c5909afa467cf86d9156a6a6bfc98923fd2fa6fe1cc26b467387b093a7d85da181a86577ad1d919c04b681c2abbc3371c0e82c79cdbfa741f936c0086da7241b49792473c20f28685b6bba41cac400ae158ed764a0ef2e4955ed61f8b5d54069d291802f0e4ce0003ee1cfb63c32fffaae7912284fa5aecfff9116c62cc162cf271cfc3af34b9e6c1301c03694a7620433138b6ddafb73c476b2249090c9a66776447d2c763de996c117d430d20d386f5847fa87fdbd9d0e382dc41d7dde36f24b383d48d51a1c2020053f7b561a633c9328e15f4776f38f368051666a6d90fba8d8fa1dc8c18a85aed42645b056d9c423c41d25f3f2b426f666fd091899b1ad720e01aa48f9d849666d7f31a4b08d9c51f1087d4fb5ed7f2e7530ccef009c34534809f51ef24407cbff0a9b70259c9d1ba1543395d2b4432571e53ef01364bddaa652f10d5adae2582b06997a004d8cbaeacd2196a2580e1d5432d750483e23ee029c09d3844f4683058168e42e9e15acc33c8d1e86f1b5dc49baeaec934b5eaef82b2e61d7b48857b8b232e7c7db1c9f9500c8789579521bf3f0ade47c372747b579a81c2c6067bf33db22859", 0x1000}, {&(0x7f0000000680)="07a1e44d6f6af0a9ff2e30f496ebe911473b021ce78b89eae098e09c7ddee34cc8c3553ab1becff81eb15c27228264ec4bde06a11deec53f2922ef9abaf0971faedbcf468bf02ed10925b089f491383ee9", 0x51}, {&(0x7f0000002800)="baa46fede0a6f88869f5645789081e4bfcbc1eec9b04296cc6dcceec3f1d3e30fb6fb815eb7bce1a14d2bb54dda29935219c66dbd37109522ae2515459171de684da8bd07a1bd59d5893f939cb312b184b5f74e40ed00b1f1d3c6032d45d503ae8f1ff954b40ae2a0e97c3b5394f0a8cc4ecac2de3399294131c01fbe124ae9aaa022f67c5e0c569710051c36db61e8ee1919adcf27b12fda0be31485b418c2c7910dd4bdd635cb71f51", 0xaa}, {&(0x7f00000028c0)="f2a2a874a75b655113c90f7d6016666a0a91c91c706ddec5fb92f3249696d1a369c0fd76d38b82fc4cfaacb2aad1541b8c7389f49780ff14211ba69e43c5962502bbb55959353162722cfb342168fb6680a33324255d404f4c32d15c7b86bcbd91", 0x61}], 0x5}, 0x4000000) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x8d00, 0x0) ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000080)) 16:55:03 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x5000000}, 0x0) [ 3041.013384][T29096] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3041.033984][T29096] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:55:03 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) [ 3041.188217][T29101] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3041.411266][T29106] IPVS: ftp: loaded support on port[0] = 21 [ 3041.631597][T29106] chnl_net:caif_netlink_parms(): no params data found [ 3041.711505][T29106] bridge0: port 1(bridge_slave_0) entered blocking state [ 3041.718871][T29106] bridge0: port 1(bridge_slave_0) entered disabled state [ 3041.727258][T29106] device bridge_slave_0 entered promiscuous mode [ 3041.774357][T29106] bridge0: port 2(bridge_slave_1) entered blocking state [ 3041.781455][T29106] bridge0: port 2(bridge_slave_1) entered disabled state [ 3041.794669][T29106] device bridge_slave_1 entered promiscuous mode [ 3041.822853][T29106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3041.842058][T29106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3041.909527][T29106] team0: Port device team_slave_0 added [ 3041.918375][T29106] team0: Port device team_slave_1 added [ 3041.996585][T29106] device hsr_slave_0 entered promiscuous mode [ 3042.033901][T29106] device hsr_slave_1 entered promiscuous mode [ 3042.083190][T29106] debugfs: Directory 'hsr0' with parent '/' already present! [ 3042.278402][T29106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3042.297050][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3042.306421][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3042.369989][T29106] 8021q: adding VLAN 0 to HW filter on device team0 [ 3042.384884][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3042.394443][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3042.403184][T25186] bridge0: port 1(bridge_slave_0) entered blocking state [ 3042.410235][T25186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3042.484075][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3042.492412][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3042.502279][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3042.510919][T16725] bridge0: port 2(bridge_slave_1) entered blocking state [ 3042.518013][T16725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3042.567129][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3042.584378][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3042.604759][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3042.614904][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3042.624123][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3042.633701][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3042.699972][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3042.709175][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3042.717955][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3042.730363][T29106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3042.814920][T29106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3043.059067][T29115] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3043.071526][T29115] CPU: 1 PID: 29115 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3043.079502][T29115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3043.089553][T29115] Call Trace: [ 3043.092848][T29115] dump_stack+0x172/0x1f0 [ 3043.097180][T29115] dump_header+0x10b/0x82d [ 3043.101598][T29115] oom_kill_process.cold+0x10/0x15 [ 3043.106709][T29115] out_of_memory+0x79a/0x12c0 [ 3043.111384][T29115] ? __sched_text_start+0x8/0x8 [ 3043.116334][T29115] ? oom_killer_disable+0x280/0x280 [ 3043.121625][T29115] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3043.127168][T29115] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3043.132803][T29115] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3043.138613][T29115] ? cgroup_file_notify+0x140/0x1b0 [ 3043.143812][T29115] memory_max_write+0x262/0x3a0 [ 3043.148667][T29115] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3043.155429][T29115] ? lock_acquire+0x190/0x410 [ 3043.160100][T29115] ? kernfs_fop_write+0x227/0x480 [ 3043.165138][T29115] cgroup_file_write+0x241/0x790 [ 3043.170076][T29115] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3043.176833][T29115] ? cgroup_migrate_add_task+0x890/0x890 [ 3043.182482][T29115] ? cgroup_migrate_add_task+0x890/0x890 [ 3043.188110][T29115] kernfs_fop_write+0x2b8/0x480 [ 3043.192961][T29115] __vfs_write+0x8a/0x110 [ 3043.197285][T29115] ? kernfs_fop_open+0xd80/0xd80 [ 3043.202217][T29115] vfs_write+0x268/0x5d0 [ 3043.207509][T29115] ksys_write+0x14f/0x290 [ 3043.211954][T29115] ? __ia32_sys_read+0xb0/0xb0 [ 3043.216736][T29115] __x64_sys_write+0x73/0xb0 [ 3043.221322][T29115] do_syscall_64+0xfd/0x6a0 [ 3043.225825][T29115] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3043.231707][T29115] RIP: 0033:0x459829 [ 3043.235595][T29115] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3043.255285][T29115] RSP: 002b:00007fc7c258fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3043.263714][T29115] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3043.271678][T29115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3043.279640][T29115] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3043.287604][T29115] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc7c25906d4 [ 3043.295580][T29115] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3043.350487][T29115] memory: usage 3272kB, limit 0kB, failcnt 507620 [ 3043.365094][T29115] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3043.372328][T29115] Memory cgroup stats for /syz3: [ 3043.388352][T29115] anon 2187264 [ 3043.388352][T29115] file 155648 [ 3043.388352][T29115] kernel_stack 65536 [ 3043.388352][T29115] slab 528384 [ 3043.388352][T29115] sock 0 [ 3043.388352][T29115] shmem 0 [ 3043.388352][T29115] file_mapped 0 [ 3043.388352][T29115] file_dirty 0 [ 3043.388352][T29115] file_writeback 0 [ 3043.388352][T29115] anon_thp 2097152 [ 3043.388352][T29115] inactive_anon 0 [ 3043.388352][T29115] active_anon 2187264 [ 3043.388352][T29115] inactive_file 0 [ 3043.388352][T29115] active_file 0 [ 3043.388352][T29115] unevictable 0 [ 3043.388352][T29115] slab_reclaimable 135168 [ 3043.388352][T29115] slab_unreclaimable 393216 [ 3043.388352][T29115] pgfault 79398 [ 3043.388352][T29115] pgmajfault 0 [ 3043.388352][T29115] workingset_refault 0 [ 3043.388352][T29115] workingset_activate 0 [ 3043.388352][T29115] workingset_nodereclaim 0 [ 3043.388352][T29115] pgrefill 0 [ 3043.388352][T29115] pgscan 371 [ 3043.388352][T29115] pgsteal 371 [ 3043.388352][T29115] pgactivate 0 [ 3043.480357][T29115] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29113,uid=0 [ 3043.497166][T29115] Memory cgroup out of memory: Killed process 29113 (syz-executor.3) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 3043.514592][ T1057] oom_reaper: reaped process 29113 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:55:06 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:06 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net/syz1\x00', 0x1ff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)=@in6, 0x80, 0x0, 0x263}, 0x200008c4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:06 executing program 2: r0 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x137, 0x0}, 0x800) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004044) 16:55:06 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6000000}, 0x0) 16:55:06 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0x30}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:55:06 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) [ 3043.902628][T29106] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3043.957542][T29123] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3043.973045][T29106] CPU: 1 PID: 29106 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3043.976051][T29123] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3043.981134][T29106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3043.981140][T29106] Call Trace: 16:55:06 executing program 2: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)={0xffffffffffffffff}) sendmsg$kcm(r0, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f0000000380)="299737d316549ccaf4213831d377d5bc91dfe56fb033f5e4429d818c2dbc50d5cf61b7732271ef26ba99ce0ec39616e03cdd28df1a78403248d32f0be1e650c0aea25bb6295b99f6a92d55b51154b073c5ed997b30ef62ac5d3c456842e9518f3df23d34e7f8feb6c9d4ffae53c79896f3c450fdb529fa5a9b0748cc857c679f93123fdd1a5d799ded3b72e4316f129b4a82201c1c355baccf0c31558d0cbdd496a39cd61fb40edc19338f68f826d6c6263c3923", 0xb4}, {&(0x7f0000000440)="d8dc7a2e14ea820af494570273655f53182f38b8bc2420e39072b5845771a585a4416e4eb98cdfafbccbffeb44581fd20e0bf39a375089d997d5ff7004cfbece87aabbc7e6ea2e73bceb4caba01e3c28b5c2a0da555abd89727e4b150d40f06eb5a552b7a81d9236f4fd23987082aad9f66097af372c601f72efd1432c6746fe370a3818f55c8d8d6afe", 0x8a}, {&(0x7f0000000500)="9fe19dcec874498c1ca8304200f94fb9ee9cc6b2118f03106be14a8b2fc7d7f0a228f2e2efb96e920103cd37789600db68b9d5f5eca175f9", 0x38}, {&(0x7f0000000540)="05b57fb5e6eb9318b66cc064549175b0ee25ace3077dd73b75c78a026720c1262f29a795d31e95bf3ba1fd6629a787fd", 0x30}, {&(0x7f0000000580)="7dfd10214493d23bc36955613562838fde451c77a06d730e55a84c22503c6e08005e9b3fdfd96c85889635e479ea9e9130fc81d51950496a824b9a1698effbea004eae69d614fbcb7818b3b15e0206ea9bf67842303e24f589da83fffdd02c6a8d745d64c9f6ad824e27ad6833f1fc280a10c190165090d5eafed7da4914c59bdd747dfa91cad5e28edfdb92d4acb6f86ce092f389395cbefd210cd8298de3cd36", 0xa1}, {&(0x7f0000000640)="e6ac43504b7b8e9d5d59da37cc650e8b66bad44ac0d787419edb6a15368824980c347f70469c4e51d89d992f09234d57e08f8ebbaf388f76396de2dd5fcf5e2bc560899bcb463be2355f9180630d6216cee4a21d3f13bcd135ec1cc222c6c380421c78e766a912f9163b62a0d664f60ed80d68d1e91631eef82826d48c946f16d23c74bcdbdb24b4c1e44eade61bbb15dccd15de6aba05", 0x97}, {&(0x7f0000001740)="6cbfae4d32dd81e85c7bbf0f5757ea2f9398c01f02bd46ef478a33703e8a77853f3f0db5dc031b0db85209735d8df391272eddf3d3b07df82e663f734890f8a6a781807bb5473557bfdf8f77dd86961514b0df36934f089dbe6f1ade69b429a9ac26fd3c9e617a33f524a4e750809514d98f6d54a7014ca84c1ea6a6391710dba5ef450c557c400b0d8cf2de69be359cff0385b933fd8e6dcb2fa772fd6ec4c86edc5c71694b8feac8a7b00cc61de138e18c16feb1fcfa8ed4d328e8ee6b243558e03a52", 0xc4}, {&(0x7f0000001840)="df74a62dabf5065c64b4f4b2c4efb56231d6e67967ace0318fd1637c3e1ecb04c4afddca496f61f3aea8dcba782787cc3efdd9106d50d5a2e69132b564f2f68aa45717468a7b2c77a96b0193cce2f11823e6c3a5679655c84ed01095d1414651182a0bf489d274ecfb151d852a2c7d708e1c0dfb5696adc9619a288c7932b38ae97eb7fc7457c17a9738d77e0251cf987ec1412a298d7676910015ff8e9f6a6403683688cd8fc8b63094481c757fcf9f9e297efe28e74e50c17e6703cab970f8fa2b9b46530e6c090d", 0xc9}, {&(0x7f0000001940)="079c6ccdd1e0f78ac9b8b3d3fa37dd7802b4c4c7634f590f8205d11b7ac1dbbcee64f385eca9c5c8bce4efabc50517f7ef9597a83ddf204eb6864cc4fe6d254648dd0fe39d29347db5ec93e2c779eb7dd65dfce9e2a21c82c8b9857dcabedb86c996fe5b937f5f165abfa8cfd58c07ab18a3ede755d9c91f4b4f86343467f43f177ac0db2dc1972b025bb019946b8dc8564d250e900a4c6db760ad912aeea6758ce01954b9e914212577cb9d13cfa1b1f441febae54af7e91f0a5791180f8143488f0f809fc8e97202bcd885e756e624b0dfd3b7f5fa8151828178a50929c035014be55aac8e9ca7c657064ef56fa1fdf9789adc58f133f25bb6dbe077ef5c", 0xff}], 0x9}, 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24010001) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) [ 3043.981165][T29106] dump_stack+0x172/0x1f0 [ 3043.981186][T29106] dump_header+0x10b/0x82d [ 3043.981204][T29106] ? oom_kill_process+0x94/0x3f0 [ 3044.017601][T29106] oom_kill_process.cold+0x10/0x15 [ 3044.022722][T29106] out_of_memory+0x79a/0x12c0 [ 3044.027407][T29106] ? lock_downgrade+0x920/0x920 [ 3044.032265][T29106] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3044.038078][T29106] ? oom_killer_disable+0x280/0x280 [ 3044.043295][T29106] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3044.048848][T29106] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3044.054506][T29106] ? do_raw_spin_unlock+0x57/0x270 [ 3044.054524][T29106] ? _raw_spin_unlock+0x2d/0x50 [ 3044.054540][T29106] try_charge+0xf4b/0x1440 [ 3044.054562][T29106] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3044.054579][T29106] ? percpu_ref_tryget_live+0x111/0x290 [ 3044.064494][T29106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3044.064513][T29106] ? __kasan_check_read+0x11/0x20 [ 3044.064535][T29106] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3044.064568][T29106] mem_cgroup_try_charge+0x136/0x590 [ 3044.064590][T29106] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3044.064607][T29106] wp_page_copy+0x421/0x15e0 [ 3044.064623][T29106] ? find_held_lock+0x35/0x130 [ 3044.064642][T29106] ? pmd_pfn+0x1d0/0x1d0 [ 3044.064657][T29106] ? lock_downgrade+0x920/0x920 [ 3044.064675][T29106] ? swp_swapcount+0x540/0x540 [ 3044.064693][T29106] ? __kasan_check_read+0x11/0x20 [ 3044.135906][T29106] ? do_raw_spin_unlock+0x57/0x270 [ 3044.141028][T29106] do_wp_page+0x499/0x14d0 [ 3044.145463][T29106] ? finish_mkwrite_fault+0x570/0x570 [ 3044.150945][T29106] __handle_mm_fault+0x22f7/0x3f20 16:55:06 executing program 2: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000140)=@ipx={0x4, 0x1ff, 0x401, "7a104dad193c", 0xfffffffffffffffe}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)="f55c85c688ce97276aeeb3319cc41e1bf0291c12e6742230e1cbfea5b0d4eb69b512498e7f367d4deca61b4df01526e9233a306bdc78a0e0b061a2055d159e7b", 0x40}], 0x1, &(0x7f0000000740)=[{0x50, 0x116, 0xc0000, "449f4fd4ee422008b815cd881e52b70bb056e47783b31a98923c628e6ae59358e4dd0396b45d91876a7946ef8a1ad97b0d3db7bf5b643af4ad3e224bc5e5353f"}, {0x1010, 0x88, 