bridge4124: port 1(bridge_slave_1) entered forwarding state 03:15:11 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000c80a0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3290.006862][T14925] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3290.027624][T14908] bond0: (slave bridge4124): Enslaving as an active interface with an up link [ 3290.028808][T14925] CPU: 0 PID: 14925 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3290.046688][T14925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 03:15:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fb9000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3290.056762][T14925] Call Trace: [ 3290.060068][T14925] [ 3290.063025][T14925] dump_stack_lvl+0xcd/0x134 [ 3290.067655][T14925] dump_header+0x10b/0x7f9 [ 3290.072111][T14925] oom_kill_process.cold+0x10/0x15 [ 3290.077269][T14925] out_of_memory+0x358/0x14a0 [ 3290.081989][T14925] ? find_held_lock+0x2d/0x110 [ 3290.086882][T14925] ? oom_killer_disable+0x270/0x270 [ 3290.092124][T14925] ? find_held_lock+0x2d/0x110 [ 3290.096925][T14925] mem_cgroup_out_of_memory+0x206/0x270 [ 3290.102505][T14925] ? mem_cgroup_margin+0x130/0x130 [ 3290.107649][T14925] ? lock_downgrade+0x6e0/0x6e0 [ 3290.112578][T14925] try_charge_memcg+0xf67/0x13f0 [ 3290.117545][T14925] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3290.123569][T14925] ? lock_downgrade+0x6e0/0x6e0 [ 3290.124760][T14919] bridge1275: port 1(bridge_slave_1) entered disabled state [ 3290.128448][T14925] charge_memcg+0x31/0x320 [ 3290.128489][T14925] __mem_cgroup_charge+0x27/0x90 [ 3290.128513][T14925] ? _compound_head+0x5d/0x150 [ 3290.149983][T14925] wp_page_copy+0x27c/0x1b60 [ 3290.154622][T14925] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3290.160207][T14925] ? lock_downgrade+0x6e0/0x6e0 [ 3290.165181][T14925] ? vm_normal_page+0x146/0x2a0 [ 3290.170083][T14925] do_wp_page+0x1d1/0x1910 [ 3290.174540][T14925] __handle_mm_fault+0x1813/0x39b0 [ 3290.179693][T14925] ? vm_iomap_memory+0x190/0x190 [ 3290.184693][T14925] handle_mm_fault+0x1c8/0x780 [ 3290.189486][T14925] do_user_addr_fault+0x475/0x1210 [ 3290.194632][T14925] exc_page_fault+0x94/0x170 [ 3290.199230][T14925] asm_exc_page_fault+0x22/0x30 [ 3290.204100][T14925] RIP: 0033:0x7f98a34374b0 [ 3290.208521][T14925] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3290.228148][T14925] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3290.234217][T14925] RAX: 000000002feed7de RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3290.242201][T14925] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000a19aef0 [ 3290.250197][T14925] RBP: 000000002feed7de R08: 00000000000017de R09: 000000002feed7e2 [ 3290.258207][T14925] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3290.266185][T14925] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83bb623b [ 3290.274184][T14925] ? security_socket_create+0x3b/0xc0 [ 3290.279593][T14925] 03:15:11 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000e08900000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3290.299145][T14925] memory: usage 307200kB, limit 307200kB, failcnt 26022 [ 3290.306391][T14925] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3290.342636][T14925] Memory cgroup stats for /syz0: [ 3290.342855][T14925] anon 122880 [ 3290.342855][T14925] file 319488 [ 3290.342855][T14925] kernel 314118144 [ 3290.342855][T14925] kernel_stack 65536 [ 3290.342855][T14925] pagetables 73728 [ 3290.342855][T14925] percpu 5425088 [ 3290.342855][T14925] sock 0 [ 3290.342855][T14925] vmalloc 0 [ 3290.342855][T14925] shmem 319488 [ 3290.342855][T14925] zswap 0 [ 3290.342855][T14925] zswapped 0 [ 3290.342855][T14925] file_mapped 303104 [ 3290.342855][T14925] file_dirty 0 [ 3290.342855][T14925] file_writeback 0 [ 3290.342855][T14925] swapcached 0 [ 3290.342855][T14925] anon_thp 0 [ 3290.342855][T14925] file_thp 0 [ 3290.342855][T14925] shmem_thp 0 [ 3290.342855][T14925] inactive_anon 126976 [ 3290.342855][T14925] active_anon 315392 [ 3290.342855][T14925] inactive_file 0 [ 3290.342855][T14925] active_file 0 [ 3290.342855][T14925] unevictable 0 [ 3290.342855][T14925] slab_reclaimable 224128 [ 3290.342855][T14925] slab_unreclaimable 308289952 [ 3290.342855][T14925] slab 308514080 03:15:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000c00a0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3290.344705][T14921] bond0: (slave bridge2532): Enslaving as an active interface with an up link [ 3290.363774][T14925] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14925,uid=0 [ 3290.466137][T14925] Memory cgroup out of memory: Killed process 14925 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3290.483934][T14922] __nla_validate_parse: 5 callbacks suppressed [ 3290.483952][T14922] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 03:15:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000000b0fdf", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3290.547247][T14923] bridge3175: port 1(bridge_slave_1) entered disabled state [ 3290.574654][T14923] bridge3177: port 1(bridge_slave_1) entered blocking state [ 3290.583354][T14923] bridge3177: port 1(bridge_slave_1) entered disabled state [ 3290.613596][T14927] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3290.638126][T14927] CPU: 0 PID: 14927 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3290.648424][T14927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3290.658509][T14927] Call Trace: [ 3290.661801][T14927] [ 3290.664731][T14927] dump_stack_lvl+0xcd/0x134 [ 3290.669338][T14927] dump_header+0x10b/0x7f9 [ 3290.673789][T14927] oom_kill_process.cold+0x10/0x15 [ 3290.673929][T14924] bond0: (slave bridge3177): Enslaving as an active interface with an up link [ 3290.678919][T14927] out_of_memory+0x358/0x14a0 [ 3290.678952][T14927] ? find_held_lock+0x2d/0x110 [ 3290.678976][T14927] ? oom_killer_disable+0x270/0x270 [ 3290.702588][T14927] ? find_held_lock+0x2d/0x110 [ 3290.707370][T14927] mem_cgroup_out_of_memory+0x206/0x270 [ 3290.712934][T14927] ? mem_cgroup_margin+0x130/0x130 [ 3290.718054][T14927] ? lock_downgrade+0x6e0/0x6e0 [ 3290.722930][T14927] try_charge_memcg+0xf67/0x13f0 [ 3290.727885][T14927] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3290.733876][T14927] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3290.739605][T14927] ? lock_downgrade+0x6e0/0x6e0 [ 3290.744468][T14927] ? lock_downgrade+0x6e0/0x6e0 [ 3290.749338][T14927] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3290.754913][T14927] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3290.761103][T14927] copy_process+0x145a/0x7090 [ 3290.765834][T14927] ? __lock_acquire+0xbc3/0x56d0 [ 3290.770814][T14927] ? __cleanup_sighand+0xb0/0xb0 [ 3290.775786][T14927] kernel_clone+0xe7/0xab0 [ 3290.780233][T14927] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3290.786263][T14927] ? create_io_thread+0xe0/0xe0 [ 3290.791151][T14927] ? find_held_lock+0x2d/0x110 [ 3290.795948][T14927] ? __ct_user_exit+0xff/0x150 [ 3290.800751][T14927] __do_sys_clone+0xba/0x100 [ 3290.805362][T14927] ? kernel_clone+0xab0/0xab0 [ 3290.810064][T14927] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3290.815972][T14927] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3290.821883][T14927] do_syscall_64+0x35/0xb0 [ 3290.826309][T14927] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3290.832295][T14927] RIP: 0033:0x7ff38a48a6a1 [ 3290.836763][T14927] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3290.856398][T14927] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3290.864914][T14927] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3290.872895][T14927] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3290.880873][T14927] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3290.888849][T14927] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3290.896826][T14927] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3290.904830][T14927] 03:15:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000008200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3290.924099][T14927] memory: usage 307200kB, limit 307200kB, failcnt 3639 [ 3290.943377][T14927] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3290.959091][T14927] Memory cgroup stats for /syz2: [ 3290.959210][T14931] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3290.959471][T14927] anon 147456 [ 3290.959471][T14927] file 360448 [ 3290.959471][T14927] kernel 314064896 [ 3290.959471][T14927] kernel_stack 65536 [ 3290.959471][T14927] pagetables 81920 [ 3290.959471][T14927] percpu 5433376 [ 3290.959471][T14927] sock 0 [ 3290.959471][T14927] vmalloc 0 [ 3290.959471][T14927] shmem 356352 [ 3290.959471][T14927] zswap 0 [ 3290.959471][T14927] zswapped 0 [ 3290.959471][T14927] file_mapped 356352 [ 3290.959471][T14927] file_dirty 0 [ 3290.959471][T14927] file_writeback 0 [ 3290.959471][T14927] swapcached 0 [ 3290.959471][T14927] anon_thp 0 [ 3290.959471][T14927] file_thp 0 [ 3290.959471][T14927] shmem_thp 0 [ 3290.959471][T14927] inactive_anon 204800 [ 3290.959471][T14927] active_anon 299008 [ 3290.959471][T14927] inactive_file 0 [ 3290.959471][T14927] active_file 4096 [ 3290.959471][T14927] unevictable 0 [ 3290.959471][T14927] slab_reclaimable 58856 [ 3290.959471][T14927] slab_unreclaimable 308387568 [ 3290.959471][T14927] slab 308446424 [ 3291.023069][T14933] bridge4124: port 1(bridge_slave_1) entered disabled state [ 3291.073558][T14927] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14927,uid=0 [ 3291.091844][T14927] Memory cgroup out of memory: Killed process 14927 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3291.146582][T14940] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3291.157207][T14940] CPU: 1 PID: 14940 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3291.172000][T14940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3291.182286][T14940] Call Trace: [ 3291.185579][T14940] [ 3291.188534][T14940] dump_stack_lvl+0xcd/0x134 [ 3291.193148][T14940] dump_header+0x10b/0x7f9 [ 3291.197607][T14940] oom_kill_process.cold+0x10/0x15 [ 3291.202751][T14940] out_of_memory+0x358/0x14a0 [ 3291.207446][T14940] ? find_held_lock+0x2d/0x110 [ 3291.212222][T14940] ? oom_killer_disable+0x270/0x270 [ 3291.217441][T14940] ? find_held_lock+0x2d/0x110 [ 3291.222216][T14940] mem_cgroup_out_of_memory+0x206/0x270 [ 3291.227885][T14940] ? mem_cgroup_margin+0x130/0x130 [ 3291.233026][T14940] ? lock_downgrade+0x6e0/0x6e0 [ 3291.237938][T14940] try_charge_memcg+0xf67/0x13f0 [ 3291.242989][T14940] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3291.248986][T14940] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3291.254723][T14940] ? lock_downgrade+0x6e0/0x6e0 [ 3291.259606][T14940] obj_cgroup_charge+0x2ab/0x5e0 [ 3291.264566][T14940] ? __anon_vma_prepare+0x60/0x560 [ 3291.269687][T14940] kmem_cache_alloc+0x96/0x3b0 [ 3291.274469][T14940] __anon_vma_prepare+0x60/0x560 [ 3291.279413][T14940] ? __pmd_alloc+0x2ff/0x5c0 [ 3291.284016][T14940] __handle_mm_fault+0x340e/0x39b0 [ 3291.289150][T14940] ? vm_iomap_memory+0x190/0x190 [ 3291.294142][T14940] handle_mm_fault+0x1c8/0x780 [ 3291.298931][T14940] do_user_addr_fault+0x475/0x1210 [ 3291.304085][T14940] exc_page_fault+0x94/0x170 [ 3291.308730][T14940] asm_exc_page_fault+0x22/0x30 [ 3291.313603][T14940] RIP: 0033:0x7f98a3484695 [ 3291.318121][T14940] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3291.337748][T14940] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3291.343828][T14940] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3291.351807][T14940] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3291.359807][T14940] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3291.367784][T14940] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00000000003237d3 [ 3291.375761][T14940] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3291.383769][T14940] [ 3291.394088][T14940] memory: usage 307200kB, limit 307200kB, failcnt 26084 [ 3291.400478][T14933] bridge4125: port 1(bridge_slave_1) entered blocking state [ 3291.406043][T14940] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3291.416950][T14940] Memory cgroup stats for /syz0: [ 3291.417190][T14940] anon 126976 [ 3291.417190][T14940] file 319488 [ 3291.417190][T14940] kernel 314126336 [ 3291.417190][T14940] kernel_stack 65536 [ 3291.417190][T14940] pagetables 81920 [ 3291.417190][T14940] percpu 5425088 [ 3291.417190][T14940] sock 0 [ 3291.417190][T14940] vmalloc 0 [ 3291.417190][T14940] shmem 319488 [ 3291.417190][T14940] zswap 0 [ 3291.417190][T14940] zswapped 0 [ 3291.417190][T14940] file_mapped 303104 [ 3291.417190][T14940] file_dirty 0 [ 3291.417190][T14940] file_writeback 0 [ 3291.417190][T14940] swapcached 0 [ 3291.417190][T14940] anon_thp 0 [ 3291.417190][T14940] file_thp 0 [ 3291.417190][T14940] shmem_thp 0 [ 3291.417190][T14940] inactive_anon 131072 [ 3291.417190][T14940] active_anon 315392 [ 3291.417190][T14940] inactive_file 0 [ 3291.417190][T14940] active_file 0 [ 3291.417190][T14940] unevictable 0 [ 3291.417190][T14940] slab_reclaimable 226056 [ 3291.417190][T14940] slab_unreclaimable 308290600 [ 3291.417190][T14940] slab 308516656 [ 3291.421041][T14933] bridge4125: port 1(bridge_slave_1) entered disabled state [ 3291.428446][T14940] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14940,uid=0 03:15:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000ffffffe4", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3291.540754][T14940] Memory cgroup out of memory: Killed process 14940 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3291.589225][T14936] bridge4125: port 1(bridge_slave_1) entered blocking state [ 3291.596655][T14936] bridge4125: port 1(bridge_slave_1) entered forwarding state 03:15:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fba000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3291.640467][T14936] bond0: (slave bridge4125): Enslaving as an active interface with an up link [ 3291.645998][T14951] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3291.649747][T14935] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3291.672455][T14951] CPU: 0 PID: 14951 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3291.682662][T14951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3291.692746][T14951] Call Trace: [ 3291.696058][T14951] [ 3291.699017][T14951] dump_stack_lvl+0xcd/0x134 [ 3291.703653][T14951] dump_header+0x10b/0x7f9 [ 3291.708145][T14951] oom_kill_process.cold+0x10/0x15 [ 3291.713470][T14951] out_of_memory+0x358/0x14a0 [ 3291.718196][T14951] ? find_held_lock+0x2d/0x110 [ 3291.723002][T14951] ? oom_killer_disable+0x270/0x270 [ 3291.728233][T14951] ? find_held_lock+0x2d/0x110 [ 3291.733021][T14951] mem_cgroup_out_of_memory+0x206/0x270 03:15:13 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000d00a0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3291.738595][T14951] ? mem_cgroup_margin+0x130/0x130 [ 3291.743742][T14951] ? lock_downgrade+0x6e0/0x6e0 [ 3291.748651][T14951] try_charge_memcg+0xf67/0x13f0 [ 3291.753630][T14951] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3291.759659][T14951] ? lock_downgrade+0x6e0/0x6e0 [ 3291.764605][T14951] charge_memcg+0x31/0x320 [ 3291.769260][T14951] __mem_cgroup_charge+0x27/0x90 [ 3291.774235][T14951] ? _compound_head+0x5d/0x150 [ 3291.779041][T14951] wp_page_copy+0x27c/0x1b60 [ 3291.783672][T14951] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3291.789163][T14951] ? lock_downgrade+0x6e0/0x6e0 [ 3291.794053][T14951] ? vm_normal_page+0x146/0x2a0 [ 3291.798950][T14951] do_wp_page+0x1d1/0x1910 [ 3291.803390][T14951] __handle_mm_fault+0x1813/0x39b0 [ 3291.808524][T14951] ? vm_iomap_memory+0x190/0x190 [ 3291.813521][T14951] handle_mm_fault+0x1c8/0x780 [ 3291.818327][T14951] do_user_addr_fault+0x475/0x1210 [ 3291.823475][T14951] exc_page_fault+0x94/0x170 [ 3291.828098][T14951] asm_exc_page_fault+0x22/0x30 [ 3291.832966][T14951] RIP: 0033:0x7f98a34374b0 [ 3291.837387][T14951] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3291.857101][T14951] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3291.863211][T14951] RAX: 000000009baee0a5 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3291.868066][T14957] bridge4125: port 1(bridge_slave_1) entered disabled state [ 3291.871196][T14951] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0db1 [ 3291.871219][T14951] RBP: 000000009baee0a5 R08: 00000000000000a5 R09: 000000009baee0a9 [ 3291.871237][T14951] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3291.871256][T14951] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff81a32736 [ 3291.871279][T14951] ? trace_user_exit.constprop.0+0x166/0x210 [ 3291.916425][T14951] [ 3291.925739][T14951] memory: usage 307192kB, limit 307200kB, failcnt 26129 [ 3291.932975][T14951] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3291.940428][T14951] Memory cgroup stats for /syz0: [ 3291.940650][T14951] anon 110592 [ 3291.940650][T14951] file 319488 [ 3291.940650][T14951] kernel 314134528 [ 3291.940650][T14951] kernel_stack 65536 [ 3291.940650][T14951] pagetables 73728 [ 3291.940650][T14951] percpu 5425088 [ 3291.940650][T14951] sock 0 [ 3291.940650][T14951] vmalloc 0 [ 3291.940650][T14951] shmem 319488 [ 3291.940650][T14951] zswap 0 [ 3291.940650][T14951] zswapped 0 [ 3291.940650][T14951] file_mapped 303104 [ 3291.940650][T14951] file_dirty 0 [ 3291.940650][T14951] file_writeback 0 [ 3291.940650][T14951] swapcached 0 [ 3291.940650][T14951] anon_thp 0 [ 3291.940650][T14951] file_thp 0 [ 3291.940650][T14951] shmem_thp 0 [ 3291.940650][T14951] inactive_anon 106496 [ 3291.940650][T14951] active_anon 315392 [ 3291.940650][T14951] inactive_file 0 [ 3291.940650][T14951] active_file 0 [ 3291.940650][T14951] unevictable 0 [ 3291.940650][T14951] slab_reclaimable 224128 [ 3291.940650][T14951] slab_unreclaimable 308301352 [ 3291.940650][T14951] slab 308525480 [ 3292.032558][T14939] bridge1277: port 1(bridge_slave_1) entered blocking state [ 3292.046922][T14939] bridge1277: port 1(bridge_slave_1) entered disabled state [ 3292.061370][T14951] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14951,uid=0 [ 3292.071527][T14942] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 03:15:13 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fffffff0", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3292.087789][T14951] Memory cgroup out of memory: Killed process 14951 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:15:13 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000e08900000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:13 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000008200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3292.168901][T14943] bond0: (slave bridge1277): Enslaving as an active interface with an up link [ 3292.189461][T14944] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3292.189569][T14954] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3292.208523][T14947] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3292.248437][T14954] CPU: 1 PID: 14954 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3292.258678][T14954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3292.268761][T14954] Call Trace: [ 3292.272069][T14954] [ 3292.275025][T14954] dump_stack_lvl+0xcd/0x134 [ 3292.279661][T14954] dump_header+0x10b/0x7f9 [ 3292.284118][T14954] oom_kill_process.cold+0x10/0x15 [ 3292.289273][T14954] out_of_memory+0x358/0x14a0 [ 3292.293989][T14954] ? find_held_lock+0x2d/0x110 [ 3292.298780][T14954] ? oom_killer_disable+0x270/0x270 [ 3292.304017][T14954] ? find_held_lock+0x2d/0x110 [ 3292.308810][T14954] mem_cgroup_out_of_memory+0x206/0x270 [ 3292.314388][T14954] ? mem_cgroup_margin+0x130/0x130 [ 3292.320480][T14954] ? lock_downgrade+0x6e0/0x6e0 [ 3292.325382][T14954] try_charge_memcg+0xf67/0x13f0 [ 3292.330360][T14954] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3292.336367][T14954] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3292.342119][T14954] ? lock_downgrade+0x6e0/0x6e0 [ 3292.346993][T14954] ? lock_downgrade+0x6e0/0x6e0 [ 3292.351887][T14954] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3292.357469][T14954] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3292.363665][T14954] copy_process+0x607/0x7090 [ 3292.368296][T14954] ? __lock_acquire+0xbc3/0x56d0 [ 3292.373281][T14954] ? __cleanup_sighand+0xb0/0xb0 [ 3292.378273][T14954] kernel_clone+0xe7/0xab0 [ 3292.382753][T14954] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3292.388770][T14954] ? create_io_thread+0xe0/0xe0 [ 3292.393670][T14954] ? find_held_lock+0x2d/0x110 [ 3292.395050][T14965] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3292.398446][T14954] ? __ct_user_exit+0xff/0x150 [ 3292.398488][T14954] __do_sys_clone+0xba/0x100 [ 3292.398516][T14954] ? kernel_clone+0xab0/0xab0 [ 3292.398555][T14954] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3292.398584][T14954] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3292.398628][T14954] do_syscall_64+0x35/0xb0 [ 3292.398655][T14954] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3292.398687][T14954] RIP: 0033:0x7ff38a48a6a1 [ 3292.398708][T14954] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3292.468113][T14954] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3292.476566][T14954] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3292.484586][T14954] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3292.492586][T14954] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3292.500594][T14954] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3292.508601][T14954] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3292.516632][T14954] [ 3292.538532][T14954] memory: usage 307200kB, limit 307200kB, failcnt 3705 [ 3292.552140][T14954] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3292.559277][T14954] Memory cgroup stats for /syz2: [ 3292.559490][T14954] anon 147456 [ 3292.559490][T14954] file 360448 [ 3292.559490][T14954] kernel 314064896 [ 3292.559490][T14954] kernel_stack 65536 [ 3292.559490][T14954] pagetables 81920 [ 3292.559490][T14954] percpu 5433376 [ 3292.559490][T14954] sock 0 [ 3292.559490][T14954] vmalloc 0 [ 3292.559490][T14954] shmem 356352 [ 3292.559490][T14954] zswap 0 [ 3292.559490][T14954] zswapped 0 [ 3292.559490][T14954] file_mapped 356352 [ 3292.559490][T14954] file_dirty 0 [ 3292.559490][T14954] file_writeback 0 [ 3292.559490][T14954] swapcached 0 [ 3292.559490][T14954] anon_thp 0 [ 3292.559490][T14954] file_thp 0 [ 3292.559490][T14954] shmem_thp 0 [ 3292.559490][T14954] inactive_anon 204800 [ 3292.559490][T14954] active_anon 299008 [ 3292.559490][T14954] inactive_file 0 [ 3292.559490][T14954] active_file 4096 [ 3292.559490][T14954] unevictable 0 [ 3292.559490][T14954] slab_reclaimable 58856 [ 3292.559490][T14954] slab_unreclaimable 308387568 [ 3292.559490][T14954] slab 308446424 [ 3292.630213][T14965] bond0: (slave bridge1278): Enslaving as an active interface with an up link [ 3292.664098][T14954] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14954,uid=0 [ 3292.665871][T14948] bridge3177: port 1(bridge_slave_1) entered disabled state [ 3292.693420][T14954] Memory cgroup out of memory: Killed process 14954 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3292.712269][T14959] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3292.723200][T14959] CPU: 0 PID: 14959 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3292.733397][T14959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3292.743574][T14959] Call Trace: [ 3292.745035][T14948] bridge3178: port 1(bridge_slave_1) entered blocking state [ 3292.746852][T14959] [ 3292.746866][T14959] dump_stack_lvl+0xcd/0x134 [ 3292.746903][T14959] dump_header+0x10b/0x7f9 [ 3292.760854][T14948] bridge3178: port 1(bridge_slave_1) entered disabled state [ 3292.761693][T14959] oom_kill_process.cold+0x10/0x15 [ 3292.761736][T14959] out_of_memory+0x358/0x14a0 [ 3292.783341][T14959] ? oom_killer_disable+0x270/0x270 [ 3292.788580][T14959] ? find_held_lock+0x2d/0x110 [ 3292.793455][T14959] mem_cgroup_out_of_memory+0x206/0x270 [ 3292.799022][T14959] ? mem_cgroup_margin+0x130/0x130 [ 3292.804164][T14959] ? lock_downgrade+0x6e0/0x6e0 [ 3292.809050][T14959] try_charge_memcg+0xf67/0x13f0 [ 3292.814011][T14959] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3292.820022][T14959] ? lock_downgrade+0x6e0/0x6e0 [ 3292.824919][T14959] charge_memcg+0x31/0x320 [ 3292.827027][T14949] bond0: (slave bridge3178): Enslaving as an active interface with an up link [ 3292.829351][T14959] __mem_cgroup_charge+0x27/0x90 [ 3292.829380][T14959] ? _compound_head+0x5d/0x150 [ 3292.829413][T14959] wp_page_copy+0x27c/0x1b60 03:15:14 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000008200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3292.829448][T14959] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3292.829471][T14959] ? lock_downgrade+0x6e0/0x6e0 [ 3292.829496][T14959] ? vm_normal_page+0x146/0x2a0 [ 3292.829536][T14959] do_wp_page+0x1d1/0x1910 [ 3292.829568][T14959] __handle_mm_fault+0x1813/0x39b0 [ 3292.829603][T14959] ? vm_iomap_memory+0x190/0x190 [ 3292.829659][T14959] handle_mm_fault+0x1c8/0x780 [ 3292.829692][T14959] do_user_addr_fault+0x475/0x1210 [ 3292.829735][T14959] exc_page_fault+0x94/0x170 [ 3292.829765][T14959] asm_exc_page_fault+0x22/0x30 [ 3292.829788][T14959] RIP: 0033:0x7f98a34374b0 [ 3292.829810][T14959] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3292.829834][T14959] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3292.829857][T14959] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3292.829874][T14959] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3292.829890][T14959] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3292.829905][T14959] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3292.829923][T14959] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3292.829937][T14959] ? __x64_sys_socket+0xd/0xb0 [ 3292.829982][T14959] [ 3292.838069][T14959] memory: usage 307200kB, limit 307200kB, failcnt 26200 [ 3292.922861][T14970] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3292.929781][T14959] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3293.010552][T14959] Memory cgroup stats for /syz0: [ 3293.010791][T14959] anon 118784 [ 3293.010791][T14959] file 319488 [ 3293.010791][T14959] kernel 314118144 [ 3293.010791][T14959] kernel_stack 65536 [ 3293.010791][T14959] pagetables 73728 [ 3293.010791][T14959] percpu 5425088 [ 3293.010791][T14959] sock 0 [ 3293.010791][T14959] vmalloc 0 [ 3293.010791][T14959] shmem 319488 [ 3293.010791][T14959] zswap 0 [ 3293.010791][T14959] zswapped 0 [ 3293.010791][T14959] file_mapped 303104 [ 3293.010791][T14959] file_dirty 0 [ 3293.010791][T14959] file_writeback 0 [ 3293.010791][T14959] swapcached 0 [ 3293.010791][T14959] anon_thp 0 [ 3293.010791][T14959] file_thp 0 [ 3293.010791][T14959] shmem_thp 0 [ 3293.010791][T14959] inactive_anon 122880 [ 3293.010791][T14959] active_anon 315392 [ 3293.010791][T14959] inactive_file 0 [ 3293.010791][T14959] active_file 0 [ 3293.010791][T14959] unevictable 0 [ 3293.010791][T14959] slab_reclaimable 224128 [ 3293.010791][T14959] slab_unreclaimable 308292056 [ 3293.010791][T14959] slab 308516184 03:15:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fbb000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3293.115180][T14959] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14959,uid=0 [ 3293.138359][T14963] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 03:15:14 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000d80a0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3293.150767][T14959] Memory cgroup out of memory: Killed process 14959 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:15:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fffffffc", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3293.234285][T14968] bridge2532: port 1(bridge_slave_1) entered disabled state [ 3293.278639][T14968] bridge2534: port 1(bridge_slave_1) entered blocking state [ 3293.284395][T14978] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3293.295071][T14968] bridge2534: port 1(bridge_slave_1) entered disabled state [ 3293.300680][T14978] CPU: 0 PID: 14978 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3293.313778][T14978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3293.323888][T14978] Call Trace: [ 3293.327187][T14978] [ 3293.330136][T14978] dump_stack_lvl+0xcd/0x134 [ 3293.334748][T14978] dump_header+0x10b/0x7f9 [ 3293.339203][T14978] oom_kill_process.cold+0x10/0x15 [ 3293.339556][T14967] bridge1277: port 1(bridge_slave_1) entered disabled state [ 3293.344337][T14978] out_of_memory+0x358/0x14a0 [ 3293.344378][T14978] ? find_held_lock+0x2d/0x110 [ 3293.344405][T14978] ? oom_killer_disable+0x270/0x270 [ 3293.366302][T14978] ? find_held_lock+0x2d/0x110 [ 3293.371068][T14978] mem_cgroup_out_of_memory+0x206/0x270 [ 3293.376611][T14978] ? mem_cgroup_margin+0x130/0x130 [ 3293.381734][T14978] ? lock_downgrade+0x6e0/0x6e0 [ 3293.386589][T14978] try_charge_memcg+0xf67/0x13f0 [ 3293.391548][T14978] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3293.397596][T14978] ? lock_downgrade+0x6e0/0x6e0 [ 3293.402512][T14978] charge_memcg+0x31/0x320 [ 3293.407666][T14978] __mem_cgroup_charge+0x27/0x90 [ 3293.412627][T14978] ? _compound_head+0x5d/0x150 [ 3293.417402][T14978] wp_page_copy+0x27c/0x1b60 [ 3293.422017][T14978] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3293.427480][T14978] ? lock_downgrade+0x6e0/0x6e0 [ 3293.432327][T14978] ? vm_normal_page+0x146/0x2a0 [ 3293.437201][T14978] do_wp_page+0x1d1/0x1910 [ 3293.441636][T14978] __handle_mm_fault+0x1813/0x39b0 [ 3293.446764][T14978] ? vm_iomap_memory+0x190/0x190 [ 3293.451740][T14978] handle_mm_fault+0x1c8/0x780 [ 3293.456537][T14978] do_user_addr_fault+0x475/0x1210 [ 3293.461677][T14978] exc_page_fault+0x94/0x170 [ 3293.466265][T14978] asm_exc_page_fault+0x22/0x30 [ 3293.471111][T14978] RIP: 0033:0x7f98a34374b0 [ 3293.475520][T14978] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3293.495138][T14978] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3293.501250][T14978] RAX: 00000000410a6cbc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3293.509267][T14978] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000000000022 [ 3293.517232][T14978] RBP: 00000000410a6cbc R08: 0000000000000cbc R09: 00000000410a6cc0 [ 3293.525200][T14978] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3293.533170][T14978] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff81a325d6 [ 3293.541136][T14978] ? trace_user_exit.constprop.0+0x6/0x210 [ 3293.546981][T14978] [ 3293.555915][T14978] memory: usage 307188kB, limit 307200kB, failcnt 26222 [ 3293.563165][T14967] bridge1278: port 1(bridge_slave_1) entered blocking state [ 3293.563500][T14978] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3293.577898][T14978] Memory cgroup stats for /syz0: [ 3293.578125][T14978] anon 94208 [ 3293.578125][T14978] file 319488 [ 3293.578125][T14978] kernel 314134528 [ 3293.578125][T14978] kernel_stack 65536 [ 3293.578125][T14978] pagetables 73728 [ 3293.578125][T14978] percpu 5425088 [ 3293.578125][T14978] sock 0 [ 3293.578125][T14978] vmalloc 0 [ 3293.578125][T14978] shmem 319488 [ 3293.578125][T14978] zswap 0 [ 3293.578125][T14978] zswapped 0 [ 3293.578125][T14978] file_mapped 303104 [ 3293.578125][T14978] file_dirty 0 [ 3293.578125][T14978] file_writeback 0 [ 3293.578125][T14978] swapcached 0 [ 3293.578125][T14978] anon_thp 0 [ 3293.578125][T14978] file_thp 0 [ 3293.578125][T14978] shmem_thp 0 [ 3293.578125][T14978] inactive_anon 45056 [ 3293.578125][T14978] active_anon 315392 [ 3293.578125][T14978] inactive_file 0 [ 3293.578125][T14978] active_file 0 [ 3293.578125][T14978] unevictable 0 [ 3293.578125][T14978] slab_reclaimable 226704 [ 3293.578125][T14978] slab_unreclaimable 308302000 [ 3293.578125][T14978] slab 308528704 [ 3293.600907][T14967] bridge1278: port 1(bridge_slave_1) entered disabled state 03:15:15 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000586500000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:15 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fffffffe", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3293.674766][T14978] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14978,uid=0 [ 3293.695072][T14978] Memory cgroup out of memory: Killed process 14978 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3293.756186][T14977] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3293.795735][T14977] CPU: 0 PID: 14977 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3293.805951][T14977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3293.816026][T14977] Call Trace: [ 3293.819318][T14977] [ 3293.822261][T14977] dump_stack_lvl+0xcd/0x134 [ 3293.826885][T14977] dump_header+0x10b/0x7f9 [ 3293.828523][T14966] bond0: (slave bridge2534): Enslaving as an active interface with an up link [ 3293.831405][T14977] oom_kill_process.cold+0x10/0x15 [ 3293.831447][T14977] out_of_memory+0x358/0x14a0 [ 3293.831482][T14977] ? find_held_lock+0x2d/0x110 [ 3293.841137][T14971] bridge3178: port 1(bridge_slave_1) entered disabled state [ 3293.845502][T14977] ? oom_killer_disable+0x270/0x270 [ 3293.845558][T14977] ? find_held_lock+0x2d/0x110 [ 3293.845588][T14977] mem_cgroup_out_of_memory+0x206/0x270 [ 3293.877812][T14977] ? mem_cgroup_margin+0x130/0x130 [ 3293.882937][T14977] ? lock_downgrade+0x6e0/0x6e0 [ 3293.887811][T14977] try_charge_memcg+0xf67/0x13f0 [ 3293.892765][T14977] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3293.898754][T14977] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3293.904489][T14977] ? lock_downgrade+0x6e0/0x6e0 [ 3293.909356][T14977] ? lock_downgrade+0x6e0/0x6e0 [ 3293.914230][T14977] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3293.919788][T14977] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3293.925982][T14977] copy_process+0x607/0x7090 [ 3293.930596][T14977] ? __lock_acquire+0xbc3/0x56d0 [ 3293.935555][T14977] ? __cleanup_sighand+0xb0/0xb0 [ 3293.940538][T14977] kernel_clone+0xe7/0xab0 [ 3293.944964][T14977] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3293.950972][T14977] ? create_io_thread+0xe0/0xe0 [ 3293.955839][T14977] ? find_held_lock+0x2d/0x110 [ 3293.960615][T14977] ? __ct_user_exit+0xff/0x150 [ 3293.965394][T14977] __do_sys_clone+0xba/0x100 [ 3293.970002][T14977] ? kernel_clone+0xab0/0xab0 [ 3293.974700][T14977] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3293.980621][T14977] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3293.986534][T14977] do_syscall_64+0x35/0xb0 [ 3293.990959][T14977] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3293.996864][T14977] RIP: 0033:0x7ff38a48a6a1 [ 3294.001286][T14977] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3294.020900][T14977] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3294.029320][T14977] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3294.037297][T14977] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3294.045274][T14977] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3294.053267][T14977] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3294.061241][T14977] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3294.069239][T14977] [ 3294.075786][T14977] memory: usage 307200kB, limit 307200kB, failcnt 3767 [ 3294.097081][T14971] bridge3179: port 1(bridge_slave_1) entered blocking state 03:15:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000008200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3294.102649][T14977] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3294.118312][T14971] bridge3179: port 1(bridge_slave_1) entered disabled state [ 3294.162663][T14977] Memory cgroup stats for /syz2: [ 3294.162824][T14977] anon 147456 [ 3294.162824][T14977] file 360448 [ 3294.162824][T14977] kernel 314064896 [ 3294.162824][T14977] kernel_stack 65536 [ 3294.162824][T14977] pagetables 81920 [ 3294.162824][T14977] percpu 5433376 [ 3294.162824][T14977] sock 0 [ 3294.162824][T14977] vmalloc 0 [ 3294.162824][T14977] shmem 356352 [ 3294.162824][T14977] zswap 0 [ 3294.162824][T14977] zswapped 0 [ 3294.162824][T14977] file_mapped 356352 [ 3294.162824][T14977] file_dirty 0 [ 3294.162824][T14977] file_writeback 0 [ 3294.162824][T14977] swapcached 0 [ 3294.162824][T14977] anon_thp 0 [ 3294.162824][T14977] file_thp 0 [ 3294.162824][T14977] shmem_thp 0 [ 3294.162824][T14977] inactive_anon 204800 [ 3294.162824][T14977] active_anon 299008 [ 3294.162824][T14977] inactive_file 0 [ 3294.162824][T14977] active_file 4096 [ 3294.162824][T14977] unevictable 0 [ 3294.162824][T14977] slab_reclaimable 58856 [ 3294.162824][T14977] slab_unreclaimable 308387568 [ 3294.162824][T14977] slab 308446424 03:15:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xc00, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3294.219926][T14972] bond0: (slave bridge3179): Enslaving as an active interface with an up link [ 3294.268341][T14977] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14977,uid=0 [ 3294.288286][T14977] Memory cgroup out of memory: Killed process 14977 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3294.305936][T14976] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 03:15:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fbc000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3294.346978][T14988] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3294.362280][T14988] CPU: 1 PID: 14988 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3294.372491][T14988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3294.382578][T14988] Call Trace: [ 3294.385882][T14988] [ 3294.388869][T14988] dump_stack_lvl+0xcd/0x134 [ 3294.394029][T14988] dump_header+0x10b/0x7f9 [ 3294.398489][T14988] oom_kill_process.cold+0x10/0x15 [ 3294.403643][T14988] out_of_memory+0x358/0x14a0 [ 3294.408367][T14988] ? oom_killer_disable+0x270/0x270 [ 3294.413616][T14988] ? find_held_lock+0x2d/0x110 [ 3294.418417][T14988] mem_cgroup_out_of_memory+0x206/0x270 [ 3294.423999][T14988] ? mem_cgroup_margin+0x130/0x130 [ 3294.429144][T14988] ? lock_downgrade+0x6e0/0x6e0 [ 3294.434050][T14988] try_charge_memcg+0xf67/0x13f0 [ 3294.439043][T14988] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3294.445060][T14988] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3294.450804][T14988] ? lock_downgrade+0x6e0/0x6e0 [ 3294.455704][T14988] ? lock_downgrade+0x6e0/0x6e0 [ 3294.460611][T14988] obj_cgroup_charge+0x2ab/0x5e0 [ 3294.465597][T14988] kmem_cache_alloc_lru+0x13e/0x720 [ 3294.470835][T14988] ? __d_alloc+0x32/0x960 [ 3294.475354][T14988] __d_alloc+0x32/0x960 [ 3294.479630][T14988] ? alloc_fd+0x2f0/0x6f0 [ 3294.483989][T14988] d_alloc_pseudo+0x19/0x70 [ 3294.488515][T14988] alloc_file_pseudo+0xc6/0x250 [ 3294.493402][T14988] ? alloc_file+0x800/0x800 [ 3294.497936][T14988] ? _raw_spin_unlock+0x24/0x40 [ 3294.502808][T14988] ? alloc_fd+0x2f0/0x6f0 [ 3294.507155][T14988] sock_alloc_file+0x4f/0x190 [ 3294.511850][T14988] __sys_socket+0x1a4/0x240 [ 3294.516365][T14988] ? __sys_socket_file+0x1f0/0x1f0 [ 3294.521500][T14988] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3294.527420][T14988] __x64_sys_socket+0x6f/0xb0 [ 3294.532118][T14988] do_syscall_64+0x35/0xb0 [ 3294.536568][T14988] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3294.542481][T14988] RIP: 0033:0x7f98a3489279 [ 3294.546904][T14988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 3294.566524][T14988] RSP: 002b:00007f98a4645168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 3294.574948][T14988] RAX: ffffffffffffffda RBX: 00007f98a359c050 RCX: 00007f98a3489279 [ 3294.582927][T14988] RDX: 0000000000000000 RSI: 0000000000000803 RDI: 0000000000000010 03:15:15 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000140b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3294.590903][T14988] RBP: 00007f98a34e3189 R08: 0000000000000000 R09: 0000000000000000 [ 3294.598880][T14988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3294.606858][T14988] R13: 00007ffe69a68aff R14: 00007f98a4645300 R15: 0000000000022000 [ 3294.614873][T14988] [ 3294.633582][T14988] memory: usage 307200kB, limit 307200kB, failcnt 26333 [ 3294.661762][T14988] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3294.684344][T14988] Memory cgroup stats for /syz0: [ 3294.684585][T14988] anon 94208 [ 3294.684585][T14988] file 319488 [ 3294.684585][T14988] kernel 314159104 [ 3294.684585][T14988] kernel_stack 98304 [ 3294.684585][T14988] pagetables 73728 [ 3294.684585][T14988] percpu 5425088 [ 3294.684585][T14988] sock 0 [ 3294.684585][T14988] vmalloc 0 [ 3294.684585][T14988] shmem 319488 [ 3294.684585][T14988] zswap 0 [ 3294.684585][T14988] zswapped 0 [ 3294.684585][T14988] file_mapped 303104 [ 3294.684585][T14988] file_dirty 0 [ 3294.684585][T14988] file_writeback 0 [ 3294.684585][T14988] swapcached 0 [ 3294.684585][T14988] anon_thp 0 [ 3294.684585][T14988] file_thp 0 [ 3294.684585][T14988] shmem_thp 0 [ 3294.684585][T14988] inactive_anon 98304 [ 3294.684585][T14988] active_anon 315392 [ 3294.684585][T14988] inactive_file 0 [ 3294.684585][T14988] active_file 0 [ 3294.684585][T14988] unevictable 0 [ 3294.684585][T14988] slab_reclaimable 225672 [ 3294.684585][T14988] slab_unreclaimable 308298768 [ 3294.684585][T14988] slab 308524440 [ 3294.737216][T14987] bridge1278: port 1(bridge_slave_1) entered disabled state [ 3294.792535][T14988] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14982,uid=0 03:15:16 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000088a8ffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3294.809969][T14988] Memory cgroup out of memory: Killed process 14982 (syz-executor.0) total-vm:54640kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3294.839782][T14987] bridge1279: port 1(bridge_slave_1) entered blocking state [ 3294.848488][T14987] bridge1279: port 1(bridge_slave_1) entered disabled state [ 3294.914533][T15001] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3294.939193][T14991] bond0: (slave bridge1279): Enslaving as an active interface with an up link [ 3294.948442][T15001] CPU: 0 PID: 15001 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3294.958633][T15001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3294.968706][T15001] Call Trace: [ 3294.971989][T15001] [ 3294.974926][T15001] dump_stack_lvl+0xcd/0x134 [ 3294.979534][T15001] dump_header+0x10b/0x7f9 [ 3294.983971][T15001] oom_kill_process.cold+0x10/0x15 [ 3294.989105][T15001] out_of_memory+0x358/0x14a0 [ 3294.993818][T15001] ? find_held_lock+0x2d/0x110 [ 3294.998598][T15001] ? oom_killer_disable+0x270/0x270 [ 3295.003829][T15001] ? find_held_lock+0x2d/0x110 [ 3295.008616][T15001] mem_cgroup_out_of_memory+0x206/0x270 [ 3295.014172][T15001] ? mem_cgroup_margin+0x130/0x130 [ 3295.019291][T15001] ? lock_downgrade+0x6e0/0x6e0 [ 3295.024168][T15001] try_charge_memcg+0xf67/0x13f0 [ 3295.029121][T15001] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3295.035135][T15001] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3295.040865][T15001] ? lock_downgrade+0x6e0/0x6e0 [ 3295.045813][T15001] ? lock_downgrade+0x6e0/0x6e0 [ 3295.050710][T15001] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3295.056273][T15001] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3295.062443][T15001] copy_process+0x607/0x7090 [ 3295.067047][T15001] ? find_held_lock+0x2d/0x110 [ 3295.071836][T15001] ? __cleanup_sighand+0xb0/0xb0 [ 3295.076802][T15001] kernel_clone+0xe7/0xab0 [ 3295.081235][T15001] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3295.087229][T15001] ? create_io_thread+0xe0/0xe0 [ 3295.092096][T15001] ? find_held_lock+0x2d/0x110 [ 3295.096870][T15001] ? __ct_user_exit+0xff/0x150 [ 3295.101652][T15001] __do_sys_clone+0xba/0x100 [ 3295.106252][T15001] ? kernel_clone+0xab0/0xab0 [ 3295.110951][T15001] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3295.116879][T15001] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3295.122796][T15001] do_syscall_64+0x35/0xb0 [ 3295.127255][T15001] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3295.133195][T15001] RIP: 0033:0x7ff38a48a6a1 [ 3295.137615][T15001] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3295.157231][T15001] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 03:15:16 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000586500000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3295.165667][T15001] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3295.173749][T15001] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3295.181725][T15001] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3295.189700][T15001] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3295.197676][T15001] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3295.205672][T15001] [ 3295.264089][T14993] bridge2534: port 1(bridge_slave_1) entered disabled state [ 3295.267220][T15001] memory: usage 307200kB, limit 307200kB, failcnt 3849 [ 3295.282818][T15001] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3295.290173][T15001] Memory cgroup stats for /syz2: [ 3295.290362][T15001] anon 147456 [ 3295.290362][T15001] file 360448 [ 3295.290362][T15001] kernel 314064896 [ 3295.290362][T15001] kernel_stack 65536 [ 3295.290362][T15001] pagetables 81920 [ 3295.290362][T15001] percpu 5433376 [ 3295.290362][T15001] sock 0 [ 3295.290362][T15001] vmalloc 0 [ 3295.290362][T15001] shmem 356352 [ 3295.290362][T15001] zswap 0 [ 3295.290362][T15001] zswapped 0 [ 3295.290362][T15001] file_mapped 356352 [ 3295.290362][T15001] file_dirty 0 [ 3295.290362][T15001] file_writeback 0 [ 3295.290362][T15001] swapcached 0 [ 3295.290362][T15001] anon_thp 0 [ 3295.290362][T15001] file_thp 0 [ 3295.290362][T15001] shmem_thp 0 [ 3295.290362][T15001] inactive_anon 204800 [ 3295.290362][T15001] active_anon 299008 [ 3295.290362][T15001] inactive_file 4096 [ 3295.290362][T15001] active_file 0 [ 3295.290362][T15001] unevictable 0 [ 3295.290362][T15001] slab_reclaimable 58856 [ 3295.290362][T15001] slab_unreclaimable 308387568 [ 3295.290362][T15001] slab 308446424 [ 3295.306672][T14993] bridge2535: port 1(bridge_slave_1) entered blocking state [ 3295.386915][T15001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15001,uid=0 [ 3295.410549][T15001] Memory cgroup out of memory: Killed process 15001 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3295.417959][T14993] bridge2535: port 1(bridge_slave_1) entered disabled state [ 3295.464470][T14997] bridge3179: port 1(bridge_slave_1) entered disabled state [ 3295.470342][T15006] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3295.494148][T15006] CPU: 1 PID: 15006 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3295.504365][T15006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3295.513868][T14997] bridge3180: port 1(bridge_slave_1) entered blocking state [ 3295.514413][T15006] Call Trace: [ 3295.514423][T15006] [ 3295.527938][T15006] dump_stack_lvl+0xcd/0x134 [ 3295.532566][T15006] dump_header+0x10b/0x7f9 [ 3295.535577][T14997] bridge3180: port 1(bridge_slave_1) entered disabled state [ 3295.537003][T15006] oom_kill_process.cold+0x10/0x15 [ 3295.537046][T15006] out_of_memory+0x358/0x14a0 [ 3295.554147][T15006] ? find_held_lock+0x2d/0x110 [ 3295.558954][T15006] ? oom_killer_disable+0x270/0x270 [ 3295.564201][T15006] ? find_held_lock+0x2d/0x110 [ 3295.569007][T15006] mem_cgroup_out_of_memory+0x206/0x270 [ 3295.574592][T15006] ? mem_cgroup_margin+0x130/0x130 [ 3295.579733][T15006] ? lock_downgrade+0x6e0/0x6e0 [ 3295.584636][T15006] try_charge_memcg+0xf67/0x13f0 [ 3295.589621][T15006] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3295.595642][T15006] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3295.601388][T15006] ? lock_downgrade+0x6e0/0x6e0 [ 3295.606272][T15006] obj_cgroup_charge+0x2ab/0x5e0 [ 3295.611232][T15006] ? __anon_vma_prepare+0x60/0x560 [ 3295.616353][T15006] kmem_cache_alloc+0x96/0x3b0 [ 3295.621132][T15006] __anon_vma_prepare+0x60/0x560 [ 3295.626076][T15006] ? __pmd_alloc+0x2ff/0x5c0 [ 3295.630678][T15006] __handle_mm_fault+0x340e/0x39b0 [ 3295.635807][T15006] ? vm_iomap_memory+0x190/0x190 [ 3295.640776][T15006] handle_mm_fault+0x1c8/0x780 [ 3295.645553][T15006] do_user_addr_fault+0x475/0x1210 [ 3295.650689][T15006] exc_page_fault+0x94/0x170 [ 3295.655298][T15006] asm_exc_page_fault+0x22/0x30 [ 3295.660160][T15006] RIP: 0033:0x7f98a3484695 [ 3295.664590][T15006] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3295.684207][T15006] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3295.690296][T15006] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3295.698279][T15006] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3295.706346][T15006] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 03:15:16 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000008200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3295.714325][T15006] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00000000003248b1 [ 3295.722304][T15006] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3295.730312][T15006] [ 3295.752491][T15006] memory: usage 307188kB, limit 307200kB, failcnt 26431 [ 3295.759912][T15006] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3295.767968][T15006] Memory cgroup stats for /syz0: [ 3295.768158][T15006] anon 126976 [ 3295.768158][T15006] file 319488 [ 3295.768158][T15006] kernel 314114048 [ 3295.768158][T15006] kernel_stack 65536 [ 3295.768158][T15006] pagetables 81920 [ 3295.768158][T15006] percpu 5425088 [ 3295.768158][T15006] sock 0 [ 3295.768158][T15006] vmalloc 0 [ 3295.768158][T15006] shmem 319488 [ 3295.768158][T15006] zswap 0 [ 3295.768158][T15006] zswapped 0 [ 3295.768158][T15006] file_mapped 303104 [ 3295.768158][T15006] file_dirty 0 [ 3295.768158][T15006] file_writeback 0 [ 3295.768158][T15006] swapcached 0 [ 3295.768158][T15006] anon_thp 0 [ 3295.768158][T15006] file_thp 0 [ 3295.768158][T15006] shmem_thp 0 [ 3295.768158][T15006] inactive_anon 131072 [ 3295.768158][T15006] active_anon 315392 [ 3295.768158][T15006] inactive_file 0 [ 3295.768158][T15006] active_file 0 [ 3295.768158][T15006] unevictable 0 [ 3295.768158][T15006] slab_reclaimable 226056 [ 3295.768158][T15006] slab_unreclaimable 308279504 [ 3295.768158][T15006] slab 308505560 [ 3295.800288][T15004] bond0: (slave bridge3180): Enslaving as an active interface with an up link [ 3295.873664][T15006] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15006,uid=0 [ 3295.892266][T15003] __nla_validate_parse: 3 callbacks suppressed [ 3295.892285][T15003] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 03:15:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xc00, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000f0ffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3295.907594][T15006] Memory cgroup out of memory: Killed process 15006 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3295.998681][T15023] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3296.030963][T15020] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3296.043039][T15020] CPU: 0 PID: 15020 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3296.053237][T15020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3296.063322][T15020] Call Trace: [ 3296.066617][T15020] [ 3296.069582][T15020] dump_stack_lvl+0xcd/0x134 [ 3296.074208][T15020] dump_header+0x10b/0x7f9 [ 3296.078665][T15020] oom_kill_process.cold+0x10/0x15 [ 3296.083816][T15020] out_of_memory+0x358/0x14a0 [ 3296.088623][T15020] ? find_held_lock+0x2d/0x110 [ 3296.092759][T15005] bridge4127: port 1(bridge_slave_1) entered blocking state [ 3296.093403][T15020] ? oom_killer_disable+0x270/0x270 [ 3296.093445][T15020] ? find_held_lock+0x2d/0x110 [ 3296.093477][T15020] mem_cgroup_out_of_memory+0x206/0x270 [ 3296.115049][T15005] bridge4127: port 1(bridge_slave_1) entered disabled state [ 3296.116272][T15020] ? mem_cgroup_margin+0x130/0x130 [ 3296.116307][T15020] ? lock_downgrade+0x6e0/0x6e0 [ 3296.116354][T15020] try_charge_memcg+0xf67/0x13f0 [ 3296.138605][T15020] ? mem_cgroup_handle_over_high+0x510/0x510 03:15:17 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f3100001c0b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3296.144641][T15020] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3296.150494][T15020] ? lock_downgrade+0x6e0/0x6e0 [ 3296.155399][T15020] obj_cgroup_charge+0x2ab/0x5e0 [ 3296.160376][T15020] ? __anon_vma_prepare+0x2d6/0x560 [ 3296.165610][T15020] kmem_cache_alloc+0x96/0x3b0 [ 3296.169321][T15023] bridge3180: port 1(bridge_slave_1) entered disabled state [ 3296.170398][T15020] __anon_vma_prepare+0x2d6/0x560 [ 3296.170432][T15020] ? __pmd_alloc+0x2ff/0x5c0 [ 3296.170464][T15020] __handle_mm_fault+0x340e/0x39b0 [ 3296.192494][T15020] ? vm_iomap_memory+0x190/0x190 [ 3296.197498][T15020] handle_mm_fault+0x1c8/0x780 [ 3296.202312][T15020] do_user_addr_fault+0x475/0x1210 [ 3296.207467][T15020] exc_page_fault+0x94/0x170 [ 3296.212090][T15020] asm_exc_page_fault+0x22/0x30 [ 3296.216966][T15020] RIP: 0033:0x7f98a3484695 [ 3296.221491][T15020] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3296.241144][T15020] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3296.247230][T15020] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3296.255240][T15020] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3296.263231][T15020] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3296.271290][T15020] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000324aff [ 3296.279297][T15020] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3296.287363][T15020] [ 3296.295320][T15020] memory: usage 307200kB, limit 307200kB, failcnt 26517 [ 3296.302958][T15020] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3296.310084][T15020] Memory cgroup stats for /syz0: [ 3296.310299][T15020] anon 126976 [ 3296.310299][T15020] file 319488 [ 3296.310299][T15020] kernel 314126336 [ 3296.310299][T15020] kernel_stack 65536 [ 3296.310299][T15020] pagetables 81920 [ 3296.310299][T15020] percpu 5425088 [ 3296.310299][T15020] sock 0 [ 3296.310299][T15020] vmalloc 0 [ 3296.310299][T15020] shmem 319488 [ 3296.310299][T15020] zswap 0 [ 3296.310299][T15020] zswapped 0 [ 3296.310299][T15020] file_mapped 303104 [ 3296.310299][T15020] file_dirty 0 [ 3296.310299][T15020] file_writeback 0 [ 3296.310299][T15020] swapcached 0 [ 3296.310299][T15020] anon_thp 0 [ 3296.310299][T15020] file_thp 0 [ 3296.310299][T15020] shmem_thp 0 [ 3296.310299][T15020] inactive_anon 131072 [ 3296.310299][T15020] active_anon 315392 [ 3296.310299][T15020] inactive_file 0 [ 3296.310299][T15020] active_file 0 [ 3296.310299][T15020] unevictable 0 [ 3296.310299][T15020] slab_reclaimable 226056 [ 3296.310299][T15020] slab_unreclaimable 308290720 [ 3296.310299][T15020] slab 308516776 [ 3296.336635][T15023] bridge3181: port 1(bridge_slave_1) entered blocking state [ 3296.407099][T15020] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15020,uid=0 [ 3296.429259][T15020] Memory cgroup out of memory: Killed process 15020 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000000000000007fffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3296.457672][T15023] bridge3181: port 1(bridge_slave_1) entered disabled state [ 3296.500202][T15008] bridge4127: port 1(bridge_slave_1) entered blocking state [ 3296.507696][T15008] bridge4127: port 1(bridge_slave_1) entered forwarding state [ 3296.542417][T15024] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3296.563207][T15024] CPU: 0 PID: 15024 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3296.573508][T15024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3296.583581][T15024] Call Trace: [ 3296.586864][T15024] [ 3296.589792][T15024] dump_stack_lvl+0xcd/0x134 [ 3296.594402][T15024] dump_header+0x10b/0x7f9 [ 3296.598854][T15024] oom_kill_process.cold+0x10/0x15 [ 3296.603993][T15024] out_of_memory+0x358/0x14a0 [ 3296.608709][T15024] ? find_held_lock+0x2d/0x110 [ 3296.613537][T15024] ? oom_killer_disable+0x270/0x270 [ 3296.616878][T15008] bond0: (slave bridge4127): Enslaving as an active interface with an up link [ 3296.618744][T15024] ? find_held_lock+0x2d/0x110 [ 3296.618779][T15024] mem_cgroup_out_of_memory+0x206/0x270 [ 3296.618805][T15024] ? mem_cgroup_margin+0x130/0x130 [ 3296.618827][T15024] ? lock_downgrade+0x6e0/0x6e0 [ 3296.618865][T15024] try_charge_memcg+0xf67/0x13f0 [ 3296.618901][T15024] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3296.618926][T15024] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3296.618950][T15024] ? lock_downgrade+0x6e0/0x6e0 [ 3296.618977][T15024] ? lock_downgrade+0x6e0/0x6e0 [ 3296.619018][T15024] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3296.619049][T15024] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3296.619085][T15024] copy_process+0x607/0x7090 03:15:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fbd000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3296.619113][T15024] ? lock_chain_count+0x20/0x20 [ 3296.619156][T15024] ? __cleanup_sighand+0xb0/0xb0 [ 3296.619212][T15024] kernel_clone+0xe7/0xab0 [ 3296.619238][T15024] ? lock_downgrade+0x6e0/0x6e0 [ 3296.619264][T15024] ? create_io_thread+0xe0/0xe0 [ 3296.619298][T15024] ? find_held_lock+0x2d/0x110 [ 3296.619333][T15024] ? __ct_user_exit+0xff/0x150 [ 3296.619365][T15024] __do_sys_clone+0xba/0x100 [ 3296.619390][T15024] ? kernel_clone+0xab0/0xab0 [ 3296.619414][T15024] ? __ct_user_enter+0x19f/0x1d0 [ 3296.619456][T15024] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3296.619484][T15024] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3296.619521][T15024] do_syscall_64+0x35/0xb0 [ 3296.619546][T15024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3296.619576][T15024] RIP: 0033:0x7ff38a48a6a1 [ 3296.619597][T15024] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3296.619620][T15024] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3296.619644][T15024] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3296.619661][T15024] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3296.619678][T15024] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3296.619694][T15024] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3296.619711][T15024] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3296.649498][T15011] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3296.653710][T15024] [ 3296.681188][T15024] memory: usage 307200kB, limit 307200kB, failcnt 3922 [ 3296.735831][T15012] bridge1279: port 1(bridge_slave_1) entered disabled state [ 3296.740142][T15024] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3296.873896][T15024] Memory cgroup stats for /syz2: [ 3296.874115][T15024] anon 147456 [ 3296.874115][T15024] file 360448 [ 3296.874115][T15024] kernel 314064896 [ 3296.874115][T15024] kernel_stack 65536 [ 3296.874115][T15024] pagetables 81920 [ 3296.874115][T15024] percpu 5433376 [ 3296.874115][T15024] sock 0 [ 3296.874115][T15024] vmalloc 0 [ 3296.874115][T15024] shmem 356352 [ 3296.874115][T15024] zswap 0 [ 3296.874115][T15024] zswapped 0 [ 3296.874115][T15024] file_mapped 356352 [ 3296.874115][T15024] file_dirty 0 [ 3296.874115][T15024] file_writeback 0 [ 3296.874115][T15024] swapcached 0 [ 3296.874115][T15024] anon_thp 0 [ 3296.874115][T15024] file_thp 0 [ 3296.874115][T15024] shmem_thp 0 [ 3296.874115][T15024] inactive_anon 204800 [ 3296.874115][T15024] active_anon 299008 [ 3296.874115][T15024] inactive_file 4096 [ 3296.874115][T15024] active_file 0 [ 3296.874115][T15024] unevictable 0 [ 3296.874115][T15024] slab_reclaimable 58856 [ 3296.874115][T15024] slab_unreclaimable 308387568 [ 3296.874115][T15024] slab 308446424 [ 3296.886719][T15012] bridge1280: port 1(bridge_slave_1) entered blocking state [ 3296.971226][T15024] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15024,uid=0 [ 3296.996990][T15024] Memory cgroup out of memory: Killed process 15024 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3297.004020][T15012] bridge1280: port 1(bridge_slave_1) entered disabled state [ 3297.050731][T15027] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3297.078341][T15027] CPU: 0 PID: 15027 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3297.088645][T15027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3297.098727][T15027] Call Trace: [ 3297.102026][T15027] [ 3297.104966][T15027] dump_stack_lvl+0xcd/0x134 [ 3297.109567][T15027] dump_header+0x10b/0x7f9 [ 3297.113993][T15027] oom_kill_process.cold+0x10/0x15 [ 3297.119123][T15027] out_of_memory+0x358/0x14a0 [ 3297.123803][T15027] ? find_held_lock+0x2d/0x110 [ 3297.128575][T15027] ? oom_killer_disable+0x270/0x270 [ 3297.133808][T15027] ? find_held_lock+0x2d/0x110 [ 3297.138604][T15027] mem_cgroup_out_of_memory+0x206/0x270 [ 3297.144169][T15027] ? mem_cgroup_margin+0x130/0x130 [ 3297.149280][T15027] ? lock_downgrade+0x6e0/0x6e0 [ 3297.154154][T15027] try_charge_memcg+0xf67/0x13f0 [ 3297.159111][T15027] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3297.165093][T15027] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3297.170813][T15027] ? lock_downgrade+0x6e0/0x6e0 [ 3297.175673][T15027] obj_cgroup_charge+0x2ab/0x5e0 [ 3297.180622][T15027] ? __anon_vma_prepare+0x60/0x560 [ 3297.185762][T15027] kmem_cache_alloc+0x96/0x3b0 [ 3297.190560][T15027] __anon_vma_prepare+0x60/0x560 [ 3297.195524][T15027] ? __pmd_alloc+0x2ff/0x5c0 [ 3297.200136][T15027] __handle_mm_fault+0x340e/0x39b0 [ 3297.205253][T15027] ? vm_iomap_memory+0x190/0x190 [ 3297.210212][T15027] handle_mm_fault+0x1c8/0x780 [ 3297.214979][T15027] do_user_addr_fault+0x475/0x1210 [ 3297.220096][T15027] exc_page_fault+0x94/0x170 [ 3297.224713][T15027] asm_exc_page_fault+0x22/0x30 [ 3297.229587][T15027] RIP: 0033:0x7f98a3484695 [ 3297.234021][T15027] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3297.253652][T15027] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3297.259761][T15027] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3297.266222][T15015] bond0: (slave bridge1280): Enslaving as an active interface with an up link [ 3297.267739][T15027] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3297.267759][T15027] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3297.267779][T15027] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000324eeb 03:15:18 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000586500000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3297.267798][T15027] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3297.267835][T15027] [ 3297.314838][T15027] memory: usage 307200kB, limit 307200kB, failcnt 26618 [ 3297.322222][T15016] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3297.330036][T15027] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3297.343529][T15027] Memory cgroup stats for /syz0: [ 3297.343719][T15027] anon 126976 [ 3297.343719][T15027] file 319488 [ 3297.343719][T15027] kernel 314126336 [ 3297.343719][T15027] kernel_stack 65536 [ 3297.343719][T15027] pagetables 81920 [ 3297.343719][T15027] percpu 5425088 [ 3297.343719][T15027] sock 0 [ 3297.343719][T15027] vmalloc 0 [ 3297.343719][T15027] shmem 319488 [ 3297.343719][T15027] zswap 0 [ 3297.343719][T15027] zswapped 0 [ 3297.343719][T15027] file_mapped 303104 [ 3297.343719][T15027] file_dirty 0 [ 3297.343719][T15027] file_writeback 0 [ 3297.343719][T15027] swapcached 0 [ 3297.343719][T15027] anon_thp 0 [ 3297.343719][T15027] file_thp 0 [ 3297.343719][T15027] shmem_thp 0 [ 3297.343719][T15027] inactive_anon 131072 [ 3297.343719][T15027] active_anon 315392 [ 3297.343719][T15027] inactive_file 0 [ 3297.343719][T15027] active_file 0 [ 3297.343719][T15027] unevictable 0 [ 3297.343719][T15027] slab_reclaimable 226056 [ 3297.343719][T15027] slab_unreclaimable 308290600 [ 3297.343719][T15027] slab 308516656 [ 3297.438505][T15017] bridge2535: port 1(bridge_slave_1) entered disabled state [ 3297.450442][T15027] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15027,uid=0 [ 3297.473801][T15017] bridge2536: port 1(bridge_slave_1) entered blocking state [ 3297.476897][T15027] Memory cgroup out of memory: Killed process 15027 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000000000000009effffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3297.493434][T15017] bridge2536: port 1(bridge_slave_1) entered disabled state [ 3297.587338][T15021] bond0: (slave bridge2536): Enslaving as an active interface with an up link [ 3297.602056][T15037] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3297.617220][T15037] CPU: 1 PID: 15037 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3297.627421][T15037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3297.637491][T15037] Call Trace: [ 3297.640797][T15037] [ 3297.643744][T15037] dump_stack_lvl+0xcd/0x134 [ 3297.648349][T15037] dump_header+0x10b/0x7f9 [ 3297.652779][T15037] oom_kill_process.cold+0x10/0x15 [ 3297.657913][T15037] out_of_memory+0x358/0x14a0 [ 3297.662617][T15037] ? find_held_lock+0x2d/0x110 [ 3297.667388][T15037] ? oom_killer_disable+0x270/0x270 [ 3297.672609][T15037] ? find_held_lock+0x2d/0x110 [ 3297.677380][T15037] mem_cgroup_out_of_memory+0x206/0x270 [ 3297.682938][T15037] ? mem_cgroup_margin+0x130/0x130 [ 3297.688056][T15037] ? lock_downgrade+0x6e0/0x6e0 [ 3297.692935][T15037] try_charge_memcg+0xf67/0x13f0 [ 3297.697899][T15037] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3297.703895][T15037] ? lock_downgrade+0x6e0/0x6e0 [ 3297.708767][T15037] charge_memcg+0x31/0x320 [ 3297.713201][T15037] __mem_cgroup_charge+0x27/0x90 [ 3297.718145][T15037] ? _compound_head+0x5d/0x150 [ 3297.722923][T15037] wp_page_copy+0x27c/0x1b60 [ 3297.727529][T15037] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3297.732993][T15037] ? lock_downgrade+0x6e0/0x6e0 [ 3297.737849][T15037] ? vm_normal_page+0x146/0x2a0 [ 3297.742721][T15037] do_wp_page+0x1d1/0x1910 [ 3297.747153][T15037] __handle_mm_fault+0x1813/0x39b0 [ 3297.752285][T15037] ? vm_iomap_memory+0x190/0x190 [ 3297.757255][T15037] handle_mm_fault+0x1c8/0x780 [ 3297.762031][T15037] do_user_addr_fault+0x475/0x1210 [ 3297.767166][T15037] exc_page_fault+0x94/0x170 [ 3297.771774][T15037] asm_exc_page_fault+0x22/0x30 [ 3297.776633][T15037] RIP: 0033:0x7f98a34374b0 [ 3297.781052][T15037] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3297.800680][T15037] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3297.806751][T15037] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3297.814728][T15037] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3297.822709][T15037] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3297.830685][T15037] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 03:15:19 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000f0ffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3297.838659][T15037] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3297.846635][T15037] ? __x64_sys_socket+0xd/0xb0 [ 3297.851426][T15037] 03:15:19 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000200b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3297.883781][T15026] bond0: (slave bridge3181): Enslaving as an active interface with an up link [ 3297.907823][T15037] memory: usage 307200kB, limit 307200kB, failcnt 26692 [ 3297.916303][T15037] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3297.926151][T15037] Memory cgroup stats for /syz0: [ 3297.926379][T15037] anon 118784 [ 3297.926379][T15037] file 319488 [ 3297.926379][T15037] kernel 314134528 [ 3297.926379][T15037] kernel_stack 65536 [ 3297.926379][T15037] pagetables 73728 [ 3297.926379][T15037] percpu 5425088 [ 3297.926379][T15037] sock 0 [ 3297.926379][T15037] vmalloc 0 [ 3297.926379][T15037] shmem 319488 [ 3297.926379][T15037] zswap 0 [ 3297.926379][T15037] zswapped 0 [ 3297.926379][T15037] file_mapped 303104 [ 3297.926379][T15037] file_dirty 0 [ 3297.926379][T15037] file_writeback 0 [ 3297.926379][T15037] swapcached 0 [ 3297.926379][T15037] anon_thp 0 03:15:19 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xa00, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3297.926379][T15037] file_thp 0 [ 3297.926379][T15037] shmem_thp 0 [ 3297.926379][T15037] inactive_anon 122880 [ 3297.926379][T15037] active_anon 315392 [ 3297.926379][T15037] inactive_file 0 [ 3297.926379][T15037] active_file 0 [ 3297.926379][T15037] unevictable 0 [ 3297.926379][T15037] slab_reclaimable 224128 [ 3297.926379][T15037] slab_unreclaimable 308301352 [ 3297.926379][T15037] slab 308525480 [ 3297.961912][T15042] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3298.066137][T15037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15037,uid=0 [ 3298.089597][T15032] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3298.090208][T15037] Memory cgroup out of memory: Killed process 15037 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:15:19 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000a1ffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3298.159259][T15044] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3298.181637][T15044] CPU: 1 PID: 15044 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3298.191854][T15044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3298.201944][T15044] Call Trace: [ 3298.205240][T15044] [ 3298.208198][T15044] dump_stack_lvl+0xcd/0x134 [ 3298.212828][T15044] dump_header+0x10b/0x7f9 [ 3298.217285][T15044] oom_kill_process.cold+0x10/0x15 [ 3298.222449][T15044] out_of_memory+0x358/0x14a0 [ 3298.227161][T15044] ? find_held_lock+0x2d/0x110 [ 3298.231925][T15044] ? oom_killer_disable+0x270/0x270 [ 3298.237137][T15044] ? find_held_lock+0x2d/0x110 [ 3298.241906][T15044] mem_cgroup_out_of_memory+0x206/0x270 [ 3298.247462][T15044] ? mem_cgroup_margin+0x130/0x130 [ 3298.252588][T15044] ? lock_downgrade+0x6e0/0x6e0 [ 3298.257463][T15044] try_charge_memcg+0xf67/0x13f0 [ 3298.262423][T15044] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3298.268400][T15044] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3298.274113][T15044] ? lock_downgrade+0x6e0/0x6e0 [ 3298.278968][T15044] ? lock_downgrade+0x6e0/0x6e0 [ 3298.283839][T15044] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3298.289412][T15044] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3298.295588][T15044] copy_process+0x145a/0x7090 [ 3298.300265][T15044] ? __lock_acquire+0xbc3/0x56d0 [ 3298.305222][T15044] ? __cleanup_sighand+0xb0/0xb0 [ 3298.310195][T15044] kernel_clone+0xe7/0xab0 [ 3298.314641][T15044] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3298.320645][T15044] ? create_io_thread+0xe0/0xe0 [ 3298.325504][T15044] ? find_held_lock+0x2d/0x110 [ 3298.330268][T15044] ? __ct_user_exit+0xff/0x150 [ 3298.335047][T15044] __do_sys_clone+0xba/0x100 [ 3298.339674][T15044] ? kernel_clone+0xab0/0xab0 [ 3298.344364][T15044] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3298.350343][T15044] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3298.356251][T15044] do_syscall_64+0x35/0xb0 [ 3298.360684][T15044] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3298.366581][T15044] RIP: 0033:0x7ff38a48a6a1 [ 3298.370998][T15044] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3298.390711][T15044] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3298.399184][T15044] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3298.407272][T15044] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3298.415262][T15044] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3298.423248][T15044] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3298.431244][T15044] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3298.439274][T15044] [ 3298.447182][T15044] memory: usage 307200kB, limit 307200kB, failcnt 3994 [ 3298.454306][T15044] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3298.456537][T15031] bridge4127: port 1(bridge_slave_1) entered disabled state [ 3298.461436][T15044] Memory cgroup stats for /syz2: [ 3298.468889][T15044] anon 147456 [ 3298.468889][T15044] file 360448 [ 3298.468889][T15044] kernel 314064896 [ 3298.468889][T15044] kernel_stack 65536 [ 3298.468889][T15044] pagetables 81920 [ 3298.468889][T15044] percpu 5433376 [ 3298.468889][T15044] sock 0 [ 3298.468889][T15044] vmalloc 0 [ 3298.468889][T15044] shmem 356352 [ 3298.468889][T15044] zswap 0 [ 3298.468889][T15044] zswapped 0 [ 3298.468889][T15044] file_mapped 356352 [ 3298.468889][T15044] file_dirty 0 [ 3298.468889][T15044] file_writeback 0 [ 3298.468889][T15044] swapcached 0 [ 3298.468889][T15044] anon_thp 0 [ 3298.468889][T15044] file_thp 0 [ 3298.468889][T15044] shmem_thp 0 [ 3298.468889][T15044] inactive_anon 204800 [ 3298.468889][T15044] active_anon 299008 [ 3298.468889][T15044] inactive_file 4096 [ 3298.468889][T15044] active_file 0 [ 3298.468889][T15044] unevictable 0 [ 3298.468889][T15044] slab_reclaimable 58856 [ 3298.468889][T15044] slab_unreclaimable 308387568 [ 3298.468889][T15044] slab 308446424 [ 3298.565511][T15044] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15044,uid=0 [ 3298.581443][T15044] Memory cgroup out of memory: Killed process 15044 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fbe000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3298.624474][T15036] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3298.665615][T15050] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3298.699184][T15050] CPU: 1 PID: 15050 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3298.705912][T15039] bridge1280: port 1(bridge_slave_1) entered disabled state [ 3298.709359][T15050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3298.709378][T15050] Call Trace: [ 3298.709387][T15050] [ 3298.709398][T15050] dump_stack_lvl+0xcd/0x134 [ 3298.709437][T15050] dump_header+0x10b/0x7f9 [ 3298.709467][T15050] oom_kill_process.cold+0x10/0x15 [ 3298.709500][T15050] out_of_memory+0x358/0x14a0 [ 3298.751822][T15050] ? find_held_lock+0x2d/0x110 [ 3298.756589][T15050] ? oom_killer_disable+0x270/0x270 [ 3298.761805][T15050] ? find_held_lock+0x2d/0x110 [ 3298.766591][T15050] mem_cgroup_out_of_memory+0x206/0x270 [ 3298.772144][T15050] ? mem_cgroup_margin+0x130/0x130 [ 3298.777260][T15050] ? lock_downgrade+0x6e0/0x6e0 [ 3298.782160][T15050] try_charge_memcg+0xf67/0x13f0 [ 3298.787126][T15050] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3298.793112][T15050] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3298.798842][T15050] ? lock_downgrade+0x6e0/0x6e0 [ 3298.803744][T15050] obj_cgroup_charge+0x2ab/0x5e0 [ 3298.808716][T15050] ? __anon_vma_prepare+0x60/0x560 [ 3298.813845][T15050] kmem_cache_alloc+0x96/0x3b0 [ 3298.818621][T15050] __anon_vma_prepare+0x60/0x560 [ 3298.823584][T15050] ? __pmd_alloc+0x2ff/0x5c0 [ 3298.828205][T15050] __handle_mm_fault+0x340e/0x39b0 [ 3298.833355][T15050] ? vm_iomap_memory+0x190/0x190 [ 3298.838350][T15050] handle_mm_fault+0x1c8/0x780 [ 3298.843134][T15050] do_user_addr_fault+0x475/0x1210 [ 3298.848268][T15050] exc_page_fault+0x94/0x170 [ 3298.852890][T15050] asm_exc_page_fault+0x22/0x30 [ 3298.857746][T15050] RIP: 0033:0x7f98a3484695 [ 3298.862181][T15050] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3298.881822][T15050] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3298.887919][T15050] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3298.895915][T15050] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3298.903910][T15050] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3298.911886][T15050] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000325527 [ 3298.919861][T15050] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3298.927880][T15050] [ 3298.943152][T15050] memory: usage 307200kB, limit 307200kB, failcnt 26841 [ 3298.950775][T15050] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3298.958240][T15039] bridge1281: port 1(bridge_slave_1) entered blocking state [ 3298.966000][T15050] Memory cgroup stats for /syz0: [ 3298.966248][T15050] anon 126976 [ 3298.966248][T15050] file 319488 [ 3298.966248][T15050] kernel 314126336 [ 3298.966248][T15050] kernel_stack 65536 [ 3298.966248][T15050] pagetables 81920 [ 3298.966248][T15050] percpu 5425088 [ 3298.966248][T15050] sock 0 [ 3298.966248][T15050] vmalloc 0 [ 3298.966248][T15050] shmem 319488 [ 3298.966248][T15050] zswap 0 [ 3298.966248][T15050] zswapped 0 [ 3298.966248][T15050] file_mapped 303104 [ 3298.966248][T15050] file_dirty 0 [ 3298.966248][T15050] file_writeback 0 [ 3298.966248][T15050] swapcached 0 [ 3298.966248][T15050] anon_thp 0 [ 3298.966248][T15050] file_thp 0 [ 3298.966248][T15050] shmem_thp 0 [ 3298.966248][T15050] inactive_anon 131072 [ 3298.966248][T15050] active_anon 315392 [ 3298.966248][T15050] inactive_file 0 [ 3298.966248][T15050] active_file 0 [ 3298.966248][T15050] unevictable 0 [ 3298.966248][T15050] slab_reclaimable 226056 [ 3298.966248][T15050] slab_unreclaimable 308290600 [ 3298.966248][T15050] slab 308516656 03:15:20 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000c3ffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3298.971685][T15039] bridge1281: port 1(bridge_slave_1) entered disabled state [ 3299.068903][T15050] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15050,uid=0 [ 3299.088013][T15050] Memory cgroup out of memory: Killed process 15050 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3299.172682][T15058] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3299.184469][T15058] CPU: 1 PID: 15058 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3299.194652][T15058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3299.201863][T15040] bond0: (slave bridge1281): Enslaving as an active interface with an up link [ 3299.204716][T15058] Call Trace: [ 3299.204727][T15058] [ 3299.204737][T15058] dump_stack_lvl+0xcd/0x134 [ 3299.204774][T15058] dump_header+0x10b/0x7f9 [ 3299.228811][T15058] oom_kill_process.cold+0x10/0x15 [ 3299.233948][T15058] out_of_memory+0x358/0x14a0 [ 3299.238643][T15058] ? find_held_lock+0x2d/0x110 [ 3299.243420][T15058] ? oom_killer_disable+0x270/0x270 [ 3299.248635][T15058] ? find_held_lock+0x2d/0x110 [ 3299.253422][T15058] mem_cgroup_out_of_memory+0x206/0x270 [ 3299.258999][T15058] ? mem_cgroup_margin+0x130/0x130 [ 3299.264125][T15058] ? lock_downgrade+0x6e0/0x6e0 [ 3299.269012][T15058] try_charge_memcg+0xf67/0x13f0 [ 3299.273977][T15058] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3299.279985][T15058] ? lock_downgrade+0x6e0/0x6e0 [ 3299.284864][T15058] charge_memcg+0x31/0x320 [ 3299.289295][T15058] __mem_cgroup_charge+0x27/0x90 [ 3299.294241][T15058] ? _compound_head+0x5d/0x150 [ 3299.299016][T15058] wp_page_copy+0x27c/0x1b60 [ 3299.303624][T15058] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3299.309087][T15058] ? lock_downgrade+0x6e0/0x6e0 [ 3299.313963][T15058] ? vm_normal_page+0x146/0x2a0 [ 3299.318847][T15058] do_wp_page+0x1d1/0x1910 [ 3299.323277][T15058] __handle_mm_fault+0x1813/0x39b0 [ 3299.328404][T15058] ? vm_iomap_memory+0x190/0x190 [ 3299.333377][T15058] handle_mm_fault+0x1c8/0x780 [ 3299.338167][T15058] do_user_addr_fault+0x475/0x1210 [ 3299.343299][T15058] exc_page_fault+0x94/0x170 [ 3299.347903][T15058] asm_exc_page_fault+0x22/0x30 [ 3299.352757][T15058] RIP: 0033:0x7f98a34374b0 [ 3299.357201][T15058] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3299.376815][T15058] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3299.382889][T15058] RAX: 00000000bd27bad8 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3299.390863][T15058] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0c76 [ 3299.398837][T15058] RBP: 00000000bd27bad8 R08: 0000000000001ad8 R09: 00000000bd27badc [ 3299.406811][T15058] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3299.414787][T15058] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a3270f 03:15:20 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000a1ffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:20 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000240b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3299.422798][T15058] ? trace_user_exit.constprop.0+0x13f/0x210 [ 3299.428817][T15058] [ 3299.443993][T15047] bridge2536: port 1(bridge_slave_1) entered disabled state [ 3299.477723][T15047] bridge2537: port 1(bridge_slave_1) entered blocking state [ 3299.496867][T15058] memory: usage 307188kB, limit 307200kB, failcnt 26896 [ 3299.499289][T15047] bridge2537: port 1(bridge_slave_1) entered disabled state [ 3299.505654][T15058] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3299.530261][T15058] Memory cgroup stats for /syz0: [ 3299.531389][T15058] anon 106496 [ 3299.531389][T15058] file 319488 [ 3299.531389][T15058] kernel 314134528 [ 3299.531389][T15058] kernel_stack 65536 [ 3299.531389][T15058] pagetables 73728 [ 3299.531389][T15058] percpu 5425088 [ 3299.531389][T15058] sock 0 [ 3299.531389][T15058] vmalloc 0 [ 3299.531389][T15058] shmem 319488 [ 3299.531389][T15058] zswap 0 [ 3299.531389][T15058] zswapped 0 [ 3299.531389][T15058] file_mapped 303104 [ 3299.531389][T15058] file_dirty 0 [ 3299.531389][T15058] file_writeback 0 [ 3299.531389][T15058] swapcached 0 [ 3299.531389][T15058] anon_thp 0 [ 3299.531389][T15058] file_thp 0 [ 3299.531389][T15058] shmem_thp 0 [ 3299.531389][T15058] inactive_anon 110592 [ 3299.531389][T15058] active_anon 315392 [ 3299.531389][T15058] inactive_file 0 [ 3299.531389][T15058] active_file 0 [ 3299.531389][T15058] unevictable 0 [ 3299.531389][T15058] slab_reclaimable 224128 [ 3299.531389][T15058] slab_unreclaimable 308301352 [ 3299.531389][T15058] slab 308525480 03:15:20 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xa00, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3299.552805][T15048] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3299.668357][T15058] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15058,uid=0 [ 3299.695398][T15058] Memory cgroup out of memory: Killed process 15058 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:15:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000e4ffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3299.721039][T15049] bridge3181: port 1(bridge_slave_1) entered disabled state [ 3299.756980][T15062] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3299.777840][T15062] CPU: 0 PID: 15062 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3299.782020][T15049] bridge3182: port 1(bridge_slave_1) entered blocking state [ 3299.788041][T15062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3299.788058][T15062] Call Trace: [ 3299.788067][T15062] [ 3299.788077][T15062] dump_stack_lvl+0xcd/0x134 [ 3299.788113][T15062] dump_header+0x10b/0x7f9 [ 3299.788144][T15062] oom_kill_process.cold+0x10/0x15 [ 3299.788176][T15062] out_of_memory+0x358/0x14a0 [ 3299.788210][T15062] ? find_held_lock+0x2d/0x110 [ 3299.788234][T15062] ? oom_killer_disable+0x270/0x270 [ 3299.788266][T15062] ? find_held_lock+0x2d/0x110 [ 3299.788294][T15062] mem_cgroup_out_of_memory+0x206/0x270 [ 3299.788321][T15062] ? mem_cgroup_margin+0x130/0x130 [ 3299.788344][T15062] ? lock_downgrade+0x6e0/0x6e0 [ 3299.788388][T15062] try_charge_memcg+0xf67/0x13f0 [ 3299.788429][T15062] ? mem_cgroup_handle_over_high+0x510/0x510 03:15:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xa00, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3299.803737][T15049] bridge3182: port 1(bridge_slave_1) entered disabled state [ 3299.805737][T15062] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3299.805773][T15062] ? lock_downgrade+0x6e0/0x6e0 [ 3299.877823][T15052] bond0: (slave bridge3182): Enslaving as an active interface with an up link [ 3299.879178][T15062] ? lock_downgrade+0x6e0/0x6e0 [ 3299.879229][T15062] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3299.909070][T15062] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3299.915366][T15062] copy_process+0x145a/0x7090 [ 3299.920092][T15062] ? find_held_lock+0x2d/0x110 [ 3299.923143][T15071] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3299.925001][T15062] ? __cleanup_sighand+0xb0/0xb0 [ 3299.925055][T15062] kernel_clone+0xe7/0xab0 [ 3299.943673][T15062] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3299.949706][T15062] ? create_io_thread+0xe0/0xe0 [ 3299.954597][T15062] ? find_held_lock+0x2d/0x110 [ 3299.959391][T15062] ? __ct_user_exit+0xff/0x150 [ 3299.964206][T15062] __do_sys_clone+0xba/0x100 [ 3299.968819][T15062] ? kernel_clone+0xab0/0xab0 [ 3299.973543][T15062] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3299.979477][T15062] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3299.983746][T15071] bridge3182: port 1(bridge_slave_1) entered disabled state [ 3299.985392][T15062] do_syscall_64+0x35/0xb0 [ 3299.985427][T15062] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3300.003316][T15062] RIP: 0033:0x7ff38a48a6a1 [ 3300.007762][T15062] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3300.027398][T15062] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3300.035834][T15062] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3300.043819][T15062] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3300.051792][T15062] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3300.059772][T15062] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3300.067763][T15062] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3300.075774][T15062] [ 3300.084969][T15062] memory: usage 307200kB, limit 307200kB, failcnt 4059 [ 3300.092319][T15062] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3300.099590][T15062] Memory cgroup stats for /syz2: [ 3300.099805][T15062] anon 147456 [ 3300.099805][T15062] file 360448 [ 3300.099805][T15062] kernel 314064896 [ 3300.099805][T15062] kernel_stack 65536 [ 3300.099805][T15062] pagetables 81920 [ 3300.099805][T15062] percpu 5433376 [ 3300.099805][T15062] sock 0 [ 3300.099805][T15062] vmalloc 0 [ 3300.099805][T15062] shmem 356352 [ 3300.099805][T15062] zswap 0 [ 3300.099805][T15062] zswapped 0 [ 3300.099805][T15062] file_mapped 356352 [ 3300.099805][T15062] file_dirty 0 [ 3300.099805][T15062] file_writeback 0 [ 3300.099805][T15062] swapcached 0 [ 3300.099805][T15062] anon_thp 0 [ 3300.099805][T15062] file_thp 0 [ 3300.099805][T15062] shmem_thp 0 [ 3300.099805][T15062] inactive_anon 204800 [ 3300.099805][T15062] active_anon 299008 [ 3300.099805][T15062] inactive_file 0 [ 3300.099805][T15062] active_file 4096 [ 3300.099805][T15062] unevictable 0 [ 3300.099805][T15062] slab_reclaimable 58856 [ 3300.099805][T15062] slab_unreclaimable 308387568 [ 3300.099805][T15062] slab 308446424 [ 3300.116742][T15071] bridge3183: port 1(bridge_slave_1) entered blocking state [ 3300.203739][T15062] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15062,uid=0 [ 3300.220622][T15071] bridge3183: port 1(bridge_slave_1) entered disabled state [ 3300.233843][T15062] Memory cgroup out of memory: Killed process 15062 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3300.280844][T15055] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3300.295748][T15069] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3300.327674][T15069] CPU: 1 PID: 15069 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3300.337884][T15069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3300.347967][T15069] Call Trace: [ 3300.351272][T15069] [ 3300.354229][T15069] dump_stack_lvl+0xcd/0x134 [ 3300.358869][T15069] dump_header+0x10b/0x7f9 [ 3300.363321][T15069] oom_kill_process.cold+0x10/0x15 [ 3300.368453][T15069] out_of_memory+0x358/0x14a0 [ 3300.371680][T15056] bridge4128: port 1(bridge_slave_1) entered blocking state [ 3300.373232][T15069] ? find_held_lock+0x2d/0x110 [ 3300.373266][T15069] ? oom_killer_disable+0x270/0x270 [ 3300.373301][T15069] ? find_held_lock+0x2d/0x110 [ 3300.395321][T15069] mem_cgroup_out_of_memory+0x206/0x270 [ 3300.400946][T15069] ? mem_cgroup_margin+0x130/0x130 [ 3300.406081][T15069] ? lock_downgrade+0x6e0/0x6e0 [ 3300.410968][T15069] try_charge_memcg+0xf67/0x13f0 [ 3300.415938][T15069] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3300.421989][T15069] ? lock_downgrade+0x6e0/0x6e0 [ 3300.426892][T15069] charge_memcg+0x31/0x320 [ 3300.431332][T15069] __mem_cgroup_charge+0x27/0x90 [ 3300.436286][T15069] ? _compound_head+0x5d/0x150 [ 3300.441078][T15069] wp_page_copy+0x27c/0x1b60 [ 3300.445695][T15069] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3300.451184][T15069] ? lock_downgrade+0x6e0/0x6e0 [ 3300.456068][T15069] ? vm_normal_page+0x146/0x2a0 [ 3300.460994][T15069] do_wp_page+0x1d1/0x1910 [ 3300.465436][T15069] __handle_mm_fault+0x1813/0x39b0 [ 3300.470607][T15069] ? vm_iomap_memory+0x190/0x190 [ 3300.475594][T15069] handle_mm_fault+0x1c8/0x780 [ 3300.480382][T15069] do_user_addr_fault+0x475/0x1210 [ 3300.485544][T15069] exc_page_fault+0x94/0x170 [ 3300.490155][T15069] asm_exc_page_fault+0x22/0x30 [ 3300.495029][T15069] RIP: 0033:0x7f98a34374b0 [ 3300.499455][T15069] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3300.519172][T15069] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3300.525246][T15069] RAX: 000000002feed7de RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3300.533326][T15069] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000a19aef0 [ 3300.541300][T15069] RBP: 000000002feed7de R08: 00000000000017de R09: 000000002feed7e2 [ 3300.549276][T15069] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3300.557251][T15069] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83bb623b [ 3300.565226][T15069] ? security_socket_create+0x3b/0xc0 [ 3300.570627][T15069] [ 3300.576794][T15056] bridge4128: port 1(bridge_slave_1) entered disabled state [ 3300.582054][T15069] memory: usage 307188kB, limit 307200kB, failcnt 26969 [ 3300.595585][T15069] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3300.603339][T15069] Memory cgroup stats for /syz0: [ 3300.603519][T15069] anon 122880 [ 3300.603519][T15069] file 319488 [ 3300.603519][T15069] kernel 314118144 [ 3300.603519][T15069] kernel_stack 65536 [ 3300.603519][T15069] pagetables 73728 [ 3300.603519][T15069] percpu 5425088 [ 3300.603519][T15069] sock 0 [ 3300.603519][T15069] vmalloc 0 [ 3300.603519][T15069] shmem 319488 [ 3300.603519][T15069] zswap 0 [ 3300.603519][T15069] zswapped 0 [ 3300.603519][T15069] file_mapped 303104 [ 3300.603519][T15069] file_dirty 0 [ 3300.603519][T15069] file_writeback 0 [ 3300.603519][T15069] swapcached 0 [ 3300.603519][T15069] anon_thp 0 [ 3300.603519][T15069] file_thp 0 [ 3300.603519][T15069] shmem_thp 0 [ 3300.603519][T15069] inactive_anon 126976 [ 3300.603519][T15069] active_anon 315392 [ 3300.603519][T15069] inactive_file 0 [ 3300.603519][T15069] active_file 0 [ 3300.603519][T15069] unevictable 0 [ 3300.603519][T15069] slab_reclaimable 224128 [ 3300.603519][T15069] slab_unreclaimable 308289952 [ 3300.603519][T15069] slab 308514080 [ 3300.634719][T15057] bridge4128: port 1(bridge_slave_1) entered blocking state [ 3300.704381][T15057] bridge4128: port 1(bridge_slave_1) entered forwarding state [ 3300.704667][T15069] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15069,uid=0 03:15:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000f0ffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3300.728258][T15069] Memory cgroup out of memory: Killed process 15069 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3300.802170][T15057] bond0: (slave bridge4128): Enslaving as an active interface with an up link [ 3300.819316][T15076] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3300.836342][T15076] CPU: 1 PID: 15076 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3300.846634][T15076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3300.856715][T15076] Call Trace: [ 3300.860020][T15076] [ 3300.862995][T15076] dump_stack_lvl+0xcd/0x134 [ 3300.867626][T15076] dump_header+0x10b/0x7f9 [ 3300.872108][T15076] oom_kill_process.cold+0x10/0x15 [ 3300.877259][T15076] out_of_memory+0x358/0x14a0 [ 3300.881975][T15076] ? find_held_lock+0x2d/0x110 [ 3300.886789][T15076] ? oom_killer_disable+0x270/0x270 [ 3300.887354][T15066] bridge1281: port 1(bridge_slave_1) entered disabled state 03:15:22 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fbf000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000280b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3300.892007][T15076] ? find_held_lock+0x2d/0x110 [ 3300.892041][T15076] mem_cgroup_out_of_memory+0x206/0x270 [ 3300.892070][T15076] ? mem_cgroup_margin+0x130/0x130 [ 3300.892095][T15076] ? lock_downgrade+0x6e0/0x6e0 [ 3300.919698][T15076] try_charge_memcg+0xf67/0x13f0 [ 3300.924683][T15076] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3300.930713][T15076] ? lock_downgrade+0x6e0/0x6e0 [ 3300.935708][T15076] charge_memcg+0x31/0x320 [ 3300.940167][T15076] __mem_cgroup_charge+0x27/0x90 [ 3300.945136][T15076] ? _compound_head+0x5d/0x150 [ 3300.949942][T15076] wp_page_copy+0x27c/0x1b60 [ 3300.954571][T15076] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3300.960057][T15076] ? lock_downgrade+0x6e0/0x6e0 [ 3300.964940][T15076] ? vm_normal_page+0x146/0x2a0 [ 3300.969820][T15076] do_wp_page+0x52c/0x1910 [ 3300.974249][T15076] __handle_mm_fault+0x1813/0x39b0 [ 3300.979378][T15076] ? vm_iomap_memory+0x190/0x190 [ 3300.984353][T15076] handle_mm_fault+0x1c8/0x780 [ 3300.989136][T15076] do_user_addr_fault+0x475/0x1210 [ 3300.994291][T15076] exc_page_fault+0x94/0x170 [ 3300.998904][T15076] asm_exc_page_fault+0x22/0x30 [ 3301.003759][T15076] RIP: 0033:0x7f98a3434e1e [ 3301.008201][T15076] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 57 71 16 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 3301.027835][T15076] RSP: 002b:00007ffe69a68b80 EFLAGS: 00010246 [ 3301.033941][T15076] RAX: 00007f98a359bf80 RBX: 00007f98a359bf8c RCX: 0000000000000000 [ 3301.041934][T15076] RDX: 0000000000000000 RSI: 00007f98a359bf88 RDI: 0000000000000000 [ 3301.049906][T15076] RBP: 00007f98a359bf80 R08: 00007f98a4666700 R09: 00007f98a4666700 [ 3301.057877][T15076] R10: 00007f98a46669d0 R11: 0000000000000206 R12: 00007f98a359bf8c [ 3301.065849][T15076] R13: 00007f98a35a0060 R14: 00007f98a359bf80 R15: 0000000000000000 [ 3301.073850][T15076] [ 3301.090852][T15076] memory: usage 307160kB, limit 307200kB, failcnt 27017 [ 3301.096363][T15066] bridge1282: port 1(bridge_slave_1) entered blocking state [ 3301.098201][T15076] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3301.110695][T15066] bridge1282: port 1(bridge_slave_1) entered disabled state [ 3301.113644][T15076] Memory cgroup stats for /syz0: [ 3301.120189][T15076] anon 81920 [ 3301.120189][T15076] file 319488 [ 3301.120189][T15076] kernel 314126336 [ 3301.120189][T15076] kernel_stack 65536 [ 3301.120189][T15076] pagetables 69632 [ 3301.120189][T15076] percpu 5425088 [ 3301.120189][T15076] sock 0 [ 3301.120189][T15076] vmalloc 0 03:15:22 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000680000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3301.120189][T15076] shmem 319488 [ 3301.120189][T15076] zswap 0 [ 3301.120189][T15076] zswapped 0 [ 3301.120189][T15076] file_mapped 303104 [ 3301.120189][T15076] file_dirty 0 [ 3301.120189][T15076] file_writeback 0 [ 3301.120189][T15076] swapcached 0 [ 3301.120189][T15076] anon_thp 0 [ 3301.120189][T15076] file_thp 0 [ 3301.120189][T15076] shmem_thp 0 [ 3301.120189][T15076] inactive_anon 86016 [ 3301.120189][T15076] active_anon 315392 [ 3301.120189][T15076] inactive_file 0 [ 3301.120189][T15076] active_file 0 [ 3301.120189][T15076] unevictable 0 [ 3301.120189][T15076] slab_reclaimable 222200 [ 3301.120189][T15076] slab_unreclaimable 308300704 [ 3301.120189][T15076] slab 308522904 [ 3301.214521][T15068] __nla_validate_parse: 1 callbacks suppressed [ 3301.214538][T15068] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3301.264250][T15076] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15076,uid=0 [ 3301.288526][T15076] Memory cgroup out of memory: Killed process 15076 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3301.296674][T15072] bond0: (slave bridge3183): Enslaving as an active interface with an up link 03:15:22 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xa00, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fcffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3301.316240][T15073] bridge2537: port 1(bridge_slave_1) entered disabled state [ 3301.343877][T15073] bridge2538: port 1(bridge_slave_1) entered blocking state [ 3301.363734][T15073] bridge2538: port 1(bridge_slave_1) entered disabled state [ 3301.412233][T15079] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3301.425633][T15079] CPU: 1 PID: 15079 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3301.435844][T15079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3301.445918][T15079] Call Trace: [ 3301.449220][T15079] [ 3301.452170][T15079] dump_stack_lvl+0xcd/0x134 [ 3301.456795][T15079] dump_header+0x10b/0x7f9 [ 3301.461247][T15079] oom_kill_process.cold+0x10/0x15 [ 3301.466409][T15079] out_of_memory+0x358/0x14a0 [ 3301.471130][T15079] ? find_held_lock+0x2d/0x110 [ 3301.475922][T15079] ? oom_killer_disable+0x270/0x270 [ 3301.481172][T15079] ? find_held_lock+0x2d/0x110 [ 3301.485978][T15079] mem_cgroup_out_of_memory+0x206/0x270 [ 3301.491564][T15079] ? mem_cgroup_margin+0x130/0x130 [ 3301.496702][T15079] ? lock_downgrade+0x6e0/0x6e0 [ 3301.501576][T15079] try_charge_memcg+0xf67/0x13f0 [ 3301.506549][T15079] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3301.512558][T15079] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3301.518315][T15079] ? lock_downgrade+0x6e0/0x6e0 [ 3301.522288][T15074] bond0: (slave bridge2538): Enslaving as an active interface with an up link [ 3301.523183][T15079] ? lock_downgrade+0x6e0/0x6e0 [ 3301.523231][T15079] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3301.542491][T15079] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3301.543630][T15082] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3301.548674][T15079] copy_process+0x607/0x7090 [ 3301.548714][T15079] ? __lock_acquire+0xbc3/0x56d0 [ 3301.548752][T15079] ? __cleanup_sighand+0xb0/0xb0 [ 3301.548797][T15079] kernel_clone+0xe7/0xab0 [ 3301.548824][T15079] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3301.548862][T15079] ? create_io_thread+0xe0/0xe0 [ 3301.548896][T15079] ? find_held_lock+0x2d/0x110 [ 3301.548925][T15079] ? __ct_user_exit+0xff/0x150 [ 3301.597415][T15079] __do_sys_clone+0xba/0x100 [ 3301.602045][T15079] ? kernel_clone+0xab0/0xab0 [ 3301.606777][T15079] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3301.612711][T15079] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3301.618651][T15079] do_syscall_64+0x35/0xb0 [ 3301.623098][T15079] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3301.629024][T15079] RIP: 0033:0x7ff38a48a6a1 [ 3301.633460][T15079] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3301.653107][T15079] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 03:15:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xa00, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3301.661561][T15079] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3301.669565][T15079] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3301.672040][T15083] bridge4128: port 1(bridge_slave_1) entered disabled state [ 3301.677542][T15079] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3301.677564][T15079] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3301.677581][T15079] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3301.677617][T15079] [ 3301.714024][T15079] memory: usage 307200kB, limit 307200kB, failcnt 4158 [ 3301.731969][T15079] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3301.739649][T15079] Memory cgroup stats for /syz2: [ 3301.739896][T15079] anon 147456 [ 3301.739896][T15079] file 360448 [ 3301.739896][T15079] kernel 314064896 [ 3301.739896][T15079] kernel_stack 65536 [ 3301.739896][T15079] pagetables 81920 [ 3301.739896][T15079] percpu 5433376 [ 3301.739896][T15079] sock 0 [ 3301.739896][T15079] vmalloc 0 [ 3301.739896][T15079] shmem 356352 [ 3301.739896][T15079] zswap 0 [ 3301.739896][T15079] zswapped 0 [ 3301.739896][T15079] file_mapped 356352 [ 3301.739896][T15079] file_dirty 0 [ 3301.739896][T15079] file_writeback 0 [ 3301.739896][T15079] swapcached 0 [ 3301.739896][T15079] anon_thp 0 [ 3301.739896][T15079] file_thp 0 [ 3301.739896][T15079] shmem_thp 0 [ 3301.739896][T15079] inactive_anon 204800 [ 3301.739896][T15079] active_anon 299008 [ 3301.739896][T15079] inactive_file 0 [ 3301.739896][T15079] active_file 4096 [ 3301.739896][T15079] unevictable 0 [ 3301.739896][T15079] slab_reclaimable 58856 [ 3301.739896][T15079] slab_unreclaimable 308387568 [ 3301.739896][T15079] slab 308446424 [ 3301.858031][T15079] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15079,uid=0 [ 3301.862713][T15083] bridge4129: port 1(bridge_slave_1) entered blocking state [ 3301.881608][T15083] bridge4129: port 1(bridge_slave_1) entered disabled state [ 3301.887559][T15079] Memory cgroup out of memory: Killed process 15079 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3301.923665][T15084] bridge4129: port 1(bridge_slave_1) entered blocking state [ 3301.931231][T15084] bridge4129: port 1(bridge_slave_1) entered forwarding state [ 3301.941400][T15091] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3301.954907][T15091] CPU: 1 PID: 15091 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3301.965146][T15091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3301.975229][T15091] Call Trace: [ 3301.978523][T15091] [ 3301.981469][T15091] dump_stack_lvl+0xcd/0x134 [ 3301.986106][T15091] dump_header+0x10b/0x7f9 [ 3301.990560][T15091] oom_kill_process.cold+0x10/0x15 [ 3301.995738][T15091] out_of_memory+0x358/0x14a0 [ 3301.998604][T15084] bond0: (slave bridge4129): Enslaving as an active interface with an up link [ 3302.000436][T15091] ? find_held_lock+0x2d/0x110 [ 3302.000469][T15091] ? oom_killer_disable+0x270/0x270 [ 3302.000504][T15091] ? find_held_lock+0x2d/0x110 [ 3302.009975][T15087] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3302.014149][T15091] mem_cgroup_out_of_memory+0x206/0x270 [ 3302.014185][T15091] ? mem_cgroup_margin+0x130/0x130 [ 3302.014209][T15091] ? lock_downgrade+0x6e0/0x6e0 [ 3302.014255][T15091] try_charge_memcg+0xf67/0x13f0 [ 3302.054082][T15091] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3302.060099][T15091] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3302.065949][T15091] ? lock_downgrade+0x6e0/0x6e0 03:15:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc0000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3302.070861][T15091] obj_cgroup_charge+0x2ab/0x5e0 [ 3302.075845][T15091] ? __anon_vma_prepare+0x2d6/0x560 [ 3302.081071][T15091] kmem_cache_alloc+0x96/0x3b0 [ 3302.085944][T15091] __anon_vma_prepare+0x2d6/0x560 [ 3302.090994][T15091] ? __pmd_alloc+0x2ff/0x5c0 [ 3302.095623][T15091] __handle_mm_fault+0x340e/0x39b0 [ 3302.100780][T15091] ? vm_iomap_memory+0x190/0x190 [ 3302.105794][T15091] handle_mm_fault+0x1c8/0x780 [ 3302.110770][T15091] do_user_addr_fault+0x475/0x1210 [ 3302.115935][T15091] exc_page_fault+0x94/0x170 [ 3302.120564][T15091] asm_exc_page_fault+0x22/0x30 [ 3302.125448][T15091] RIP: 0033:0x7f98a3484695 [ 3302.129913][T15091] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3302.149549][T15091] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3302.155646][T15091] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3302.159905][T15102] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3302.163618][T15091] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3302.163639][T15091] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3302.163658][T15091] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032620c [ 3302.163675][T15091] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3302.163716][T15091] [ 3302.217075][T15091] memory: usage 307200kB, limit 307200kB, failcnt 27090 [ 3302.230452][T15091] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3302.245567][T15091] Memory cgroup stats for /syz0: [ 3302.245763][T15091] anon 126976 [ 3302.245763][T15091] file 319488 [ 3302.245763][T15091] kernel 314126336 [ 3302.245763][T15091] kernel_stack 65536 [ 3302.245763][T15091] pagetables 81920 [ 3302.245763][T15091] percpu 5425088 [ 3302.245763][T15091] sock 0 [ 3302.245763][T15091] vmalloc 0 [ 3302.245763][T15091] shmem 319488 [ 3302.245763][T15091] zswap 0 [ 3302.245763][T15091] zswapped 0 [ 3302.245763][T15091] file_mapped 303104 [ 3302.245763][T15091] file_dirty 0 [ 3302.245763][T15091] file_writeback 0 [ 3302.245763][T15091] swapcached 0 [ 3302.245763][T15091] anon_thp 0 [ 3302.245763][T15091] file_thp 0 [ 3302.245763][T15091] shmem_thp 0 [ 3302.245763][T15091] inactive_anon 131072 [ 3302.245763][T15091] active_anon 315392 [ 3302.245763][T15091] inactive_file 0 [ 3302.245763][T15091] active_file 0 [ 3302.245763][T15091] unevictable 0 [ 3302.245763][T15091] slab_reclaimable 226056 [ 3302.245763][T15091] slab_unreclaimable 308290720 [ 3302.245763][T15091] slab 308516776 [ 3302.346548][T15091] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15091,uid=0 [ 3302.362760][T15091] Memory cgroup out of memory: Killed process 15091 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:23 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f3100002c0b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:23 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000feffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3302.380600][T15089] bridge1282: port 1(bridge_slave_1) entered disabled state [ 3302.414028][T15089] bridge1283: port 1(bridge_slave_1) entered blocking state [ 3302.432286][T15089] bridge1283: port 1(bridge_slave_1) entered disabled state 03:15:23 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000680000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3302.484537][T15093] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3302.544864][T15096] bridge3183: port 1(bridge_slave_1) entered disabled state [ 3302.560536][T15104] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3302.580517][T15104] CPU: 1 PID: 15104 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3302.590732][T15104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3302.596893][T15096] bridge3184: port 1(bridge_slave_1) entered blocking state [ 3302.600797][T15104] Call Trace: [ 3302.600807][T15104] [ 3302.600817][T15104] dump_stack_lvl+0xcd/0x134 [ 3302.600855][T15104] dump_header+0x10b/0x7f9 [ 3302.600888][T15104] oom_kill_process.cold+0x10/0x15 [ 3302.600921][T15104] out_of_memory+0x358/0x14a0 [ 3302.600953][T15104] ? find_held_lock+0x2d/0x110 [ 3302.600979][T15104] ? oom_killer_disable+0x270/0x270 [ 3302.601009][T15104] ? find_held_lock+0x2d/0x110 [ 3302.601036][T15104] mem_cgroup_out_of_memory+0x206/0x270 [ 3302.601062][T15104] ? mem_cgroup_margin+0x130/0x130 [ 3302.601086][T15104] ? lock_downgrade+0x6e0/0x6e0 [ 3302.621174][T15096] bridge3184: port 1(bridge_slave_1) entered disabled state [ 3302.623589][T15104] try_charge_memcg+0xf67/0x13f0 [ 3302.623633][T15104] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3302.661307][T15097] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3302.663611][T15104] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3302.663650][T15104] ? lock_downgrade+0x6e0/0x6e0 [ 3302.701701][T15104] ? lock_downgrade+0x6e0/0x6e0 [ 3302.706596][T15104] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3302.712246][T15104] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3302.718430][T15104] copy_process+0x145a/0x7090 [ 3302.723126][T15104] ? find_held_lock+0x2d/0x110 [ 3302.727910][T15104] ? __cleanup_sighand+0xb0/0xb0 [ 3302.732881][T15104] kernel_clone+0xe7/0xab0 [ 3302.737307][T15104] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3302.743299][T15104] ? create_io_thread+0xe0/0xe0 [ 3302.748255][T15104] ? find_held_lock+0x2d/0x110 [ 3302.753038][T15104] ? __ct_user_exit+0xff/0x150 [ 3302.757820][T15104] __do_sys_clone+0xba/0x100 [ 3302.762425][T15104] ? kernel_clone+0xab0/0xab0 [ 3302.767125][T15104] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3302.773034][T15104] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3302.778947][T15104] do_syscall_64+0x35/0xb0 [ 3302.783372][T15104] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3302.789278][T15104] RIP: 0033:0x7ff38a48a6a1 [ 3302.793710][T15104] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3302.813325][T15104] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3302.821764][T15104] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3302.829744][T15104] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3302.837723][T15104] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3302.845702][T15104] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3302.853683][T15104] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3302.861682][T15104] [ 3302.891126][T15104] memory: usage 307200kB, limit 307200kB, failcnt 4237 [ 3302.905259][T15104] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3302.913900][T15104] Memory cgroup stats for /syz2: [ 3302.914080][T15104] anon 147456 [ 3302.914080][T15104] file 360448 [ 3302.914080][T15104] kernel 314064896 [ 3302.914080][T15104] kernel_stack 65536 [ 3302.914080][T15104] pagetables 81920 [ 3302.914080][T15104] percpu 5433376 [ 3302.914080][T15104] sock 0 [ 3302.914080][T15104] vmalloc 0 [ 3302.914080][T15104] shmem 356352 [ 3302.914080][T15104] zswap 0 [ 3302.914080][T15104] zswapped 0 [ 3302.914080][T15104] file_mapped 356352 [ 3302.914080][T15104] file_dirty 0 [ 3302.914080][T15104] file_writeback 0 [ 3302.914080][T15104] swapcached 0 [ 3302.914080][T15104] anon_thp 0 [ 3302.914080][T15104] file_thp 0 [ 3302.914080][T15104] shmem_thp 0 [ 3302.914080][T15104] inactive_anon 204800 [ 3302.914080][T15104] active_anon 299008 [ 3302.914080][T15104] inactive_file 4096 [ 3302.914080][T15104] active_file 0 [ 3302.914080][T15104] unevictable 0 [ 3302.914080][T15104] slab_reclaimable 58856 [ 3302.914080][T15104] slab_unreclaimable 308387568 [ 3302.914080][T15104] slab 308446424 [ 3302.957863][T15099] bond0: (slave bridge3184): Enslaving as an active interface with an up link [ 3303.010028][T15104] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15104,uid=0 03:15:24 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x700, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3303.040644][T15098] bridge2538: port 1(bridge_slave_1) entered disabled state [ 3303.062573][T15104] Memory cgroup out of memory: Killed process 15104 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3303.070866][T15098] bridge2539: port 1(bridge_slave_1) entered blocking state [ 3303.090119][T15098] bridge2539: port 1(bridge_slave_1) entered disabled state [ 3303.114586][T15106] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3303.141477][T15103] bridge4129: port 1(bridge_slave_1) entered disabled state [ 3303.147498][T15106] CPU: 1 PID: 15106 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3303.158937][T15106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3303.169011][T15106] Call Trace: [ 3303.172294][T15106] [ 3303.175232][T15106] dump_stack_lvl+0xcd/0x134 [ 3303.179928][T15106] dump_header+0x10b/0x7f9 [ 3303.184363][T15106] oom_kill_process.cold+0x10/0x15 [ 3303.189576][T15106] out_of_memory+0x358/0x14a0 [ 3303.194267][T15106] ? find_held_lock+0x2d/0x110 [ 3303.199042][T15106] ? oom_killer_disable+0x270/0x270 [ 3303.204255][T15106] ? find_held_lock+0x2d/0x110 [ 3303.209027][T15106] mem_cgroup_out_of_memory+0x206/0x270 [ 3303.214596][T15106] ? mem_cgroup_margin+0x130/0x130 [ 3303.219732][T15106] ? lock_downgrade+0x6e0/0x6e0 [ 3303.224631][T15106] try_charge_memcg+0xf67/0x13f0 [ 3303.229601][T15106] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3303.235600][T15106] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3303.241332][T15106] ? lock_downgrade+0x6e0/0x6e0 [ 3303.246212][T15106] obj_cgroup_charge+0x2ab/0x5e0 [ 3303.251166][T15106] ? __anon_vma_prepare+0x2d6/0x560 [ 3303.256371][T15106] kmem_cache_alloc+0x96/0x3b0 [ 3303.261163][T15106] __anon_vma_prepare+0x2d6/0x560 [ 3303.266199][T15106] ? __pmd_alloc+0x2ff/0x5c0 [ 3303.270801][T15106] __handle_mm_fault+0x340e/0x39b0 [ 3303.275928][T15106] ? vm_iomap_memory+0x190/0x190 [ 3303.280898][T15106] handle_mm_fault+0x1c8/0x780 [ 3303.285676][T15106] do_user_addr_fault+0x475/0x1210 [ 3303.290810][T15106] exc_page_fault+0x94/0x170 [ 3303.295413][T15106] asm_exc_page_fault+0x22/0x30 [ 3303.300270][T15106] RIP: 0033:0x7f98a3484695 [ 3303.304692][T15106] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3303.324348][T15106] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3303.330421][T15106] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 03:15:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xa00, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3303.338396][T15106] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3303.346373][T15106] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3303.354440][T15106] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00000000003266a6 [ 3303.362412][T15106] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3303.370406][T15106] [ 3303.379719][T15106] memory: usage 307188kB, limit 307200kB, failcnt 27169 [ 3303.395629][T15106] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3303.411668][T15106] Memory cgroup stats for /syz0: [ 3303.411906][T15106] anon 126976 [ 3303.411906][T15106] file 319488 [ 3303.411906][T15106] kernel 314114048 [ 3303.411906][T15106] kernel_stack 65536 [ 3303.411906][T15106] pagetables 81920 [ 3303.411906][T15106] percpu 5425088 [ 3303.411906][T15106] sock 0 [ 3303.411906][T15106] vmalloc 0 [ 3303.411906][T15106] shmem 319488 [ 3303.411906][T15106] zswap 0 [ 3303.411906][T15106] zswapped 0 [ 3303.411906][T15106] file_mapped 303104 [ 3303.411906][T15106] file_dirty 0 [ 3303.411906][T15106] file_writeback 0 [ 3303.411906][T15106] swapcached 0 [ 3303.411906][T15106] anon_thp 0 [ 3303.411906][T15106] file_thp 0 [ 3303.411906][T15106] shmem_thp 0 [ 3303.411906][T15106] inactive_anon 131072 [ 3303.411906][T15106] active_anon 315392 [ 3303.411906][T15106] inactive_file 0 [ 3303.411906][T15106] active_file 0 [ 3303.411906][T15106] unevictable 0 [ 3303.411906][T15106] slab_reclaimable 226056 [ 3303.411906][T15106] slab_unreclaimable 308279624 [ 3303.411906][T15106] slab 308505680 [ 3303.436169][T15103] bridge4130: port 1(bridge_slave_1) entered blocking state [ 3303.509018][T15106] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15106,uid=0 [ 3303.535690][T15103] bridge4130: port 1(bridge_slave_1) entered disabled state 03:15:24 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000ffffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3303.540575][T15106] Memory cgroup out of memory: Killed process 15106 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3303.582791][T15102] bridge4130: port 1(bridge_slave_1) entered blocking state [ 3303.590282][T15102] bridge4130: port 1(bridge_slave_1) entered forwarding state [ 3303.634415][T15120] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3303.645004][T15120] CPU: 0 PID: 15120 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3303.655191][T15120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3303.662952][T15102] bond0: (slave bridge4130): Enslaving as an active interface with an up link [ 3303.665248][T15120] Call Trace: [ 3303.665258][T15120] [ 3303.665269][T15120] dump_stack_lvl+0xcd/0x134 [ 3303.665305][T15120] dump_header+0x10b/0x7f9 [ 3303.689413][T15120] oom_kill_process.cold+0x10/0x15 [ 3303.694572][T15120] out_of_memory+0x358/0x14a0 [ 3303.699291][T15120] ? oom_killer_disable+0x270/0x270 [ 3303.704516][T15120] ? io_schedule_timeout+0x140/0x140 [ 3303.709845][T15120] mem_cgroup_out_of_memory+0x206/0x270 [ 3303.715508][T15120] ? mem_cgroup_margin+0x130/0x130 [ 3303.720651][T15120] ? preempt_schedule_thunk+0x16/0x18 [ 3303.726070][T15120] ? preempt_schedule_thunk+0x16/0x18 03:15:24 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000300b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc1000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3303.731496][T15120] try_charge_memcg+0xf67/0x13f0 [ 3303.736577][T15120] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3303.742621][T15120] ? lock_downgrade+0x6e0/0x6e0 [ 3303.747617][T15120] charge_memcg+0x31/0x320 [ 3303.752078][T15120] __mem_cgroup_charge+0x27/0x90 [ 3303.757053][T15120] ? _compound_head+0x5d/0x150 [ 3303.760804][T15111] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3303.761839][T15120] wp_page_copy+0x27c/0x1b60 [ 3303.775729][T15120] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3303.781218][T15120] ? lock_downgrade+0x6e0/0x6e0 [ 3303.786107][T15120] ? vm_normal_page+0x146/0x2a0 [ 3303.791008][T15120] do_wp_page+0x1d1/0x1910 [ 3303.795477][T15120] __handle_mm_fault+0x1813/0x39b0 [ 3303.800608][T15120] ? vm_iomap_memory+0x190/0x190 [ 3303.805583][T15120] handle_mm_fault+0x1c8/0x780 [ 3303.810363][T15120] do_user_addr_fault+0x475/0x1210 [ 3303.815587][T15120] exc_page_fault+0x94/0x170 [ 3303.820196][T15120] asm_exc_page_fault+0x22/0x30 [ 3303.825052][T15120] RIP: 0033:0x7f98a34374b0 [ 3303.829479][T15120] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3303.849099][T15120] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3303.855185][T15120] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3303.863162][T15120] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3303.871152][T15120] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3303.879127][T15120] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3303.887103][T15120] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3303.895163][T15120] ? __x64_sys_socket+0xd/0xb0 [ 3303.899954][T15120] [ 3303.919560][T15120] memory: usage 307184kB, limit 307200kB, failcnt 27233 [ 3303.930079][T15120] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3303.946739][T15120] Memory cgroup stats for /syz0: [ 3303.946918][T15120] anon 118784 [ 3303.946918][T15120] file 319488 [ 3303.946918][T15120] kernel 314118144 [ 3303.946918][T15120] kernel_stack 65536 [ 3303.946918][T15120] pagetables 73728 [ 3303.946918][T15120] percpu 5425088 [ 3303.946918][T15120] sock 0 [ 3303.946918][T15120] vmalloc 0 [ 3303.946918][T15120] shmem 319488 [ 3303.946918][T15120] zswap 0 [ 3303.946918][T15120] zswapped 0 [ 3303.946918][T15120] file_mapped 303104 [ 3303.946918][T15120] file_dirty 0 [ 3303.946918][T15120] file_writeback 0 [ 3303.946918][T15120] swapcached 0 [ 3303.946918][T15120] anon_thp 0 [ 3303.946918][T15120] file_thp 0 [ 3303.946918][T15120] shmem_thp 0 [ 3303.946918][T15120] inactive_anon 122880 [ 3303.946918][T15120] active_anon 315392 [ 3303.946918][T15120] inactive_file 0 [ 3303.946918][T15120] active_file 0 [ 3303.946918][T15120] unevictable 0 [ 3303.946918][T15120] slab_reclaimable 224128 [ 3303.946918][T15120] slab_unreclaimable 308289952 [ 3303.946918][T15120] slab 308514080 [ 3304.044830][T15120] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0 [ 3304.044870][T15127] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3304.064863][T15120] ,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15120,uid=0 03:15:25 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3304.081921][T15120] Memory cgroup out of memory: Killed process 15120 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3304.134625][T15125] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3304.139253][T15110] bridge1283: port 1(bridge_slave_1) entered disabled state [ 3304.154949][T15125] CPU: 0 PID: 15125 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3304.165165][T15125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3304.175247][T15125] Call Trace: [ 3304.178553][T15125] [ 3304.181496][T15125] dump_stack_lvl+0xcd/0x134 [ 3304.186092][T15125] dump_header+0x10b/0x7f9 [ 3304.190508][T15125] oom_kill_process.cold+0x10/0x15 [ 3304.195640][T15125] out_of_memory+0x358/0x14a0 [ 3304.200340][T15125] ? find_held_lock+0x2d/0x110 [ 3304.205130][T15125] ? oom_killer_disable+0x270/0x270 [ 3304.210448][T15125] ? find_held_lock+0x2d/0x110 [ 3304.215250][T15125] mem_cgroup_out_of_memory+0x206/0x270 [ 3304.220920][T15125] ? mem_cgroup_margin+0x130/0x130 [ 3304.226061][T15125] ? lock_downgrade+0x6e0/0x6e0 [ 3304.230923][T15125] try_charge_memcg+0xf67/0x13f0 [ 3304.235881][T15125] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3304.241883][T15125] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3304.247609][T15125] ? lock_downgrade+0x6e0/0x6e0 [ 3304.252495][T15125] ? lock_downgrade+0x6e0/0x6e0 [ 3304.257387][T15125] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3304.262964][T15125] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3304.269163][T15125] copy_process+0x607/0x7090 [ 3304.273797][T15125] ? __lock_acquire+0xbc3/0x56d0 [ 3304.278782][T15125] ? __cleanup_sighand+0xb0/0xb0 [ 3304.283777][T15125] kernel_clone+0xe7/0xab0 [ 3304.288232][T15125] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3304.294229][T15125] ? create_io_thread+0xe0/0xe0 [ 3304.299100][T15125] ? find_held_lock+0x2d/0x110 [ 3304.303897][T15125] ? __ct_user_exit+0xff/0x150 [ 3304.308701][T15125] __do_sys_clone+0xba/0x100 [ 3304.313319][T15125] ? kernel_clone+0xab0/0xab0 [ 3304.318033][T15125] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3304.323927][T15125] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3304.329826][T15125] do_syscall_64+0x35/0xb0 [ 3304.334243][T15125] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3304.340145][T15125] RIP: 0033:0x7ff38a48a6a1 [ 3304.344576][T15125] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3304.364201][T15125] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3304.372654][T15125] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3304.380651][T15125] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3304.388726][T15125] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3304.396694][T15125] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3304.404674][T15125] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3304.412700][T15125] [ 3304.420587][T15125] memory: usage 307200kB, limit 307200kB, failcnt 4354 [ 3304.427668][T15125] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3304.434669][T15125] Memory cgroup stats for /syz2: [ 3304.434896][T15125] anon 147456 [ 3304.434896][T15125] file 360448 [ 3304.434896][T15125] kernel 314064896 [ 3304.434896][T15125] kernel_stack 65536 [ 3304.434896][T15125] pagetables 81920 [ 3304.434896][T15125] percpu 5433376 [ 3304.434896][T15125] sock 0 [ 3304.434896][T15125] vmalloc 0 [ 3304.434896][T15125] shmem 356352 [ 3304.434896][T15125] zswap 0 [ 3304.434896][T15125] zswapped 0 [ 3304.434896][T15125] file_mapped 356352 [ 3304.434896][T15125] file_dirty 0 [ 3304.434896][T15125] file_writeback 0 [ 3304.434896][T15125] swapcached 0 [ 3304.434896][T15125] anon_thp 0 [ 3304.434896][T15125] file_thp 0 [ 3304.434896][T15125] shmem_thp 0 [ 3304.434896][T15125] inactive_anon 204800 [ 3304.434896][T15125] active_anon 299008 [ 3304.434896][T15125] inactive_file 0 [ 3304.434896][T15125] active_file 4096 [ 3304.434896][T15125] unevictable 0 [ 3304.434896][T15125] slab_reclaimable 58856 [ 3304.434896][T15125] slab_unreclaimable 308387568 [ 3304.434896][T15125] slab 308446424 03:15:25 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000680000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3304.539622][T15125] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15125,uid=0 [ 3304.557385][T15125] Memory cgroup out of memory: Killed process 15125 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3304.562736][T15115] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3304.633507][T15132] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3304.646090][T15132] CPU: 1 PID: 15132 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3304.656278][T15132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3304.665238][T15116] bridge3184: port 1(bridge_slave_1) entered disabled state [ 3304.666336][T15132] Call Trace: [ 3304.666347][T15132] [ 3304.666359][T15132] dump_stack_lvl+0xcd/0x134 [ 3304.684502][T15132] dump_header+0x10b/0x7f9 [ 3304.688955][T15132] oom_kill_process.cold+0x10/0x15 [ 3304.694097][T15132] out_of_memory+0x358/0x14a0 [ 3304.698797][T15132] ? oom_killer_disable+0x270/0x270 [ 3304.704029][T15132] ? io_schedule_timeout+0x140/0x140 [ 3304.709346][T15132] mem_cgroup_out_of_memory+0x206/0x270 [ 3304.714918][T15132] ? mem_cgroup_margin+0x130/0x130 [ 3304.720037][T15132] ? preempt_schedule_thunk+0x16/0x18 [ 3304.725445][T15132] ? preempt_schedule_thunk+0x16/0x18 [ 3304.730844][T15132] try_charge_memcg+0xf67/0x13f0 [ 3304.735815][T15132] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3304.741841][T15132] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3304.747584][T15132] ? lock_downgrade+0x6e0/0x6e0 [ 3304.752469][T15132] ? lock_downgrade+0x6e0/0x6e0 [ 3304.757348][T15132] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3304.762934][T15132] __alloc_pages+0x1ef/0x510 [ 3304.767556][T15132] ? __alloc_pages_slowpath.constprop.0+0x2240/0x2240 [ 3304.774347][T15132] ? find_held_lock+0x2d/0x110 [ 3304.779130][T15132] alloc_pages+0x1a6/0x270 [ 3304.783561][T15132] pte_alloc_one+0x16/0x230 [ 3304.788075][T15132] __pte_alloc+0x69/0x250 [ 3304.792431][T15132] ? pmd_install+0x150/0x150 [ 3304.797031][T15132] ? hugepage_vma_check+0x44e/0x780 [ 3304.802239][T15132] ? __pmd_alloc+0x2ff/0x5c0 [ 3304.806844][T15132] __handle_mm_fault+0x310b/0x39b0 [ 3304.811973][T15132] ? vm_iomap_memory+0x190/0x190 [ 3304.816953][T15132] handle_mm_fault+0x1c8/0x780 [ 3304.821746][T15132] do_user_addr_fault+0x475/0x1210 [ 3304.826912][T15132] exc_page_fault+0x94/0x170 [ 3304.831532][T15132] asm_exc_page_fault+0x22/0x30 [ 3304.836412][T15132] RIP: 0033:0x7f98a3484695 [ 3304.840852][T15132] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3304.860563][T15132] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3304.866647][T15132] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3304.874632][T15132] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3304.882617][T15132] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3304.890593][T15132] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000326c73 [ 3304.898565][T15132] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3304.906562][T15132] [ 3304.920206][T15132] memory: usage 307200kB, limit 307200kB, failcnt 27281 [ 3304.934227][T15132] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3304.942531][T15116] bridge3185: port 1(bridge_slave_1) entered blocking state [ 3304.944983][T15132] Memory cgroup stats for [ 3304.950477][T15116] bridge3185: port 1(bridge_slave_1) entered disabled state [ 3304.955940][T15132] /syz0: [ 3304.964516][T15132] anon 126976 [ 3304.964516][T15132] file 319488 [ 3304.964516][T15132] kernel 314126336 [ 3304.964516][T15132] kernel_stack 65536 [ 3304.964516][T15132] pagetables 77824 [ 3304.964516][T15132] percpu 5425088 [ 3304.964516][T15132] sock 0 [ 3304.964516][T15132] vmalloc 0 [ 3304.964516][T15132] shmem 319488 [ 3304.964516][T15132] zswap 0 [ 3304.964516][T15132] zswapped 0 [ 3304.964516][T15132] file_mapped 303104 [ 3304.964516][T15132] file_dirty 0 [ 3304.964516][T15132] file_writeback 0 [ 3304.964516][T15132] swapcached 0 [ 3304.964516][T15132] anon_thp 0 [ 3304.964516][T15132] file_thp 0 [ 3304.964516][T15132] shmem_thp 0 [ 3304.964516][T15132] inactive_anon 131072 [ 3304.964516][T15132] active_anon 315392 [ 3304.964516][T15132] inactive_file 0 [ 3304.964516][T15132] active_file 0 [ 3304.964516][T15132] unevictable 0 [ 3304.964516][T15132] slab_reclaimable 226056 [ 3304.964516][T15132] slab_unreclaimable 308290600 [ 3304.964516][T15132] slab 308516656 [ 3305.066407][T15119] bond0: (slave bridge3185): Enslaving as an active interface with an up link 03:15:26 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x700, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3305.076687][T15121] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3305.122622][T15123] bridge2539: port 1(bridge_slave_1) entered disabled state [ 3305.139044][T15132] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15132,uid=0 [ 3305.155216][T15132] Memory cgroup out of memory: Killed process 15132 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 03:15:26 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000380b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fffffffe", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:26 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3305.218511][T15131] bridge4130: port 1(bridge_slave_1) entered disabled state [ 3305.320424][T15131] bridge4131: port 1(bridge_slave_1) entered blocking state [ 3305.336335][T15131] bridge4131: port 1(bridge_slave_1) entered disabled state [ 3305.338530][T15144] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3305.356764][T15144] CPU: 1 PID: 15144 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3305.366972][T15144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3305.377040][T15144] Call Trace: [ 3305.380335][T15144] [ 3305.383284][T15144] dump_stack_lvl+0xcd/0x134 [ 3305.387922][T15144] dump_header+0x10b/0x7f9 [ 3305.392468][T15144] oom_kill_process.cold+0x10/0x15 [ 3305.397620][T15144] out_of_memory+0x358/0x14a0 [ 3305.402334][T15144] ? find_held_lock+0x2d/0x110 [ 3305.407115][T15144] ? oom_killer_disable+0x270/0x270 [ 3305.412328][T15144] ? find_held_lock+0x2d/0x110 [ 3305.417110][T15144] mem_cgroup_out_of_memory+0x206/0x270 [ 3305.422679][T15144] ? mem_cgroup_margin+0x130/0x130 [ 3305.427792][T15144] ? lock_downgrade+0x6e0/0x6e0 [ 3305.432694][T15144] try_charge_memcg+0xf67/0x13f0 [ 3305.437677][T15144] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3305.443701][T15144] ? lock_downgrade+0x6e0/0x6e0 [ 3305.448587][T15144] charge_memcg+0x31/0x320 [ 3305.453045][T15144] __mem_cgroup_charge+0x27/0x90 [ 3305.458011][T15144] ? _compound_head+0x5d/0x150 [ 3305.462811][T15144] wp_page_copy+0x27c/0x1b60 [ 3305.467419][T15144] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3305.472905][T15144] ? lock_downgrade+0x6e0/0x6e0 [ 3305.477790][T15144] ? vm_normal_page+0x146/0x2a0 [ 3305.482674][T15144] do_wp_page+0x1d1/0x1910 [ 3305.487198][T15144] __handle_mm_fault+0x1813/0x39b0 [ 3305.492336][T15144] ? vm_iomap_memory+0x190/0x190 [ 3305.497313][T15144] handle_mm_fault+0x1c8/0x780 [ 3305.502105][T15144] do_user_addr_fault+0x475/0x1210 [ 3305.507233][T15144] exc_page_fault+0x94/0x170 [ 3305.511836][T15144] asm_exc_page_fault+0x22/0x30 [ 3305.516705][T15144] RIP: 0033:0x7f98a34374b0 [ 3305.521122][T15144] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3305.540733][T15144] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3305.546799][T15144] RAX: 00000000bd27bad8 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3305.554791][T15144] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0c76 [ 3305.562794][T15144] RBP: 00000000bd27bad8 R08: 0000000000001ad8 R09: 00000000bd27badc [ 3305.570799][T15144] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3305.578798][T15144] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a3270f [ 3305.586793][T15144] ? trace_user_exit.constprop.0+0x13f/0x210 [ 3305.592809][T15144] [ 3305.618630][T15133] bridge4131: port 1(bridge_slave_1) entered blocking state [ 3305.625755][T15144] memory: usage 307188kB, limit 307200kB, failcnt 27344 [ 3305.626046][T15133] bridge4131: port 1(bridge_slave_1) entered forwarding state [ 3305.636504][T15144] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3305.665449][T15144] Memory cgroup stats for /syz0: [ 3305.665621][T15144] anon 106496 [ 3305.665621][T15144] file 319488 [ 3305.665621][T15144] kernel 314122240 [ 3305.665621][T15144] kernel_stack 65536 [ 3305.665621][T15144] pagetables 73728 [ 3305.665621][T15144] percpu 5425088 [ 3305.665621][T15144] sock 0 [ 3305.665621][T15144] vmalloc 0 [ 3305.665621][T15144] shmem 319488 [ 3305.665621][T15144] zswap 0 [ 3305.665621][T15144] zswapped 0 [ 3305.665621][T15144] file_mapped 303104 [ 3305.665621][T15144] file_dirty 0 [ 3305.665621][T15144] file_writeback 0 [ 3305.665621][T15144] swapcached 0 [ 3305.665621][T15144] anon_thp 0 [ 3305.665621][T15144] file_thp 0 [ 3305.665621][T15144] shmem_thp 0 [ 3305.665621][T15144] inactive_anon 110592 [ 3305.665621][T15144] active_anon 315392 [ 3305.665621][T15144] inactive_file 0 [ 3305.665621][T15144] active_file 0 [ 3305.665621][T15144] unevictable 0 [ 3305.665621][T15144] slab_reclaimable 224128 [ 3305.665621][T15144] slab_unreclaimable 308292056 [ 3305.665621][T15144] slab 308516184 [ 3305.676915][T15133] bond0: (slave bridge4131): Enslaving as an active interface with an up link 03:15:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc2000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3305.780911][T15144] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15144,uid=0 [ 3305.808882][T15144] Memory cgroup out of memory: Killed process 15144 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:15:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3305.827692][T15138] bridge1284: port 1(bridge_slave_1) entered blocking state [ 3305.835281][T15138] bridge1284: port 1(bridge_slave_1) entered disabled state [ 3305.871331][T15143] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3305.896820][T15143] CPU: 1 PID: 15143 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3305.907033][T15143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3305.917115][T15143] Call Trace: [ 3305.920414][T15143] [ 3305.923373][T15143] dump_stack_lvl+0xcd/0x134 [ 3305.928004][T15143] dump_header+0x10b/0x7f9 [ 3305.932464][T15143] oom_kill_process.cold+0x10/0x15 [ 3305.937618][T15143] out_of_memory+0x358/0x14a0 [ 3305.942320][T15143] ? find_held_lock+0x2d/0x110 [ 3305.947104][T15143] ? oom_killer_disable+0x270/0x270 [ 3305.952335][T15143] ? find_held_lock+0x2d/0x110 [ 3305.957120][T15143] mem_cgroup_out_of_memory+0x206/0x270 [ 3305.962697][T15143] ? mem_cgroup_margin+0x130/0x130 [ 3305.967832][T15143] ? lock_downgrade+0x6e0/0x6e0 [ 3305.972710][T15143] try_charge_memcg+0xf67/0x13f0 [ 3305.977675][T15143] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3305.983688][T15143] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3305.989439][T15143] ? lock_downgrade+0x6e0/0x6e0 [ 3305.993093][T15153] bridge4131: port 1(bridge_slave_1) entered disabled state [ 3305.994303][T15143] ? lock_downgrade+0x6e0/0x6e0 [ 3306.006448][T15143] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3306.012013][T15143] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3306.018184][T15143] copy_process+0x607/0x7090 [ 3306.022809][T15143] ? __lock_acquire+0xbc3/0x56d0 [ 3306.027767][T15143] ? __cleanup_sighand+0xb0/0xb0 [ 3306.032736][T15143] kernel_clone+0xe7/0xab0 [ 3306.037160][T15143] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3306.043155][T15143] ? create_io_thread+0xe0/0xe0 [ 3306.048029][T15143] ? find_held_lock+0x2d/0x110 [ 3306.052810][T15143] ? __ct_user_exit+0xff/0x150 [ 3306.057588][T15143] __do_sys_clone+0xba/0x100 [ 3306.062188][T15143] ? kernel_clone+0xab0/0xab0 [ 3306.066897][T15143] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3306.072802][T15143] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3306.078711][T15143] do_syscall_64+0x35/0xb0 [ 3306.083134][T15143] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3306.089042][T15143] RIP: 0033:0x7ff38a48a6a1 [ 3306.093482][T15143] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3306.113101][T15143] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3306.121536][T15143] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3306.129511][T15143] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3306.137487][T15143] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 03:15:27 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x300, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3306.145459][T15143] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3306.153434][T15143] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3306.161436][T15143] [ 3306.203823][T15143] memory: usage 307200kB, limit 307200kB, failcnt 4421 [ 3306.211155][T15143] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3306.218794][T15143] Memory cgroup stats for /syz2: [ 3306.218986][T15143] anon 147456 [ 3306.218986][T15143] file 360448 [ 3306.218986][T15143] kernel 314064896 [ 3306.218986][T15143] kernel_stack 65536 [ 3306.218986][T15143] pagetables 81920 [ 3306.218986][T15143] percpu 5433376 [ 3306.218986][T15143] sock 0 [ 3306.218986][T15143] vmalloc 0 [ 3306.218986][T15143] shmem 356352 [ 3306.218986][T15143] zswap 0 [ 3306.218986][T15143] zswapped 0 [ 3306.218986][T15143] file_mapped 356352 [ 3306.218986][T15143] file_dirty 0 [ 3306.218986][T15143] file_writeback 0 [ 3306.218986][T15143] swapcached 0 [ 3306.218986][T15143] anon_thp 0 [ 3306.218986][T15143] file_thp 0 [ 3306.218986][T15143] shmem_thp 0 [ 3306.218986][T15143] inactive_anon 204800 [ 3306.218986][T15143] active_anon 299008 [ 3306.218986][T15143] inactive_file 0 [ 3306.218986][T15143] active_file 4096 [ 3306.218986][T15143] unevictable 0 [ 3306.218986][T15143] slab_reclaimable 58856 [ 3306.218986][T15143] slab_unreclaimable 308387568 [ 3306.218986][T15143] slab 308446424 [ 3306.228960][T15153] bridge4132: port 1(bridge_slave_1) entered blocking state [ 3306.323062][T15143] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15143,uid=0 [ 3306.339313][T15143] Memory cgroup out of memory: Killed process 15143 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3306.342057][T15153] bridge4132: port 1(bridge_slave_1) entered disabled state [ 3306.404144][T15152] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3306.414834][T15140] bridge3185: port 1(bridge_slave_1) entered disabled state [ 3306.416054][T15152] CPU: 1 PID: 15152 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3306.432280][T15152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3306.442366][T15152] Call Trace: [ 3306.445657][T15152] [ 3306.448587][T15152] dump_stack_lvl+0xcd/0x134 [ 3306.453184][T15152] dump_header+0x10b/0x7f9 [ 3306.457618][T15152] oom_kill_process.cold+0x10/0x15 [ 3306.462740][T15152] out_of_memory+0x358/0x14a0 [ 3306.467434][T15152] ? find_held_lock+0x2d/0x110 [ 3306.472222][T15152] ? oom_killer_disable+0x270/0x270 [ 3306.477447][T15152] ? find_held_lock+0x2d/0x110 [ 3306.482230][T15152] mem_cgroup_out_of_memory+0x206/0x270 [ 3306.487882][T15152] ? mem_cgroup_margin+0x130/0x130 [ 3306.493003][T15152] ? lock_downgrade+0x6e0/0x6e0 [ 3306.497880][T15152] try_charge_memcg+0xf67/0x13f0 [ 3306.502851][T15152] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3306.508856][T15152] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3306.514594][T15152] ? lock_downgrade+0x6e0/0x6e0 [ 3306.519506][T15152] obj_cgroup_charge+0x2ab/0x5e0 [ 3306.524473][T15152] ? __anon_vma_prepare+0x2d6/0x560 [ 3306.529698][T15152] kmem_cache_alloc+0x96/0x3b0 [ 3306.534490][T15152] __anon_vma_prepare+0x2d6/0x560 [ 3306.539875][T15152] ? __pmd_alloc+0x2ff/0x5c0 [ 3306.544482][T15152] __handle_mm_fault+0x340e/0x39b0 [ 3306.549614][T15152] ? vm_iomap_memory+0x190/0x190 [ 3306.554589][T15152] handle_mm_fault+0x1c8/0x780 [ 3306.559381][T15152] do_user_addr_fault+0x475/0x1210 [ 3306.564516][T15152] exc_page_fault+0x94/0x170 [ 3306.569121][T15152] asm_exc_page_fault+0x22/0x30 [ 3306.573979][T15152] RIP: 0033:0x7f98a3484695 [ 3306.578400][T15152] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3306.598016][T15152] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3306.604090][T15152] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3306.612065][T15152] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3306.620059][T15152] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3306.628037][T15152] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032737b [ 3306.636011][T15152] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3306.644010][T15152] [ 3306.663984][T15152] memory: usage 307200kB, limit 307200kB, failcnt 27424 [ 3306.671301][T15152] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3306.677230][T15140] bridge3186: port 1(bridge_slave_1) entered blocking state [ 3306.679397][T15152] Memory cgroup stats for /syz0: [ 3306.687932][T15152] anon 126976 [ 3306.687932][T15152] file 319488 [ 3306.687932][T15152] kernel 314126336 [ 3306.687932][T15152] kernel_stack 65536 [ 3306.687932][T15152] pagetables 81920 [ 3306.687932][T15152] percpu 5425088 [ 3306.687932][T15152] sock 0 [ 3306.687932][T15152] vmalloc 0 [ 3306.687932][T15152] shmem 319488 [ 3306.687932][T15152] zswap 0 [ 3306.687932][T15152] zswapped 0 [ 3306.687932][T15152] file_mapped 303104 [ 3306.687932][T15152] file_dirty 0 [ 3306.687932][T15152] file_writeback 0 [ 3306.687932][T15152] swapcached 0 [ 3306.687932][T15152] anon_thp 0 [ 3306.687932][T15152] file_thp 0 [ 3306.687932][T15152] shmem_thp 0 [ 3306.687932][T15152] inactive_anon 122880 [ 3306.687932][T15152] active_anon 315392 [ 3306.687932][T15152] inactive_file 0 [ 3306.687932][T15152] active_file 0 [ 3306.687932][T15152] unevictable 0 [ 3306.687932][T15152] slab_reclaimable 226056 [ 3306.687932][T15152] slab_unreclaimable 308290720 [ 3306.687932][T15152] slab 308516776 [ 3306.707569][T15140] bridge3186: port 1(bridge_slave_1) entered disabled state [ 3306.805507][T15152] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15152,uid=0 [ 3306.831321][T15152] Memory cgroup out of memory: Killed process 15152 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:28 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000400b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x700, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3306.843423][T15141] bond0: (slave bridge3186): Enslaving as an active interface with an up link [ 3306.865959][T15148] __nla_validate_parse: 3 callbacks suppressed [ 3306.865979][T15148] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3306.940593][T15161] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3306.951248][T15161] CPU: 0 PID: 15161 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3306.961442][T15161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3306.971517][T15161] Call Trace: [ 3306.974814][T15161] [ 3306.977767][T15161] dump_stack_lvl+0xcd/0x134 [ 3306.982397][T15161] dump_header+0x10b/0x7f9 [ 3306.986853][T15161] oom_kill_process.cold+0x10/0x15 [ 3306.988922][T15149] bridge2541: port 1(bridge_slave_1) entered blocking state [ 3306.991986][T15161] out_of_memory+0x358/0x14a0 [ 3306.992030][T15161] ? find_held_lock+0x2d/0x110 [ 3306.992058][T15161] ? oom_killer_disable+0x270/0x270 [ 3307.005960][T15149] bridge2541: port 1(bridge_slave_1) entered disabled state [ 3307.008761][T15161] ? find_held_lock+0x2d/0x110 [ 3307.008802][T15161] mem_cgroup_out_of_memory+0x206/0x270 [ 3307.008832][T15161] ? mem_cgroup_margin+0x130/0x130 03:15:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fffffffe", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3307.008854][T15161] ? lock_downgrade+0x6e0/0x6e0 [ 3307.008896][T15161] try_charge_memcg+0xf67/0x13f0 [ 3307.008930][T15161] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3307.008964][T15161] ? lock_downgrade+0x6e0/0x6e0 [ 3307.009009][T15161] charge_memcg+0x31/0x320 [ 3307.009040][T15161] __mem_cgroup_charge+0x27/0x90 [ 3307.009065][T15161] ? _compound_head+0x5d/0x150 [ 3307.009097][T15161] wp_page_copy+0x27c/0x1b60 [ 3307.009133][T15161] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3307.009156][T15161] ? lock_downgrade+0x6e0/0x6e0 [ 3307.009180][T15161] ? vm_normal_page+0x146/0x2a0 [ 3307.009220][T15161] do_wp_page+0x1d1/0x1910 [ 3307.009249][T15161] __handle_mm_fault+0x1813/0x39b0 [ 3307.009282][T15161] ? vm_iomap_memory+0x190/0x190 [ 3307.009338][T15161] handle_mm_fault+0x1c8/0x780 [ 3307.009370][T15161] do_user_addr_fault+0x475/0x1210 [ 3307.009412][T15161] exc_page_fault+0x94/0x170 [ 3307.009444][T15161] asm_exc_page_fault+0x22/0x30 [ 3307.009468][T15161] RIP: 0033:0x7f98a34374b0 [ 3307.009487][T15161] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3307.009511][T15161] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3307.104799][T15170] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3307.106304][T15161] [ 3307.106313][T15161] RAX: 00000000bd27bad8 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3307.106334][T15161] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0c76 [ 3307.106352][T15161] RBP: 00000000bd27bad8 R08: 0000000000001ad8 R09: 00000000bd27badc [ 3307.106370][T15161] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3307.106387][T15161] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a3270f [ 3307.106404][T15161] ? trace_user_exit.constprop.0+0x13f/0x210 [ 3307.209128][T15167] bridge3186: port 1(bridge_slave_1) entered disabled state [ 3307.213307][T15161] [ 3307.235419][T15161] memory: usage 307200kB, limit 307200kB, failcnt 27468 [ 3307.265145][T15161] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3307.273722][T15155] bridge4132: port 1(bridge_slave_1) entered blocking state [ 3307.281164][T15155] bridge4132: port 1(bridge_slave_1) entered forwarding state [ 3307.290906][T15161] Memory cgroup stats for /syz0: [ 3307.291096][T15161] anon 106496 [ 3307.291096][T15161] file 319488 [ 3307.291096][T15161] kernel 314118144 [ 3307.291096][T15161] kernel_stack 65536 [ 3307.291096][T15161] pagetables 73728 [ 3307.291096][T15161] percpu 5425088 [ 3307.291096][T15161] sock 0 [ 3307.291096][T15161] vmalloc 0 [ 3307.291096][T15161] shmem 319488 [ 3307.291096][T15161] zswap 0 [ 3307.291096][T15161] zswapped 0 [ 3307.291096][T15161] file_mapped 303104 [ 3307.291096][T15161] file_dirty 0 [ 3307.291096][T15161] file_writeback 0 [ 3307.291096][T15161] swapcached 0 [ 3307.291096][T15161] anon_thp 0 [ 3307.291096][T15161] file_thp 0 [ 3307.291096][T15161] shmem_thp 0 [ 3307.291096][T15161] inactive_anon 106496 [ 3307.291096][T15161] active_anon 315392 [ 3307.291096][T15161] inactive_file 0 [ 3307.291096][T15161] active_file 0 [ 3307.291096][T15161] unevictable 0 [ 3307.291096][T15161] slab_reclaimable 226704 [ 3307.291096][T15161] slab_unreclaimable 308292056 [ 3307.291096][T15161] slab 308518760 [ 3307.388165][T15161] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15161,uid=0 [ 3307.404663][T15161] Memory cgroup out of memory: Killed process 15161 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3307.437941][T15155] bond0: (slave bridge4132): Enslaving as an active interface with an up link [ 3307.443539][T15163] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3307.458012][T15157] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3307.473322][T15163] CPU: 1 PID: 15163 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3307.483524][T15163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3307.493629][T15163] Call Trace: [ 3307.496923][T15163] [ 3307.499877][T15163] dump_stack_lvl+0xcd/0x134 [ 3307.504507][T15163] dump_header+0x10b/0x7f9 [ 3307.508950][T15163] oom_kill_process.cold+0x10/0x15 03:15:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3307.514095][T15163] out_of_memory+0x358/0x14a0 [ 3307.518817][T15163] ? find_held_lock+0x2d/0x110 [ 3307.519426][T15159] bridge1284: port 1(bridge_slave_1) entered disabled state [ 3307.523592][T15163] ? oom_killer_disable+0x270/0x270 [ 3307.523632][T15163] ? find_held_lock+0x2d/0x110 [ 3307.540970][T15163] mem_cgroup_out_of_memory+0x206/0x270 [ 3307.546544][T15163] ? mem_cgroup_margin+0x130/0x130 [ 3307.551690][T15163] ? lock_downgrade+0x6e0/0x6e0 [ 3307.556595][T15163] try_charge_memcg+0xf67/0x13f0 [ 3307.561575][T15163] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3307.567588][T15163] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3307.573342][T15163] ? lock_downgrade+0x6e0/0x6e0 [ 3307.578218][T15163] ? lock_downgrade+0x6e0/0x6e0 [ 3307.583077][T15163] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3307.588640][T15163] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3307.594837][T15163] copy_process+0x607/0x7090 [ 3307.599457][T15163] ? lock_chain_count+0x20/0x20 [ 3307.604330][T15163] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3307.610345][T15163] ? __cleanup_sighand+0xb0/0xb0 [ 3307.615301][T15163] kernel_clone+0xe7/0xab0 [ 3307.619718][T15163] ? finish_task_switch.isra.0+0x2b5/0xc70 [ 3307.625526][T15163] ? create_io_thread+0xe0/0xe0 [ 3307.630385][T15163] ? find_held_lock+0x2d/0x110 [ 3307.635154][T15163] ? __ct_user_exit+0xff/0x150 [ 3307.639935][T15163] __do_sys_clone+0xba/0x100 [ 3307.644524][T15163] ? kernel_clone+0xab0/0xab0 [ 3307.649228][T15163] ? __ct_user_enter+0x19f/0x1d0 [ 3307.654194][T15163] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3307.660087][T15163] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3307.665984][T15163] do_syscall_64+0x35/0xb0 [ 3307.670397][T15163] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3307.676289][T15163] RIP: 0033:0x7ff38a48a6a1 [ 3307.680723][T15163] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3307.700327][T15163] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3307.708745][T15163] RAX: ffffffffffffffda RBX: 00007ff3893dd700 RCX: 00007ff38a48a6a1 03:15:29 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc3000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3307.716714][T15163] RDX: 00007ff3893dd9d0 RSI: 00007ff3893dd2f0 RDI: 00000000003d0f00 [ 3307.724682][T15163] RBP: 00007ffe54c81960 R08: 00007ff3893dd700 R09: 00007ff3893dd700 [ 3307.732653][T15163] R10: 00007ff3893dd9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3307.740620][T15163] R13: 00007ffe54c817cf R14: 00007ff3893dd300 R15: 0000000000022000 [ 3307.748689][T15163] [ 3307.777164][T15159] bridge1285: port 1(bridge_slave_1) entered blocking state [ 3307.777595][T15163] memory: usage 307200kB, limit 307200kB, failcnt 4493 [ 3307.793567][T15159] bridge1285: port 1(bridge_slave_1) entered disabled state [ 3307.804162][T15163] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3307.811425][T15163] Memory cgroup stats for /syz2: [ 3307.811652][T15163] anon 106496 [ 3307.811652][T15163] file 360448 [ 3307.811652][T15163] kernel 314105856 [ 3307.811652][T15163] kernel_stack 98304 [ 3307.811652][T15163] pagetables 81920 [ 3307.811652][T15163] percpu 5433376 [ 3307.811652][T15163] sock 0 [ 3307.811652][T15163] vmalloc 0 [ 3307.811652][T15163] shmem 356352 [ 3307.811652][T15163] zswap 0 [ 3307.811652][T15163] zswapped 0 [ 3307.811652][T15163] file_mapped 356352 [ 3307.811652][T15163] file_dirty 0 [ 3307.811652][T15163] file_writeback 0 [ 3307.811652][T15163] swapcached 0 [ 3307.811652][T15163] anon_thp 0 [ 3307.811652][T15163] file_thp 0 [ 3307.811652][T15163] shmem_thp 0 [ 3307.811652][T15163] inactive_anon 163840 [ 3307.811652][T15163] active_anon 299008 [ 3307.811652][T15163] inactive_file 0 [ 3307.811652][T15163] active_file 4096 [ 3307.811652][T15163] unevictable 0 [ 3307.811652][T15163] slab_reclaimable 58856 [ 3307.811652][T15163] slab_unreclaimable 308396384 [ 3307.811652][T15163] slab 308455240 [ 3307.908651][T15163] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15163,uid=0 03:15:29 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000480b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3307.928554][T15163] Memory cgroup out of memory: Killed process 15163 (syz-executor.2) total-vm:54772kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3307.960823][T15160] bond0: (slave bridge1285): Enslaving as an active interface with an up link 03:15:29 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x300, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3307.981049][T15171] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3307.991147][T15174] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3308.022837][T15174] CPU: 0 PID: 15174 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3308.033050][T15174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3308.043132][T15174] Call Trace: [ 3308.046415][T15174] [ 3308.049351][T15174] dump_stack_lvl+0xcd/0x134 [ 3308.053958][T15174] dump_header+0x10b/0x7f9 [ 3308.058391][T15174] oom_kill_process.cold+0x10/0x15 [ 3308.063564][T15174] out_of_memory+0x358/0x14a0 [ 3308.068261][T15174] ? find_held_lock+0x2d/0x110 [ 3308.073034][T15174] ? oom_killer_disable+0x270/0x270 [ 3308.078265][T15174] ? find_held_lock+0x2d/0x110 [ 3308.083039][T15174] mem_cgroup_out_of_memory+0x206/0x270 [ 3308.088593][T15174] ? mem_cgroup_margin+0x130/0x130 [ 3308.093714][T15174] ? lock_downgrade+0x6e0/0x6e0 [ 3308.098593][T15174] try_charge_memcg+0xf67/0x13f0 [ 3308.103550][T15174] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3308.109539][T15174] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3308.115266][T15174] ? lock_downgrade+0x6e0/0x6e0 [ 3308.120130][T15174] ? lock_downgrade+0x6e0/0x6e0 [ 3308.125014][T15174] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3308.130575][T15174] __alloc_pages+0x1ef/0x510 [ 3308.135198][T15174] ? __alloc_pages_slowpath.constprop.0+0x2240/0x2240 [ 3308.141982][T15174] ? find_held_lock+0x2d/0x110 [ 3308.146769][T15174] alloc_pages+0x1a6/0x270 [ 3308.151198][T15174] pte_alloc_one+0x16/0x230 [ 3308.155713][T15174] __pte_alloc+0x69/0x250 [ 3308.160054][T15174] ? pmd_install+0x150/0x150 [ 3308.164650][T15174] ? hugepage_vma_check+0x44e/0x780 [ 3308.169857][T15174] ? __pmd_alloc+0x2ff/0x5c0 [ 3308.174462][T15174] __handle_mm_fault+0x310b/0x39b0 [ 3308.179588][T15174] ? vm_iomap_memory+0x190/0x190 [ 3308.184562][T15174] handle_mm_fault+0x1c8/0x780 [ 3308.189343][T15174] do_user_addr_fault+0x475/0x1210 [ 3308.194490][T15174] exc_page_fault+0x94/0x170 [ 3308.199108][T15174] asm_exc_page_fault+0x22/0x30 [ 3308.203965][T15174] RIP: 0033:0x7f98a3484695 [ 3308.208393][T15174] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3308.228006][T15174] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3308.234079][T15174] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3308.242054][T15174] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3308.250028][T15174] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3308.258557][T15174] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00000000003279a3 [ 3308.266546][T15174] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3308.274552][T15174] [ 3308.303102][T15174] memory: usage 307200kB, limit 307200kB, failcnt 27545 [ 3308.310924][T15174] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3308.318681][T15174] Memory cgroup stats for /syz0: [ 3308.318866][T15174] anon 126976 [ 3308.318866][T15174] file 319488 [ 3308.318866][T15174] kernel 314126336 [ 3308.318866][T15174] kernel_stack 65536 [ 3308.318866][T15174] pagetables 77824 [ 3308.318866][T15174] percpu 5425088 [ 3308.318866][T15174] sock 0 [ 3308.318866][T15174] vmalloc 0 [ 3308.318866][T15174] shmem 319488 [ 3308.318866][T15174] zswap 0 [ 3308.318866][T15174] zswapped 0 [ 3308.318866][T15174] file_mapped 303104 [ 3308.318866][T15174] file_dirty 0 [ 3308.318866][T15174] file_writeback 0 [ 3308.318866][T15174] swapcached 0 [ 3308.318866][T15174] anon_thp 0 [ 3308.318866][T15174] file_thp 0 [ 3308.318866][T15174] shmem_thp 0 [ 3308.318866][T15174] inactive_anon 131072 [ 3308.318866][T15174] active_anon 315392 [ 3308.318866][T15174] inactive_file 0 [ 3308.318866][T15174] active_file 0 [ 3308.318866][T15174] unevictable 0 [ 3308.318866][T15174] slab_reclaimable 226056 [ 3308.318866][T15174] slab_unreclaimable 308290600 [ 3308.318866][T15174] slab 308516656 [ 3308.422792][T15172] bridge2541: port 1(bridge_slave_1) entered disabled state [ 3308.431338][T15174] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15174,uid=0 [ 3308.465303][T15172] bridge2542: port 1(bridge_slave_1) entered blocking state [ 3308.467677][T15174] Memory cgroup out of memory: Killed process 15174 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3308.474893][T15172] bridge2542: port 1(bridge_slave_1) entered disabled state [ 3308.491366][T15181] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3308.532690][T15181] CPU: 0 PID: 15181 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3308.542900][T15181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3308.546923][T15178] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3308.552960][T15181] Call Trace: [ 3308.552974][T15181] [ 3308.552985][T15181] dump_stack_lvl+0xcd/0x134 [ 3308.553021][T15181] dump_header+0x10b/0x7f9 [ 3308.553060][T15181] oom_kill_process.cold+0x10/0x15 [ 3308.553091][T15181] out_of_memory+0x358/0x14a0 [ 3308.553126][T15181] ? oom_killer_disable+0x270/0x270 [ 3308.553157][T15181] ? find_held_lock+0x2d/0x110 [ 3308.553186][T15181] mem_cgroup_out_of_memory+0x206/0x270 [ 3308.553215][T15181] ? mem_cgroup_margin+0x130/0x130 [ 3308.553239][T15181] ? lock_downgrade+0x6e0/0x6e0 [ 3308.553281][T15181] try_charge_memcg+0xf67/0x13f0 [ 3308.553317][T15181] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3308.553347][T15181] ? get_mem_cgroup_from_objcg+0xa1/0x260 03:15:29 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fffffff0", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3308.553371][T15181] ? lock_downgrade+0x6e0/0x6e0 [ 3308.553401][T15181] ? lock_downgrade+0x6e0/0x6e0 [ 3308.553434][T15181] ? rcu_read_unlock+0x9/0x60 [ 3308.553478][T15181] obj_cgroup_charge+0x2ab/0x5e0 [ 3308.553513][T15181] ? copy_process+0x4ce/0x7090 [ 3308.553538][T15181] kmem_cache_alloc_node+0x92/0x3f0 [ 3308.553563][T15181] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3308.553602][T15181] copy_process+0x4ce/0x7090 [ 3308.553634][T15181] ? __lock_acquire+0xbc3/0x56d0 [ 3308.553672][T15181] ? __cleanup_sighand+0xb0/0xb0 [ 3308.679151][T15181] kernel_clone+0xe7/0xab0 [ 3308.683610][T15181] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3308.689626][T15181] ? create_io_thread+0xe0/0xe0 [ 3308.694508][T15181] ? find_held_lock+0x2d/0x110 [ 3308.699312][T15181] ? __ct_user_exit+0xff/0x150 [ 3308.704120][T15181] __do_sys_clone+0xba/0x100 [ 3308.708753][T15181] ? kernel_clone+0xab0/0xab0 [ 3308.713481][T15181] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3308.719413][T15181] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3308.720642][T15180] bridge4132: port 1(bridge_slave_1) entered disabled state [ 3308.725510][T15181] do_syscall_64+0x35/0xb0 [ 3308.725552][T15181] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3308.743126][T15181] RIP: 0033:0x7ff38a48a6a1 [ 3308.747566][T15181] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3308.767196][T15181] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3308.775619][T15181] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 03:15:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fffffffe", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3308.783602][T15181] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3308.791601][T15181] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3308.799592][T15181] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3308.807558][T15181] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3308.815565][T15181] [ 3308.843042][T15181] memory: usage 307184kB, limit 307200kB, failcnt 4526 [ 3308.850588][T15181] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3308.858442][T15181] Memory cgroup stats for /syz2: [ 3308.858671][T15181] anon 147456 [ 3308.858671][T15181] file 360448 [ 3308.858671][T15181] kernel 314048512 [ 3308.858671][T15181] kernel_stack 65536 [ 3308.858671][T15181] pagetables 81920 [ 3308.858671][T15181] percpu 5433376 [ 3308.858671][T15181] sock 0 [ 3308.858671][T15181] vmalloc 0 [ 3308.858671][T15181] shmem 356352 [ 3308.858671][T15181] zswap 0 [ 3308.858671][T15181] zswapped 0 [ 3308.858671][T15181] file_mapped 356352 [ 3308.858671][T15181] file_dirty 0 [ 3308.858671][T15181] file_writeback 0 [ 3308.858671][T15181] swapcached 0 [ 3308.858671][T15181] anon_thp 0 [ 3308.858671][T15181] file_thp 0 [ 3308.858671][T15181] shmem_thp 0 [ 3308.858671][T15181] inactive_anon 204800 [ 3308.858671][T15181] active_anon 299008 [ 3308.858671][T15181] inactive_file 0 [ 3308.858671][T15181] active_file 4096 [ 3308.858671][T15181] unevictable 0 [ 3308.858671][T15181] slab_reclaimable 58856 [ 3308.858671][T15181] slab_unreclaimable 308380008 [ 3308.858671][T15181] slab 308438864 [ 3308.888641][T15180] bridge4133: port 1(bridge_slave_1) entered blocking state [ 3308.962321][T15181] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15181,uid=0 [ 3308.978431][T15181] Memory cgroup out of memory: Killed process 15181 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3308.984490][T15180] bridge4133: port 1(bridge_slave_1) entered disabled state [ 3309.032468][T15191] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3309.043105][T15191] CPU: 0 PID: 15191 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3309.053297][T15191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3309.056015][T15182] bridge4133: port 1(bridge_slave_1) entered blocking state [ 3309.063352][T15191] Call Trace: [ 3309.063364][T15191] [ 3309.063375][T15191] dump_stack_lvl+0xcd/0x134 [ 3309.063410][T15191] dump_header+0x10b/0x7f9 [ 3309.070792][T15182] bridge4133: port 1(bridge_slave_1) entered forwarding state [ 3309.073962][T15191] oom_kill_process.cold+0x10/0x15 [ 3309.098460][T15191] out_of_memory+0x358/0x14a0 [ 3309.103176][T15191] ? find_held_lock+0x2d/0x110 [ 3309.107964][T15191] ? oom_killer_disable+0x270/0x270 [ 3309.113192][T15191] ? find_held_lock+0x2d/0x110 [ 3309.117985][T15191] mem_cgroup_out_of_memory+0x206/0x270 [ 3309.123559][T15191] ? mem_cgroup_margin+0x130/0x130 [ 3309.124101][T15182] bond0: (slave bridge4133): Enslaving as an active interface with an up link [ 3309.128672][T15191] ? lock_downgrade+0x6e0/0x6e0 03:15:30 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000500b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3309.128721][T15191] try_charge_memcg+0xf67/0x13f0 [ 3309.128758][T15191] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3309.145291][T15186] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3309.147339][T15191] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3309.147375][T15191] ? lock_downgrade+0x6e0/0x6e0 [ 3309.173242][T15191] obj_cgroup_charge+0x2ab/0x5e0 [ 3309.178219][T15191] ? __anon_vma_prepare+0x2d6/0x560 [ 3309.183539][T15191] kmem_cache_alloc+0x96/0x3b0 [ 3309.188345][T15191] __anon_vma_prepare+0x2d6/0x560 [ 3309.193399][T15191] ? __pmd_alloc+0x2ff/0x5c0 [ 3309.198016][T15191] __handle_mm_fault+0x340e/0x39b0 [ 3309.203172][T15191] ? vm_iomap_memory+0x190/0x190 [ 3309.208159][T15191] handle_mm_fault+0x1c8/0x780 [ 3309.212949][T15191] do_user_addr_fault+0x475/0x1210 [ 3309.218091][T15191] exc_page_fault+0x94/0x170 [ 3309.222707][T15191] asm_exc_page_fault+0x22/0x30 [ 3309.225117][T15187] bridge1285: port 1(bridge_slave_1) entered disabled state [ 3309.227564][T15191] RIP: 0033:0x7f98a3484695 [ 3309.227590][T15191] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3309.227611][T15191] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3309.227634][T15191] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3309.272981][T15191] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3309.280987][T15191] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 03:15:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000ffffffc3000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3309.288983][T15191] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000327dc8 [ 3309.296957][T15191] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3309.304965][T15191] [ 3309.320791][T15187] bridge1286: port 1(bridge_slave_1) entered blocking state [ 3309.329037][T15191] memory: usage 307200kB, limit 307200kB, failcnt 27660 [ 3309.337226][T15187] bridge1286: port 1(bridge_slave_1) entered disabled state [ 3309.350095][T15191] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3309.357825][T15191] Memory cgroup stats for /syz0: [ 3309.358058][T15191] anon 126976 [ 3309.358058][T15191] file 319488 [ 3309.358058][T15191] kernel 314126336 [ 3309.358058][T15191] kernel_stack 65536 [ 3309.358058][T15191] pagetables 81920 [ 3309.358058][T15191] percpu 5425088 [ 3309.358058][T15191] sock 0 [ 3309.358058][T15191] vmalloc 0 [ 3309.358058][T15191] shmem 319488 [ 3309.358058][T15191] zswap 0 [ 3309.358058][T15191] zswapped 0 [ 3309.358058][T15191] file_mapped 303104 [ 3309.358058][T15191] file_dirty 0 [ 3309.358058][T15191] file_writeback 0 [ 3309.358058][T15191] swapcached 0 [ 3309.358058][T15191] anon_thp 0 [ 3309.358058][T15191] file_thp 0 [ 3309.358058][T15191] shmem_thp 0 [ 3309.358058][T15191] inactive_anon 98304 [ 3309.358058][T15191] active_anon 315392 [ 3309.358058][T15191] inactive_file 0 [ 3309.358058][T15191] active_file 0 [ 3309.358058][T15191] unevictable 0 [ 3309.358058][T15191] slab_reclaimable 226056 [ 3309.358058][T15191] slab_unreclaimable 308290720 [ 3309.358058][T15191] slab 308516776 [ 3309.408908][T15188] bond0: (slave bridge1286): Enslaving as an active interface with an up link [ 3309.478758][T15192] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 03:15:30 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3309.536387][T15191] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15191,uid=0 [ 3309.559561][T15191] Memory cgroup out of memory: Killed process 15191 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3309.564365][T15194] bridge3187: port 1(bridge_slave_1) entered blocking state 03:15:30 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000800000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fffffff0", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3309.607131][T15194] bridge3187: port 1(bridge_slave_1) entered disabled state [ 3309.647041][T15196] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3309.692102][T15199] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3309.713236][T15199] CPU: 1 PID: 15199 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3309.723436][T15199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3309.733516][T15199] Call Trace: [ 3309.736814][T15199] [ 3309.739756][T15199] dump_stack_lvl+0xcd/0x134 [ 3309.744372][T15199] dump_header+0x10b/0x7f9 [ 3309.746112][T15197] bridge2542: port 1(bridge_slave_1) entered disabled state [ 3309.748808][T15199] oom_kill_process.cold+0x10/0x15 [ 3309.748847][T15199] out_of_memory+0x358/0x14a0 [ 3309.748879][T15199] ? find_held_lock+0x2d/0x110 [ 3309.770748][T15199] ? oom_killer_disable+0x270/0x270 [ 3309.775994][T15199] ? find_held_lock+0x2d/0x110 [ 3309.780798][T15199] mem_cgroup_out_of_memory+0x206/0x270 [ 3309.786376][T15199] ? mem_cgroup_margin+0x130/0x130 [ 3309.791507][T15199] ? lock_downgrade+0x6e0/0x6e0 [ 3309.796390][T15199] try_charge_memcg+0xf67/0x13f0 [ 3309.801356][T15199] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3309.807364][T15199] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3309.813795][T15199] ? lock_downgrade+0x6e0/0x6e0 [ 3309.818654][T15199] ? lock_downgrade+0x6e0/0x6e0 [ 3309.823521][T15199] ? rcu_read_unlock+0x9/0x60 [ 3309.828225][T15199] obj_cgroup_charge+0x2ab/0x5e0 [ 3309.833204][T15199] ? copy_process+0x4ce/0x7090 [ 3309.837978][T15199] kmem_cache_alloc_node+0x92/0x3f0 [ 3309.843184][T15199] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3309.848414][T15199] copy_process+0x4ce/0x7090 [ 3309.853036][T15199] ? __lock_acquire+0xbc3/0x56d0 [ 3309.858027][T15199] ? __cleanup_sighand+0xb0/0xb0 [ 3309.863005][T15199] kernel_clone+0xe7/0xab0 [ 3309.867442][T15199] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3309.873459][T15199] ? create_io_thread+0xe0/0xe0 [ 3309.878348][T15199] ? find_held_lock+0x2d/0x110 [ 3309.883133][T15199] ? __ct_user_exit+0xff/0x150 [ 3309.887917][T15199] __do_sys_clone+0xba/0x100 [ 3309.892533][T15199] ? kernel_clone+0xab0/0xab0 [ 3309.897241][T15199] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3309.903154][T15199] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3309.909069][T15199] do_syscall_64+0x35/0xb0 [ 3309.913492][T15199] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3309.919401][T15199] RIP: 0033:0x7ff38a48a6a1 [ 3309.923820][T15199] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3309.943436][T15199] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3309.951869][T15199] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3309.959844][T15199] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3309.967816][T15199] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3309.975789][T15199] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3309.983762][T15199] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3309.991756][T15199] [ 3310.002767][T15199] memory: usage 307200kB, limit 307200kB, failcnt 4578 [ 3310.013895][T15199] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3310.021856][T15199] Memory cgroup stats for /syz2: [ 3310.022090][T15199] anon 147456 [ 3310.022090][T15199] file 360448 [ 3310.022090][T15199] kernel 314052608 [ 3310.022090][T15199] kernel_stack 65536 [ 3310.022090][T15199] pagetables 81920 [ 3310.022090][T15199] percpu 5433376 [ 3310.022090][T15199] sock 0 [ 3310.022090][T15199] vmalloc 0 [ 3310.022090][T15199] shmem 356352 [ 3310.022090][T15199] zswap 0 [ 3310.022090][T15199] zswapped 0 [ 3310.022090][T15199] file_mapped 356352 [ 3310.022090][T15199] file_dirty 0 [ 3310.022090][T15199] file_writeback 0 [ 3310.022090][T15199] swapcached 0 [ 3310.022090][T15199] anon_thp 0 [ 3310.022090][T15199] file_thp 0 [ 3310.022090][T15199] shmem_thp 0 [ 3310.022090][T15199] inactive_anon 204800 [ 3310.022090][T15199] active_anon 299008 [ 3310.022090][T15199] inactive_file 0 [ 3310.022090][T15199] active_file 4096 [ 3310.022090][T15199] unevictable 0 [ 3310.022090][T15199] slab_reclaimable 58856 [ 3310.022090][T15199] slab_unreclaimable 308380312 [ 3310.022090][T15199] slab 308439168 [ 3310.031136][T15197] bridge2543: port 1(bridge_slave_1) entered blocking state [ 3310.135029][T15197] bridge2543: port 1(bridge_slave_1) entered disabled state 03:15:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000001f00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3310.143035][T15199] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15199,uid=0 [ 3310.156601][T15203] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3310.168699][T15199] Memory cgroup out of memory: Killed process 15199 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3310.199801][T15208] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3310.219567][T15208] CPU: 1 PID: 15208 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3310.229769][T15208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3310.239858][T15208] Call Trace: [ 3310.243160][T15208] [ 3310.246114][T15208] dump_stack_lvl+0xcd/0x134 [ 3310.250746][T15208] dump_header+0x10b/0x7f9 [ 3310.255196][T15208] oom_kill_process.cold+0x10/0x15 [ 3310.260335][T15208] out_of_memory+0x358/0x14a0 [ 3310.266101][T15208] ? oom_killer_disable+0x270/0x270 [ 3310.271333][T15208] ? find_held_lock+0x2d/0x110 [ 3310.276121][T15208] mem_cgroup_out_of_memory+0x206/0x270 [ 3310.281528][T15218] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3310.281680][T15208] ? mem_cgroup_margin+0x130/0x130 [ 3310.296081][T15208] ? lock_downgrade+0x6e0/0x6e0 [ 3310.301016][T15208] try_charge_memcg+0xf67/0x13f0 [ 3310.306001][T15208] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3310.312042][T15208] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3310.317788][T15208] ? lock_downgrade+0x6e0/0x6e0 [ 3310.322691][T15208] obj_cgroup_charge+0x2ab/0x5e0 [ 3310.327662][T15208] ? __anon_vma_prepare+0x2d6/0x560 [ 3310.328427][T15204] bridge4133: port 1(bridge_slave_1) entered disabled state [ 3310.332865][T15208] kmem_cache_alloc+0x96/0x3b0 [ 3310.332905][T15208] __anon_vma_prepare+0x2d6/0x560 [ 3310.332931][T15208] ? __pmd_alloc+0x2ff/0x5c0 [ 3310.332966][T15208] __handle_mm_fault+0x340e/0x39b0 [ 3310.359673][T15208] ? vm_iomap_memory+0x190/0x190 [ 3310.364652][T15208] handle_mm_fault+0x1c8/0x780 [ 3310.369430][T15208] do_user_addr_fault+0x475/0x1210 [ 3310.374566][T15208] exc_page_fault+0x94/0x170 [ 3310.379168][T15208] asm_exc_page_fault+0x22/0x30 [ 3310.384025][T15208] RIP: 0033:0x7f98a3484695 [ 3310.388443][T15208] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3310.408062][T15208] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3310.414227][T15208] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3310.422202][T15208] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3310.430191][T15208] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3310.438178][T15208] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032805e [ 3310.446164][T15208] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3310.454166][T15208] [ 3310.494067][T15204] bridge4134: port 1(bridge_slave_1) entered blocking state [ 3310.504557][T15204] bridge4134: port 1(bridge_slave_1) entered disabled state [ 3310.515754][T15208] memory: usage 307200kB, limit 307200kB, failcnt 27719 [ 3310.526638][T15208] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3310.540100][T15208] Memory cgroup stats for /syz0: [ 3310.540343][T15208] anon 126976 [ 3310.540343][T15208] file 319488 [ 3310.540343][T15208] kernel 314114048 [ 3310.540343][T15208] kernel_stack 65536 [ 3310.540343][T15208] pagetables 81920 [ 3310.540343][T15208] percpu 5425088 [ 3310.540343][T15208] sock 0 [ 3310.540343][T15208] vmalloc 0 [ 3310.540343][T15208] shmem 319488 [ 3310.540343][T15208] zswap 0 [ 3310.540343][T15208] zswapped 0 [ 3310.540343][T15208] file_mapped 303104 [ 3310.540343][T15208] file_dirty 0 [ 3310.540343][T15208] file_writeback 0 [ 3310.540343][T15208] swapcached 0 [ 3310.540343][T15208] anon_thp 0 [ 3310.540343][T15208] file_thp 0 [ 3310.540343][T15208] shmem_thp 0 [ 3310.540343][T15208] inactive_anon 131072 [ 3310.540343][T15208] active_anon 315392 [ 3310.540343][T15208] inactive_file 0 [ 3310.540343][T15208] active_file 0 [ 3310.540343][T15208] unevictable 0 [ 3310.540343][T15208] slab_reclaimable 226056 [ 3310.540343][T15208] slab_unreclaimable 308279624 [ 3310.540343][T15208] slab 308505680 [ 3310.555477][T15206] bridge4134: port 1(bridge_slave_1) entered blocking state 03:15:31 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000ffffffff", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3310.641056][T15206] bridge4134: port 1(bridge_slave_1) entered forwarding state [ 3310.642246][T15208] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15208,uid=0 [ 3310.665996][T15208] Memory cgroup out of memory: Killed process 15208 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3310.744591][T15206] bond0: (slave bridge4134): Enslaving as an active interface with an up link 03:15:32 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000580b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc4000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3310.796312][T15220] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3310.812245][T15211] bridge1286: port 1(bridge_slave_1) entered disabled state [ 3310.826293][T15220] CPU: 1 PID: 15220 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3310.836505][T15220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3310.846594][T15220] Call Trace: [ 3310.849905][T15220] [ 3310.852864][T15220] dump_stack_lvl+0xcd/0x134 [ 3310.857493][T15220] dump_header+0x10b/0x7f9 [ 3310.861951][T15220] oom_kill_process.cold+0x10/0x15 [ 3310.867105][T15220] out_of_memory+0x358/0x14a0 [ 3310.871828][T15220] ? find_held_lock+0x2d/0x110 [ 3310.876632][T15220] ? oom_killer_disable+0x270/0x270 [ 3310.881884][T15220] ? find_held_lock+0x2d/0x110 [ 3310.886699][T15220] mem_cgroup_out_of_memory+0x206/0x270 [ 3310.892276][T15220] ? mem_cgroup_margin+0x130/0x130 [ 3310.897413][T15220] ? lock_downgrade+0x6e0/0x6e0 [ 3310.902315][T15220] try_charge_memcg+0xf67/0x13f0 [ 3310.907282][T15220] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3310.913263][T15220] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3310.918994][T15220] ? lock_downgrade+0x6e0/0x6e0 [ 3310.923882][T15220] obj_cgroup_charge+0x2ab/0x5e0 [ 3310.928841][T15220] ? __anon_vma_prepare+0x2d6/0x560 [ 3310.934064][T15220] kmem_cache_alloc+0x96/0x3b0 [ 3310.938842][T15220] __anon_vma_prepare+0x2d6/0x560 [ 3310.943891][T15220] ? __pmd_alloc+0x2ff/0x5c0 [ 3310.948481][T15220] __handle_mm_fault+0x340e/0x39b0 [ 3310.953595][T15220] ? vm_iomap_memory+0x190/0x190 [ 3310.958578][T15220] handle_mm_fault+0x1c8/0x780 [ 3310.963357][T15220] do_user_addr_fault+0x475/0x1210 [ 3310.968508][T15220] exc_page_fault+0x94/0x170 [ 3310.973133][T15220] asm_exc_page_fault+0x22/0x30 [ 3310.978007][T15220] RIP: 0033:0x7f98a3484695 [ 3310.982431][T15220] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3311.002078][T15220] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3311.008145][T15220] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3311.016113][T15220] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3311.024095][T15220] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3311.032088][T15220] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00000000003284a1 [ 3311.040061][T15220] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3311.048045][T15220] [ 3311.056811][T15220] memory: usage 307200kB, limit 307200kB, failcnt 27790 [ 3311.064348][T15220] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3311.072111][T15220] Memory cgroup stats for /syz0: [ 3311.072350][T15220] anon 126976 [ 3311.072350][T15220] file 319488 [ 3311.072350][T15220] kernel 314126336 [ 3311.072350][T15220] kernel_stack 65536 [ 3311.072350][T15220] pagetables 81920 [ 3311.072350][T15220] percpu 5425088 [ 3311.072350][T15220] sock 0 [ 3311.072350][T15220] vmalloc 0 [ 3311.072350][T15220] shmem 319488 [ 3311.072350][T15220] zswap 0 [ 3311.072350][T15220] zswapped 0 [ 3311.072350][T15220] file_mapped 303104 [ 3311.072350][T15220] file_dirty 0 [ 3311.072350][T15220] file_writeback 0 [ 3311.072350][T15220] swapcached 0 [ 3311.072350][T15220] anon_thp 0 [ 3311.072350][T15220] file_thp 0 [ 3311.072350][T15220] shmem_thp 0 [ 3311.072350][T15220] inactive_anon 131072 [ 3311.072350][T15220] active_anon 315392 [ 3311.072350][T15220] inactive_file 0 [ 3311.072350][T15220] active_file 0 [ 3311.072350][T15220] unevictable 0 [ 3311.072350][T15220] slab_reclaimable 226056 [ 3311.072350][T15220] slab_unreclaimable 308290720 [ 3311.072350][T15220] slab 308516776 [ 3311.076556][T15211] bridge1287: port 1(bridge_slave_1) entered blocking state [ 3311.089739][T15220] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 3311.175333][T15211] bridge1287: port 1(bridge_slave_1) entered disabled state 03:15:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3311.191780][T15220] ,cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15220,uid=0 [ 3311.203428][T15220] Memory cgroup out of memory: Killed process 15220 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3311.284899][T15213] bond0: (slave bridge1287): Enslaving as an active interface with an up link [ 3311.333762][T15229] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3311.347748][T15229] CPU: 1 PID: 15229 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3311.357952][T15229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3311.368024][T15229] Call Trace: [ 3311.371316][T15229] [ 3311.374262][T15229] dump_stack_lvl+0xcd/0x134 [ 3311.378896][T15229] dump_header+0x10b/0x7f9 03:15:32 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3311.383350][T15229] oom_kill_process.cold+0x10/0x15 [ 3311.388512][T15229] out_of_memory+0x358/0x14a0 [ 3311.393237][T15229] ? find_held_lock+0x2d/0x110 [ 3311.398042][T15229] ? oom_killer_disable+0x270/0x270 [ 3311.403281][T15229] ? find_held_lock+0x2d/0x110 [ 3311.408083][T15229] mem_cgroup_out_of_memory+0x206/0x270 [ 3311.413668][T15229] ? mem_cgroup_margin+0x130/0x130 [ 3311.418812][T15229] ? lock_downgrade+0x6e0/0x6e0 [ 3311.423718][T15229] try_charge_memcg+0xf67/0x13f0 [ 3311.428702][T15229] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3311.434728][T15229] ? lock_downgrade+0x6e0/0x6e0 [ 3311.439632][T15229] charge_memcg+0x31/0x320 [ 3311.444089][T15229] __mem_cgroup_charge+0x27/0x90 [ 3311.449146][T15229] ? _compound_head+0x5d/0x150 [ 3311.453947][T15229] wp_page_copy+0x27c/0x1b60 [ 3311.458568][T15229] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3311.464058][T15229] ? lock_downgrade+0x6e0/0x6e0 [ 3311.468945][T15229] ? vm_normal_page+0x146/0x2a0 [ 3311.473856][T15229] do_wp_page+0x1d1/0x1910 [ 3311.478328][T15229] __handle_mm_fault+0x1813/0x39b0 [ 3311.483491][T15229] ? vm_iomap_memory+0x190/0x190 [ 3311.488500][T15229] handle_mm_fault+0x1c8/0x780 [ 3311.493308][T15229] do_user_addr_fault+0x475/0x1210 [ 3311.498480][T15229] exc_page_fault+0x94/0x170 [ 3311.503108][T15229] asm_exc_page_fault+0x22/0x30 [ 3311.507998][T15229] RIP: 0033:0x7f98a34374b0 [ 3311.511239][T15232] bridge1287: port 1(bridge_slave_1) entered disabled state [ 3311.512508][T15229] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3311.512536][T15229] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3311.512561][T15229] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3311.512580][T15229] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3311.512597][T15229] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3311.569481][T15229] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3311.577486][T15229] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3311.585480][T15229] ? __x64_sys_socket+0xd/0xb0 [ 3311.590280][T15229] [ 3311.598797][T15229] memory: usage 307200kB, limit 307200kB, failcnt 27890 [ 3311.605813][T15229] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3311.612763][T15229] Memory cgroup stats for /syz0: [ 3311.612968][T15229] anon 118784 [ 3311.612968][T15229] file 319488 [ 3311.612968][T15229] kernel 314134528 [ 3311.612968][T15229] kernel_stack 65536 [ 3311.612968][T15229] pagetables 73728 [ 3311.612968][T15229] percpu 5425088 [ 3311.612968][T15229] sock 0 [ 3311.612968][T15229] vmalloc 0 [ 3311.612968][T15229] shmem 319488 [ 3311.612968][T15229] zswap 0 [ 3311.612968][T15229] zswapped 0 [ 3311.612968][T15229] file_mapped 303104 [ 3311.612968][T15229] file_dirty 0 [ 3311.612968][T15229] file_writeback 0 [ 3311.612968][T15229] swapcached 0 [ 3311.612968][T15229] anon_thp 0 [ 3311.612968][T15229] file_thp 0 [ 3311.612968][T15229] shmem_thp 0 [ 3311.612968][T15229] inactive_anon 122880 [ 3311.612968][T15229] active_anon 315392 [ 3311.612968][T15229] inactive_file 0 [ 3311.612968][T15229] active_file 0 [ 3311.612968][T15229] unevictable 0 [ 3311.612968][T15229] slab_reclaimable 224128 [ 3311.612968][T15229] slab_unreclaimable 308301352 [ 3311.612968][T15229] slab 308525480 [ 3311.620372][T15232] bridge1288: port 1(bridge_slave_1) entered blocking state [ 3311.707280][T15229] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15229,uid=0 03:15:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3311.731289][T15229] Memory cgroup out of memory: Killed process 15229 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3311.750007][T15222] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3311.767264][T15222] CPU: 1 PID: 15222 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3311.777470][T15222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3311.787537][T15222] Call Trace: [ 3311.790838][T15222] [ 3311.793781][T15222] dump_stack_lvl+0xcd/0x134 [ 3311.798388][T15222] dump_header+0x10b/0x7f9 [ 3311.802823][T15222] oom_kill_process.cold+0x10/0x15 [ 3311.807952][T15222] out_of_memory+0x358/0x14a0 [ 3311.812646][T15222] ? oom_killer_disable+0x270/0x270 [ 3311.817865][T15222] ? find_held_lock+0x2d/0x110 [ 3311.822638][T15222] mem_cgroup_out_of_memory+0x206/0x270 [ 3311.828195][T15222] ? mem_cgroup_margin+0x130/0x130 [ 3311.833313][T15222] ? lock_downgrade+0x6e0/0x6e0 [ 3311.838189][T15222] try_charge_memcg+0xf67/0x13f0 [ 3311.843145][T15222] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3311.849135][T15222] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3311.854863][T15222] ? lock_downgrade+0x6e0/0x6e0 [ 3311.859724][T15222] ? lock_downgrade+0x6e0/0x6e0 [ 3311.864596][T15222] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3311.870152][T15222] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3311.876336][T15222] copy_process+0x607/0x7090 [ 3311.880955][T15222] ? __cleanup_sighand+0xb0/0xb0 [ 3311.886354][T15222] kernel_clone+0xe7/0xab0 [ 3311.890807][T15222] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3311.896806][T15222] ? create_io_thread+0xe0/0xe0 [ 3311.901671][T15222] ? find_held_lock+0x2d/0x110 [ 3311.906450][T15222] ? __ct_user_exit+0xff/0x150 [ 3311.911236][T15222] __do_sys_clone+0xba/0x100 [ 3311.915876][T15222] ? kernel_clone+0xab0/0xab0 [ 3311.920574][T15222] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3311.926479][T15222] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3311.932390][T15222] do_syscall_64+0x35/0xb0 [ 3311.936820][T15222] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3311.942729][T15222] RIP: 0033:0x7ff38a48a6a1 [ 3311.947152][T15222] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3311.966769][T15222] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3311.975188][T15222] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3311.983178][T15222] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3311.991151][T15222] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3311.999140][T15222] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3312.007115][T15222] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3312.015123][T15222] [ 3312.022578][T15222] memory: usage 307200kB, limit 307200kB, failcnt 4713 [ 3312.027645][T15232] bridge1288: port 1(bridge_slave_1) entered disabled state [ 3312.030110][T15222] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3312.046876][T15222] Memory cgroup stats for /syz2: [ 3312.047230][T15222] anon 147456 [ 3312.047230][T15222] file 360448 [ 3312.047230][T15222] kernel 314064896 [ 3312.047230][T15222] kernel_stack 65536 [ 3312.047230][T15222] pagetables 81920 [ 3312.047230][T15222] percpu 5433376 [ 3312.047230][T15222] sock 0 [ 3312.047230][T15222] vmalloc 0 [ 3312.047230][T15222] shmem 356352 [ 3312.047230][T15222] zswap 0 [ 3312.047230][T15222] zswapped 0 [ 3312.047230][T15222] file_mapped 356352 [ 3312.047230][T15222] file_dirty 0 [ 3312.047230][T15222] file_writeback 0 [ 3312.047230][T15222] swapcached 0 [ 3312.047230][T15222] anon_thp 0 [ 3312.047230][T15222] file_thp 0 [ 3312.047230][T15222] shmem_thp 0 [ 3312.047230][T15222] inactive_anon 204800 [ 3312.047230][T15222] active_anon 299008 [ 3312.047230][T15222] inactive_file 0 [ 3312.047230][T15222] active_file 4096 [ 3312.047230][T15222] unevictable 0 [ 3312.047230][T15222] slab_reclaimable 58856 [ 3312.047230][T15222] slab_unreclaimable 308387568 [ 3312.047230][T15222] slab 308446424 [ 3312.159955][T15222] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15222,uid=0 [ 3312.175863][T15222] Memory cgroup out of memory: Killed process 15222 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3312.196712][T15216] bridge3187: port 1(bridge_slave_1) entered disabled state [ 3312.232950][T15216] bridge3188: port 1(bridge_slave_1) entered blocking state [ 3312.244327][T15234] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3312.252292][T15216] bridge3188: port 1(bridge_slave_1) entered disabled state [ 3312.257779][T15234] CPU: 0 PID: 15234 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3312.272032][T15234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3312.282199][T15234] Call Trace: [ 3312.285504][T15234] [ 3312.288452][T15234] dump_stack_lvl+0xcd/0x134 [ 3312.292720][T15218] bridge2543: port 1(bridge_slave_1) entered disabled state [ 3312.293064][T15234] dump_header+0x10b/0x7f9 [ 3312.304766][T15234] oom_kill_process.cold+0x10/0x15 [ 3312.309902][T15234] out_of_memory+0x358/0x14a0 [ 3312.314608][T15234] ? find_held_lock+0x2d/0x110 [ 3312.319410][T15234] ? oom_killer_disable+0x270/0x270 [ 3312.324621][T15234] ? find_held_lock+0x2d/0x110 [ 3312.329396][T15234] mem_cgroup_out_of_memory+0x206/0x270 [ 3312.335000][T15234] ? mem_cgroup_margin+0x130/0x130 [ 3312.340116][T15234] ? lock_downgrade+0x6e0/0x6e0 [ 3312.344992][T15234] try_charge_memcg+0xf67/0x13f0 [ 3312.349947][T15234] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3312.355964][T15234] ? lock_downgrade+0x6e0/0x6e0 [ 3312.360835][T15234] charge_memcg+0x31/0x320 [ 3312.365267][T15234] __mem_cgroup_charge+0x27/0x90 [ 3312.370211][T15234] ? _compound_head+0x5d/0x150 [ 3312.374990][T15234] wp_page_copy+0x27c/0x1b60 [ 3312.379598][T15234] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3312.385066][T15234] ? lock_downgrade+0x6e0/0x6e0 [ 3312.389937][T15234] ? vm_normal_page+0x146/0x2a0 [ 3312.394809][T15234] do_wp_page+0x1d1/0x1910 [ 3312.399240][T15234] __handle_mm_fault+0x1813/0x39b0 [ 3312.404382][T15234] ? vm_iomap_memory+0x190/0x190 [ 3312.409400][T15234] handle_mm_fault+0x1c8/0x780 [ 3312.414193][T15234] do_user_addr_fault+0x475/0x1210 [ 3312.419340][T15234] exc_page_fault+0x94/0x170 [ 3312.424056][T15234] asm_exc_page_fault+0x22/0x30 [ 3312.428921][T15234] RIP: 0033:0x7f98a34374b0 [ 3312.433343][T15234] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3312.452957][T15234] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3312.459031][T15234] RAX: 00000000bd27bad8 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3312.467005][T15234] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0c76 [ 3312.475022][T15234] RBP: 00000000bd27bad8 R08: 0000000000001ad8 R09: 00000000bd27badc 03:15:33 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000000fffffff0", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3312.483010][T15234] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3312.490988][T15234] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a3270f [ 3312.498962][T15234] ? trace_user_exit.constprop.0+0x13f/0x210 [ 3312.504974][T15234] [ 3312.525747][T15234] memory: usage 307188kB, limit 307200kB, failcnt 27963 [ 3312.540383][T15218] bridge2544: port 1(bridge_slave_1) entered blocking state [ 3312.541621][T15234] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3312.557880][T15234] Memory cgroup stats for /syz0: [ 3312.558107][T15234] anon 106496 [ 3312.558107][T15234] file 319488 [ 3312.558107][T15234] kernel 314134528 [ 3312.558107][T15234] kernel_stack 65536 [ 3312.558107][T15234] pagetables 73728 [ 3312.558107][T15234] percpu 5425088 [ 3312.558107][T15234] sock 0 [ 3312.558107][T15234] vmalloc 0 [ 3312.558107][T15234] shmem 319488 [ 3312.558107][T15234] zswap 0 [ 3312.558107][T15234] zswapped 0 [ 3312.558107][T15234] file_mapped 303104 [ 3312.558107][T15234] file_dirty 0 [ 3312.558107][T15234] file_writeback 0 [ 3312.558107][T15234] swapcached 0 [ 3312.558107][T15234] anon_thp 0 [ 3312.558107][T15234] file_thp 0 [ 3312.558107][T15234] shmem_thp 0 [ 3312.558107][T15234] inactive_anon 110592 [ 3312.558107][T15234] active_anon 315392 [ 3312.558107][T15234] inactive_file 0 [ 3312.558107][T15234] active_file 0 [ 3312.558107][T15234] unevictable 0 [ 3312.558107][T15234] slab_reclaimable 224128 [ 3312.558107][T15234] slab_unreclaimable 308301352 [ 3312.558107][T15234] slab 308525480 [ 3312.564547][T15218] bridge2544: port 1(bridge_slave_1) entered disabled state 03:15:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3312.658629][T15234] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15234,uid=0 [ 3312.679894][T15234] Memory cgroup out of memory: Killed process 15234 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:15:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000001f00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3312.735425][T15219] bond0: (slave bridge2544): Enslaving as an active interface with an up link [ 3312.744820][T15225] __nla_validate_parse: 3 callbacks suppressed [ 3312.744837][T15225] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3312.816114][T15226] bridge4134: port 1(bridge_slave_1) entered disabled state [ 3312.854704][T15226] bridge4135: port 1(bridge_slave_1) entered blocking state [ 3312.862742][T15226] bridge4135: port 1(bridge_slave_1) entered disabled state [ 3312.868862][T15240] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3312.882174][T15240] CPU: 1 PID: 15240 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3312.892374][T15240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3312.902476][T15240] Call Trace: [ 3312.905775][T15240] [ 3312.908727][T15240] dump_stack_lvl+0xcd/0x134 [ 3312.913365][T15240] dump_header+0x10b/0x7f9 [ 3312.917824][T15240] oom_kill_process.cold+0x10/0x15 [ 3312.922985][T15240] out_of_memory+0x358/0x14a0 [ 3312.927719][T15240] ? find_held_lock+0x2d/0x110 [ 3312.931938][T15227] bridge4135: port 1(bridge_slave_1) entered blocking state [ 3312.932516][T15240] ? oom_killer_disable+0x270/0x270 [ 3312.939980][T15227] bridge4135: port 1(bridge_slave_1) entered forwarding state [ 3312.945012][T15240] ? find_held_lock+0x2d/0x110 [ 3312.957278][T15240] mem_cgroup_out_of_memory+0x206/0x270 [ 3312.962860][T15240] ? mem_cgroup_margin+0x130/0x130 [ 3312.968004][T15240] ? lock_downgrade+0x6e0/0x6e0 [ 3312.972889][T15240] try_charge_memcg+0xf67/0x13f0 [ 3312.977860][T15240] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3312.983873][T15240] ? lock_downgrade+0x6e0/0x6e0 [ 3312.988757][T15240] charge_memcg+0x31/0x320 [ 3312.993210][T15240] __mem_cgroup_charge+0x27/0x90 [ 3312.998187][T15240] ? _compound_head+0x5d/0x150 [ 3313.002987][T15240] wp_page_copy+0x27c/0x1b60 [ 3313.007615][T15240] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3313.013103][T15240] ? lock_downgrade+0x6e0/0x6e0 [ 3313.017983][T15240] ? vm_normal_page+0x146/0x2a0 [ 3313.022877][T15240] do_wp_page+0x1d1/0x1910 [ 3313.027321][T15240] __handle_mm_fault+0x1813/0x39b0 [ 3313.032460][T15240] ? vm_iomap_memory+0x190/0x190 [ 3313.037452][T15240] handle_mm_fault+0x1c8/0x780 [ 3313.042259][T15240] do_user_addr_fault+0x475/0x1210 [ 3313.047418][T15240] exc_page_fault+0x94/0x170 [ 3313.052071][T15240] asm_exc_page_fault+0x22/0x30 [ 3313.056949][T15240] RIP: 0033:0x7f98a34374b0 [ 3313.059099][T15227] bond0: (slave bridge4135): Enslaving as an active interface with an up link [ 3313.061395][T15240] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3313.061422][T15240] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3313.061445][T15240] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3313.103962][T15240] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d 03:15:34 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc5000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000600b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3313.111966][T15240] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3313.119963][T15240] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3313.127964][T15240] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3313.135955][T15240] ? __x64_sys_socket+0xd/0xb0 [ 3313.140777][T15240] [ 3313.184940][T15240] memory: usage 307200kB, limit 307200kB, failcnt 28049 [ 3313.192408][T15240] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3313.199778][T15240] Memory cgroup stats for /syz0: [ 3313.199946][T15240] anon 118784 [ 3313.199946][T15240] file 319488 [ 3313.199946][T15240] kernel 314134528 [ 3313.199946][T15240] kernel_stack 65536 [ 3313.199946][T15240] pagetables 73728 [ 3313.199946][T15240] percpu 5425088 [ 3313.199946][T15240] sock 0 [ 3313.199946][T15240] vmalloc 0 [ 3313.199946][T15240] shmem 319488 [ 3313.199946][T15240] zswap 0 [ 3313.199946][T15240] zswapped 0 [ 3313.199946][T15240] file_mapped 303104 [ 3313.199946][T15240] file_dirty 0 [ 3313.199946][T15240] file_writeback 0 [ 3313.199946][T15240] swapcached 0 [ 3313.199946][T15240] anon_thp 0 [ 3313.199946][T15240] file_thp 0 [ 3313.199946][T15240] shmem_thp 0 [ 3313.199946][T15240] inactive_anon 122880 [ 3313.199946][T15240] active_anon 315392 [ 3313.199946][T15240] inactive_file 0 [ 3313.199946][T15240] active_file 0 [ 3313.199946][T15240] unevictable 0 [ 3313.199946][T15240] slab_reclaimable 224128 [ 3313.199946][T15240] slab_unreclaimable 308301352 [ 3313.199946][T15240] slab 308525480 [ 3313.308046][T15233] bond0: (slave bridge1288): Enslaving as an active interface with an up link [ 3313.317306][T15240] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15240,uid=0 03:15:34 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000580b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3313.337331][T15238] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3313.390328][T15240] Memory cgroup out of memory: Killed process 15240 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3313.396627][T15239] bridge3188: port 1(bridge_slave_1) entered disabled state 03:15:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:34 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000800000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3313.435747][T15239] bridge3189: port 1(bridge_slave_1) entered blocking state [ 3313.444789][T15239] bridge3189: port 1(bridge_slave_1) entered disabled state [ 3313.491011][T15244] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3313.499539][T15250] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3313.532950][T15250] CPU: 0 PID: 15250 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3313.543159][T15250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3313.553239][T15250] Call Trace: [ 3313.556533][T15250] [ 3313.559472][T15250] dump_stack_lvl+0xcd/0x134 [ 3313.564097][T15250] dump_header+0x10b/0x7f9 [ 3313.568556][T15250] oom_kill_process.cold+0x10/0x15 [ 3313.573706][T15250] out_of_memory+0x358/0x14a0 [ 3313.573907][T15246] bridge2544: port 1(bridge_slave_1) entered disabled state [ 3313.578397][T15250] ? find_held_lock+0x2d/0x110 [ 3313.578429][T15250] ? oom_killer_disable+0x270/0x270 [ 3313.578463][T15250] ? find_held_lock+0x2d/0x110 [ 3313.578489][T15250] mem_cgroup_out_of_memory+0x206/0x270 [ 3313.578517][T15250] ? mem_cgroup_margin+0x130/0x130 [ 3313.611126][T15250] ? lock_downgrade+0x6e0/0x6e0 [ 3313.615985][T15250] try_charge_memcg+0xf67/0x13f0 [ 3313.620939][T15250] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3313.626918][T15250] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3313.632647][T15250] ? lock_downgrade+0x6e0/0x6e0 [ 3313.637529][T15250] ? lock_downgrade+0x6e0/0x6e0 [ 3313.642424][T15250] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3313.648005][T15250] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3313.654195][T15250] copy_process+0x607/0x7090 [ 3313.658811][T15250] ? __lock_acquire+0xbc3/0x56d0 [ 3313.663786][T15250] ? __cleanup_sighand+0xb0/0xb0 [ 3313.668753][T15250] kernel_clone+0xe7/0xab0 [ 3313.673199][T15250] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3313.679217][T15250] ? create_io_thread+0xe0/0xe0 [ 3313.684105][T15250] ? find_held_lock+0x2d/0x110 [ 3313.688934][T15250] ? __ct_user_exit+0xff/0x150 [ 3313.693730][T15250] __do_sys_clone+0xba/0x100 [ 3313.698325][T15250] ? kernel_clone+0xab0/0xab0 [ 3313.703131][T15250] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3313.709035][T15250] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3313.714949][T15250] do_syscall_64+0x35/0xb0 [ 3313.719361][T15250] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3313.725251][T15250] RIP: 0033:0x7ff38a48a6a1 [ 3313.729670][T15250] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3313.749568][T15250] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3313.758005][T15250] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3313.765973][T15250] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3313.773960][T15250] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3313.781960][T15250] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3313.789948][T15250] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3313.797952][T15250] [ 3313.836062][T15246] bridge2545: port 1(bridge_slave_1) entered blocking state [ 3313.838036][T15250] memory: usage 307200kB, limit 307200kB, failcnt 4801 [ 3313.850504][T15250] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3313.855102][T15246] bridge2545: port 1(bridge_slave_1) entered disabled state [ 3313.858348][T15250] Memory cgroup stats for /syz2: [ 3313.865459][T15250] anon 147456 [ 3313.865459][T15250] file 360448 [ 3313.865459][T15250] kernel 314064896 [ 3313.865459][T15250] kernel_stack 65536 [ 3313.865459][T15250] pagetables 81920 [ 3313.865459][T15250] percpu 5433376 [ 3313.865459][T15250] sock 0 [ 3313.865459][T15250] vmalloc 0 [ 3313.865459][T15250] shmem 356352 [ 3313.865459][T15250] zswap 0 [ 3313.865459][T15250] zswapped 0 [ 3313.865459][T15250] file_mapped 356352 [ 3313.865459][T15250] file_dirty 0 [ 3313.865459][T15250] file_writeback 0 [ 3313.865459][T15250] swapcached 0 [ 3313.865459][T15250] anon_thp 0 [ 3313.865459][T15250] file_thp 0 [ 3313.865459][T15250] shmem_thp 0 [ 3313.865459][T15250] inactive_anon 204800 03:15:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000001f00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3313.865459][T15250] active_anon 299008 [ 3313.865459][T15250] inactive_file 4096 [ 3313.865459][T15250] active_file 0 [ 3313.865459][T15250] unevictable 0 [ 3313.865459][T15250] slab_reclaimable 58856 [ 3313.865459][T15250] slab_unreclaimable 308387568 [ 3313.865459][T15250] slab 308446424 [ 3313.959606][T15252] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3313.981076][T15250] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15250,uid=0 [ 3313.996962][T15250] Memory cgroup out of memory: Killed process 15250 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3314.066037][T15261] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3314.087493][T15261] CPU: 1 PID: 15261 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3314.088663][T15268] bridge2545: port 1(bridge_slave_1) entered disabled state [ 3314.097676][T15261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3314.097695][T15261] Call Trace: [ 3314.097704][T15261] [ 3314.097713][T15261] dump_stack_lvl+0xcd/0x134 [ 3314.097750][T15261] dump_header+0x10b/0x7f9 [ 3314.130266][T15261] oom_kill_process.cold+0x10/0x15 [ 3314.135405][T15261] out_of_memory+0x358/0x14a0 [ 3314.140101][T15261] ? find_held_lock+0x2d/0x110 [ 3314.144885][T15261] ? oom_killer_disable+0x270/0x270 [ 3314.150099][T15261] ? find_held_lock+0x2d/0x110 [ 3314.154881][T15261] mem_cgroup_out_of_memory+0x206/0x270 [ 3314.160430][T15261] ? mem_cgroup_margin+0x130/0x130 [ 3314.165550][T15261] ? lock_downgrade+0x6e0/0x6e0 [ 3314.170436][T15261] try_charge_memcg+0xf67/0x13f0 [ 3314.175403][T15261] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3314.181395][T15261] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3314.187136][T15261] ? lock_downgrade+0x6e0/0x6e0 [ 3314.192025][T15261] obj_cgroup_charge+0x2ab/0x5e0 [ 3314.196996][T15261] ? __anon_vma_prepare+0x2d6/0x560 [ 3314.202224][T15261] kmem_cache_alloc+0x96/0x3b0 [ 3314.207028][T15261] __anon_vma_prepare+0x2d6/0x560 [ 3314.212081][T15261] ? __pmd_alloc+0x2ff/0x5c0 [ 3314.216709][T15261] __handle_mm_fault+0x340e/0x39b0 [ 3314.221843][T15261] ? vm_iomap_memory+0x190/0x190 [ 3314.226997][T15261] handle_mm_fault+0x1c8/0x780 [ 3314.231783][T15261] do_user_addr_fault+0x475/0x1210 [ 3314.236933][T15261] exc_page_fault+0x94/0x170 [ 3314.241548][T15261] asm_exc_page_fault+0x22/0x30 [ 3314.246390][T15261] RIP: 0033:0x7f98a3484695 [ 3314.250807][T15261] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3314.270447][T15261] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3314.276555][T15261] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3314.284585][T15261] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3314.292593][T15261] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3314.300678][T15261] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000329170 [ 3314.308673][T15261] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3314.316673][T15261] [ 3314.333700][T15261] memory: usage 307200kB, limit 307200kB, failcnt 28108 [ 3314.338204][T15253] bridge4135: port 1(bridge_slave_1) entered disabled state [ 3314.341102][T15261] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3314.356335][T15261] Memory cgroup stats for /syz0: [ 3314.356529][T15261] anon 126976 [ 3314.356529][T15261] file 319488 [ 3314.356529][T15261] kernel 314126336 [ 3314.356529][T15261] kernel_stack 65536 [ 3314.356529][T15261] pagetables 81920 [ 3314.356529][T15261] percpu 5425088 [ 3314.356529][T15261] sock 0 [ 3314.356529][T15261] vmalloc 0 [ 3314.356529][T15261] shmem 319488 [ 3314.356529][T15261] zswap 0 [ 3314.356529][T15261] zswapped 0 [ 3314.356529][T15261] file_mapped 303104 [ 3314.356529][T15261] file_dirty 0 [ 3314.356529][T15261] file_writeback 0 [ 3314.356529][T15261] swapcached 0 [ 3314.356529][T15261] anon_thp 0 [ 3314.356529][T15261] file_thp 0 [ 3314.356529][T15261] shmem_thp 0 [ 3314.356529][T15261] inactive_anon 131072 [ 3314.356529][T15261] active_anon 315392 [ 3314.356529][T15261] inactive_file 0 [ 3314.356529][T15261] active_file 0 [ 3314.356529][T15261] unevictable 0 [ 3314.356529][T15261] slab_reclaimable 226056 [ 3314.356529][T15261] slab_unreclaimable 308290720 [ 3314.356529][T15261] slab 308516776 03:15:35 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3314.452807][T15261] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15261,uid=0 [ 3314.468646][T15261] Memory cgroup out of memory: Killed process 15261 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3314.500774][T15253] bridge4136: port 1(bridge_slave_1) entered blocking state [ 3314.510689][T15253] bridge4136: port 1(bridge_slave_1) entered disabled state [ 3314.555769][T15254] bridge4136: port 1(bridge_slave_1) entered blocking state [ 3314.563308][T15254] bridge4136: port 1(bridge_slave_1) entered forwarding state [ 3314.564588][T15270] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3314.592358][T15270] CPU: 1 PID: 15270 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3314.602576][T15270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3314.612662][T15270] Call Trace: [ 3314.615961][T15270] [ 3314.618921][T15270] dump_stack_lvl+0xcd/0x134 [ 3314.622102][T15254] bond0: (slave bridge4136): Enslaving as an active interface with an up link [ 3314.623536][T15270] dump_header+0x10b/0x7f9 [ 3314.623574][T15270] oom_kill_process.cold+0x10/0x15 [ 3314.623610][T15270] out_of_memory+0x358/0x14a0 [ 3314.646693][T15270] ? find_held_lock+0x2d/0x110 03:15:35 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc6000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:35 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000680b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3314.651492][T15270] ? oom_killer_disable+0x270/0x270 [ 3314.656735][T15270] ? find_held_lock+0x2d/0x110 [ 3314.661560][T15270] mem_cgroup_out_of_memory+0x206/0x270 [ 3314.667139][T15270] ? mem_cgroup_margin+0x130/0x130 [ 3314.672277][T15270] ? lock_downgrade+0x6e0/0x6e0 [ 3314.677178][T15270] try_charge_memcg+0xf67/0x13f0 [ 3314.682157][T15270] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3314.688170][T15270] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3314.693923][T15270] ? lock_downgrade+0x6e0/0x6e0 [ 3314.698816][T15270] ? lock_downgrade+0x6e0/0x6e0 [ 3314.703698][T15270] ? rcu_read_unlock+0x9/0x60 [ 3314.708421][T15270] obj_cgroup_charge+0x2ab/0x5e0 [ 3314.713402][T15270] kmem_cache_alloc_trace+0xa3/0x3e0 [ 3314.718717][T15270] ? copy_semundo+0x187/0x2f0 [ 3314.723335][T15273] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3314.723405][T15270] ? apparmor_task_alloc+0x2bb/0x3b0 [ 3314.723442][T15270] copy_semundo+0x187/0x2f0 [ 3314.742528][T15270] copy_process+0x2409/0x7090 [ 3314.747264][T15270] ? __cleanup_sighand+0xb0/0xb0 [ 3314.752254][T15270] kernel_clone+0xe7/0xab0 [ 3314.756697][T15270] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3314.762714][T15270] ? create_io_thread+0xe0/0xe0 [ 3314.767597][T15270] ? find_held_lock+0x2d/0x110 [ 3314.772405][T15270] ? __ct_user_exit+0xff/0x150 [ 3314.777217][T15270] __do_sys_clone+0xba/0x100 [ 3314.781837][T15270] ? kernel_clone+0xab0/0xab0 [ 3314.786537][T15270] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3314.787676][T15257] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3314.792434][T15270] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3314.792480][T15270] do_syscall_64+0x35/0xb0 [ 3314.792508][T15270] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3314.818003][T15270] RIP: 0033:0x7f98a348a6a1 [ 3314.822443][T15270] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3314.842080][T15270] RSP: 002b:00007ffe69a68a48 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3314.845836][T15259] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3314.850495][T15270] RAX: ffffffffffffffda RBX: 00007f98a4666700 RCX: 00007f98a348a6a1 [ 3314.850519][T15270] RDX: 00007f98a46669d0 RSI: 00007f98a46662f0 RDI: 00000000003d0f00 [ 3314.850537][T15270] RBP: 00007ffe69a68c90 R08: 