0x3, "81f0e8e9b307a1f8f69eb99fe8e8d849c6751abf9276479dfe85b782257a3b44016313f5cc2977e928f966ec898809803d7aa07cd58d8a061fe8de5ddf66505e9d4b880e877c84e75085cedb99fcdfc6dfc9fdaaa5b276b6c0cabd5b37c841ed5e0f0fbd33972aef7d50f90f7695678d3b82ec583e250fe9dc6c90a3d9d4f5d7a52b1aedbace0891effce8b4e6ca9a471c67be430159749b4fb90f22cc945151f70ec86309b1e39b1392e903ec4fcc2365e6c858919bf4bddc5bdb78b8385a7b7229b25ae923f823e2c98451a42fb4eb808fb905f4afb3f592f800fa4c6d9f165cfb3e15347c91b3775d62ad0f1c395640064d9ba3bec663631680dfa7b4c029e1a5178bdc60f61a47756fe210cf9e48c7ed7db140002caf8900ea265749966974b41c8f4b738f9c56e899d9a79d45d857d105c5e90d2831cf73f04f0b94e09b994dfce3c4649c0ba5e7d150609c3ed545f431adbe67503cdc4b071f5e1a7584d0098a32abf198d0624e6664228fce8fe3ceb10cb7ac3106486e83ec6b2c7047052bde472fba5c780f3dd79e32bddb088734b045a3099fcc1ea16c581d36186330c87fd24f5316d6222223479b03c2cc1997cce1be5a900b1524e0961c29cad0a8b95a35f7827d35b238e1a20086d082e660dce4f7ae4214140ce596381851e4cd4c8e5eb6c99a1daba5428f7a83eaed0203168b0549a37bd7b28dcd8a87bd1907a1a853f8b85c421f8c1832ee5e287cb6f6475d741ca4966a1b64b2021988b416500bd0694cb0839401849e40efdbd2cb021f0122a4576d9fed9df76a2e08bf1f465b1f9e651b65e88fce558900421fbee412e119037e50e35df5453e8fcfc0c62edee4b4605f46da96ebef0836643bfaeac81ca8f38e965519d08cdf5dd3d0f3f6c37d362e965a00ae5a0d7575adadc2a5a8b4d4bac07b60ed9bb604821b7953104237c227f0f052ec7c0555fdfcf82c2d722484c509d6a0df7d5a10ddf121db29550078e9490d5b0f33562b84b606529512985a066b5aa142dbba77f55d75ae004e97b2ff3f3210fdc0cb61d2606d4c8c8f8fb82a64e9d6bac80f23cbd4e1fbcb67203de9e5b60dc0b5791d57ab2200d0fa3aefed75389dfb04d06a49da9aa6695130816c40865fee6d08e1b7040944cf56007f1c41437c95fbd00bdf0538ce0a17547eb457cfca029aac14a38548c56ce1ffdd64c97e7c696e750a4a2924c5d56fef410f1ec6c5523f0615ddd897ad44e01ee5e110e946c4bc42399e9fd8f01679148f3890e47eeff2782a24362ba2f8bbad8a5f5f65cdf0fd66a1551046fabe886c1971c56663323efc524358616e85bd019e1263cd3b590cdb20ca81cd02b6601e151d966b250744a0eade6dd4f08c360cadaaf0917cdffb9f839ccbbc3131dd4153b67f7b9878e10e7753fde5aa5e46f1a052cb5ed37c55de027a369036cb5edfe2ce01870cf9026412e698ee79c8ac267acdf4fbdaee57d1a3e72754dc5a05f1bd6d2228717e9d05563acbc0fb834d48dec38155924585a521329cd155d22e0cc91a39ede9be247653f5cc083ce5951d9e212f2f8257d02534d1bd8cea6ec0dab73aa6e80b959b5cd432c6df1b0c32e40ce6a588e12904421f9e91eee8b814496a9565a4eaca63fc3215716bda10189cb8e7a52fd11be65ca732e45572fe185a13a5c548f49c468766e474ce2a0c9fa16f97c2a9c359777c8c22031e904c6a7261fe593d632649151184067cb7cbd30912a3b3eb84f69423fdbeaf60cbb4096d3a4305f040d6ec701430498e61d9e5b1fc1332df69342fe69093cc50f5ed96081891431e4a5082abdbff7362bea8f0e2a5eba4a1668954124103087317cec9250fc4db500a0e4583555aed79eaeef360f828c7c36b4c3815fab4b079c0491a00471ef591535311e77881a0e85ee562e6372e040fa7b1ce484128d7c8d3a306d20683d83def37d1ed7ce0f3bd5ce4a8b0c72d7244e3106506a5aecd6d496c3cb4514c6c05774e32e6f924a7d5bd3eb99366acd8e139e69b6edc374d4075f264965010b76f316cc8fbff2c7aaac254fdf5bfdc2442b1631250d18f083aa39afbe1b18e5e87fb025f8c5964bab162706b4f5471e89f02206983b3b05df69330df6341a28832db766ebe4834e95258876194cc9aa9d2e13d3d8ec62576444ce946fe23c17a9512a7318229e8f43bd5b2ee351b7c5f7f78572ba3755dcc75191ec706ff3b56caa9ab2a3ef1aed8f8ff4ddb76cfff56582f06aec81f21161fabc72f461777a4603c4c5bb068f79a5ad8063bbb52137cc90ea9321361ae11d6b4bcc444b438b51009aa15e02fd916509180c981a0fa7eb32b470874d5a334cf1862d6651de955e3c28115bc41706ec8f096b41b78d2a2ff4afdf4531895f6fda8ec4a82ae9f9ac1a05e5cee64a9408a250b0f02b8803f39c70191fdccbdb96418832eb43065c530d74cbfe683986f2346d67f07c7561740b100457e2aeb52a26976b9d6e4b916d36a651c9b98251c3707abcc984be7d25a4ec1d216f02c8a5c5070e1753a92e29e6f27c5a3733bf3a151ec8bb696e56a3def8924bda42d0784884024503475bac2a5c16c3c277cda8340ed27d9aab326dbc03ece28fda10fa3ac09bb16b9d5ef962f1b77c2f969af77f990792c5a49570e956b32eb4335488f476f0f544d9532c71991540e13d411cf7fa59f693059da1c9a5dbc56e4374d2e1f5aa5d9457c4a88c170ca5ecfc31d1ebd0bc2cf8ee5adc030fb960f71f1ea2e120b96fc396d64f5525ce46cd4b97e54e20ad281b0b2af41736ea69e163c72132d2bde158690bd2f7198ef0eddc07b1549c033f5e1a2a9a8403d5264945005b990838bd054345c8f8ee3e63ea2d2c010e0230a1f83bd9b50b905d4f9d3e665912a6c421da8035703c617bdd2436bd74cb04e66a0515fd49401817896337b75973c4dcd3c44f56d66404e167d215fde69f5f38f79c21d14bce30f4420ed84736db42050697c32e601512ffc165ce7f3672a0e9e87b062a7d0d46caa3de770adfc61408f9ceed5df69b5c6ed5cd437701e4235a52bd0ac14aa1f4434ca6bdf492aee46ab9fa4872383c7c49cae05bc304d7cfad075d89bd47a8f6f39ea80e6e3c8e6ed52d9463245e90d8babfe070b4bc3354dc7e910b636729e856f461ae6903310a74f87b966c2b8eb884fd6782d8d0393f7ac7e100443e9767a0dc5b212909378202550df37866c2a55fa93d50318f64f459e03a2f733a78c8336ffd499cf69fc2ba5b8bf1d7f3cae16f439a213708a9c3a6efa9de83d1e0558148990fcd0efd0de029706168face0c068fb2fa39fbb6ebb5595935c351e6786cd4168730148dfaec97432d8f07f22ffaadd450abc7a1980b89c514e8c34c32445ed43e74344d80b83d91a930017f8990f1d79db11ffe8edf626825913cef2da839289dbbcf85e6786d9a08a6fba6c8b815c4645638a1716205552cb62e4c196ec994f145fdc573710894ac7320396063233532f5ddd595f1aad229e41db543f77ee33509b933245a2147e427d5003f393821b2bb60fd8b0117fe193825c16a8df330dc55bac5d39d0f2fb5b8d055a41d8dc88cf304e9f3aefb4358df8b767c0656b85c0322b01e642d87106ed860371ef0bb952edb273cfac566a6f5ff2ab55b40a7515279db67a50f58b5b17aeb7f567f14a0b121aaf03d4e439b0bfcfe93325fd4b345c303ff98caac9efebc4024ec470132984e26beace4d31ce28a985f7f97dc3aa9be7e65c9e619fa852534b81f788591a33f3923fabd538ef27029870304399ee734e4cb6293b1befbf541d0957a5f16844b2ebede048f6b54752c9b1ac6fe1b9b317aa68809c8839cdb413beac4981437c89ebf5bfc1ecf198066f40431aa3012bbf1de9fc08820207f6a1429c4b26a46fddc9d77073c093ed9c9438bdff626556a556844fb60705174a20b256e5ef3d13d8a72daea88ecfd51c75942b58c36c98173cf11336e77b76054213bf6d77d0836779c9d0528ea7798c0b72b80af24986fe59c35766bd2c284a7bfb2b2d380318ba9563f960f9ce458e28c4ba1903da9f8a3ad554b31cc01cea25e3c7fb00642bac75ddfc2ea1fd977847394e9809e393800d11a28e6ab10bd7bf79309b913335382155573b49ddc758ab600b8884290a04d295d6b2ecc79b08c3006c60e639aae20aa14cbd97510e27daeb4ac019f2b02461b5611320e7356952748ef1799d34cc986204d1eb146d91d958acf030c48755956fceda54ed0890a07f5ebdf6b50014ac14107e6195d1fad125d42527e39ccd454fb111fe2f4e592816940345c5ef6ebb76daa18169e9d9e00d4ca5f94f1a6a10b8b7f870c0d36b23a7c77e882149f176569f36d42857cb45ba01f3be1263b5ad1bdd4e950cf87d7f9ff5d336a9585eae6a4338fa40893ef35a2e39f394af76f36655f4bc87d39fcf01a143e834293fc42a8a8a41147784ab8b4f4cbb32902d92b7b66d358e839aea364507ebf6950750b9670dfdc9a3b62c7483a6b1b8d1ebb3714ae297618b7e4d125155949643ba07a67a1062ac96853ce8fdb8954369e9db964b15ad831510759e5b5eea9dd41b0f2f0293e14990ba604bf2519c15851a2936c3a47a3d68b912d0e0050b64b81a95414506c97cefa101d1c3f7ab6a034ccbd64f2c6e21e9ee0328cac58d6b9588bb2597a8c74582180ad58575bdf8dc9ad63b1362db4f1dfc978d56cee976d9065fcf79a4ea08c742ac66c26a7fb4e066db725e2139db1ff80de10628972df02d8d1d8f9de283a98cb53c9e57398c4eaee3fd204a3d118aaaf14a3f1e76066c57a3a20fe3c492a44833fa5a64af814b6531d8607105b719ba976bf9c61d3f9a09f6620a4515ae1a8f0da241375071f4efcaa720253a26141fb158a1bca9c972674eacd244b0dcf0b443082c553033207e905c5a96d07e96bc6903e4fe1dc0efdfc7d8c5ed1344fb5c4ac43765427e1ee22db1be6d44ec20503391e78385d14da67080720d814295141a1d59652f15688aaf6cf331ce6585b2a26e32a931564c0eee1793e77d7d48c3da4ee9e4b83e90f63e1d38b88ffcafd48c99c6ff13f1c574fcdb0dfe7748e1f654437d879370cc6e752ea9ce91f39968c20b24b91f80c88d7aebf1bfb60ad6f01ee1062d0b34fb357c3e2f8dcd30dcd2a34a40e31c28fa0925bd9fa2b327ea6ab73ef0396e91707c0f5b9a7fa497fec7f0fa79e285f873c2bbd00f35995c825e74995eb7d881f44725d3b19f520e2c992e027677e0a9d0a25a0ddf1a65c3640879e0919450593f66cda4a18ecb847bbfb5e54b158a5973e5a91ae69baa48034247b850a030aded82967d46fa7b96dee5938fcb225cd7856e9b95bfbb36e8a34dc5b738983b57bd0118ba62096f0dc0e3276b73edfc73cf70312a7c55de64eac19ba026c7ec9b4028a4392d416a928dbe6235acd4818d5a9f2641b11a011fb6101f7feb6314990ceeabc07f873bdf02f3c7354889eb4b8b61afba35734b81949a3a8503cf2323cc9363ca1760e0a0f9d918e9a79499a0bcb75a13e6f6d25048e7a729c0fddcf9c2d145381f7af1d12382f80e0cd9b04797d04c89ff84886cdaab2eb365f997665f4e3419f14811b855903f7ac2f6e4c8ae8265b4719423fb9ae1d6cd5ab0042e58b3a07a581d2cef6d5652b8ff079bbcb0e309dc87652170ccafba1049fb96d5bea4bd0a8bec53c4029bad407e6ddfcbb7e3e5a0c35ca99626ec88d5c61c9451c74f15bcbaf9e14b0854a56773e161aebe0baeeaff12e55fc104eb53c1a3211df160"}, {0xd8, 0x110, 0x6, "809e4487dc7a07006926408565efd782999bee529f6f8751e4aef6062270eaa10703703462407c6e1dce01c9d1f31c11209b789f53d63bcea3ec03d8d03437086c2f34266f31baaaf7b194dd2963d32702cd5fd22997fbd493cc75f38224d5806e28d4efa16ebfac523697c3d3c878c57696a04a7cb50dfef558917821d49cb6526c85795ff3d93926d9a852e7a8747246a7cd2ae0fd2ac094413ec4ffce3e2c17b077d9fe387d713f1d0b44175a259542f26d990b39c03ea35c2cfd1f37bdaa33f2cff309"}], 0x1138}, 0x20000000) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000002c0)=0xffffffffffffffff, 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)={&(0x7f0000000280)='./file0\x00', r1}, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) [ 3044.156069][T29106] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3044.161655][T29106] ? __kasan_check_read+0x11/0x20 [ 3044.166697][T29106] handle_mm_fault+0x1b5/0x6b0 [ 3044.171472][T29106] __do_page_fault+0x536/0xdd0 [ 3044.176249][T29106] do_page_fault+0x38/0x590 [ 3044.180751][T29106] page_fault+0x39/0x40 [ 3044.184896][T29106] RIP: 0033:0x430906 [ 3044.188793][T29106] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3044.208436][T29106] RSP: 002b:00007fffbe9714c0 EFLAGS: 00010206 [ 3044.214518][T29106] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3044.222486][T29106] RDX: 0000555555c9b930 RSI: 0000555555ca3970 RDI: 0000000000000003 [ 3044.230454][T29106] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555c9a940 [ 3044.238424][T29106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3044.246394][T29106] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 16:55:06 executing program 2: r0 = socket$kcm(0xa, 0xe25c83f5df70b85e, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) [ 3044.266426][T29121] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3044.303940][T29106] memory: usage 940kB, limit 0kB, failcnt 507628 [ 3044.319348][T29133] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3044.329723][T29106] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3044.337014][T29106] Memory cgroup stats for /syz3: [ 3044.337103][T29106] anon 0 [ 3044.337103][T29106] file 155648 [ 3044.337103][T29106] kernel_stack 0 [ 3044.337103][T29106] slab 528384 [ 3044.337103][T29106] sock 0 [ 3044.337103][T29106] shmem 0 [ 3044.337103][T29106] file_mapped 0 [ 3044.337103][T29106] file_dirty 0 [ 3044.337103][T29106] file_writeback 0 [ 3044.337103][T29106] anon_thp 0 [ 3044.337103][T29106] inactive_anon 0 [ 3044.337103][T29106] active_anon 0 [ 3044.337103][T29106] inactive_file 0 [ 3044.337103][T29106] active_file 0 [ 3044.337103][T29106] unevictable 0 [ 3044.337103][T29106] slab_reclaimable 135168 [ 3044.337103][T29106] slab_unreclaimable 393216 [ 3044.337103][T29106] pgfault 79398 [ 3044.337103][T29106] pgmajfault 0 [ 3044.337103][T29106] workingset_refault 0 [ 3044.337103][T29106] workingset_activate 0 [ 3044.337103][T29106] workingset_nodereclaim 0 [ 3044.337103][T29106] pgrefill 0 [ 3044.337103][T29106] pgscan 371 [ 3044.337103][T29106] pgsteal 371 [ 3044.337103][T29106] pgactivate 0 [ 3044.337103][T29106] pgdeactivate 0 [ 3044.360824][T29122] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3044.952710][T29106] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29106,uid=0 [ 3044.980277][T29106] Memory cgroup out of memory: Killed process 29106 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB 16:55:07 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x7000000}, 0x0) 16:55:07 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) 16:55:07 executing program 2: r0 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0xffffffe9, 0x0}, 0x20004040) [ 3045.023955][ T1057] oom_reaper: reaped process 29106 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3045.141914][T29146] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3045.177935][T29148] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3045.193566][T29146] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:55:07 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:07 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net/syz1\x00', 0x1ff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)=@in6, 0x80, 0x0, 0x263}, 0x200008c4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:07 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000840)='memory.current\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000e80)={&(0x7f0000000880)=@in6={0xa, 0x4e24, 0x5, @local, 0x9}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000900)="6697d5f4d8381c276be7c609d4d74fed2dc9bd3c86adcd95aa9244546bd13d6dfb9019802cd97276c5c690ae0eff81ebd5de65c73369a4120dbb0f22b9228fa846f357a35186ba484cc1c15d19db416ee697583ea78b148e0de77567ec158c709bd07db591b90fdd68995234a21ba2b430db854a3e28e498d7ca65700f2d89365258cc93661550dd9f6663f2f701dd1f9c567891282b631105b7072249af50d51d18949cb513030e2b9da53a343d9780ec841e6837b59a3a6310d9873331ff21bc38c0a4059f7a2f987365a98a83ff", 0xcf}, {&(0x7f0000000a00)="43b148a30e39fd50d4582d6a51498e2724c7d60a8231e7fe149d15bb01ed86fd114336e30c9dcf8e9f6e49282fb5dccf90932599cd40891758507573bbf8496d983f1b18be8217436a5fa4c329ee5cb41ba1eb7cb4f00694", 0x58}, {&(0x7f0000000a80)="dc069fad77ff364e2da3436ae2d8b149869ed5c210ac08b43741754644c47b52ed48ffda009e4f55e664e3ac1fe9c42b79ae6a05e16ceb0a1d7e97b3e367e490c0042edf5b7dcfec287ce2a6e05fc8ca42651e6a3dda7ba3", 0xffffffffffffff58}, {&(0x7f0000000b00)="6d7480b8dd94", 0x6}, {&(0x7f00000001c0)="2c92f36d0e68388613d8aa9ac42bbd1cc6160dd367f063df43e31ed2c0884f0e9b8ad3b9c1581a695032", 0x2a}, {&(0x7f0000000200)="d6a2baacc3c2c564b321bb0c7a032509b836ad8de42be850531070a1e072ffffffffdaf25d0ee45518a906007abc017a6dbc4678d6d69526c4b8774943575af3dfa3bdef23cd9aaab81c9c8a01fd68d03b41d05c7e5f3c365d8c3c2df8856a5dbfe1710d99c975f8017f9f0507161bf3af6ebd00000000000000000076ff999196613eb37597ac532422c8a63bce9dff8c86ac91bf7426c18f873da37605e62fd6e652346dca49acb24fc5266d172bc074b91b3fced6d7cd9abf610f0f93ce7d69c2bfbcedef6a0bc6662b607d00"/220, 0xa1}, {&(0x7f0000000c40)="f47688710dcfca7229bd9b7a66db34c21ef299d8b2282af838d3b5cd2e00bff8dca9a95f9f42a9368e6dc84c2e3afdcf050ee447e2aec27c9739da6d3decdc81d0e47a2756b4f94871f185db3212547405be98e7f6fd4a54abd0345f3124208b511b8dc99fc0b3bb85d503cf55077e40f702ebaafc8a84d891cb3a0439786185ca13a3350987b6b602a0727eff0e2926183706566e139b71748983f5aa4ecfd14c3b2da104f2662aa36888315ae327", 0xaf}, {&(0x7f0000000d00)="17573cde7d95cdab08d6b6e2fc781c4fe234c0c8185d9badf16fe00f889b0c3b83b2f7ec73a2f2d7236ee518292130a737c302435d74da4ccaed842af51548e4b469290bbc97f3b486ee974edc2a5c9a91cec0291c606691676a67071c2fef108e46f4241235d2cd81c469c38f5063096f4dc8b9bd5e4390afbc6ddb77be2f2ad74ca3092481e7d8f46622f04baad8ba4526bc28f286f8e927226c17ed7bd126cade0a03d4e20c9c6a334638f4c1600fdb167fa9e0b2393b91388e11809d5b3d430aab45a01284501769eebf4458bb9ad28cb069ff05906e60e0ed63a4f47937210b6d8f9b", 0xe5}], 0x8}, 0x48080) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x88, 0x66, &(0x7f00000001c0), 0xfedc) r2 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000140)='./file0\x00'}, 0x10) sendmsg$kcm(r2, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) 16:55:07 executing program 1: perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) [ 3045.666740][T29156] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3045.820765][T29159] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3045.857109][T29164] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3046.342808][T29167] IPVS: ftp: loaded support on port[0] = 21 [ 3046.626382][T29167] chnl_net:caif_netlink_parms(): no params data found [ 3046.717599][T29167] bridge0: port 1(bridge_slave_0) entered blocking state [ 3046.725946][T29167] bridge0: port 1(bridge_slave_0) entered disabled state [ 3046.736682][T29167] device bridge_slave_0 entered promiscuous mode [ 3046.746023][T29167] bridge0: port 2(bridge_slave_1) entered blocking state [ 3046.753744][T29167] bridge0: port 2(bridge_slave_1) entered disabled state [ 3046.762327][T29167] device bridge_slave_1 entered promiscuous mode [ 3046.828440][T29167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3046.840636][T29167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3046.904852][T29167] team0: Port device team_slave_0 added [ 3046.912633][T29167] team0: Port device team_slave_1 added [ 3047.036615][T29167] device hsr_slave_0 entered promiscuous mode [ 3047.073735][T29167] device hsr_slave_1 entered promiscuous mode [ 3047.113200][T29167] debugfs: Directory 'hsr0' with parent '/' already present! [ 3047.192006][T29167] bridge0: port 2(bridge_slave_1) entered blocking state [ 3047.199210][T29167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3047.206632][T29167] bridge0: port 1(bridge_slave_0) entered blocking state [ 3047.213759][T29167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3047.298742][T29167] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3047.354435][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3047.366423][T16725] bridge0: port 1(bridge_slave_0) entered disabled state [ 3047.375152][T16725] bridge0: port 2(bridge_slave_1) entered disabled state [ 3047.385031][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3047.400722][T29167] 8021q: adding VLAN 0 to HW filter on device team0 [ 3047.457963][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3047.466974][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 3047.475802][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3047.494782][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3047.504995][ T854] bridge0: port 2(bridge_slave_1) entered blocking state [ 3047.512063][ T854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3047.576816][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3047.593444][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3047.604684][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3047.626688][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3047.636011][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3047.691546][T29167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3047.775147][T29167] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3048.063408][T29176] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3048.076538][T29176] CPU: 0 PID: 29176 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3048.084528][T29176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3048.094586][T29176] Call Trace: [ 3048.097888][T29176] dump_stack+0x172/0x1f0 [ 3048.102227][T29176] dump_header+0x10b/0x82d [ 3048.106647][T29176] oom_kill_process.cold+0x10/0x15 [ 3048.111761][T29176] out_of_memory+0x79a/0x12c0 [ 3048.116440][T29176] ? __sched_text_start+0x8/0x8 [ 3048.121287][T29176] ? oom_killer_disable+0x280/0x280 [ 3048.126497][T29176] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3048.132038][T29176] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3048.137682][T29176] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3048.143485][T29176] ? cgroup_file_notify+0x140/0x1b0 [ 3048.148695][T29176] memory_max_write+0x262/0x3a0 [ 3048.153549][T29176] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3048.160306][T29176] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3048.165780][T29176] cgroup_file_write+0x241/0x790 [ 3048.170718][T29176] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3048.177486][T29176] ? cgroup_migrate_add_task+0x890/0x890 [ 3048.183129][T29176] ? cgroup_migrate_add_task+0x890/0x890 [ 3048.188761][T29176] kernfs_fop_write+0x2b8/0x480 [ 3048.193616][T29176] __vfs_write+0x8a/0x110 [ 3048.197939][T29176] ? kernfs_fop_open+0xd80/0xd80 [ 3048.202873][T29176] vfs_write+0x268/0x5d0 [ 3048.207114][T29176] ksys_write+0x14f/0x290 [ 3048.211448][T29176] ? __ia32_sys_read+0xb0/0xb0 [ 3048.216212][T29176] ? do_syscall_64+0x26/0x6a0 [ 3048.220884][T29176] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3048.226944][T29176] ? do_syscall_64+0x26/0x6a0 [ 3048.231624][T29176] __x64_sys_write+0x73/0xb0 [ 3048.236214][T29176] do_syscall_64+0xfd/0x6a0 [ 3048.240717][T29176] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3048.246613][T29176] RIP: 0033:0x459829 [ 3048.250505][T29176] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3048.270200][T29176] RSP: 002b:00007f914df72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3048.278789][T29176] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3048.286757][T29176] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3048.294724][T29176] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3048.302689][T29176] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f914df736d4 [ 3048.310656][T29176] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3048.376230][T29176] memory: usage 3836kB, limit 0kB, failcnt 2838420 [ 3048.383138][T29176] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3048.390156][T29176] Memory cgroup stats for /syz4: [ 3048.391610][T29176] anon 2138112 [ 3048.391610][T29176] file 602112 [ 3048.391610][T29176] kernel_stack 0 [ 3048.391610][T29176] slab 917504 [ 3048.391610][T29176] sock 0 [ 3048.391610][T29176] shmem 323584 [ 3048.391610][T29176] file_mapped 0 [ 3048.391610][T29176] file_dirty 0 [ 3048.391610][T29176] file_writeback 0 [ 3048.391610][T29176] anon_thp 2097152 [ 3048.391610][T29176] inactive_anon 270336 [ 3048.391610][T29176] active_anon 2138112 [ 3048.391610][T29176] inactive_file 0 [ 3048.391610][T29176] active_file 0 [ 3048.391610][T29176] unevictable 0 [ 3048.391610][T29176] slab_reclaimable 270336 [ 3048.391610][T29176] slab_unreclaimable 647168 [ 3048.391610][T29176] pgfault 104709 [ 3048.391610][T29176] pgmajfault 0 [ 3048.391610][T29176] workingset_refault 0 [ 3048.391610][T29176] workingset_activate 0 [ 3048.391610][T29176] workingset_nodereclaim 0 [ 3048.391610][T29176] pgrefill 0 [ 3048.391610][T29176] pgscan 37 [ 3048.391610][T29176] pgsteal 37 [ 3048.391610][T29176] pgactivate 0 [ 3048.491249][T29176] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29175,uid=0 [ 3048.520687][T29176] Memory cgroup out of memory: Killed process 29175 (syz-executor.4) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 3048.539444][ T1057] oom_reaper: reaped process 29175 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:55:10 executing program 2: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0, 0x4e}, 0x20004040) 16:55:10 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xa000000}, 0x0) 16:55:10 executing program 1: perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) 16:55:10 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:10 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x0, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:55:10 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net/syz1\x00', 0x1ff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)=@in6, 0x80, 0x0, 0x263}, 0x200008c4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3048.632621][T29167] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3048.651675][T29183] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3048.669885][T29181] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3048.673793][T29167] CPU: 0 PID: 29167 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3048.687175][T29167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3048.697234][T29167] Call Trace: [ 3048.700523][T29167] dump_stack+0x172/0x1f0 [ 3048.704854][T29167] dump_header+0x10b/0x82d [ 3048.709624][T29167] ? oom_kill_process+0x94/0x3f0 [ 3048.714564][T29167] oom_kill_process.cold+0x10/0x15 [ 3048.719674][T29167] out_of_memory+0x79a/0x12c0 [ 3048.724343][T29167] ? lock_downgrade+0x920/0x920 [ 3048.724359][T29167] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3048.724386][T29167] ? oom_killer_disable+0x280/0x280 [ 3048.740216][T29167] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3048.745771][T29167] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3048.751406][T29167] ? do_raw_spin_unlock+0x57/0x270 [ 3048.756511][T29167] ? _raw_spin_unlock+0x2d/0x50 [ 3048.761364][T29167] try_charge+0xf4b/0x1440 [ 3048.765778][T29167] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3048.771317][T29167] ? percpu_ref_tryget_live+0x111/0x290 [ 3048.776874][T29167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3048.783119][T29167] ? __kasan_check_read+0x11/0x20 [ 3048.788156][T29167] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3048.793711][T29167] mem_cgroup_try_charge+0x136/0x590 [ 3048.799005][T29167] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3048.804645][T29167] wp_page_copy+0x421/0x15e0 [ 3048.809237][T29167] ? find_held_lock+0x35/0x130 [ 3048.814015][T29167] ? pmd_pfn+0x1d0/0x1d0 [ 3048.818267][T29167] ? lock_downgrade+0x920/0x920 [ 3048.823137][T29167] ? swp_swapcount+0x540/0x540 [ 3048.827899][T29167] ? __kasan_check_read+0x11/0x20 [ 3048.832923][T29167] ? do_raw_spin_unlock+0x57/0x270 [ 3048.838037][T29167] do_wp_page+0x499/0x14d0 [ 3048.842460][T29167] ? finish_mkwrite_fault+0x570/0x570 [ 3048.847844][T29167] __handle_mm_fault+0x22f7/0x3f20 [ 3048.852979][T29167] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3048.858545][T29167] ? __kasan_check_read+0x11/0x20 [ 3048.863577][T29167] handle_mm_fault+0x1b5/0x6b0 [ 3048.868349][T29167] __do_page_fault+0x536/0xdd0 [ 3048.873135][T29167] do_page_fault+0x38/0x590 [ 3048.877648][T29167] page_fault+0x39/0x40 [ 3048.881802][T29167] RIP: 0033:0x430906 [ 3048.885697][T29167] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3048.905306][T29167] RSP: 002b:00007ffe3177f620 EFLAGS: 00010206 [ 3048.911383][T29167] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3048.919364][T29167] RDX: 0000555555f7c930 RSI: 0000555555f84970 RDI: 0000000000000003 16:55:11 executing program 2: r0 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000740)={&(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @broadcast}, 0x0, 0x4, 0x4, 0x1}}, 0x80, &(0x7f0000000580)=[{&(0x7f00000001c0)="0c80e67898b19091dafecbd395f405a2024fc3a77b3065443a7432cf9c456f29c96e169f5f67525586edd0ea455596869104dc4be8a641f4e3bdaa3583533bcbdb6241bb8e726cb4adcf7c5508a532d2b33cf98d56a2f3f414ea6970a2f1f2b14ff948a581a4b7a9b8888e5d220d547b1fdf76a0ff8fafc8e175504bec888d17b6edc046b7dc225a6e4b9245c56add64b194115d5024ef875c08b469dc0e099cd041381cab7eaa852a0b42f6e11f35338244659551b451e6165b33a8fa0e4825a5a0e212c0eced33b6f280a08cfcc00a47cb226d7f949ecb", 0xd8}, {&(0x7f00000002c0)="47af47fc08e5a834ab759ab10c39871e5041ec71d7630874b2be35ef956704acc69edd", 0x23}, {&(0x7f0000000300)="80668c48b5ba45b69ba2d1697b9549e4a8eb1abed0a651f2eadae2523ed5b7db3de1fc368db0029f78b73c7be1e682ad19857f8d1facaa1020bf5c9baf549b160064bc394b4b356d1adeb6a213eeca2c78c7dff7aa48ade7996e721056fcb162fa8604d20f8c4c9a1ae7ee2c0f358cc32003a87a9634a28ef9d1586fd00d8d1d678ea3806ea859cfe2f01cd000614fe5f37c24894572bad06de524db26a991da4940648173ec9ec22ba5b4f563bb9a5b4467faac33bb4dfc30f171cdc77169a14d8d1248a07a77542d86f31cb42a88f37c77afac7f4dfd434ac0fe0a4ebc", 0xde}, {&(0x7f0000000400)="362d33e5c0ff4903f6eef3d73cf07615cf8860e57cd79ac63e31cadc7b00b609c3da277aefaf37413e91f1631c3b7486d94b5d4c7c9c", 0x36}, {&(0x7f0000000440)="7a7f3ff192ea8dbebd2939cab805ebd16821fbe0ed3cca46a03583970c49a3169a89d05d1602f9b5cb2379aef611b10273970e", 0x33}, {&(0x7f0000000480)="81dc01890430c00e6179577609ebfb4b13f05f91873c22acb26c036715f9fe0126a202353754c6c1ccea83349b38fefadabf620fccecbb8f5ee317ad05579f92fab3764ac1638b167917736f0ccc3cb126af0a96f6f9208a4dc3edc90ef95cced3d69707756700882b9b47a5e8140a94a4eae99f63dc74d68a8d147f2142904917ee8da1f7685beda579737ca9cbe175b4c22f8bcfd9bc48d6908568e8b26d1109938651226d1c07fe6dd2fdfd730d31ae317b060b6ba6e3ddbd1f50ff10fe451b9e148f7861060a6bea39a03988c2dc569899374b80338eb7b0", 0xda}], 0x6, &(0x7f0000000600)=[{0xe8, 0x10f, 0xc7, "283380af1d03c6967176bb3be68fd09367f45786faa7c01f77ac7401120e16fbbd77a151c408746c410e24b74449e75cb132e3d20c53d0a3372daf2f37d92e0d8695be423cccd53ce223d88fe53af33f780965651b1ee6177f594d82bb77fcdc4ebb7fc602a16e9ff6b7ecc295f7d1a6f52fba865ed7f8b57806a6b5dfa3e0b9f9c0d343c6bf5b5655d8a8a793c2011b6f1ac857db75d82a974c6480d3056b6da7e2fce48daf60f8d8bb6efc4951373dddc14a74ddf8b1d4f1d84c74fd8aaa292dfa6cac11798cb7526e15f93ec02f47adb26335b8"}], 0xe8}, 0x814) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000780)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) [ 3048.927344][T29167] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555f7b940 [ 3048.935320][T29167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3048.943299][T29167] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3048.966406][T29183] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3048.993105][T29167] memory: usage 1504kB, limit 0kB, failcnt 2838428 [ 3049.003902][T29167] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3049.035625][T29184] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3049.038246][T29167] Memory cgroup stats for /syz4: [ 3049.038347][T29167] anon 0 [ 3049.038347][T29167] file 602112 [ 3049.038347][T29167] kernel_stack 0 [ 3049.038347][T29167] slab 917504 [ 3049.038347][T29167] sock 0 [ 3049.038347][T29167] shmem 323584 [ 3049.038347][T29167] file_mapped 0 [ 3049.038347][T29167] file_dirty 0 [ 3049.038347][T29167] file_writeback 0 [ 3049.038347][T29167] anon_thp 0 [ 3049.038347][T29167] inactive_anon 270336 [ 3049.038347][T29167] active_anon 0 [ 3049.038347][T29167] inactive_file 0 [ 3049.038347][T29167] active_file 0 [ 3049.038347][T29167] unevictable 0 [ 3049.038347][T29167] slab_reclaimable 270336 [ 3049.038347][T29167] slab_unreclaimable 647168 [ 3049.038347][T29167] pgfault 104709 [ 3049.038347][T29167] pgmajfault 0 [ 3049.038347][T29167] workingset_refault 0 [ 3049.038347][T29167] workingset_activate 0 [ 3049.038347][T29167] workingset_nodereclaim 0 [ 3049.038347][T29167] pgrefill 0 [ 3049.038347][T29167] pgscan 37 [ 3049.038347][T29167] pgsteal 37 16:55:11 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) [ 3049.038347][T29167] pgactivate 0 16:55:11 executing program 2: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0xfffffffffffffe9a, 0x0}, 0x24000001) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0xa, [@int={0x9, 0x0, 0x0, 0x1, 0x0, 0x14, 0x0, 0x5c, 0x2}]}, {0x0, [0x30, 0x2e, 0x2e, 0x61, 0x1a01fe4ae725ca93, 0x2e, 0x2e, 0x5f]}}, &(0x7f0000000440)=""/124, 0x32, 0x7c, 0x1}, 0x20) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000180)={r0}) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000580)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10010}, 0x3ab) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r1, 0xc0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=0x5, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x7, 0x3}, 0x0, 0x0, &(0x7f0000000240)={0x5, 0xe, 0x8, 0x8}, &(0x7f0000000280)=0x64d, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=0x800000000004}}, 0x10) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000500)=r1, 0x4) 16:55:11 executing program 2: r0 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) socket$kcm(0x29, 0x7, 0x0) sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000140)=@ipx={0x4, 0x0, 0x0, "dec5b7f1676f"}, 0x80, &(0x7f0000000240)=[{&(0x7f00000001c0)="57a0461fee22c5074d5f9fd4bde9c17b163ebe3febf886eb8bad998ede8451978b424b8fd447ad462580141695d05abefda0af853ad9b2b665031fb21742fc5a395507cf07200fd628", 0x49}], 0x1, &(0x7f0000000280)=[{0x98, 0x117, 0x0, "76f1ef0c377c17a8696be385d08592a4aacd381298119b27327b5de00fd78f2e39cf23de2ab14ee64ed60db7bf5f8b3a01c49c383690094d6259b876ab4b33c022edc4c0a1031c47f6a4d6d561ce5d5c8a4a8c85a85d193056a3ba1df87ab8a96a8029084ef78e9e9c6bbf947a812f1c4e5820b91913c911c1777cfefcd3ccbc9c4b"}, {0xc0, 0x107, 0x80e7, "27f64c14a750acea3d072b5f104860ba65096f30d9d7f64a00b5e5beee615ed7aeae6c918385c459e63d4f901e74b78be136c42875eddf75fe1690588549e19b893c4e33e95f323c521b9fe6968f84821612cb9f4b6912e266bbd042e21726e35154a05f4f903e01bfe63aedc6df9d628ebeb28427fe2c0ee59f86f00f6ba21c9da255bf3989fdadc931174aa6d75ee18021994930538903f12c649caa87d349e9524475fb7658a35036e1fc"}], 0x158}, 0x800) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) socket$kcm(0x29, 0x2, 0x0) [ 3049.339219][T29185] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:11 executing program 2: r0 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) r1 = gettid() r2 = perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x1, 0x6, 0x40, 0x1, 0x0, 0xff, 0x1000, 0x6, 0x8, 0xfffffffffffffff9, 0x0, 0x9, 0x5a19, 0x101, 0x2, 0x3, 0x81, 0x3, 0x4, 0x43b2, 0xfc000000000000, 0x1, 0x7, 0x7, 0x1, 0x0, 0x1f, 0x2, 0x10001, 0xe2, 0x1000, 0x9, 0x1000, 0x0, 0xf0, 0x6, 0x0, 0x1ff, 0x4, @perf_bp={&(0x7f0000000240), 0xb}, 0x2000, 0x7, 0x1, 0x5, 0xfffffffffffffffa, 0x2, 0x6}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f00000001c0)={0x4, 0x70, 0x1, 0x4, 0x0, 0x3ff, 0x0, 0x7, 0x4, 0x4, 0xa5f, 0x3f, 0x10001, 0x1, 0x159f, 0x1ff, 0x7fff, 0x2, 0x100000000, 0x80000000, 0x1, 0x20, 0x5ff, 0x80000001, 0x2, 0xfffffffffffffffe, 0x4, 0x2, 0x4, 0xfffffffffffffffa, 0x2, 0x6, 0x6, 0x0, 0x8, 0x80, 0xfff, 0x40, 0x0, 0x10000, 0x4, @perf_config_ext={0x3f, 0x6}, 0x288, 0x2, 0x6, 0x2, 0xfffffffffffffff7, 0x6f3, 0x106}, r1, 0x8, r2, 0x1) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r2, 0x4008240b, &(0x7f0000000140)={0x0, 0x70, 0x2, 0xe1, 0xd51e, 0x6, 0x0, 0x9, 0x800, 0x2, 0x0, 0x5, 0x100000001, 0x8, 0x20, 0x5, 0x7fff, 0x100000001, 0xfab4, 0x1, 0x6, 0xffff, 0x6, 0x8, 0x4, 0x3f, 0xffffffffffff8001, 0x1, 0x300, 0x4, 0x4b, 0x8, 0x7f, 0x3, 0x7, 0x5, 0x6, 0x80000001, 0x0, 0x517e8426, 0x2, @perf_config_ext={0x7, 0x8}, 0xa307103c7764f009, 0x8, 0x6, 0x3, 0x7, 0x5, 0x6}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000300)='ppp0\xeevmnet0\x00', 0xffffffffffffffff}, 0x30) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0xeb) [ 3049.493995][T29167] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29167,uid=0 16:55:11 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xe000000}, 0x0) [ 3049.571447][T29167] Memory cgroup out of memory: Killed process 29167 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3049.599838][T29194] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3049.612129][T29207] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3049.622033][ T1057] oom_reaper: reaped process 29167 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 16:55:12 executing program 2: r0 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x11e, 0x0}, 0x20004040) 16:55:12 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) 16:55:12 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf000000}, 0x0) [ 3049.864417][T29221] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3050.209543][T29214] __nla_validate_parse: 2 callbacks suppressed [ 3050.209552][T29214] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3050.297302][T29221] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3050.337992][T29221] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3050.583901][T29226] IPVS: ftp: loaded support on port[0] = 21 [ 3050.779450][T29226] chnl_net:caif_netlink_parms(): no params data found [ 3050.860656][T29226] bridge0: port 1(bridge_slave_0) entered blocking state [ 3050.867900][T29226] bridge0: port 1(bridge_slave_0) entered disabled state [ 3050.877571][T29226] device bridge_slave_0 entered promiscuous mode [ 3050.938297][T29226] bridge0: port 2(bridge_slave_1) entered blocking state [ 3050.947735][T29226] bridge0: port 2(bridge_slave_1) entered disabled state [ 3050.956623][T29226] device bridge_slave_1 entered promiscuous mode [ 3051.025256][T29226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3051.037797][T29226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3051.065576][T29226] team0: Port device team_slave_0 added [ 3051.075097][T29226] team0: Port device team_slave_1 added [ 3051.176521][T29226] device hsr_slave_0 entered promiscuous mode [ 3051.214152][T29226] device hsr_slave_1 entered promiscuous mode [ 3051.253083][T29226] debugfs: Directory 'hsr0' with parent '/' already present! [ 3051.438168][T29226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3051.458691][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3051.468350][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3051.516706][T29226] 8021q: adding VLAN 0 to HW filter on device team0 [ 3051.530729][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3051.554110][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3051.562661][T16629] bridge0: port 1(bridge_slave_0) entered blocking state [ 