00007f98a4666700 R09: 00007f98a4666700 [ 3314.850555][T15270] R10: 00007f98a46669d0 R11: 0000000000000206 R12: 00007ffe69a68afe [ 3314.850572][T15270] R13: 00007ffe69a68aff R14: 00007f98a4666300 R15: 0000000000022000 [ 3314.850608][T15270] 03:15:36 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000000c70", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3314.890735][T15270] memory: usage 307140kB, limit 307200kB, failcnt 28164 [ 3314.912123][T15270] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3314.919943][T15270] Memory cgroup stats for /syz0: [ 3314.920176][T15270] anon 81920 [ 3314.920176][T15270] file 319488 [ 3314.920176][T15270] kernel 314109952 [ 3314.920176][T15270] kernel_stack 65536 [ 3314.920176][T15270] pagetables 69632 [ 3314.920176][T15270] percpu 5425088 [ 3314.920176][T15270] sock 0 [ 3314.920176][T15270] vmalloc 0 [ 3314.920176][T15270] shmem 319488 [ 3314.920176][T15270] zswap 0 [ 3314.920176][T15270] zswapped 0 [ 3314.920176][T15270] file_mapped 303104 [ 3314.920176][T15270] file_dirty 0 [ 3314.920176][T15270] file_writeback 0 [ 3314.920176][T15270] swapcached 0 [ 3314.920176][T15270] anon_thp 0 [ 3314.920176][T15270] file_thp 0 [ 3314.920176][T15270] shmem_thp 0 [ 3314.920176][T15270] inactive_anon 86016 [ 3314.920176][T15270] active_anon 315392 [ 3314.920176][T15270] inactive_file 0 [ 3314.920176][T15270] active_file 0 [ 3314.920176][T15270] unevictable 0 [ 3314.920176][T15270] slab_reclaimable 222200 [ 3314.920176][T15270] slab_unreclaimable 308289144 [ 3314.920176][T15270] slab 308511344 [ 3315.018226][T15262] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3315.052543][T15270] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15270,uid=0 [ 3315.055647][T15263] bridge3189: port 1(bridge_slave_1) entered disabled state [ 3315.078609][T15270] Memory cgroup out of memory: Killed process 15270 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 03:15:36 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x2, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3315.086509][T15263] bridge3190: port 1(bridge_slave_1) entered blocking state [ 3315.104805][T15263] bridge3190: port 1(bridge_slave_1) entered disabled state [ 3315.129983][T15266] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3315.177014][T15271] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3315.187724][T15271] CPU: 1 PID: 15271 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3315.197916][T15271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3315.207992][T15271] Call Trace: [ 3315.211291][T15271] [ 3315.214241][T15271] dump_stack_lvl+0xcd/0x134 [ 3315.218867][T15271] dump_header+0x10b/0x7f9 [ 3315.223325][T15271] oom_kill_process.cold+0x10/0x15 [ 3315.228739][T15271] out_of_memory+0x358/0x14a0 [ 3315.233452][T15271] ? find_held_lock+0x2d/0x110 [ 3315.238259][T15271] ? oom_killer_disable+0x270/0x270 [ 3315.243502][T15271] ? find_held_lock+0x2d/0x110 [ 3315.248307][T15271] mem_cgroup_out_of_memory+0x206/0x270 [ 3315.253869][T15271] ? mem_cgroup_margin+0x130/0x130 [ 3315.258986][T15271] ? lock_downgrade+0x6e0/0x6e0 [ 3315.263865][T15271] try_charge_memcg+0xf67/0x13f0 [ 3315.268824][T15271] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3315.274816][T15271] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3315.280543][T15271] ? lock_downgrade+0x6e0/0x6e0 [ 3315.285406][T15271] ? lock_downgrade+0x6e0/0x6e0 [ 3315.290297][T15271] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3315.295857][T15271] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3315.302025][T15271] copy_process+0x145a/0x7090 [ 3315.306719][T15271] ? __lock_acquire+0xbc3/0x56d0 [ 3315.311681][T15271] ? __cleanup_sighand+0xb0/0xb0 [ 3315.316654][T15271] kernel_clone+0xe7/0xab0 [ 3315.321082][T15271] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3315.327075][T15271] ? create_io_thread+0xe0/0xe0 [ 3315.331941][T15271] ? find_held_lock+0x2d/0x110 [ 3315.336716][T15271] ? __ct_user_exit+0xff/0x150 [ 3315.341497][T15271] __do_sys_clone+0xba/0x100 [ 3315.346112][T15271] ? kernel_clone+0xab0/0xab0 [ 3315.350809][T15271] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3315.356715][T15271] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3315.362628][T15271] do_syscall_64+0x35/0xb0 [ 3315.367059][T15271] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3315.372964][T15271] RIP: 0033:0x7ff38a48a6a1 [ 3315.377385][T15271] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3315.397192][T15271] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3315.405611][T15271] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3315.413586][T15271] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3315.421571][T15271] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3315.429564][T15271] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3315.437552][T15271] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3315.445554][T15271] [ 3315.462404][T15271] memory: usage 307200kB, limit 307200kB, failcnt 4893 [ 3315.470890][T15271] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3315.478751][T15271] Memory cgroup stats for /syz2: [ 3315.478981][T15271] anon 147456 [ 3315.478981][T15271] file 360448 [ 3315.478981][T15271] kernel 314064896 [ 3315.478981][T15271] kernel_stack 65536 [ 3315.478981][T15271] pagetables 81920 [ 3315.478981][T15271] percpu 5433376 [ 3315.478981][T15271] sock 0 [ 3315.478981][T15271] vmalloc 0 [ 3315.478981][T15271] shmem 356352 [ 3315.478981][T15271] zswap 0 [ 3315.478981][T15271] zswapped 0 [ 3315.478981][T15271] file_mapped 356352 [ 3315.478981][T15271] file_dirty 0 [ 3315.478981][T15271] file_writeback 0 [ 3315.478981][T15271] swapcached 0 [ 3315.478981][T15271] anon_thp 0 [ 3315.478981][T15271] file_thp 0 [ 3315.478981][T15271] shmem_thp 0 [ 3315.478981][T15271] inactive_anon 204800 [ 3315.478981][T15271] active_anon 299008 [ 3315.478981][T15271] inactive_file 0 [ 3315.478981][T15271] active_file 4096 [ 3315.478981][T15271] unevictable 0 [ 3315.478981][T15271] slab_reclaimable 58856 [ 3315.478981][T15271] slab_unreclaimable 308387568 [ 3315.478981][T15271] slab 308446424 03:15:36 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0x600, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) [ 3315.563436][T15269] bond0: (slave bridge2546): Enslaving as an active interface with an up link [ 3315.588307][T15271] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15271,uid=0 [ 3315.604501][T15271] Memory cgroup out of memory: Killed process 15271 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3315.633373][T15273] bridge4136: port 1(bridge_slave_1) entered disabled state [ 3315.666415][T15273] bridge4137: port 1(bridge_slave_1) entered blocking state [ 3315.684480][T15273] bridge4137: port 1(bridge_slave_1) entered disabled state [ 3315.695662][T15283] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3315.706575][T15283] CPU: 0 PID: 15283 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3315.716770][T15283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3315.726852][T15283] Call Trace: [ 3315.730148][T15283] [ 3315.733090][T15283] dump_stack_lvl+0xcd/0x134 [ 3315.737703][T15283] dump_header+0x10b/0x7f9 [ 3315.742152][T15283] oom_kill_process.cold+0x10/0x15 [ 3315.744615][T15274] bridge4137: port 1(bridge_slave_1) entered blocking state [ 3315.747272][T15283] out_of_memory+0x358/0x14a0 [ 3315.747314][T15283] ? find_held_lock+0x2d/0x110 [ 3315.747342][T15283] ? oom_killer_disable+0x270/0x270 [ 3315.747375][T15283] ? find_held_lock+0x2d/0x110 [ 3315.754737][T15274] bridge4137: port 1(bridge_slave_1) entered forwarding state [ 3315.759286][T15283] mem_cgroup_out_of_memory+0x206/0x270 [ 3315.759314][T15283] ? mem_cgroup_margin+0x130/0x130 [ 3315.759337][T15283] ? lock_downgrade+0x6e0/0x6e0 [ 3315.797032][T15283] try_charge_memcg+0xf67/0x13f0 [ 3315.802034][T15283] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3315.808035][T15283] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3315.813782][T15283] ? lock_downgrade+0x6e0/0x6e0 [ 3315.818677][T15283] obj_cgroup_charge+0x2ab/0x5e0 [ 3315.823652][T15283] ? __anon_vma_prepare+0x2d6/0x560 [ 3315.828963][T15283] kmem_cache_alloc+0x96/0x3b0 [ 3315.833762][T15283] __anon_vma_prepare+0x2d6/0x560 [ 3315.838895][T15283] ? __pmd_alloc+0x2ff/0x5c0 [ 3315.843517][T15283] __handle_mm_fault+0x340e/0x39b0 [ 3315.847821][T15274] bond0: (slave bridge4137): Enslaving as an active interface with an up link [ 3315.848645][T15283] ? vm_iomap_memory+0x190/0x190 [ 3315.848710][T15283] handle_mm_fault+0x1c8/0x780 [ 3315.867273][T15283] do_user_addr_fault+0x475/0x1210 [ 3315.869094][T15278] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3315.872417][T15283] exc_page_fault+0x94/0x170 [ 3315.872457][T15283] asm_exc_page_fault+0x22/0x30 [ 3315.891193][T15283] RIP: 0033:0x7f98a3484695 [ 3315.895628][T15283] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3315.915260][T15283] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3315.921360][T15283] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 03:15:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc7000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:37 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000700b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3315.929362][T15283] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3315.937376][T15283] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3315.945387][T15283] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00000000003297c2 [ 3315.953420][T15283] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3315.961441][T15283] [ 3315.975401][T15280] bridge1288: port 1(bridge_slave_1) entered disabled state 03:15:37 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000000c70", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3315.994354][T15280] bridge1290: port 1(bridge_slave_1) entered blocking state [ 3316.001931][T15280] bridge1290: port 1(bridge_slave_1) entered disabled state [ 3316.052161][T15283] memory: usage 307200kB, limit 307200kB, failcnt 28248 [ 3316.068353][T15283] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3316.075519][T15283] Memory cgroup stats for /syz0: [ 3316.075697][T15283] anon 126976 [ 3316.075697][T15283] file 319488 [ 3316.075697][T15283] kernel 314126336 [ 3316.075697][T15283] kernel_stack 65536 [ 3316.075697][T15283] pagetables 81920 [ 3316.075697][T15283] percpu 5425088 [ 3316.075697][T15283] sock 0 [ 3316.075697][T15283] vmalloc 0 [ 3316.075697][T15283] shmem 319488 [ 3316.075697][T15283] zswap 0 [ 3316.075697][T15283] zswapped 0 [ 3316.075697][T15283] file_mapped 303104 [ 3316.075697][T15283] file_dirty 0 [ 3316.075697][T15283] file_writeback 0 [ 3316.075697][T15283] swapcached 0 [ 3316.075697][T15283] anon_thp 0 [ 3316.075697][T15283] file_thp 0 [ 3316.075697][T15283] shmem_thp 0 [ 3316.075697][T15283] inactive_anon 131072 [ 3316.075697][T15283] active_anon 315392 [ 3316.075697][T15283] inactive_file 0 [ 3316.075697][T15283] active_file 0 [ 3316.075697][T15283] unevictable 0 [ 3316.075697][T15283] slab_reclaimable 226056 [ 3316.075697][T15283] slab_unreclaimable 308290720 [ 3316.075697][T15283] slab 308516776 [ 3316.085509][T15286] bridge3190: port 1(bridge_slave_1) entered disabled state [ 3316.184917][T15283] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15283,uid=0 [ 3316.212204][T15286] bridge3191: port 1(bridge_slave_1) entered blocking state [ 3316.212623][T15283] Memory cgroup out of memory: Killed process 15283 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3316.220531][T15286] bridge3191: port 1(bridge_slave_1) entered disabled state [ 3316.265846][T15292] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3316.281308][T15292] CPU: 1 PID: 15292 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3316.291506][T15292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3316.301577][T15292] Call Trace: [ 3316.304882][T15292] [ 3316.307831][T15292] dump_stack_lvl+0xcd/0x134 03:15:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3316.312465][T15292] dump_header+0x10b/0x7f9 [ 3316.316906][T15292] oom_kill_process.cold+0x10/0x15 [ 3316.322045][T15292] out_of_memory+0x358/0x14a0 [ 3316.326754][T15292] ? find_held_lock+0x2d/0x110 [ 3316.331552][T15292] ? oom_killer_disable+0x270/0x270 [ 3316.333233][T15287] bond0: (slave bridge3191): Enslaving as an active interface with an up link [ 3316.336768][T15292] ? find_held_lock+0x2d/0x110 [ 3316.336805][T15292] mem_cgroup_out_of_memory+0x206/0x270 [ 3316.336835][T15292] ? mem_cgroup_margin+0x130/0x130 [ 3316.361095][T15292] ? lock_downgrade+0x6e0/0x6e0 [ 3316.365996][T15292] try_charge_memcg+0xf67/0x13f0 [ 3316.370982][T15292] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3316.376998][T15292] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3316.382749][T15292] ? lock_downgrade+0x6e0/0x6e0 [ 3316.387621][T15292] ? lock_downgrade+0x6e0/0x6e0 [ 3316.392504][T15292] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3316.398079][T15292] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3316.404260][T15292] copy_process+0x145a/0x7090 [ 3316.408951][T15292] ? __lock_acquire+0xbc3/0x56d0 [ 3316.413895][T15292] ? __cleanup_sighand+0xb0/0xb0 [ 3316.418861][T15292] kernel_clone+0xe7/0xab0 [ 3316.423384][T15292] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3316.429375][T15292] ? create_io_thread+0xe0/0xe0 [ 3316.434246][T15292] ? find_held_lock+0x2d/0x110 [ 3316.439025][T15292] ? __ct_user_exit+0xff/0x150 [ 3316.443798][T15292] __do_sys_clone+0xba/0x100 [ 3316.448395][T15292] ? kernel_clone+0xab0/0xab0 [ 3316.453081][T15292] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3316.458980][T15292] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3316.464892][T15292] do_syscall_64+0x35/0xb0 [ 3316.469320][T15292] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3316.475217][T15292] RIP: 0033:0x7ff38a48a6a1 [ 3316.479650][T15292] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3316.499366][T15292] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3316.507789][T15292] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 03:15:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x2, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3316.515777][T15292] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3316.523753][T15292] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3316.531723][T15292] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3316.539689][T15292] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3316.547692][T15292] 03:15:37 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0x600, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) [ 3316.574161][T15292] memory: usage 307200kB, limit 307200kB, failcnt 4971 [ 3316.606678][T15292] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3316.624308][T15292] Memory cgroup stats for /syz2: [ 3316.624550][T15292] anon 147456 [ 3316.624550][T15292] file 360448 [ 3316.624550][T15292] kernel 314064896 [ 3316.624550][T15292] kernel_stack 65536 [ 3316.624550][T15292] pagetables 81920 [ 3316.624550][T15292] percpu 5433376 [ 3316.624550][T15292] sock 0 [ 3316.624550][T15292] vmalloc 0 [ 3316.624550][T15292] shmem 356352 [ 3316.624550][T15292] zswap 0 [ 3316.624550][T15292] zswapped 0 [ 3316.624550][T15292] file_mapped 356352 [ 3316.624550][T15292] file_dirty 0 [ 3316.624550][T15292] file_writeback 0 [ 3316.624550][T15292] swapcached 0 [ 3316.624550][T15292] anon_thp 0 [ 3316.624550][T15292] file_thp 0 [ 3316.624550][T15292] shmem_thp 0 [ 3316.624550][T15292] inactive_anon 204800 [ 3316.624550][T15292] active_anon 299008 [ 3316.624550][T15292] inactive_file 0 [ 3316.624550][T15292] active_file 4096 [ 3316.624550][T15292] unevictable 0 [ 3316.624550][T15292] slab_reclaimable 58856 [ 3316.624550][T15292] slab_unreclaimable 308387568 [ 3316.624550][T15292] slab 308446424 [ 3316.722440][T15297] bridge4137: port 1(bridge_slave_1) entered disabled state [ 3316.745683][T15292] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15292,uid=0 [ 3316.763305][T15297] bridge4138: port 1(bridge_slave_1) entered blocking state [ 3316.763799][T15292] Memory cgroup out of memory: Killed process 15292 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3316.792407][T15297] bridge4138: port 1(bridge_slave_1) entered disabled state [ 3316.827153][T15300] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3316.840518][T15300] CPU: 0 PID: 15300 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3316.850725][T15300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3316.860800][T15300] Call Trace: [ 3316.864096][T15300] [ 3316.867047][T15300] dump_stack_lvl+0xcd/0x134 [ 3316.871670][T15300] dump_header+0x10b/0x7f9 [ 3316.876113][T15300] oom_kill_process.cold+0x10/0x15 [ 3316.881253][T15300] out_of_memory+0x358/0x14a0 [ 3316.885957][T15300] ? find_held_lock+0x2d/0x110 [ 3316.890753][T15300] ? oom_killer_disable+0x270/0x270 [ 3316.895994][T15300] ? find_held_lock+0x2d/0x110 [ 3316.900816][T15300] mem_cgroup_out_of_memory+0x206/0x270 [ 3316.906377][T15300] ? mem_cgroup_margin+0x130/0x130 [ 3316.911498][T15300] ? lock_downgrade+0x6e0/0x6e0 [ 3316.916378][T15300] try_charge_memcg+0xf67/0x13f0 [ 3316.921331][T15300] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3316.927325][T15300] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3316.933055][T15300] ? lock_downgrade+0x6e0/0x6e0 [ 3316.937935][T15300] obj_cgroup_charge+0x2ab/0x5e0 [ 3316.942884][T15300] ? __anon_vma_prepare+0x2d6/0x560 [ 3316.948095][T15300] kmem_cache_alloc+0x96/0x3b0 [ 3316.952874][T15300] __anon_vma_prepare+0x2d6/0x560 [ 3316.957906][T15300] ? __pmd_alloc+0x2ff/0x5c0 [ 3316.962506][T15300] __handle_mm_fault+0x340e/0x39b0 [ 3316.967631][T15300] ? vm_iomap_memory+0x190/0x190 [ 3316.972612][T15300] handle_mm_fault+0x1c8/0x780 [ 3316.977393][T15300] do_user_addr_fault+0x475/0x1210 [ 3316.982529][T15300] exc_page_fault+0x94/0x170 [ 3316.987141][T15300] asm_exc_page_fault+0x22/0x30 [ 3316.992011][T15300] RIP: 0033:0x7f98a3484695 [ 3316.996430][T15300] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3317.016044][T15300] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3317.022115][T15300] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3317.030088][T15300] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3317.038076][T15300] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3317.046061][T15300] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 0000000000329c26 [ 3317.054047][T15300] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3317.062053][T15300] 03:15:38 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000780b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3317.073682][T15300] memory: usage 307200kB, limit 307200kB, failcnt 28323 [ 3317.093437][T15300] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3317.102229][T15298] bridge4138: port 1(bridge_slave_1) entered blocking state [ 3317.109771][T15298] bridge4138: port 1(bridge_slave_1) entered forwarding state [ 3317.149544][T15300] Memory cgroup stats for /syz0: [ 3317.149682][T15300] anon 126976 [ 3317.149682][T15300] file 319488 [ 3317.149682][T15300] kernel 314126336 [ 3317.149682][T15300] kernel_stack 65536 [ 3317.149682][T15300] pagetables 81920 [ 3317.149682][T15300] percpu 5425088 [ 3317.149682][T15300] sock 0 [ 3317.149682][T15300] vmalloc 0 [ 3317.149682][T15300] shmem 319488 [ 3317.149682][T15300] zswap 0 [ 3317.149682][T15300] zswapped 0 [ 3317.149682][T15300] file_mapped 303104 [ 3317.149682][T15300] file_dirty 0 [ 3317.149682][T15300] file_writeback 0 [ 3317.149682][T15300] swapcached 0 [ 3317.149682][T15300] anon_thp 0 [ 3317.149682][T15300] file_thp 0 [ 3317.149682][T15300] shmem_thp 0 [ 3317.149682][T15300] inactive_anon 131072 [ 3317.149682][T15300] active_anon 315392 [ 3317.149682][T15300] inactive_file 0 [ 3317.149682][T15300] active_file 0 [ 3317.149682][T15300] unevictable 0 [ 3317.149682][T15300] slab_reclaimable 226056 [ 3317.149682][T15300] slab_unreclaimable 308290720 [ 3317.149682][T15300] slab 308516776 [ 3317.181895][T15298] bond0: (slave bridge4138): Enslaving as an active interface with an up link [ 3317.257912][T15300] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15300,uid=0 [ 3317.276990][T15302] bridge1290: port 1(bridge_slave_1) entered disabled state 03:15:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000001c8000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3317.311732][T15302] bridge1291: port 1(bridge_slave_1) entered blocking state [ 3317.320168][T15300] Memory cgroup out of memory: Killed process 15300 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3317.348597][T15302] bridge1291: port 1(bridge_slave_1) entered disabled state 03:15:38 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000000c70", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3317.407712][T15310] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3317.447704][T15310] CPU: 0 PID: 15310 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3317.457928][T15310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3317.468013][T15310] Call Trace: [ 3317.471316][T15310] [ 3317.474266][T15310] dump_stack_lvl+0xcd/0x134 [ 3317.478903][T15310] dump_header+0x10b/0x7f9 [ 3317.483359][T15310] oom_kill_process.cold+0x10/0x15 [ 3317.488516][T15310] out_of_memory+0x358/0x14a0 [ 3317.493242][T15310] ? oom_killer_disable+0x270/0x270 [ 3317.498480][T15310] ? find_held_lock+0x2d/0x110 03:15:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3317.503266][T15310] mem_cgroup_out_of_memory+0x206/0x270 [ 3317.508836][T15310] ? mem_cgroup_margin+0x130/0x130 [ 3317.513975][T15310] ? lock_downgrade+0x6e0/0x6e0 [ 3317.518880][T15310] try_charge_memcg+0xf67/0x13f0 [ 3317.523866][T15310] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3317.529969][T15310] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3317.535725][T15310] ? lock_downgrade+0x6e0/0x6e0 [ 3317.540613][T15310] ? lock_downgrade+0x6e0/0x6e0 [ 3317.545495][T15310] ? rcu_read_unlock+0x9/0x60 [ 3317.550222][T15310] obj_cgroup_charge+0x2ab/0x5e0 [ 3317.555199][T15310] ? copy_process+0x4ce/0x7090 [ 3317.559991][T15310] kmem_cache_alloc_node+0x92/0x3f0 [ 3317.565234][T15310] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3317.570481][T15310] copy_process+0x4ce/0x7090 [ 3317.575116][T15310] ? __lock_acquire+0xbc3/0x56d0 [ 3317.580107][T15310] ? __cleanup_sighand+0xb0/0xb0 [ 3317.585099][T15310] kernel_clone+0xe7/0xab0 [ 3317.589554][T15310] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3317.595578][T15310] ? create_io_thread+0xe0/0xe0 [ 3317.600552][T15310] ? find_held_lock+0x2d/0x110 [ 3317.605333][T15310] ? __ct_user_exit+0xff/0x150 [ 3317.610122][T15310] __do_sys_clone+0xba/0x100 [ 3317.614736][T15310] ? kernel_clone+0xab0/0xab0 [ 3317.619436][T15310] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3317.625345][T15310] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3317.631276][T15310] do_syscall_64+0x35/0xb0 [ 3317.635700][T15310] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3317.641605][T15310] RIP: 0033:0x7ff38a48a6a1 [ 3317.646026][T15310] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3317.665651][T15310] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3317.674071][T15310] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3317.682067][T15310] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3317.690053][T15310] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3317.698029][T15310] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3317.706016][T15310] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3317.714010][T15310] [ 3317.741276][T15310] memory: usage 307188kB, limit 307200kB, failcnt 5085 [ 3317.750532][T15310] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3317.753504][T15308] bridge3191: port 1(bridge_slave_1) entered disabled state [ 3317.758613][T15310] Memory cgroup stats for /syz2: [ 3317.767547][T15310] anon 147456 [ 3317.767547][T15310] file 360448 [ 3317.767547][T15310] kernel 314048512 [ 3317.767547][T15310] kernel_stack 65536 [ 3317.767547][T15310] pagetables 81920 [ 3317.767547][T15310] percpu 5433376 [ 3317.767547][T15310] sock 0 [ 3317.767547][T15310] vmalloc 0 [ 3317.767547][T15310] shmem 356352 [ 3317.767547][T15310] zswap 0 [ 3317.767547][T15310] zswapped 0 [ 3317.767547][T15310] file_mapped 356352 [ 3317.767547][T15310] file_dirty 0 [ 3317.767547][T15310] file_writeback 0 [ 3317.767547][T15310] swapcached 0 [ 3317.767547][T15310] anon_thp 0 [ 3317.767547][T15310] file_thp 0 [ 3317.767547][T15310] shmem_thp 0 [ 3317.767547][T15310] inactive_anon 204800 [ 3317.767547][T15310] active_anon 299008 [ 3317.767547][T15310] inactive_file 0 [ 3317.767547][T15310] active_file 4096 [ 3317.767547][T15310] unevictable 0 [ 3317.767547][T15310] slab_reclaimable 58856 [ 3317.767547][T15310] slab_unreclaimable 308380008 03:15:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0x600, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) [ 3317.767547][T15310] slab 308438864 [ 3317.895408][T15310] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15310,uid=0 [ 3317.902994][T15308] bridge3192: port 1(bridge_slave_1) entered blocking state [ 3317.926642][T15310] Memory cgroup out of memory: Killed process 15310 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3317.936594][T15308] bridge3192: port 1(bridge_slave_1) entered disabled state [ 3318.025736][T15319] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3318.057727][T15319] CPU: 1 PID: 15319 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3318.067939][T15319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3318.078006][T15319] Call Trace: [ 3318.081315][T15319] [ 3318.084211][T15309] bond0: (slave bridge3192): Enslaving as an active interface with an up link [ 3318.084252][T15319] dump_stack_lvl+0xcd/0x134 [ 3318.097703][T15319] dump_header+0x10b/0x7f9 [ 3318.102161][T15319] oom_kill_process.cold+0x10/0x15 [ 3318.107308][T15319] out_of_memory+0x358/0x14a0 [ 3318.112023][T15319] ? find_held_lock+0x2d/0x110 [ 3318.116815][T15319] ? oom_killer_disable+0x270/0x270 03:15:39 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x2, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3318.122046][T15319] ? find_held_lock+0x2d/0x110 [ 3318.126843][T15319] mem_cgroup_out_of_memory+0x206/0x270 [ 3318.132418][T15319] ? mem_cgroup_margin+0x130/0x130 [ 3318.137554][T15319] ? lock_downgrade+0x6e0/0x6e0 [ 3318.142453][T15319] try_charge_memcg+0xf67/0x13f0 [ 3318.147427][T15319] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3318.153437][T15319] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3318.159186][T15319] ? lock_downgrade+0x6e0/0x6e0 [ 3318.164098][T15319] obj_cgroup_charge+0x2ab/0x5e0 [ 3318.169083][T15319] ? __anon_vma_prepare+0x2d6/0x560 [ 3318.174312][T15319] kmem_cache_alloc+0x96/0x3b0 [ 3318.179111][T15319] __anon_vma_prepare+0x2d6/0x560 [ 3318.184167][T15319] ? __pmd_alloc+0x2ff/0x5c0 [ 3318.188784][T15319] __handle_mm_fault+0x340e/0x39b0 [ 3318.193939][T15319] ? vm_iomap_memory+0x190/0x190 [ 3318.198932][T15319] handle_mm_fault+0x1c8/0x780 [ 3318.203733][T15319] do_user_addr_fault+0x475/0x1210 [ 3318.208894][T15319] exc_page_fault+0x94/0x170 [ 3318.213532][T15319] asm_exc_page_fault+0x22/0x30 [ 3318.218409][T15319] RIP: 0033:0x7f98a3484695 [ 3318.222845][T15319] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3318.242484][T15319] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3318.248583][T15319] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3318.256580][T15319] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3318.264575][T15319] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3318.272570][T15319] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032a0c9 [ 3318.280578][T15319] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3318.288601][T15319] [ 3318.308798][T15327] __nla_validate_parse: 5 callbacks suppressed [ 3318.308818][T15327] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 03:15:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000800b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3318.362772][T15319] memory: usage 307188kB, limit 307200kB, failcnt 28420 [ 3318.378485][T15319] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3318.386123][T15314] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3318.398188][T15319] Memory cgroup stats for /syz0: [ 3318.398426][T15319] anon 126976 [ 3318.398426][T15319] file 319488 [ 3318.398426][T15319] kernel 314114048 [ 3318.398426][T15319] kernel_stack 65536 [ 3318.398426][T15319] pagetables 81920 [ 3318.398426][T15319] percpu 5425088 [ 3318.398426][T15319] sock 0 [ 3318.398426][T15319] vmalloc 0 [ 3318.398426][T15319] shmem 319488 [ 3318.398426][T15319] zswap 0 [ 3318.398426][T15319] zswapped 0 [ 3318.398426][T15319] file_mapped 303104 [ 3318.398426][T15319] file_dirty 0 [ 3318.398426][T15319] file_writeback 0 [ 3318.398426][T15319] swapcached 0 [ 3318.398426][T15319] anon_thp 0 [ 3318.398426][T15319] file_thp 0 [ 3318.398426][T15319] shmem_thp 0 [ 3318.398426][T15319] inactive_anon 131072 [ 3318.398426][T15319] active_anon 315392 [ 3318.398426][T15319] inactive_file 0 [ 3318.398426][T15319] active_file 0 [ 3318.398426][T15319] unevictable 0 [ 3318.398426][T15319] slab_reclaimable 226056 [ 3318.398426][T15319] slab_unreclaimable 308279320 [ 3318.398426][T15319] slab 308505376 [ 3318.585752][T15317] bridge4138: port 1(bridge_slave_1) entered disabled state [ 3318.618241][T15319] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15319,uid=0 [ 3318.644362][T15319] Memory cgroup out of memory: Killed process 15319 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3318.646651][T15317] bridge4139: port 1(bridge_slave_1) entered blocking state [ 3318.674422][T15330] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3318.698524][T15330] CPU: 1 PID: 15330 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3318.708740][T15330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3318.718822][T15330] Call Trace: [ 3318.721018][T15317] bridge4139: port 1(bridge_slave_1) entered disabled state [ 3318.722104][T15330] [ 3318.722117][T15330] dump_stack_lvl+0xcd/0x134 [ 3318.722158][T15330] dump_header+0x10b/0x7f9 [ 3318.741385][T15330] oom_kill_process.cold+0x10/0x15 [ 3318.746544][T15330] out_of_memory+0x358/0x14a0 [ 3318.751271][T15330] ? oom_killer_disable+0x270/0x270 [ 3318.756514][T15330] ? find_held_lock+0x2d/0x110 [ 3318.761317][T15330] mem_cgroup_out_of_memory+0x206/0x270 [ 3318.766892][T15330] ? mem_cgroup_margin+0x130/0x130 [ 3318.772020][T15330] ? lock_downgrade+0x6e0/0x6e0 [ 3318.776926][T15330] try_charge_memcg+0xf67/0x13f0 [ 3318.781933][T15330] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3318.787939][T15330] ? lock_downgrade+0x6e0/0x6e0 [ 3318.792821][T15330] charge_memcg+0x31/0x320 [ 3318.797344][T15330] __mem_cgroup_charge+0x27/0x90 [ 3318.802299][T15330] ? _compound_head+0x5d/0x150 [ 3318.807088][T15330] __handle_mm_fault+0x17df/0x39b0 [ 3318.812219][T15330] ? vm_iomap_memory+0x190/0x190 [ 3318.817191][T15330] handle_mm_fault+0x1c8/0x780 [ 3318.821972][T15330] do_user_addr_fault+0x475/0x1210 [ 3318.827106][T15330] exc_page_fault+0x94/0x170 [ 3318.831716][T15330] asm_exc_page_fault+0x22/0x30 [ 3318.836574][T15330] RIP: 0033:0x7ff38a43c011 [ 3318.840997][T15330] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3318.860626][T15330] RSP: 002b:00007ff38b504000 EFLAGS: 00010206 [ 3318.866706][T15330] RAX: 0000000000000001 RBX: 00007ff38b5040f0 RCX: 0000000000000000 [ 3318.874691][T15330] RDX: 0000000000000020 RSI: 00007ff38b504140 RDI: 0000000000000004 [ 3318.882671][T15330] RBP: 0000000000000000 R08: 00007ff38b504054 R09: 000000000000000c [ 3318.890669][T15330] R10: 0000000000000000 R11: 00000000200005cf R12: 00007ff38b5040a8 03:15:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3318.898648][T15330] R13: 00007ff38b504140 R14: 0000000000000004 R15: 0000000000000000 [ 3318.906649][T15330] [ 3318.934580][T15318] bridge1291: port 1(bridge_slave_1) entered disabled state 03:15:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc8000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3318.967829][T15330] memory: usage 307172kB, limit 307200kB, failcnt 5153 [ 3318.979279][T15330] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3319.005725][T15327] bridge3192: port 1(bridge_slave_1) entered disabled state [ 3319.016130][T15330] Memory cgroup stats for /syz2: [ 3319.016338][T15330] anon 139264 [ 3319.016338][T15330] file 360448 [ 3319.016338][T15330] kernel 314044416 [ 3319.016338][T15330] kernel_stack 65536 [ 3319.016338][T15330] pagetables 77824 [ 3319.016338][T15330] percpu 5433376 [ 3319.016338][T15330] sock 0 [ 3319.016338][T15330] vmalloc 0 [ 3319.016338][T15330] shmem 356352 [ 3319.016338][T15330] zswap 0 [ 3319.016338][T15330] zswapped 0 [ 3319.016338][T15330] file_mapped 356352 [ 3319.016338][T15330] file_dirty 0 [ 3319.016338][T15330] file_writeback 0 03:15:40 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3319.016338][T15330] swapcached 0 [ 3319.016338][T15330] anon_thp 0 [ 3319.016338][T15330] file_thp 0 [ 3319.016338][T15330] shmem_thp 0 [ 3319.016338][T15330] inactive_anon 196608 [ 3319.016338][T15330] active_anon 299008 [ 3319.016338][T15330] inactive_file 0 [ 3319.016338][T15330] active_file 4096 [ 3319.016338][T15330] unevictable 0 [ 3319.016338][T15330] slab_reclaimable 58856 [ 3319.016338][T15330] slab_unreclaimable 308379080 [ 3319.016338][T15330] slab 308437936 [ 3319.145699][T15327] bridge3193: port 1(bridge_slave_1) entered blocking state [ 3319.158193][T15330] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15329,uid=0 [ 3319.166840][T15327] bridge3193: port 1(bridge_slave_1) entered disabled state [ 3319.174877][T15330] Memory cgroup out of memory: Killed process 15329 (syz-executor.2) total-vm:54508kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3319.201359][T15331] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3319.223115][T15331] CPU: 0 PID: 15331 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3319.233327][T15331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3319.243401][T15331] Call Trace: [ 3319.246692][T15331] [ 3319.249641][T15331] dump_stack_lvl+0xcd/0x134 [ 3319.254254][T15331] dump_header+0x10b/0x7f9 [ 3319.258691][T15331] oom_kill_process.cold+0x10/0x15 [ 3319.263838][T15331] out_of_memory+0x358/0x14a0 [ 3319.267735][T15328] bond0: (slave bridge3193): Enslaving as an active interface with an up link [ 3319.268537][T15331] ? oom_killer_disable+0x270/0x270 [ 3319.268577][T15331] ? find_held_lock+0x2d/0x110 [ 3319.287425][T15331] mem_cgroup_out_of_memory+0x206/0x270 03:15:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000780b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3319.293003][T15331] ? mem_cgroup_margin+0x130/0x130 [ 3319.298145][T15331] ? lock_downgrade+0x6e0/0x6e0 [ 3319.303044][T15331] try_charge_memcg+0xf67/0x13f0 [ 3319.308018][T15331] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3319.314032][T15331] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3319.319790][T15331] ? lock_downgrade+0x6e0/0x6e0 [ 3319.324699][T15331] obj_cgroup_charge+0x2ab/0x5e0 [ 3319.326972][T15346] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3319.329653][T15331] ? __anon_vma_prepare+0x2d6/0x560 [ 3319.329689][T15331] kmem_cache_alloc+0x96/0x3b0 [ 3319.329719][T15331] __anon_vma_prepare+0x2d6/0x560 [ 3319.329743][T15331] ? __pmd_alloc+0x2ff/0x5c0 [ 3319.329772][T15331] __handle_mm_fault+0x340e/0x39b0 [ 3319.329805][T15331] ? vm_iomap_memory+0x190/0x190 [ 3319.329855][T15331] handle_mm_fault+0x1c8/0x780 [ 3319.329886][T15331] do_user_addr_fault+0x475/0x1210 [ 3319.329930][T15331] exc_page_fault+0x94/0x170 [ 3319.329962][T15331] asm_exc_page_fault+0x22/0x30 [ 3319.329986][T15331] RIP: 0033:0x7f98a3484695 [ 3319.330008][T15331] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3319.330032][T15331] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3319.330055][T15331] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3319.330071][T15331] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3319.330087][T15331] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 03:15:40 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000880b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3319.330103][T15331] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032a4c0 [ 3319.330127][T15331] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3319.330164][T15331] [ 3319.346948][T15331] memory: usage 307200kB, limit 307200kB, failcnt 28505 [ 3319.478024][T15331] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3319.484999][T15331] Memory cgroup stats for /syz0: [ 3319.485160][T15331] anon 126976 [ 3319.485160][T15331] file 319488 [ 3319.485160][T15331] kernel 314118144 [ 3319.485160][T15331] kernel_stack 65536 [ 3319.485160][T15331] pagetables 81920 [ 3319.485160][T15331] percpu 5425088 [ 3319.485160][T15331] sock 0 [ 3319.485160][T15331] vmalloc 0 [ 3319.485160][T15331] shmem 319488 [ 3319.485160][T15331] zswap 0 [ 3319.485160][T15331] zswapped 0 [ 3319.485160][T15331] file_mapped 303104 [ 3319.485160][T15331] file_dirty 0 [ 3319.485160][T15331] file_writeback 0 [ 3319.485160][T15331] swapcached 0 [ 3319.485160][T15331] anon_thp 0 [ 3319.485160][T15331] file_thp 0 [ 3319.485160][T15331] shmem_thp 0 [ 3319.485160][T15331] inactive_anon 131072 [ 3319.485160][T15331] active_anon 315392 [ 3319.485160][T15331] inactive_file 0 [ 3319.485160][T15331] active_file 0 [ 3319.485160][T15331] unevictable 0 [ 3319.485160][T15331] slab_reclaimable 226056 [ 3319.485160][T15331] slab_unreclaimable 308281424 [ 3319.485160][T15331] slab 308507480 03:15:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3319.587358][T15331] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15331,uid=0 [ 3319.590341][T15337] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3319.603847][T15331] Memory cgroup out of memory: Killed process 15331 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3319.675613][T15338] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3319.721174][T15351] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3319.731756][T15351] CPU: 0 PID: 15351 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3319.741944][T15351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3319.752127][T15351] Call Trace: [ 3319.755414][T15351] [ 3319.758267][T15342] bridge4139: port 1(bridge_slave_1) entered disabled state [ 3319.758428][T15351] dump_stack_lvl+0xcd/0x134 [ 3319.770327][T15351] dump_header+0x10b/0x7f9 [ 3319.774760][T15351] oom_kill_process.cold+0x10/0x15 [ 3319.779877][T15351] out_of_memory+0x358/0x14a0 [ 3319.784567][T15351] ? find_held_lock+0x2d/0x110 [ 3319.789361][T15351] ? oom_killer_disable+0x270/0x270 [ 3319.794593][T15351] ? find_held_lock+0x2d/0x110 [ 3319.799389][T15351] mem_cgroup_out_of_memory+0x206/0x270 [ 3319.804970][T15351] ? mem_cgroup_margin+0x130/0x130 [ 3319.810121][T15351] ? lock_downgrade+0x6e0/0x6e0 [ 3319.814994][T15351] try_charge_memcg+0xf67/0x13f0 [ 3319.819949][T15351] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3319.825943][T15351] ? lock_downgrade+0x6e0/0x6e0 [ 3319.830829][T15351] charge_memcg+0x31/0x320 [ 3319.835286][T15351] __mem_cgroup_charge+0x27/0x90 [ 3319.840258][T15351] ? _compound_head+0x5d/0x150 [ 3319.845055][T15351] wp_page_copy+0x27c/0x1b60 [ 3319.849696][T15351] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3319.855175][T15351] ? lock_downgrade+0x6e0/0x6e0 [ 3319.860049][T15351] ? vm_normal_page+0x146/0x2a0 [ 3319.864960][T15351] do_wp_page+0x1d1/0x1910 [ 3319.869413][T15351] __handle_mm_fault+0x1813/0x39b0 [ 3319.874529][T15351] ? vm_iomap_memory+0x190/0x190 [ 3319.879486][T15351] handle_mm_fault+0x1c8/0x780 [ 3319.884687][T15351] do_user_addr_fault+0x475/0x1210 [ 3319.889824][T15351] exc_page_fault+0x94/0x170 [ 3319.894450][T15351] asm_exc_page_fault+0x22/0x30 [ 3319.899323][T15351] RIP: 0033:0x7f98a34374b0 [ 3319.903755][T15351] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3319.923374][T15351] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3319.929459][T15351] RAX: 000000009baee0a5 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3319.937449][T15351] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0db1 [ 3319.945449][T15351] RBP: 000000009baee0a5 R08: 00000000000000a5 R09: 000000009baee0a9 [ 3319.953449][T15351] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3319.961691][T15351] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff81a32736 [ 3319.969675][T15351] ? trace_user_exit.constprop.0+0x166/0x210 [ 3319.975689][T15351] [ 3319.993649][T15351] memory: usage 307180kB, limit 307200kB, failcnt 28528 [ 3320.005319][T15351] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.012476][T15351] Memory cgroup stats for /syz0: [ 3320.012638][T15351] anon 110592 [ 3320.012638][T15351] file 319488 [ 3320.012638][T15351] kernel 314118144 [ 3320.012638][T15351] kernel_stack 65536 [ 3320.012638][T15351] pagetables 73728 [ 3320.012638][T15351] percpu 5425088 [ 3320.012638][T15351] sock 0 [ 3320.012638][T15351] vmalloc 0 [ 3320.012638][T15351] shmem 319488 [ 3320.012638][T15351] zswap 0 [ 3320.012638][T15351] zswapped 0 [ 3320.012638][T15351] file_mapped 303104 [ 3320.012638][T15351] file_dirty 0 [ 3320.012638][T15351] file_writeback 0 [ 3320.012638][T15351] swapcached 0 [ 3320.012638][T15351] anon_thp 0 [ 3320.012638][T15351] file_thp 0 [ 3320.012638][T15351] shmem_thp 0 [ 3320.012638][T15351] inactive_anon 114688 [ 3320.012638][T15351] active_anon 315392 [ 3320.012638][T15351] inactive_file 0 [ 3320.012638][T15351] active_file 0 [ 3320.012638][T15351] unevictable 0 [ 3320.012638][T15351] slab_reclaimable 224128 [ 3320.012638][T15351] slab_unreclaimable 308290600 [ 3320.012638][T15351] slab 308514728 [ 3320.022725][T15342] bridge4140: port 1(bridge_slave_1) entered blocking state 03:15:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3320.117488][T15351] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15351,uid=0 [ 3320.142017][T15351] Memory cgroup out of memory: Killed process 15351 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3320.162031][T15342] bridge4140: port 1(bridge_slave_1) entered disabled state [ 3320.197021][T15349] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3320.217101][T15349] CPU: 0 PID: 15349 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3320.227310][T15349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3320.229633][T15341] bridge2547: port 1(bridge_slave_1) entered blocking state [ 3320.237370][T15349] Call Trace: [ 3320.237384][T15349] [ 3320.237395][T15349] dump_stack_lvl+0xcd/0x134 [ 3320.237430][T15349] dump_header+0x10b/0x7f9 [ 3320.244891][T15341] bridge2547: port 1(bridge_slave_1) entered disabled state [ 3320.247970][T15349] oom_kill_process.cold+0x10/0x15 [ 3320.248007][T15349] out_of_memory+0x358/0x14a0 [ 3320.248041][T15349] ? find_held_lock+0x2d/0x110 [ 3320.281918][T15349] ? oom_killer_disable+0x270/0x270 [ 3320.288203][T15349] ? find_held_lock+0x2d/0x110 [ 3320.292993][T15349] mem_cgroup_out_of_memory+0x206/0x270 [ 3320.298559][T15349] ? mem_cgroup_margin+0x130/0x130 [ 3320.303680][T15349] ? lock_downgrade+0x6e0/0x6e0 [ 3320.308557][T15349] try_charge_memcg+0xf67/0x13f0 [ 3320.313514][T15349] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3320.319505][T15349] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3320.325235][T15349] ? lock_downgrade+0x6e0/0x6e0 [ 3320.330100][T15349] ? lock_downgrade+0x6e0/0x6e0 [ 3320.334970][T15349] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3320.340554][T15349] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3320.346727][T15349] copy_process+0x607/0x7090 [ 3320.351332][T15349] ? __lock_acquire+0xbc3/0x56d0 [ 3320.356291][T15349] ? __cleanup_sighand+0xb0/0xb0 [ 3320.361255][T15349] kernel_clone+0xe7/0xab0 [ 3320.365697][T15349] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3320.371686][T15349] ? create_io_thread+0xe0/0xe0 [ 3320.376556][T15349] ? find_held_lock+0x2d/0x110 [ 3320.381363][T15349] ? __ct_user_exit+0xff/0x150 [ 3320.386142][T15349] __do_sys_clone+0xba/0x100 [ 3320.390741][T15349] ? kernel_clone+0xab0/0xab0 [ 3320.395440][T15349] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3320.401363][T15349] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3320.407274][T15349] do_syscall_64+0x35/0xb0 [ 3320.411735][T15349] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3320.419658][T15349] RIP: 0033:0x7ff38a48a6a1 [ 3320.424096][T15349] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3320.443735][T15349] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3320.452243][T15349] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3320.460245][T15349] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3320.468220][T15349] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3320.476296][T15349] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3320.484287][T15349] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3320.492294][T15349] 03:15:41 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400ffffff0300000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3320.497799][T15343] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3320.498469][T15349] memory: usage 307200kB, limit 307200kB, failcnt 5249 [ 3320.539256][T15349] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.555670][T15349] Memory cgroup stats for /syz2: [ 3320.555848][T15349] anon 147456 [ 3320.555848][T15349] file 360448 [ 3320.555848][T15349] kernel 314064896 [ 3320.555848][T15349] kernel_stack 65536 [ 3320.555848][T15349] pagetables 81920 [ 3320.555848][T15349] percpu 5433376 [ 3320.555848][T15349] sock 0 [ 3320.555848][T15349] vmalloc 0 [ 3320.555848][T15349] shmem 356352 [ 3320.555848][T15349] zswap 0 [ 3320.555848][T15349] zswapped 0 [ 3320.555848][T15349] file_mapped 356352 [ 3320.555848][T15349] file_dirty 0 [ 3320.555848][T15349] file_writeback 0 [ 3320.555848][T15349] swapcached 0 [ 3320.555848][T15349] anon_thp 0 [ 3320.555848][T15349] file_thp 0 [ 3320.555848][T15349] shmem_thp 0 [ 3320.555848][T15349] inactive_anon 204800 [ 3320.555848][T15349] active_anon 299008 [ 3320.555848][T15349] inactive_file 0 [ 3320.555848][T15349] active_file 4096 [ 3320.555848][T15349] unevictable 0 [ 3320.555848][T15349] slab_reclaimable 58856 [ 3320.555848][T15349] slab_unreclaimable 308387568 [ 3320.555848][T15349] slab 308446424 [ 3320.573009][T15344] bridge4140: port 1(bridge_slave_1) entered blocking state [ 3320.656782][T15344] bridge4140: port 1(bridge_slave_1) entered forwarding state [ 3320.664734][T15349] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15349,uid=0 03:15:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fc9000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3320.690048][T15349] Memory cgroup out of memory: Killed process 15349 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3320.708743][T15344] bond0: (slave bridge4140): Enslaving as an active interface with an up link [ 3320.719719][T15347] bridge1292: port 1(bridge_slave_1) entered blocking state [ 3320.745615][T15347] bridge1292: port 1(bridge_slave_1) entered disabled state 03:15:42 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3320.785013][T15353] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3320.799241][T15360] bridge2547: port 1(bridge_slave_1) entered disabled state [ 3320.808662][T15353] CPU: 0 PID: 15353 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3320.818857][T15353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3320.828935][T15353] Call Trace: [ 3320.832237][T15353] [ 3320.835189][T15353] dump_stack_lvl+0xcd/0x134 [ 3320.839808][T15353] dump_header+0x10b/0x7f9 [ 3320.844250][T15353] oom_kill_process.cold+0x10/0x15 [ 3320.849382][T15353] out_of_memory+0x358/0x14a0 [ 3320.854080][T15353] ? find_held_lock+0x2d/0x110 [ 3320.858856][T15353] ? oom_killer_disable+0x270/0x270 [ 3320.864078][T15353] ? find_held_lock+0x2d/0x110 [ 3320.868854][T15353] mem_cgroup_out_of_memory+0x206/0x270 [ 3320.874499][T15353] ? mem_cgroup_margin+0x130/0x130 [ 3320.879605][T15353] ? lock_downgrade+0x6e0/0x6e0 [ 3320.884525][T15353] try_charge_memcg+0xf67/0x13f0 [ 3320.889486][T15353] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3320.895502][T15353] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3320.901219][T15353] ? lock_downgrade+0x6e0/0x6e0 [ 3320.906071][T15353] ? lock_downgrade+0x6e0/0x6e0 [ 3320.910945][T15353] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3320.916516][T15353] __alloc_pages+0x1ef/0x510 [ 3320.921127][T15353] ? __alloc_pages_slowpath.constprop.0+0x2240/0x2240 [ 3320.927924][T15353] ? find_held_lock+0x2d/0x110 [ 3320.932691][T15353] alloc_pages+0x1a6/0x270 [ 3320.937125][T15353] pte_alloc_one+0x16/0x230 [ 3320.941657][T15353] __pte_alloc+0x69/0x250 [ 3320.946016][T15353] ? pmd_install+0x150/0x150 [ 3320.950634][T15353] ? hugepage_vma_check+0x44e/0x780 [ 3320.955852][T15353] ? __pmd_alloc+0x2ff/0x5c0 [ 3320.960441][T15353] __handle_mm_fault+0x310b/0x39b0 [ 3320.965571][T15353] ? vm_iomap_memory+0x190/0x190 [ 3320.970544][T15353] handle_mm_fault+0x1c8/0x780 [ 3320.975313][T15353] do_user_addr_fault+0x475/0x1210 [ 3320.980433][T15353] exc_page_fault+0x94/0x170 [ 3320.985025][T15353] asm_exc_page_fault+0x22/0x30 [ 3320.989959][T15353] RIP: 0033:0x7f98a3484695 [ 3320.994384][T15353] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3321.014010][T15353] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3321.020175][T15353] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3321.028149][T15353] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3321.036121][T15353] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3321.044095][T15353] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032aba2 [ 3321.052067][T15353] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3321.060077][T15353] [ 3321.072545][T15348] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3321.079493][T15353] memory: usage 307200kB, limit 307200kB, failcnt 28600 03:15:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0xe, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) 03:15:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000900b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3321.092232][T15357] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3321.115900][T15353] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3321.154915][T15353] Memory cgroup stats for /syz0: [ 3321.155105][T15353] anon 126976 [ 3321.155105][T15353] file 319488 [ 3321.155105][T15353] kernel 314126336 [ 3321.155105][T15353] kernel_stack 65536 [ 3321.155105][T15353] pagetables 77824 [ 3321.155105][T15353] percpu 5425088 [ 3321.155105][T15353] sock 0 [ 3321.155105][T15353] vmalloc 0 [ 3321.155105][T15353] shmem 319488 [ 3321.155105][T15353] zswap 0 [ 3321.155105][T15353] zswapped 0 [ 3321.155105][T15353] file_mapped 303104 [ 3321.155105][T15353] file_dirty 0 [ 3321.155105][T15353] file_writeback 0 [ 3321.155105][T15353] swapcached 0 [ 3321.155105][T15353] anon_thp 0 [ 3321.155105][T15353] file_thp 0 [ 3321.155105][T15353] shmem_thp 0 [ 3321.155105][T15353] inactive_anon 131072 [ 3321.155105][T15353] active_anon 315392 [ 3321.155105][T15353] inactive_file 0 [ 3321.155105][T15353] active_file 0 [ 3321.155105][T15353] unevictable 0 [ 3321.155105][T15353] slab_reclaimable 226056 [ 3321.155105][T15353] slab_unreclaimable 308290600 [ 3321.155105][T15353] slab 308516656 [ 3321.285121][T15353] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15353,uid=0 [ 3321.292994][T15363] bond0: (slave bridge2548): Enslaving as an active interface with an up link [ 3321.307616][T15353] Memory cgroup out of memory: Killed process 15353 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 03:15:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3321.310832][T15364] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3321.378597][T15369] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3321.397676][T15369] CPU: 0 PID: 15369 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3321.407873][T15369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3321.417941][T15369] Call Trace: [ 3321.421219][T15369] [ 3321.424155][T15369] dump_stack_lvl+0xcd/0x134 [ 3321.428779][T15369] dump_header+0x10b/0x7f9 [ 3321.433231][T15369] oom_kill_process.cold+0x10/0x15 [ 3321.438417][T15369] out_of_memory+0x358/0x14a0 [ 3321.443148][T15369] ? find_held_lock+0x2d/0x110 [ 3321.447958][T15369] ? oom_killer_disable+0x270/0x270 [ 3321.453199][T15369] ? find_held_lock+0x2d/0x110 [ 3321.458005][T15369] mem_cgroup_out_of_memory+0x206/0x270 [ 3321.463585][T15369] ? mem_cgroup_margin+0x130/0x130 [ 3321.468725][T15369] ? lock_downgrade+0x6e0/0x6e0 [ 3321.473625][T15369] try_charge_memcg+0xf67/0x13f0 [ 3321.478605][T15369] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3321.484621][T15369] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3321.490338][T15369] ? lock_downgrade+0x6e0/0x6e0 [ 3321.495190][T15369] ? lock_downgrade+0x6e0/0x6e0 [ 3321.500087][T15369] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3321.505684][T15369] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3321.511882][T15369] copy_process+0x607/0x7090 [ 3321.516601][T15369] ? __lock_acquire+0xbc3/0x56d0 [ 3321.521583][T15369] ? __cleanup_sighand+0xb0/0xb0 [ 3321.523225][T15365] bridge1292: port 1(bridge_slave_1) entered disabled state [ 3321.526558][T15369] kernel_clone+0xe7/0xab0 [ 3321.526592][T15369] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3321.526625][T15369] ? create_io_thread+0xe0/0xe0 [ 3321.526661][T15369] ? find_held_lock+0x2d/0x110 [ 3321.553949][T15369] ? __ct_user_exit+0xff/0x150 [ 3321.558762][T15369] __do_sys_clone+0xba/0x100 [ 3321.563386][T15369] ? kernel_clone+0xab0/0xab0 [ 3321.568120][T15369] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3321.574055][T15369] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3321.579991][T15369] do_syscall_64+0x35/0xb0 [ 3321.584460][T15369] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3321.590397][T15369] RIP: 0033:0x7ff38a48a6a1 [ 3321.594819][T15369] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3321.614441][T15369] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 03:15:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000b0fdb0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3321.622894][T15369] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3321.630912][T15369] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3321.638922][T15369] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3321.646930][T15369] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3321.655028][T15369] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3321.663056][T15369] [ 3321.685186][T15365] bridge1293: port 1(bridge_slave_1) entered blocking state [ 3321.697115][T15369] memory: usage 307200kB, limit 307200kB, failcnt 5340 [ 3321.703778][T15365] bridge1293: port 1(bridge_slave_1) entered disabled state [ 3321.705055][T15369] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3321.719918][T15369] Memory cgroup stats for /syz2: [ 3321.720103][T15369] anon 147456 [ 3321.720103][T15369] file 360448 [ 3321.720103][T15369] kernel 314064896 [ 3321.720103][T15369] kernel_stack 65536 [ 3321.720103][T15369] pagetables 81920 [ 3321.720103][T15369] percpu 5433376 [ 3321.720103][T15369] sock 0 [ 3321.720103][T15369] vmalloc 0 [ 3321.720103][T15369] shmem 356352 [ 3321.720103][T15369] zswap 0 [ 3321.720103][T15369] zswapped 0 [ 3321.720103][T15369] file_mapped 356352 [ 3321.720103][T15369] file_dirty 0 [ 3321.720103][T15369] file_writeback 0 [ 3321.720103][T15369] swapcached 0 [ 3321.720103][T15369] anon_thp 0 [ 3321.720103][T15369] file_thp 0 [ 3321.720103][T15369] shmem_thp 0 [ 3321.720103][T15369] inactive_anon 204800 [ 3321.720103][T15369] active_anon 299008 [ 3321.720103][T15369] inactive_file 0 [ 3321.720103][T15369] active_file 4096 [ 3321.720103][T15369] unevictable 0 [ 3321.720103][T15369] slab_reclaimable 58856 [ 3321.720103][T15369] slab_unreclaimable 308387568 [ 3321.720103][T15369] slab 308446424 [ 3321.809820][T15366] bond0: (slave bridge1293): Enslaving as an active interface with an up link [ 3321.821336][T15369] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15369,uid=0 [ 3321.839525][T15369] Memory cgroup out of memory: Killed process 15369 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3321.842614][T15367] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3321.882715][T15374] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3321.907133][T15374] CPU: 1 PID: 15374 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3321.917374][T15374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3321.927457][T15374] Call Trace: [ 3321.930755][T15374] [ 3321.933709][T15374] dump_stack_lvl+0xcd/0x134 [ 3321.938344][T15374] dump_header+0x10b/0x7f9 [ 3321.942802][T15374] oom_kill_process.cold+0x10/0x15 [ 3321.947939][T15374] out_of_memory+0x358/0x14a0 [ 3321.952647][T15374] ? oom_killer_disable+0x270/0x270 [ 3321.958036][T15374] ? io_schedule_timeout+0x140/0x140 [ 3321.963346][T15374] mem_cgroup_out_of_memory+0x206/0x270 [ 3321.968910][T15374] ? mem_cgroup_margin+0x130/0x130 [ 3321.974031][T15374] ? preempt_schedule_thunk+0x16/0x18 [ 3321.979437][T15374] ? preempt_schedule_thunk+0x16/0x18 [ 3321.984840][T15374] try_charge_memcg+0xf67/0x13f0 [ 3321.989807][T15374] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3321.995803][T15374] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3322.001532][T15374] ? lock_downgrade+0x6e0/0x6e0 [ 3322.006416][T15374] obj_cgroup_charge+0x2ab/0x5e0 [ 3322.011367][T15374] ? __anon_vma_prepare+0x60/0x560 [ 3322.016494][T15374] kmem_cache_alloc+0x96/0x3b0 [ 3322.021272][T15374] __anon_vma_prepare+0x60/0x560 [ 3322.026217][T15374] ? __pmd_alloc+0x2ff/0x5c0 [ 3322.030820][T15374] __handle_mm_fault+0x340e/0x39b0 [ 3322.035947][T15374] ? vm_iomap_memory+0x190/0x190 [ 3322.040916][T15374] handle_mm_fault+0x1c8/0x780 [ 3322.045695][T15374] do_user_addr_fault+0x475/0x1210 [ 3322.050829][T15374] exc_page_fault+0x94/0x170 [ 3322.055436][T15374] asm_exc_page_fault+0x22/0x30 [ 3322.060292][T15374] RIP: 0033:0x7f98a3484695 [ 3322.064713][T15374] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 03:15:43 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3322.084326][T15374] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3322.090407][T15374] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3322.098401][T15374] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3322.106394][T15374] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3322.114388][T15374] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032af5f [ 3322.122377][T15374] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3322.130380][T15374] [ 3322.152104][T15374] memory: usage 307200kB, limit 307200kB, failcnt 28688 [ 3322.152976][T15368] bridge4140: port 1(bridge_slave_1) entered disabled state [ 3322.164073][T15374] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3322.176203][T15374] Memory cgroup stats for /syz0: [ 3322.176707][T15374] anon 126976 [ 3322.176707][T15374] file 319488 [ 3322.176707][T15374] kernel 314126336 [ 3322.176707][T15374] kernel_stack 65536 [ 3322.176707][T15374] pagetables 81920 [ 3322.176707][T15374] percpu 5425088 [ 3322.176707][T15374] sock 0 [ 3322.176707][T15374] vmalloc 0 [ 3322.176707][T15374] shmem 319488 [ 3322.176707][T15374] zswap 0 [ 3322.176707][T15374] zswapped 0 [ 3322.176707][T15374] file_mapped 303104 [ 3322.176707][T15374] file_dirty 0 [ 3322.176707][T15374] file_writeback 0 [ 3322.176707][T15374] swapcached 0 [ 3322.176707][T15374] anon_thp 0 [ 3322.176707][T15374] file_thp 0 [ 3322.176707][T15374] shmem_thp 0 [ 3322.176707][T15374] inactive_anon 131072 [ 3322.176707][T15374] active_anon 315392 [ 3322.176707][T15374] inactive_file 0 [ 3322.176707][T15374] active_file 0 [ 3322.176707][T15374] unevictable 0 [ 3322.176707][T15374] slab_reclaimable 226056 [ 3322.176707][T15374] slab_unreclaimable 308290600 [ 3322.176707][T15374] slab 308516656 [ 3322.284272][T15374] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15374,uid=0 03:15:43 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3322.300286][T15374] Memory cgroup out of memory: Killed process 15374 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3322.322341][T15368] bridge4141: port 1(bridge_slave_1) entered blocking state [ 3322.341306][T15368] bridge4141: port 1(bridge_slave_1) entered disabled state [ 3322.382133][T15385] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3322.398313][T15385] CPU: 0 PID: 15385 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3322.408511][T15385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3322.408559][T15372] bridge4141: port 1(bridge_slave_1) entered blocking state [ 3322.418567][T15385] Call Trace: [ 3322.418579][T15385] [ 3322.418589][T15385] dump_stack_lvl+0xcd/0x134 [ 3322.418626][T15385] dump_header+0x10b/0x7f9 [ 3322.418661][T15385] oom_kill_process.cold+0x10/0x15 [ 3322.418692][T15385] out_of_memory+0x358/0x14a0 [ 3322.426059][T15372] bridge4141: port 1(bridge_slave_1) entered forwarding state [ 3322.429255][T15385] ? find_held_lock+0x2d/0x110 [ 3322.429283][T15385] ? oom_killer_disable+0x270/0x270 [ 3322.429316][T15385] ? find_held_lock+0x2d/0x110 [ 3322.473264][T15385] mem_cgroup_out_of_memory+0x206/0x270 [ 3322.478852][T15385] ? mem_cgroup_margin+0x130/0x130 [ 3322.484001][T15385] ? lock_downgrade+0x6e0/0x6e0 [ 3322.488900][T15385] try_charge_memcg+0xf67/0x13f0 [ 3322.493972][T15385] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3322.496315][T15372] bond0: (slave bridge4141): Enslaving as an active interface with an up link [ 3322.499976][T15385] ? lock_downgrade+0x6e0/0x6e0 [ 3322.500026][T15385] charge_memcg+0x31/0x320 [ 3322.500059][T15385] __mem_cgroup_charge+0x27/0x90 [ 3322.500084][T15385] ? _compound_head+0x5d/0x150 [ 3322.500112][T15385] wp_page_copy+0x27c/0x1b60 03:15:43 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0xe, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) 03:15:43 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000001ca000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3322.500147][T15385] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3322.538069][T15385] ? lock_downgrade+0x6e0/0x6e0 [ 3322.542961][T15385] ? vm_normal_page+0x146/0x2a0 [ 3322.547862][T15385] do_wp_page+0x52c/0x1910 [ 3322.552328][T15385] __handle_mm_fault+0x1813/0x39b0 [ 3322.557482][T15385] ? vm_iomap_memory+0x190/0x190 [ 3322.562477][T15385] handle_mm_fault+0x1c8/0x780 [ 3322.567281][T15385] do_user_addr_fault+0x475/0x1210 [ 3322.572442][T15385] exc_page_fault+0x94/0x170 [ 3322.577070][T15385] asm_exc_page_fault+0x22/0x30 [ 3322.581962][T15385] RIP: 0033:0x7f98a3434565 [ 3322.586410][T15385] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d 5e 3b 16 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d 89 ba 56 00 4c 39 ea 0f [ 3322.606051][T15385] RSP: 002b:00007ffe69a68b40 EFLAGS: 00010206 [ 3322.612160][T15385] RAX: 0000000000000003 RBX: 00007f98a359bf80 RCX: 00007f98a35980c0 [ 3322.620155][T15385] RDX: 00007f98a35980c0 RSI: 0000000000000080 RDI: 00007f98a359bf80 [ 3322.628251][T15385] RBP: 00007f98a359bf80 R08: 00007ffe69b83080 R09: 0000000000000000 [ 3322.636248][T15385] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032b1e9 [ 3322.644245][T15385] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3322.652265][T15385] 03:15:43 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000980b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3322.674468][T15385] memory: usage 307156kB, limit 307200kB, failcnt 28735 [ 3322.707702][T15385] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3322.714613][T15385] Memory cgroup stats for /syz0: [ 3322.714800][T15385] anon 90112 [ 3322.714800][T15385] file 319488 [ 3322.714800][T15385] kernel 314118144 [ 3322.714800][T15385] kernel_stack 65536 [ 3322.714800][T15385] pagetables 73728 [ 3322.714800][T15385] percpu 5425088 [ 3322.714800][T15385] sock 0 [ 3322.714800][T15385] vmalloc 0 [ 3322.714800][T15385] shmem 319488 [ 3322.714800][T15385] zswap 0 [ 3322.714800][T15385] zswapped 0 [ 3322.714800][T15385] file_mapped 303104 [ 3322.714800][T15385] file_dirty 0 [ 3322.714800][T15385] file_writeback 0 [ 3322.714800][T15385] swapcached 0 [ 3322.714800][T15385] anon_thp 0 [ 3322.714800][T15385] file_thp 0 [ 3322.714800][T15385] shmem_thp 0 [ 3322.714800][T15385] inactive_anon 94208 [ 3322.714800][T15385] active_anon 315392 [ 3322.714800][T15385] inactive_file 0 [ 3322.714800][T15385] active_file 0 [ 3322.714800][T15385] unevictable 0 [ 3322.714800][T15385] slab_reclaimable 224128 [ 3322.714800][T15385] slab_unreclaimable 308289952 [ 3322.714800][T15385] slab 308514080 03:15:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3322.819109][T15385] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15385,uid=0 [ 3322.821617][T15379] bridge2549: port 1(bridge_slave_1) entered blocking state [ 3322.835892][T15385] Memory cgroup out of memory: Killed process 15385 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3322.862606][T15379] bridge2549: port 1(bridge_slave_1) entered disabled state 03:15:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000b0fdb0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3322.943668][T15392] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3322.976254][T15392] CPU: 1 PID: 15392 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3322.976343][T15383] bridge1293: port 1(bridge_slave_1) entered disabled state [ 3322.986443][T15392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3322.986464][T15392] Call Trace: [ 3322.986473][T15392] [ 3322.986483][T15392] dump_stack_lvl+0xcd/0x134 [ 3322.986519][T15392] dump_header+0x10b/0x7f9 [ 3322.986553][T15392] oom_kill_process.cold+0x10/0x15 [ 3322.986583][T15392] out_of_memory+0x358/0x14a0 [ 3322.986615][T15392] ? find_held_lock+0x2d/0x110 [ 3323.034091][T15392] ? oom_killer_disable+0x270/0x270 [ 3323.039335][T15392] ? find_held_lock+0x2d/0x110 [ 3323.044148][T15392] mem_cgroup_out_of_memory+0x206/0x270 [ 3323.049732][T15392] ? mem_cgroup_margin+0x130/0x130 [ 3323.054889][T15392] ? lock_downgrade+0x6e0/0x6e0 [ 3323.059794][T15392] try_charge_memcg+0xf67/0x13f0 [ 3323.064767][T15392] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3323.070765][T15392] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3323.076499][T15392] ? lock_downgrade+0x6e0/0x6e0 [ 3323.081361][T15392] ? lock_downgrade+0x6e0/0x6e0 [ 3323.086234][T15392] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3323.091804][T15392] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3323.097985][T15392] copy_process+0x607/0x7090 [ 3323.102593][T15392] ? __lock_acquire+0xbc3/0x56d0 [ 3323.107579][T15392] ? __cleanup_sighand+0xb0/0xb0 [ 3323.112547][T15392] kernel_clone+0xe7/0xab0 [ 3323.116973][T15392] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3323.122968][T15392] ? create_io_thread+0xe0/0xe0 [ 3323.127841][T15392] ? find_held_lock+0x2d/0x110 [ 3323.132618][T15392] ? __ct_user_exit+0xff/0x150 [ 3323.137405][T15392] __do_sys_clone+0xba/0x100 [ 3323.142010][T15392] ? kernel_clone+0xab0/0xab0 [ 3323.146717][T15392] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3323.152622][T15392] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3323.158535][T15392] do_syscall_64+0x35/0xb0 [ 3323.162963][T15392] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3323.168889][T15392] RIP: 0033:0x7ff38a48a6a1 [ 3323.173313][T15392] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3323.192928][T15392] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3323.201348][T15392] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3323.209328][T15392] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3323.217305][T15392] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3323.225284][T15392] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3323.233543][T15392] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3323.241539][T15392] [ 3323.268414][T15383] bridge1294: port 1(bridge_slave_1) entered blocking state [ 3323.279819][T15392] memory: usage 307200kB, limit 307200kB, failcnt 5426 [ 3323.284622][T15383] bridge1294: port 1(bridge_slave_1) entered disabled state [ 3323.287015][T15392] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3323.304422][T15392] Memory cgroup stats for /syz2: [ 3323.304665][T15392] anon 147456 [ 3323.304665][T15392] file 360448 [ 3323.304665][T15392] kernel 314064896 [ 3323.304665][T15392] kernel_stack 65536 [ 3323.304665][T15392] pagetables 81920 [ 3323.304665][T15392] percpu 5433376 [ 3323.304665][T15392] sock 0 [ 3323.304665][T15392] vmalloc 0 [ 3323.304665][T15392] shmem 356352 [ 3323.304665][T15392] zswap 0 [ 3323.304665][T15392] zswapped 0 [ 3323.304665][T15392] file_mapped 356352 [ 3323.304665][T15392] file_dirty 0 [ 3323.304665][T15392] file_writeback 0 [ 3323.304665][T15392] swapcached 0 [ 3323.304665][T15392] anon_thp 0 [ 3323.304665][T15392] file_thp 0 [ 3323.304665][T15392] shmem_thp 0 [ 3323.304665][T15392] inactive_anon 204800 [ 3323.304665][T15392] active_anon 299008 [ 3323.304665][T15392] inactive_file 0 [ 3323.304665][T15392] active_file 4096 [ 3323.304665][T15392] unevictable 0 [ 3323.304665][T15392] slab_reclaimable 58856 [ 3323.304665][T15392] slab_unreclaimable 308387568 [ 3323.304665][T15392] slab 308446424 [ 3323.353906][T15384] bond0: (slave bridge1294): Enslaving as an active interface with an up link [ 