3051.569766][T16629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3051.625442][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3051.634522][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3051.644021][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3051.652669][ T3517] bridge0: port 2(bridge_slave_1) entered blocking state [ 3051.659757][ T3517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3051.719107][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3051.729861][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3051.750355][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3051.760046][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3051.769825][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3051.779851][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3051.838220][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3051.846597][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3051.855950][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3051.866088][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3051.875690][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3051.887960][T29226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3051.966716][T29226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3052.181094][T29234] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3052.192018][T29234] CPU: 1 PID: 29234 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3052.199992][T29234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3052.210080][T29234] Call Trace: [ 3052.213357][T29234] dump_stack+0x172/0x1f0 [ 3052.217673][T29234] dump_header+0x10b/0x82d [ 3052.222211][T29234] oom_kill_process.cold+0x10/0x15 [ 3052.227301][T29234] out_of_memory+0x79a/0x12c0 [ 3052.231979][T29234] ? __sched_text_start+0x8/0x8 [ 3052.236806][T29234] ? oom_killer_disable+0x280/0x280 [ 3052.241989][T29234] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3052.247512][T29234] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3052.253129][T29234] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3052.258915][T29234] ? cgroup_file_notify+0x140/0x1b0 [ 3052.264097][T29234] memory_max_write+0x262/0x3a0 [ 3052.268941][T29234] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3052.275706][T29234] ? lock_acquire+0x190/0x410 [ 3052.280375][T29234] ? kernfs_fop_write+0x227/0x480 [ 3052.285417][T29234] cgroup_file_write+0x241/0x790 [ 3052.290338][T29234] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3052.297228][T29234] ? cgroup_migrate_add_task+0x890/0x890 [ 3052.302841][T29234] ? cgroup_migrate_add_task+0x890/0x890 [ 3052.308455][T29234] kernfs_fop_write+0x2b8/0x480 [ 3052.313286][T29234] __vfs_write+0x8a/0x110 [ 3052.317609][T29234] ? kernfs_fop_open+0xd80/0xd80 [ 3052.322532][T29234] vfs_write+0x268/0x5d0 [ 3052.326764][T29234] ksys_write+0x14f/0x290 [ 3052.331075][T29234] ? __ia32_sys_read+0xb0/0xb0 [ 3052.335825][T29234] ? do_syscall_64+0x26/0x6a0 [ 3052.340487][T29234] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3052.346530][T29234] ? do_syscall_64+0x26/0x6a0 [ 3052.351186][T29234] __x64_sys_write+0x73/0xb0 [ 3052.355787][T29234] do_syscall_64+0xfd/0x6a0 [ 3052.360406][T29234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3052.366296][T29234] RIP: 0033:0x459829 [ 3052.370189][T29234] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3052.389779][T29234] RSP: 002b:00007f9bdb0a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3052.398178][T29234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3052.406128][T29234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3052.414076][T29234] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3052.422110][T29234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9bdb0a26d4 [ 3052.430061][T29234] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3052.454147][T29234] memory: usage 3288kB, limit 0kB, failcnt 507629 [ 3052.460823][T29234] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3052.483277][T29234] Memory cgroup stats for /syz3: [ 3052.484884][T29234] anon 2117632 [ 3052.484884][T29234] file 155648 [ 3052.484884][T29234] kernel_stack 65536 [ 3052.484884][T29234] slab 663552 [ 3052.484884][T29234] sock 0 [ 3052.484884][T29234] shmem 0 [ 3052.484884][T29234] file_mapped 0 [ 3052.484884][T29234] file_dirty 0 [ 3052.484884][T29234] file_writeback 0 [ 3052.484884][T29234] anon_thp 2097152 [ 3052.484884][T29234] inactive_anon 0 [ 3052.484884][T29234] active_anon 2117632 [ 3052.484884][T29234] inactive_file 0 [ 3052.484884][T29234] active_file 0 [ 3052.484884][T29234] unevictable 0 [ 3052.484884][T29234] slab_reclaimable 135168 [ 3052.484884][T29234] slab_unreclaimable 528384 [ 3052.484884][T29234] pgfault 79464 [ 3052.484884][T29234] pgmajfault 0 [ 3052.484884][T29234] workingset_refault 0 [ 3052.484884][T29234] workingset_activate 0 [ 3052.484884][T29234] workingset_nodereclaim 0 [ 3052.484884][T29234] pgrefill 0 [ 3052.484884][T29234] pgscan 371 [ 3052.484884][T29234] pgsteal 371 [ 3052.484884][T29234] pgactivate 0 [ 3052.592616][T29234] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3 [ 3052.594862][T29234] ,task_memcg=/syz3,task=syz-executor.3,pid=29232,uid=0 [ 3052.612553][T29234] Memory cgroup out of memory: Killed process 29232 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3052.635066][ T1057] oom_reaper: reaped process 29232 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 16:55:15 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:15 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:15 executing program 2: r0 = socket$kcm(0xa, 0x21, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) 16:55:15 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) 16:55:15 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x20000000}, 0x0) 16:55:15 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x0, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3052.925292][T29236] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3052.933225][T29226] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3052.943693][T29236] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:55:15 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x40000000}, 0x0) [ 3052.966573][T29240] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3052.978329][T29226] CPU: 1 PID: 29226 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3052.986334][T29226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3052.996386][T29226] Call Trace: [ 3052.999700][T29226] dump_stack+0x172/0x1f0 [ 3053.004041][T29226] dump_header+0x10b/0x82d [ 3053.008457][T29226] ? oom_kill_process+0x94/0x3f0 [ 3053.013395][T29226] oom_kill_process.cold+0x10/0x15 [ 3053.018515][T29226] out_of_memory+0x79a/0x12c0 [ 3053.023195][T29226] ? lock_downgrade+0x920/0x920 [ 3053.028052][T29226] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3053.033868][T29226] ? oom_killer_disable+0x280/0x280 [ 3053.039193][T29226] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3053.044757][T29226] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3053.050400][T29226] ? do_raw_spin_unlock+0x57/0x270 [ 3053.055518][T29226] ? _raw_spin_unlock+0x2d/0x50 [ 3053.060392][T29226] try_charge+0xf4b/0x1440 [ 3053.064850][T29226] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3053.070413][T29226] ? percpu_ref_tryget_live+0x111/0x290 [ 3053.075961][T29226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3053.082205][T29226] ? __kasan_check_read+0x11/0x20 [ 3053.087238][T29226] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3053.091275][T29245] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3053.092796][T29226] mem_cgroup_try_charge+0x136/0x590 [ 3053.092819][T29226] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3053.092836][T29226] wp_page_copy+0x421/0x15e0 [ 3053.092857][T29226] ? find_held_lock+0x35/0x130 [ 3053.116657][T29245] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3053.121131][T29226] ? pmd_pfn+0x1d0/0x1d0 [ 3053.121151][T29226] ? lock_downgrade+0x920/0x920 [ 3053.121171][T29226] ? swp_swapcount+0x540/0x540 [ 3053.144271][T29226] ? __kasan_check_read+0x11/0x20 [ 3053.149327][T29226] ? do_raw_spin_unlock+0x57/0x270 [ 3053.154459][T29226] do_wp_page+0x499/0x14d0 [ 3053.158900][T29226] ? finish_mkwrite_fault+0x570/0x570 [ 3053.164334][T29226] __handle_mm_fault+0x22f7/0x3f20 [ 3053.169475][T29226] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3053.175047][T29226] ? __kasan_check_read+0x11/0x20 [ 3053.180095][T29226] handle_mm_fault+0x1b5/0x6b0 [ 3053.184875][T29226] __do_page_fault+0x536/0xdd0 [ 3053.189657][T29226] do_page_fault+0x38/0x590 [ 3053.194185][T29226] page_fault+0x39/0x40 [ 3053.198348][T29226] RIP: 0033:0x4034f2 [ 3053.202286][T29226] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 3053.221913][T29226] RSP: 002b:00007ffd3fc4cca0 EFLAGS: 00010246 [ 3053.228001][T29226] RAX: 0000000000000000 RBX: 00000000002e925a RCX: 0000000000413430 [ 3053.235991][T29226] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd3fc4ddd0 [ 3053.243973][T29226] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556570940 [ 3053.251956][T29226] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd3fc4ddd0 [ 3053.259936][T29226] R13: 00007ffd3fc4ddc0 R14: 0000000000000000 R15: 00007ffd3fc4ddd0 16:55:15 executing program 2: r0 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x44, 0x0, 0x0, 0x0, 0x1c}, 0x20004040) sendmsg$kcm(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000180)="9558f865a62176a6fa11195cf09969ed655e6acf2ef60982eaec11f2c5ac9e8d196de719c27fc7c32aff6366652391653d8403d4411a1f0b4454c7615f6a37620deb0183af825dc9d3b3039ea71f3db26572229e266696c3f6da6d08c36cc7588dfc96518123ade2e004ed913e2dfc7ea8d2ee46490b3b32767e7d414640eca848ac219f1c5f8eee37f4c142309d91c1c82cd2b022a3d642550a97a172d6977c1119ac126c9841b93caa57fe68aaa29bdab800a20b8053a09b9e41849e2a31690a9704df3b09a002894c6d6c0acbf2aab2de93c9f3a1efce71d232fa7b5d0e1f2ccc34e487a8655b7c9fd7", 0xeb}, {&(0x7f0000000280)="3504e6f378c4ec79e22c3bc39087ddc33d36e45e93fa6b", 0x17}, {&(0x7f00000002c0)="a1876d87f9e65ade9352b263738e1e21975b773680ec11933b0565b6e71f0d36d7f18d81cdf2746ec631e07fa03c967657aacb8d253b58", 0x37}, {&(0x7f0000000300)="7a2f0868b6e21306132178f80171796357ef7f7d64ad9d6889a4ffe02dc524a5b4f2a6b8e68dece1bc3c285de3be1e78e84fa191caebfa2f302cf47b077f9a607ad0747ded7c66d1215d7067d02bd8a2fe6c88d39302b6da6c5d9656b89c", 0x5e}, {&(0x7f0000000380)="a8e7c3a7da308dee60c5467dccd0a4efd735ca81f4c260d248db7881d7d6974232f626f79f94f7e2811b26a1e55aed192a64c9377d4f0559eecfafab401e5a2982b6aa987a89e88ac7f9dc4d040c08c4710587b57bd0a21724eac7a40ee10b39098122a16b60c25dc923b6bc5d8b0df7415f3fb00995b412f3f6e6a9174e1c11", 0x80}, {&(0x7f0000000400)="6b9345c5879840999a649c20904cdcc3edc747f697f72b92ab21ea7d14555c877a0c32f60ae1fa40bfe086e50d4c936e0950722692d8ad22e396ca71c8fd10f5235ebfb6c4793d68ce92248f74e3e8af3ad07a", 0x53}, {&(0x7f0000000480)="e9c6ebfd2b0691aacf6954f4ea5e95954f85e145039e35bceb948832d12e3380c7a8c9dd17da26aeeee59d67b6b979137dd3081d0ec0d5a70f7d869db49e96b2cc8c9e0bc866f671fae2ac61f9b0f21175d7f629aac5de8c3e31596d1d113928c108cee9927b8d3689f3b76f7111488a8b6070746df10b4b258ceded852189fc9d", 0x81}], 0x7, &(0x7f00000005c0)=[{0xb8, 0x10a, 0x3ff, "7fce8c627fc6e2ae4489d5c33d09a246fbf3541fc7f590ed334a0042395503211cbee8915cf5e1e60432d722dd6577bf03f64eb9c730d10417f4421e69671ef6050e60969214634101ce3fb3b5d0c37de8a53876a33e1ae0790a14a6abd7dfad8bbe070076e87cd53c8c2e17baba36ec45654ffb0a988a455b03f5e611c10780a0735d34b12f0b8532e765dfac9eb5ecbad0a741f3a37dcd3d24a2779b38e550ab"}, {0x40, 0x103, 0x8, "53933bcf3f5e78f4aa992cc3c3b27c5ff60b737e70dabe0fb04abd83b1b69702c5cda79029dce78d7d5691"}, {0x80, 0x1, 0x200, "a9909134a78c91e7150a1df56e4ade6edee044fd0eabed99f20fcd671e7b74814e431b5d29030d9050fb8a3b0452f7707cf74f6339170914a46b80745834ec236221953a79b50fba51fc817d913faff1f0cc6929b0b61f649dafca51abc5ef3eb8e04353c6cff542099faabdef0c"}, {0x60, 0x1, 0x6, "6cc3236faa14782d8da19e619602b1365b40b9ba1e3b5fead3a472671f4e93fa0dbd8ff7c25c7f42cf2cdf00b3982a28d6221ef0bc2d0859feac321f7f1f2e4460e2b9617212a2a897e7fb8f88c8"}, {0xe0, 0x103, 0x82fc, "5b5ee4b4096cd99a4fb252f194b99ce1c23cbebb38a79a2c99c7857152f2c485faae76c3155c850057b9b70626bf2c6c6ec25a2fbfe081e7915e80ee72bf3652596f4b81b240d6fba784ac28c3f2ecb2e9620ccf8094a970966a1bbc11264edbe126268ff97f8b32a7eb35b54509e553ee790dfef59552d6c4ee926a6e14e56af07ecdf542454444b3f1efa3873a7d513cde96a2c26b89299cb8d6cc4fecdc4839a2717feb264b50e09ce217adfd116d3032355a4b92f698e7acb4b6be2881f6be298c929e69a540fbf3743e80"}, {0xe8, 0x116, 0xff, "3f46c57b98c7e4692f40cb643d5a244cff5f0d0dc8b1948270452f216d1742d520903c207233c6e2b92ad47451d9caca6f567c05ced246618a45f908b20a6c89ddd91febddccd4490194aa9012ab888df2f26521baacdd82484743ebe003576df2e090d3ae6266d8fcfc05245f2d96663e1e38fe6b9cafba4b576b298fe254ec863ce6964b1525cf81fdf49f7c09e98c97d036ff269fa9d746908150004e7c5f912c9662aa80033294489e7e85842ed1d918a4779e970b5fdd574f613a223bce11661bc24e4b89833cb47a5691ba334b4e9e30"}, {0xf8, 0xff, 0x91, "efda8829f561d169493e6ef0fe770d3fe1a0da214a163138de9b4cef6527be8d32233070d3fbb6b57a349417ae0be55d9a1712f72609cf5e97d9ab39e075212d66a28fe02cc07c404fe2ef33699ecc818f7062c12f9eb674e5fd3df9e38e938d38b49d14c9e3241c65406f47d5f1cb0e8aaf590ab81f9f75f7fd1f24b39b4c40b4e28c9e2484a1dadb21e32b00a55ef3a60004dadb205b763b17a25da8331649ef60243beb945c5051b92725f2bbdbe2d4e8a5221da9d20ad15e771c298e66017b3b7f5b5631ad9c62bf33cc91d909b754a21ebe99052504b0c313163030dc0572a0910f"}], 0x498}, 0x40810) [ 3053.314465][T29239] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3053.343022][T29226] memory: usage 960kB, limit 0kB, failcnt 507637 [ 3053.351777][T29226] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3053.359792][T29249] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3053.377564][T29226] Memory cgroup stats for /syz3: [ 3053.377669][T29226] anon 16384 [ 3053.377669][T29226] file 155648 [ 3053.377669][T29226] kernel_stack 0 [ 3053.377669][T29226] slab 663552 [ 3053.377669][T29226] sock 0 [ 3053.377669][T29226] shmem 0 [ 3053.377669][T29226] file_mapped 0 [ 3053.377669][T29226] file_dirty 0 [ 3053.377669][T29226] file_writeback 0 [ 3053.377669][T29226] anon_thp 0 [ 3053.377669][T29226] inactive_anon 0 [ 3053.377669][T29226] active_anon 16384 [ 3053.377669][T29226] inactive_file 0 [ 3053.377669][T29226] active_file 0 [ 3053.377669][T29226] unevictable 0 [ 3053.377669][T29226] slab_reclaimable 135168 [ 3053.377669][T29226] slab_unreclaimable 528384 [ 3053.377669][T29226] pgfault 79464 [ 3053.377669][T29226] pgmajfault 0 [ 3053.377669][T29226] workingset_refault 0 [ 3053.377669][T29226] workingset_activate 0 [ 3053.377669][T29226] workingset_nodereclaim 0 [ 3053.377669][T29226] pgrefill 0 [ 3053.377669][T29226] pgscan 371 16:55:15 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) [ 3053.377669][T29226] pgsteal 371 [ 3053.377669][T29226] pgactivate 0 16:55:15 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x48000000}, 0x0) 16:55:15 executing program 2: r0 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x12, 0x1, &(0x7f00000001c0)=@raw=[@jmp={0x5, 0x8001, 0x1, 0x7, 0x4, 0x2, 0xfffffffffffffff0}], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x1, [], 0x0, 0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xe, 0x10001, 0x3ff}, 0x10}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0x0, 0xe2, 0x7b, &(0x7f0000000600)="8f5327c9ab871952d94c43e8ace74c55634a29e4c283f425ddbcae10fbf5f6b23952c64b788abb1e73752aef0279ae462aa7da4f93805701fc4226e3e9d620853235d5e794a59d2b272adb3f0b769791aed80d858bfbbf555e4dd02d041663c2668335d821051959c594599634e2b6e164f978f7b154c6bcc4456204c308adf07d3f40de0bf0d7cc751c9cc6490888efb036ca6581c25d7b178e868ccec1e615395bea05d675414ac1e5cb06b13167045de8795afba802d193eaf90900d2006c54348152d09dae6653940caa9581aca2bc9c78f228091544a4affd2865440b45c5fa", &(0x7f0000000980)=""/123, 0xcc9}, 0x28) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000300)={r0}) openat$tun(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/net/tun\x00', 0x4000, 0x0) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0xda, 0x0}, 0x20004040) r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)=0xffffffffffffffff, 0x4) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000340)=@ipx={0x4, 0x100000001, 0x1, "a0f6e0b3d9f0", 0x8887}, 0x80, &(0x7f0000000480)=[{&(0x7f00000003c0)="d3f222ac3b39ef8f6d2ee47d10dd8b1eab0676b872dc61254783ae9247678bddacc0183a8f5e726bb0bec90dd69b97a565150bdce3da3bd2d03ba79465194a2a9c070d84a11bab390e15a89c9fb0c7a2382f80", 0x53}, {&(0x7f0000000500)="b436b540805fe9c3ac4e106806066671815c959469d499b9b875d6c5bd6afe892389cbca88a02150644d589d2b09d0e00686db7bd05274b3389e4ae8353b0f828837cca79229f2e19a6bc26fb23a5590bb000cf15f3341bcdb29ef388def50b88a2b00"/110, 0x6e}], 0x2, &(0x7f0000000e40)=[{0x78, 0x0, 0x0, "52ab88bbb1009bd589ca95f1151606ed6be2dbc5ab50fe35549feba5950f06ab991227149203d83da5c70fad20fa15820f14afaa1806da490a3f4c85056bd884e12f177c30e4144f5bb83945f7c5d003c1d98cc27300"/102}, {0x38, 0x100, 0x2, "b01185ae3d9d1b80385adf32603d14caec7dd99ef6f4e7dc622eede214c8999535d633c9"}, {0xc0, 0x1, 0x9, "769470b809428cc802ace0f272e07b13210881a72de1d30efeef7e8602f017a8a9567594295c54a6141fdb4d3cfb4ad24022fa321467c38ee2de0fde38b3d038c9dc75b015d0c20e231829d1d1a28116b2c1708f04debaada481bcf0617ee2f42d004fb5ba1ec791005943f46d168ffd864b57e71e998d414702224d768093e8df35567c896eb3d531418c76469f5b0cef0bc6ac9db4ad8aa98bc71b2c9cc85a845383dbef611deaef3f2215127d"}, {0xe8, 0x115, 0x7fff, "584833bdc10686890b6eafe168a967472879a514e2e5820df1f755f7b4ea96c7cd01743a364094574a10a6d284c2458dc7fd8ba72d2c3e66e02555adbb12957fccf0e9fbab3772efbd9c55608b414718984410a619cbc641fb7736f66d695622d3602bc0e33cacbfa8147ee9177f9bad20fa33193e8108a2967875478a384d9e3380fdfd0130ff09f6637b91fd2a70dcf24716e59e2452945e70de85ae8a7b83f9dde63ccf2ba49f7d8cf930252e1efafc1ee7fa325fe97b087c1f082fd100304b4278307d98173453f3ead1797757b33dbe"}, {0x78, 0x113, 0x1ddf, "1086d248765390ba3f30c7a2d68dec3a79f94352476678559fa05f9d8d5a0ae8490f0ca1c57af04dec096092276d4331c66e2ed2fd52b31c9c90f9d992bc2e54b7b28e3b4411a5ec10acf02ca9969f902cd7d4ad0e4d5d54275a234e4c9a946f6687dd7f9b"}, {0x50, 0x113, 0x1000, "a3bd77fdad946b5f5210bd07cd7bf7cffa2bc98de4c21d821c5667e359250397551db72e5955124c9ebf1c6c82f64ee5802c357a95aeeae016"}, {0xa0, 0x1, 0x1, "31debaf0bc3f4d9ae60517792111778d2764ec50c7b7e34dad2024b9da03342d0d798221d711da093ff09da57c5cd5e51f0c987e747b4fd93a2e85075194075935c31bf6d01a8c54c087822cc1a95b017e3958a3eaf869427cb0c0cb80903a91bb36eaa5d0295aa556ee5619bb55ec0b418c0379b85477769944f17f2bb5af8a33e8bca452913b9251f30c83484692"}], 0x3c0}, 0x8040) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x14c, 0xa7, &(0x7f0000000740)="9c79111dcbf29ee20edc04e36d7ce3dbdf683fd4c1c6c366a0aa50b5c08b3a95ff2d20e191341918ad30ba5eaec110594d583c9f1e404ac3bc29ea04ee3f5fab40de8200f78ac012044413a0a14d5df3b19b9b74e6cc504b81384e989ae4eba043078367e23adf8207cbb9bc2f0000000006b635f38bc5efa2092776ef610988058e965e3b0de78a689960878fac330364a2f6c19e0dd1599fe24e08ac9c5f58197c9fb866e42fb4aa74199f0a9680a47a59cf9daa17057c04e34c7cda0195f46c21b2316607db4c24dffb5b1f9472169c08c008a9f0f1afae358dda1de5d73013d5aed20e5e488d551d56830533f6516cabc98c2ec2f9a30c62c7f20606f9de754d6468e4f4d026aca2e6678c9f276b5b5cc5bf7a2e1bcd929a425f453967c12c47820749c46dba52cd92bb2a6169ed6034063229100d39117a481eb51bb4ebee4dd188a8903a1686589d74", &(0x7f00000008c0)=""/167, 0x81}, 0x28) [ 3053.577221][T29254] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3053.591443][T29254] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:55:15 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) [ 3053.637585][T29226] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29226,uid=0 [ 3053.655056][T29226] Memory cgroup out of memory: Killed process 29226 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 3053.678305][ T1057] oom_reaper: reaped process 29226 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 16:55:16 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:16 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:16 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) 16:55:16 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c000000}, 0x0) [ 3054.365673][T29270] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3054.421206][T29270] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3054.451418][T29274] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3054.954365][T29281] IPVS: ftp: loaded support on port[0] = 21 [ 3055.354258][T29281] chnl_net:caif_netlink_parms(): no params data found [ 3055.451415][T29281] bridge0: port 1(bridge_slave_0) entered blocking state [ 3055.461266][T29281] bridge0: port 1(bridge_slave_0) entered disabled state [ 3055.470165][T29281] device bridge_slave_0 entered promiscuous mode [ 3055.518201][T29281] bridge0: port 2(bridge_slave_1) entered blocking state [ 3055.527344][T29281] bridge0: port 2(bridge_slave_1) entered disabled state [ 3055.536338][T29281] device bridge_slave_1 entered promiscuous mode [ 3055.567709][T29281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3055.638064][T29281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3055.662152][T29281] team0: Port device team_slave_0 added [ 3055.671481][T29281] team0: Port device team_slave_1 added [ 3055.726499][T29281] device hsr_slave_0 entered promiscuous mode [ 3055.763690][T29281] device hsr_slave_1 entered promiscuous mode [ 3055.813115][T29281] debugfs: Directory 'hsr0' with parent '/' already present! [ 3055.875979][T29281] bridge0: port 2(bridge_slave_1) entered blocking state [ 3055.883266][T29281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3055.890629][T29281] bridge0: port 1(bridge_slave_0) entered blocking state [ 3055.897753][T29281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3056.062852][T29281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3056.081305][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3056.090797][ T854] bridge0: port 1(bridge_slave_0) entered disabled state [ 3056.099736][ T854] bridge0: port 2(bridge_slave_1) entered disabled state [ 3056.109256][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3056.125802][T29281] 8021q: adding VLAN 0 to HW filter on device team0 [ 3056.197709][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3056.208023][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 3056.215154][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3056.299289][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3056.308514][T16629] bridge0: port 2(bridge_slave_1) entered blocking state [ 3056.315623][T16629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3056.337550][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3056.390946][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3056.399500][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3056.408826][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3056.423709][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3056.432622][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3056.511442][T29281] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3056.525158][T29281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3056.534323][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3056.544161][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3056.636246][T29281] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3056.914317][T29290] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3056.925364][T29290] CPU: 1 PID: 29290 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3056.933350][T29290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3056.943411][T29290] Call Trace: [ 3056.946711][T29290] dump_stack+0x172/0x1f0 [ 3056.951046][T29290] dump_header+0x10b/0x82d [ 3056.955480][T29290] oom_kill_process.cold+0x10/0x15 [ 3056.960596][T29290] out_of_memory+0x79a/0x12c0 [ 3056.965275][T29290] ? __sched_text_start+0x8/0x8 [ 3056.970127][T29290] ? oom_killer_disable+0x280/0x280 [ 3056.975341][T29290] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3056.980884][T29290] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3056.986542][T29290] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3056.992348][T29290] ? cgroup_file_notify+0x140/0x1b0 [ 3056.997549][T29290] memory_max_write+0x262/0x3a0 [ 3057.002403][T29290] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3057.009163][T29290] ? lock_acquire+0x190/0x410 [ 3057.013841][T29290] ? kernfs_fop_write+0x227/0x480 [ 3057.018872][T29290] cgroup_file_write+0x241/0x790 [ 3057.023815][T29290] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3057.030578][T29290] ? cgroup_migrate_add_task+0x890/0x890 [ 3057.036223][T29290] ? cgroup_migrate_add_task+0x890/0x890 [ 3057.041983][T29290] kernfs_fop_write+0x2b8/0x480 [ 3057.046838][T29290] __vfs_write+0x8a/0x110 [ 3057.051162][T29290] ? kernfs_fop_open+0xd80/0xd80 [ 3057.056106][T29290] vfs_write+0x268/0x5d0 [ 3057.060354][T29290] ksys_write+0x14f/0x290 [ 3057.064688][T29290] ? __ia32_sys_read+0xb0/0xb0 [ 3057.069456][T29290] ? do_syscall_64+0x26/0x6a0 [ 3057.074134][T29290] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3057.080197][T29290] ? do_syscall_64+0x26/0x6a0 [ 3057.084887][T29290] __x64_sys_write+0x73/0xb0 [ 3057.089474][T29290] do_syscall_64+0xfd/0x6a0 [ 3057.093978][T29290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3057.099875][T29290] RIP: 0033:0x459829 [ 3057.103766][T29290] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3057.123366][T29290] RSP: 002b:00007f7297203c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3057.131780][T29290] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3057.139764][T29290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3057.147738][T29290] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3057.155705][T29290] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f72972046d4 [ 3057.163673][T29290] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3057.175472][T29290] memory: usage 3868kB, limit 0kB, failcnt 2838429 [ 3057.182204][T29290] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3057.197226][T29290] Memory cgroup stats for /syz4: [ 3057.199589][T29290] anon 2174976 [ 3057.199589][T29290] file 602112 [ 3057.199589][T29290] kernel_stack 65536 [ 3057.199589][T29290] slab 917504 [ 3057.199589][T29290] sock 0 [ 3057.199589][T29290] shmem 323584 [ 3057.199589][T29290] file_mapped 0 [ 3057.199589][T29290] file_dirty 0 [ 3057.199589][T29290] file_writeback 0 [ 3057.199589][T29290] anon_thp 2097152 [ 3057.199589][T29290] inactive_anon 270336 [ 3057.199589][T29290] active_anon 2174976 [ 3057.199589][T29290] inactive_file 0 [ 3057.199589][T29290] active_file 0 [ 3057.199589][T29290] unevictable 0 [ 3057.199589][T29290] slab_reclaimable 270336 [ 3057.199589][T29290] slab_unreclaimable 647168 [ 3057.199589][T29290] pgfault 104775 [ 3057.199589][T29290] pgmajfault 0 [ 3057.199589][T29290] workingset_refault 0 [ 3057.199589][T29290] workingset_activate 0 [ 3057.199589][T29290] workingset_nodereclaim 0 [ 3057.199589][T29290] pgrefill 0 [ 3057.199589][T29290] pgscan 37 [ 3057.199589][T29290] pgsteal 37 [ 3057.199589][T29290] pgactivate 0 [ 3057.332714][T29290] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29289,uid=0 [ 3057.350372][T29290] Memory cgroup out of memory: Killed process 29289 (syz-executor.4) total-vm:72580kB, anon-rss:2184kB, file-rss:35804kB, shmem-rss:0kB [ 3057.367840][ T1057] oom_reaper: reaped process 29289 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:55:19 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) 16:55:19 executing program 2: r0 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000140)='memory.high\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000180)=0xfffffffffffffffa, 0x12) 16:55:19 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:19 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x0, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:55:19 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x60000000}, 0x0) 16:55:19 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3057.478883][T29296] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3057.489072][T29281] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3057.507132][T29295] __nla_validate_parse: 1 callbacks suppressed [ 3057.507160][T29295] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3057.508580][T29281] CPU: 1 PID: 29281 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3057.530736][T29281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3057.540788][T29281] Call Trace: [ 3057.540832][T29281] dump_stack+0x172/0x1f0 [ 3057.540856][T29281] dump_header+0x10b/0x82d [ 3057.540872][T29281] ? oom_kill_process+0x94/0x3f0 [ 3057.557843][T29281] oom_kill_process.cold+0x10/0x15 [ 3057.562963][T29281] out_of_memory+0x79a/0x12c0 [ 3057.563051][T29296] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3057.567636][T29281] ? lock_downgrade+0x920/0x920 [ 3057.567654][T29281] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3057.567669][T29281] ? oom_killer_disable+0x280/0x280 [ 3057.567695][T29281] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3057.587590][T29281] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3057.587615][T29281] ? do_raw_spin_unlock+0x57/0x270 [ 3057.587636][T29281] ? _raw_spin_unlock+0x2d/0x50 [ 3057.587655][T29281] try_charge+0xf4b/0x1440 [ 3057.587686][T29281] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3057.623866][T29281] ? percpu_ref_tryget_live+0x111/0x290 [ 3057.629424][T29281] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3057.635671][T29281] ? __kasan_check_read+0x11/0x20 [ 3057.640719][T29281] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3057.646282][T29281] mem_cgroup_try_charge+0x136/0x590 [ 3057.651584][T29281] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3057.657228][T29281] wp_page_copy+0x421/0x15e0 [ 3057.661836][T29281] ? find_held_lock+0x35/0x130 [ 3057.666630][T29281] ? pmd_pfn+0x1d0/0x1d0 [ 3057.670897][T29281] ? lock_downgrade+0x920/0x920 [ 3057.675753][T29281] ? swp_swapcount+0x540/0x540 [ 3057.680523][T29281] ? __kasan_check_read+0x11/0x20 [ 3057.685672][T29281] ? do_raw_spin_unlock+0x57/0x270 [ 3057.690895][T29281] do_wp_page+0x499/0x14d0 [ 3057.695316][T29281] ? finish_mkwrite_fault+0x570/0x570 [ 3057.700702][T29281] __handle_mm_fault+0x22f7/0x3f20 [ 3057.705817][T29281] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3057.711377][T29281] ? __kasan_check_read+0x11/0x20 [ 3057.716414][T29281] handle_mm_fault+0x1b5/0x6b0 [ 3057.721185][T29281] __do_page_fault+0x536/0xdd0 [ 3057.725970][T29281] do_page_fault+0x38/0x590 [ 3057.730503][T29281] page_fault+0x39/0x40 [ 3057.734659][T29281] RIP: 0033:0x430906 [ 3057.738552][T29281] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3057.758172][T29281] RSP: 002b:00007fff85ac2130 EFLAGS: 00010206 [ 3057.764259][T29281] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3057.772237][T29281] RDX: 000055555595f930 RSI: 0000555555967970 RDI: 0000000000000003 16:55:20 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) [ 3057.780212][T29281] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555595e940 [ 3057.788191][T29281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3057.796178][T29281] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 16:55:20 executing program 2: r0 = socket$kcm(0xa, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x1, 0x0) ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f0000000180)=0x1) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x91ffffff00000000]}, 0x7}, 0x80, 0x0}, 0x20004040) r2 = gettid() r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='rdma.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x3, 0x70, 0x1f, 0x5, 0x80000001, 0x3, 0x0, 0x1, 0x43, 0x1, 0xad14, 0x2, 0x1000, 0x7096, 0x5, 0x7ff, 0x80000001, 0x8, 0x1, 0x6, 0xffff, 0x80000000, 0xf31, 0x8, 0x1, 0xffffffffffffd7a1, 0x1, 0xa4, 0xb5, 0xff, 0x3, 0x101, 0x4, 0x524e, 0x2d7, 0x8, 0x9, 0x20, 0x0, 0xc287, 0x6, @perf_bp={&(0x7f00000001c0), 0x8}, 0x20, 0x5, 0x2, 0x7, 0x0, 0xc1, 0x400}, r2, 0x9, r3, 0x9) [ 3057.882384][T29295] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:20 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x68000000}, 0x0) 16:55:20 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) [ 3058.037571][T29281] memory: usage 1532kB, limit 0kB, failcnt 2838441 [ 3058.050552][T29281] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3058.093608][T29281] Memory cgroup stats for /syz4: [ 3058.093702][T29281] anon 36864 [ 3058.093702][T29281] file 602112 [ 3058.093702][T29281] kernel_stack 0 [ 3058.093702][T29281] slab 917504 [ 3058.093702][T29281] sock 0 [ 3058.093702][T29281] shmem 323584 [ 3058.093702][T29281] file_mapped 0 [ 3058.093702][T29281] file_dirty 0 [ 3058.093702][T29281] file_writeback 0 [ 3058.093702][T29281] anon_thp 0 [ 3058.093702][T29281] inactive_anon 270336 [ 3058.093702][T29281] active_anon 36864 [ 3058.093702][T29281] inactive_file 0 16:55:20 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, 0x0, 0x0) [ 3058.093702][T29281] active_file 0 [ 3058.093702][T29281] unevictable 0 [ 3058.093702][T29281] slab_reclaimable 270336 [ 3058.093702][T29281] slab_unreclaimable 647168 [ 3058.093702][T29281] pgfault 104808 [ 3058.093702][T29281] pgmajfault 0 [ 3058.093702][T29281] workingset_refault 0 [ 3058.093702][T29281] workingset_activate 0 [ 3058.093702][T29281] workingset_nodereclaim 0 [ 3058.093702][T29281] pgrefill 0 [ 3058.093702][T29281] pgscan 37 [ 3058.093702][T29281] pgsteal 37 [ 3058.093702][T29281] pgactivate 0 16:55:20 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6c000000}, 0x0) 16:55:20 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, 0x0, 0x0) 16:55:20 executing program 2: [ 3058.390766][T29327] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3058.453363][T29327] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3058.474455][T29281] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29281,uid=0 [ 3058.586251][T29281] Memory cgroup out of memory: Killed process 29281 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 3058.601858][ T1057] oom_reaper: reaped process 29281 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3059.288001][T29336] IPVS: ftp: loaded support on port[0] = 21 [ 3059.487446][T29336] chnl_net:caif_netlink_parms(): no params data found [ 3059.589063][T29336] bridge0: port 1(bridge_slave_0) entered blocking state [ 3059.597023][T29336] bridge0: port 1(bridge_slave_0) entered disabled state [ 3059.605489][T29336] device bridge_slave_0 entered promiscuous mode [ 3059.678457][T29336] bridge0: port 2(bridge_slave_1) entered blocking state [ 3059.685735][T29336] bridge0: port 2(bridge_slave_1) entered disabled state [ 3059.694320][T29336] device bridge_slave_1 entered promiscuous mode [ 