3323.403547][T15392] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15392,uid=0 [ 3323.425367][T15392] Memory cgroup out of memory: Killed process 15392 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3323.437896][T15390] bridge4141: port 1(bridge_slave_1) entered disabled state 03:15:44 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3323.494951][T15394] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3323.512849][T15390] bridge4142: port 1(bridge_slave_1) entered blocking state [ 3323.520487][T15394] CPU: 0 PID: 15394 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3323.530687][T15394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 03:15:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0xe, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) [ 3323.533919][T15390] bridge4142: port 1(bridge_slave_1) entered disabled state [ 3323.540841][T15394] Call Trace: [ 3323.540852][T15394] [ 3323.540863][T15394] dump_stack_lvl+0xcd/0x134 [ 3323.540900][T15394] dump_header+0x10b/0x7f9 [ 3323.540933][T15394] oom_kill_process.cold+0x10/0x15 [ 3323.540965][T15394] out_of_memory+0x358/0x14a0 [ 3323.573241][T15394] ? find_held_lock+0x2d/0x110 [ 3323.578031][T15394] ? oom_killer_disable+0x270/0x270 [ 3323.583300][T15394] ? find_held_lock+0x2d/0x110 [ 3323.588101][T15394] mem_cgroup_out_of_memory+0x206/0x270 [ 3323.593723][T15394] ? mem_cgroup_margin+0x130/0x130 [ 3323.598967][T15394] ? lock_downgrade+0x6e0/0x6e0 [ 3323.603916][T15394] try_charge_memcg+0xf67/0x13f0 [ 3323.608884][T15394] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3323.614054][T15389] bridge4142: port 1(bridge_slave_1) entered blocking state [ 3323.614880][T15394] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3323.614915][T15394] ? lock_downgrade+0x6e0/0x6e0 [ 3323.614964][T15394] obj_cgroup_charge+0x2ab/0x5e0 [ 3323.622322][T15389] bridge4142: port 1(bridge_slave_1) entered forwarding state [ 3323.627928][T15394] ? __anon_vma_prepare+0x2d6/0x560 [ 3323.627963][T15394] kmem_cache_alloc+0x96/0x3b0 [ 3323.627996][T15394] __anon_vma_prepare+0x2d6/0x560 [ 3323.660239][T15394] ? __pmd_alloc+0x2ff/0x5c0 [ 3323.664866][T15394] __handle_mm_fault+0x340e/0x39b0 [ 3323.670008][T15394] ? vm_iomap_memory+0x190/0x190 [ 3323.674993][T15394] handle_mm_fault+0x1c8/0x780 [ 3323.679803][T15394] do_user_addr_fault+0x475/0x1210 [ 3323.684963][T15394] exc_page_fault+0x94/0x170 [ 3323.689579][T15394] asm_exc_page_fault+0x22/0x30 [ 3323.694483][T15394] RIP: 0033:0x7f98a3484695 [ 3323.698917][T15394] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3323.718634][T15394] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3323.724731][T15394] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3323.732712][T15394] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3323.740692][T15394] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3323.748691][T15394] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032b625 [ 3323.756671][T15394] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3323.764842][T15394] [ 3323.779452][T15394] memory: usage 307200kB, limit 307200kB, failcnt 28820 [ 3323.787097][T15394] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3323.802464][T15394] Memory cgroup stats for /syz0: [ 3323.802659][T15394] anon 126976 [ 3323.802659][T15394] file 319488 [ 3323.802659][T15394] kernel 314126336 [ 3323.802659][T15394] kernel_stack 65536 [ 3323.802659][T15394] pagetables 81920 [ 3323.802659][T15394] percpu 5425088 [ 3323.802659][T15394] sock 0 [ 3323.802659][T15394] vmalloc 0 [ 3323.802659][T15394] shmem 319488 [ 3323.802659][T15394] zswap 0 [ 3323.802659][T15394] zswapped 0 [ 3323.802659][T15394] file_mapped 303104 [ 3323.802659][T15394] file_dirty 0 [ 3323.802659][T15394] file_writeback 0 [ 3323.802659][T15394] swapcached 0 [ 3323.802659][T15394] anon_thp 0 [ 3323.802659][T15394] file_thp 0 [ 3323.802659][T15394] shmem_thp 0 [ 3323.802659][T15394] inactive_anon 131072 [ 3323.802659][T15394] active_anon 315392 [ 3323.802659][T15394] inactive_file 0 [ 3323.802659][T15394] active_file 0 [ 3323.802659][T15394] unevictable 0 [ 3323.802659][T15394] slab_reclaimable 226056 [ 3323.802659][T15394] slab_unreclaimable 308290720 [ 3323.802659][T15394] slab 308516776 03:15:45 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000a00b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3323.828600][T15389] bond0: (slave bridge4142): Enslaving as an active interface with an up link 03:15:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fca000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3323.931400][T15398] __nla_validate_parse: 3 callbacks suppressed [ 3323.931421][T15398] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3323.936674][T15394] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15394,uid=0 [ 3323.988347][T15394] Memory cgroup out of memory: Killed process 15394 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3324.029875][T15399] bridge2549: port 1(bridge_slave_1) entered disabled state [ 3324.073876][T15399] bridge2550: port 1(bridge_slave_1) entered blocking state [ 3324.092000][T15411] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3324.103738][T15411] CPU: 1 PID: 15411 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3324.113941][T15411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3324.124026][T15411] Call Trace: [ 3324.127337][T15411] [ 3324.130294][T15411] dump_stack_lvl+0xcd/0x134 [ 3324.134925][T15411] dump_header+0x10b/0x7f9 [ 3324.138044][T15399] bridge2550: port 1(bridge_slave_1) entered disabled state [ 3324.139360][T15411] oom_kill_process.cold+0x10/0x15 [ 3324.151757][T15411] out_of_memory+0x358/0x14a0 [ 3324.156458][T15411] ? find_held_lock+0x2d/0x110 [ 3324.161232][T15411] ? oom_killer_disable+0x270/0x270 [ 3324.166448][T15411] ? find_held_lock+0x2d/0x110 [ 3324.171225][T15411] mem_cgroup_out_of_memory+0x206/0x270 [ 3324.176782][T15411] ? mem_cgroup_margin+0x130/0x130 [ 3324.181916][T15411] ? lock_downgrade+0x6e0/0x6e0 [ 3324.186808][T15411] try_charge_memcg+0xf67/0x13f0 [ 3324.191781][T15411] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3324.197795][T15411] ? lock_downgrade+0x6e0/0x6e0 [ 3324.202692][T15411] charge_memcg+0x31/0x320 [ 3324.207146][T15411] __mem_cgroup_charge+0x27/0x90 [ 3324.212179][T15411] ? _compound_head+0x5d/0x150 [ 3324.216956][T15411] wp_page_copy+0x27c/0x1b60 [ 3324.221568][T15411] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3324.227038][T15411] ? lock_downgrade+0x6e0/0x6e0 [ 3324.231896][T15411] ? vm_normal_page+0x146/0x2a0 [ 3324.236775][T15411] do_wp_page+0x52c/0x1910 [ 3324.241204][T15411] __handle_mm_fault+0x1813/0x39b0 [ 3324.246332][T15411] ? vm_iomap_memory+0x190/0x190 [ 3324.251320][T15411] handle_mm_fault+0x1c8/0x780 [ 3324.256112][T15411] do_user_addr_fault+0x475/0x1210 [ 3324.261264][T15411] exc_page_fault+0x94/0x170 [ 3324.265982][T15411] asm_exc_page_fault+0x22/0x30 [ 3324.270847][T15411] RIP: 0033:0x7f98a3434e1e [ 3324.275268][T15411] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 57 71 16 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 3324.294886][T15411] RSP: 002b:00007ffe69a68b80 EFLAGS: 00010246 [ 3324.300962][T15411] RAX: 00007f98a359bf80 RBX: 00007f98a359bf8c RCX: 0000000000000000 [ 3324.308937][T15411] RDX: 0000000000000000 RSI: 00007f98a359bf88 RDI: 0000000000000000 [ 3324.316922][T15411] RBP: 00007f98a359bf80 R08: 00007f98a4666700 R09: 00007f98a4666700 [ 3324.324902][T15411] R10: 00007f98a46669d0 R11: 0000000000000206 R12: 00007f98a359bf8c [ 3324.332883][T15411] R13: 00007f98a35a0060 R14: 00007f98a359bf80 R15: 0000000000000000 [ 3324.340878][T15411] [ 3324.364127][T15411] memory: usage 307168kB, limit 307200kB, failcnt 28862 03:15:45 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000b0fdb0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3324.371868][T15404] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3324.388627][T15411] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3324.395833][T15411] Memory cgroup stats for /syz0: [ 3324.396071][T15411] anon 81920 [ 3324.396071][T15411] file 319488 [ 3324.396071][T15411] kernel 314109952 [ 3324.396071][T15411] kernel_stack 65536 [ 3324.396071][T15411] pagetables 69632 [ 3324.396071][T15411] percpu 5425088 [ 3324.396071][T15411] sock 0 [ 3324.396071][T15411] vmalloc 0 [ 3324.396071][T15411] shmem 319488 [ 3324.396071][T15411] zswap 0 [ 3324.396071][T15411] zswapped 0 [ 3324.396071][T15411] file_mapped 303104 [ 3324.396071][T15411] file_dirty 0 [ 3324.396071][T15411] file_writeback 0 [ 3324.396071][T15411] swapcached 0 [ 3324.396071][T15411] anon_thp 0 [ 3324.396071][T15411] file_thp 0 [ 3324.396071][T15411] shmem_thp 0 [ 3324.396071][T15411] inactive_anon 45056 [ 3324.396071][T15411] active_anon 315392 [ 3324.396071][T15411] inactive_file 0 [ 3324.396071][T15411] active_file 0 [ 3324.396071][T15411] unevictable 0 [ 3324.396071][T15411] slab_reclaimable 222200 [ 3324.396071][T15411] slab_unreclaimable 308289304 [ 3324.396071][T15411] slab 308511504 [ 3324.493873][T15411] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15411,uid=0 03:15:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3324.513410][T15411] Memory cgroup out of memory: Killed process 15411 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3324.539835][T15407] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3324.556643][T15407] CPU: 0 PID: 15407 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3324.566843][T15407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3324.576930][T15407] Call Trace: [ 3324.580233][T15407] [ 3324.583201][T15407] dump_stack_lvl+0xcd/0x134 [ 3324.587834][T15407] dump_header+0x10b/0x7f9 [ 3324.592391][T15407] oom_kill_process.cold+0x10/0x15 [ 3324.597546][T15407] out_of_memory+0x358/0x14a0 [ 3324.602271][T15407] ? oom_killer_disable+0x270/0x270 [ 3324.607512][T15407] ? find_held_lock+0x2d/0x110 [ 3324.612315][T15407] mem_cgroup_out_of_memory+0x206/0x270 [ 3324.617897][T15407] ? mem_cgroup_margin+0x130/0x130 [ 3324.623044][T15407] ? lock_downgrade+0x6e0/0x6e0 [ 3324.627953][T15407] try_charge_memcg+0xf67/0x13f0 [ 3324.632923][T15407] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3324.638910][T15407] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3324.644659][T15407] ? lock_downgrade+0x6e0/0x6e0 [ 3324.649550][T15407] ? lock_downgrade+0x6e0/0x6e0 [ 3324.654473][T15407] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3324.660043][T15407] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3324.666242][T15407] copy_process+0x145a/0x7090 [ 3324.670947][T15407] ? find_held_lock+0x2d/0x110 [ 3324.675751][T15407] ? __cleanup_sighand+0xb0/0xb0 [ 3324.680714][T15407] kernel_clone+0xe7/0xab0 [ 3324.685146][T15407] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3324.691142][T15407] ? create_io_thread+0xe0/0xe0 [ 3324.696025][T15407] ? find_held_lock+0x2d/0x110 [ 3324.700792][T15407] ? __ct_user_exit+0xff/0x150 [ 3324.705611][T15407] __do_sys_clone+0xba/0x100 [ 3324.710244][T15407] ? kernel_clone+0xab0/0xab0 [ 3324.714970][T15407] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3324.720903][T15407] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3324.726844][T15407] do_syscall_64+0x35/0xb0 [ 3324.731302][T15407] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3324.737206][T15407] RIP: 0033:0x7ff38a48a6a1 [ 3324.741625][T15407] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3324.761250][T15407] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3324.769701][T15407] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3324.777720][T15407] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3324.785710][T15407] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3324.793713][T15407] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3324.801706][T15407] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3324.809796][T15407] [ 3324.823123][T15407] memory: usage 307200kB, limit 307200kB, failcnt 5479 [ 3324.831039][T15407] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3324.838524][T15407] Memory cgroup stats for /syz2: [ 3324.838756][T15407] anon 147456 [ 3324.838756][T15407] file 360448 [ 3324.838756][T15407] kernel 314064896 [ 3324.838756][T15407] kernel_stack 65536 [ 3324.838756][T15407] pagetables 81920 [ 3324.838756][T15407] percpu 5433376 [ 3324.838756][T15407] sock 0 [ 3324.838756][T15407] vmalloc 0 [ 3324.838756][T15407] shmem 356352 [ 3324.838756][T15407] zswap 0 [ 3324.838756][T15407] zswapped 0 [ 3324.838756][T15407] file_mapped 356352 [ 3324.838756][T15407] file_dirty 0 [ 3324.838756][T15407] file_writeback 0 [ 3324.838756][T15407] swapcached 0 [ 3324.838756][T15407] anon_thp 0 [ 3324.838756][T15407] file_thp 0 [ 3324.838756][T15407] shmem_thp 0 [ 3324.838756][T15407] inactive_anon 204800 [ 3324.838756][T15407] active_anon 299008 [ 3324.838756][T15407] inactive_file 0 [ 3324.838756][T15407] active_file 4096 [ 3324.838756][T15407] unevictable 0 [ 3324.838756][T15407] slab_reclaimable 58856 [ 3324.838756][T15407] slab_unreclaimable 308387568 [ 3324.838756][T15407] slab 308446424 [ 3324.936885][T15407] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15407,uid=0 [ 3324.952852][T15407] Memory cgroup out of memory: Killed process 15407 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3324.977846][T15402] bridge1294: port 1(bridge_slave_1) entered disabled state 03:15:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000a80b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:46 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000b0fd10000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3325.043279][T15413] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3325.079014][T15418] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3325.113471][T15418] CPU: 1 PID: 15418 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3325.123689][T15418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3325.133776][T15418] Call Trace: [ 3325.137076][T15418] [ 3325.140042][T15418] dump_stack_lvl+0xcd/0x134 [ 3325.144680][T15418] dump_header+0x10b/0x7f9 [ 3325.149139][T15418] oom_kill_process.cold+0x10/0x15 [ 3325.154286][T15418] out_of_memory+0x358/0x14a0 [ 3325.158993][T15418] ? find_held_lock+0x2d/0x110 [ 3325.163800][T15418] ? oom_killer_disable+0x270/0x270 [ 3325.169036][T15418] ? find_held_lock+0x2d/0x110 [ 3325.173815][T15418] mem_cgroup_out_of_memory+0x206/0x270 [ 3325.179398][T15418] ? mem_cgroup_margin+0x130/0x130 [ 3325.184561][T15418] ? lock_downgrade+0x6e0/0x6e0 [ 3325.187179][T15414] bridge4142: port 1(bridge_slave_1) entered disabled state [ 3325.189444][T15418] try_charge_memcg+0xf67/0x13f0 [ 3325.189493][T15418] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3325.189524][T15418] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3325.189553][T15418] ? lock_downgrade+0x6e0/0x6e0 [ 3325.218410][T15418] obj_cgroup_charge+0x2ab/0x5e0 [ 3325.223376][T15418] ? __anon_vma_prepare+0x2d6/0x560 [ 3325.228673][T15418] kmem_cache_alloc+0x96/0x3b0 [ 3325.233455][T15418] __anon_vma_prepare+0x2d6/0x560 [ 3325.238487][T15418] ? __pmd_alloc+0x2ff/0x5c0 [ 3325.243120][T15418] __handle_mm_fault+0x340e/0x39b0 [ 3325.248260][T15418] ? vm_iomap_memory+0x190/0x190 [ 3325.253243][T15418] handle_mm_fault+0x1c8/0x780 [ 3325.258029][T15418] do_user_addr_fault+0x475/0x1210 [ 3325.263174][T15418] exc_page_fault+0x94/0x170 [ 3325.267787][T15418] asm_exc_page_fault+0x22/0x30 [ 3325.272667][T15418] RIP: 0033:0x7f98a3484695 [ 3325.277121][T15418] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3325.296837][T15418] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3325.302916][T15418] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3325.310892][T15418] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3325.318874][T15418] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3325.326851][T15418] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032bc5b [ 3325.334832][T15418] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3325.342833][T15418] [ 3325.361963][T15418] memory: usage 307200kB, limit 307200kB, failcnt 28959 [ 3325.370517][T15418] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3325.378314][T15418] Memory cgroup stats for /syz0: [ 3325.378532][T15418] anon 126976 [ 3325.378532][T15418] file 319488 [ 3325.378532][T15418] kernel 314126336 [ 3325.378532][T15418] kernel_stack 65536 [ 3325.378532][T15418] pagetables 81920 [ 3325.378532][T15418] percpu 5425088 [ 3325.378532][T15418] sock 0 [ 3325.378532][T15418] vmalloc 0 [ 3325.378532][T15418] shmem 319488 [ 3325.378532][T15418] zswap 0 [ 3325.378532][T15418] zswapped 0 [ 3325.378532][T15418] file_mapped 303104 [ 3325.378532][T15418] file_dirty 0 [ 3325.378532][T15418] file_writeback 0 [ 3325.378532][T15418] swapcached 0 [ 3325.378532][T15418] anon_thp 0 [ 3325.378532][T15418] file_thp 0 [ 3325.378532][T15418] shmem_thp 0 [ 3325.378532][T15418] inactive_anon 126976 [ 3325.378532][T15418] active_anon 315392 [ 3325.378532][T15418] inactive_file 0 [ 3325.378532][T15418] active_file 0 [ 3325.378532][T15418] unevictable 0 [ 3325.378532][T15418] slab_reclaimable 226056 [ 3325.378532][T15418] slab_unreclaimable 308290720 [ 3325.378532][T15418] slab 308516776 [ 3325.390756][T15414] bridge4143: port 1(bridge_slave_1) entered blocking state [ 3325.475547][T15418] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15418,uid=0 03:15:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3325.500593][T15418] Memory cgroup out of memory: Killed process 15418 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3325.509469][T15414] bridge4143: port 1(bridge_slave_1) entered disabled state [ 3325.544904][T15425] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3325.573049][T15415] bridge4143: port 1(bridge_slave_1) entered blocking state [ 3325.580520][T15415] bridge4143: port 1(bridge_slave_1) entered forwarding state [ 3325.601196][T15425] CPU: 0 PID: 15425 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3325.611414][T15425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3325.621499][T15425] Call Trace: [ 3325.624795][T15425] [ 3325.627737][T15425] dump_stack_lvl+0xcd/0x134 [ 3325.632354][T15425] dump_header+0x10b/0x7f9 [ 3325.636805][T15425] oom_kill_process.cold+0x10/0x15 [ 3325.641987][T15425] out_of_memory+0x358/0x14a0 [ 3325.646717][T15425] ? find_held_lock+0x2d/0x110 [ 3325.651515][T15425] ? oom_killer_disable+0x270/0x270 [ 3325.653390][T15415] bond0: (slave bridge4143): Enslaving as an active interface with an up link [ 3325.656736][T15425] ? find_held_lock+0x2d/0x110 [ 3325.656772][T15425] mem_cgroup_out_of_memory+0x206/0x270 [ 3325.656802][T15425] ? mem_cgroup_margin+0x130/0x130 [ 3325.681066][T15425] ? lock_downgrade+0x6e0/0x6e0 [ 3325.685949][T15425] try_charge_memcg+0xf67/0x13f0 [ 3325.690913][T15425] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3325.696904][T15425] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3325.702633][T15425] ? lock_downgrade+0x6e0/0x6e0 [ 3325.707496][T15425] ? lock_downgrade+0x6e0/0x6e0 [ 3325.712370][T15425] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3325.717932][T15425] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3325.724114][T15425] copy_process+0x607/0x7090 [ 3325.728807][T15425] ? __lock_acquire+0xbc3/0x56d0 [ 3325.733766][T15425] ? __cleanup_sighand+0xb0/0xb0 [ 3325.738732][T15425] kernel_clone+0xe7/0xab0 [ 3325.743158][T15425] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3325.749160][T15425] ? create_io_thread+0xe0/0xe0 [ 3325.754028][T15425] ? find_held_lock+0x2d/0x110 [ 3325.758806][T15425] ? __ct_user_exit+0xff/0x150 [ 3325.763586][T15425] __do_sys_clone+0xba/0x100 [ 3325.768186][T15425] ? kernel_clone+0xab0/0xab0 [ 3325.772884][T15425] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3325.778787][T15425] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3325.784698][T15425] do_syscall_64+0x35/0xb0 [ 3325.789121][T15425] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3325.795028][T15425] RIP: 0033:0x7ff38a48a6a1 [ 3325.799451][T15425] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3325.819066][T15425] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3325.827488][T15425] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3325.835463][T15425] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3325.843440][T15425] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3325.851415][T15425] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3325.859388][T15425] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3325.867383][T15425] [ 3325.897641][T15425] memory: usage 307200kB, limit 307200kB, failcnt 5545 [ 3325.906489][T15425] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3325.923094][T15425] Memory cgroup stats for /syz2: [ 3325.923279][T15425] anon 147456 [ 3325.923279][T15425] file 360448 [ 3325.923279][T15425] kernel 314064896 [ 3325.923279][T15425] kernel_stack 65536 [ 3325.923279][T15425] pagetables 81920 [ 3325.923279][T15425] percpu 5433376 [ 3325.923279][T15425] sock 0 [ 3325.923279][T15425] vmalloc 0 [ 3325.923279][T15425] shmem 356352 [ 3325.923279][T15425] zswap 0 [ 3325.923279][T15425] zswapped 0 [ 3325.923279][T15425] file_mapped 356352 [ 3325.923279][T15425] file_dirty 0 [ 3325.923279][T15425] file_writeback 0 [ 3325.923279][T15425] swapcached 0 [ 3325.923279][T15425] anon_thp 0 [ 3325.923279][T15425] file_thp 0 [ 3325.923279][T15425] shmem_thp 0 [ 3325.923279][T15425] inactive_anon 204800 [ 3325.923279][T15425] active_anon 299008 [ 3325.923279][T15425] inactive_file 0 03:15:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fcb000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3325.923279][T15425] active_file 4096 [ 3325.923279][T15425] unevictable 0 [ 3325.923279][T15425] slab_reclaimable 58856 [ 3325.923279][T15425] slab_unreclaimable 308387568 [ 3325.923279][T15425] slab 308446424 [ 3326.027684][T15419] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3326.094207][T15425] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15425,uid=0 [ 3326.115175][T15425] Memory cgroup out of memory: Killed process 15425 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3326.127307][T15420] bridge2550: port 1(bridge_slave_1) entered disabled state [ 3326.146948][T15432] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3326.157568][T15432] CPU: 1 PID: 15432 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3326.167764][T15432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3326.178104][T15432] Call Trace: [ 3326.181402][T15432] [ 3326.184366][T15432] dump_stack_lvl+0xcd/0x134 [ 3326.188971][T15432] dump_header+0x10b/0x7f9 [ 3326.193426][T15432] oom_kill_process.cold+0x10/0x15 [ 3326.198571][T15432] out_of_memory+0x358/0x14a0 [ 3326.203284][T15432] ? oom_killer_disable+0x270/0x270 [ 3326.208505][T15432] ? find_held_lock+0x2d/0x110 [ 3326.213284][T15432] mem_cgroup_out_of_memory+0x206/0x270 [ 3326.218843][T15432] ? mem_cgroup_margin+0x130/0x130 [ 3326.223960][T15432] ? lock_downgrade+0x6e0/0x6e0 [ 3326.228840][T15432] try_charge_memcg+0xf67/0x13f0 [ 3326.233811][T15432] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3326.239814][T15432] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3326.245559][T15432] ? lock_downgrade+0x6e0/0x6e0 [ 3326.250454][T15432] obj_cgroup_charge+0x2ab/0x5e0 [ 3326.255422][T15432] ? __anon_vma_prepare+0x60/0x560 [ 3326.260587][T15432] kmem_cache_alloc+0x96/0x3b0 [ 3326.265381][T15432] __anon_vma_prepare+0x60/0x560 [ 3326.270335][T15432] ? __pmd_alloc+0x2ff/0x5c0 [ 3326.274946][T15432] __handle_mm_fault+0x340e/0x39b0 [ 3326.280083][T15432] ? vm_iomap_memory+0x190/0x190 [ 3326.285057][T15432] handle_mm_fault+0x1c8/0x780 [ 3326.289836][T15432] do_user_addr_fault+0x475/0x1210 [ 3326.294974][T15432] exc_page_fault+0x94/0x170 [ 3326.299579][T15432] asm_exc_page_fault+0x22/0x30 [ 3326.304482][T15432] RIP: 0033:0x7f98a3484695 [ 3326.308904][T15432] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3326.328519][T15432] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3326.334592][T15432] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3326.342569][T15432] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3326.350544][T15432] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3326.358545][T15432] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032c049 [ 3326.366535][T15432] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3326.374532][T15432] [ 3326.386555][T15432] memory: usage 307200kB, limit 307200kB, failcnt 29041 [ 3326.397328][T15432] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3326.402030][T15420] bridge2551: port 1(bridge_slave_1) entered blocking state [ 3326.405182][T15432] Memory cgroup stats for /syz0: [ 3326.412299][T15432] anon 126976 [ 3326.412299][T15432] file 319488 [ 3326.412299][T15432] kernel 314126336 [ 3326.412299][T15432] kernel_stack 65536 [ 3326.412299][T15432] pagetables 81920 [ 3326.412299][T15432] percpu 5425088 [ 3326.412299][T15432] sock 0 [ 3326.412299][T15432] vmalloc 0 [ 3326.412299][T15432] shmem 319488 [ 3326.412299][T15432] zswap 0 [ 3326.412299][T15432] zswapped 0 [ 3326.412299][T15432] file_mapped 303104 [ 3326.412299][T15432] file_dirty 0 [ 3326.412299][T15432] file_writeback 0 [ 3326.412299][T15432] swapcached 0 [ 3326.412299][T15432] anon_thp 0 [ 3326.412299][T15432] file_thp 0 [ 3326.412299][T15432] shmem_thp 0 [ 3326.412299][T15432] inactive_anon 106496 [ 3326.412299][T15432] active_anon 315392 [ 3326.412299][T15432] inactive_file 0 [ 3326.412299][T15432] active_file 0 [ 3326.412299][T15432] unevictable 0 [ 3326.412299][T15432] slab_reclaimable 226056 [ 3326.412299][T15432] slab_unreclaimable 308290600 [ 3326.412299][T15432] slab 308516656 [ 3326.421544][T15420] bridge2551: port 1(bridge_slave_1) entered disabled state [ 3326.518819][T15432] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15432,uid=0 03:15:47 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400c33f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3326.542591][T15432] Memory cgroup out of memory: Killed process 15432 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3326.565636][T15424] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3326.655582][T15428] bridge3193: port 1(bridge_slave_1) entered disabled state [ 3326.680812][T15428] bridge3195: port 1(bridge_slave_1) entered blocking state [ 3326.688825][T15428] bridge3195: port 1(bridge_slave_1) entered disabled state 03:15:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3326.711067][T15430] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3326.714016][T15441] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3326.742536][T15441] CPU: 1 PID: 15441 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 03:15:48 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000b00b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3326.752747][T15441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3326.762835][T15441] Call Trace: [ 3326.766136][T15441] [ 3326.769089][T15441] dump_stack_lvl+0xcd/0x134 [ 3326.773754][T15441] dump_header+0x10b/0x7f9 [ 3326.778211][T15441] oom_kill_process.cold+0x10/0x15 [ 3326.783353][T15441] out_of_memory+0x358/0x14a0 [ 3326.788063][T15441] ? find_held_lock+0x2d/0x110 [ 3326.792850][T15441] ? oom_killer_disable+0x270/0x270 [ 3326.798095][T15441] ? find_held_lock+0x2d/0x110 [ 3326.799092][T15431] bridge1295: port 1(bridge_slave_1) entered blocking state [ 3326.802897][T15441] mem_cgroup_out_of_memory+0x206/0x270 [ 3326.802934][T15441] ? mem_cgroup_margin+0x130/0x130 [ 3326.802958][T15441] ? lock_downgrade+0x6e0/0x6e0 [ 3326.825793][T15441] try_charge_memcg+0xf67/0x13f0 [ 3326.828906][T15431] bridge1295: port 1(bridge_slave_1) entered disabled state [ 3326.830769][T15441] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3326.830807][T15441] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3326.830836][T15441] ? lock_downgrade+0x6e0/0x6e0 [ 3326.854744][T15441] obj_cgroup_charge+0x2ab/0x5e0 [ 3326.859725][T15441] ? __anon_vma_prepare+0x2d6/0x560 [ 3326.864956][T15441] kmem_cache_alloc+0x96/0x3b0 [ 3326.869754][T15441] __anon_vma_prepare+0x2d6/0x560 [ 3326.874798][T15441] ? __pmd_alloc+0x2ff/0x5c0 [ 3326.879424][T15441] __handle_mm_fault+0x340e/0x39b0 [ 3326.884568][T15441] ? vm_iomap_memory+0x190/0x190 [ 3326.889567][T15441] handle_mm_fault+0x1c8/0x780 [ 3326.894369][T15441] do_user_addr_fault+0x475/0x1210 [ 3326.899527][T15441] exc_page_fault+0x94/0x170 [ 3326.903588][T15436] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3326.904127][T15441] asm_exc_page_fault+0x22/0x30 [ 3326.904159][T15441] RIP: 0033:0x7f98a3484695 [ 3326.904182][T15441] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3326.904209][T15441] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3326.948520][T15441] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 03:15:48 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000b0fd10000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3326.956520][T15441] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3326.964516][T15441] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3326.972511][T15441] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032c2d4 [ 3326.980516][T15441] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3326.988529][T15441] [ 3327.006664][T15441] memory: usage 307200kB, limit 307200kB, failcnt 29122 [ 3327.017512][T15437] bridge4143: port 1(bridge_slave_1) entered disabled state [ 3327.025795][T15441] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3327.041983][T15441] Memory cgroup stats for /syz0: [ 3327.042217][T15441] anon 126976 [ 3327.042217][T15441] file 319488 [ 3327.042217][T15441] kernel 314126336 [ 3327.042217][T15441] kernel_stack 65536 [ 3327.042217][T15441] pagetables 81920 [ 3327.042217][T15441] percpu 5425088 [ 3327.042217][T15441] sock 0 [ 3327.042217][T15441] vmalloc 0 [ 3327.042217][T15441] shmem 319488 [ 3327.042217][T15441] zswap 0 [ 3327.042217][T15441] zswapped 0 [ 3327.042217][T15441] file_mapped 303104 [ 3327.042217][T15441] file_dirty 0 [ 3327.042217][T15441] file_writeback 0 [ 3327.042217][T15441] swapcached 0 [ 3327.042217][T15441] anon_thp 0 [ 3327.042217][T15441] file_thp 0 [ 3327.042217][T15441] shmem_thp 0 [ 3327.042217][T15441] inactive_anon 94208 [ 3327.042217][T15441] active_anon 315392 [ 3327.042217][T15441] inactive_file 0 [ 3327.042217][T15441] active_file 0 [ 3327.042217][T15441] unevictable 0 [ 3327.042217][T15441] slab_reclaimable 226056 [ 3327.042217][T15441] slab_unreclaimable 308290720 [ 3327.042217][T15441] slab 308516776 [ 3327.085650][T15437] bridge4144: port 1(bridge_slave_1) entered blocking state [ 3327.144831][T15441] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15441,uid=0 03:15:48 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3327.161301][T15441] Memory cgroup out of memory: Killed process 15441 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3327.188769][T15437] bridge4144: port 1(bridge_slave_1) entered disabled state [ 3327.221944][T15438] bridge4144: port 1(bridge_slave_1) entered blocking state [ 3327.229430][T15438] bridge4144: port 1(bridge_slave_1) entered forwarding state [ 3327.256893][T15449] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3327.276064][T15449] CPU: 1 PID: 15449 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3327.286275][T15449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3327.296354][T15449] Call Trace: [ 3327.299653][T15449] [ 3327.302604][T15449] dump_stack_lvl+0xcd/0x134 [ 3327.305028][T15438] bond0: (slave bridge4144): Enslaving as an active interface with an up link [ 3327.307208][T15449] dump_header+0x10b/0x7f9 [ 3327.307249][T15449] oom_kill_process.cold+0x10/0x15 03:15:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fcc000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3327.307284][T15449] out_of_memory+0x358/0x14a0 [ 3327.330350][T15449] ? find_held_lock+0x2d/0x110 [ 3327.335147][T15449] ? oom_killer_disable+0x270/0x270 [ 3327.340389][T15449] ? find_held_lock+0x2d/0x110 [ 3327.345191][T15449] mem_cgroup_out_of_memory+0x206/0x270 [ 3327.350766][T15449] ? mem_cgroup_margin+0x130/0x130 [ 3327.355914][T15449] ? lock_downgrade+0x6e0/0x6e0 [ 3327.360817][T15449] try_charge_memcg+0xf67/0x13f0 [ 3327.362934][T15459] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3327.365783][T15449] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3327.365819][T15449] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3327.365854][T15449] ? lock_downgrade+0x6e0/0x6e0 [ 3327.391719][T15449] ? lock_downgrade+0x6e0/0x6e0 [ 3327.396617][T15449] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3327.402205][T15449] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3327.408393][T15449] copy_process+0x145a/0x7090 [ 3327.413099][T15449] ? __lock_acquire+0xbc3/0x56d0 [ 3327.418089][T15449] ? __cleanup_sighand+0xb0/0xb0 [ 3327.423072][T15449] kernel_clone+0xe7/0xab0 [ 3327.427507][T15449] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3327.427983][T15443] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3327.433500][T15449] ? create_io_thread+0xe0/0xe0 [ 3327.433544][T15449] ? find_held_lock+0x2d/0x110 [ 3327.433577][T15449] ? __ct_user_exit+0xff/0x150 [ 3327.443698][ T1227] ieee802154 phy0 wpan0: encryption failed: -22 [ 3327.447704][T15449] __do_sys_clone+0xba/0x100 [ 3327.447738][T15449] ? kernel_clone+0xab0/0xab0 [ 3327.447779][T15449] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3327.452659][ T1227] ieee802154 phy1 wpan1: encryption failed: -22 [ 3327.457298][T15449] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3327.491044][T15449] do_syscall_64+0x35/0xb0 [ 3327.495508][T15449] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3327.501434][T15449] RIP: 0033:0x7ff38a48a6a1 [ 3327.505956][T15449] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3327.517313][T15444] bridge2551: port 1(bridge_slave_1) entered disabled state [ 3327.525570][T15449] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3327.525602][T15449] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3327.525618][T15449] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3327.525634][T15449] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3327.525653][T15449] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3327.525671][T15449] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3327.525709][T15449] [ 3327.590057][T15449] memory: usage 307200kB, limit 307200kB, failcnt 5621 [ 3327.597767][T15449] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3327.604672][T15449] Memory cgroup stats for /syz2: [ 3327.604891][T15449] anon 147456 [ 3327.604891][T15449] file 360448 [ 3327.604891][T15449] kernel 314064896 [ 3327.604891][T15449] kernel_stack 65536 [ 3327.604891][T15449] pagetables 81920 [ 3327.604891][T15449] percpu 5433376 [ 3327.604891][T15449] sock 0 [ 3327.604891][T15449] vmalloc 0 [ 3327.604891][T15449] shmem 356352 [ 3327.604891][T15449] zswap 0 [ 3327.604891][T15449] zswapped 0 [ 3327.604891][T15449] file_mapped 356352 [ 3327.604891][T15449] file_dirty 0 [ 3327.604891][T15449] file_writeback 0 [ 3327.604891][T15449] swapcached 0 [ 3327.604891][T15449] anon_thp 0 [ 3327.604891][T15449] file_thp 0 [ 3327.604891][T15449] shmem_thp 0 [ 3327.604891][T15449] inactive_anon 204800 [ 3327.604891][T15449] active_anon 299008 [ 3327.604891][T15449] inactive_file 4096 [ 3327.604891][T15449] active_file 0 [ 3327.604891][T15449] unevictable 0 [ 3327.604891][T15449] slab_reclaimable 58856 [ 3327.604891][T15449] slab_unreclaimable 308387568 [ 3327.604891][T15449] slab 308446424 [ 3327.707363][T15449] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15449,uid=0 [ 3327.710058][T15444] bridge2552: port 1(bridge_slave_1) entered blocking state [ 3327.723181][T15449] Memory cgroup out of memory: Killed process 15449 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3327.754955][T15456] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3327.776646][T15456] CPU: 1 PID: 15456 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3327.786853][T15456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3327.792295][T15444] bridge2552: port 1(bridge_slave_1) entered disabled state [ 3327.796911][T15456] Call Trace: [ 3327.796927][T15456] [ 3327.796938][T15456] dump_stack_lvl+0xcd/0x134 [ 3327.815051][T15456] dump_header+0x10b/0x7f9 [ 3327.819509][T15456] oom_kill_process.cold+0x10/0x15 [ 3327.824652][T15456] out_of_memory+0x358/0x14a0 [ 3327.829359][T15456] ? find_held_lock+0x2d/0x110 [ 3327.834152][T15456] ? oom_killer_disable+0x270/0x270 [ 3327.839387][T15456] ? find_held_lock+0x2d/0x110 [ 3327.844176][T15456] mem_cgroup_out_of_memory+0x206/0x270 [ 3327.849746][T15456] ? mem_cgroup_margin+0x130/0x130 [ 3327.854887][T15456] ? lock_downgrade+0x6e0/0x6e0 [ 3327.859794][T15456] try_charge_memcg+0xf67/0x13f0 [ 3327.864767][T15456] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3327.870769][T15456] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3327.876514][T15456] ? lock_downgrade+0x6e0/0x6e0 [ 3327.881388][T15456] ? lock_downgrade+0x6e0/0x6e0 [ 3327.886375][T15456] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3327.891957][T15456] __alloc_pages+0x1ef/0x510 [ 3327.896599][T15456] ? __alloc_pages_slowpath.constprop.0+0x2240/0x2240 [ 3327.903411][T15456] ? find_held_lock+0x2d/0x110 [ 3327.908218][T15456] alloc_pages+0x1a6/0x270 [ 3327.912671][T15456] pte_alloc_one+0x16/0x230 [ 3327.917203][T15456] __pte_alloc+0x69/0x250 [ 3327.921554][T15456] ? pmd_install+0x150/0x150 [ 3327.923156][T15447] bond0: (slave bridge2552): Enslaving as an active interface with an up link [ 3327.926151][T15456] ? hugepage_vma_check+0x44e/0x780 [ 3327.926184][T15456] ? __pmd_alloc+0x2ff/0x5c0 [ 3327.944827][T15456] __handle_mm_fault+0x310b/0x39b0 [ 3327.946164][T15451] bridge3195: port 1(bridge_slave_1) entered disabled state [ 3327.949961][T15456] ? vm_iomap_memory+0x190/0x190 [ 3327.950018][T15456] handle_mm_fault+0x1c8/0x780 [ 3327.967037][T15456] do_user_addr_fault+0x475/0x1210 [ 3327.972199][T15456] exc_page_fault+0x94/0x170 [ 3327.976833][T15456] asm_exc_page_fault+0x22/0x30 [ 3327.981711][T15456] RIP: 0033:0x7f98a3484695 [ 3327.986151][T15456] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3328.005793][T15456] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3328.011905][T15456] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3328.019911][T15456] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 03:15:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400c33f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3328.027961][T15456] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3328.035972][T15456] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032c6d9 [ 3328.043967][T15456] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3328.052079][T15456] [ 3328.060755][T15456] memory: usage 307196kB, limit 307200kB, failcnt 29213 03:15:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3328.086647][T15456] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3328.096604][T15456] Memory cgroup stats for /syz0: [ 3328.096842][T15456] anon 126976 [ 3328.096842][T15456] file 319488 [ 3328.096842][T15456] kernel 314122240 [ 3328.096842][T15456] kernel_stack 65536 [ 3328.096842][T15456] pagetables 77824 [ 3328.096842][T15456] percpu 5425088 [ 3328.096842][T15456] sock 0 [ 3328.096842][T15456] vmalloc 0 [ 3328.096842][T15456] shmem 319488 [ 3328.096842][T15456] zswap 0 [ 3328.096842][T15456] zswapped 0 [ 3328.096842][T15456] file_mapped 303104 [ 3328.096842][T15456] file_dirty 0 [ 3328.096842][T15456] file_writeback 0 [ 3328.096842][T15456] swapcached 0 [ 3328.096842][T15456] anon_thp 0 [ 3328.096842][T15456] file_thp 0 [ 3328.096842][T15456] shmem_thp 0 [ 3328.096842][T15456] inactive_anon 131072 [ 3328.096842][T15456] active_anon 315392 [ 3328.096842][T15456] inactive_file 0 [ 3328.096842][T15456] active_file 0 [ 3328.096842][T15456] unevictable 0 [ 3328.096842][T15456] slab_reclaimable 226056 [ 3328.096842][T15456] slab_unreclaimable 308290600 [ 3328.096842][T15456] slab 308516656 [ 3328.099306][T15454] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3328.114551][T15456] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15456,uid=0 03:15:49 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000b80b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3328.240974][T15456] Memory cgroup out of memory: Killed process 15456 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3328.266827][T15455] bridge1295: port 1(bridge_slave_1) entered disabled state [ 3328.296581][T15455] bridge1296: port 1(bridge_slave_1) entered blocking state [ 3328.325524][T15455] bridge1296: port 1(bridge_slave_1) entered disabled state [ 3328.360225][T15468] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3328.371173][T15460] bridge4144: port 1(bridge_slave_1) entered disabled state [ 3328.376119][T15468] CPU: 1 PID: 15468 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3328.388715][T15468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3328.398769][T15468] Call Trace: [ 3328.402043][T15468] [ 3328.404973][T15468] dump_stack_lvl+0xcd/0x134 [ 3328.409609][T15468] dump_header+0x10b/0x7f9 [ 3328.414071][T15468] oom_kill_process.cold+0x10/0x15 [ 3328.419238][T15468] out_of_memory+0x358/0x14a0 [ 3328.423944][T15468] ? find_held_lock+0x2d/0x110 [ 3328.428706][T15468] ? oom_killer_disable+0x270/0x270 [ 3328.433923][T15468] ? find_held_lock+0x2d/0x110 [ 3328.438711][T15468] mem_cgroup_out_of_memory+0x206/0x270 [ 3328.444268][T15468] ? mem_cgroup_margin+0x130/0x130 [ 3328.449377][T15468] ? lock_downgrade+0x6e0/0x6e0 [ 3328.454250][T15468] try_charge_memcg+0xf67/0x13f0 [ 3328.459195][T15468] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3328.465180][T15468] ? lock_downgrade+0x6e0/0x6e0 [ 3328.470080][T15468] charge_memcg+0x31/0x320 [ 3328.474534][T15468] __mem_cgroup_charge+0x27/0x90 [ 3328.479493][T15468] ? _compound_head+0x5d/0x150 [ 3328.484260][T15468] wp_page_copy+0x27c/0x1b60 [ 3328.488856][T15468] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3328.494378][T15468] ? lock_downgrade+0x6e0/0x6e0 [ 3328.499266][T15468] ? vm_normal_page+0x146/0x2a0 [ 3328.504146][T15468] do_wp_page+0x1d1/0x1910 [ 3328.508756][T15468] __handle_mm_fault+0x1813/0x39b0 [ 3328.513882][T15468] ? vm_iomap_memory+0x190/0x190 [ 3328.518851][T15468] handle_mm_fault+0x1c8/0x780 [ 3328.523616][T15468] do_user_addr_fault+0x475/0x1210 [ 3328.528750][T15468] exc_page_fault+0x94/0x170 [ 3328.533367][T15468] asm_exc_page_fault+0x22/0x30 [ 3328.538232][T15468] RIP: 0033:0x7f98a34374b0 [ 3328.542671][T15468] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3328.562300][T15468] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3328.568375][T15468] RAX: 00000000bd27bad8 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3328.576363][T15468] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0c76 [ 3328.584347][T15468] RBP: 00000000bd27bad8 R08: 0000000000001ad8 R09: 00000000bd27badc [ 3328.592349][T15468] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3328.600346][T15468] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a3270f 03:15:49 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000b0fd10000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3328.608335][T15468] ? trace_user_exit.constprop.0+0x13f/0x210 [ 3328.614331][T15468] [ 3328.630721][T15468] memory: usage 307176kB, limit 307200kB, failcnt 29247 [ 3328.646877][T15468] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3328.659052][T15468] Memory cgroup stats for /syz0: [ 3328.659237][T15468] anon 106496 [ 3328.659237][T15468] file 319488 [ 3328.659237][T15468] kernel 314118144 [ 3328.659237][T15468] kernel_stack 65536 [ 3328.659237][T15468] pagetables 73728 [ 3328.659237][T15468] percpu 5425088 [ 3328.659237][T15468] sock 0 [ 3328.659237][T15468] vmalloc 0 [ 3328.659237][T15468] shmem 319488 [ 3328.659237][T15468] zswap 0 [ 3328.659237][T15468] zswapped 0 [ 3328.659237][T15468] file_mapped 303104 [ 3328.659237][T15468] file_dirty 0 [ 3328.659237][T15468] file_writeback 0 [ 3328.659237][T15468] swapcached 0 [ 3328.659237][T15468] anon_thp 0 [ 3328.659237][T15468] file_thp 0 [ 3328.659237][T15468] shmem_thp 0 [ 3328.659237][T15468] inactive_anon 102400 [ 3328.659237][T15468] active_anon 315392 [ 3328.659237][T15468] inactive_file 0 [ 3328.659237][T15468] active_file 0 [ 3328.659237][T15468] unevictable 0 [ 3328.659237][T15468] slab_reclaimable 224128 [ 3328.659237][T15468] slab_unreclaimable 308290256 [ 3328.659237][T15468] slab 308514384 [ 3328.708697][T15460] bridge4145: port 1(bridge_slave_1) entered blocking state [ 3328.773048][T15460] bridge4145: port 1(bridge_slave_1) entered disabled state [ 3328.780160][T15468] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15468,uid=0 03:15:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3328.807679][T15468] Memory cgroup out of memory: Killed process 15468 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3328.829100][T15459] bridge4145: port 1(bridge_slave_1) entered blocking state [ 3328.836546][T15459] bridge4145: port 1(bridge_slave_1) entered forwarding state [ 3328.844300][T15467] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3328.856904][T15467] CPU: 1 PID: 15467 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3328.867105][T15467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3328.877187][T15467] Call Trace: [ 3328.880493][T15467] [ 3328.883447][T15467] dump_stack_lvl+0xcd/0x134 [ 3328.888081][T15467] dump_header+0x10b/0x7f9 [ 3328.892542][T15467] oom_kill_process.cold+0x10/0x15 [ 3328.897694][T15467] out_of_memory+0x358/0x14a0 [ 3328.902411][T15467] ? oom_killer_disable+0x270/0x270 [ 3328.907658][T15467] ? find_held_lock+0x2d/0x110 [ 3328.912436][T15467] mem_cgroup_out_of_memory+0x206/0x270 [ 3328.917996][T15467] ? mem_cgroup_margin+0x130/0x130 [ 3328.923116][T15467] ? lock_downgrade+0x6e0/0x6e0 [ 3328.927993][T15467] try_charge_memcg+0xf67/0x13f0 [ 3328.932947][T15467] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3328.938940][T15467] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3328.944676][T15467] ? lock_downgrade+0x6e0/0x6e0 [ 3328.949541][T15467] ? lock_downgrade+0x6e0/0x6e0 [ 3328.954411][T15467] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3328.959970][T15467] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3328.966156][T15467] copy_process+0x607/0x7090 [ 3328.970767][T15467] ? __lock_acquire+0xbc3/0x56d0 [ 3328.975724][T15467] ? __cleanup_sighand+0xb0/0xb0 [ 3328.980688][T15467] kernel_clone+0xe7/0xab0 [ 3328.985113][T15467] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3328.991563][T15467] ? create_io_thread+0xe0/0xe0 [ 3328.996432][T15467] ? find_held_lock+0x2d/0x110 [ 3329.001227][T15467] ? __ct_user_exit+0xff/0x150 [ 3329.006006][T15467] __do_sys_clone+0xba/0x100 [ 3329.010606][T15467] ? kernel_clone+0xab0/0xab0 [ 3329.015308][T15467] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3329.021213][T15467] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3329.027125][T15467] do_syscall_64+0x35/0xb0 [ 3329.031548][T15467] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3329.037453][T15467] RIP: 0033:0x7ff38a48a6a1 [ 3329.041874][T15467] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3329.061490][T15467] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3329.069910][T15467] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3329.077887][T15467] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3329.085863][T15467] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3329.093849][T15467] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3329.101829][T15467] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3329.109826][T15467] [ 3329.133405][T15467] memory: usage 307200kB, limit 307200kB, failcnt 5681 [ 3329.140710][T15467] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3329.148356][T15467] Memory cgroup stats for /syz2: [ 3329.148586][T15467] anon 147456 [ 3329.148586][T15467] file 360448 [ 3329.148586][T15467] kernel 314064896 [ 3329.148586][T15467] kernel_stack 65536 [ 3329.148586][T15467] pagetables 81920 [ 3329.148586][T15467] percpu 5433376 [ 3329.148586][T15467] sock 0 [ 3329.148586][T15467] vmalloc 0 [ 3329.148586][T15467] shmem 356352 [ 3329.148586][T15467] zswap 0 [ 3329.148586][T15467] zswapped 0 [ 3329.148586][T15467] file_mapped 356352 [ 3329.148586][T15467] file_dirty 0 [ 3329.148586][T15467] file_writeback 0 [ 3329.148586][T15467] swapcached 0 [ 3329.148586][T15467] anon_thp 0 [ 3329.148586][T15467] file_thp 0 [ 3329.148586][T15467] shmem_thp 0 [ 3329.148586][T15467] inactive_anon 204800 [ 3329.148586][T15467] active_anon 299008 [ 3329.148586][T15467] inactive_file 0 [ 3329.148586][T15467] active_file 4096 [ 3329.148586][T15467] unevictable 0 [ 3329.148586][T15467] slab_reclaimable 58856 [ 3329.148586][T15467] slab_unreclaimable 308387568 [ 3329.148586][T15467] slab 308446424 [ 3329.200235][T15459] bond0: (slave bridge4145): Enslaving as an active interface with an up link [ 3329.252599][T15467] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15467,uid=0 03:15:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fcd000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3329.271526][T15467] Memory cgroup out of memory: Killed process 15467 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3329.291317][T15465] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3329.344580][T15466] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3329.360856][T15477] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3329.376734][T15477] CPU: 0 PID: 15477 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3329.386938][T15477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3329.397021][T15477] Call Trace: [ 3329.400314][T15477] [ 3329.403281][T15477] dump_stack_lvl+0xcd/0x134 [ 3329.407901][T15477] dump_header+0x10b/0x7f9 [ 3329.410986][T15481] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3329.412339][T15477] oom_kill_process.cold+0x10/0x15 [ 3329.412385][T15477] out_of_memory+0x358/0x14a0 [ 3329.412419][T15477] ? find_held_lock+0x2d/0x110 [ 3329.436253][T15477] ? oom_killer_disable+0x270/0x270 [ 3329.441514][T15477] ? find_held_lock+0x2d/0x110 [ 3329.446331][T15477] mem_cgroup_out_of_memory+0x206/0x270 [ 3329.452026][T15477] ? mem_cgroup_margin+0x130/0x130 [ 3329.457164][T15477] ? lock_downgrade+0x6e0/0x6e0 [ 3329.462058][T15477] try_charge_memcg+0xf67/0x13f0 [ 3329.467122][T15477] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3329.473126][T15477] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3329.474102][T15469] bridge2552: port 1(bridge_slave_1) entered disabled state [ 3329.478854][T15477] ? lock_downgrade+0x6e0/0x6e0 [ 3329.478915][T15477] obj_cgroup_charge+0x2ab/0x5e0 [ 3329.478945][T15477] ? __anon_vma_prepare+0x2d6/0x560 [ 3329.478971][T15477] kmem_cache_alloc+0x96/0x3b0 [ 3329.505994][T15477] __anon_vma_prepare+0x2d6/0x560 [ 3329.511105][T15477] ? __pmd_alloc+0x2ff/0x5c0 [ 3329.515711][T15477] __handle_mm_fault+0x340e/0x39b0 [ 3329.520841][T15477] ? vm_iomap_memory+0x190/0x190 [ 3329.525812][T15477] handle_mm_fault+0x1c8/0x780 [ 3329.530616][T15477] do_user_addr_fault+0x475/0x1210 [ 3329.535756][T15477] exc_page_fault+0x94/0x170 [ 3329.540362][T15477] asm_exc_page_fault+0x22/0x30 [ 3329.545235][T15477] RIP: 0033:0x7f98a3484695 [ 3329.549669][T15477] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3329.569386][T15477] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3329.575466][T15477] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3329.583441][T15477] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3329.591421][T15477] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3329.599398][T15477] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032cd12 [ 3329.607393][T15477] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3329.615393][T15477] [ 3329.640777][T15469] bridge2553: port 1(bridge_slave_1) entered blocking state [ 3329.644817][T15477] memory: usage 307200kB, limit 307200kB, failcnt 29305 [ 3329.649848][T15469] bridge2553: port 1(bridge_slave_1) entered disabled state [ 3329.655656][T15477] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3329.670379][T15477] Memory cgroup stats for /syz0: [ 3329.670622][T15477] anon 126976 [ 3329.670622][T15477] file 319488 [ 3329.670622][T15477] kernel 314126336 [ 3329.670622][T15477] kernel_stack 65536 [ 3329.670622][T15477] pagetables 81920 [ 3329.670622][T15477] percpu 5425088 [ 3329.670622][T15477] sock 0 [ 3329.670622][T15477] vmalloc 0 [ 3329.670622][T15477] shmem 319488 [ 3329.670622][T15477] zswap 0 [ 3329.670622][T15477] zswapped 0 [ 3329.670622][T15477] file_mapped 303104 [ 3329.670622][T15477] file_dirty 0 [ 3329.670622][T15477] file_writeback 0 [ 3329.670622][T15477] swapcached 0 [ 3329.670622][T15477] anon_thp 0 [ 3329.670622][T15477] file_thp 0 [ 3329.670622][T15477] shmem_thp 0 [ 3329.670622][T15477] inactive_anon 126976 [ 3329.670622][T15477] active_anon 315392 [ 3329.670622][T15477] inactive_file 0 [ 3329.670622][T15477] active_file 0 [ 3329.670622][T15477] unevictable 0 [ 3329.670622][T15477] slab_reclaimable 226056 [ 3329.670622][T15477] slab_unreclaimable 308290720 [ 3329.670622][T15477] slab 308516776 [ 3329.704645][T15472] bridge3196: port 1(bridge_slave_1) entered blocking state [ 3329.777269][T15472] bridge3196: port 1(bridge_slave_1) entered disabled state 03:15:51 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000bc0b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fcc000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3329.790913][T15477] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15477,uid=0 [ 3329.817321][T15477] Memory cgroup out of memory: Killed process 15477 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:51 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400c33f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3329.908385][T15473] bond0: (slave bridge2553): Enslaving as an active interface with an up link [ 3329.917886][T15476] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3329.971720][T15483] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3329.994549][T15478] bridge1296: port 1(bridge_slave_1) entered disabled state [ 3330.000666][T15483] CPU: 1 PID: 15483 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3330.012094][T15483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3330.022172][T15483] Call Trace: [ 3330.025458][T15483] [ 3330.028396][T15483] dump_stack_lvl+0xcd/0x134 [ 3330.033006][T15483] dump_header+0x10b/0x7f9 [ 3330.037476][T15483] oom_kill_process.cold+0x10/0x15 [ 3330.042629][T15483] out_of_memory+0x358/0x14a0 [ 3330.047323][T15483] ? find_held_lock+0x2d/0x110 [ 3330.052096][T15483] ? oom_killer_disable+0x270/0x270 [ 3330.057315][T15483] ? find_held_lock+0x2d/0x110 [ 3330.062097][T15483] mem_cgroup_out_of_memory+0x206/0x270 [ 3330.067655][T15483] ? mem_cgroup_margin+0x130/0x130 [ 3330.072811][T15483] ? lock_downgrade+0x6e0/0x6e0 [ 3330.077686][T15483] try_charge_memcg+0xf67/0x13f0 [ 3330.082642][T15483] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3330.088635][T15483] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3330.094365][T15483] ? lock_downgrade+0x6e0/0x6e0 [ 3330.099230][T15483] ? lock_downgrade+0x6e0/0x6e0 [ 3330.104471][T15483] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3330.110039][T15483] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3330.116213][T15483] copy_process+0x145a/0x7090 [ 3330.120911][T15483] ? __lock_acquire+0xbc3/0x56d0 [ 3330.125871][T15483] ? __cleanup_sighand+0xb0/0xb0 [ 3330.130838][T15483] kernel_clone+0xe7/0xab0 [ 3330.135262][T15483] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3330.141256][T15483] ? create_io_thread+0xe0/0xe0 [ 3330.146124][T15483] ? find_held_lock+0x2d/0x110 [ 3330.150900][T15483] ? __ct_user_exit+0xff/0x150 [ 3330.155680][T15483] __do_sys_clone+0xba/0x100 [ 3330.160282][T15483] ? kernel_clone+0xab0/0xab0 [ 3330.164979][T15483] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3330.170903][T15483] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3330.176815][T15483] do_syscall_64+0x35/0xb0 [ 3330.181240][T15483] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3330.187147][T15483] RIP: 0033:0x7ff38a48a6a1 [ 3330.191569][T15483] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3330.211206][T15483] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3330.219714][T15483] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3330.227693][T15483] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3330.235771][T15483] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3330.243747][T15483] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3330.251723][T15483] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3330.259717][T15483] [ 3330.275576][T15483] memory: usage 307200kB, limit 307200kB, failcnt 5747 [ 3330.288677][T15483] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3330.302297][T15478] bridge1297: port 1(bridge_slave_1) entered blocking state [ 3330.310164][T15483] Memory cgroup stats for /syz2: [ 3330.310425][T15483] anon 147456 [ 3330.310425][T15483] file 360448 [ 3330.310425][T15483] kernel 314064896 [ 3330.310425][T15483] kernel_stack 65536 [ 3330.310425][T15483] pagetables 81920 [ 3330.310425][T15483] percpu 5433376 [ 3330.310425][T15483] sock 0 [ 3330.310425][T15483] vmalloc 0 [ 3330.310425][T15483] shmem 356352 [ 3330.310425][T15483] zswap 0 [ 3330.310425][T15483] zswapped 0 [ 3330.310425][T15483] file_mapped 356352 [ 3330.310425][T15483] file_dirty 0 [ 3330.310425][T15483] file_writeback 0 [ 3330.310425][T15483] swapcached 0 [ 3330.310425][T15483] anon_thp 0 [ 3330.310425][T15483] file_thp 0 [ 3330.310425][T15483] shmem_thp 0 [ 3330.310425][T15483] inactive_anon 204800 [ 3330.310425][T15483] active_anon 299008 [ 3330.310425][T15483] inactive_file 0 [ 3330.310425][T15483] active_file 4096 [ 3330.310425][T15483] unevictable 0 [ 3330.310425][T15483] slab_reclaimable 58856 [ 3330.310425][T15483] slab_unreclaimable 308387568 [ 3330.310425][T15483] slab 308446424 [ 3330.310788][T15478] bridge1297: port 1(bridge_slave_1) entered disabled state 03:15:51 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400ba3f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3330.315663][T15483] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 3330.420845][T15481] bridge4145: port 1(bridge_slave_1) entered disabled state [ 3330.428195][T15483] ,cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15483,uid=0 [ 3330.477353][T15483] Memory cgroup out of memory: Killed process 15483 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3330.481519][T15481] bridge4146: port 1(bridge_slave_1) entered blocking state [ 3330.511915][T15481] bridge4146: port 1(bridge_slave_1) entered disabled state [ 3330.534979][T15487] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3330.540283][T15482] bridge4146: port 1(bridge_slave_1) entered blocking state [ 3330.552612][T15482] bridge4146: port 1(bridge_slave_1) entered forwarding state [ 3330.553903][T15487] CPU: 1 PID: 15487 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3330.570240][T15487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3330.580317][T15487] Call Trace: [ 3330.583619][T15487] [ 3330.586573][T15487] dump_stack_lvl+0xcd/0x134 [ 3330.591201][T15487] dump_header+0x10b/0x7f9 [ 3330.593370][T15482] bond0: (slave bridge4146): Enslaving as an active interface with an up link [ 3330.595633][T15487] oom_kill_process.cold+0x10/0x15 [ 3330.595673][T15487] out_of_memory+0x358/0x14a0 [ 3330.614333][T15487] ? find_held_lock+0x2d/0x110 [ 3330.615593][T15488] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3330.619115][T15487] ? oom_killer_disable+0x270/0x270 [ 3330.619159][T15487] ? find_held_lock+0x2d/0x110 [ 3330.619187][T15487] mem_cgroup_out_of_memory+0x206/0x270 [ 3330.619213][T15487] ? mem_cgroup_margin+0x130/0x130 [ 3330.619235][T15487] ? lock_downgrade+0x6e0/0x6e0 [ 3330.619276][T15487] try_charge_memcg+0xf67/0x13f0 [ 3330.619311][T15487] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3330.619339][T15487] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3330.619365][T15487] ? lock_downgrade+0x6e0/0x6e0 [ 3330.619413][T15487] obj_cgroup_charge+0x2ab/0x5e0 03:15:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fce000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3330.619442][T15487] ? __anon_vma_prepare+0x2d6/0x560 [ 3330.619467][T15487] kmem_cache_alloc+0x96/0x3b0 [ 3330.619500][T15487] __anon_vma_prepare+0x2d6/0x560 [ 3330.619523][T15487] ? __pmd_alloc+0x2ff/0x5c0 [ 3330.619551][T15487] __handle_mm_fault+0x340e/0x39b0 [ 3330.619585][T15487] ? vm_iomap_memory+0x190/0x190 [ 3330.619638][T15487] handle_mm_fault+0x1c8/0x780 [ 3330.619668][T15487] do_user_addr_fault+0x475/0x1210 [ 3330.619709][T15487] exc_page_fault+0x94/0x170 [ 3330.619741][T15487] asm_exc_page_fault+0x22/0x30 [ 3330.686386][T15490] bridge3196: port 1(bridge_slave_1) entered disabled state [ 3330.690977][T15487] RIP: 0033:0x7f98a3484695 [ 3330.691007][T15487] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3330.691029][T15487] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3330.691049][T15487] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3330.691065][T15487] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 03:15:52 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000c00b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3330.784257][T15487] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3330.792240][T15487] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032d1ac [ 3330.800219][T15487] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3330.808227][T15487] [ 3330.829340][T15487] memory: usage 307200kB, limit 307200kB, failcnt 29373 [ 3330.850001][T15487] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3330.861521][T15487] Memory cgroup stats for /syz0: [ 3330.861694][T15487] anon 126976 [ 3330.861694][T15487] file 319488 [ 3330.861694][T15487] kernel 314114048 [ 3330.861694][T15487] kernel_stack 65536 [ 3330.861694][T15487] pagetables 81920 [ 3330.861694][T15487] percpu 5425088 [ 3330.861694][T15487] sock 0 [ 3330.861694][T15487] vmalloc 0 [ 3330.861694][T15487] shmem 319488 [ 3330.861694][T15487] zswap 0 [ 3330.861694][T15487] zswapped 0 [ 3330.861694][T15487] file_mapped 303104 [ 3330.861694][T15487] file_dirty 0 [ 3330.861694][T15487] file_writeback 0 [ 3330.861694][T15487] swapcached 0 [ 3330.861694][T15487] anon_thp 0 [ 3330.861694][T15487] file_thp 0 [ 3330.861694][T15487] shmem_thp 0 [ 3330.861694][T15487] inactive_anon 131072 [ 3330.861694][T15487] active_anon 315392 [ 3330.861694][T15487] inactive_file 0 [ 3330.861694][T15487] active_file 0 [ 3330.861694][T15487] unevictable 0 [ 3330.861694][T15487] slab_reclaimable 226056 [ 3330.861694][T15487] slab_unreclaimable 308279624 [ 3330.861694][T15487] slab 308505680 [ 3330.864561][T15490] bridge3197: port 1(bridge_slave_1) entered blocking state [ 3330.870319][T15487] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 3331.011912][T15490] bridge3197: port 1(bridge_slave_1) entered disabled state [ 3331.018449][T15487] ,cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15487,uid=0 03:15:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3331.046361][T15487] Memory cgroup out of memory: Killed process 15487 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3331.095090][T15507] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3331.106445][T15494] bond0: (slave bridge3197): Enslaving as an active interface with an up link [ 3331.119476][T15507] CPU: 0 PID: 15507 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3331.125656][T15493] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3331.129654][T15507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3331.129673][T15507] Call Trace: [ 3331.129681][T15507] [ 3331.129692][T15507] dump_stack_lvl+0xcd/0x134 [ 3331.129727][T15507] dump_header+0x10b/0x7f9 [ 3331.129759][T15507] oom_kill_process.cold+0x10/0x15 [ 3331.129793][T15507] out_of_memory+0x358/0x14a0 [ 3331.129825][T15507] ? find_held_lock+0x2d/0x110 [ 3331.129849][T15507] ? oom_killer_disable+0x270/0x270 [ 3331.184195][T15507] ? find_held_lock+0x2d/0x110 [ 3331.188993][T15507] mem_cgroup_out_of_memory+0x206/0x270 [ 3331.194570][T15507] ? mem_cgroup_margin+0x130/0x130 [ 3331.199715][T15507] ? lock_downgrade+0x6e0/0x6e0 [ 3331.204621][T15507] try_charge_memcg+0xf67/0x13f0 [ 3331.209603][T15507] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3331.215619][T15507] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3331.221360][T15507] ? lock_downgrade+0x6e0/0x6e0 [ 3331.226215][T15507] ? lock_downgrade+0x6e0/0x6e0 [ 3331.231082][T15507] ? rcu_read_unlock+0x9/0x60 [ 3331.235793][T15507] obj_cgroup_charge+0x2ab/0x5e0 [ 3331.240757][T15507] ? copy_process+0x4ce/0x7090 [ 3331.245543][T15507] kmem_cache_alloc_node+0x92/0x3f0 [ 3331.250767][T15507] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3331.256026][T15507] copy_process+0x4ce/0x7090 [ 3331.260643][T15507] ? __lock_acquire+0xbc3/0x56d0 [ 3331.265605][T15507] ? __cleanup_sighand+0xb0/0xb0 [ 3331.270584][T15507] kernel_clone+0xe7/0xab0 [ 3331.275024][T15507] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3331.281027][T15507] ? create_io_thread+0xe0/0xe0 [ 3331.285899][T15507] ? find_held_lock+0x2d/0x110 [ 3331.290679][T15507] ? __ct_user_exit+0xff/0x150 [ 3331.295462][T15507] __do_sys_clone+0xba/0x100 [ 3331.300069][T15507] ? kernel_clone+0xab0/0xab0 [ 3331.304770][T15507] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3331.310678][T15507] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3331.316589][T15507] do_syscall_64+0x35/0xb0 [ 3331.321017][T15507] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3331.326942][T15507] RIP: 0033:0x7ff38a48a6a1 [ 3331.331365][T15507] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3331.350997][T15507] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3331.359436][T15507] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3331.367415][T15507] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3331.375394][T15507] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3331.383371][T15507] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce 03:15:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400b83f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3331.391350][T15507] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3331.399372][T15507] [ 3331.412905][T15507] memory: usage 307200kB, limit 307200kB, failcnt 5815 [ 3331.432507][T15507] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3331.440265][T15496] bridge2553: port 1(bridge_slave_1) entered disabled state [ 3331.448156][T15507] Memory cgroup stats for /syz2: [ 3331.448373][T15507] anon 147456 [ 3331.448373][T15507] file 360448 [ 3331.448373][T15507] kernel 314052608 [ 3331.448373][T15507] kernel_stack 65536 [ 3331.448373][T15507] pagetables 81920 [ 3331.448373][T15507] percpu 5433376 [ 3331.448373][T15507] sock 0 [ 3331.448373][T15507] vmalloc 0 [ 3331.448373][T15507] shmem 356352 [ 3331.448373][T15507] zswap 0 [ 3331.448373][T15507] zswapped 0 [ 3331.448373][T15507] file_mapped 356352 [ 3331.448373][T15507] file_dirty 4096 [ 3331.448373][T15507] file_writeback 0 [ 3331.448373][T15507] swapcached 0 [ 3331.448373][T15507] anon_thp 0 [ 3331.448373][T15507] file_thp 0 [ 3331.448373][T15507] shmem_thp 0 [ 3331.448373][T15507] inactive_anon 204800 [ 3331.448373][T15507] active_anon 299008 [ 3331.448373][T15507] inactive_file 0 [ 3331.448373][T15507] active_file 4096 [ 3331.448373][T15507] unevictable 0 [ 3331.448373][T15507] slab_reclaimable 58856 [ 3331.448373][T15507] slab_unreclaimable 308382112 [ 3331.448373][T15507] slab 308440968 [ 3331.562547][T15507] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15507,uid=0 [ 3331.565399][T15496] bridge2554: port 1(bridge_slave_1) entered blocking state [ 3331.586301][T15496] bridge2554: port 1(bridge_slave_1) entered disabled state [ 3331.587773][T15507] Memory cgroup out of memory: Killed process 15507 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:52 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0xf0ffff, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) [ 3331.646735][T15498] bond0: (slave bridge2554): Enslaving as an active interface with an up link [ 3331.650449][T15509] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3331.656409][T15499] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3331.717868][T15509] CPU: 1 PID: 15509 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3331.728080][T15509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3331.738171][T15509] Call Trace: [ 3331.741481][T15509] [ 3331.744431][T15509] dump_stack_lvl+0xcd/0x134 [ 3331.748940][T15502] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3331.749052][T15509] dump_header+0x10b/0x7f9 [ 3331.749093][T15509] oom_kill_process.cold+0x10/0x15 [ 3331.767901][T15509] out_of_memory+0x358/0x14a0 [ 3331.772620][T15509] ? find_held_lock+0x2d/0x110 [ 3331.777441][T15509] ? oom_killer_disable+0x270/0x270 [ 3331.782681][T15509] ? find_held_lock+0x2d/0x110 [ 3331.787473][T15509] mem_cgroup_out_of_memory+0x206/0x270 [ 3331.793055][T15509] ? mem_cgroup_margin+0x130/0x130 [ 3331.798190][T15509] ? lock_downgrade+0x6e0/0x6e0 [ 3331.803072][T15509] try_charge_memcg+0xf67/0x13f0 [ 3331.804810][T15503] bridge4146: port 1(bridge_slave_1) entered disabled state [ 3331.808028][T15509] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3331.808064][T15509] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3331.808093][T15509] ? lock_downgrade+0x6e0/0x6e0 [ 3331.808140][T15509] obj_cgroup_charge+0x2ab/0x5e0 [ 3331.836866][T15509] ? __anon_vma_prepare+0x2d6/0x560 [ 3331.842067][T15509] kmem_cache_alloc+0x96/0x3b0 [ 3331.846849][T15509] __anon_vma_prepare+0x2d6/0x560 [ 3331.851895][T15509] ? __pmd_alloc+0x2ff/0x5c0 [ 3331.856491][T15509] __handle_mm_fault+0x340e/0x39b0 [ 3331.861610][T15509] ? vm_iomap_memory+0x190/0x190 [ 3331.866565][T15509] handle_mm_fault+0x1c8/0x780 [ 3331.871348][T15509] do_user_addr_fault+0x475/0x1210 [ 3331.876496][T15509] exc_page_fault+0x94/0x170 [ 3331.881093][T15509] asm_exc_page_fault+0x22/0x30 [ 3331.885943][T15509] RIP: 0033:0x7f98a3484695 [ 3331.890380][T15509] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3331.910017][T15509] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3331.916107][T15509] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3331.924081][T15509] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3331.932053][T15509] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3331.940110][T15509] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032d612 [ 3331.948170][T15509] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3331.956197][T15509] [ 3331.971869][T15509] memory: usage 307200kB, limit 307200kB, failcnt 29448 [ 3331.979072][T15509] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3331.986050][T15509] Memory cgroup stats for /syz0: [ 3331.986280][T15509] anon 126976 [ 3331.986280][T15509] file 319488 [ 3331.986280][T15509] kernel 314114048 [ 3331.986280][T15509] kernel_stack 65536 [ 3331.986280][T15509] pagetables 81920 [ 3331.986280][T15509] percpu 5425088 [ 3331.986280][T15509] sock 0 [ 3331.986280][T15509] vmalloc 0 [ 3331.986280][T15509] shmem 319488 [ 3331.986280][T15509] zswap 0 [ 3331.986280][T15509] zswapped 0 [ 3331.986280][T15509] file_mapped 303104 [ 3331.986280][T15509] file_dirty 0 [ 3331.986280][T15509] file_writeback 0 [ 3331.986280][T15509] swapcached 0 [ 3331.986280][T15509] anon_thp 0 [ 3331.986280][T15509] file_thp 0 [ 3331.986280][T15509] shmem_thp 0 [ 3331.986280][T15509] inactive_anon 131072 [ 3331.986280][T15509] active_anon 315392 [ 3331.986280][T15509] inactive_file 0 [ 3331.986280][T15509] active_file 0 [ 3331.986280][T15509] unevictable 0 [ 3331.986280][T15509] slab_reclaimable 226056 [ 3331.986280][T15509] slab_unreclaimable 308281424 [ 3331.986280][T15509] slab 308507480 [ 3332.034416][T15503] bridge4147: port 1(bridge_slave_1) entered blocking state [ 3332.080863][T15509] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15509,uid=0 03:15:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3332.106617][T15509] Memory cgroup out of memory: Killed process 15509 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3332.133414][T15503] bridge4147: port 1(bridge_slave_1) entered disabled state [ 3332.153257][T15504] bridge1297: port 1(bridge_slave_1) entered disabled state [ 3332.180657][T15504] bridge1298: port 1(bridge_slave_1) entered blocking state [ 3332.188392][T15504] bridge1298: port 1(bridge_slave_1) entered disabled state [ 3332.225189][T15505] bridge4147: port 1(bridge_slave_1) entered blocking state [ 3332.232502][T15518] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3332.232544][T15518] CPU: 0 PID: 15518 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3332.232569][T15518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3332.232582][T15518] Call Trace: [ 3332.232590][T15518] [ 3332.232603][T15518] dump_stack_lvl+0xcd/0x134 [ 3332.244748][T15505] bridge4147: port 1(bridge_slave_1) entered forwarding state [ 3332.254799][T15518] dump_header+0x10b/0x7f9 [ 3332.254843][T15518] oom_kill_process.cold+0x10/0x15 [ 3332.254874][T15518] out_of_memory+0x358/0x14a0 [ 3332.297432][T15518] ? find_held_lock+0x2d/0x110 [ 3332.302305][T15518] ? oom_killer_disable+0x270/0x270 [ 3332.307551][T15518] ? find_held_lock+0x2d/0x110 [ 3332.307649][T15505] bond0: (slave bridge4147): Enslaving as an active interface with an up link [ 3332.312766][T15518] mem_cgroup_out_of_memory+0x206/0x270 [ 3332.312808][T15518] ? mem_cgroup_margin+0x130/0x130 [ 3332.332614][T15518] ? lock_downgrade+0x6e0/0x6e0 [ 3332.337498][T15518] try_charge_memcg+0xf67/0x13f0 [ 3332.342459][T15518] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3332.348464][T15518] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3332.354214][T15518] ? lock_downgrade+0x6e0/0x6e0 [ 3332.359084][T15518] ? lock_downgrade+0x6e0/0x6e0 [ 3332.363970][T15518] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3332.369539][T15518] __alloc_pages+0x1ef/0x510 [ 3332.374147][T15518] ? __alloc_pages_slowpath.constprop.0+0x2240/0x2240 [ 3332.380949][T15518] ? find_held_lock+0x2d/0x110 [ 3332.385759][T15518] alloc_pages+0x1a6/0x270 [ 3332.390289][T15518] pte_alloc_one+0x16/0x230 [ 3332.394810][T15518] __pte_alloc+0x69/0x250 [ 3332.399174][T15518] ? pmd_install+0x150/0x150 [ 3332.403775][T15518] ? hugepage_vma_check+0x44e/0x780 [ 3332.408991][T15518] ? __pmd_alloc+0x2ff/0x5c0 [ 3332.413597][T15518] __handle_mm_fault+0x310b/0x39b0 [ 3332.418724][T15518] ? vm_iomap_memory+0x190/0x190 [ 3332.423694][T15518] handle_mm_fault+0x1c8/0x780 [ 3332.428473][T15518] do_user_addr_fault+0x475/0x1210 [ 3332.433607][T15518] exc_page_fault+0x94/0x170 [ 3332.438212][T15518] asm_exc_page_fault+0x22/0x30 [ 3332.443089][T15518] RIP: 0033:0x7f98a3484695 [ 3332.447523][T15518] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3332.467145][T15518] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 03:15:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fcf000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3332.473220][T15518] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3332.481194][T15518] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3332.489169][T15518] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3332.497144][T15518] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032d85b [ 3332.505123][T15518] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3332.513120][T15518] [ 3332.557304][T15518] memory: usage 307200kB, limit 307200kB, failcnt 29513 [ 3332.564488][T15518] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3332.580482][T15518] Memory cgroup stats for /syz0: [ 3332.580670][T15518] anon 126976 [ 3332.580670][T15518] file 319488 [ 3332.580670][T15518] kernel 314126336 [ 3332.580670][T15518] kernel_stack 65536 [ 3332.580670][T15518] pagetables 77824 [ 3332.580670][T15518] percpu 5425088 [ 3332.580670][T15518] sock 0 [ 3332.580670][T15518] vmalloc 0 [ 3332.580670][T15518] shmem 319488 [ 3332.580670][T15518] zswap 0 [ 3332.580670][T15518] zswapped 0 [ 3332.580670][T15518] file_mapped 303104 [ 3332.580670][T15518] file_dirty 0 [ 3332.580670][T15518] file_writeback 0 [ 3332.580670][T15518] swapcached 0 [ 3332.580670][T15518] anon_thp 0 [ 3332.580670][T15518] file_thp 0 [ 3332.580670][T15518] shmem_thp 0 [ 3332.580670][T15518] inactive_anon 106496 [ 3332.580670][T15518] active_anon 315392 [ 3332.580670][T15518] inactive_file 0 [ 3332.580670][T15518] active_file 0 [ 3332.580670][T15518] unevictable 0 [ 3332.580670][T15518] slab_reclaimable 226056 [ 3332.580670][T15518] slab_unreclaimable 308290600 [ 3332.580670][T15518] slab 308516656 [ 3332.588143][T15506] bond0: (slave bridge1298): Enslaving as an active interface with an up link [ 3332.690955][T15518] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15518,uid=0 03:15:54 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000c80b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:54 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400ba3f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3332.712448][T15518] Memory cgroup out of memory: Killed process 15518 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3332.748871][T15513] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3332.820922][T15514] bridge3197: port 1(bridge_slave_1) entered disabled state [ 3332.850620][T15514] bridge3198: port 1(bridge_slave_1) entered blocking state [ 3332.858383][T15514] bridge3198: port 1(bridge_slave_1) entered disabled state [ 3332.896719][T15523] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3332.908235][T15523] CPU: 1 PID: 15523 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3332.918432][T15523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3332.927238][T15515] bond0: (slave bridge3198): Enslaving as an active interface with an up link [ 3332.928571][T15523] Call Trace: [ 3332.928581][T15523] 03:15:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400b83f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3332.928591][T15523] dump_stack_lvl+0xcd/0x134 [ 3332.928627][T15523] dump_header+0x10b/0x7f9 [ 3332.928662][T15523] oom_kill_process.cold+0x10/0x15 [ 3332.928692][T15523] out_of_memory+0x358/0x14a0 [ 3332.928725][T15523] ? find_held_lock+0x2d/0x110 [ 3332.967339][T15523] ? oom_killer_disable+0x270/0x270 [ 3332.972581][T15523] ? find_held_lock+0x2d/0x110 [ 3332.977392][T15523] mem_cgroup_out_of_memory+0x206/0x270 [ 3332.983004][T15523] ? mem_cgroup_margin+0x130/0x130 [ 3332.988153][T15523] ? lock_downgrade+0x6e0/0x6e0 [ 3332.993016][T15523] try_charge_memcg+0xf67/0x13f0 [ 3332.998150][T15523] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3333.004148][T15523] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3333.009883][T15523] ? lock_downgrade+0x6e0/0x6e0 [ 3333.014753][T15523] ? lock_downgrade+0x6e0/0x6e0 [ 3333.019609][T15523] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3333.025159][T15523] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3333.031317][T15523] copy_process+0x145a/0x7090 [ 3333.036016][T15523] ? __lock_acquire+0xbc3/0x56d0 [ 3333.040990][T15523] ? __cleanup_sighand+0xb0/0xb0 [ 3333.045939][T15523] kernel_clone+0xe7/0xab0 [ 3333.050356][T15523] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3333.056339][T15523] ? create_io_thread+0xe0/0xe0 [ 3333.061193][T15523] ? find_held_lock+0x2d/0x110 [ 3333.065954][T15523] ? __ct_user_exit+0xff/0x150 [ 3333.070721][T15523] __do_sys_clone+0xba/0x100 [ 3333.075308][T15523] ? kernel_clone+0xab0/0xab0 [ 3333.079998][T15523] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3333.085895][T15523] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3333.091835][T15523] do_syscall_64+0x35/0xb0 [ 3333.096263][T15523] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3333.102196][T15523] RIP: 0033:0x7ff38a48a6a1 [ 3333.106710][T15523] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3333.126346][T15523] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3333.134776][T15523] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 03:15:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0xf0ffff, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) [ 3333.142757][T15523] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3333.150750][T15523] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3333.158730][T15523] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3333.166985][T15523] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3333.175005][T15523] [ 3333.194630][T15523] memory: usage 307200kB, limit 307200kB, failcnt 5894 [ 3333.209634][T15523] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3333.222932][T15522] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3333.224708][T15523] Memory cgroup stats for /syz2: [ 3333.234644][T15523] anon 147456 [ 3333.234644][T15523] file 360448 [ 3333.234644][T15523] kernel 314064896 [ 3333.234644][T15523] kernel_stack 65536 [ 3333.234644][T15523] pagetables 81920 [ 3333.234644][T15523] percpu 5433376 [ 3333.234644][T15523] sock 0 [ 3333.234644][T15523] vmalloc 0 [ 3333.234644][T15523] shmem 356352 [ 3333.234644][T15523] zswap 0 [ 3333.234644][T15523] zswapped 0 [ 3333.234644][T15523] file_mapped 356352 [ 3333.234644][T15523] file_dirty 4096 [ 3333.234644][T15523] file_writeback 0 [ 3333.234644][T15523] swapcached 0 [ 3333.234644][T15523] anon_thp 0 [ 3333.234644][T15523] file_thp 0 [ 3333.234644][T15523] shmem_thp 0 [ 3333.234644][T15523] inactive_anon 204800 [ 3333.234644][T15523] active_anon 299008 [ 3333.234644][T15523] inactive_file 0 [ 3333.234644][T15523] active_file 4096 [ 3333.234644][T15523] unevictable 0 [ 3333.234644][T15523] slab_reclaimable 58856 [ 3333.234644][T15523] slab_unreclaimable 308387568 [ 3333.234644][T15523] slab 308446424 [ 3333.343171][T15523] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15523,uid=0 [ 3333.365350][T15523] Memory cgroup out of memory: Killed process 15523 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3333.370268][T15527] bridge4147: port 1(bridge_slave_1) entered disabled state [ 3333.417225][T15528] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3333.425823][T15527] bridge4148: port 1(bridge_slave_1) entered blocking state [ 3333.436377][T15527] bridge4148: port 1(bridge_slave_1) entered disabled state [ 3333.442200][T15528] CPU: 0 PID: 15528 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3333.453891][T15528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3333.463973][T15528] Call Trace: 03:15:54 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000d00b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3333.467277][T15528] [ 3333.470236][T15528] dump_stack_lvl+0xcd/0x134 [ 3333.474952][T15528] dump_header+0x10b/0x7f9 [ 3333.479415][T15528] oom_kill_process.cold+0x10/0x15 [ 3333.484746][T15528] out_of_memory+0x358/0x14a0 [ 3333.489467][T15528] ? find_held_lock+0x2d/0x110 [ 3333.494254][T15528] ? oom_killer_disable+0x270/0x270 [ 3333.499486][T15528] ? find_held_lock+0x2d/0x110 [ 3333.504268][T15528] mem_cgroup_out_of_memory+0x206/0x270 [ 3333.509833][T15528] ? mem_cgroup_margin+0x130/0x130 [ 3333.514981][T15528] ? lock_downgrade+0x6e0/0x6e0 [ 3333.519859][T15528] try_charge_memcg+0xf67/0x13f0 [ 3333.524818][T15528] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3333.530818][T15528] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3333.536551][T15528] ? lock_downgrade+0x6e0/0x6e0 [ 3333.541432][T15528] obj_cgroup_charge+0x2ab/0x5e0 [ 3333.546393][T15528] ? __anon_vma_prepare+0x60/0x560 [ 3333.551514][T15528] kmem_cache_alloc+0x96/0x3b0 [ 3333.556313][T15528] __anon_vma_prepare+0x60/0x560 [ 3333.561283][T15528] ? __pmd_alloc+0x2ff/0x5c0 [ 3333.565927][T15528] __handle_mm_fault+0x340e/0x39b0 [ 3333.571063][T15528] ? vm_iomap_memory+0x190/0x190 [ 3333.576052][T15528] handle_mm_fault+0x1c8/0x780 [ 3333.580831][T15528] do_user_addr_fault+0x475/0x1210 [ 3333.585966][T15528] exc_page_fault+0x94/0x170 [ 3333.590571][T15528] asm_exc_page_fault+0x22/0x30 [ 3333.595429][T15528] RIP: 0033:0x7f98a3484695 [ 3333.599866][T15528] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3333.619602][T15528] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3333.625679][T15528] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3333.633654][T15528] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3333.641631][T15528] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3333.649606][T15528] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032dd02 [ 3333.657600][T15528] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3333.665600][T15528] [ 3333.717006][T15528] memory: usage 307200kB, limit 307200kB, failcnt 29612 [ 3333.733883][T15528] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3333.748735][T15528] Memory cgroup stats for /syz0: [ 3333.748921][T15528] anon 126976 [ 3333.748921][T15528] file 319488 [ 3333.748921][T15528] kernel 314126336 [ 3333.748921][T15528] kernel_stack 65536 [ 3333.748921][T15528] pagetables 81920 [ 3333.748921][T15528] percpu 5425088 [ 3333.748921][T15528] sock 0 [ 3333.748921][T15528] vmalloc 0 [ 3333.748921][T15528] shmem 319488 [ 3333.748921][T15528] zswap 0 [ 3333.748921][T15528] zswapped 0 [ 3333.748921][T15528] file_mapped 303104 [ 3333.748921][T15528] file_dirty 0 [ 3333.748921][T15528] file_writeback 0 [ 3333.748921][T15528] swapcached 0 [ 3333.748921][T15528] anon_thp 0 [ 3333.748921][T15528] file_thp 0 [ 3333.748921][T15528] shmem_thp 0 [ 3333.748921][T15528] inactive_anon 131072 [ 3333.748921][T15528] active_anon 315392 [ 3333.748921][T15528] inactive_file 0 [ 3333.748921][T15528] active_file 0 [ 3333.748921][T15528] unevictable 0 [ 3333.748921][T15528] slab_reclaimable 226056 [ 3333.748921][T15528] slab_unreclaimable 308290600 [ 3333.748921][T15528] slab 308516656 [ 3333.762705][T15531] bridge4148: port 1(bridge_slave_1) entered blocking state [ 3333.849648][T15531] bridge4148: port 1(bridge_slave_1) entered forwarding state [ 3333.871920][T15528] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15528,uid=0 [ 3333.888479][T15528] Memory cgroup out of memory: Killed process 15528 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3333.907276][T15541] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3333.930758][T15531] bond0: (slave bridge4148): Enslaving as an active interface with an up link [ 3333.940054][T15541] CPU: 1 PID: 15541 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3333.950249][T15541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3333.960338][T15541] Call Trace: [ 3333.963669][T15541] [ 3333.966631][T15541] dump_stack_lvl+0xcd/0x134 [ 3333.968180][T15532] bridge1298: port 1(bridge_slave_1) entered disabled state [ 3333.971240][T15541] dump_header+0x10b/0x7f9 [ 3333.982954][T15541] oom_kill_process.cold+0x10/0x15 [ 3333.988105][T15541] out_of_memory+0x358/0x14a0 [ 3333.992845][T15541] ? oom_killer_disable+0x270/0x270 [ 3333.998095][T15541] ? find_held_lock+0x2d/0x110 [ 3334.002896][T15541] mem_cgroup_out_of_memory+0x206/0x270 [ 3334.008477][T15541] ? mem_cgroup_margin+0x130/0x130 [ 3334.013625][T15541] ? lock_downgrade+0x6e0/0x6e0 [ 3334.018523][T15541] try_charge_memcg+0xf67/0x13f0 [ 3334.023507][T15541] ? mem_cgroup_handle_over_high+0x510/0x510 03:15:55 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000b3fd0000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3334.029524][T15541] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3334.035281][T15541] ? lock_downgrade+0x6e0/0x6e0 [ 3334.040173][T15541] ? lock_downgrade+0x6e0/0x6e0 [ 3334.045074][T15541] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3334.050655][T15541] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3334.056851][T15541] copy_process+0x607/0x7090 [ 3334.061480][T15541] ? find_held_lock+0x2d/0x110 [ 3334.066292][T15541] ? __cleanup_sighand+0xb0/0xb0 [ 3334.071297][T15541] kernel_clone+0xe7/0xab0 [ 3334.075746][T15541] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3334.081750][T15541] ? create_io_thread+0xe0/0xe0 [ 3334.086604][T15541] ? find_held_lock+0x2d/0x110 [ 3334.091387][T15541] ? __ct_user_exit+0xff/0x150 [ 3334.096186][T15541] __do_sys_clone+0xba/0x100 [ 3334.100809][T15541] ? kernel_clone+0xab0/0xab0 [ 3334.105529][T15541] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3334.111439][T15541] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3334.117381][T15541] do_syscall_64+0x35/0xb0 [ 3334.121823][T15541] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3334.127756][T15541] RIP: 0033:0x7ff38a48a6a1 [ 3334.132198][T15541] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3334.151847][T15541] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3334.160290][T15541] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3334.168290][T15541] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 03:15:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3334.176286][T15541] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3334.184271][T15541] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3334.192249][T15541] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3334.200269][T15541] [ 3334.220198][T15532] bridge1299: port 1(bridge_slave_1) entered blocking state [ 3334.231000][T15532] bridge1299: port 1(bridge_slave_1) entered disabled state [ 3334.238037][T15541] memory: usage 307200kB, limit 307200kB, failcnt 5974 [ 3334.254411][T15541] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3334.268993][T15541] Memory cgroup stats for /syz2: [ 3334.269156][T15541] anon 147456 [ 3334.269156][T15541] file 360448 [ 3334.269156][T15541] kernel 314064896 [ 3334.269156][T15541] kernel_stack 65536 [ 3334.269156][T15541] pagetables 81920 [ 3334.269156][T15541] percpu 5433376 [ 3334.269156][T15541] sock 0 [ 3334.269156][T15541] vmalloc 0 [ 3334.269156][T15541] shmem 356352 [ 3334.269156][T15541] zswap 0 [ 3334.269156][T15541] zswapped 0 [ 3334.269156][T15541] file_mapped 356352 [ 3334.269156][T15541] file_dirty 4096 [ 3334.269156][T15541] file_writeback 0 [ 3334.269156][T15541] swapcached 0 [ 3334.269156][T15541] anon_thp 0 [ 3334.269156][T15541] file_thp 0 [ 3334.269156][T15541] shmem_thp 0 [ 3334.269156][T15541] inactive_anon 204800 [ 3334.269156][T15541] active_anon 299008 [ 3334.269156][T15541] inactive_file 0 [ 3334.269156][T15541] active_file 4096 [ 3334.269156][T15541] unevictable 0 [ 3334.269156][T15541] slab_reclaimable 58856 [ 3334.269156][T15541] slab_unreclaimable 308387568 [ 3334.269156][T15541] slab 308446424 [ 3334.302045][T15533] bond0: (slave bridge1299): Enslaving as an active interface with an up link 03:15:55 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400ba3f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3334.378431][T15541] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15541,uid=0 [ 3334.388052][T15536] __nla_validate_parse: 1 callbacks suppressed [ 3334.388069][T15536] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3334.399033][T15541] Memory cgroup out of memory: Killed process 15541 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3334.475206][T15548] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3334.479096][T15537] bridge3198: port 1(bridge_slave_1) entered disabled state [ 3334.506947][T15548] CPU: 0 PID: 15548 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3334.509565][T15537] bridge3199: port 1(bridge_slave_1) entered blocking state [ 3334.517129][T15548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3334.517147][T15548] Call Trace: [ 3334.517155][T15548] [ 3334.517166][T15548] dump_stack_lvl+0xcd/0x134 [ 3334.525415][T15537] bridge3199: port 1(bridge_slave_1) entered disabled state [ 3334.534519][T15548] dump_header+0x10b/0x7f9 [ 3334.534561][T15548] oom_kill_process.cold+0x10/0x15 [ 3334.534592][T15548] out_of_memory+0x358/0x14a0 [ 3334.534626][T15548] ? find_held_lock+0x2d/0x110 [ 3334.571643][T15548] ? oom_killer_disable+0x270/0x270 [ 3334.576874][T15548] ? find_held_lock+0x2d/0x110 [ 3334.581664][T15548] mem_cgroup_out_of_memory+0x206/0x270 [ 3334.584089][T15538] bond0: (slave bridge3199): Enslaving as an active interface with an up link [ 3334.587217][T15548] ? mem_cgroup_margin+0x130/0x130 [ 3334.587248][T15548] ? lock_downgrade+0x6e0/0x6e0 [ 3334.587290][T15548] try_charge_memcg+0xf67/0x13f0 [ 3334.611122][T15548] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3334.616914][T15551] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3334.617126][T15548] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3334.632142][T15548] ? lock_downgrade+0x6e0/0x6e0 [ 3334.637060][T15548] obj_cgroup_charge+0x2ab/0x5e0 [ 3334.642037][T15548] ? __anon_vma_prepare+0x2d6/0x560 [ 3334.647263][T15548] kmem_cache_alloc+0x96/0x3b0 [ 3334.652054][T15548] __anon_vma_prepare+0x2d6/0x560 [ 3334.657124][T15548] ? __pmd_alloc+0x2ff/0x5c0 [ 3334.661752][T15548] __handle_mm_fault+0x340e/0x39b0 [ 3334.666908][T15548] ? vm_iomap_memory+0x190/0x190 [ 3334.671906][T15548] handle_mm_fault+0x1c8/0x780 [ 3334.676708][T15548] do_user_addr_fault+0x475/0x1210 [ 3334.678364][T15551] bridge1299: port 1(bridge_slave_1) entered disabled state [ 3334.681848][T15548] exc_page_fault+0x94/0x170 [ 3334.681888][T15548] asm_exc_page_fault+0x22/0x30 [ 3334.698593][T15548] RIP: 0033:0x7f98a3484695 [ 3334.703020][T15548] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 03:15:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400b83f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:56 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0xf0ffff, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) [ 3334.722641][T15548] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3334.728808][T15548] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3334.736785][T15548] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3334.744766][T15548] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3334.752748][T15548] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032e120 [ 3334.760726][T15548] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3334.768724][T15548] [ 3334.808440][T15551] bridge1300: port 1(bridge_slave_1) entered blocking state [ 3334.816058][T15548] memory: usage 307188kB, limit 307200kB, failcnt 29705 [ 3334.816250][T15551] bridge1300: port 1(bridge_slave_1) entered disabled state [ 3334.825705][T15548] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3334.846933][T15548] Memory cgroup stats for /syz0: [ 3334.847116][T15548] anon 126976 [ 3334.847116][T15548] file 319488 [ 3334.847116][T15548] kernel 314114048 [ 3334.847116][T15548] kernel_stack 65536 [ 3334.847116][T15548] pagetables 81920 [ 3334.847116][T15548] percpu 5425088 [ 3334.847116][T15548] sock 0 [ 3334.847116][T15548] vmalloc 0 [ 3334.847116][T15548] shmem 319488 [ 3334.847116][T15548] zswap 0 [ 3334.847116][T15548] zswapped 0 [ 3334.847116][T15548] file_mapped 303104 [ 3334.847116][T15548] file_dirty 0 [ 3334.847116][T15548] file_writeback 0 [ 3334.847116][T15548] swapcached 0 [ 3334.847116][T15548] anon_thp 0 [ 3334.847116][T15548] file_thp 0 [ 3334.847116][T15548] shmem_thp 0 [ 3334.847116][T15548] inactive_anon 131072 [ 3334.847116][T15548] active_anon 315392 [ 3334.847116][T15548] inactive_file 0 [ 3334.847116][T15548] active_file 0 [ 3334.847116][T15548] unevictable 0 [ 3334.847116][T15548] slab_reclaimable 226056 [ 3334.847116][T15548] slab_unreclaimable 308279320 [ 3334.847116][T15548] slab 308505376 03:15:56 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000d80b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3334.964623][T15548] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0 [ 3334.965465][T15545] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3334.984344][T15548] ,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15548,uid=0 [ 3334.995855][T15548] Memory cgroup out of memory: Killed process 15548 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3335.089872][T15561] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3335.100962][T15546] bridge4148: port 1(bridge_slave_1) entered disabled state [ 3335.114709][T15561] CPU: 1 PID: 15561 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3335.124892][T15561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3335.134951][T15561] Call Trace: [ 3335.138251][T15561] [ 3335.141183][T15561] dump_stack_lvl+0xcd/0x134 [ 3335.145794][T15561] dump_header+0x10b/0x7f9 [ 3335.150216][T15561] oom_kill_process.cold+0x10/0x15 [ 3335.155327][T15561] out_of_memory+0x358/0x14a0 [ 3335.160027][T15561] ? find_held_lock+0x2d/0x110 [ 3335.164822][T15561] ? oom_killer_disable+0x270/0x270 [ 3335.170031][T15561] ? find_held_lock+0x2d/0x110 [ 3335.174818][T15561] mem_cgroup_out_of_memory+0x206/0x270 [ 3335.180382][T15561] ? mem_cgroup_margin+0x130/0x130 [ 3335.185504][T15561] ? lock_downgrade+0x6e0/0x6e0 [ 3335.190394][T15561] try_charge_memcg+0xf67/0x13f0 [ 3335.195355][T15561] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3335.201356][T15561] ? lock_downgrade+0x6e0/0x6e0 [ 3335.206234][T15561] charge_memcg+0x31/0x320 [ 3335.210670][T15561] __mem_cgroup_charge+0x27/0x90 [ 3335.215624][T15561] ? _compound_head+0x5d/0x150 [ 3335.220407][T15561] __handle_mm_fault+0x17df/0x39b0 [ 3335.225538][T15561] ? vm_iomap_memory+0x190/0x190 [ 3335.230513][T15561] handle_mm_fault+0x1c8/0x780 [ 3335.235300][T15561] do_user_addr_fault+0x475/0x1210 [ 3335.240439][T15561] exc_page_fault+0x94/0x170 [ 3335.245048][T15561] asm_exc_page_fault+0x22/0x30 [ 3335.249907][T15561] RIP: 0033:0x7ff38a42f20c [ 3335.254332][T15561] Code: c0 e8 88 65 ff ff b8 ff ff ff ff e9 33 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 54 31 c0 55 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 08 48 0a 00 48 89 34 24 48 8b 14 24 48 8b [ 3335.273989][T15561] RSP: 002b:00007ff38b5040e0 EFLAGS: 00010202 [ 3335.280074][T15561] RAX: 0000000000000000 RBX: 00007ff38a59bf80 RCX: 0000000000000000 [ 3335.288057][T15561] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000200005c0 [ 3335.296037][T15561] RBP: 00007ff38a4e3189 R08: 0000000000000000 R09: 0000000000000000 [ 3335.304044][T15561] R10: 00000000200005c0 R11: 0000000000000000 R12: 0000000000000000 [ 3335.312027][T15561] R13: 00007ffe54c817cf R14: 00007ff38b505300 R15: 0000000000022000 [ 3335.320030][T15561] [ 3335.326498][T15561] memory: usage 307192kB, limit 307200kB, failcnt 6016 [ 3335.343668][T15561] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3335.352591][T15561] Memory cgroup stats for /syz2: [ 3335.352794][T15561] anon 135168 [ 3335.352794][T15561] file 360448 [ 3335.352794][T15561] kernel 314064896 [ 3335.352794][T15561] kernel_stack 65536 [ 3335.352794][T15561] pagetables 77824 [ 3335.352794][T15561] percpu 5433376 [ 3335.352794][T15561] sock 0 [ 3335.352794][T15561] vmalloc 0 [ 3335.352794][T15561] shmem 356352 [ 3335.352794][T15561] zswap 0 [ 3335.352794][T15561] zswapped 0 03:15:56 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000003d2000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3335.352794][T15561] file_mapped 356352 [ 3335.352794][T15561] file_dirty 4096 [ 3335.352794][T15561] file_writeback 0 [ 3335.352794][T15561] swapcached 0 [ 3335.352794][T15561] anon_thp 0 [ 3335.352794][T15561] file_thp 0 [ 3335.352794][T15561] shmem_thp 0 [ 3335.352794][T15561] inactive_anon 192512 [ 3335.352794][T15561] active_anon 299008 [ 3335.352794][T15561] inactive_file 4096 [ 3335.352794][T15561] active_file 0 [ 3335.352794][T15561] unevictable 0 [ 3335.352794][T15561] slab_reclaimable 58856 [ 3335.352794][T15561] slab_unreclaimable 308390480 [ 3335.352794][T15561] slab 308449336 [ 3335.444757][T15553] bond0: (slave bridge1300): Enslaving as an active interface with an up link [ 3335.453362][T15561] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15560,uid=0 [ 3335.472896][T15561] Memory cgroup out of memory: Killed process 15560 (syz-executor.2) total-vm:54508kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 03:15:56 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000c80b0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:56 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400b13f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3335.497358][T15565] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3335.524176][T15562] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3335.537870][T15562] CPU: 1 PID: 15562 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3335.548069][T15562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3335.558156][T15562] Call Trace: [ 3335.561454][T15562] [ 3335.564408][T15562] dump_stack_lvl+0xcd/0x134 [ 3335.569038][T15562] dump_header+0x10b/0x7f9 [ 3335.573503][T15562] oom_kill_process.cold+0x10/0x15 [ 3335.578660][T15562] out_of_memory+0x358/0x14a0 [ 3335.583367][T15562] ? oom_killer_disable+0x270/0x270 [ 3335.588591][T15562] ? find_held_lock+0x2d/0x110 [ 3335.593402][T15562] mem_cgroup_out_of_memory+0x206/0x270 [ 3335.598966][T15562] ? mem_cgroup_margin+0x130/0x130 [ 3335.604116][T15562] ? lock_downgrade+0x6e0/0x6e0 [ 3335.608994][T15562] try_charge_memcg+0xf67/0x13f0 [ 3335.613966][T15562] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3335.619958][T15562] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3335.625685][T15562] ? lock_downgrade+0x6e0/0x6e0 [ 3335.630571][T15562] obj_cgroup_charge+0x2ab/0x5e0 [ 3335.635522][T15562] ? __anon_vma_prepare+0x2d6/0x560 [ 3335.640736][T15562] kmem_cache_alloc+0x96/0x3b0 [ 3335.645514][T15562] __anon_vma_prepare+0x2d6/0x560 [ 3335.650560][T15562] ? __pmd_alloc+0x2ff/0x5c0 [ 3335.655163][T15562] __handle_mm_fault+0x340e/0x39b0 [ 3335.660291][T15562] ? vm_iomap_memory+0x190/0x190 [ 3335.665261][T15562] handle_mm_fault+0x1c8/0x780 [ 3335.670039][T15562] do_user_addr_fault+0x475/0x1210 [ 3335.675203][T15562] exc_page_fault+0x94/0x170 [ 3335.679809][T15562] asm_exc_page_fault+0x22/0x30 [ 3335.684666][T15562] RIP: 0033:0x7f98a3484695 [ 3335.689128][T15562] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3335.708753][T15562] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3335.714874][T15562] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3335.722858][T15562] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3335.730843][T15562] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3335.738822][T15562] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032e3b1 03:15:57 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000e00b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3335.746801][T15562] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3335.754798][T15562] [ 3335.802823][T15557] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3335.832634][T15562] memory: usage 307200kB, limit 307200kB, failcnt 29765 [ 3335.846490][T15562] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3335.862382][T15562] Memory cgroup stats for /syz0: [ 3335.862608][T15562] anon 126976 [ 3335.862608][T15562] file 319488 [ 3335.862608][T15562] kernel 314126336 [ 3335.862608][T15562] kernel_stack 65536 [ 3335.862608][T15562] pagetables 81920 [ 3335.862608][T15562] percpu 5425088 [ 3335.862608][T15562] sock 0 [ 3335.862608][T15562] vmalloc 0 [ 3335.862608][T15562] shmem 319488 [ 3335.862608][T15562] zswap 0 [ 3335.862608][T15562] zswapped 0 [ 3335.862608][T15562] file_mapped 303104 [ 3335.862608][T15562] file_dirty 0 [ 3335.862608][T15562] file_writeback 0 [ 3335.862608][T15562] swapcached 0 [ 3335.862608][T15562] anon_thp 0 [ 3335.862608][T15562] file_thp 0 [ 3335.862608][T15562] shmem_thp 0 [ 3335.862608][T15562] inactive_anon 131072 [ 3335.862608][T15562] active_anon 315392 [ 3335.862608][T15562] inactive_file 0 [ 3335.862608][T15562] active_file 0 [ 3335.862608][T15562] unevictable 0 [ 3335.862608][T15562] slab_reclaimable 226056 [ 3335.862608][T15562] slab_unreclaimable 308290720 [ 3335.862608][T15562] slab 308516776 [ 3335.967695][T15562] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15562,uid=0 [ 3335.983535][T15558] bridge3199: port 1(bridge_slave_1) entered disabled state [ 3335.995945][T15562] Memory cgroup out of memory: Killed process 15562 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3336.014249][T15558] bridge3200: port 1(bridge_slave_1) entered blocking state [ 3336.015385][T15574] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3336.029498][T15558] bridge3200: port 1(bridge_slave_1) entered disabled state [ 3336.033008][T15574] CPU: 1 PID: 15574 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3336.049755][T15574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3336.059828][T15574] Call Trace: [ 3336.063114][T15574] [ 3336.066052][T15574] dump_stack_lvl+0xcd/0x134 [ 3336.070664][T15574] dump_header+0x10b/0x7f9 [ 3336.075098][T15574] oom_kill_process.cold+0x10/0x15 [ 3336.080229][T15574] out_of_memory+0x358/0x14a0 [ 3336.084926][T15574] ? oom_killer_disable+0x270/0x270 [ 3336.090146][T15574] ? find_held_lock+0x2d/0x110 [ 3336.094926][T15574] mem_cgroup_out_of_memory+0x206/0x270 [ 3336.100492][T15574] ? mem_cgroup_margin+0x130/0x130 [ 3336.105902][T15574] ? lock_downgrade+0x6e0/0x6e0 [ 3336.110778][T15574] try_charge_memcg+0xf67/0x13f0 [ 3336.115740][T15574] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3336.121732][T15574] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3336.127460][T15574] ? lock_downgrade+0x6e0/0x6e0 [ 3336.132324][T15574] ? lock_downgrade+0x6e0/0x6e0 [ 3336.137201][T15574] ? rcu_read_unlock+0x9/0x60 [ 3336.141919][T15574] obj_cgroup_charge+0x2ab/0x5e0 [ 3336.146960][T15574] ? copy_process+0x4ce/0x7090 [ 3336.151732][T15574] kmem_cache_alloc_node+0x92/0x3f0 [ 3336.156957][T15574] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3336.162176][T15574] copy_process+0x4ce/0x7090 [ 3336.166784][T15574] ? __lock_acquire+0xbc3/0x56d0 [ 3336.171743][T15574] ? __cleanup_sighand+0xb0/0xb0 [ 3336.176710][T15574] kernel_clone+0xe7/0xab0 [ 3336.181135][T15574] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3336.187129][T15574] ? create_io_thread+0xe0/0xe0 [ 3336.191998][T15574] ? find_held_lock+0x2d/0x110 [ 3336.196865][T15574] ? __ct_user_exit+0xff/0x150 [ 3336.201647][T15574] __do_sys_clone+0xba/0x100 [ 3336.206247][T15574] ? kernel_clone+0xab0/0xab0 [ 3336.210946][T15574] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3336.216855][T15574] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3336.222798][T15574] do_syscall_64+0x35/0xb0 [ 3336.227338][T15574] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3336.233249][T15574] RIP: 0033:0x7ff38a48a6a1 [ 3336.237673][T15574] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3336.257296][T15574] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 03:15:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3336.265717][T15574] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3336.273727][T15574] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3336.282499][T15574] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3336.290488][T15574] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3336.298485][T15574] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3336.306506][T15574] [ 3336.336560][T15574] memory: usage 307200kB, limit 307200kB, failcnt 6064 [ 3336.344908][T15574] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3336.368425][T15574] Memory cgroup stats for /syz2: [ 3336.368662][T15574] anon 147456 [ 3336.368662][T15574] file 360448 [ 3336.368662][T15574] kernel 314064896 [ 3336.368662][T15574] kernel_stack 65536 [ 3336.368662][T15574] pagetables 81920 [ 3336.368662][T15574] percpu 5433376 [ 3336.368662][T15574] sock 0 [ 3336.368662][T15574] vmalloc 0 [ 3336.368662][T15574] shmem 356352 [ 3336.368662][T15574] zswap 0 [ 3336.368662][T15574] zswapped 0 [ 3336.368662][T15574] file_mapped 356352 [ 3336.368662][T15574] file_dirty 4096 [ 3336.368662][T15574] file_writeback 0 [ 3336.368662][T15574] swapcached 0 [ 3336.368662][T15574] anon_thp 0 [ 3336.368662][T15574] file_thp 0 [ 3336.368662][T15574] shmem_thp 0 [ 3336.368662][T15574] inactive_anon 204800 [ 3336.368662][T15574] active_anon 299008 [ 3336.368662][T15574] inactive_file 0 [ 3336.368662][T15574] active_file 4096 [ 3336.368662][T15574] unevictable 0 [ 3336.368662][T15574] slab_reclaimable 58856 [ 3336.368662][T15574] slab_unreclaimable 308391408 [ 3336.368662][T15574] slab 308450264 [ 3336.468288][T15574] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15574,uid=0 [ 3336.516762][T15559] bond0: (slave bridge3200): Enslaving as an active interface with an up link [ 3336.526456][T15574] Memory cgroup out of memory: Killed process 15574 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3336.553533][T15568] bridge4149: port 1(bridge_slave_1) entered blocking state 03:15:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3336.557153][T15579] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3336.566742][T15568] bridge4149: port 1(bridge_slave_1) entered disabled state [ 3336.592663][T15579] CPU: 0 PID: 15579 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3336.602861][T15579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3336.613201][T15579] Call Trace: [ 3336.616587][T15579] [ 3336.619547][T15579] dump_stack_lvl+0xcd/0x134 [ 3336.624171][T15579] dump_header+0x10b/0x7f9 [ 3336.628624][T15579] oom_kill_process.cold+0x10/0x15 [ 3336.632978][T15582] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3336.633757][T15579] out_of_memory+0x358/0x14a0 [ 3336.647732][T15579] ? oom_killer_disable+0x270/0x270 [ 3336.652969][T15579] ? find_held_lock+0x2d/0x110 [ 3336.657770][T15579] mem_cgroup_out_of_memory+0x206/0x270 [ 3336.663342][T15579] ? mem_cgroup_margin+0x130/0x130 [ 3336.668479][T15579] ? lock_downgrade+0x6e0/0x6e0 [ 3336.673372][T15579] try_charge_memcg+0xf67/0x13f0 [ 3336.677608][T15572] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3336.678324][T15579] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3336.693617][T15579] ? lock_downgrade+0x6e0/0x6e0 [ 3336.698519][T15579] charge_memcg+0x31/0x320 [ 3336.702972][T15579] __mem_cgroup_charge+0x27/0x90 [ 3336.707931][T15579] ? _compound_head+0x5d/0x150 [ 3336.712742][T15579] wp_page_copy+0x27c/0x1b60 [ 3336.717371][T15579] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3336.722129][T15573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3336.722831][T15579] ? lock_downgrade+0x6e0/0x6e0 [ 3336.722863][T15579] ? vm_normal_page+0x146/0x2a0 [ 3336.722905][T15579] do_wp_page+0x1d1/0x1910 [ 3336.746336][T15579] __handle_mm_fault+0x1813/0x39b0 [ 3336.751482][T15579] ? vm_iomap_memory+0x190/0x190 [ 3336.756473][T15579] handle_mm_fault+0x1c8/0x780 [ 3336.761273][T15579] do_user_addr_fault+0x475/0x1210 [ 3336.766418][T15579] exc_page_fault+0x94/0x170 [ 3336.771135][T15579] asm_exc_page_fault+0x22/0x30 [ 3336.776030][T15579] RIP: 0033:0x7f98a34374b0 [ 3336.780466][T15579] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3336.786133][T15571] bridge4149: port 1(bridge_slave_1) entered blocking state [ 3336.800093][T15579] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3336.800121][T15579] RAX: 000000002feed7de RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3336.800138][T15579] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000a19aef0 [ 3336.800155][T15579] RBP: 000000002feed7de R08: 00000000000017de R09: 000000002feed7e2 [ 3336.800171][T15579] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3336.800185][T15579] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83bb623b [ 3336.800200][T15579] ? security_socket_create+0x3b/0xc0 [ 3336.807677][T15571] bridge4149: port 1(bridge_slave_1) entered forwarding state [ 3336.813638][T15579] [ 3336.874891][T15579] memory: usage 307188kB, limit 307200kB, failcnt 29794 [ 3336.880035][T15571] bond0: (slave bridge4149): Enslaving as an active interface with an up link [ 3336.882046][T15579] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3336.898267][T15579] Memory cgroup stats for /syz0: [ 3336.898479][T15579] anon 122880 [ 3336.898479][T15579] file 319488 [ 3336.898479][T15579] kernel 314118144 [ 3336.898479][T15579] kernel_stack 65536 [ 3336.898479][T15579] pagetables 73728 [ 3336.898479][T15579] percpu 5425088 [ 3336.898479][T15579] sock 0 [ 3336.898479][T15579] vmalloc 0 [ 3336.898479][T15579] shmem 319488 [ 3336.898479][T15579] zswap 0 [ 3336.898479][T15579] zswapped 0 [ 3336.898479][T15579] file_mapped 303104 [ 3336.898479][T15579] file_dirty 0 [ 3336.898479][T15579] file_writeback 0 [ 3336.898479][T15579] swapcached 0 [ 3336.898479][T15579] anon_thp 0 [ 3336.898479][T15579] file_thp 0 [ 3336.898479][T15579] shmem_thp 0 [ 3336.898479][T15579] inactive_anon 118784 [ 3336.898479][T15579] active_anon 315392 [ 3336.898479][T15579] inactive_file 0 [ 3336.898479][T15579] active_file 0 [ 3336.898479][T15579] unevictable 0 [ 3336.898479][T15579] slab_reclaimable 224128 [ 3336.898479][T15579] slab_unreclaimable 308289952 [ 3336.898479][T15579] slab 308514080 [ 3336.904106][T15575] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 03:15:58 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000003da000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:15:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:58 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400ac3f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3337.008652][T15579] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15579,uid=0 [ 3337.026492][T15579] Memory cgroup out of memory: Killed process 15579 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3337.058302][T15576] bridge1300: port 1(bridge_slave_1) entered disabled state [ 3337.100783][T15576] bridge1301: port 1(bridge_slave_1) entered blocking state [ 3337.128771][T15576] bridge1301: port 1(bridge_slave_1) entered disabled state [ 3337.137240][T15586] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3337.148209][T15586] CPU: 1 PID: 15586 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3337.158403][T15586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3337.168483][T15586] Call Trace: [ 3337.171769][T15586] [ 3337.174718][T15586] dump_stack_lvl+0xcd/0x134 [ 3337.179370][T15586] dump_header+0x10b/0x7f9 [ 3337.183805][T15586] oom_kill_process.cold+0x10/0x15 [ 3337.188949][T15586] out_of_memory+0x358/0x14a0 [ 3337.193668][T15586] ? find_held_lock+0x2d/0x110 [ 3337.198503][T15586] ? oom_killer_disable+0x270/0x270 [ 3337.203736][T15586] ? find_held_lock+0x2d/0x110 [ 3337.208530][T15586] mem_cgroup_out_of_memory+0x206/0x270 [ 3337.214124][T15586] ? mem_cgroup_margin+0x130/0x130 [ 3337.219257][T15586] ? lock_downgrade+0x6e0/0x6e0 [ 3337.224144][T15586] try_charge_memcg+0xf67/0x13f0 [ 3337.229121][T15586] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3337.235119][T15586] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3337.240860][T15586] ? lock_downgrade+0x6e0/0x6e0 [ 3337.245767][T15586] obj_cgroup_charge+0x2ab/0x5e0 [ 3337.246273][T15578] bond0: (slave bridge1301): Enslaving as an active interface with an up link [ 3337.250725][T15586] ? __anon_vma_prepare+0x2d6/0x560 [ 3337.250756][T15586] kmem_cache_alloc+0x96/0x3b0 [ 3337.250787][T15586] __anon_vma_prepare+0x2d6/0x560 [ 3337.250810][T15586] ? __pmd_alloc+0x2ff/0x5c0 [ 3337.250839][T15586] __handle_mm_fault+0x340e/0x39b0 [ 3337.250873][T15586] ? vm_iomap_memory+0x190/0x190 [ 3337.250926][T15586] handle_mm_fault+0x1c8/0x780 [ 3337.250957][T15586] do_user_addr_fault+0x475/0x1210 03:15:58 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400b13f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3337.299309][T15586] exc_page_fault+0x94/0x170 [ 3337.303934][T15586] asm_exc_page_fault+0x22/0x30 [ 3337.308804][T15586] RIP: 0033:0x7f98a3484695 [ 3337.313244][T15586] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3337.332338][T15582] bridge3200: port 1(bridge_slave_1) entered disabled state [ 3337.332851][T15586] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 03:15:58 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000e80b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3337.346248][T15586] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3337.354251][T15586] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3337.362252][T15586] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3337.370261][T15586] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032eb90 [ 3337.378263][T15586] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3337.390304][T15586] [ 3337.407142][T15586] memory: usage 307200kB, limit 307200kB, failcnt 29847 [ 3337.414781][T15586] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3337.426214][T15586] Memory cgroup stats for /syz0: [ 3337.426379][T15586] anon 126976 [ 3337.426379][T15586] file 319488 [ 3337.426379][T15586] kernel 314126336 [ 3337.426379][T15586] kernel_stack 65536 [ 3337.426379][T15586] pagetables 81920 [ 3337.426379][T15586] percpu 5425088 [ 3337.426379][T15586] sock 0 [ 3337.426379][T15586] vmalloc 0 [ 3337.426379][T15586] shmem 319488 [ 3337.426379][T15586] zswap 0 [ 3337.426379][T15586] zswapped 0 [ 3337.426379][T15586] file_mapped 303104 [ 3337.426379][T15586] file_dirty 0 [ 3337.426379][T15586] file_writeback 0 [ 3337.426379][T15586] swapcached 0 [ 3337.426379][T15586] anon_thp 0 [ 3337.426379][T15586] file_thp 0 [ 3337.426379][T15586] shmem_thp 0 [ 3337.426379][T15586] inactive_anon 131072 [ 3337.426379][T15586] active_anon 315392 [ 3337.426379][T15586] inactive_file 0 [ 3337.426379][T15586] active_file 0 [ 3337.426379][T15586] unevictable 0 [ 3337.426379][T15586] slab_reclaimable 226056 [ 3337.426379][T15586] slab_unreclaimable 308290720 [ 3337.426379][T15586] slab 308516776 [ 3337.434839][T15582] bridge3201: port 1(bridge_slave_1) entered blocking state [ 3337.531219][T15586] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15586,uid=0 [ 3337.561942][T15582] bridge3201: port 1(bridge_slave_1) entered disabled state [ 3337.568892][T15586] Memory cgroup out of memory: Killed process 15586 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:15:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:15:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000a20000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3337.623212][T15590] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3337.659014][T15598] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3337.680228][T15598] CPU: 1 PID: 15598 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3337.690443][T15598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3337.700583][T15598] Call Trace: [ 3337.704062][T15598] [ 3337.707016][T15598] dump_stack_lvl+0xcd/0x134 [ 3337.711644][T15598] dump_header+0x10b/0x7f9 [ 3337.716103][T15598] oom_kill_process.cold+0x10/0x15 [ 3337.721262][T15598] out_of_memory+0x358/0x14a0 [ 3337.725976][T15598] ? find_held_lock+0x2d/0x110 [ 3337.730802][T15598] ? oom_killer_disable+0x270/0x270 [ 3337.736070][T15598] ? find_held_lock+0x2d/0x110 [ 3337.740877][T15598] mem_cgroup_out_of_memory+0x206/0x270 [ 3337.746460][T15598] ? mem_cgroup_margin+0x130/0x130 [ 3337.751621][T15598] ? lock_downgrade+0x6e0/0x6e0 [ 3337.756530][T15598] try_charge_memcg+0xf67/0x13f0 [ 3337.761509][T15598] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3337.767521][T15598] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3337.773260][T15598] ? lock_downgrade+0x6e0/0x6e0 [ 3337.778134][T15598] ? lock_downgrade+0x6e0/0x6e0 [ 3337.783037][T15598] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3337.788617][T15598] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3337.794792][T15598] copy_process+0x607/0x7090 [ 3337.799403][T15598] ? __lock_acquire+0xbc3/0x56d0 [ 3337.804360][T15598] ? __cleanup_sighand+0xb0/0xb0 [ 3337.809324][T15598] kernel_clone+0xe7/0xab0 [ 3337.813752][T15598] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3337.819740][T15598] ? create_io_thread+0xe0/0xe0 [ 3337.824607][T15598] ? find_held_lock+0x2d/0x110 [ 3337.829383][T15598] ? __ct_user_exit+0xff/0x150 [ 3337.834160][T15598] __do_sys_clone+0xba/0x100 [ 3337.838765][T15598] ? kernel_clone+0xab0/0xab0 [ 3337.843472][T15598] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3337.849380][T15598] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3337.855293][T15598] do_syscall_64+0x35/0xb0 [ 3337.859718][T15598] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3337.865710][T15598] RIP: 0033:0x7ff38a48a6a1 [ 3337.870563][T15598] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3337.890262][T15598] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3337.898696][T15598] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3337.906682][T15598] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3337.914655][T15598] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3337.922628][T15598] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3337.930600][T15598] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3337.938593][T15598] [ 3337.969626][T15598] memory: usage 307200kB, limit 307200kB, failcnt 6144 [ 3337.976658][T15598] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3337.984218][T15598] Memory cgroup stats for /syz2: [ 3337.984440][T15598] anon 147456 [ 3337.984440][T15598] file 360448 [ 3337.984440][T15598] kernel 314064896 [ 3337.984440][T15598] kernel_stack 65536 [ 3337.984440][T15598] pagetables 81920 [ 3337.984440][T15598] percpu 5433376 [ 3337.984440][T15598] sock 0 [ 3337.984440][T15598] vmalloc 0 [ 3337.984440][T15598] shmem 356352 [ 3337.984440][T15598] zswap 0 [ 3337.984440][T15598] zswapped 0 [ 3337.984440][T15598] file_mapped 356352 [ 3337.984440][T15598] file_dirty 4096 [ 3337.984440][T15598] file_writeback 0 [ 3337.984440][T15598] swapcached 0 [ 3337.984440][T15598] anon_thp 0 [ 3337.984440][T15598] file_thp 0 [ 3337.984440][T15598] shmem_thp 0 [ 3337.984440][T15598] inactive_anon 204800 [ 3337.984440][T15598] active_anon 299008 [ 3337.984440][T15598] inactive_file 0 [ 3337.984440][T15598] active_file 4096 [ 3337.984440][T15598] unevictable 0 [ 3337.984440][T15598] slab_reclaimable 58856 [ 3337.984440][T15598] slab_unreclaimable 308387568 [ 3337.984440][T15598] slab 308446424 [ 3338.027262][T15592] bridge4149: port 1(bridge_slave_1) entered disabled state [ 3338.104012][T15598] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15598,uid=0 [ 3338.116103][T15592] bridge4150: port 1(bridge_slave_1) entered blocking state [ 3338.127763][T15592] bridge4150: port 1(bridge_slave_1) entered disabled state [ 3338.127904][T15598] Memory cgroup out of memory: Killed process 15598 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3338.147472][T15593] bridge2554: port 1(bridge_slave_1) entered disabled state [ 3338.182287][T15593] bridge2556: port 1(bridge_slave_1) entered blocking state [ 3338.190900][T15593] bridge2556: port 1(bridge_slave_1) entered disabled state [ 3338.207140][T15603] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 3338.225090][T15594] bridge4150: port 1(bridge_slave_1) entered blocking state [ 3338.230094][T15603] CPU: 1 PID: 15603 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3338.232548][T15594] bridge4150: port 1(bridge_slave_1) entered forwarding state [ 3338.242539][T15603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3338.242556][T15603] Call Trace: [ 3338.242563][T15603] [ 3338.242573][T15603] dump_stack_lvl+0xcd/0x134 [ 3338.242608][T15603] dump_header+0x10b/0x7f9 [ 3338.275442][T15603] oom_kill_process.cold+0x10/0x15 [ 3338.280601][T15603] out_of_memory+0x358/0x14a0 [ 3338.285424][T15603] ? find_held_lock+0x2d/0x110 [ 3338.287106][T15594] bond0: (slave bridge4150): Enslaving as an active interface with an up link [ 3338.290200][T15603] ? oom_killer_disable+0x270/0x270 [ 3338.290238][T15603] ? find_held_lock+0x2d/0x110 [ 3338.290265][T15603] mem_cgroup_out_of_memory+0x206/0x270 [ 3338.290293][T15603] ? mem_cgroup_margin+0x130/0x130 [ 3338.290320][T15603] ? lock_downgrade+0x6e0/0x6e0 [ 3338.290361][T15603] try_charge_memcg+0xf67/0x13f0 [ 3338.330096][T15603] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3338.336102][T15603] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3338.341832][T15603] ? lock_downgrade+0x6e0/0x6e0 [ 3338.346711][T15603] ? lock_downgrade+0x6e0/0x6e0 [ 3338.351592][T15603] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3338.357259][T15603] __alloc_pages+0x1ef/0x510 [ 3338.361870][T15603] ? __alloc_pages_slowpath.constprop.0+0x2240/0x2240 [ 3338.368660][T15603] ? find_held_lock+0x2d/0x110 [ 3338.373450][T15603] alloc_pages+0x1a6/0x270 [ 3338.377892][T15603] pte_alloc_one+0x16/0x230 [ 3338.382422][T15603] __pte_alloc+0x69/0x250 [ 3338.386769][T15603] ? pmd_install+0x150/0x150 [ 3338.391381][T15603] ? hugepage_vma_check+0x44e/0x780 [ 3338.396614][T15603] ? __pmd_alloc+0x2ff/0x5c0 [ 3338.401226][T15603] __handle_mm_fault+0x310b/0x39b0 [ 3338.406360][T15603] ? vm_iomap_memory+0x190/0x190 [ 3338.411358][T15603] handle_mm_fault+0x1c8/0x780 [ 3338.416159][T15603] do_user_addr_fault+0x475/0x1210 [ 3338.421331][T15603] exc_page_fault+0x94/0x170 [ 3338.425949][T15603] asm_exc_page_fault+0x22/0x30 [ 3338.430811][T15603] RIP: 0033:0x7f98a3484695 [ 3338.435254][T15603] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3338.454927][T15603] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3338.461021][T15603] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3338.469007][T15603] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3338.476993][T15603] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3338.484969][T15603] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032efa9 [ 3338.492944][T15603] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3338.500939][T15603] 03:15:59 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000f3594de1000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3338.524237][T15603] memory: usage 307200kB, limit 307200kB, failcnt 29914 [ 3338.537272][T15603] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3338.555762][T15603] Memory cgroup stats for /syz0: [ 3338.555948][T15603] anon 126976 [ 3338.555948][T15603] file 319488 [ 3338.555948][T15603] kernel 314126336 [ 3338.555948][T15603] kernel_stack 65536 [ 3338.555948][T15603] pagetables 77824 [ 3338.555948][T15603] percpu 5425088 [ 3338.555948][T15603] sock 0 [ 3338.555948][T15603] vmalloc 0 [ 3338.555948][T15603] shmem 319488 [ 3338.555948][T15603] zswap 0 [ 3338.555948][T15603] zswapped 0 [ 3338.555948][T15603] file_mapped 303104 [ 3338.555948][T15603] file_dirty 0 [ 3338.555948][T15603] file_writeback 0 [ 3338.555948][T15603] swapcached 0 [ 3338.555948][T15603] anon_thp 0 [ 3338.555948][T15603] file_thp 0 [ 3338.555948][T15603] shmem_thp 0 [ 3338.555948][T15603] inactive_anon 131072 03:15:59 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400ac3f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3338.555948][T15603] active_anon 315392 [ 3338.555948][T15603] inactive_file 0 [ 3338.555948][T15603] active_file 0 [ 3338.555948][T15603] unevictable 0 [ 3338.555948][T15603] slab_reclaimable 226056 [ 3338.555948][T15603] slab_unreclaimable 308290600 [ 3338.555948][T15603] slab 308516656 [ 3338.588379][T15595] bond0: (slave bridge2556): Enslaving as an active interface with an up link 03:16:00 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:16:00 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000f00b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3338.716131][T15603] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15603,uid=0 [ 3338.733141][T15603] Memory cgroup out of memory: Killed process 15603 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3338.748310][T15601] bridge1301: port 1(bridge_slave_1) entered disabled state [ 3338.804352][T15601] bridge1302: port 1(bridge_slave_1) entered blocking state [ 3338.816213][T15615] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3338.827855][T15601] bridge1302: port 1(bridge_slave_1) entered disabled state [ 3338.834421][T15615] CPU: 0 PID: 15615 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3338.845325][T15615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3338.855405][T15615] Call Trace: [ 3338.858705][T15615] [ 3338.861653][T15615] dump_stack_lvl+0xcd/0x134 [ 3338.866270][T15615] dump_header+0x10b/0x7f9 [ 3338.870713][T15615] oom_kill_process.cold+0x10/0x15 [ 3338.875953][T15615] out_of_memory+0x358/0x14a0 [ 3338.880670][T15615] ? find_held_lock+0x2d/0x110 [ 3338.885544][T15615] ? oom_killer_disable+0x270/0x270 [ 3338.890760][T15615] ? find_held_lock+0x2d/0x110 [ 3338.895547][T15615] mem_cgroup_out_of_memory+0x206/0x270 [ 3338.901103][T15615] ? mem_cgroup_margin+0x130/0x130 [ 3338.906225][T15615] ? lock_downgrade+0x6e0/0x6e0 [ 3338.911099][T15615] try_charge_memcg+0xf67/0x13f0 [ 3338.916052][T15615] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3338.922312][T15615] ? lock_downgrade+0x6e0/0x6e0 [ 3338.927184][T15615] charge_memcg+0x31/0x320 [ 3338.931634][T15615] __mem_cgroup_charge+0x27/0x90 [ 3338.936580][T15615] ? _compound_head+0x5d/0x150 [ 3338.941444][T15615] wp_page_copy+0x27c/0x1b60 [ 3338.946052][T15615] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3338.951515][T15615] ? lock_downgrade+0x6e0/0x6e0 [ 3338.956381][T15615] ? vm_normal_page+0x146/0x2a0 [ 3338.961253][T15615] do_wp_page+0x52c/0x1910 [ 3338.965684][T15615] __handle_mm_fault+0x1813/0x39b0 [ 3338.970811][T15615] ? vm_iomap_memory+0x190/0x190 [ 3338.975781][T15615] handle_mm_fault+0x1c8/0x780 [ 3338.980560][T15615] do_user_addr_fault+0x475/0x1210 [ 3338.985692][T15615] exc_page_fault+0x94/0x170 [ 3338.990305][T15615] asm_exc_page_fault+0x22/0x30 [ 3338.995159][T15615] RIP: 0033:0x7f98a3434565 [ 3338.999581][T15615] Code: 5c 41 5d c3 90 48 8b 57 18 48 83 fa ff 74 22 48 81 fa e7 03 00 00 0f 87 ee 00 00 00 48 c1 e2 04 48 8d 0d 5e 3b 16 00 48 01 ca 02 01 48 89 42 08 48 8b 53 10 4c 8d 2d 89 ba 56 00 4c 39 ea 0f [ 3339.019196][T15615] RSP: 002b:00007ffe69a68b40 EFLAGS: 00010206 [ 3339.025278][T15615] RAX: 0000000000000003 RBX: 00007f98a359bf80 RCX: 00007f98a35980c0 [ 3339.033254][T15615] RDX: 00007f98a35980c0 RSI: 0000000000000080 RDI: 00007f98a359bf80 [ 3339.041227][T15615] RBP: 00007f98a359bf80 R08: 00007ffe69b83080 R09: 0000000000000000 [ 3339.049204][T15615] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032f21e [ 3339.057177][T15615] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3339.065172][T15615] 03:16:00 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400b13f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3339.098657][T15602] bond0: (slave bridge1302): Enslaving as an active interface with an up link [ 3339.118754][T15615] memory: usage 307156kB, limit 307200kB, failcnt 29963 [ 3339.127238][T15615] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3339.134933][T15615] Memory cgroup stats for /syz0: [ 3339.135117][T15615] anon 90112 [ 3339.135117][T15615] file 319488 [ 3339.135117][T15615] kernel 314118144 [ 3339.135117][T15615] kernel_stack 65536 [ 3339.135117][T15615] pagetables 73728 [ 3339.135117][T15615] percpu 5425088 [ 3339.135117][T15615] sock 0 [ 3339.135117][T15615] vmalloc 0 [ 3339.135117][T15615] shmem 319488 [ 3339.135117][T15615] zswap 0 [ 3339.135117][T15615] zswapped 0 [ 3339.135117][T15615] file_mapped 303104 [ 3339.135117][T15615] file_dirty 0 [ 3339.135117][T15615] file_writeback 0 [ 3339.135117][T15615] swapcached 0 [ 3339.135117][T15615] anon_thp 0 [ 3339.135117][T15615] file_thp 0 [ 3339.135117][T15615] shmem_thp 0 [ 3339.135117][T15615] inactive_anon 94208 [ 3339.135117][T15615] active_anon 315392 [ 3339.135117][T15615] inactive_file 0 [ 3339.135117][T15615] active_file 0 [ 3339.135117][T15615] unevictable 0 [ 3339.135117][T15615] slab_reclaimable 224128 [ 3339.135117][T15615] slab_unreclaimable 308289952 [ 3339.135117][T15615] slab 308514080 [ 3339.193293][T15608] bridge3201: port 1(bridge_slave_1) entered disabled state 03:16:00 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3339.236920][T15615] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15615,uid=0 [ 3339.254905][T15615] Memory cgroup out of memory: Killed process 15615 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3339.283293][T15618] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3339.297234][T15608] bridge3202: port 1(bridge_slave_1) entered blocking state [ 3339.305389][T15608] bridge3202: port 1(bridge_slave_1) entered disabled state [ 3339.313809][T15618] CPU: 1 PID: 15618 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3339.324009][T15618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3339.334095][T15618] Call Trace: [ 3339.337400][T15618] [ 3339.340361][T15618] dump_stack_lvl+0xcd/0x134 [ 3339.344994][T15618] dump_header+0x10b/0x7f9 [ 3339.349454][T15618] oom_kill_process.cold+0x10/0x15 [ 3339.354607][T15618] out_of_memory+0x358/0x14a0 [ 3339.359328][T15618] ? oom_killer_disable+0x270/0x270 [ 3339.364571][T15618] ? find_held_lock+0x2d/0x110 [ 3339.369377][T15618] mem_cgroup_out_of_memory+0x206/0x270 [ 3339.374954][T15618] ? mem_cgroup_margin+0x130/0x130 [ 3339.380087][T15618] ? lock_downgrade+0x6e0/0x6e0 [ 3339.384986][T15618] try_charge_memcg+0xf67/0x13f0 [ 3339.389957][T15618] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3339.395962][T15618] ? lock_downgrade+0x6e0/0x6e0 [ 3339.400838][T15618] charge_memcg+0x31/0x320 [ 3339.405270][T15618] __mem_cgroup_charge+0x27/0x90 [ 3339.410215][T15618] ? _compound_head+0x5d/0x150 [ 3339.414993][T15618] wp_page_copy+0x27c/0x1b60 [ 3339.419601][T15618] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3339.425065][T15618] ? lock_downgrade+0x6e0/0x6e0 [ 3339.429929][T15618] ? vm_normal_page+0x146/0x2a0 [ 3339.434798][T15618] do_wp_page+0x1d1/0x1910 [ 3339.439229][T15618] __handle_mm_fault+0x1813/0x39b0 [ 3339.444362][T15618] ? vm_iomap_memory+0x190/0x190 [ 3339.449351][T15618] handle_mm_fault+0x1c8/0x780 [ 3339.454132][T15618] do_user_addr_fault+0x475/0x1210 [ 3339.459273][T15618] exc_page_fault+0x94/0x170 [ 3339.463874][T15618] asm_exc_page_fault+0x22/0x30 [ 3339.468729][T15618] RIP: 0033:0x7ff38a4374b0 [ 3339.473408][T15618] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3339.493040][T15618] RSP: 002b:00007ffe54c81760 EFLAGS: 00010246 [ 3339.499137][T15618] RAX: 000000002feed7de RBX: 00007ff38a59c0e8 RCX: 0000001b2ee20000 [ 3339.507113][T15618] RDX: 0000000000000000 RSI: 0000001b2ee20018 RDI: 000000000a19aef0 [ 3339.515086][T15618] RBP: 000000002feed7de R08: 00000000000017de R09: 000000002feed7e2 [ 3339.523060][T15618] R10: 00007ffe54c81930 R11: 0000000000000246 R12: 00007ff38a590000 [ 3339.531032][T15618] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83bb623b [ 3339.539018][T15618] ? security_socket_create+0x3b/0xc0 [ 3339.544417][T15618] 03:16:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000a20000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3339.559909][T15618] memory: usage 307200kB, limit 307200kB, failcnt 6211 [ 3339.583948][T15613] __nla_validate_parse: 3 callbacks suppressed [ 3339.583966][T15613] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3339.599915][T15618] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3339.599936][T15618] Memory cgroup stats for /syz2: [ 3339.600151][T15618] anon 131072 [ 3339.600151][T15618] file 360448 [ 3339.600151][T15618] kernel 314081280 [ 3339.600151][T15618] kernel_stack 98304 [ 3339.600151][T15618] pagetables 73728 [ 3339.600151][T15618] percpu 5433376 [ 3339.600151][T15618] sock 0 [ 3339.600151][T15618] vmalloc 0 [ 3339.600151][T15618] shmem 356352 [ 3339.600151][T15618] zswap 0 [ 3339.600151][T15618] zswapped 0 [ 3339.600151][T15618] file_mapped 356352 [ 3339.600151][T15618] file_dirty 4096 [ 3339.600151][T15618] file_writeback 0 [ 3339.600151][T15618] swapcached 0 [ 3339.600151][T15618] anon_thp 0 [ 3339.600151][T15618] file_thp 0 [ 3339.600151][T15618] shmem_thp 0 [ 3339.600151][T15618] inactive_anon 188416 [ 3339.600151][T15618] active_anon 299008 [ 3339.600151][T15618] inactive_file 0 [ 3339.600151][T15618] active_file 4096 [ 3339.600151][T15618] unevictable 0 [ 3339.600151][T15618] slab_reclaimable 58856 [ 3339.600151][T15618] slab_unreclaimable 308387512 [ 3339.600151][T15618] slab 308446368 03:16:01 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000f80b0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3339.711188][T15618] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15618,uid=0 [ 3339.731347][T15614] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3339.731638][T15618] Memory cgroup out of memory: Killed process 15618 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3339.798375][T15617] bridge4150: port 1(bridge_slave_1) entered disabled state [ 3339.826123][T15627] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3339.867471][T15627] CPU: 1 PID: 15627 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3339.875605][T15617] bridge4151: port 1(bridge_slave_1) entered blocking state [ 3339.877661][T15627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3339.877679][T15627] Call Trace: [ 3339.877687][T15627] [ 3339.877699][T15627] dump_stack_lvl+0xcd/0x134 [ 3339.877734][T15627] dump_header+0x10b/0x7f9 [ 3339.877767][T15627] oom_kill_process.cold+0x10/0x15 [ 3339.877806][T15627] out_of_memory+0x358/0x14a0 [ 3339.877842][T15627] ? find_held_lock+0x2d/0x110 [ 3339.877867][T15627] ? oom_killer_disable+0x270/0x270 [ 3339.877899][T15627] ? find_held_lock+0x2d/0x110 [ 3339.877928][T15627] mem_cgroup_out_of_memory+0x206/0x270 [ 3339.877956][T15627] ? mem_cgroup_margin+0x130/0x130 [ 3339.877980][T15627] ? lock_downgrade+0x6e0/0x6e0 [ 3339.878025][T15627] try_charge_memcg+0xf67/0x13f0 [ 3339.878062][T15627] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3339.878092][T15627] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3339.899578][T15617] bridge4151: port 1(bridge_slave_1) entered disabled state [ 3339.901608][T15627] ? lock_downgrade+0x6e0/0x6e0 [ 3339.901667][T15627] obj_cgroup_charge+0x2ab/0x5e0 [ 3339.984375][T15627] ? __anon_vma_prepare+0x60/0x560 [ 3339.989508][T15627] kmem_cache_alloc+0x96/0x3b0 [ 3339.994297][T15627] __anon_vma_prepare+0x60/0x560 [ 3339.999268][T15627] ? __pmd_alloc+0x2ff/0x5c0 [ 3340.003885][T15627] __handle_mm_fault+0x340e/0x39b0 [ 3340.009012][T15627] ? vm_iomap_memory+0x190/0x190 [ 3340.013984][T15627] handle_mm_fault+0x1c8/0x780 [ 3340.018766][T15627] do_user_addr_fault+0x475/0x1210 [ 3340.023916][T15627] exc_page_fault+0x94/0x170 [ 3340.028519][T15627] asm_exc_page_fault+0x22/0x30 [ 3340.033376][T15627] RIP: 0033:0x7f98a3484695 [ 3340.037807][T15627] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3340.057426][T15627] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3340.063514][T15627] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3340.071491][T15627] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3340.079499][T15627] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 [ 3340.087489][T15627] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000032f5df [ 3340.095477][T15627] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3340.103482][T15627] [ 3340.112912][T15627] memory: usage 307200kB, limit 307200kB, failcnt 30044 [ 3340.120380][T15627] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3340.127347][T15627] Memory