3059.762846][T29336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3059.777064][T29336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3059.848899][T29336] team0: Port device team_slave_0 added [ 3059.857605][T29336] team0: Port device team_slave_1 added [ 3059.967181][T29336] device hsr_slave_0 entered promiscuous mode [ 3060.033269][T29336] device hsr_slave_1 entered promiscuous mode [ 3060.093573][T29336] debugfs: Directory 'hsr0' with parent '/' already present! [ 3060.288298][T29336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3060.307085][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3060.315743][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3060.327899][T29336] 8021q: adding VLAN 0 to HW filter on device team0 [ 3060.341088][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3060.350348][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3060.359402][T25186] bridge0: port 1(bridge_slave_0) entered blocking state [ 3060.366522][T25186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3060.428685][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3060.443720][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3060.452590][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3060.461860][T16725] bridge0: port 2(bridge_slave_1) entered blocking state [ 3060.468989][T16725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3060.478409][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3060.538858][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3060.564054][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3060.574465][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3060.583406][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3060.592517][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3060.601554][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3060.681251][T29336] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 3060.696665][T29336] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3060.710909][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3060.720089][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3060.729451][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3060.738548][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3060.747585][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3060.828446][T29336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3061.101427][T29344] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3061.112451][T29344] CPU: 1 PID: 29344 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3061.120427][T29344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3061.130476][T29344] Call Trace: [ 3061.133767][T29344] dump_stack+0x172/0x1f0 [ 3061.138104][T29344] dump_header+0x10b/0x82d [ 3061.142521][T29344] oom_kill_process.cold+0x10/0x15 [ 3061.147632][T29344] out_of_memory+0x79a/0x12c0 [ 3061.152315][T29344] ? __sched_text_start+0x8/0x8 [ 3061.157165][T29344] ? oom_killer_disable+0x280/0x280 [ 3061.162371][T29344] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3061.167923][T29344] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3061.173563][T29344] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3061.179367][T29344] ? cgroup_file_notify+0x140/0x1b0 [ 3061.184581][T29344] memory_max_write+0x262/0x3a0 [ 3061.189435][T29344] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3061.196195][T29344] ? lock_acquire+0x190/0x410 [ 3061.200869][T29344] ? kernfs_fop_write+0x227/0x480 [ 3061.205894][T29344] cgroup_file_write+0x241/0x790 [ 3061.210840][T29344] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3061.217608][T29344] ? cgroup_migrate_add_task+0x890/0x890 [ 3061.223247][T29344] ? cgroup_migrate_add_task+0x890/0x890 [ 3061.228872][T29344] kernfs_fop_write+0x2b8/0x480 [ 3061.233741][T29344] __vfs_write+0x8a/0x110 [ 3061.238069][T29344] ? kernfs_fop_open+0xd80/0xd80 [ 3061.243001][T29344] vfs_write+0x268/0x5d0 [ 3061.247235][T29344] ksys_write+0x14f/0x290 [ 3061.251563][T29344] ? __ia32_sys_read+0xb0/0xb0 [ 3061.256329][T29344] ? do_syscall_64+0x26/0x6a0 [ 3061.261003][T29344] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3061.267065][T29344] ? do_syscall_64+0x26/0x6a0 [ 3061.271746][T29344] __x64_sys_write+0x73/0xb0 [ 3061.276339][T29344] do_syscall_64+0xfd/0x6a0 [ 3061.280844][T29344] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3061.286732][T29344] RIP: 0033:0x459829 [ 3061.290628][T29344] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3061.310224][T29344] RSP: 002b:00007f6b63d90c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3061.318634][T29344] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3061.326599][T29344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3061.334568][T29344] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3061.342531][T29344] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6b63d916d4 [ 3061.350506][T29344] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3061.373308][T29344] memory: usage 3320kB, limit 0kB, failcnt 507638 [ 3061.379856][T29344] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3061.393791][T29344] Memory cgroup stats for /syz3: [ 3061.395296][T29344] anon 2138112 [ 3061.395296][T29344] file 155648 [ 3061.395296][T29344] kernel_stack 65536 [ 3061.395296][T29344] slab 798720 [ 3061.395296][T29344] sock 0 [ 3061.395296][T29344] shmem 0 [ 3061.395296][T29344] file_mapped 0 [ 3061.395296][T29344] file_dirty 0 [ 3061.395296][T29344] file_writeback 0 [ 3061.395296][T29344] anon_thp 2097152 [ 3061.395296][T29344] inactive_anon 0 [ 3061.395296][T29344] active_anon 2138112 [ 3061.395296][T29344] inactive_file 0 [ 3061.395296][T29344] active_file 0 [ 3061.395296][T29344] unevictable 0 [ 3061.395296][T29344] slab_reclaimable 270336 [ 3061.395296][T29344] slab_unreclaimable 528384 [ 3061.395296][T29344] pgfault 79530 [ 3061.395296][T29344] pgmajfault 0 [ 3061.395296][T29344] workingset_refault 0 [ 3061.395296][T29344] workingset_activate 0 [ 3061.395296][T29344] workingset_nodereclaim 0 [ 3061.395296][T29344] pgrefill 0 [ 3061.395296][T29344] pgscan 371 [ 3061.395296][T29344] pgsteal 371 [ 3061.395296][T29344] pgactivate 0 [ 3061.501075][T29344] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29342,uid=0 [ 3061.518026][T29344] Memory cgroup out of memory: Killed process 29342 (syz-executor.3) total-vm:72580kB, anon-rss:2188kB, file-rss:35800kB, shmem-rss:0kB [ 3061.549486][ T1057] oom_reaper: reaped process 29342 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 16:55:23 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:23 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, 0x0, 0x0) 16:55:23 executing program 2: 16:55:23 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:23 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x74000000}, 0x0) 16:55:23 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x0, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:55:24 executing program 2: [ 3061.679220][T29351] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3061.697248][T29336] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3061.719605][T29350] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3061.743393][T29336] CPU: 0 PID: 29336 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3061.751409][T29336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3061.761469][T29336] Call Trace: [ 3061.764768][T29336] dump_stack+0x172/0x1f0 [ 3061.769114][T29336] dump_header+0x10b/0x82d [ 3061.773551][T29336] ? oom_kill_process+0x94/0x3f0 [ 3061.778491][T29336] oom_kill_process.cold+0x10/0x15 [ 3061.778510][T29336] out_of_memory+0x79a/0x12c0 [ 3061.778528][T29336] ? lock_downgrade+0x920/0x920 [ 3061.778547][T29336] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3061.778564][T29336] ? oom_killer_disable+0x280/0x280 [ 3061.778593][T29336] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3061.778609][T29336] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3061.778631][T29336] ? do_raw_spin_unlock+0x57/0x270 [ 3061.778650][T29336] ? _raw_spin_unlock+0x2d/0x50 [ 3061.778668][T29336] try_charge+0xf4b/0x1440 [ 3061.778694][T29336] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3061.778708][T29336] ? percpu_ref_tryget_live+0x111/0x290 [ 3061.778726][T29336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3061.778744][T29336] ? __kasan_check_read+0x11/0x20 [ 3061.778775][T29336] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3061.815467][T29336] mem_cgroup_try_charge+0x136/0x590 [ 3061.815492][T29336] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3061.815513][T29336] wp_page_copy+0x421/0x15e0 [ 3061.815530][T29336] ? find_held_lock+0x35/0x130 [ 3061.815554][T29336] ? pmd_pfn+0x1d0/0x1d0 [ 3061.815573][T29336] ? lock_downgrade+0x920/0x920 [ 3061.815592][T29336] ? swp_swapcount+0x540/0x540 [ 3061.815614][T29336] ? __kasan_check_read+0x11/0x20 [ 3061.870026][T29356] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3061.873225][T29336] ? do_raw_spin_unlock+0x57/0x270 [ 3061.873247][T29336] do_wp_page+0x499/0x14d0 [ 3061.873267][T29336] ? finish_mkwrite_fault+0x570/0x570 [ 3061.873295][T29336] __handle_mm_fault+0x22f7/0x3f20 [ 3061.873318][T29336] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3061.873348][T29336] ? __kasan_check_read+0x11/0x20 [ 3061.887173][T29336] handle_mm_fault+0x1b5/0x6b0 16:55:24 executing program 2: [ 3061.887205][T29336] __do_page_fault+0x536/0xdd0 [ 3061.896980][T29336] do_page_fault+0x38/0x590 [ 3061.897003][T29336] page_fault+0x39/0x40 [ 3061.897016][T29336] RIP: 0033:0x430906 [ 3061.897031][T29336] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3061.897040][T29336] RSP: 002b:00007ffd73ce58a0 EFLAGS: 00010206 [ 3061.911404][T29336] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 16:55:24 executing program 2: 16:55:24 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) [ 3061.911414][T29336] RDX: 00005555559f1930 RSI: 00005555559f9970 RDI: 0000000000000003 [ 3061.911422][T29336] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555559f0940 [ 3061.911430][T29336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3061.911438][T29336] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3061.917712][T29351] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:55:24 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) [ 3062.112979][T29336] memory: usage 984kB, limit 0kB, failcnt 507646 [ 3062.120575][T29336] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3062.159276][T29336] Memory cgroup stats for /syz3: [ 3062.159381][T29336] anon 36864 [ 3062.159381][T29336] file 155648 [ 3062.159381][T29336] kernel_stack 0 [ 3062.159381][T29336] slab 798720 [ 3062.159381][T29336] sock 0 [ 3062.159381][T29336] shmem 0 [ 3062.159381][T29336] file_mapped 0 [ 3062.159381][T29336] file_dirty 0 [ 3062.159381][T29336] file_writeback 0 [ 3062.159381][T29336] anon_thp 0 [ 3062.159381][T29336] inactive_anon 0 [ 3062.159381][T29336] active_anon 36864 [ 3062.159381][T29336] inactive_file 0 [ 3062.159381][T29336] active_file 0 [ 3062.159381][T29336] unevictable 0 [ 3062.159381][T29336] slab_reclaimable 270336 [ 3062.159381][T29336] slab_unreclaimable 528384 [ 3062.159381][T29336] pgfault 79530 [ 3062.159381][T29336] pgmajfault 0 [ 3062.159381][T29336] workingset_refault 0 [ 3062.159381][T29336] workingset_activate 0 [ 3062.159381][T29336] workingset_nodereclaim 0 [ 3062.159381][T29336] pgrefill 0 [ 3062.159381][T29336] pgscan 371 [ 3062.159381][T29336] pgsteal 371 [ 3062.159381][T29336] pgactivate 0 16:55:24 executing program 2: [ 3062.381597][T29336] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29336,uid=0 [ 3062.416962][T29336] Memory cgroup out of memory: Killed process 29336 (syz-executor.3) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 3062.450795][ T1057] oom_reaper: reaped process 29336 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3062.467932][T29351] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3062.507355][T29351] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:55:25 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:25 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:25 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 16:55:25 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:25 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0) [ 3063.046285][T29375] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3063.073569][T29375] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3063.178804][T29378] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3063.269212][T29382] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3063.735748][T29372] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3063.753903][T29372] CPU: 1 PID: 29372 Comm: syz-executor.2 Not tainted 5.3.0-rc3+ #97 [ 3063.761912][T29372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3063.771972][T29372] Call Trace: [ 3063.775274][T29372] dump_stack+0x172/0x1f0 [ 3063.779628][T29372] dump_header+0x10b/0x82d [ 3063.784071][T29372] oom_kill_process.cold+0x10/0x15 [ 3063.789221][T29372] out_of_memory+0x79a/0x12c0 [ 3063.793909][T29372] ? __sched_text_start+0x8/0x8 [ 3063.798767][T29372] ? oom_killer_disable+0x280/0x280 [ 3063.803980][T29372] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3063.809553][T29372] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3063.815199][T29372] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3063.820992][T29372] ? cgroup_file_notify+0x140/0x1b0 [ 3063.826178][T29372] memory_max_write+0x262/0x3a0 [ 3063.831018][T29372] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3063.837764][T29372] ? lock_acquire+0x190/0x410 [ 3063.842423][T29372] ? kernfs_fop_write+0x227/0x480 [ 3063.847436][T29372] cgroup_file_write+0x241/0x790 [ 3063.852357][T29372] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3063.859100][T29372] ? cgroup_migrate_add_task+0x890/0x890 [ 3063.864719][T29372] ? cgroup_migrate_add_task+0x890/0x890 [ 3063.870329][T29372] kernfs_fop_write+0x2b8/0x480 [ 3063.875169][T29372] __vfs_write+0x8a/0x110 [ 3063.879476][T29372] ? kernfs_fop_open+0xd80/0xd80 [ 3063.884398][T29372] vfs_write+0x268/0x5d0 [ 3063.888624][T29372] ksys_write+0x14f/0x290 [ 3063.892936][T29372] ? __ia32_sys_read+0xb0/0xb0 [ 3063.897687][T29372] __x64_sys_write+0x73/0xb0 [ 3063.902264][T29372] do_syscall_64+0xfd/0x6a0 [ 3063.906753][T29372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3063.912623][T29372] RIP: 0033:0x459829 [ 3063.916502][T29372] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3063.936175][T29372] RSP: 002b:00007f015c19fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3063.944578][T29372] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3063.952558][T29372] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3063.960510][T29372] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3063.968459][T29372] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f015c1a06d4 [ 3063.976407][T29372] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3064.071293][T29372] memory: usage 7672kB, limit 0kB, failcnt 43 [ 3064.093143][T29372] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3064.103279][T29372] Memory cgroup stats for /syz2: [ 3064.103396][T29372] anon 2248704 [ 3064.103396][T29372] file 122880 [ 3064.103396][T29372] kernel_stack 65536 [ 3064.103396][T29372] slab 5390336 [ 3064.103396][T29372] sock 0 [ 3064.103396][T29372] shmem 0 [ 3064.103396][T29372] file_mapped 0 [ 3064.103396][T29372] file_dirty 0 [ 3064.103396][T29372] file_writeback 0 [ 3064.103396][T29372] anon_thp 2097152 [ 3064.103396][T29372] inactive_anon 0 [ 3064.103396][T29372] active_anon 2179072 [ 3064.103396][T29372] inactive_file 102400 [ 3064.103396][T29372] active_file 0 [ 3064.103396][T29372] unevictable 0 [ 3064.103396][T29372] slab_reclaimable 2838528 [ 3064.103396][T29372] slab_unreclaimable 2551808 [ 3064.103396][T29372] pgfault 216843 [ 3064.103396][T29372] pgmajfault 0 [ 3064.103396][T29372] workingset_refault 0 [ 3064.103396][T29372] workingset_activate 0 [ 3064.103396][T29372] workingset_nodereclaim 0 [ 3064.103396][T29372] pgrefill 77 [ 3064.103396][T29372] pgscan 120 [ 3064.103396][T29372] pgsteal 80 [ 3064.103396][T29372] pgactivate 0 [ 3064.209406][T29372] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29370,uid=0 [ 3064.247236][T29372] Memory cgroup out of memory: Killed process 29370 (syz-executor.2) total-vm:72576kB, anon-rss:2196kB, file-rss:35848kB, shmem-rss:0kB [ 3064.266077][ T1057] oom_reaper: reaped process 29370 (syz-executor.2), now anon-rss:0kB, file-rss:34892kB, shmem-rss:0kB [ 3064.291317][T29386] IPVS: ftp: loaded support on port[0] = 21 [ 3064.555444][T29386] chnl_net:caif_netlink_parms(): no params data found [ 3064.658508][T29386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3064.667592][T29386] bridge0: port 1(bridge_slave_0) entered disabled state [ 3064.676408][T29386] device bridge_slave_0 entered promiscuous mode [ 3064.685765][T29386] bridge0: port 2(bridge_slave_1) entered blocking state [ 3064.693943][T29386] bridge0: port 2(bridge_slave_1) entered disabled state [ 3064.702137][T29386] device bridge_slave_1 entered promiscuous mode [ 3064.777199][T29386] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3064.789845][T29386] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3064.881109][T29386] team0: Port device team_slave_0 added [ 3064.889700][T29386] team0: Port device team_slave_1 added [ 3065.006834][T29386] device hsr_slave_0 entered promiscuous mode [ 3065.054193][T29386] device hsr_slave_1 entered promiscuous mode [ 3065.103107][T29386] debugfs: Directory 'hsr0' with parent '/' already present! [ 3065.169435][T29386] bridge0: port 2(bridge_slave_1) entered blocking state [ 3065.176586][T29386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3065.184014][T29386] bridge0: port 1(bridge_slave_0) entered blocking state [ 3065.191075][T29386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3065.371708][T29386] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3065.389084][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3065.398765][ T3517] bridge0: port 1(bridge_slave_0) entered disabled state [ 3065.407160][ T3517] bridge0: port 2(bridge_slave_1) entered disabled state [ 3065.417631][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3065.479915][T29386] 8021q: adding VLAN 0 to HW filter on device team0 [ 3065.495891][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3065.505031][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 3065.512091][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3065.566234][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3065.575448][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3065.584006][T16629] bridge0: port 2(bridge_slave_1) entered blocking state [ 3065.591055][T16629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3065.600104][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3065.623421][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3065.632466][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3065.642063][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3065.650852][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3065.664174][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3065.716489][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3065.733939][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3065.742527][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3065.758364][T29386] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3065.770554][T29386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3065.780955][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3065.789782][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3065.858012][T29386] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3066.123184][T29396] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3066.134770][T29396] CPU: 0 PID: 29396 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3066.142750][T29396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3066.152803][T29396] Call Trace: [ 3066.156102][T29396] dump_stack+0x172/0x1f0 [ 3066.160438][T29396] dump_header+0x10b/0x82d [ 3066.164849][T29396] oom_kill_process.cold+0x10/0x15 [ 3066.169963][T29396] out_of_memory+0x79a/0x12c0 [ 3066.174632][T29396] ? __sched_text_start+0x8/0x8 [ 3066.179461][T29396] ? oom_killer_disable+0x280/0x280 [ 3066.184645][T29396] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3066.190165][T29396] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3066.195778][T29396] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3066.201565][T29396] ? cgroup_file_notify+0x140/0x1b0 [ 3066.206743][T29396] memory_max_write+0x262/0x3a0 [ 3066.211572][T29396] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3066.218328][T29396] ? lock_acquire+0x190/0x410 [ 3066.222995][T29396] ? kernfs_fop_write+0x227/0x480 [ 3066.228004][T29396] cgroup_file_write+0x241/0x790 [ 3066.232922][T29396] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3066.239662][T29396] ? cgroup_migrate_add_task+0x890/0x890 [ 3066.245273][T29396] ? cgroup_migrate_add_task+0x890/0x890 [ 3066.250881][T29396] kernfs_fop_write+0x2b8/0x480 [ 3066.255724][T29396] __vfs_write+0x8a/0x110 [ 3066.260031][T29396] ? kernfs_fop_open+0xd80/0xd80 [ 3066.264954][T29396] vfs_write+0x268/0x5d0 [ 3066.269176][T29396] ksys_write+0x14f/0x290 [ 3066.273484][T29396] ? __ia32_sys_read+0xb0/0xb0 [ 3066.278224][T29396] ? do_syscall_64+0x26/0x6a0 [ 3066.282897][T29396] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3066.288946][T29396] ? do_syscall_64+0x26/0x6a0 [ 3066.293617][T29396] __x64_sys_write+0x73/0xb0 [ 3066.298287][T29396] do_syscall_64+0xfd/0x6a0 [ 3066.302768][T29396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3066.308633][T29396] RIP: 0033:0x459829 [ 3066.312507][T29396] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3066.332089][T29396] RSP: 002b:00007fc16e3ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3066.340475][T29396] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3066.348424][T29396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3066.356374][T29396] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3066.364323][T29396] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc16e3ed6d4 [ 3066.372270][T29396] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3066.412127][T29396] memory: usage 3912kB, limit 0kB, failcnt 2838442 [ 3066.425643][T29396] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3066.432614][T29396] Memory cgroup stats for /syz4: [ 3066.433023][T29396] anon 2125824 [ 3066.433023][T29396] file 602112 [ 3066.433023][T29396] kernel_stack 65536 [ 3066.433023][T29396] slab 917504 [ 3066.433023][T29396] sock 0 [ 3066.433023][T29396] shmem 323584 [ 3066.433023][T29396] file_mapped 0 [ 3066.433023][T29396] file_dirty 0 [ 3066.433023][T29396] file_writeback 0 [ 3066.433023][T29396] anon_thp 2097152 [ 3066.433023][T29396] inactive_anon 270336 [ 3066.433023][T29396] active_anon 2125824 [ 3066.433023][T29396] inactive_file 0 [ 3066.433023][T29396] active_file 0 [ 3066.433023][T29396] unevictable 0 [ 3066.433023][T29396] slab_reclaimable 270336 [ 3066.433023][T29396] slab_unreclaimable 647168 [ 3066.433023][T29396] pgfault 104841 [ 3066.433023][T29396] pgmajfault 0 [ 3066.433023][T29396] workingset_refault 0 [ 3066.433023][T29396] workingset_activate 0 [ 3066.433023][T29396] workingset_nodereclaim 0 [ 3066.433023][T29396] pgrefill 0 [ 3066.433023][T29396] pgscan 37 [ 3066.433023][T29396] pgsteal 37 [ 3066.433023][T29396] pgactivate 0 [ 3066.536624][T29396] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29395,uid=0 [ 3066.554442][T29396] Memory cgroup out of memory: Killed process 29395 (syz-executor.4) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 3066.572221][ T1057] oom_reaper: reaped process 29395 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:55:29 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x0, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:55:29 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) 16:55:29 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:29 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:29 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x8e070000}, 0x0) 16:55:29 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3066.900252][T21245] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 3066.932191][T29403] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3066.950076][T29403] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3066.961612][T21245] CPU: 1 PID: 21245 Comm: syz-executor.2 Not tainted 5.3.0-rc3+ #97 [ 3066.969610][T21245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3066.979661][T21245] Call Trace: [ 3066.982961][T21245] dump_stack+0x172/0x1f0 [ 3066.987302][T21245] dump_header+0x10b/0x82d [ 3066.991729][T21245] ? oom_kill_process+0x94/0x3f0 16:55:29 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) [ 3066.996679][T21245] oom_kill_process.cold+0x10/0x15 [ 3067.001803][T21245] out_of_memory+0x79a/0x12c0 [ 3067.006491][T21245] ? lock_downgrade+0x920/0x920 [ 3067.011351][T21245] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3067.017159][T21245] ? oom_killer_disable+0x280/0x280 [ 3067.022361][T21245] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3067.027916][T21245] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3067.033568][T21245] ? do_raw_spin_unlock+0x57/0x270 [ 3067.035849][T29407] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3067.038692][T21245] ? _raw_spin_unlock+0x2d/0x50 [ 3067.052802][T21245] try_charge+0xf4b/0x1440 [ 3067.057240][T21245] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3067.062792][T21245] ? find_held_lock+0x35/0x130 [ 3067.067574][T21245] ? get_mem_cgroup_from_mm+0x139/0x320 [ 3067.073132][T21245] ? lock_downgrade+0x920/0x920 [ 3067.077995][T21245] ? percpu_ref_tryget_live+0x111/0x290 [ 3067.078018][T21245] __memcg_kmem_charge_memcg+0x71/0xf0 [ 3067.078036][T21245] ? memcg_kmem_put_cache+0x50/0x50 [ 3067.094213][T21245] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3067.099775][T21245] __memcg_kmem_charge+0x13a/0x3a0 [ 3067.104914][T21245] __alloc_pages_nodemask+0x4f4/0x900 [ 3067.110283][T21245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3067.116518][T21245] ? __alloc_pages_slowpath+0x2520/0x2520 [ 3067.116536][T21245] ? copy_process+0x46d1/0x6b00 [ 3067.116555][T21245] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3067.116568][T21245] ? trace_hardirqs_on+0x67/0x240 [ 3067.116582][T21245] ? __kasan_check_read+0x11/0x20 [ 3067.116601][T21245] copy_process+0x3f8/0x6b00 [ 3067.116618][T21245] ? __kasan_check_read+0x11/0x20 [ 3067.116632][T21245] ? __lock_acquire+0x1702/0x4c30 [ 3067.116643][T21245] ? __kasan_check_read+0x11/0x20 [ 3067.116655][T21245] ? mark_lock+0xc0/0x11e0 [ 3067.116676][T21245] ? __cleanup_sighand+0x60/0x60 [ 3067.142497][T21245] ? find_held_lock+0x35/0x130 [ 3067.142533][T21245] _do_fork+0x146/0xfa0 [ 3067.142552][T21245] ? copy_init_mm+0x20/0x20 [ 3067.152155][T21245] ? __kasan_check_read+0x11/0x20 [ 3067.152171][T21245] ? _copy_to_user+0x118/0x160 [ 3067.152192][T21245] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3067.176272][T21245] ? put_timespec64+0xda/0x140 [ 3067.176314][T21245] __x64_sys_clone+0x18d/0x250 [ 3067.176332][T21245] ? __ia32_sys_vfork+0xc0/0xc0 [ 3067.189994][T21245] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3067.190010][T21245] ? trace_hardirqs_on+0x67/0x240 [ 3067.190030][T21245] do_syscall_64+0xfd/0x6a0 [ 3067.201013][T21245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3067.201027][T21245] RIP: 0033:0x457dfa [ 3067.201044][T21245] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 3067.215373][T21245] RSP: 002b:00007ffcd9775a40 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3067.239887][T21245] RAX: ffffffffffffffda RBX: 00007ffcd9775a40 RCX: 0000000000457dfa [ 3067.239897][T21245] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3067.239907][T21245] RBP: 00007ffcd9775a80 R08: 0000000000000001 R09: 0000555556c46940 [ 3067.239916][T21245] R10: 0000555556c46c10 R11: 0000000000000246 R12: 0000000000000001 16:55:29 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) [ 3067.239924][T21245] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffcd9775ad0 16:55:29 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) 16:55:29 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) [ 3067.574309][T29402] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3067.594589][T21245] memory: usage 5292kB, limit 0kB, failcnt 51 [ 3067.600897][T21245] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3067.608439][T21245] Memory cgroup stats for /syz2: [ 3067.608541][T21245] anon 90112 [ 3067.608541][T21245] file 122880 [ 3067.608541][T21245] kernel_stack 65536 [ 3067.608541][T21245] slab 5390336 [ 3067.608541][T21245] sock 0 [ 3067.608541][T21245] shmem 0 [ 3067.608541][T21245] file_mapped 0 [ 3067.608541][T21245] file_dirty 0 [ 3067.608541][T21245] file_writeback 0 [ 3067.608541][T21245] anon_thp 0 [ 3067.608541][T21245] inactive_anon 0 [ 3067.608541][T21245] active_anon 90112 [ 3067.608541][T21245] inactive_file 102400 [ 3067.608541][T21245] active_file 0 [ 3067.608541][T21245] unevictable 0 [ 3067.608541][T21245] slab_reclaimable 2838528 [ 3067.608541][T21245] slab_unreclaimable 2551808 [ 3067.608541][T21245] pgfault 216876 [ 3067.608541][T21245] pgmajfault 0 [ 3067.608541][T21245] workingset_refault 0 [ 3067.608541][T21245] workingset_activate 0 [ 3067.608541][T21245] workingset_nodereclaim 0 [ 3067.608541][T21245] pgrefill 77 [ 3067.608541][T21245] pgscan 120 [ 3067.608541][T21245] pgsteal 80 [ 3067.608541][T21245] pgactivate 0 [ 3067.704365][T21245] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=21245,uid=0 [ 3067.704473][T21245] Memory cgroup out of memory: Killed process 21245 (syz-executor.2) total-vm:72444kB, anon-rss:104kB, file-rss:35776kB, shmem-rss:0kB [ 3067.704895][T29386] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3067.704913][T29386] CPU: 1 PID: 29386 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3067.704921][T29386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3067.704927][T29386] Call Trace: [ 3067.704948][T29386] dump_stack+0x172/0x1f0 [ 3067.704972][T29386] dump_header+0x10b/0x82d [ 3067.704985][T29386] ? oom_kill_process+0x94/0x3f0 [ 3067.705003][T29386] oom_kill_process.cold+0x10/0x15 [ 3067.705022][T29386] out_of_memory+0x79a/0x12c0 [ 3067.705039][T29386] ? lock_downgrade+0x920/0x920 [ 3067.705061][T29386] ? oom_killer_disable+0x280/0x280 [ 3067.705091][T29386] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3067.705108][T29386] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3067.705130][T29386] ? do_raw_spin_unlock+0x57/0x270 [ 3067.705148][T29386] ? _raw_spin_unlock+0x2d/0x50 [ 3067.705166][T29386] try_charge+0xf4b/0x1440 [ 3067.705192][T29386] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3067.705206][T29386] ? percpu_ref_tryget_live+0x111/0x290 [ 3067.705224][T29386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3067.705243][T29386] ? __kasan_check_read+0x11/0x20 [ 3067.705265][T29386] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3067.705285][T29386] mem_cgroup_try_charge+0x136/0x590 [ 3067.705307][T29386] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3067.705331][T29386] wp_page_copy+0x421/0x15e0 16:55:30 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) 16:55:30 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)}], 0x1}, 0x0) [ 3067.705348][T29386] ? find_held_lock+0x35/0x130 [ 3067.705370][T29386] ? pmd_pfn+0x1d0/0x1d0 [ 3067.705391][T29386] ? lock_downgrade+0x920/0x920 [ 3067.705412][T29386] ? swp_swapcount+0x540/0x540 [ 3067.705430][T29386] ? __kasan_check_read+0x11/0x20 [ 3067.705444][T29386] ? do_raw_spin_unlock+0x57/0x270 [ 3067.705463][T29386] do_wp_page+0x499/0x14d0 [ 3067.705485][T29386] ? finish_mkwrite_fault+0x570/0x570 [ 3067.705513][T29386] __handle_mm_fault+0x22f7/0x3f20 [ 3067.705536][T29386] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3067.705569][T29386] ? __kasan_check_read+0x11/0x20 [ 3067.705595][T29386] handle_mm_fault+0x1b5/0x6b0 [ 3067.705620][T29386] __do_page_fault+0x536/0xdd0 [ 3067.705647][T29386] do_page_fault+0x38/0x590 [ 3067.705666][T29386] page_fault+0x39/0x40 [ 3067.705677][T29386] RIP: 0033:0x430906 [ 3067.705692][T29386] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3067.705699][T29386] RSP: 002b:00007ffe56e4b130 EFLAGS: 00010206 [ 3067.705710][T29386] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3067.705719][T29386] RDX: 0000555556298930 RSI: 00005555562a0970 RDI: 0000000000000003 [ 3067.705727][T29386] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556297940 [ 3067.705735][T29386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3067.705743][T29386] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3067.705840][T29386] memory: usage 1532kB, limit 0kB, failcnt 2838450 [ 3067.705849][T29386] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3067.705855][T29386] Memory cgroup stats for /syz4: [ 3067.705964][T29386] anon 32768 [ 3067.705964][T29386] file 602112 [ 3067.705964][T29386] kernel_stack 0 [ 3067.705964][T29386] slab 917504 [ 3067.705964][T29386] sock 0 [ 3067.705964][T29386] shmem 323584 [ 3067.705964][T29386] file_mapped 0 [ 3067.705964][T29386] file_dirty 0 [ 3067.705964][T29386] file_writeback 0 [ 3067.705964][T29386] anon_thp 0 [ 3067.705964][T29386] inactive_anon 270336 [ 3067.705964][T29386] active_anon 32768 [ 3067.705964][T29386] inactive_file 0 [ 3067.705964][T29386] active_file 0 [ 3067.705964][T29386] unevictable 0 [ 3067.705964][T29386] slab_reclaimable 270336 [ 3067.705964][T29386] slab_unreclaimable 647168 [ 3067.705964][T29386] pgfault 104874 [ 3067.705964][T29386] pgmajfault 0 [ 3067.705964][T29386] workingset_refault 0 [ 3067.705964][T29386] workingset_activate 0 [ 3067.705964][T29386] workingset_nodereclaim 0 [ 3067.705964][T29386] pgrefill 0 [ 3067.705964][T29386] pgscan 37 [ 3067.705964][T29386] pgsteal 37 [ 3067.705964][T29386] pgactivate 0 [ 3067.705997][T29386] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29386,uid=0 [ 3067.706083][T29386] Memory cgroup out of memory: Killed process 29386 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB 16:55:31 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x0, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:55:31 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)}], 0x1}, 0x0) [ 3068.973549][T29430] IPVS: ftp: loaded support on port[0] = 21 [ 3069.237491][T29430] chnl_net:caif_netlink_parms(): no params data found [ 3069.339657][T29430] bridge0: port 1(bridge_slave_0) entered blocking state [ 3069.347441][T29430] bridge0: port 1(bridge_slave_0) entered disabled state [ 