cgroup stats for /syz0: [ 3340.128188][T15627] anon 126976 [ 3340.128188][T15627] file 319488 [ 3340.128188][T15627] kernel 314126336 [ 3340.128188][T15627] kernel_stack 65536 [ 3340.128188][T15627] pagetables 81920 [ 3340.128188][T15627] percpu 5425088 [ 3340.128188][T15627] sock 0 [ 3340.128188][T15627] vmalloc 0 [ 3340.128188][T15627] shmem 319488 [ 3340.128188][T15627] zswap 0 [ 3340.128188][T15627] zswapped 0 [ 3340.128188][T15627] file_mapped 303104 [ 3340.128188][T15627] file_dirty 0 [ 3340.128188][T15627] file_writeback 0 [ 3340.128188][T15627] swapcached 0 [ 3340.128188][T15627] anon_thp 0 [ 3340.128188][T15627] file_thp 0 [ 3340.128188][T15627] shmem_thp 0 [ 3340.128188][T15627] inactive_anon 131072 [ 3340.128188][T15627] active_anon 315392 [ 3340.128188][T15627] inactive_file 0 [ 3340.128188][T15627] active_file 0 [ 3340.128188][T15627] unevictable 0 [ 3340.128188][T15627] slab_reclaimable 226056 [ 3340.128188][T15627] slab_unreclaimable 308290600 [ 3340.128188][T15627] slab 308516656 [ 3340.136718][T15620] bridge2556: port 1(bridge_slave_1) entered disabled state [ 3340.233236][T15627] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15627,uid=0 [ 3340.249578][T15627] Memory cgroup out of memory: Killed process 15627 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:16:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3340.268435][T15634] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3340.278910][T15634] CPU: 1 PID: 15634 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3340.289097][T15634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3340.299179][T15634] Call Trace: [ 3340.302518][T15634] [ 3340.305470][T15634] dump_stack_lvl+0xcd/0x134 [ 3340.310100][T15634] dump_header+0x10b/0x7f9 [ 3340.314623][T15634] oom_kill_process.cold+0x10/0x15 [ 3340.319781][T15634] out_of_memory+0x358/0x14a0 [ 3340.324497][T15634] ? oom_killer_disable+0x270/0x270 [ 3340.329731][T15634] ? find_held_lock+0x2d/0x110 [ 3340.334528][T15634] mem_cgroup_out_of_memory+0x206/0x270 [ 3340.340103][T15634] ? mem_cgroup_margin+0x130/0x130 [ 3340.345227][T15634] ? lock_downgrade+0x6e0/0x6e0 [ 3340.350105][T15634] try_charge_memcg+0xf67/0x13f0 [ 3340.355062][T15634] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3340.361053][T15634] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3340.366782][T15634] ? lock_downgrade+0x6e0/0x6e0 [ 3340.371648][T15634] ? lock_downgrade+0x6e0/0x6e0 [ 3340.376523][T15634] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3340.382081][T15634] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3340.388252][T15634] copy_process+0x607/0x7090 [ 3340.392868][T15634] ? __lock_acquire+0xbc3/0x56d0 [ 3340.397828][T15634] ? __cleanup_sighand+0xb0/0xb0 [ 3340.402796][T15634] kernel_clone+0xe7/0xab0 [ 3340.407225][T15634] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3340.413220][T15634] ? create_io_thread+0xe0/0xe0 [ 3340.418085][T15634] ? find_held_lock+0x2d/0x110 [ 3340.422866][T15634] ? __ct_user_exit+0xff/0x150 [ 3340.427659][T15634] __do_sys_clone+0xba/0x100 [ 3340.432257][T15634] ? kernel_clone+0xab0/0xab0 [ 3340.436954][T15634] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3340.442870][T15634] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3340.448793][T15634] do_syscall_64+0x35/0xb0 [ 3340.453237][T15634] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3340.459152][T15634] RIP: 0033:0x7ff38a48a6a1 [ 3340.463580][T15634] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3340.483210][T15634] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3340.491643][T15634] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3340.499623][T15634] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3340.507610][T15634] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3340.515586][T15634] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3340.523568][T15634] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3340.531559][T15634] [ 3340.552953][T15634] memory: usage 307200kB, limit 307200kB, failcnt 6305 [ 3340.554226][T15620] bridge2557: port 1(bridge_slave_1) entered blocking state [ 3340.569813][T15620] bridge2557: port 1(bridge_slave_1) entered disabled state [ 3340.573138][T15634] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3340.589203][T15634] Memory cgroup stats for /syz2: [ 3340.589375][T15634] anon 147456 [ 3340.589375][T15634] file 360448 [ 3340.589375][T15634] kernel 314064896 [ 3340.589375][T15634] kernel_stack 65536 [ 3340.589375][T15634] pagetables 81920 [ 3340.589375][T15634] percpu 5433376 [ 3340.589375][T15634] sock 0 [ 3340.589375][T15634] vmalloc 0 [ 3340.589375][T15634] shmem 356352 [ 3340.589375][T15634] zswap 0 [ 3340.589375][T15634] zswapped 0 [ 3340.589375][T15634] file_mapped 356352 [ 3340.589375][T15634] file_dirty 4096 [ 3340.589375][T15634] file_writeback 0 [ 3340.589375][T15634] swapcached 0 [ 3340.589375][T15634] anon_thp 0 [ 3340.589375][T15634] file_thp 0 [ 3340.589375][T15634] shmem_thp 0 [ 3340.589375][T15634] inactive_anon 204800 [ 3340.589375][T15634] active_anon 299008 [ 3340.589375][T15634] inactive_file 0 [ 3340.589375][T15634] active_file 4096 [ 3340.589375][T15634] unevictable 0 [ 3340.589375][T15634] slab_reclaimable 58856 [ 3340.589375][T15634] slab_unreclaimable 308387568 [ 3340.589375][T15634] slab 308446424 [ 3340.606902][T15622] bridge4151: port 1(bridge_slave_1) entered blocking state [ 3340.690521][T15622] bridge4151: port 1(bridge_slave_1) entered forwarding state [ 3340.695714][T15634] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15634,uid=0 [ 3340.717127][T15634] Memory cgroup out of memory: Killed process 15634 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3340.735215][T15637] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3340.763167][T15622] bond0: (slave bridge4151): Enslaving as an active interface with an up link [ 3340.763696][T15637] CPU: 0 PID: 15637 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3340.782235][T15637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3340.792320][T15637] Call Trace: [ 3340.795641][T15637] [ 3340.798592][T15637] dump_stack_lvl+0xcd/0x134 [ 3340.803220][T15637] dump_header+0x10b/0x7f9 [ 3340.807674][T15637] oom_kill_process.cold+0x10/0x15 [ 3340.812818][T15637] out_of_memory+0x358/0x14a0 [ 3340.817537][T15637] ? oom_killer_disable+0x270/0x270 [ 3340.822771][T15637] ? find_held_lock+0x2d/0x110 [ 3340.827564][T15637] mem_cgroup_out_of_memory+0x206/0x270 [ 3340.833151][T15637] ? mem_cgroup_margin+0x130/0x130 [ 3340.838333][T15637] ? lock_downgrade+0x6e0/0x6e0 [ 3340.843217][T15637] try_charge_memcg+0xf67/0x13f0 [ 3340.848020][T15621] bond0: (slave bridge2557): Enslaving as an active interface with an up link [ 3340.848172][T15637] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3340.858033][T15626] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3340.863054][T15637] ? lock_downgrade+0x6e0/0x6e0 [ 3340.863125][T15637] charge_memcg+0x31/0x320 [ 3340.881731][T15637] __mem_cgroup_charge+0x27/0x90 [ 3340.886696][T15637] ? _compound_head+0x5d/0x150 [ 3340.891493][T15637] wp_page_copy+0x27c/0x1b60 [ 3340.896138][T15637] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3340.901624][T15637] ? lock_downgrade+0x6e0/0x6e0 [ 3340.906507][T15637] ? vm_normal_page+0x146/0x2a0 03:16:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000002e2000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3340.911392][T15637] do_wp_page+0x1d1/0x1910 [ 3340.915832][T15637] __handle_mm_fault+0x1813/0x39b0 [ 3340.915897][T15629] bridge1302: port 1(bridge_slave_1) entered disabled state [ 3340.920958][T15637] ? vm_iomap_memory+0x190/0x190 [ 3340.921021][T15637] handle_mm_fault+0x1c8/0x780 [ 3340.921050][T15637] do_user_addr_fault+0x475/0x1210 [ 3340.921092][T15637] exc_page_fault+0x94/0x170 [ 3340.947834][T15637] asm_exc_page_fault+0x22/0x30 [ 3340.952686][T15637] RIP: 0033:0x7f98a34374b0 [ 3340.957097][T15637] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3340.976722][T15637] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3340.982802][T15637] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3340.990769][T15637] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3340.998738][T15637] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 03:16:02 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400ac3f0b0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3341.006709][T15637] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3341.014682][T15637] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3341.022655][T15637] ? __x64_sys_socket+0xd/0xb0 [ 3341.027454][T15637] [ 3341.047571][T15637] memory: usage 307200kB, limit 307200kB, failcnt 30098 [ 3341.054565][T15637] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3341.063337][T15629] bridge1303: port 1(bridge_slave_1) entered blocking state [ 3341.075194][T15629] bridge1303: port 1(bridge_slave_1) entered disabled state [ 3341.078974][T15637] Memory cgroup stats for /syz0: [ 3341.082717][T15637] anon 118784 [ 3341.082717][T15637] file 319488 [ 3341.082717][T15637] kernel 314118144 [ 3341.082717][T15637] kernel_stack 65536 [ 3341.082717][T15637] pagetables 73728 [ 3341.082717][T15637] percpu 5425088 [ 3341.082717][T15637] sock 0 [ 3341.082717][T15637] vmalloc 0 [ 3341.082717][T15637] shmem 319488 [ 3341.082717][T15637] zswap 0 [ 3341.082717][T15637] zswapped 0 [ 3341.082717][T15637] file_mapped 303104 [ 3341.082717][T15637] file_dirty 0 [ 3341.082717][T15637] file_writeback 0 [ 3341.082717][T15637] swapcached 0 [ 3341.082717][T15637] anon_thp 0 [ 3341.082717][T15637] file_thp 0 [ 3341.082717][T15637] shmem_thp 0 [ 3341.082717][T15637] inactive_anon 122880 [ 3341.082717][T15637] active_anon 315392 [ 3341.082717][T15637] inactive_file 0 [ 3341.082717][T15637] active_file 0 [ 3341.082717][T15637] unevictable 0 [ 3341.082717][T15637] slab_reclaimable 224128 [ 3341.082717][T15637] slab_unreclaimable 308289952 [ 3341.082717][T15637] slab 308514080 [ 3341.146410][T15630] bond0: (slave bridge1303): Enslaving as an active interface with an up link [ 3341.181761][T15637] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15637,uid=0 03:16:02 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000f0000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) 03:16:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3341.202047][T15637] Memory cgroup out of memory: Killed process 15637 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3341.220945][T15633] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3341.322839][T15647] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3341.334157][T15647] CPU: 1 PID: 15647 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3341.344350][T15647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3341.354427][T15647] Call Trace: [ 3341.357812][T15647] [ 3341.360770][T15647] dump_stack_lvl+0xcd/0x134 [ 3341.365370][T15647] dump_header+0x10b/0x7f9 [ 3341.369803][T15647] oom_kill_process.cold+0x10/0x15 [ 3341.374954][T15647] out_of_memory+0x358/0x14a0 [ 3341.379656][T15647] ? find_held_lock+0x2d/0x110 [ 3341.384417][T15647] ? oom_killer_disable+0x270/0x270 [ 3341.389637][T15647] ? find_held_lock+0x2d/0x110 [ 3341.394427][T15647] mem_cgroup_out_of_memory+0x206/0x270 [ 3341.400012][T15647] ? mem_cgroup_margin+0x130/0x130 [ 3341.405176][T15647] ? lock_downgrade+0x6e0/0x6e0 [ 3341.410090][T15647] try_charge_memcg+0xf67/0x13f0 [ 3341.415107][T15647] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3341.421140][T15647] ? lock_downgrade+0x6e0/0x6e0 [ 3341.426039][T15647] charge_memcg+0x31/0x320 [ 3341.430474][T15647] __mem_cgroup_charge+0x27/0x90 [ 3341.435432][T15647] ? _compound_head+0x5d/0x150 [ 3341.440198][T15647] wp_page_copy+0x27c/0x1b60 [ 3341.444793][T15647] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3341.450262][T15647] ? lock_downgrade+0x6e0/0x6e0 [ 3341.455146][T15647] ? vm_normal_page+0x146/0x2a0 [ 3341.460044][T15647] do_wp_page+0x1d1/0x1910 [ 3341.464503][T15647] __handle_mm_fault+0x1813/0x39b0 [ 3341.469652][T15647] ? vm_iomap_memory+0x190/0x190 [ 3341.474650][T15647] handle_mm_fault+0x1c8/0x780 [ 3341.479450][T15647] do_user_addr_fault+0x475/0x1210 [ 3341.484605][T15647] exc_page_fault+0x94/0x170 [ 3341.489231][T15647] asm_exc_page_fault+0x22/0x30 [ 3341.494113][T15647] RIP: 0033:0x7f98a34374b0 [ 3341.498549][T15647] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3341.518188][T15647] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3341.524273][T15647] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3341.532286][T15647] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3341.540284][T15647] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3341.548285][T15647] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3341.556273][T15647] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3341.564241][T15647] ? __x64_sys_socket+0xd/0xb0 [ 3341.569038][T15647] [ 3341.581288][T15647] memory: usage 307184kB, limit 307200kB, failcnt 30152 [ 3341.582295][T15635] bridge3202: port 1(bridge_slave_1) entered disabled state [ 3341.588637][T15647] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3341.603393][T15647] Memory cgroup stats for /syz0: [ 3341.603626][T15647] anon 118784 [ 3341.603626][T15647] file 319488 [ 3341.603626][T15647] kernel 314118144 [ 3341.603626][T15647] kernel_stack 65536 [ 3341.603626][T15647] pagetables 73728 [ 3341.603626][T15647] percpu 5425088 [ 3341.603626][T15647] sock 0 [ 3341.603626][T15647] vmalloc 0 [ 3341.603626][T15647] shmem 319488 [ 3341.603626][T15647] zswap 0 [ 3341.603626][T15647] zswapped 0 [ 3341.603626][T15647] file_mapped 303104 [ 3341.603626][T15647] file_dirty 0 [ 3341.603626][T15647] file_writeback 0 [ 3341.603626][T15647] swapcached 0 [ 3341.603626][T15647] anon_thp 0 [ 3341.603626][T15647] file_thp 0 [ 3341.603626][T15647] shmem_thp 0 [ 3341.603626][T15647] inactive_anon 106496 [ 3341.603626][T15647] active_anon 315392 [ 3341.603626][T15647] inactive_file 0 [ 3341.603626][T15647] active_file 0 [ 3341.603626][T15647] unevictable 0 [ 3341.603626][T15647] slab_reclaimable 224128 [ 3341.603626][T15647] slab_unreclaimable 308289952 [ 3341.603626][T15647] slab 308514080 [ 3341.699151][T15647] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15647,uid=0 [ 3341.714873][T15647] Memory cgroup out of memory: Killed process 15647 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:16:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:16:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000000000a20000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3341.733936][T15635] bridge3203: port 1(bridge_slave_1) entered blocking state [ 3341.742133][T15635] bridge3203: port 1(bridge_slave_1) entered disabled state 03:16:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000000c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3341.778838][T15641] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3341.862133][T15642] bridge4151: port 1(bridge_slave_1) entered disabled state [ 3341.888556][T15657] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3341.907622][T15657] CPU: 1 PID: 15657 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3341.917830][T15657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3341.927913][T15657] Call Trace: [ 3341.931213][T15657] [ 3341.932136][T15642] bridge4152: port 1(bridge_slave_1) entered blocking state [ 3341.934145][T15657] dump_stack_lvl+0xcd/0x134 [ 3341.934186][T15657] dump_header+0x10b/0x7f9 [ 3341.934222][T15657] oom_kill_process.cold+0x10/0x15 [ 3341.955706][T15657] out_of_memory+0x358/0x14a0 [ 3341.956133][T15642] bridge4152: port 1(bridge_slave_1) entered disabled state [ 3341.960407][T15657] ? find_held_lock+0x2d/0x110 [ 3341.960439][T15657] ? oom_killer_disable+0x270/0x270 [ 3341.960475][T15657] ? find_held_lock+0x2d/0x110 [ 3341.960500][T15657] mem_cgroup_out_of_memory+0x206/0x270 [ 3341.960527][T15657] ? mem_cgroup_margin+0x130/0x130 [ 3341.960548][T15657] ? lock_downgrade+0x6e0/0x6e0 [ 3341.960591][T15657] try_charge_memcg+0xf67/0x13f0 [ 3341.960627][T15657] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3341.960662][T15657] ? lock_downgrade+0x6e0/0x6e0 [ 3342.013918][T15657] charge_memcg+0x31/0x320 [ 3342.018379][T15657] __mem_cgroup_charge+0x27/0x90 [ 3342.023349][T15657] ? _compound_head+0x5d/0x150 [ 3342.028149][T15657] wp_page_copy+0x27c/0x1b60 [ 3342.032781][T15657] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3342.038272][T15657] ? lock_downgrade+0x6e0/0x6e0 [ 3342.043143][T15657] ? vm_normal_page+0x146/0x2a0 [ 3342.045749][T15645] bridge4152: port 1(bridge_slave_1) entered blocking state [ 3342.048016][T15657] do_wp_page+0x1d1/0x1910 [ 3342.048058][T15657] __handle_mm_fault+0x1813/0x39b0 [ 3342.048092][T15657] ? vm_iomap_memory+0x190/0x190 [ 3342.055433][T15645] bridge4152: port 1(bridge_slave_1) entered forwarding state [ 3342.059787][T15657] handle_mm_fault+0x1c8/0x780 [ 3342.082104][T15657] do_user_addr_fault+0x475/0x1210 [ 3342.087258][T15657] exc_page_fault+0x94/0x170 [ 3342.091897][T15657] asm_exc_page_fault+0x22/0x30 [ 3342.096771][T15657] RIP: 0033:0x7f98a34374b0 [ 3342.101194][T15657] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3342.120909][T15657] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3342.127003][T15657] RAX: 00000000bd27bad8 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3342.134994][T15657] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0c76 [ 3342.143027][T15657] RBP: 00000000bd27bad8 R08: 0000000000001ad8 R09: 00000000bd27badc [ 3342.151042][T15657] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3342.159046][T15657] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a3270f [ 3342.167048][T15657] ? trace_user_exit.constprop.0+0x13f/0x210 [ 3342.173094][T15657] [ 3342.173315][T15645] bond0: (slave bridge4152): Enslaving as an active interface with an up link [ 3342.185571][T15657] memory: usage 307188kB, limit 307200kB, failcnt 30199 [ 3342.206105][T15657] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:16:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000003e2000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3342.214609][T15646] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3342.235461][T15657] Memory cgroup stats for /syz0: [ 3342.235648][T15657] anon 106496 [ 3342.235648][T15657] file 319488 [ 3342.235648][T15657] kernel 314134528 [ 3342.235648][T15657] kernel_stack 65536 [ 3342.235648][T15657] pagetables 73728 [ 3342.235648][T15657] percpu 5425088 [ 3342.235648][T15657] sock 0 [ 3342.235648][T15657] vmalloc 0 [ 3342.235648][T15657] shmem 319488 [ 3342.235648][T15657] zswap 0 [ 3342.235648][T15657] zswapped 0 [ 3342.235648][T15657] file_mapped 303104 [ 3342.235648][T15657] file_dirty 0 [ 3342.235648][T15657] file_writeback 0 [ 3342.235648][T15657] swapcached 0 [ 3342.235648][T15657] anon_thp 0 [ 3342.235648][T15657] file_thp 0 [ 3342.235648][T15657] shmem_thp 0 [ 3342.235648][T15657] inactive_anon 110592 [ 3342.235648][T15657] active_anon 315392 [ 3342.235648][T15657] inactive_file 0 [ 3342.235648][T15657] active_file 0 [ 3342.235648][T15657] unevictable 0 [ 3342.235648][T15657] slab_reclaimable 224128 [ 3342.235648][T15657] slab_unreclaimable 308301352 [ 3342.235648][T15657] slab 308525480 [ 3342.284071][T15649] bridge2557: port 1(bridge_slave_1) entered disabled state [ 3342.344686][T15657] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15657,uid=0 [ 3342.374427][T15649] bridge2558: port 1(bridge_slave_1) entered blocking state [ 3342.382038][T15649] bridge2558: port 1(bridge_slave_1) entered disabled state [ 3342.382493][T15657] Memory cgroup out of memory: Killed process 15657 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3342.400957][T15653] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3342.418648][T15660] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3342.432595][T15660] CPU: 1 PID: 15660 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3342.442969][T15660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3342.453127][T15660] Call Trace: [ 3342.456412][T15660] [ 3342.459363][T15660] dump_stack_lvl+0xcd/0x134 [ 3342.463974][T15660] dump_header+0x10b/0x7f9 [ 3342.468407][T15660] oom_kill_process.cold+0x10/0x15 [ 3342.473537][T15660] out_of_memory+0x358/0x14a0 [ 3342.478238][T15660] ? oom_killer_disable+0x270/0x270 [ 3342.483448][T15660] ? find_held_lock+0x2d/0x110 [ 3342.488224][T15660] mem_cgroup_out_of_memory+0x206/0x270 [ 3342.493779][T15660] ? mem_cgroup_margin+0x130/0x130 [ 3342.498900][T15660] ? lock_downgrade+0x6e0/0x6e0 [ 3342.503781][T15660] try_charge_memcg+0xf67/0x13f0 [ 3342.508733][T15660] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3342.514729][T15660] ? lock_downgrade+0x6e0/0x6e0 [ 3342.519616][T15660] charge_memcg+0x31/0x320 [ 3342.524046][T15660] __mem_cgroup_charge+0x27/0x90 [ 3342.529003][T15660] ? _compound_head+0x5d/0x150 [ 3342.533780][T15660] wp_page_copy+0x27c/0x1b60 [ 3342.538388][T15660] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3342.543854][T15660] ? lock_downgrade+0x6e0/0x6e0 [ 3342.548741][T15660] ? vm_normal_page+0x146/0x2a0 [ 3342.553633][T15660] do_wp_page+0x1d1/0x1910 [ 3342.558086][T15660] __handle_mm_fault+0x1813/0x39b0 [ 3342.563226][T15660] ? vm_iomap_memory+0x190/0x190 [ 3342.568205][T15660] handle_mm_fault+0x1c8/0x780 [ 3342.572992][T15660] do_user_addr_fault+0x475/0x1210 [ 3342.578152][T15660] exc_page_fault+0x94/0x170 [ 3342.582799][T15660] asm_exc_page_fault+0x22/0x30 [ 3342.587679][T15660] RIP: 0033:0x7ff38a4374b0 [ 3342.592126][T15660] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3342.615141][T15660] RSP: 002b:00007ffe54c81760 EFLAGS: 00010246 03:16:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3342.621235][T15660] RAX: 00000000098f1ddc RBX: 00007ff38a59c0e8 RCX: 0000001b2ee20000 [ 3342.629219][T15660] RDX: 0000000000000000 RSI: 0000001b2ee20018 RDI: 000000000d570f0d [ 3342.637209][T15660] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3342.645226][T15660] R10: 00007ffe54c81930 R11: 0000000000000246 R12: 00007ff38a590000 [ 3342.653206][T15660] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3342.661187][T15660] ? __x64_sys_socket+0xd/0xb0 [ 3342.666068][T15660] [ 3342.705447][T15660] memory: usage 307200kB, limit 307200kB, failcnt 6373 [ 3342.715955][T15660] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3342.731175][T15660] Memory cgroup stats for /syz2: [ 3342.731361][T15660] anon 126976 [ 3342.731361][T15660] file 360448 [ 3342.731361][T15660] kernel 314085376 [ 3342.731361][T15660] kernel_stack 98304 [ 3342.731361][T15660] pagetables 73728 [ 3342.731361][T15660] percpu 5433376 [ 3342.731361][T15660] sock 0 [ 3342.731361][T15660] vmalloc 0 [ 3342.731361][T15660] shmem 356352 [ 3342.731361][T15660] zswap 0 [ 3342.731361][T15660] zswapped 0 [ 3342.731361][T15660] file_mapped 356352 [ 3342.731361][T15660] file_dirty 4096 [ 3342.731361][T15660] file_writeback 0 [ 3342.731361][T15660] swapcached 0 [ 3342.731361][T15660] anon_thp 0 [ 3342.731361][T15660] file_thp 0 [ 3342.731361][T15660] shmem_thp 0 [ 3342.731361][T15660] inactive_anon 184320 [ 3342.731361][T15660] active_anon 299008 [ 3342.731361][T15660] inactive_file 4096 [ 3342.731361][T15660] active_file 0 [ 3342.731361][T15660] unevictable 0 [ 3342.731361][T15660] slab_reclaimable 58856 [ 3342.731361][T15660] slab_unreclaimable 308387512 [ 3342.731361][T15660] slab 308446368 [ 3342.755173][T15652] bond0: (slave bridge2558): Enslaving as an active interface with an up link 03:16:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000f0000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3342.851763][T15660] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15660,uid=0 [ 3342.869307][T15660] Memory cgroup out of memory: Killed process 15660 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3342.877763][T15654] bridge1303: port 1(bridge_slave_1) entered disabled state [ 3342.913997][T15671] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3342.926682][T15654] bridge1304: port 1(bridge_slave_1) entered blocking state [ 3342.935685][T15671] CPU: 1 PID: 15671 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3342.937084][T15654] bridge1304: port 1(bridge_slave_1) entered disabled state [ 3342.945860][T15671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3342.945876][T15671] Call Trace: [ 3342.945884][T15671] [ 3342.945893][T15671] dump_stack_lvl+0xcd/0x134 [ 3342.945928][T15671] dump_header+0x10b/0x7f9 [ 3342.945962][T15671] oom_kill_process.cold+0x10/0x15 [ 3342.945993][T15671] out_of_memory+0x358/0x14a0 [ 3342.946032][T15671] ? oom_killer_disable+0x270/0x270 [ 3342.946065][T15671] ? find_held_lock+0x2d/0x110 [ 3342.946095][T15671] mem_cgroup_out_of_memory+0x206/0x270 [ 3342.946123][T15671] ? mem_cgroup_margin+0x130/0x130 [ 3342.946144][T15671] ? lock_downgrade+0x6e0/0x6e0 [ 3342.946188][T15671] try_charge_memcg+0xf67/0x13f0 [ 3342.946222][T15671] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3343.024820][T15671] ? lock_downgrade+0x6e0/0x6e0 [ 3343.029707][T15671] charge_memcg+0x31/0x320 [ 3343.034140][T15671] __mem_cgroup_charge+0x27/0x90 [ 3343.039085][T15671] ? _compound_head+0x5d/0x150 [ 3343.043861][T15671] wp_page_copy+0x27c/0x1b60 [ 3343.048470][T15671] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3343.053959][T15671] ? lock_downgrade+0x6e0/0x6e0 [ 3343.058831][T15671] ? vm_normal_page+0x146/0x2a0 [ 3343.063711][T15671] do_wp_page+0x1d1/0x1910 [ 3343.068143][T15671] __handle_mm_fault+0x1813/0x39b0 [ 3343.073269][T15671] ? vm_iomap_memory+0x190/0x190 [ 3343.078242][T15671] handle_mm_fault+0x1c8/0x780 [ 3343.083019][T15671] do_user_addr_fault+0x475/0x1210 [ 3343.088159][T15671] exc_page_fault+0x94/0x170 [ 3343.092763][T15671] asm_exc_page_fault+0x22/0x30 [ 3343.097621][T15671] RIP: 0033:0x7f98a34374b0 [ 3343.102059][T15671] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3343.121850][T15671] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3343.127923][T15671] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3343.135898][T15671] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3343.143877][T15671] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3343.151853][T15671] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 03:16:04 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000080c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3343.159832][T15671] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3343.167806][T15671] ? __x64_sys_socket+0xd/0xb0 [ 3343.172596][T15671] [ 3343.187795][T15671] memory: usage 307200kB, limit 307200kB, failcnt 30261 [ 3343.197657][T15671] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3343.205559][T15671] Memory cgroup stats for /syz0: [ 3343.205733][T15671] anon 118784 [ 3343.205733][T15671] file 319488 [ 3343.205733][T15671] kernel 314134528 [ 3343.205733][T15671] kernel_stack 65536 [ 3343.205733][T15671] pagetables 73728 [ 3343.205733][T15671] percpu 5425088 [ 3343.205733][T15671] sock 0 [ 3343.205733][T15671] vmalloc 0 [ 3343.205733][T15671] shmem 319488 [ 3343.205733][T15671] zswap 0 [ 3343.205733][T15671] zswapped 0 [ 3343.205733][T15671] file_mapped 303104 [ 3343.205733][T15671] file_dirty 0 [ 3343.205733][T15671] file_writeback 0 [ 3343.205733][T15671] swapcached 0 [ 3343.205733][T15671] anon_thp 0 [ 3343.205733][T15671] file_thp 0 [ 3343.205733][T15671] shmem_thp 0 [ 3343.205733][T15671] inactive_anon 122880 [ 3343.205733][T15671] active_anon 315392 [ 3343.205733][T15671] inactive_file 0 [ 3343.205733][T15671] active_file 0 [ 3343.205733][T15671] unevictable 0 [ 3343.205733][T15671] slab_reclaimable 224128 [ 3343.205733][T15671] slab_unreclaimable 308301352 [ 3343.205733][T15671] slab 308525480 03:16:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3343.303924][T15671] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15671,uid=0 [ 3343.323051][T15671] Memory cgroup out of memory: Killed process 15671 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3343.383051][T15655] bond0: (slave bridge1304): Enslaving as an active interface with an up link [ 3343.393790][T15679] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3343.428325][T15679] CPU: 1 PID: 15679 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3343.438560][T15679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3343.448646][T15679] Call Trace: [ 3343.451963][T15679] [ 3343.454894][T15679] dump_stack_lvl+0xcd/0x134 [ 3343.459498][T15679] dump_header+0x10b/0x7f9 [ 3343.463954][T15679] oom_kill_process.cold+0x10/0x15 [ 3343.469094][T15679] out_of_memory+0x358/0x14a0 [ 3343.473791][T15679] ? find_held_lock+0x2d/0x110 [ 3343.478566][T15679] ? oom_killer_disable+0x270/0x270 [ 3343.483780][T15679] ? find_held_lock+0x2d/0x110 [ 3343.488556][T15679] mem_cgroup_out_of_memory+0x206/0x270 [ 3343.494113][T15679] ? mem_cgroup_margin+0x130/0x130 [ 3343.499316][T15679] ? lock_downgrade+0x6e0/0x6e0 [ 3343.504190][T15679] try_charge_memcg+0xf67/0x13f0 [ 3343.509144][T15679] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3343.515158][T15679] ? lock_downgrade+0x6e0/0x6e0 [ 3343.520035][T15679] charge_memcg+0x31/0x320 [ 3343.524463][T15679] __mem_cgroup_charge+0x27/0x90 [ 3343.529408][T15679] ? _compound_head+0x5d/0x150 [ 3343.534189][T15679] wp_page_copy+0x27c/0x1b60 [ 3343.538794][T15679] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3343.544258][T15679] ? lock_downgrade+0x6e0/0x6e0 [ 3343.549116][T15679] ? vm_normal_page+0x146/0x2a0 [ 3343.553990][T15679] do_wp_page+0x52c/0x1910 [ 3343.558424][T15679] __handle_mm_fault+0x1813/0x39b0 [ 3343.563552][T15679] ? vm_iomap_memory+0x190/0x190 [ 3343.568608][T15679] handle_mm_fault+0x1c8/0x780 [ 3343.573385][T15679] do_user_addr_fault+0x475/0x1210 [ 3343.578540][T15679] exc_page_fault+0x94/0x170 [ 3343.583146][T15679] asm_exc_page_fault+0x22/0x30 [ 3343.588004][T15679] RIP: 0033:0x7f98a3434e1e [ 3343.592428][T15679] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 57 71 16 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 3343.612142][T15679] RSP: 002b:00007ffe69a68b80 EFLAGS: 00010246 [ 3343.618218][T15679] RAX: 00007f98a359bf80 RBX: 00007f98a359bf8c RCX: 0000000000000000 03:16:04 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000f0000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3343.626194][T15679] RDX: 0000000000000000 RSI: 00007f98a359bf88 RDI: 0000000000000000 [ 3343.634167][T15679] RBP: 00007f98a359bf80 R08: 00007f98a4666700 R09: 00007f98a4666700 [ 3343.642142][T15679] R10: 00007f98a46669d0 R11: 0000000000000206 R12: 00007f98a359bf8c [ 3343.650118][T15679] R13: 00007f98a35a0060 R14: 00007f98a359bf80 R15: 0000000000000000 [ 3343.658114][T15679] [ 3343.669589][T15679] memory: usage 307196kB, limit 307200kB, failcnt 30297 [ 3343.677764][T15679] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3343.684888][T15679] Memory cgroup stats for /syz0: [ 3343.685110][T15679] anon 81920 [ 3343.685110][T15679] file 319488 [ 3343.685110][T15679] kernel 314126336 [ 3343.685110][T15679] kernel_stack 65536 [ 3343.685110][T15679] pagetables 69632 [ 3343.685110][T15679] percpu 5425088 [ 3343.685110][T15679] sock 0 [ 3343.685110][T15679] vmalloc 0 [ 3343.685110][T15679] shmem 319488 [ 3343.685110][T15679] zswap 0 [ 3343.685110][T15679] zswapped 0 [ 3343.685110][T15679] file_mapped 303104 [ 3343.685110][T15679] file_dirty 0 [ 3343.685110][T15679] file_writeback 0 [ 3343.685110][T15679] swapcached 0 [ 3343.685110][T15679] anon_thp 0 [ 3343.685110][T15679] file_thp 0 [ 3343.685110][T15679] shmem_thp 0 [ 3343.685110][T15679] inactive_anon 86016 [ 3343.685110][T15679] active_anon 315392 [ 3343.685110][T15679] inactive_file 0 [ 3343.685110][T15679] active_file 0 [ 3343.685110][T15679] unevictable 0 [ 3343.685110][T15679] slab_reclaimable 224776 [ 3343.685110][T15679] slab_unreclaimable 308300704 [ 3343.685110][T15679] slab 308525480 [ 3343.779212][T15662] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3343.793947][T15679] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15679,uid=0 [ 3343.814591][T15679] Memory cgroup out of memory: Killed process 15679 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 3343.832642][T15676] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3343.843198][T15676] CPU: 0 PID: 15676 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3343.853552][T15676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3343.863781][T15676] Call Trace: [ 3343.867054][T15676] [ 3343.869979][T15676] dump_stack_lvl+0xcd/0x134 [ 3343.874571][T15676] dump_header+0x10b/0x7f9 [ 3343.879010][T15676] oom_kill_process.cold+0x10/0x15 [ 3343.884151][T15676] out_of_memory+0x358/0x14a0 [ 3343.888834][T15676] ? oom_killer_disable+0x270/0x270 [ 3343.894033][T15676] ? find_held_lock+0x2d/0x110 [ 3343.898838][T15676] mem_cgroup_out_of_memory+0x206/0x270 [ 3343.904413][T15676] ? mem_cgroup_margin+0x130/0x130 [ 3343.909542][T15676] ? lock_downgrade+0x6e0/0x6e0 [ 3343.914424][T15676] try_charge_memcg+0xf67/0x13f0 [ 3343.919379][T15676] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3343.925370][T15676] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3343.931098][T15676] ? lock_downgrade+0x6e0/0x6e0 [ 3343.935962][T15676] ? lock_downgrade+0x6e0/0x6e0 [ 3343.940832][T15676] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3343.946393][T15676] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3343.952564][T15676] copy_process+0x145a/0x7090 [ 3343.957256][T15676] ? find_held_lock+0x2d/0x110 [ 3343.962040][T15676] ? __cleanup_sighand+0xb0/0xb0 [ 3343.967005][T15676] kernel_clone+0xe7/0xab0 [ 3343.971428][T15676] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3343.977418][T15676] ? create_io_thread+0xe0/0xe0 [ 3343.982285][T15676] ? find_held_lock+0x2d/0x110 [ 3343.987061][T15676] ? __ct_user_exit+0xff/0x150 [ 3343.991842][T15676] __do_sys_clone+0xba/0x100 [ 3343.996460][T15676] ? kernel_clone+0xab0/0xab0 [ 3344.001158][T15676] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3344.007060][T15676] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3344.012972][T15676] do_syscall_64+0x35/0xb0 [ 3344.017401][T15676] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3344.023307][T15676] RIP: 0033:0x7ff38a48a6a1 [ 3344.027727][T15676] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3344.047362][T15676] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3344.055785][T15676] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3344.063775][T15676] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3344.071750][T15676] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 03:16:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3344.079726][T15676] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3344.087702][T15676] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3344.095700][T15676] [ 3344.100797][T15676] memory: usage 307200kB, limit 307200kB, failcnt 6425 [ 3344.110056][T15676] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3344.116978][T15676] Memory cgroup stats for /syz2: [ 3344.117193][T15676] anon 147456 [ 3344.117193][T15676] file 360448 [ 3344.117193][T15676] kernel 314064896 [ 3344.117193][T15676] kernel_stack 65536 [ 3344.117193][T15676] pagetables 81920 [ 3344.117193][T15676] percpu 5433376 [ 3344.117193][T15676] sock 0 [ 3344.117193][T15676] vmalloc 0 [ 3344.117193][T15676] shmem 356352 [ 3344.117193][T15676] zswap 0 [ 3344.117193][T15676] zswapped 0 [ 3344.117193][T15676] file_mapped 356352 [ 3344.117193][T15676] file_dirty 4096 [ 3344.117193][T15676] file_writeback 0 [ 3344.117193][T15676] swapcached 0 [ 3344.117193][T15676] anon_thp 0 [ 3344.117193][T15676] file_thp 0 [ 3344.117193][T15676] shmem_thp 0 [ 3344.117193][T15676] inactive_anon 204800 [ 3344.117193][T15676] active_anon 299008 [ 3344.117193][T15676] inactive_file 0 [ 3344.117193][T15676] active_file 4096 [ 3344.117193][T15676] unevictable 0 [ 3344.117193][T15676] slab_reclaimable 58856 [ 3344.117193][T15676] slab_unreclaimable 308387568 [ 3344.117193][T15676] slab 308446424 [ 3344.221434][T15663] bridge3203: port 1(bridge_slave_1) entered disabled state 03:16:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000000000000000b8d0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3344.242343][T15676] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15676,uid=0 [ 3344.258213][T15676] Memory cgroup out of memory: Killed process 15676 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3344.261440][T15668] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3344.336111][T15686] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3344.362787][T15669] bridge4152: port 1(bridge_slave_1) entered disabled state [ 3344.370537][T15686] CPU: 1 PID: 15686 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3344.380731][T15686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3344.390907][T15686] Call Trace: [ 3344.394204][T15686] [ 3344.397199][T15686] dump_stack_lvl+0xcd/0x134 [ 3344.401806][T15686] dump_header+0x10b/0x7f9 [ 3344.406265][T15686] oom_kill_process.cold+0x10/0x15 [ 3344.411412][T15686] out_of_memory+0x358/0x14a0 [ 3344.416139][T15686] ? find_held_lock+0x2d/0x110 [ 3344.420938][T15686] ? oom_killer_disable+0x270/0x270 [ 3344.426174][T15686] ? find_held_lock+0x2d/0x110 [ 3344.430963][T15686] mem_cgroup_out_of_memory+0x206/0x270 [ 3344.436530][T15686] ? mem_cgroup_margin+0x130/0x130 [ 3344.441652][T15686] ? lock_downgrade+0x6e0/0x6e0 [ 3344.446564][T15686] try_charge_memcg+0xf67/0x13f0 [ 3344.451552][T15686] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3344.457587][T15686] ? lock_downgrade+0x6e0/0x6e0 [ 3344.462495][T15686] charge_memcg+0x31/0x320 [ 3344.467041][T15686] __mem_cgroup_charge+0x27/0x90 [ 3344.472016][T15686] ? _compound_head+0x5d/0x150 [ 3344.476828][T15686] wp_page_copy+0x27c/0x1b60 [ 3344.481470][T15686] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3344.486962][T15686] ? lock_downgrade+0x6e0/0x6e0 [ 3344.491854][T15686] ? vm_normal_page+0x146/0x2a0 [ 3344.496744][T15686] do_wp_page+0x1d1/0x1910 [ 3344.501179][T15686] __handle_mm_fault+0x1813/0x39b0 [ 3344.506318][T15686] ? vm_iomap_memory+0x190/0x190 [ 3344.511295][T15686] handle_mm_fault+0x1c8/0x780 [ 3344.516094][T15686] do_user_addr_fault+0x475/0x1210 [ 3344.521255][T15686] exc_page_fault+0x94/0x170 [ 3344.525925][T15686] asm_exc_page_fault+0x22/0x30 [ 3344.530804][T15686] RIP: 0033:0x7f98a34374b0 [ 3344.535254][T15686] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3344.554897][T15686] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3344.561001][T15686] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3344.569002][T15686] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3344.577003][T15686] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3344.585007][T15686] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3344.593012][T15686] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3344.601014][T15686] ? __x64_sys_socket+0xd/0xb0 [ 3344.605833][T15686] [ 3344.619001][T15686] memory: usage 307184kB, limit 307200kB, failcnt 30387 [ 3344.626142][T15686] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3344.633672][T15686] Memory cgroup stats for /syz0: [ 3344.633902][T15686] anon 118784 [ 3344.633902][T15686] file 319488 [ 3344.633902][T15686] kernel 314118144 [ 3344.633902][T15686] kernel_stack 65536 [ 3344.633902][T15686] pagetables 73728 [ 3344.633902][T15686] percpu 5425088 [ 3344.633902][T15686] sock 0 [ 3344.633902][T15686] vmalloc 0 [ 3344.633902][T15686] shmem 319488 [ 3344.633902][T15686] zswap 0 [ 3344.633902][T15686] zswapped 0 [ 3344.633902][T15686] file_mapped 303104 [ 3344.633902][T15686] file_dirty 0 [ 3344.633902][T15686] file_writeback 0 [ 3344.633902][T15686] swapcached 0 [ 3344.633902][T15686] anon_thp 0 [ 3344.633902][T15686] file_thp 0 [ 3344.633902][T15686] shmem_thp 0 [ 3344.633902][T15686] inactive_anon 122880 [ 3344.633902][T15686] active_anon 315392 [ 3344.633902][T15686] inactive_file 0 [ 3344.633902][T15686] active_file 0 [ 3344.633902][T15686] unevictable 0 [ 3344.633902][T15686] slab_reclaimable 224128 [ 3344.633902][T15686] slab_unreclaimable 308290256 [ 3344.633902][T15686] slab 308514384 [ 3344.654696][T15669] bridge4153: port 1(bridge_slave_1) entered blocking state 03:16:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3344.739260][T15686] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15686,uid=0 [ 3344.755215][T15669] bridge4153: port 1(bridge_slave_1) entered disabled state [ 3344.755966][T15686] Memory cgroup out of memory: Killed process 15686 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3344.827761][T15670] bridge4153: port 1(bridge_slave_1) entered blocking state [ 3344.835276][T15670] bridge4153: port 1(bridge_slave_1) entered forwarding state [ 3344.846921][T15693] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3344.859913][T15693] CPU: 0 PID: 15693 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3344.870107][T15693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3344.880174][T15693] Call Trace: [ 3344.883466][T15693] [ 3344.886416][T15693] dump_stack_lvl+0xcd/0x134 [ 3344.891046][T15693] dump_header+0x10b/0x7f9 [ 3344.895496][T15693] oom_kill_process.cold+0x10/0x15 [ 3344.900730][T15693] out_of_memory+0x358/0x14a0 [ 3344.905453][T15693] ? find_held_lock+0x2d/0x110 [ 3344.907005][T15670] bond0: (slave bridge4153): Enslaving as an active interface with an up link [ 3344.910224][T15693] ? oom_killer_disable+0x270/0x270 03:16:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000ffffffe4000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3344.910261][T15693] ? find_held_lock+0x2d/0x110 [ 3344.910292][T15693] mem_cgroup_out_of_memory+0x206/0x270 [ 3344.910321][T15693] ? mem_cgroup_margin+0x130/0x130 [ 3344.939757][T15693] ? lock_downgrade+0x6e0/0x6e0 [ 3344.944661][T15693] try_charge_memcg+0xf67/0x13f0 [ 3344.949640][T15693] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3344.955661][T15693] ? lock_downgrade+0x6e0/0x6e0 [ 3344.960567][T15693] charge_memcg+0x31/0x320 [ 3344.965023][T15693] __mem_cgroup_charge+0x27/0x90 [ 3344.969988][T15693] ? _compound_head+0x5d/0x150 [ 3344.974768][T15693] wp_page_copy+0x27c/0x1b60 [ 3344.979380][T15693] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3344.984846][T15693] ? lock_downgrade+0x6e0/0x6e0 [ 3344.989707][T15693] ? vm_normal_page+0x146/0x2a0 [ 3344.994577][T15693] do_wp_page+0x1d1/0x1910 [ 3344.999006][T15693] __handle_mm_fault+0x1813/0x39b0 [ 3345.004134][T15693] ? vm_iomap_memory+0x190/0x190 [ 3345.009104][T15693] handle_mm_fault+0x1c8/0x780 [ 3345.013882][T15693] do_user_addr_fault+0x475/0x1210 [ 3345.019016][T15693] exc_page_fault+0x94/0x170 [ 3345.023632][T15693] asm_exc_page_fault+0x22/0x30 [ 3345.028488][T15693] RIP: 0033:0x7f98a34374b0 [ 3345.032908][T15693] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3345.052527][T15693] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3345.058614][T15693] RAX: 00000000bd27bad8 RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3345.066589][T15693] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 0000000008ec0c76 [ 3345.074564][T15693] RBP: 00000000bd27bad8 R08: 0000000000001ad8 R09: 00000000bd27badc [ 3345.082537][T15693] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3345.090515][T15693] R13: 0000000000000001 R14: 0000000000000003 R15: ffffffff81a3270f [ 3345.098491][T15693] ? trace_user_exit.constprop.0+0x13f/0x210 [ 3345.104504][T15693] [ 3345.112254][T15675] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3345.124652][T15693] memory: usage 307188kB, limit 307200kB, failcnt 30448 [ 3345.138944][T15693] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3345.152069][T15693] Memory cgroup stats for /syz0: [ 3345.152307][T15693] anon 106496 [ 3345.152307][T15693] file 319488 [ 3345.152307][T15693] kernel 314134528 [ 3345.152307][T15693] kernel_stack 65536 [ 3345.152307][T15693] pagetables 73728 [ 3345.152307][T15693] percpu 5425088 [ 3345.152307][T15693] sock 0 [ 3345.152307][T15693] vmalloc 0 [ 3345.152307][T15693] shmem 319488 [ 3345.152307][T15693] zswap 0 [ 3345.152307][T15693] zswapped 0 [ 3345.152307][T15693] file_mapped 303104 [ 3345.152307][T15693] file_dirty 0 [ 3345.152307][T15693] file_writeback 0 [ 3345.152307][T15693] swapcached 0 [ 3345.152307][T15693] anon_thp 0 [ 3345.152307][T15693] file_thp 0 [ 3345.152307][T15693] shmem_thp 0 [ 3345.152307][T15693] inactive_anon 110592 [ 3345.152307][T15693] active_anon 315392 [ 3345.152307][T15693] inactive_file 0 [ 3345.152307][T15693] active_file 0 [ 3345.152307][T15693] unevictable 0 [ 3345.152307][T15693] slab_reclaimable 224128 [ 3345.152307][T15693] slab_unreclaimable 308301352 [ 3345.152307][T15693] slab 308525480 [ 3345.167544][T15677] bridge2558: port 1(bridge_slave_1) entered disabled state 03:16:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:16:06 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000100c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3345.268093][T15693] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15693,uid=0 [ 3345.275332][T15677] bridge2559: port 1(bridge_slave_1) entered blocking state [ 3345.283827][T15693] Memory cgroup out of memory: Killed process 15693 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3345.291927][T15677] bridge2559: port 1(bridge_slave_1) entered disabled state [ 3345.384653][T15699] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3345.396351][T15699] CPU: 1 PID: 15699 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3345.406551][T15699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3345.416634][T15699] Call Trace: [ 3345.419941][T15699] [ 3345.422897][T15699] dump_stack_lvl+0xcd/0x134 [ 3345.427518][T15699] dump_header+0x10b/0x7f9 [ 3345.431977][T15699] oom_kill_process.cold+0x10/0x15 [ 3345.437140][T15699] out_of_memory+0x358/0x14a0 [ 3345.441863][T15699] ? find_held_lock+0x2d/0x110 [ 3345.442870][T15680] bond0: (slave bridge2559): Enslaving as an active interface with an up link [ 3345.446638][T15699] ? oom_killer_disable+0x270/0x270 [ 3345.446678][T15699] ? find_held_lock+0x2d/0x110 [ 3345.446713][T15699] mem_cgroup_out_of_memory+0x206/0x270 [ 3345.471090][T15699] ? mem_cgroup_margin+0x130/0x130 [ 3345.476237][T15699] ? lock_downgrade+0x6e0/0x6e0 03:16:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000f0000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3345.481130][T15699] try_charge_memcg+0xf67/0x13f0 [ 3345.486106][T15699] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3345.492134][T15699] ? lock_downgrade+0x6e0/0x6e0 [ 3345.497039][T15699] charge_memcg+0x31/0x320 [ 3345.501497][T15699] __mem_cgroup_charge+0x27/0x90 [ 3345.506470][T15699] ? _compound_head+0x5d/0x150 [ 3345.511273][T15699] wp_page_copy+0x27c/0x1b60 [ 3345.515892][T15699] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3345.521372][T15699] ? lock_downgrade+0x6e0/0x6e0 [ 3345.526251][T15699] ? vm_normal_page+0x146/0x2a0 [ 3345.531143][T15699] do_wp_page+0x52c/0x1910 [ 3345.535617][T15699] __handle_mm_fault+0x1813/0x39b0 [ 3345.540775][T15699] ? vm_iomap_memory+0x190/0x190 [ 3345.545778][T15699] handle_mm_fault+0x1c8/0x780 [ 3345.550595][T15699] do_user_addr_fault+0x475/0x1210 [ 3345.555768][T15699] exc_page_fault+0x94/0x170 [ 3345.560400][T15699] asm_exc_page_fault+0x22/0x30 [ 3345.565287][T15699] RIP: 0033:0x7f98a3434e1e [ 3345.569729][T15699] Code: 4c 24 54 89 78 2c 48 8b 3c 24 89 48 78 0f b6 4c 24 53 c6 40 20 01 88 4c 3a 04 8b 7c 24 4c 4c 89 35 57 71 16 00 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08 [ 3345.582698][T15684] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3345.589345][T15699] RSP: 002b:00007ffe69a68b80 EFLAGS: 00010246 [ 3345.589374][T15699] RAX: 00007f98a359bf80 RBX: 00007f98a359bf8c RCX: 0000000000000000 [ 3345.589390][T15699] RDX: 0000000000000000 RSI: 00007f98a359bf88 RDI: 0000000000000000 [ 3345.589405][T15699] RBP: 00007f98a359bf80 R08: 00007f98a4666700 R09: 00007f98a4666700 [ 3345.589421][T15699] R10: 00007f98a46669d0 R11: 0000000000000206 R12: 00007f98a359bf8c [ 3345.589436][T15699] R13: 00007f98a35a0060 R14: 00007f98a359bf80 R15: 0000000000000000 [ 3345.589473][T15699] [ 3345.664216][T15699] memory: usage 307156kB, limit 307200kB, failcnt 30473 [ 3345.673344][T15699] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3345.676577][T15685] bridge1304: port 1(bridge_slave_1) entered disabled state [ 3345.687733][T15699] Memory cgroup stats for /syz0: [ 3345.688106][T15699] anon 81920 [ 3345.688106][T15699] file 319488 [ 3345.688106][T15699] kernel 314126336 [ 3345.688106][T15699] kernel_stack 65536 [ 3345.688106][T15699] pagetables 69632 [ 3345.688106][T15699] percpu 5425088 [ 3345.688106][T15699] sock 0 [ 3345.688106][T15699] vmalloc 0 [ 3345.688106][T15699] shmem 319488 [ 3345.688106][T15699] zswap 0 [ 3345.688106][T15699] zswapped 0 [ 3345.688106][T15699] file_mapped 303104 [ 3345.688106][T15699] file_dirty 0 [ 3345.688106][T15699] file_writeback 0 [ 3345.688106][T15699] swapcached 0 [ 3345.688106][T15699] anon_thp 0 [ 3345.688106][T15699] file_thp 0 [ 3345.688106][T15699] shmem_thp 0 [ 3345.688106][T15699] inactive_anon 86016 [ 3345.688106][T15699] active_anon 315392 [ 3345.688106][T15699] inactive_file 0 [ 3345.688106][T15699] active_file 0 [ 3345.688106][T15699] unevictable 0 [ 3345.688106][T15699] slab_reclaimable 222200 [ 3345.688106][T15699] slab_unreclaimable 308300704 [ 3345.688106][T15699] slab 308522904 [ 3345.787883][T15699] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15699,uid=0 [ 3345.797363][T15685] bridge1305: port 1(bridge_slave_1) entered blocking state [ 3345.812670][T15685] bridge1305: port 1(bridge_slave_1) entered disabled state [ 3345.814037][T15699] Memory cgroup out of memory: Killed process 15699 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 03:16:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3345.857054][T15702] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3345.881060][T15702] CPU: 0 PID: 15702 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3345.891348][T15702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3345.894721][T15687] bond0: (slave bridge1305): Enslaving as an active interface with an up link [ 3345.901397][T15702] Call Trace: [ 3345.901408][T15702] [ 3345.901419][T15702] dump_stack_lvl+0xcd/0x134 [ 3345.901453][T15702] dump_header+0x10b/0x7f9 [ 3345.925544][T15702] oom_kill_process.cold+0x10/0x15 [ 3345.930698][T15702] out_of_memory+0x358/0x14a0 [ 3345.935411][T15702] ? find_held_lock+0x2d/0x110 [ 3345.940197][T15702] ? oom_killer_disable+0x270/0x270 [ 3345.945418][T15702] ? find_held_lock+0x2d/0x110 [ 3345.950196][T15702] mem_cgroup_out_of_memory+0x206/0x270 [ 3345.955752][T15702] ? mem_cgroup_margin+0x130/0x130 [ 3345.960876][T15702] ? lock_downgrade+0x6e0/0x6e0 [ 3345.965752][T15702] try_charge_memcg+0xf67/0x13f0 [ 3345.970705][T15702] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3345.976707][T15702] ? lock_downgrade+0x6e0/0x6e0 [ 3345.981596][T15702] charge_memcg+0x31/0x320 [ 3345.986025][T15702] __mem_cgroup_charge+0x27/0x90 [ 3345.990972][T15702] ? _compound_head+0x5d/0x150 [ 3345.995753][T15702] wp_page_copy+0x27c/0x1b60 [ 3346.000380][T15702] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3346.005846][T15702] ? lock_downgrade+0x6e0/0x6e0 [ 3346.010706][T15702] ? vm_normal_page+0x146/0x2a0 [ 3346.015678][T15702] do_wp_page+0x1d1/0x1910 [ 3346.020125][T15702] __handle_mm_fault+0x1813/0x39b0 [ 3346.025263][T15702] ? vm_iomap_memory+0x190/0x190 [ 3346.030237][T15702] handle_mm_fault+0x1c8/0x780 [ 3346.035029][T15702] do_user_addr_fault+0x475/0x1210 [ 3346.040172][T15702] exc_page_fault+0x94/0x170 [ 3346.044778][T15702] asm_exc_page_fault+0x22/0x30 [ 3346.049635][T15702] RIP: 0033:0x7ff38a4374b0 [ 3346.054058][T15702] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3346.073761][T15702] RSP: 002b:00007ffe54c81760 EFLAGS: 00010246 [ 3346.079835][T15702] RAX: 000000002feed7de RBX: 00007ff38a59c0e8 RCX: 0000001b2ee20000 [ 3346.087828][T15702] RDX: 0000000000000000 RSI: 0000001b2ee20018 RDI: 000000000a19aef0 [ 3346.095804][T15702] RBP: 000000002feed7de R08: 00000000000017de R09: 000000002feed7e2 03:16:07 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000f0000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3346.103778][T15702] R10: 00007ffe54c81930 R11: 0000000000000246 R12: 00007ff38a590000 [ 3346.111758][T15702] R13: 0000000000000001 R14: 000000000000000e R15: ffffffff83bb623b [ 3346.119734][T15702] ? security_socket_create+0x3b/0xc0 [ 3346.125136][T15702] [ 3346.135334][T15702] memory: usage 307200kB, limit 307200kB, failcnt 6521 [ 3346.164291][T15702] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3346.177713][T15702] Memory cgroup stats for /syz2: [ 3346.177889][T15702] anon 131072 [ 3346.177889][T15702] file 360448 [ 3346.177889][T15702] kernel 314081280 [ 3346.177889][T15702] kernel_stack 98304 [ 3346.177889][T15702] pagetables 73728 [ 3346.177889][T15702] percpu 5433376 [ 3346.177889][T15702] sock 0 [ 3346.177889][T15702] vmalloc 0 [ 3346.177889][T15702] shmem 356352 [ 3346.177889][T15702] zswap 0 [ 3346.177889][T15702] zswapped 0 [ 3346.177889][T15702] file_mapped 356352 [ 3346.177889][T15702] file_dirty 4096 [ 3346.177889][T15702] file_writeback 0 [ 3346.177889][T15702] swapcached 0 [ 3346.177889][T15702] anon_thp 0 [ 3346.177889][T15702] file_thp 0 [ 3346.177889][T15702] shmem_thp 0 [ 3346.177889][T15702] inactive_anon 188416 [ 3346.177889][T15702] active_anon 299008 [ 3346.177889][T15702] inactive_file 4096 [ 3346.177889][T15702] active_file 0 [ 3346.177889][T15702] unevictable 0 [ 3346.177889][T15702] slab_reclaimable 56928 [ 3346.177889][T15702] slab_unreclaimable 308386864 [ 3346.177889][T15702] slab 308443792 [ 3346.275145][T15702] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15702,uid=0 [ 3346.291302][T15702] Memory cgroup out of memory: Killed process 15702 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 03:16:07 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000180c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3346.308825][T15691] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3346.350071][T15710] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3346.384102][T15710] CPU: 1 PID: 15710 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3346.394303][T15710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3346.397593][T15692] bridge3204: port 1(bridge_slave_1) entered blocking state [ 3346.404363][T15710] Call Trace: [ 3346.404376][T15710] [ 3346.417885][T15710] dump_stack_lvl+0xcd/0x134 [ 3346.421379][T15692] bridge3204: port 1(bridge_slave_1) entered disabled state [ 3346.422494][T15710] dump_header+0x10b/0x7f9 [ 3346.434204][T15710] oom_kill_process.cold+0x10/0x15 [ 3346.439358][T15710] out_of_memory+0x358/0x14a0 [ 3346.444074][T15710] ? find_held_lock+0x2d/0x110 [ 3346.448865][T15710] ? oom_killer_disable+0x270/0x270 [ 3346.454152][T15710] ? find_held_lock+0x2d/0x110 [ 3346.459008][T15710] mem_cgroup_out_of_memory+0x206/0x270 [ 3346.464576][T15710] ? mem_cgroup_margin+0x130/0x130 [ 3346.469722][T15710] ? lock_downgrade+0x6e0/0x6e0 [ 3346.474631][T15710] try_charge_memcg+0xf67/0x13f0 [ 3346.479617][T15710] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3346.485646][T15710] ? lock_downgrade+0x6e0/0x6e0 [ 3346.490551][T15710] charge_memcg+0x31/0x320 [ 3346.495009][T15710] __mem_cgroup_charge+0x27/0x90 [ 3346.499145][T15697] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3346.499964][T15710] ? _compound_head+0x5d/0x150 [ 3346.514053][T15710] wp_page_copy+0x27c/0x1b60 [ 3346.518713][T15710] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3346.524209][T15710] ? lock_downgrade+0x6e0/0x6e0 [ 3346.529081][T15710] ? vm_normal_page+0x146/0x2a0 [ 3346.533957][T15710] do_wp_page+0x1d1/0x1910 [ 3346.538401][T15710] __handle_mm_fault+0x1813/0x39b0 [ 3346.543576][T15710] ? vm_iomap_memory+0x190/0x190 [ 3346.548607][T15710] handle_mm_fault+0x1c8/0x780 [ 3346.553401][T15710] do_user_addr_fault+0x475/0x1210 [ 3346.558717][T15710] exc_page_fault+0x94/0x170 [ 3346.563333][T15710] asm_exc_page_fault+0x22/0x30 [ 3346.568204][T15710] RIP: 0033:0x7f98a34374b0 [ 3346.572625][T15710] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3346.582897][T15698] bridge4153: port 1(bridge_slave_1) entered disabled state [ 3346.592229][T15710] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3346.592257][T15710] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3346.592273][T15710] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d [ 3346.592288][T15710] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3346.592304][T15710] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3346.592321][T15710] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3346.645492][T15710] ? __x64_sys_socket+0xd/0xb0 03:16:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000000000000000b8d0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3346.650382][T15710] [ 3346.686415][T15710] memory: usage 307200kB, limit 307200kB, failcnt 30587 [ 3346.700372][T15698] bridge4154: port 1(bridge_slave_1) entered blocking state [ 3346.700579][T15710] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3346.716262][T15710] Memory cgroup stats for /syz0: [ 3346.716486][T15710] anon 118784 [ 3346.716486][T15710] file 319488 [ 3346.716486][T15710] kernel 314134528 [ 3346.716486][T15710] kernel_stack 65536 [ 3346.716486][T15710] pagetables 73728 [ 3346.716486][T15710] percpu 5425088 [ 3346.716486][T15710] sock 0 [ 3346.716486][T15710] vmalloc 0 [ 3346.716486][T15710] shmem 319488 [ 3346.716486][T15710] zswap 0 [ 3346.716486][T15710] zswapped 0 [ 3346.716486][T15710] file_mapped 303104 [ 3346.716486][T15710] file_dirty 0 [ 3346.716486][T15710] file_writeback 0 [ 3346.716486][T15710] swapcached 0 [ 3346.716486][T15710] anon_thp 0 [ 3346.716486][T15710] file_thp 0 [ 3346.716486][T15710] shmem_thp 0 [ 3346.716486][T15710] inactive_anon 122880 [ 3346.716486][T15710] active_anon 315392 [ 3346.716486][T15710] inactive_file 0 [ 3346.716486][T15710] active_file 0 [ 3346.716486][T15710] unevictable 0 [ 3346.716486][T15710] slab_reclaimable 224128 [ 3346.716486][T15710] slab_unreclaimable 308301352 [ 3346.716486][T15710] slab 308525480 [ 3346.718417][T15698] bridge4154: port 1(bridge_slave_1) entered disabled state [ 3346.721828][T15710] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15710,uid=0 [ 3346.836995][T15710] Memory cgroup out of memory: Killed process 15710 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3346.856120][T15716] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3346.873281][T15716] CPU: 1 PID: 15716 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3346.883745][T15716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3346.893822][T15716] Call Trace: [ 3346.897109][T15716] [ 3346.900050][T15716] dump_stack_lvl+0xcd/0x134 [ 3346.904669][T15716] dump_header+0x10b/0x7f9 [ 3346.909110][T15716] oom_kill_process.cold+0x10/0x15 [ 3346.911866][T15701] bridge4154: port 1(bridge_slave_1) entered blocking state [ 3346.914248][T15716] out_of_memory+0x358/0x14a0 [ 3346.921656][T15701] bridge4154: port 1(bridge_slave_1) entered forwarding state [ 3346.926192][T15716] ? oom_killer_disable+0x270/0x270 [ 3346.938862][T15716] ? find_held_lock+0x2d/0x110 [ 3346.943664][T15716] mem_cgroup_out_of_memory+0x206/0x270 [ 3346.949242][T15716] ? mem_cgroup_margin+0x130/0x130 [ 3346.954385][T15716] ? lock_downgrade+0x6e0/0x6e0 [ 3346.959271][T15716] try_charge_memcg+0xf67/0x13f0 [ 3346.964256][T15716] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3346.970255][T15716] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3346.975998][T15716] ? lock_downgrade+0x6e0/0x6e0 [ 3346.980870][T15716] ? lock_downgrade+0x6e0/0x6e0 [ 3346.985756][T15716] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3346.991344][T15716] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3346.997547][T15716] copy_process+0x145a/0x7090 [ 3347.002252][T15716] ? __lock_acquire+0xbc3/0x56d0 [ 3347.007225][T15716] ? __cleanup_sighand+0xb0/0xb0 [ 3347.012198][T15716] kernel_clone+0xe7/0xab0 [ 3347.016812][T15716] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3347.022818][T15716] ? create_io_thread+0xe0/0xe0 [ 3347.027781][T15716] ? find_held_lock+0x2d/0x110 [ 3347.032576][T15716] ? __ct_user_exit+0xff/0x150 [ 3347.037357][T15716] __do_sys_clone+0xba/0x100 [ 3347.041962][T15716] ? kernel_clone+0xab0/0xab0 [ 3347.046665][T15716] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3347.052569][T15716] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3347.058482][T15716] do_syscall_64+0x35/0xb0 [ 3347.062914][T15716] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3347.068819][T15716] RIP: 0033:0x7ff38a48a6a1 [ 3347.073254][T15716] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3347.092891][T15716] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3347.101312][T15716] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3347.109287][T15716] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3347.117264][T15716] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3347.125255][T15716] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce 03:16:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3347.133237][T15716] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3347.141234][T15716] [ 3347.177430][T15716] memory: usage 307200kB, limit 307200kB, failcnt 6567 [ 3347.184342][T15716] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3347.198190][T15701] bond0: (slave bridge4154): Enslaving as an active interface with an up link [ 3347.207866][T15707] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 03:16:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000000003ea000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3347.246301][T15716] Memory cgroup stats for /syz2: [ 3347.246501][T15716] anon 147456 [ 3347.246501][T15716] file 360448 [ 3347.246501][T15716] kernel 314064896 [ 3347.246501][T15716] kernel_stack 65536 [ 3347.246501][T15716] pagetables 81920 [ 3347.246501][T15716] percpu 5433376 [ 3347.246501][T15716] sock 0 [ 3347.246501][T15716] vmalloc 0 [ 3347.246501][T15716] shmem 356352 [ 3347.246501][T15716] zswap 0 [ 3347.246501][T15716] zswapped 0 [ 3347.246501][T15716] file_mapped 356352 [ 3347.246501][T15716] file_dirty 4096 [ 3347.246501][T15716] file_writeback 0 [ 3347.246501][T15716] swapcached 0 [ 3347.246501][T15716] anon_thp 0 [ 3347.246501][T15716] file_thp 0 [ 3347.246501][T15716] shmem_thp 0 [ 3347.246501][T15716] inactive_anon 204800 [ 3347.246501][T15716] active_anon 299008 [ 3347.246501][T15716] inactive_file 0 [ 3347.246501][T15716] active_file 4096 [ 3347.246501][T15716] unevictable 0 [ 3347.246501][T15716] slab_reclaimable 58856 [ 3347.246501][T15716] slab_unreclaimable 308387568 [ 3347.246501][T15716] slab 308446424 [ 3347.374715][T15708] bridge2559: port 1(bridge_slave_1) entered disabled state [ 3347.384108][T15716] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15716,uid=0 [ 3347.400469][T15716] Memory cgroup out of memory: Killed process 15716 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3347.418386][T15723] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3347.423885][T15708] bridge2560: port 1(bridge_slave_1) entered blocking state [ 3347.435539][T15723] CPU: 0 PID: 15723 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3347.446701][T15723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3347.447604][T15708] bridge2560: port 1(bridge_slave_1) entered disabled state [ 3347.456754][T15723] Call Trace: [ 3347.456764][T15723] [ 3347.456773][T15723] dump_stack_lvl+0xcd/0x134 [ 3347.474868][T15723] dump_header+0x10b/0x7f9 [ 3347.479309][T15723] oom_kill_process.cold+0x10/0x15 [ 3347.484469][T15723] out_of_memory+0x358/0x14a0 [ 3347.489195][T15723] ? oom_killer_disable+0x270/0x270 [ 3347.494430][T15723] ? find_held_lock+0x2d/0x110 [ 3347.499226][T15723] mem_cgroup_out_of_memory+0x206/0x270 [ 3347.504798][T15723] ? mem_cgroup_margin+0x130/0x130 [ 3347.509922][T15723] ? lock_downgrade+0x6e0/0x6e0 [ 3347.514800][T15723] try_charge_memcg+0xf67/0x13f0 [ 3347.519758][T15723] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3347.525767][T15723] ? lock_downgrade+0x6e0/0x6e0 [ 3347.530539][T15709] bond0: (slave bridge2560): Enslaving as an active interface with an up link [ 3347.530638][T15723] charge_memcg+0x31/0x320 [ 3347.543901][T15723] __mem_cgroup_charge+0x27/0x90 [ 3347.548865][T15723] ? _compound_head+0x5d/0x150 [ 3347.553299][T15714] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3347.553645][T15723] wp_page_copy+0x27c/0x1b60 [ 3347.567536][T15723] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3347.573036][T15723] ? lock_downgrade+0x6e0/0x6e0 [ 3347.577915][T15723] ? vm_normal_page+0x146/0x2a0 [ 3347.582814][T15723] do_wp_page+0x1d1/0x1910 [ 3347.587262][T15723] __handle_mm_fault+0x1813/0x39b0 [ 3347.592400][T15723] ? vm_iomap_memory+0x190/0x190 [ 3347.597413][T15723] handle_mm_fault+0x1c8/0x780 [ 3347.602205][T15723] do_user_addr_fault+0x475/0x1210 [ 3347.607362][T15723] exc_page_fault+0x94/0x170 [ 3347.611987][T15723] asm_exc_page_fault+0x22/0x30 [ 3347.612064][T15715] bridge1305: port 1(bridge_slave_1) entered disabled state [ 3347.616842][T15723] RIP: 0033:0x7f98a34374b0 [ 3347.616870][T15723] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48 [ 3347.616894][T15723] RSP: 002b:00007ffe69a68a90 EFLAGS: 00010246 [ 3347.654352][T15723] RAX: 00000000098f1ddc RBX: 00007f98a359c018 RCX: 0000001b2ec20000 [ 3347.662317][T15723] RDX: 0000000000000000 RSI: 0000001b2ec20018 RDI: 000000000d570f0d 03:16:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000f0000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3347.670290][T15723] RBP: 00000000098f1ddc R08: 0000000000001ddc R09: 00000000098f1de0 [ 3347.678442][T15723] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 00007f98a3590000 [ 3347.686428][T15723] R13: 0000000000000001 R14: 0000000000000006 R15: ffffffff874bbdbd [ 3347.694409][T15723] ? __x64_sys_socket+0xd/0xb0 [ 3347.699207][T15723] [ 3347.715321][T15715] bridge1306: port 1(bridge_slave_1) entered blocking state [ 3347.719088][T15723] memory: usage 307184kB, limit 307200kB, failcnt 30681 [ 3347.736498][T15715] bridge1306: port 1(bridge_slave_1) entered disabled state [ 3347.740898][T15723] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3347.751746][T15723] Memory cgroup stats for /syz0: [ 3347.752449][T15723] anon 118784 [ 3347.752449][T15723] file 319488 [ 3347.752449][T15723] kernel 314118144 [ 3347.752449][T15723] kernel_stack 65536 [ 3347.752449][T15723] pagetables 73728 [ 3347.752449][T15723] percpu 5425088 [ 3347.752449][T15723] sock 0 [ 3347.752449][T15723] vmalloc 0 [ 3347.752449][T15723] shmem 319488 [ 3347.752449][T15723] zswap 0 [ 3347.752449][T15723] zswapped 0 [ 3347.752449][T15723] file_mapped 303104 [ 3347.752449][T15723] file_dirty 0 [ 3347.752449][T15723] file_writeback 0 [ 3347.752449][T15723] swapcached 0 [ 3347.752449][T15723] anon_thp 0 [ 3347.752449][T15723] file_thp 0 [ 3347.752449][T15723] shmem_thp 0 [ 3347.752449][T15723] inactive_anon 122880 [ 3347.752449][T15723] active_anon 315392 03:16:09 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000ffffa8880000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:16:09 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000200c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3347.752449][T15723] inactive_file 0 [ 3347.752449][T15723] active_file 0 [ 3347.752449][T15723] unevictable 0 [ 3347.752449][T15723] slab_reclaimable 224128 [ 3347.752449][T15723] slab_unreclaimable 308289952 [ 3347.752449][T15723] slab 308514080 [ 3347.812790][T15718] bond0: (slave bridge1306): Enslaving as an active interface with an up link [ 3347.856800][T15723] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15723,uid=0 03:16:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3347.911637][T15723] Memory cgroup out of memory: Killed process 15723 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 [ 3347.932628][T15721] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3348.006468][T15722] bridge3204: port 1(bridge_slave_1) entered disabled state [ 3348.023607][T15722] bridge3205: port 1(bridge_slave_1) entered blocking state [ 3348.049203][T15722] bridge3205: port 1(bridge_slave_1) entered disabled state [ 3348.063029][T15736] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3348.072619][T15727] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3348.086597][T15736] CPU: 0 PID: 15736 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3348.096797][T15736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3348.106877][T15736] Call Trace: [ 3348.110176][T15736] [ 3348.113122][T15736] dump_stack_lvl+0xcd/0x134 [ 3348.117743][T15736] dump_header+0x10b/0x7f9 [ 3348.122184][T15736] oom_kill_process.cold+0x10/0x15 [ 3348.127318][T15736] out_of_memory+0x358/0x14a0 [ 3348.132026][T15736] ? find_held_lock+0x2d/0x110 [ 3348.136801][T15736] ? oom_killer_disable+0x270/0x270 [ 3348.142013][T15736] ? find_held_lock+0x2d/0x110 [ 3348.146785][T15736] mem_cgroup_out_of_memory+0x206/0x270 [ 3348.152343][T15736] ? mem_cgroup_margin+0x130/0x130 [ 3348.157458][T15736] ? lock_downgrade+0x6e0/0x6e0 [ 3348.162330][T15736] try_charge_memcg+0xf67/0x13f0 [ 3348.167284][T15736] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3348.173272][T15736] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3348.179001][T15736] ? lock_downgrade+0x6e0/0x6e0 [ 3348.183867][T15736] ? lock_downgrade+0x6e0/0x6e0 [ 3348.188727][T15736] ? rcu_read_unlock+0x9/0x60 [ 3348.193430][T15736] obj_cgroup_charge+0x2ab/0x5e0 [ 3348.198380][T15736] ? copy_process+0x4ce/0x7090 [ 3348.203152][T15736] kmem_cache_alloc_node+0x92/0x3f0 [ 3348.208357][T15736] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3348.213589][T15736] copy_process+0x4ce/0x7090 [ 3348.218201][T15736] ? __lock_acquire+0xbc3/0x56d0 [ 3348.223159][T15736] ? __cleanup_sighand+0xb0/0xb0 [ 3348.228296][T15736] kernel_clone+0xe7/0xab0 [ 3348.232736][T15736] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3348.238735][T15736] ? create_io_thread+0xe0/0xe0 [ 3348.243602][T15736] ? find_held_lock+0x2d/0x110 [ 3348.248389][T15736] ? __ct_user_exit+0xff/0x150 [ 3348.253193][T15736] __do_sys_clone+0xba/0x100 [ 3348.257829][T15736] ? kernel_clone+0xab0/0xab0 [ 3348.262549][T15736] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3348.268465][T15736] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3348.274395][T15736] do_syscall_64+0x35/0xb0 [ 3348.278819][T15736] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3348.284728][T15736] RIP: 0033:0x7ff38a48a6a1 [ 3348.289149][T15736] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3348.308855][T15736] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3348.317294][T15736] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3348.325285][T15736] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3348.333263][T15736] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3348.341242][T15736] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce 03:16:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000000000000000b8d0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3348.349226][T15736] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3348.357241][T15736] [ 3348.399036][T15729] bridge4154: port 1(bridge_slave_1) entered disabled state [ 3348.402488][T15736] memory: usage 307188kB, limit 307200kB, failcnt 6640 [ 3348.426045][T15736] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3348.436986][T15736] Memory cgroup stats for /syz2: [ 3348.437184][T15736] anon 147456 [ 3348.437184][T15736] file 360448 [ 3348.437184][T15736] kernel 314048512 [ 3348.437184][T15736] kernel_stack 65536 [ 3348.437184][T15736] pagetables 81920 [ 3348.437184][T15736] percpu 5433376 [ 3348.437184][T15736] sock 0 [ 3348.437184][T15736] vmalloc 0 [ 3348.437184][T15736] shmem 356352 [ 3348.437184][T15736] zswap 0 [ 3348.437184][T15736] zswapped 0 [ 3348.437184][T15736] file_mapped 356352 [ 3348.437184][T15736] file_dirty 4096 [ 3348.437184][T15736] file_writeback 0 [ 3348.437184][T15736] swapcached 0 [ 3348.437184][T15736] anon_thp 0 [ 3348.437184][T15736] file_thp 0 [ 3348.437184][T15736] shmem_thp 0 [ 3348.437184][T15736] inactive_anon 204800 [ 3348.437184][T15736] active_anon 299008 [ 3348.437184][T15736] inactive_file 0 [ 3348.437184][T15736] active_file 4096 [ 3348.437184][T15736] unevictable 0 [ 3348.437184][T15736] slab_reclaimable 58856 [ 3348.437184][T15736] slab_unreclaimable 308380008 [ 3348.437184][T15736] slab 308438864 [ 3348.533758][T15736] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15736,uid=0 [ 3348.550847][T15736] Memory cgroup out of memory: Killed process 15736 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3348.568862][T15740] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3348.569581][T15729] bridge4155: port 1(bridge_slave_1) entered blocking state [ 3348.585910][T15740] CPU: 1 PID: 15740 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3348.596655][T15740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3348.602397][T15729] bridge4155: port 1(bridge_slave_1) entered disabled state [ 3348.606709][T15740] Call Trace: [ 3348.606721][T15740] [ 3348.606733][T15740] dump_stack_lvl+0xcd/0x134 [ 3348.606774][T15740] dump_header+0x10b/0x7f9 [ 3348.629299][T15740] oom_kill_process.cold+0x10/0x15 [ 3348.634453][T15740] out_of_memory+0x358/0x14a0 [ 3348.639185][T15740] ? oom_killer_disable+0x270/0x270 [ 3348.644414][T15740] ? find_held_lock+0x2d/0x110 [ 3348.649200][T15740] mem_cgroup_out_of_memory+0x206/0x270 [ 3348.654770][T15740] ? mem_cgroup_margin+0x130/0x130 [ 3348.659910][T15740] ? lock_downgrade+0x6e0/0x6e0 [ 3348.664818][T15740] try_charge_memcg+0xf67/0x13f0 [ 3348.669784][T15740] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3348.675799][T15740] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3348.681548][T15740] ? lock_downgrade+0x6e0/0x6e0 [ 3348.686456][T15740] obj_cgroup_charge+0x2ab/0x5e0 [ 3348.691429][T15740] ? __anon_vma_prepare+0x60/0x560 [ 3348.696571][T15740] kmem_cache_alloc+0x96/0x3b0 [ 3348.701373][T15740] __anon_vma_prepare+0x60/0x560 [ 3348.706345][T15740] ? __pmd_alloc+0x2ff/0x5c0 [ 3348.710964][T15740] __handle_mm_fault+0x340e/0x39b0 [ 3348.716116][T15740] ? vm_iomap_memory+0x190/0x190 [ 3348.721116][T15740] handle_mm_fault+0x1c8/0x780 [ 3348.725916][T15740] do_user_addr_fault+0x475/0x1210 [ 3348.731078][T15740] exc_page_fault+0x94/0x170 [ 3348.735712][T15740] asm_exc_page_fault+0x22/0x30 [ 3348.740592][T15740] RIP: 0033:0x7f98a3484695 [ 3348.745028][T15740] Code: 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89 [ 3348.764668][T15740] RSP: 002b:00007ffe69a68b78 EFLAGS: 00010202 [ 3348.770744][T15740] RAX: 00000000200005c0 RBX: 0000000000000000 RCX: 0000000000535650 [ 3348.778719][T15740] RDX: 0000000000000005 RSI: 0000000053565049 RDI: 00000000200005c0 [ 3348.786692][T15740] RBP: 00007ffe69a68c38 R08: 00007f98a39a0000 R09: 00007f98a35a00c8 03:16:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000fffffff0000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3348.794668][T15740] R10: 00007ffe69a68c60 R11: 0000000000000246 R12: 000000000033164a [ 3348.802655][T15740] R13: 00007ffe69a68c60 R14: 00007f98a359bf80 R15: 0000000000000032 [ 3348.810662][T15740] [ 3348.816065][T15733] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3348.833048][T15740] memory: usage 307200kB, limit 307200kB, failcnt 30769 [ 3348.850121][T15740] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3348.862790][T15740] Memory cgroup stats for /syz0: [ 3348.862957][T15740] anon 126976 [ 3348.862957][T15740] file 319488 [ 3348.862957][T15740] kernel 314126336 [ 3348.862957][T15740] kernel_stack 65536 [ 3348.862957][T15740] pagetables 81920 [ 3348.862957][T15740] percpu 5425088 [ 3348.862957][T15740] sock 0 [ 3348.862957][T15740] vmalloc 0 [ 3348.862957][T15740] shmem 319488 [ 3348.862957][T15740] zswap 0 [ 3348.862957][T15740] zswapped 0 [ 3348.862957][T15740] file_mapped 303104 [ 3348.862957][T15740] file_dirty 0 [ 3348.862957][T15740] file_writeback 0 [ 3348.862957][T15740] swapcached 0 [ 3348.862957][T15740] anon_thp 0 [ 3348.862957][T15740] file_thp 0 [ 3348.862957][T15740] shmem_thp 0 [ 3348.862957][T15740] inactive_anon 131072 [ 3348.862957][T15740] active_anon 315392 [ 3348.862957][T15740] inactive_file 0 [ 3348.862957][T15740] active_file 0 [ 3348.862957][T15740] unevictable 0 [ 3348.862957][T15740] slab_reclaimable 226056 [ 3348.862957][T15740] slab_unreclaimable 308290600 [ 3348.862957][T15740] slab 308516656 [ 3348.959945][T15734] bridge2560: port 1(bridge_slave_1) entered disabled state [ 3348.968059][T15740] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15740,uid=0 03:16:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3348.998990][T15734] bridge2561: port 1(bridge_slave_1) entered blocking state [ 3349.006641][T15734] bridge2561: port 1(bridge_slave_1) entered disabled state [ 3349.013680][T15740] Memory cgroup out of memory: Killed process 15740 (syz-executor.0) total-vm:54508kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3349.073154][T15753] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3349.075439][T15739] bond0: (slave bridge2561): Enslaving as an active interface with an up link [ 3349.085154][T15753] CPU: 1 PID: 15753 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3349.102340][T15753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3349.112403][T15753] Call Trace: [ 3349.115682][T15753] [ 3349.118638][T15753] dump_stack_lvl+0xcd/0x134 [ 3349.123245][T15753] dump_header+0x10b/0x7f9 [ 3349.127675][T15753] oom_kill_process.cold+0x10/0x15 [ 3349.132799][T15753] out_of_memory+0x358/0x14a0 [ 3349.137490][T15753] ? find_held_lock+0x2d/0x110 [ 3349.142281][T15753] ? oom_killer_disable+0x270/0x270 [ 3349.147502][T15753] ? find_held_lock+0x2d/0x110 [ 3349.152280][T15753] mem_cgroup_out_of_memory+0x206/0x270 [ 3349.157834][T15753] ? mem_cgroup_margin+0x130/0x130 [ 3349.162949][T15753] ? lock_downgrade+0x6e0/0x6e0 [ 3349.167824][T15753] try_charge_memcg+0xf67/0x13f0 [ 3349.172778][T15753] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3349.178773][T15753] ? lock_downgrade+0x6e0/0x6e0 [ 3349.183659][T15753] charge_memcg+0x31/0x320 [ 3349.188087][T15753] __mem_cgroup_charge+0x27/0x90 [ 3349.193033][T15753] ? _compound_head+0x5d/0x150 [ 3349.197807][T15753] wp_page_copy+0x27c/0x1b60 [ 3349.202413][T15753] ? restore_exclusive_pte+0x8b0/0x8b0 [ 3349.207889][T15753] ? lock_downgrade+0x6e0/0x6e0 [ 3349.212770][T15753] ? vm_normal_page+0x146/0x2a0 [ 3349.217661][T15753] do_wp_page+0x52c/0x1910 [ 3349.222094][T15753] __handle_mm_fault+0x1813/0x39b0 [ 3349.227225][T15753] ? vm_iomap_memory+0x190/0x190 [ 3349.232197][T15753] handle_mm_fault+0x1c8/0x780 [ 3349.236971][T15753] do_user_addr_fault+0x475/0x1210 [ 3349.242297][T15753] exc_page_fault+0x94/0x170 [ 3349.246910][T15753] asm_exc_page_fault+0x22/0x30 [ 3349.251938][T15753] RIP: 0033:0x7f98a34380fa [ 3349.256378][T15753] Code: 24 7e 13 00 48 89 05 15 7e 13 00 c7 05 fb 7d 13 00 01 00 00 00 48 c7 05 e8 d2 09 01 00 00 00 00 c7 05 e6 d2 09 01 00 00 00 00 05 44 13 0a 01 00 00 00 00 c3 0f 1f 00 48 8d 7e 58 89 f1 48 8d [ 3349.276095][T15753] RSP: 002b:00007ffe69a68d08 EFLAGS: 00010202 [ 3349.282173][T15753] RAX: 0000555556e356c0 RBX: 0000000000000001 RCX: 00007f98a44d53c0 [ 3349.290149][T15753] RDX: 0000000000000001 RSI: 00007f98a356fef0 RDI: 0000000000000001 [ 3349.298133][T15753] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f98a356fef0 [ 3349.306121][T15753] R10: 0000555556e35400 R11: 0000000000000202 R12: 0000000000000001 [ 3349.314094][T15753] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffe69a68e20 03:16:10 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000280c0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:16:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3349.322091][T15753] [ 3349.342195][T15753] memory: usage 307064kB, limit 307200kB, failcnt 30791 [ 3349.343787][T15741] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3349.421596][T15743] bridge1306: port 1(bridge_slave_1) entered disabled state [ 3349.439016][T15743] bridge1307: port 1(bridge_slave_1) entered blocking state [ 3349.446580][T15743] bridge1307: port 1(bridge_slave_1) entered disabled state [ 3349.462610][T15753] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3349.490884][T15753] Memory cgroup stats for /syz0: [ 3349.491108][T15753] anon 65536 [ 3349.491108][T15753] file 319488 [ 3349.491108][T15753] kernel 314048512 [ 3349.491108][T15753] kernel_stack 32768 [ 3349.491108][T15753] pagetables 57344 [ 3349.491108][T15753] percpu 5425088 [ 3349.491108][T15753] sock 0 [ 3349.491108][T15753] vmalloc 0 [ 3349.491108][T15753] shmem 319488 [ 3349.491108][T15753] zswap 0 [ 3349.491108][T15753] zswapped 0 [ 3349.491108][T15753] file_mapped 303104 [ 3349.491108][T15753] file_dirty 0 03:16:10 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000ffffa8880000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3349.491108][T15753] file_writeback 0 [ 3349.491108][T15753] swapcached 0 [ 3349.491108][T15753] anon_thp 0 [ 3349.491108][T15753] file_thp 0 [ 3349.491108][T15753] shmem_thp 0 [ 3349.491108][T15753] inactive_anon 69632 [ 3349.491108][T15753] active_anon 315392 [ 3349.491108][T15753] inactive_file 0 [ 3349.491108][T15753] active_file 0 [ 3349.491108][T15753] unevictable 0 [ 3349.491108][T15753] slab_reclaimable 218296 [ 3349.491108][T15753] slab_unreclaimable 308280352 [ 3349.491108][T15753] slab 308498648 [ 3349.556150][T15748] bridge3205: port 1(bridge_slave_1) entered disabled state [ 3349.608805][T15753] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3642,uid=0 [ 3349.625524][T15753] Memory cgroup out of memory: Killed process 3642 (syz-executor.0) total-vm:50536kB, anon-rss:384kB, file-rss:9072kB, shmem-rss:4kB, UID:0 pgtables:68kB oom_score_adj:0 [ 3349.648595][T15755] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3349.675678][T15748] bridge3206: port 1(bridge_slave_1) entered blocking state [ 3349.693041][T15755] CPU: 0 PID: 15755 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3349.697339][T15748] bridge3206: port 1(bridge_slave_1) entered disabled state [ 3349.703223][T15755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3349.703241][T15755] Call Trace: [ 3349.703249][T15755] [ 3349.703259][T15755] dump_stack_lvl+0xcd/0x134 [ 3349.731410][T15755] dump_header+0x10b/0x7f9 [ 3349.735869][T15755] oom_kill_process.cold+0x10/0x15 [ 3349.741019][T15755] out_of_memory+0x358/0x14a0 [ 3349.745736][T15755] ? oom_killer_disable+0x270/0x270 [ 3349.750971][T15755] ? find_held_lock+0x2d/0x110 [ 3349.755763][T15755] mem_cgroup_out_of_memory+0x206/0x270 [ 3349.761342][T15755] ? mem_cgroup_margin+0x130/0x130 [ 3349.766480][T15755] ? lock_downgrade+0x6e0/0x6e0 [ 3349.771373][T15755] try_charge_memcg+0xf67/0x13f0 03:16:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000180c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3349.776342][T15755] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3349.777764][T15752] bridge4155: port 1(bridge_slave_1) entered disabled state [ 3349.782347][T15755] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3349.782382][T15755] ? lock_downgrade+0x6e0/0x6e0 [ 3349.782413][T15755] ? lock_downgrade+0x6e0/0x6e0 [ 3349.782451][T15755] __memcg_kmem_charge_page+0x16a/0x3b0 [ 3349.810676][T15755] memcg_charge_kernel_stack.part.0+0x6c/0x150 [ 3349.816875][T15755] copy_process+0x607/0x7090 [ 3349.821508][T15755] ? find_held_lock+0x2d/0x110 [ 3349.826319][T15755] ? __cleanup_sighand+0xb0/0xb0 [ 3349.831293][T15755] kernel_clone+0xe7/0xab0 [ 3349.835711][T15755] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3349.841700][T15755] ? create_io_thread+0xe0/0xe0 [ 3349.846584][T15755] ? find_held_lock+0x2d/0x110 [ 3349.851368][T15755] ? __ct_user_exit+0xff/0x150 [ 3349.856158][T15755] __do_sys_clone+0xba/0x100 [ 3349.860751][T15755] ? kernel_clone+0xab0/0xab0 [ 3349.865447][T15755] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3349.871370][T15755] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3349.877367][T15755] do_syscall_64+0x35/0xb0 [ 3349.881806][T15755] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3349.887711][T15755] RIP: 0033:0x7ff38a48a6a1 [ 3349.892145][T15755] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3349.911769][T15755] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3349.920218][T15755] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3349.928212][T15755] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3349.936208][T15755] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3349.944204][T15755] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3349.952190][T15755] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3349.960193][T15755] [ 3349.969827][T15755] memory: usage 307200kB, limit 307200kB, failcnt 6742 [ 3349.976715][T15755] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3349.983823][T15755] Memory cgroup stats for /syz2: [ 3349.984030][T15755] anon 147456 [ 3349.984030][T15755] file 360448 [ 3349.984030][T15755] kernel 314064896 [ 3349.984030][T15755] kernel_stack 65536 [ 3349.984030][T15755] pagetables 81920 [ 3349.984030][T15755] percpu 5433376 [ 3349.984030][T15755] sock 0 [ 3349.984030][T15755] vmalloc 0 [ 3349.984030][T15755] shmem 356352 [ 3349.984030][T15755] zswap 0 [ 3349.984030][T15755] zswapped 0 [ 3349.984030][T15755] file_mapped 356352 [ 3349.984030][T15755] file_dirty 4096 [ 3349.984030][T15755] file_writeback 0 [ 3349.984030][T15755] swapcached 0 [ 3349.984030][T15755] anon_thp 0 [ 3349.984030][T15755] file_thp 0 [ 3349.984030][T15755] shmem_thp 0 [ 3349.984030][T15755] inactive_anon 204800 [ 3349.984030][T15755] active_anon 299008 [ 3349.984030][T15755] inactive_file 0 [ 3349.984030][T15755] active_file 4096 [ 3349.984030][T15755] unevictable 0 [ 3349.984030][T15755] slab_reclaimable 58856 [ 3349.984030][T15755] slab_unreclaimable 308387568 [ 3349.984030][T15755] slab 308446424 [ 3350.082163][T15755] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15755,uid=0 [ 3350.097837][T15755] Memory cgroup out of memory: Killed process 15755 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3350.106836][T15752] bridge4156: port 1(bridge_slave_1) entered blocking state [ 3350.126340][T15752] bridge4156: port 1(bridge_slave_1) entered disabled state 03:16:11 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000300c0a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:16:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000e14d59f3000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3350.168511][T15759] __nla_validate_parse: 2 callbacks suppressed [ 3350.168531][T15759] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3350.264297][T15760] bridge2561: port 1(bridge_slave_1) entered disabled state [ 3350.286303][T15760] bridge2562: port 1(bridge_slave_1) entered blocking state [ 3350.290351][T15774] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3350.303625][T15760] bridge2562: port 1(bridge_slave_1) entered disabled state [ 3350.305221][T15774] CPU: 1 PID: 15774 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3350.321460][T15774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3350.331542][T15774] Call Trace: [ 3350.334833][T15774] [ 3350.337779][T15774] dump_stack_lvl+0xcd/0x134 [ 3350.342396][T15774] dump_header+0x10b/0x7f9 [ 3350.346828][T15774] oom_kill_process.cold+0x10/0x15 [ 3350.351952][T15774] out_of_memory+0x358/0x14a0 [ 3350.356649][T15774] ? find_held_lock+0x2d/0x110 [ 3350.361427][T15774] ? oom_killer_disable+0x270/0x270 [ 3350.366653][T15774] ? find_held_lock+0x2d/0x110 [ 3350.371439][T15774] mem_cgroup_out_of_memory+0x206/0x270 [ 3350.376994][T15774] ? mem_cgroup_margin+0x130/0x130 [ 3350.382110][T15774] ? lock_downgrade+0x6e0/0x6e0 [ 3350.386985][T15774] try_charge_memcg+0xf67/0x13f0 [ 3350.391940][T15774] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3350.397939][T15774] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3350.403664][T15774] ? lock_downgrade+0x6e0/0x6e0 [ 3350.408612][T15774] ? lock_downgrade+0x6e0/0x6e0 [ 3350.413482][T15774] ? rcu_read_unlock+0x9/0x60 [ 3350.418180][T15774] obj_cgroup_charge+0x2ab/0x5e0 [ 3350.423165][T15774] ? copy_process+0x4ce/0x7090 [ 3350.427967][T15774] kmem_cache_alloc_node+0x92/0x3f0 [ 3350.433230][T15774] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3350.438463][T15774] copy_process+0x4ce/0x7090 [ 3350.443076][T15774] ? __lock_acquire+0xbc3/0x56d0 [ 3350.448037][T15774] ? __cleanup_sighand+0xb0/0xb0 [ 3350.453008][T15774] kernel_clone+0xe7/0xab0 [ 3350.457434][T15774] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3350.463425][T15774] ? create_io_thread+0xe0/0xe0 [ 3350.468290][T15774] ? find_held_lock+0x2d/0x110 [ 3350.473064][T15774] ? __ct_user_exit+0xff/0x150 [ 3350.477839][T15774] __do_sys_clone+0xba/0x100 [ 3350.482439][T15774] ? kernel_clone+0xab0/0xab0 [ 3350.487135][T15774] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3350.493054][T15774] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3350.498974][T15774] do_syscall_64+0x35/0xb0 [ 3350.503400][T15774] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3350.509310][T15774] RIP: 0033:0x7ff38a48a6a1 [ 3350.513729][T15774] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3350.533343][T15774] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3350.541761][T15774] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3350.549737][T15774] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3350.557712][T15774] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3350.565685][T15774] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3350.573743][T15774] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3350.581736][T15774] [ 3350.599877][T15774] memory: usage 307200kB, limit 307200kB, failcnt 6795 [ 3350.600019][T15764] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 03:16:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3350.607008][T15774] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3350.623966][T15774] Memory cgroup stats for /syz2: [ 3350.624190][T15774] anon 147456 [ 3350.624190][T15774] file 360448 [ 3350.624190][T15774] kernel 314056704 [ 3350.624190][T15774] kernel_stack 65536 [ 3350.624190][T15774] pagetables 81920 [ 3350.624190][T15774] percpu 5433376 [ 3350.624190][T15774] sock 0 [ 3350.624190][T15774] vmalloc 0 [ 3350.624190][T15774] shmem 356352 [ 3350.624190][T15774] zswap 0 [ 3350.624190][T15774] zswapped 0 [ 3350.624190][T15774] file_mapped 356352 [ 3350.624190][T15774] file_dirty 4096 [ 3350.624190][T15774] file_writeback 0 [ 3350.624190][T15774] swapcached 0 [ 3350.624190][T15774] anon_thp 0 [ 3350.624190][T15774] file_thp 0 [ 3350.624190][T15774] shmem_thp 0 [ 3350.624190][T15774] inactive_anon 204800 [ 3350.624190][T15774] active_anon 299008 [ 3350.624190][T15774] inactive_file 4096 [ 3350.624190][T15774] active_file 0 [ 3350.624190][T15774] unevictable 0 [ 3350.624190][T15774] slab_reclaimable 58856 [ 3350.624190][T15774] slab_unreclaimable 308382112 [ 3350.624190][T15774] slab 308440968 [ 3350.684959][T15769] bridge1307: port 1(bridge_slave_1) entered disabled state [ 3350.729156][T15774] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15774,uid=0 [ 3350.747121][T15774] Memory cgroup out of memory: Killed process 15774 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:16:12 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000000ffffa8880000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3350.784688][T15770] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 03:16:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040001ca000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3350.843806][T15771] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:16:12 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000380c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3350.904542][T15789] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3350.937995][T15778] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3350.994462][T15779] bridge4156: port 1(bridge_slave_1) entered disabled state [ 3351.017271][T15779] bridge4157: port 1(bridge_slave_1) entered blocking state [ 3351.025249][T15779] bridge4157: port 1(bridge_slave_1) entered disabled state [ 3351.053282][T15783] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3351.089288][T15791] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3351.100151][T15791] CPU: 0 PID: 15791 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3351.110339][T15791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3351.120412][T15791] Call Trace: [ 3351.123700][T15791] [ 3351.123928][T15782] bridge4157: port 1(bridge_slave_1) entered blocking state [ 3351.126625][T15791] dump_stack_lvl+0xcd/0x134 [ 3351.134013][T15782] bridge4157: port 1(bridge_slave_1) entered forwarding state [ 3351.138470][T15791] dump_header+0x10b/0x7f9 [ 3351.138504][T15791] oom_kill_process.cold+0x10/0x15 [ 3351.155521][T15791] out_of_memory+0x358/0x14a0 [ 3351.160240][T15791] ? find_held_lock+0x2d/0x110 [ 3351.165030][T15791] ? oom_killer_disable+0x270/0x270 [ 3351.170257][T15791] ? find_held_lock+0x2d/0x110 [ 3351.175035][T15791] mem_cgroup_out_of_memory+0x206/0x270 [ 3351.180593][T15791] ? mem_cgroup_margin+0x130/0x130 [ 3351.185730][T15791] ? lock_downgrade+0x6e0/0x6e0 [ 3351.190629][T15791] try_charge_memcg+0xf67/0x13f0 [ 3351.195635][T15791] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3351.201643][T15791] ? lock_downgrade+0x6e0/0x6e0 [ 3351.206536][T15791] charge_memcg+0x31/0x320 [ 3351.210985][T15791] __mem_cgroup_charge+0x27/0x90 [ 3351.215948][T15791] ? _compound_head+0x5d/0x150 [ 3351.220744][T15791] __handle_mm_fault+0x17df/0x39b0 [ 3351.224540][T15782] bond0: (slave bridge4157): Enslaving as an active interface with an up link [ 3351.225955][T15791] ? vm_iomap_memory+0x190/0x190 [ 3351.226010][T15791] handle_mm_fault+0x1c8/0x780 [ 3351.235262][T15784] bridge2562: port 1(bridge_slave_1) entered disabled state 03:16:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3351.239846][T15791] do_user_addr_fault+0x475/0x1210 [ 3351.239891][T15791] exc_page_fault+0x94/0x170 [ 3351.261700][T15791] asm_exc_page_fault+0x22/0x30 [ 3351.266587][T15791] RIP: 0033:0x7ff38a43980f [ 3351.271122][T15791] Code: ff ff 4d 89 cd 48 85 c0 74 19 8b 95 44 ff ff ff 48 29 c6 48 01 c7 e8 80 fb 04 00 85 c0 0f 85 0b 03 00 00 48 8b 85 48 ff ff ff <41> c7 45 18 01 00 00 00 4c 89 ef 49 89 85 90 06 00 00 48 8b 85 50 [ 3351.290857][T15791] RSP: 002b:00007ffe54c81770 EFLAGS: 00010246 03:16:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000fffffffc000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3351.296967][T15791] RAX: 00007ff3893de000 RBX: 0000000000021000 RCX: 00007ff38a489387 [ 3351.304970][T15791] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007ff3893df000 [ 3351.312970][T15791] RBP: 00007ffe54c81840 R08: 00000000ffffffff R09: 00007ff3893fe700 [ 3351.320979][T15791] R10: 0000000000020022 R11: 0000000000000206 R12: 00007ffe54c81960 [ 3351.328980][T15791] R13: 00007ff3893fe700 R14: 0000000000000000 R15: 0000000000022000 [ 3351.337174][T15791] [ 3351.377838][T15791] memory: usage 307200kB, limit 307200kB, failcnt 6894 [ 3351.385126][T15791] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3351.387662][T15784] bridge2563: port 1(bridge_slave_1) entered blocking state [ 3351.393334][T15791] Memory cgroup stats for /syz2: [ 3351.401154][T15791] anon 143360 [ 3351.401154][T15791] file 360448 [ 3351.401154][T15791] kernel 314068992 [ 3351.401154][T15791] kernel_stack 65536 [ 3351.401154][T15791] pagetables 81920 [ 3351.401154][T15791] percpu 5433376 [ 3351.401154][T15791] sock 0 [ 3351.401154][T15791] vmalloc 0 [ 3351.401154][T15791] shmem 356352 [ 3351.401154][T15791] zswap 0 [ 3351.401154][T15791] zswapped 0 [ 3351.401154][T15791] file_mapped 356352 [ 3351.401154][T15791] file_dirty 4096 [ 3351.401154][T15791] file_writeback 0 [ 3351.401154][T15791] swapcached 0 [ 3351.401154][T15791] anon_thp 0 [ 3351.401154][T15791] file_thp 0 [ 3351.401154][T15791] shmem_thp 0 [ 3351.401154][T15791] inactive_anon 200704 [ 3351.401154][T15791] active_anon 299008 [ 3351.401154][T15791] inactive_file 4096 [ 3351.401154][T15791] active_file 0 [ 3351.401154][T15791] unevictable 0 [ 3351.401154][T15791] slab_reclaimable 58856 [ 3351.401154][T15791] slab_unreclaimable 308391408 [ 3351.401154][T15791] slab 308450264 [ 3351.418841][T15784] bridge2563: port 1(bridge_slave_1) entered disabled state [ 3351.499995][T15791] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15791,uid=0 [ 3351.535326][T15791] Memory cgroup out of memory: Killed process 15791 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 03:16:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3351.602972][T15790] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 03:16:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3351.699159][T15789] bridge1309: port 1(bridge_slave_1) entered blocking state [ 3351.706525][T15789] bridge1309: port 1(bridge_slave_1) entered disabled state 03:16:13 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040001b6000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3351.781737][T15793] bridge3206: port 1(bridge_slave_1) entered disabled state [ 3351.837172][T15793] bridge3208: port 1(bridge_slave_1) entered blocking state [ 3351.865726][T15793] bridge3208: port 1(bridge_slave_1) entered disabled state 03:16:13 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000400c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3352.025562][T15794] bond0: (slave bridge3208): Enslaving as an active interface with an up link 03:16:13 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040001ca000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3352.075781][T15797] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3352.174285][T15808] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3352.206247][T15808] CPU: 1 PID: 15808 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3352.216454][T15808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3352.226537][T15808] Call Trace: [ 3352.229839][T15808] [ 3352.232790][T15808] dump_stack_lvl+0xcd/0x134 [ 3352.237414][T15808] dump_header+0x10b/0x7f9 [ 3352.241865][T15808] oom_kill_process.cold+0x10/0x15 [ 3352.247012][T15808] out_of_memory+0x358/0x14a0 [ 3352.251730][T15808] ? find_held_lock+0x2d/0x110 [ 3352.256513][T15808] ? oom_killer_disable+0x270/0x270 [ 3352.261749][T15808] ? find_held_lock+0x2d/0x110 [ 3352.266545][T15808] mem_cgroup_out_of_memory+0x206/0x270 [ 3352.272125][T15808] ? mem_cgroup_margin+0x130/0x130 [ 3352.277262][T15808] ? lock_downgrade+0x6e0/0x6e0 [ 3352.282255][T15808] try_charge_memcg+0xf67/0x13f0 [ 3352.287241][T15808] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3352.293257][T15808] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3352.299006][T15808] ? lock_downgrade+0x6e0/0x6e0 [ 3352.303895][T15808] ? lock_downgrade+0x6e0/0x6e0 [ 3352.308774][T15808] ? rcu_read_unlock+0x9/0x60 [ 3352.313510][T15808] obj_cgroup_charge+0x2ab/0x5e0 [ 3352.318497][T15808] ? copy_process+0x4ce/0x7090 [ 3352.323293][T15808] kmem_cache_alloc_node+0x92/0x3f0 [ 3352.328521][T15808] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3352.333761][T15808] copy_process+0x4ce/0x7090 [ 3352.338393][T15808] ? __lock_acquire+0xbc3/0x56d0 [ 3352.343370][T15808] ? __cleanup_sighand+0xb0/0xb0 [ 3352.348365][T15808] kernel_clone+0xe7/0xab0 [ 3352.352813][T15808] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3352.358826][T15808] ? create_io_thread+0xe0/0xe0 [ 3352.363714][T15808] ? find_held_lock+0x2d/0x110 [ 3352.368514][T15808] ? __ct_user_exit+0xff/0x150 [ 3352.373325][T15808] __do_sys_clone+0xba/0x100 [ 3352.377949][T15808] ? kernel_clone+0xab0/0xab0 [ 3352.382670][T15808] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3352.387783][T15798] bridge4157: port 1(bridge_slave_1) entered disabled state [ 3352.388576][T15808] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3352.388620][T15808] do_syscall_64+0x35/0xb0 [ 3352.406216][T15808] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3352.412161][T15808] RIP: 0033:0x7ff38a48a6a1 [ 3352.416611][T15808] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3352.436278][T15808] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3352.444728][T15808] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3352.452726][T15808] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3352.460724][T15808] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3352.468717][T15808] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3352.476717][T15808] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3352.484749][T15808] [ 3352.531327][T15798] bridge4158: port 1(bridge_slave_1) entered blocking state [ 3352.538994][T15808] memory: usage 307200kB, limit 307200kB, failcnt 6988 [ 3352.550409][T15808] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3352.559697][T15798] bridge4158: port 1(bridge_slave_1) entered disabled state [ 3352.583681][T15808] Memory cgroup stats for /syz2: [ 3352.583863][T15808] anon 147456 [ 3352.583863][T15808] file 360448 [ 3352.583863][T15808] kernel 314064896 [ 3352.583863][T15808] kernel_stack 65536 [ 3352.583863][T15808] pagetables 81920 [ 3352.583863][T15808] percpu 5433376 [ 3352.583863][T15808] sock 0 [ 3352.583863][T15808] vmalloc 0 [ 3352.583863][T15808] shmem 356352 [ 3352.583863][T15808] zswap 0 [ 3352.583863][T15808] zswapped 0 [ 3352.583863][T15808] file_mapped 356352 [ 3352.583863][T15808] file_dirty 4096 [ 3352.583863][T15808] file_writeback 0 [ 3352.583863][T15808] swapcached 0 [ 3352.583863][T15808] anon_thp 0 [ 3352.583863][T15808] file_thp 0 [ 3352.583863][T15808] shmem_thp 0 [ 3352.583863][T15808] inactive_anon 204800 [ 3352.583863][T15808] active_anon 299008 [ 3352.583863][T15808] inactive_file 0 [ 3352.583863][T15808] active_file 4096 [ 3352.583863][T15808] unevictable 0 [ 3352.583863][T15808] slab_reclaimable 58856 [ 3352.583863][T15808] slab_unreclaimable 308391408 [ 3352.583863][T15808] slab 308450264 [ 3352.594987][T15799] bridge4158: port 1(bridge_slave_1) entered blocking state [ 3352.685376][T15799] bridge4158: port 1(bridge_slave_1) entered forwarding state [ 3352.781461][T15799] bond0: (slave bridge4158): Enslaving as an active interface with an up link [ 3352.797076][T15802] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3352.863013][T15808] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15808,uid=0 [ 3352.882229][T15803] bridge2563: port 1(bridge_slave_1) entered disabled state [ 3352.899719][T15808] Memory cgroup out of memory: Killed process 15808 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3352.921079][T15803] bridge2564: port 1(bridge_slave_1) entered blocking state [ 3352.930502][T15803] bridge2564: port 1(bridge_slave_1) entered disabled state [ 3353.043028][T15807] bridge1309: port 1(bridge_slave_1) entered disabled state [ 3353.074900][T15807] bridge1310: port 1(bridge_slave_1) entered blocking state 03:16:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040000000000fffffffe000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3353.147743][T15807] bridge1310: port 1(bridge_slave_1) entered disabled state 03:16:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r5], 0x3c}}, 0x0) 03:16:14 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040001b6000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3353.250584][T15809] bond0: (slave bridge1310): Enslaving as an active interface with an up link [ 3353.351061][ T3756] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 03:16:14 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000580c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3353.416536][T15828] bridge1310: port 1(bridge_slave_1) entered disabled state [ 3353.522576][T15831] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3353.533462][T15831] CPU: 1 PID: 15831 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3353.543657][T15831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3353.543955][T15814] bridge3208: port 1(bridge_slave_1) entered disabled state [ 3353.553745][T15831] Call Trace: [ 3353.553759][T15831] [ 3353.553770][T15831] dump_stack_lvl+0xcd/0x134 [ 3353.553806][T15831] dump_header+0x10b/0x7f9 [ 3353.553840][T15831] oom_kill_process.cold+0x10/0x15 [ 3353.581569][T15831] out_of_memory+0x358/0x14a0 [ 3353.586309][T15831] ? find_held_lock+0x2d/0x110 [ 3353.591111][T15831] ? oom_killer_disable+0x270/0x270 [ 3353.596435][T15831] ? find_held_lock+0x2d/0x110 [ 3353.601218][T15831] mem_cgroup_out_of_memory+0x206/0x270 [ 3353.606782][T15831] ? mem_cgroup_margin+0x130/0x130 [ 3353.611936][T15831] ? lock_downgrade+0x6e0/0x6e0 [ 3353.616908][T15831] try_charge_memcg+0xf67/0x13f0 [ 3353.621871][T15831] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3353.627896][T15831] ? lock_downgrade+0x6e0/0x6e0 [ 3353.632777][T15831] charge_memcg+0x31/0x320 [ 3353.637212][T15831] __mem_cgroup_charge+0x27/0x90 [ 3353.642162][T15831] ? _compound_head+0x5d/0x150 [ 3353.646954][T15831] __handle_mm_fault+0x17df/0x39b0 [ 3353.652087][T15831] ? vm_iomap_memory+0x190/0x190 [ 3353.657066][T15831] handle_mm_fault+0x1c8/0x780 [ 3353.661848][T15831] do_user_addr_fault+0x475/0x1210 [ 3353.667017][T15831] exc_page_fault+0x94/0x170 [ 3353.671644][T15831] asm_exc_page_fault+0x22/0x30 [ 3353.676506][T15831] RIP: 0033:0x7ff38a43c011 [ 3353.680932][T15831] Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 [ 3353.700551][T15831] RSP: 002b:00007ff38b504000 EFLAGS: 00010206 [ 3353.706630][T15831] RAX: 0000000000000001 RBX: 00007ff38b5040f0 RCX: 0000000000000000 [ 3353.714611][T15831] RDX: 0000000000000020 RSI: 00007ff38b504140 RDI: 0000000000000004 [ 3353.722676][T15831] RBP: 0000000000000000 R08: 00007ff38b504054 R09: 000000000000000c [ 3353.730665][T15831] R10: 0000000000000000 R11: 00000000200005cf R12: 00007ff38b5040a8 [ 3353.738645][T15831] R13: 00007ff38b504140 R14: 0000000000000004 R15: 0000000000000000 [ 3353.746645][T15831] [ 3353.791535][T15814] bridge3209: port 1(bridge_slave_1) entered blocking state [ 3353.807742][T15831] memory: usage 307188kB, limit 307200kB, failcnt 7050 [ 3353.811361][T15814] bridge3209: port 1(bridge_slave_1) entered disabled state [ 3353.816457][T15831] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3353.842896][T15831] Memory cgroup stats for /syz2: [ 3353.843104][T15831] anon 139264 [ 3353.843104][T15831] file 360448 [ 3353.843104][T15831] kernel 314048512 [ 3353.843104][T15831] kernel_stack 65536 [ 3353.843104][T15831] pagetables 77824 [ 3353.843104][T15831] percpu 5433376 [ 3353.843104][T15831] sock 0 [ 3353.843104][T15831] vmalloc 0 [ 3353.843104][T15831] shmem 356352 [ 3353.843104][T15831] zswap 0 [ 3353.843104][T15831] zswapped 0 [ 3353.843104][T15831] file_mapped 356352 [ 3353.843104][T15831] file_dirty 4096 [ 3353.843104][T15831] file_writeback 0 [ 3353.843104][T15831] swapcached 0 [ 3353.843104][T15831] anon_thp 0 [ 3353.843104][T15831] file_thp 0 [ 3353.843104][T15831] shmem_thp 0 [ 3353.843104][T15831] inactive_anon 196608 [ 3353.843104][T15831] active_anon 299008 [ 3353.843104][T15831] inactive_file 4096 [ 3353.843104][T15831] active_file 0 [ 3353.843104][T15831] unevictable 0 [ 3353.843104][T15831] slab_reclaimable 58856 [ 3353.843104][T15831] slab_unreclaimable 308381184 [ 3353.843104][T15831] slab 308440040 [ 3353.900829][T15815] bond0: (slave bridge3209): Enslaving as an active interface with an up link 03:16:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c000000100001040001ca000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3354.099285][T15824] bridge2564: port 1(bridge_slave_1) entered disabled state [ 3354.106983][T15831] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15829,uid=0 03:16:15 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f310000680c0a00", @ANYRES32=r5], 0x3c}}, 0x0) [ 3354.138763][T15831] Memory cgroup out of memory: Killed process 15829 (syz-executor.2) total-vm:54508kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 3354.140846][T15824] bridge2565: port 1(bridge_slave_1) entered blocking state [ 3354.177688][T15824] bridge2565: port 1(bridge_slave_1) entered disabled state 03:16:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000008c0)={0x0, 0x7, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x5c, 0x30, 0x103, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) [ 3354.216794][T15825] bridge4158: port 1(bridge_slave_1) entered disabled state [ 3354.308866][T15825] bridge4159: port 1(bridge_slave_1) entered blocking state [ 3354.331317][T15825] bridge4159: port 1(bridge_slave_1) entered disabled state [ 3354.389984][T15827] bridge4159: port 1(bridge_slave_1) entered blocking state [ 3354.397458][T15827] bridge4159: port 1(bridge_slave_1) entered forwarding state [ 3354.417621][T15838] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000 [ 3354.446358][T15838] CPU: 1 PID: 15838 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3354.457182][T15838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3354.467261][T15838] Call Trace: [ 3354.470557][T15838] [ 3354.473517][T15838] dump_stack_lvl+0xcd/0x134 [ 3354.478159][T15838] dump_header+0x10b/0x7f9 [ 3354.482616][T15838] oom_kill_process.cold+0x10/0x15 [ 3354.487763][T15838] out_of_memory+0x358/0x14a0 [ 3354.492481][T15838] ? find_held_lock+0x2d/0x110 [ 3354.497276][T15838] ? oom_killer_disable+0x270/0x270 [ 3354.502517][T15838] ? find_held_lock+0x2d/0x110 [ 3354.507321][T15838] mem_cgroup_out_of_memory+0x206/0x270 [ 3354.512901][T15838] ? mem_cgroup_margin+0x130/0x130 [ 3354.518042][T15838] ? lock_downgrade+0x6e0/0x6e0 [ 3354.522945][T15838] try_charge_memcg+0xf67/0x13f0 [ 3354.527929][T15838] ? mem_cgroup_handle_over_high+0x510/0x510 [ 3354.533945][T15838] ? get_mem_cgroup_from_objcg+0xa1/0x260 [ 3354.539742][T15838] ? lock_downgrade+0x6e0/0x6e0 [ 3354.544613][T15838] ? lock_downgrade+0x6e0/0x6e0 [ 3354.549473][T15838] ? rcu_read_unlock+0x9/0x60 [ 3354.554437][T15838] obj_cgroup_charge+0x2ab/0x5e0 [ 3354.559392][T15838] ? copy_process+0x4ce/0x7090 [ 3354.564169][T15838] kmem_cache_alloc_node+0x92/0x3f0 [ 3354.569378][T15838] ? _raw_spin_unlock_irq+0x1f/0x40 [ 3354.574769][T15838] copy_process+0x4ce/0x7090 [ 3354.579376][T15838] ? __lock_acquire+0xbc3/0x56d0 [ 3354.584338][T15838] ? __cleanup_sighand+0xb0/0xb0 [ 3354.589310][T15838] kernel_clone+0xe7/0xab0 [ 3354.593737][T15838] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3354.599750][T15838] ? create_io_thread+0xe0/0xe0 [ 3354.604618][T15838] ? find_held_lock+0x2d/0x110 [ 3354.609396][T15838] ? __ct_user_exit+0xff/0x150 [ 3354.614177][T15838] __do_sys_clone+0xba/0x100 [ 3354.618777][T15838] ? kernel_clone+0xab0/0xab0 [ 3354.623477][T15838] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3354.629384][T15838] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3354.635304][T15838] do_syscall_64+0x35/0xb0 [ 3354.639731][T15838] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3354.645639][T15838] RIP: 0033:0x7ff38a48a6a1 [ 3354.650065][T15838] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 3354.669958][T15838] RSP: 002b:00007ffe54c81718 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 3354.678380][T15838] RAX: ffffffffffffffda RBX: 00007ff3893fe700 RCX: 00007ff38a48a6a1 [ 3354.686358][T15838] RDX: 00007ff3893fe9d0 RSI: 00007ff3893fe2f0 RDI: 00000000003d0f00 [ 3354.694333][T15838] RBP: 00007ffe54c81960 R08: 00007ff3893fe700 R09: 00007ff3893fe700 [ 3354.702313][T15838] R10: 00007ff3893fe9d0 R11: 0000000000000206 R12: 00007ffe54c817ce [ 3354.710305][T15838] R13: 00007ffe54c817cf R14: 00007ff3893fe300 R15: 0000000000022000 [ 3354.718304][T15838] [ 3354.778155][T15827] bond0: (slave bridge4159): Enslaving as an active interface with an up link [ 3354.787257][T15838] memory: usage 307200kB, limit 307200kB, failcnt 7092 [ 3354.795666][T15838] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3354.821966][T15838] Memory cgroup stats for /syz2: [ 3354.822196][T15838] anon 147456 [ 3354.822196][T15838] file 360448 [ 3354.822196][T15838] kernel 314064896 [ 3354.822196][T15838] kernel_stack 65536 [ 3354.822196][T15838] pagetables 81920 [ 3354.822196][T15838] percpu 5433376 [ 3354.822196][T15838] sock 0 [ 3354.822196][T15838] vmalloc 0 [ 3354.822196][T15838] shmem 356352 [ 3354.822196][T15838] zswap 0 [ 3354.822196][T15838] zswapped 0 [ 3354.822196][T15838] file_mapped 356352 [ 3354.822196][T15838] file_dirty 4096 03:16:16 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r1) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000400ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c00000010000104000000000088a8ffff000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r7], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xe089, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0) [ 3354.822196][T15838] file_writeback 0 [ 3354.822196][T15838] swapcached 0 [ 3354.822196][T15838] anon_thp 0 [ 3354.822196][T15838] file_thp 0 [ 3354.822196][T15838] shmem_thp 0 [ 3354.822196][T15838] inactive_anon 204800 [ 3354.822196][T15838] active_anon 299008 [ 3354.822196][T15838] inactive_file 4096 [ 3354.822196][T15838] active_file 0 [ 3354.822196][T15838] unevictable 0 [ 3354.822196][T15838] slab_reclaimable 58856 [ 3354.822196][T15838] slab_unreclaimable 308391408 [ 3354.822196][T15838] slab 308450264 [ 3354.926959][ T3756] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3354.947229][T15838] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15838,uid=0 [ 3354.982417][T15838] Memory cgroup out of memory: Killed process 15838 (syz-executor.2) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 3355.012013][T15830] bond0: (slave bridge1311): Enslaving as an active interface with an up link [ 3355.062343][T15835] bridge3209: port 1(bridge_slave_1) entered disabled state [ 3355.088253][T15835] bridge3210: port 1(bridge_slave_1) entered blocking state [ 3355.095775][T15835] bridge3210: port 1(bridge_slave_1) entered disabled state [ 3355.184166][T15837] bond0: (slave bridge3210): Enslaving as an active interface with an up link [ 3355.205283][T15845] __nla_validate_parse: 6 callbacks suppressed [ 3355.205305][T15845] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3355.310838][ T3756] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3355.326504][T15846] bridge4159: port 1(bridge_slave_1) entered disabled state [ 3355.380586][T15846] bridge4160: port 1(bridge_slave_1) entered blocking state [ 3355.405264][T15846] bridge4160: port 1(bridge_slave_1) entered disabled state [ 3355.445694][T15847] bridge4160: port 1(bridge_slave_1) entered blocking state [ 3355.453101][T15847] bridge4160: port 1(bridge_slave_1) entered forwarding state [ 3355.518017][T15847] bond0: (slave bridge4160): Enslaving as an active interface with an up link [ 3355.535382][ T3756] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3355.897891][ T3658] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 3355.908295][ T3658] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 3355.917661][ T3658] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 3355.926576][ T3658] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 3355.934549][ T3658] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 3355.942593][ T3658] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 3356.041085][T15842] lo speed is unknown, defaulting to 1000 [ 3356.408399][T15842] chnl_net:caif_netlink_parms(): no params data found [ 3356.681039][T15842] bridge0: port 1(bridge_slave_0) entered blocking state [ 3356.688569][T15842] bridge0: port 1(bridge_slave_0) entered disabled state [ 3356.704754][T15842] device bridge_slave_0 entered promiscuous mode [ 3356.727197][T15842] bridge0: port 2(bridge_slave_1) entered blocking state [ 3356.743735][T15842] bridge0: port 2(bridge_slave_1) entered disabled state [ 3356.761674][T15842] device bridge_slave_1 entered promiscuous mode [ 3356.878922][ T3756] device bridge_slave_1 left promiscuous mode [ 3356.887563][ T3756] bridge4563: port 1(bridge_slave_1) entered disabled state [ 3358.038085][ T5125] Bluetooth: hci3: command 0x0409 tx timeout [ 3360.118063][ T5125] Bluetooth: hci3: command 0x041b tx timeout [ 3360.207341][ T3756] device hsr_slave_0 left promiscuous mode [ 3360.214007][ T3756] device hsr_slave_1 left promiscuous mode [ 3360.221796][ T3756] device bridge_slave_0 left promiscuous mode [ 3360.228306][ T3756] bridge0: port 1(bridge_slave_0) entered disabled state [ 3360.446204][ T3756] device veth1_macvtap left promiscuous mode [ 3360.472234][ T3756] device veth1_vlan left promiscuous mode [ 3360.481431][ T3756] device veth0_vlan left promiscuous mode [ 3362.207984][T16256] Bluetooth: hci3: command 0x040f tx timeout [ 3364.278117][T16256] Bluetooth: hci3: command 0x0419 tx timeout [ 3388.840802][ T1227] ieee802154 phy0 wpan0: encryption failed: -22 [ 3388.847140][ T1227] ieee802154 phy1 wpan1: encryption failed: -22 [ 3421.826370][ T3651] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 3421.837203][ T3651] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 3421.847714][ T3651] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 3421.856543][ T3651] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 3421.864440][ T3651] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 3421.871965][ T3651] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 3423.967730][ T5125] Bluetooth: hci6: command 0x0409 tx timeout [ 3426.038084][T13206] Bluetooth: hci6: command 0x041b tx timeout [ 3428.117607][T10388] Bluetooth: hci6: command 0x040f tx timeout [ 3430.197618][T13206] Bluetooth: hci6: command 0x0419 tx timeout [ 3450.279511][ T1227] ieee802154 phy0 wpan0: encryption failed: -22 [ 3450.285814][ T1227] ieee802154 phy1 wpan1: encryption failed: -22 [ 3483.077848][T22094] Bluetooth: hci3: command 0x0406 tx timeout [ 3490.117755][ T3658] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 3492.843969][ T3651] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 3492.853762][ T3651] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 3492.862142][ T3651] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 3492.877791][ T3651] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 3492.886814][ T3651] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 3492.894925][ T3651] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 3494.917718][T22094] Bluetooth: hci7: command 0x0409 tx timeout [ 3496.997668][ T5125] Bluetooth: hci7: command 0x041b tx timeout [ 3499.077695][T22094] Bluetooth: hci7: command 0x040f tx timeout [ 3501.157531][ T5125] Bluetooth: hci7: command 0x0419 tx timeout [ 3509.797802][ T28] INFO: task dhcpcd:3185 blocked for more than 143 seconds. [ 3509.805120][ T28] Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3509.812707][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3509.821573][ T28] task:dhcpcd state:D stack:23000 pid: 3185 ppid: 3184 flags:0x00000000 [ 3509.831017][ T28] Call Trace: [ 3509.834308][ T28] [ 3509.837240][ T28] __schedule+0xadf/0x52b0 [ 3509.844756][ T28] ? io_schedule_timeout+0x140/0x140 [ 3509.850398][ T28] schedule+0xda/0x1b0 [ 3509.854503][ T28] schedule_preempt_disabled+0xf/0x20 [ 3509.860202][ T28] __mutex_lock+0xa44/0x1350 [ 3509.864824][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 3509.870453][ T28] ? netlink_dump+0xae/0xc20 [ 3509.875091][ T28] ? mutex_lock_io_nested+0x1190/0x1190 [ 3509.881083][ T28] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 3509.886931][ T28] ? kasan_quarantine_put+0xf5/0x210 [ 3509.893850][ T28] ? kasan_quarantine_put+0xf5/0x210 [ 3509.899570][ T28] netlink_dump+0xae/0xc20 [ 3509.904055][ T28] ? slab_free_freelist_hook+0x8b/0x1c0 [ 3509.909887][ T28] ? netlink_deliver_tap+0xc40/0xc40 [ 3509.915199][ T28] ? kmem_cache_free+0xeb/0x5b0 [ 3509.920345][ T28] ? kfree_skbmem+0xef/0x1b0 [ 3509.924960][ T28] netlink_recvmsg+0xbdd/0xe50 [ 3509.930028][ T28] ? netlink_dump+0xc20/0xc20 [ 3509.934741][ T28] ? aa_af_perm+0x230/0x230 [ 3509.939693][ T28] ? _copy_from_user+0xf9/0x170 [ 3509.944599][ T28] ? bpf_lsm_socket_recvmsg+0x5/0x10 [ 3509.950394][ T28] ? security_socket_recvmsg+0x8f/0xc0 [ 3509.955970][ T28] ? netlink_dump+0xc20/0xc20 [ 3509.961870][ T28] ____sys_recvmsg+0x2c7/0x600 [ 3509.966670][ T28] ? kernel_recvmsg+0x160/0x160 [ 3509.972418][ T28] ? copy_msghdr_from_user+0xfc/0x150 [ 3509.977924][ T28] ? __copy_msghdr+0x4a0/0x4a0 [ 3509.982747][ T28] ? __lock_acquire+0x166e/0x56d0 [ 3509.989054][ T28] ___sys_recvmsg+0xf2/0x180 [ 3509.993690][ T28] ? copy_msghdr_from_user+0x150/0x150 [ 3509.999263][ T28] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3510.005281][ T28] ? __sys_sendto+0x25f/0x340 [ 3510.010084][ T28] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3510.016101][ T28] ? __fget_light+0x20a/0x270 [ 3510.020868][ T28] __sys_recvmsg+0xf0/0x1c0 [ 3510.025419][ T28] ? __sys_recvmsg_sock+0x40/0x40 [ 3510.030628][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 3510.035527][ T28] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3510.042148][ T28] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3510.048191][ T28] ? lockdep_hardirqs_on+0x79/0x100 [ 3510.053430][ T28] do_syscall_64+0x35/0xb0 [ 3510.057988][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3510.063913][ T28] RIP: 0033:0x7f2b629f3003 [ 3510.068435][ T28] RSP: 002b:00007ffce87f35e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 3510.077913][ T28] RAX: ffffffffffffffda RBX: 00007ffce87f4720 RCX: 00007f2b629f3003 [ 3510.086014][ T28] RDX: 0000000000000000 RSI: 00007ffce87f4640 RDI: 0000000000000011 [ 3510.094155][ T28] RBP: 00007ffce87f46b0 R08: 0000000000000000 R09: 00007f2b62ab3a60 [ 3510.103444][ T28] R10: 0000000000000062 R11: 0000000000000246 R12: 00007ffce87f4640 [ 3510.111603][ T28] R13: 00007ffce87f4624 R14: 00007ffce87f4630 R15: 0000000000000e60 [ 3510.120267][ T28] [ 3510.128192][ T28] INFO: task kworker/1:5:3696 blocked for more than 143 seconds. [ 3510.135934][ T28] Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3510.143417][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3510.152397][ T28] task:kworker/1:5 state:D stack:26232 pid: 3696 ppid: 2 flags:0x00004000 [ 3510.161703][ T28] Workqueue: events switchdev_deferred_process_work [ 3510.168582][ T28] Call Trace: [ 3510.171886][ T28] [ 3510.175428][ T28] __schedule+0xadf/0x52b0 [ 3510.180206][ T28] ? io_schedule_timeout+0x140/0x140 [ 3510.185542][ T28] ? preempt_schedule_common+0x59/0xc0 [ 3510.191190][ T28] ? io_schedule_timeout+0x140/0x140 [ 3510.196506][ T28] schedule+0xda/0x1b0 [ 3510.200951][ T28] schedule_preempt_disabled+0xf/0x20 [ 3510.206363][ T28] __mutex_lock+0xa44/0x1350 [ 3510.211049][ T28] ? switchdev_deferred_process_work+0xa/0x20 [ 3510.217153][ T28] ? mutex_lock_io_nested+0x1190/0x1190 [ 3510.222872][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 3510.227896][ T28] switchdev_deferred_process_work+0xa/0x20 [ 3510.233822][ T28] process_one_work+0x991/0x1610 [ 3510.238931][ T28] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 3510.244355][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 3510.249490][ T28] ? _raw_spin_lock_irq+0x41/0x50 [ 3510.254566][ T28] worker_thread+0x665/0x1080 [ 3510.259439][ T28] ? process_one_work+0x1610/0x1610 [ 3510.264664][ T28] kthread+0x2e4/0x3a0 [ 3510.268882][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 3510.274560][ T28] ret_from_fork+0x1f/0x30 [ 3510.282105][ T28] [ 3510.285264][ T28] INFO: task kworker/0:0:16465 blocked for more than 143 seconds. [ 3510.293239][ T28] Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3510.300684][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3510.309567][ T28] task:kworker/0:0 state:D stack:27312 pid:16465 ppid: 2 flags:0x00004000 [ 3510.318975][ T28] Workqueue: events linkwatch_event [ 3510.324224][ T28] Call Trace: [ 3510.327553][ T28] [ 3510.330511][ T28] __schedule+0xadf/0x52b0 [ 3510.334957][ T28] ? find_held_lock+0x2d/0x110 [ 3510.339887][ T28] ? mark_held_locks+0x10/0xe0 [ 3510.344683][ T28] ? io_schedule_timeout+0x140/0x140 [ 3510.350058][ T28] ? lockdep_hardirqs_on+0x79/0x100 [ 3510.355278][ T28] schedule+0xda/0x1b0 [ 3510.359610][ T28] schedule_preempt_disabled+0xf/0x20 [ 3510.365014][ T28] __mutex_lock+0xa44/0x1350 [ 3510.369707][ T28] ? linkwatch_event+0xb/0x60 [ 3510.374422][ T28] ? mutex_lock_io_nested+0x1190/0x1190 [ 3510.380713][ T28] ? lock_release+0x780/0x780 [ 3510.385443][ T28] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3510.394145][ T28] linkwatch_event+0xb/0x60 [ 3510.398948][ T28] process_one_work+0x991/0x1610 [ 3510.403920][ T28] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 3510.409535][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 3510.414493][ T28] ? _raw_spin_lock_irq+0x41/0x50 [ 3510.419896][ T28] worker_thread+0x665/0x1080 [ 3510.424632][ T28] ? __kthread_parkme+0x15f/0x220 [ 3510.429970][ T28] ? process_one_work+0x1610/0x1610 [ 3510.435200][ T28] kthread+0x2e4/0x3a0 [ 3510.439486][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 3510.445146][ T28] ret_from_fork+0x1f/0x30 [ 3510.449916][ T28] [ 3510.452999][ T28] INFO: task syz-executor.0:15842 blocked for more than 144 seconds. [ 3510.461413][ T28] Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3510.468914][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3510.477830][ T28] task:syz-executor.0 state:D stack:24680 pid:15842 ppid: 1 flags:0x00000004 [ 3510.487967][ T28] Call Trace: [ 3510.491264][ T28] [ 3510.494210][ T28] __schedule+0xadf/0x52b0 [ 3510.499295][ T28] ? io_schedule_timeout+0x140/0x140 [ 3510.504636][ T28] schedule+0xda/0x1b0 [ 3510.509881][ T28] schedule_preempt_disabled+0xf/0x20 [ 3510.515305][ T28] __mutex_lock+0xa44/0x1350 [ 3510.520274][ T28] ? rtnetlink_rcv_msg+0x3e5/0xc90 [ 3510.525427][ T28] ? mutex_lock_io_nested+0x1190/0x1190 [ 3510.531140][ T28] ? rtnetlink_rcv_msg+0x3af/0xc90 [ 3510.536327][ T28] rtnetlink_rcv_msg+0x3e5/0xc90 [ 3510.541664][ T28] ? rtnl_fdb_dump+0x9a0/0x9a0 [ 3510.546493][ T28] netlink_rcv_skb+0x153/0x420 [ 3510.552576][ T28] ? rtnl_fdb_dump+0x9a0/0x9a0 [ 3510.557486][ T28] ? netlink_ack+0xa80/0xa80 [ 3510.562106][ T28] ? netlink_deliver_tap+0x1a2/0xc40 [ 3510.567558][ T28] ? netlink_deliver_tap+0x1b1/0xc40 [ 3510.572890][ T28] netlink_unicast+0x543/0x7f0 [ 3510.577883][ T28] ? netlink_attachskb+0x880/0x880 [ 3510.583022][ T28] ? __phys_addr+0xc4/0x140 [ 3510.588221][ T28] ? __phys_addr_symbol+0x2c/0x70 [ 3510.593288][ T28] ? __check_object_size+0x2de/0x700 [ 3510.598839][ T28] netlink_sendmsg+0x917/0xe10 [ 3510.603634][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 3510.608733][ T28] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 3510.614054][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 3510.619129][ T28] sock_sendmsg+0xcf/0x120 [ 3510.623568][ T28] __sys_sendto+0x236/0x340 [ 3510.628156][ T28] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3510.633557][ T28] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 3510.639820][ T28] ? __ct_user_exit+0xff/0x150 [ 3510.644626][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 3510.649657][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 3510.654580][ T28] __x64_sys_sendto+0xdd/0x1b0 [ 3510.660626][ T28] ? syscall_enter_from_user_mode+0x22/0xb0 [ 3510.666586][ T28] do_syscall_64+0x35/0xb0 [ 3510.671191][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3510.677137][ T28] RIP: 0033:0x7fbae4a3c03c [ 3510.681673][ T28] RSP: 002b:00007fff1b057370 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 3510.690704][ T28] RAX: ffffffffffffffda RBX: 00007fbae5ad4320 RCX: 00007fbae4a3c03c [ 3510.698883][ T28] RDX: 0000000000000028 RSI: 00007fbae5ad4370 RDI: 0000000000000003 [ 3510.706873][ T28] RBP: 0000000000000000 R08: 00007fff1b0573c4 R09: 000000000000000c [ 3510.715072][ T28] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 3510.723459][ T28] R13: 00007fbae5ad4370 R14: 0000000000000003 R15: 0000000000000000 [ 3510.731623][ T28] [ 3510.736023][ T28] [ 3510.736023][ T28] Showing all locks held in the system: [ 3510.743944][ T28] 1 lock held by rcu_tasks_kthre/12: [ 3510.749364][ T28] #0: ffffffff8bf886f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 3510.760347][ T28] 1 lock held by rcu_tasks_trace/13: [ 3510.765658][ T28] #0: ffffffff8bf883f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 3510.778048][ T28] 1 lock held by khungtaskd/28: [ 3510.782931][ T28] #0: ffffffff8bf89240 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 3510.794160][ T28] 2 locks held by kworker/u4:2/41: [ 3510.799608][ T28] 1 lock held by dhcpcd/3185: [ 3510.804390][ T28] #0: ffffffff8d7ae728 (rtnl_mutex){+.+.}-{3:3}, at: netlink_dump+0xae/0xc20 [ 3510.813451][ T28] 2 locks held by getty/3282: [ 3510.818270][ T28] #0: ffff88814a6ab098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 3510.828282][ T28] #1: ffffc90002d232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef0/0x13e0 [ 3510.838576][ T28] 3 locks held by kworker/1:5/3696: [ 3510.843790][ T28] #0: ffff888011864d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 [ 3510.854421][ T28] #1: ffffc900044c7da8 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 [ 3510.864898][ T28] #2: ffffffff8d7ae728 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 [ 3510.875426][ T28] 5 locks held by kworker/u4:6/3756: [ 3510.880805][ T28] #0: ffff8880119c6138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 [ 3510.892811][ T28] #1: ffffc9000461fda8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 [ 3510.903938][ T28] #2: ffffffff8d799e50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xb00 [ 3510.913472][ T28] #3: ffffffff8d7ae728 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x8e/0x590 [ 3510.932812][ T28] #4: ffffffff8bf93dc0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x44/0x720 [ 3510.942905][ T28] 3 locks held by kworker/0:2/23199: [ 3510.948306][ T28] #0: ffff88814a65b138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 [ 3510.959423][ T28] #1: ffffc900050cfda8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 [ 3510.972606][ T28] #2: ffffffff8d7ae728 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xe/0x20 [ 3510.982128][ T28] 3 locks held by kworker/0:0/16465: [ 3510.987521][ T28] #0: ffff888011864d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 [ 3511.000029][ T28] #1: ffffc9000521fda8 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 [ 3511.010548][ T28] #2: ffffffff8d7ae728 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xb/0x60 [ 3511.019609][ T28] 3 locks held by kworker/1:3/9580: [ 3511.024796][ T28] #0: ffff88814a65b138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 [ 3511.035902][ T28] #1: ffffc90013027da8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 [ 3511.049104][ T28] #2: ffffffff8d7ae728 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xe/0x20 [ 3511.058659][ T28] 5 locks held by kworker/u4:5/14758: [ 3511.064054][ T28] 1 lock held by syz-executor.0/15842: [ 3511.069624][ T28] #0: ffffffff8d7ae728 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e5/0xc90 [ 3511.079305][ T28] 1 lock held by syz-executor.0/15881: [ 3511.084805][ T28] #0: ffffffff8d7ae728 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e5/0xc90 [ 3511.094431][ T28] 1 lock held by syz-executor.0/15888: [ 3511.100352][ T28] #0: ffffffff8d7ae728 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e5/0xc90 [ 3511.111104][ T28] [ 3511.113456][ T28] ============================================= [ 3511.113456][ T28] [ 3511.122414][ T28] NMI backtrace for cpu 0 [ 3511.126764][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3511.136314][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3511.146362][ T28] Call Trace: [ 3511.149632][ T28] [ 3511.152558][ T28] dump_stack_lvl+0xcd/0x134 [ 3511.157150][ T28] nmi_cpu_backtrace.cold+0x46/0x14f [ 3511.162454][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 3511.167660][ T28] nmi_trigger_cpumask_backtrace+0x206/0x250 [ 3511.173704][ T28] watchdog+0xc18/0xf50 [ 3511.177859][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 3511.183833][ T28] kthread+0x2e4/0x3a0 [ 3511.187891][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 3511.193516][ T28] ret_from_fork+0x1f/0x30 [ 3511.197932][ T28] [ 3511.202072][ T28] Sending NMI from CPU 0 to CPUs 1: [ 3511.207509][ C1] NMI backtrace for cpu 1 [ 3511.207521][ C1] CPU: 1 PID: 41 Comm: kworker/u4:2 Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3511.207546][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3511.207560][ C1] Workqueue: events_unbound toggle_allocation_gate [ 3511.207592][ C1] RIP: 0010:__update_load_avg_se+0x2af/0xa90 [ 3511.207621][ C1] Code: e9 03 80 3c 11 00 0f 85 9b 05 00 00 48 0f af 85 c8 00 00 00 31 d2 44 89 c3 48 8d bd e0 00 00 00 48 89 f9 48 c1 e9 03 48 f7 f3 <48> ba 00 00 00 00 00 fc ff df 80 3c 11 00 0f 85 85 05 00 00 48 8d [ 3511.207643][ C1] RSP: 0018:ffffc900001e09c0 EFLAGS: 00000802 [ 3511.207659][ C1] RAX: 0000000000000002 RBX: 000000000000ba60 RCX: 1ffff1100ee7b78c [ 3511.207674][ C1] RDX: 0000000000006340 RSI: 0000000000000024 RDI: ffff8880773dbc60 [ 3511.207689][ C1] RBP: ffff8880773dbb80 R08: 000000000000ba60 R09: ffffffff8dde8757 [ 3511.207703][ C1] R10: 1ffff1100ee7b78b R11: 0000000000000001 R12: ffff8880773dbc5c [ 3511.207717][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000024 [ 3511.207731][ C1] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 3511.207750][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3511.207765][ C1] CR2: 000000c003127448 CR3: 000000000bc8e000 CR4: 00000000003506e0 [ 3511.207780][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3511.207793][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3511.207807][ C1] Call Trace: [ 3511.207814][ C1] [ 3511.207827][ C1] update_load_avg+0x17a/0x1c80 [ 3511.207854][ C1] ? rcu_read_lock_sched_held+0x3a/0x70 [ 3511.207877][ C1] ? update_curr+0x3a8/0x830 [ 3511.207903][ C1] enqueue_entity+0xbd/0x1520 [ 3511.207927][ C1] enqueue_task_fair+0x1ba/0xce0 [ 3511.207950][ C1] enqueue_task+0xad/0x3a0 [ 3511.207973][ C1] ttwu_do_activate+0x157/0x330 [ 3511.207997][ C1] try_to_wake_up+0xcc0/0x1e60 [ 3511.208022][ C1] ? sched_core_balance+0x9b0/0x9b0 [ 3511.208050][ C1] insert_work+0x27e/0x350 [ 3511.208075][ C1] __queue_work+0x625/0x1210 [ 3511.208103][ C1] ? queue_work_node+0x320/0x320 [ 3511.208126][ C1] call_timer_fn+0x1a0/0x6b0 [ 3511.208151][ C1] ? timer_fixup_activate+0x350/0x350 [ 3511.208174][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 3511.208199][ C1] ? queue_work_node+0x320/0x320 [ 3511.208223][ C1] ? queue_work_node+0x320/0x320 [ 3511.208248][ C1] __run_timers.part.0+0x4a3/0xa80 [ 3511.208277][ C1] ? call_timer_fn+0x6b0/0x6b0 [ 3511.208301][ C1] ? cpuacct_all_seq_show+0x520/0x520 [ 3511.208329][ C1] run_timer_softirq+0xb3/0x1d0 [ 3511.208353][ C1] __do_softirq+0x1d3/0x9c6 [ 3511.208380][ C1] __irq_exit_rcu+0x123/0x180 [ 3511.208403][ C1] irq_exit_rcu+0x5/0x20 [ 3511.208425][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 3511.208451][ C1] [ 3511.208457][ C1] [ 3511.208464][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 3511.208487][ C1] RIP: 0010:lock_is_held_type+0xff/0x140 [ 3511.208512][ C1] Code: 00 00 b8 ff ff ff ff 65 0f c1 05 94 ac 83 76 83 f8 01 75 29 9c 58 f6 c4 02 75 3d 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 <44> 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 45 31 ed eb b9 0f 0b 48 [ 3511.208532][ C1] RSP: 0018:ffffc90000b27858 EFLAGS: 00000282 [ 3511.208548][ C1] RAX: 0000000000000046 RBX: 0000000000000005 RCX: 0000000000000001 [ 3511.208562][ C1] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 3511.208574][ C1] RBP: ffffffff8bf89180 R08: 0000000000000000 R09: ffffffff8dde8757 [ 3511.208589][ C1] R10: fffffbfff1bbd0ea R11: 0000000000000000 R12: ffff888012620000 [ 3511.208604][ C1] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888012620b18 [ 3511.208630][ C1] rcu_read_lock_sched_held+0x3a/0x70 [ 3511.208653][ C1] lock_acquire+0x480/0x570 [ 3511.208675][ C1] ? lock_release+0x780/0x780 [ 3511.208695][ C1] ? mark_held_locks+0x9f/0xe0 [ 3511.208717][ C1] ? smp_call_function_many_cond+0x10e7/0x1430 [ 3511.208744][ C1] ? smp_call_function_many_cond+0x10e7/0x1430 [ 3511.208771][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 3511.208795][ C1] ? smp_call_function_many_cond+0x642/0x1430 [ 3511.208824][ C1] _raw_spin_lock+0x2a/0x40 [ 3511.208849][ C1] ? __get_locked_pte+0x154/0x270 [ 3511.208870][ C1] __get_locked_pte+0x154/0x270 [ 3511.208897][ C1] ? __kmalloc_node_track_caller+0xd0/0x380 [ 3511.208920][ C1] ? __kmalloc_node_track_caller+0xd0/0x380 [ 3511.208944][ C1] __text_poke+0x1b3/0x8e0 [ 3511.208965][ C1] ? cpumask_weight+0x40/0x40 [ 3511.208988][ C1] ? text_poke_memset+0x60/0x60 [ 3511.209012][ C1] ? __kmalloc_node_track_caller+0xd0/0x380 [ 3511.209037][ C1] text_poke_bp_batch+0x382/0x6c0 [ 3511.209061][ C1] ? do_sync_core+0x20/0x20 [ 3511.209087][ C1] ? __jump_label_update+0x296/0x410 [ 3511.209113][ C1] text_poke_finish+0x16/0x30 [ 3511.209134][ C1] arch_jump_label_transform_apply+0x13/0x20 [ 3511.209162][ C1] jump_label_update+0x32f/0x410 [ 3511.209188][ C1] static_key_enable_cpuslocked+0x1b1/0x260 [ 3511.209213][ C1] static_key_enable+0x16/0x20 [ 3511.209236][ C1] toggle_allocation_gate+0x100/0x390 [ 3511.209263][ C1] ? lock_release+0x780/0x780 [ 3511.209283][ C1] ? wake_up_kfence_timer+0x20/0x20 [ 3511.209309][ C1] ? move_linked_works+0x1ec/0x2f0 [ 3511.209340][ C1] process_one_work+0x991/0x1610 [ 3511.209370][ C1] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 3511.209397][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 3511.209419][ C1] ? _raw_spin_lock_irq+0x41/0x50 [ 3511.209449][ C1] worker_thread+0x665/0x1080 [ 3511.209480][ C1] ? process_one_work+0x1610/0x1610 [ 3511.209505][ C1] kthread+0x2e4/0x3a0 [ 3511.209526][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 3511.209551][ C1] ret_from_fork+0x1f/0x30 [ 3511.209583][ C1] [ 3511.224982][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 3511.224998][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 5.19.0-syzkaller-13948-g7396ba87f1ed #0 [ 3511.225025][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 3511.225038][ T28] Call Trace: [ 3511.225045][ T28] [ 3511.225053][ T28] dump_stack_lvl+0xcd/0x134 [ 3511.225087][ T28] panic+0x2c8/0x627 [ 3511.225148][ T28] ? panic_print_sys_info.part.0+0x10b/0x10b [ 3511.225181][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 3511.225209][ T28] ? preempt_schedule_thunk+0x16/0x18 [ 3511.225241][ T28] ? watchdog.cold+0x130/0x158 [ 3511.225272][ T28] watchdog.cold+0x141/0x158 [ 3511.225299][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 3511.225332][ T28] kthread+0x2e4/0x3a0 [ 3511.225355][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 3511.225383][ T28] ret_from_fork+0x1f/0x30 [ 3511.225430][ T28] [ 3511.231587][ T28] Kernel Offset: disabled [ 3511.859632][ T28] Rebooting in 86400 seconds..