3069.356540][T29430] device bridge_slave_0 entered promiscuous mode [ 3069.419424][T29430] bridge0: port 2(bridge_slave_1) entered blocking state [ 3069.427845][T29430] bridge0: port 2(bridge_slave_1) entered disabled state [ 3069.436717][T29430] device bridge_slave_1 entered promiscuous mode [ 3069.502790][T29430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3069.516366][T29430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3069.585763][T29430] team0: Port device team_slave_0 added [ 3069.594065][T29430] team0: Port device team_slave_1 added [ 3069.666563][T29430] device hsr_slave_0 entered promiscuous mode [ 3069.713608][T29430] device hsr_slave_1 entered promiscuous mode [ 3069.753015][T29430] debugfs: Directory 'hsr0' with parent '/' already present! [ 3069.816836][T29430] bridge0: port 2(bridge_slave_1) entered blocking state [ 3069.823963][T29430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3069.831296][T29430] bridge0: port 1(bridge_slave_0) entered blocking state [ 3069.838407][T29430] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3069.940537][T25186] bridge0: port 1(bridge_slave_0) entered disabled state [ 3069.950042][T25186] bridge0: port 2(bridge_slave_1) entered disabled state [ 3070.031971][T29430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3070.055900][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3070.065013][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3070.118284][T29430] 8021q: adding VLAN 0 to HW filter on device team0 [ 3070.134561][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3070.144150][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3070.152698][T25186] bridge0: port 1(bridge_slave_0) entered blocking state [ 3070.159795][T25186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3070.224017][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3070.233511][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3070.242050][T25186] bridge0: port 2(bridge_slave_1) entered blocking state [ 3070.249164][T25186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3070.258077][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3070.354453][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3070.365361][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3070.374573][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3070.384779][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3070.394185][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3070.403378][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3070.469321][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3070.479548][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3070.494083][T29430] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3070.508256][T29430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3070.554458][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3070.565579][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3070.595545][T29430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3070.865177][T29442] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3070.882783][T29442] CPU: 0 PID: 29442 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3070.890782][T29442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3070.900828][T29442] Call Trace: [ 3070.904123][T29442] dump_stack+0x172/0x1f0 [ 3070.908463][T29442] dump_header+0x10b/0x82d [ 3070.912876][T29442] oom_kill_process.cold+0x10/0x15 [ 3070.917985][T29442] out_of_memory+0x79a/0x12c0 [ 3070.922677][T29442] ? __sched_text_start+0x8/0x8 [ 3070.927526][T29442] ? oom_killer_disable+0x280/0x280 [ 3070.932736][T29442] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3070.938275][T29442] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3070.943918][T29442] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3070.949724][T29442] ? cgroup_file_notify+0x140/0x1b0 [ 3070.954927][T29442] memory_max_write+0x262/0x3a0 [ 3070.959779][T29442] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3070.966540][T29442] ? lock_acquire+0x190/0x410 [ 3070.971214][T29442] ? kernfs_fop_write+0x227/0x480 [ 3070.976243][T29442] cgroup_file_write+0x241/0x790 [ 3070.981185][T29442] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3070.987947][T29442] ? cgroup_migrate_add_task+0x890/0x890 [ 3070.993588][T29442] ? cgroup_migrate_add_task+0x890/0x890 [ 3070.999222][T29442] kernfs_fop_write+0x2b8/0x480 [ 3071.004078][T29442] __vfs_write+0x8a/0x110 [ 3071.008405][T29442] ? kernfs_fop_open+0xd80/0xd80 [ 3071.013338][T29442] vfs_write+0x268/0x5d0 [ 3071.017582][T29442] ksys_write+0x14f/0x290 [ 3071.021916][T29442] ? __ia32_sys_read+0xb0/0xb0 [ 3071.026682][T29442] ? do_syscall_64+0x26/0x6a0 [ 3071.031354][T29442] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3071.037414][T29442] ? do_syscall_64+0x26/0x6a0 [ 3071.042110][T29442] __x64_sys_write+0x73/0xb0 [ 3071.046703][T29442] do_syscall_64+0xfd/0x6a0 [ 3071.051215][T29442] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3071.057101][T29442] RIP: 0033:0x459829 [ 3071.060991][T29442] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3071.080694][T29442] RSP: 002b:00007f628a28bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3071.089111][T29442] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3071.097081][T29442] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3071.105046][T29442] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3071.113011][T29442] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f628a28c6d4 [ 3071.120974][T29442] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3071.150639][T29442] memory: usage 3284kB, limit 0kB, failcnt 507647 [ 3071.157524][T29442] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3071.164788][T29442] Memory cgroup stats for /syz3: [ 3071.166564][T29442] anon 2183168 [ 3071.166564][T29442] file 155648 [ 3071.166564][T29442] kernel_stack 65536 [ 3071.166564][T29442] slab 798720 [ 3071.166564][T29442] sock 0 [ 3071.166564][T29442] shmem 0 [ 3071.166564][T29442] file_mapped 0 [ 3071.166564][T29442] file_dirty 0 [ 3071.166564][T29442] file_writeback 0 [ 3071.166564][T29442] anon_thp 2097152 [ 3071.166564][T29442] inactive_anon 0 [ 3071.166564][T29442] active_anon 2183168 [ 3071.166564][T29442] inactive_file 0 [ 3071.166564][T29442] active_file 0 [ 3071.166564][T29442] unevictable 0 [ 3071.166564][T29442] slab_reclaimable 270336 [ 3071.166564][T29442] slab_unreclaimable 528384 [ 3071.166564][T29442] pgfault 79596 [ 3071.166564][T29442] pgmajfault 0 [ 3071.166564][T29442] workingset_refault 0 [ 3071.166564][T29442] workingset_activate 0 [ 3071.166564][T29442] workingset_nodereclaim 0 [ 3071.166564][T29442] pgrefill 0 [ 3071.166564][T29442] pgscan 371 [ 3071.166564][T29442] pgsteal 371 [ 3071.166564][T29442] pgactivate 0 [ 3071.269416][T29442] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29440,uid=0 [ 3071.286970][T29442] Memory cgroup out of memory: Killed process 29440 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3071.326750][ T1057] oom_reaper: reaped process 29440 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 16:55:33 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:33 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x9effffff}, 0x0) 16:55:33 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:34 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)}], 0x1}, 0x0) 16:55:34 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:34 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3071.726548][T29444] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3071.735152][T29430] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3071.737144][T29448] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3071.767797][T29430] CPU: 1 PID: 29430 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3071.775810][T29430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3071.782971][T29444] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3071.785854][T29430] Call Trace: [ 3071.785878][T29430] dump_stack+0x172/0x1f0 [ 3071.785901][T29430] dump_header+0x10b/0x82d [ 3071.807168][T29430] ? oom_kill_process+0x94/0x3f0 [ 3071.812105][T29430] oom_kill_process.cold+0x10/0x15 [ 3071.817308][T29430] out_of_memory+0x79a/0x12c0 [ 3071.817326][T29430] ? lock_downgrade+0x920/0x920 [ 3071.817344][T29430] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3071.826838][T29430] ? oom_killer_disable+0x280/0x280 [ 3071.826863][T29430] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3071.826880][T29430] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3071.826902][T29430] ? do_raw_spin_unlock+0x57/0x270 [ 3071.826923][T29430] ? _raw_spin_unlock+0x2d/0x50 [ 3071.858953][T29430] try_charge+0xf4b/0x1440 [ 3071.863388][T29430] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3071.868934][T29430] ? percpu_ref_tryget_live+0x111/0x290 [ 3071.874485][T29430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3071.874979][T29449] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3071.880728][T29430] ? __kasan_check_read+0x11/0x20 [ 3071.895011][T29430] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3071.895028][T29430] mem_cgroup_try_charge+0x136/0x590 [ 3071.895051][T29430] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3071.895079][T29430] wp_page_copy+0x421/0x15e0 [ 3071.895098][T29430] ? find_held_lock+0x35/0x130 [ 3071.905905][T29430] ? pmd_pfn+0x1d0/0x1d0 [ 3071.905923][T29430] ? lock_downgrade+0x920/0x920 [ 3071.905942][T29430] ? swp_swapcount+0x540/0x540 [ 3071.905958][T29430] ? __kasan_check_read+0x11/0x20 [ 3071.905976][T29430] ? do_raw_spin_unlock+0x57/0x270 [ 3071.916156][T29430] do_wp_page+0x499/0x14d0 [ 3071.916177][T29430] ? finish_mkwrite_fault+0x570/0x570 [ 3071.916203][T29430] __handle_mm_fault+0x22f7/0x3f20 [ 3071.925165][T29430] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3071.925200][T29430] ? __kasan_check_read+0x11/0x20 [ 3071.925225][T29430] handle_mm_fault+0x1b5/0x6b0 16:55:34 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e18130000", 0x17}], 0x1}, 0x0) [ 3071.925251][T29430] __do_page_fault+0x536/0xdd0 [ 3071.934908][T29430] do_page_fault+0x38/0x590 [ 3071.934929][T29430] page_fault+0x39/0x40 [ 3071.934940][T29430] RIP: 0033:0x4034f2 [ 3071.934955][T29430] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 3071.934962][T29430] RSP: 002b:00007fff80ccfc70 EFLAGS: 00010246 16:55:34 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e18130000", 0x17}], 0x1}, 0x0) [ 3071.949463][T29430] RAX: 0000000000000000 RBX: 00000000002edb43 RCX: 0000000000413430 [ 3071.949475][T29430] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff80cd0da0 [ 3071.979921][T29430] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555558e6940 [ 3071.979930][T29430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff80cd0da0 [ 3071.979939][T29430] R13: 00007fff80cd0d90 R14: 0000000000000000 R15: 00007fff80cd0da0 [ 3072.011001][T29430] memory: usage 948kB, limit 0kB, failcnt 507655 [ 3072.068714][T29430] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3072.076045][T29430] Memory cgroup stats for /syz3: [ 3072.076136][T29430] anon 0 [ 3072.076136][T29430] file 155648 [ 3072.076136][T29430] kernel_stack 0 [ 3072.076136][T29430] slab 798720 [ 3072.076136][T29430] sock 0 [ 3072.076136][T29430] shmem 0 [ 3072.076136][T29430] file_mapped 0 [ 3072.076136][T29430] file_dirty 0 [ 3072.076136][T29430] file_writeback 0 [ 3072.076136][T29430] anon_thp 0 [ 3072.076136][T29430] inactive_anon 0 [ 3072.076136][T29430] active_anon 0 [ 3072.076136][T29430] inactive_file 0 [ 3072.076136][T29430] active_file 0 [ 3072.076136][T29430] unevictable 0 [ 3072.076136][T29430] slab_reclaimable 270336 [ 3072.076136][T29430] slab_unreclaimable 528384 [ 3072.076136][T29430] pgfault 79596 [ 3072.076136][T29430] pgmajfault 0 [ 3072.076136][T29430] workingset_refault 0 [ 3072.076136][T29430] workingset_activate 0 [ 3072.076136][T29430] workingset_nodereclaim 0 [ 3072.076136][T29430] pgrefill 0 [ 3072.076136][T29430] pgscan 371 [ 3072.076136][T29430] pgsteal 371 [ 3072.076136][T29430] pgactivate 0 [ 3072.076136][T29430] pgdeactivate 0 16:55:34 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e18130000", 0x17}], 0x1}, 0x0) [ 3072.223416][T29444] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3072.257789][T29444] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3072.291328][T29430] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29430,uid=0 16:55:34 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf0ffffff}, 0x0) [ 3072.346874][T29430] Memory cgroup out of memory: Killed process 29430 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB 16:55:34 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000", 0x23}], 0x1}, 0x0) [ 3072.423710][ T1057] oom_reaper: reaped process 29430 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3072.502841][T29464] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:55:34 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3072.546945][T29464] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3072.754027][T29473] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3073.077520][T29468] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:35 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:35 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000", 0x23}], 0x1}, 0x0) 16:55:35 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xfcffffff}, 0x0) 16:55:35 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000", 0x23}], 0x1}, 0x0) [ 3073.198223][T29477] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3073.223480][T29477] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3073.565943][T29486] IPVS: ftp: loaded support on port[0] = 21 [ 3073.721764][T29486] chnl_net:caif_netlink_parms(): no params data found [ 3073.810171][T29486] bridge0: port 1(bridge_slave_0) entered blocking state [ 3073.818732][T29486] bridge0: port 1(bridge_slave_0) entered disabled state [ 3073.827815][T29486] device bridge_slave_0 entered promiscuous mode [ 3073.878389][T29486] bridge0: port 2(bridge_slave_1) entered blocking state [ 3073.887689][T29486] bridge0: port 2(bridge_slave_1) entered disabled state [ 3073.897397][T29486] device bridge_slave_1 entered promiscuous mode [ 3073.957533][T29486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3074.008159][T29486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3074.110488][T29486] team0: Port device team_slave_0 added [ 3074.129264][T29486] team0: Port device team_slave_1 added [ 3074.137772][T29489] IPVS: ftp: loaded support on port[0] = 21 [ 3074.296579][T29486] device hsr_slave_0 entered promiscuous mode [ 3074.343870][T29486] device hsr_slave_1 entered promiscuous mode [ 3074.383040][T29486] debugfs: Directory 'hsr0' with parent '/' already present! [ 3074.724567][T29489] chnl_net:caif_netlink_parms(): no params data found [ 3074.810192][T29489] bridge0: port 1(bridge_slave_0) entered blocking state [ 3074.817507][T29489] bridge0: port 1(bridge_slave_0) entered disabled state [ 3074.826759][T29489] device bridge_slave_0 entered promiscuous mode [ 3074.835824][T29489] bridge0: port 2(bridge_slave_1) entered blocking state [ 3074.843383][T29489] bridge0: port 2(bridge_slave_1) entered disabled state [ 3074.851654][T29489] device bridge_slave_1 entered promiscuous mode [ 3074.865023][T29486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3074.936605][T29489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3074.954032][T29486] 8021q: adding VLAN 0 to HW filter on device team0 [ 3075.010708][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3075.019991][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3075.030770][T29489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3075.085882][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3075.097887][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3075.106773][T19213] bridge0: port 1(bridge_slave_0) entered blocking state [ 3075.113870][T19213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3075.187545][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3075.196805][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3075.206229][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3075.215446][T21598] bridge0: port 2(bridge_slave_1) entered blocking state [ 3075.222496][T21598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3075.231226][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3075.241088][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3075.267399][T29489] team0: Port device team_slave_0 added [ 3075.273722][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3075.283366][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3075.292259][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3075.327895][T29489] team0: Port device team_slave_1 added [ 3075.385318][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3075.394611][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3075.403549][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3075.412263][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3075.421704][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3075.430909][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3075.456742][T29486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3075.548667][T29489] device hsr_slave_0 entered promiscuous mode [ 3075.614238][T29489] device hsr_slave_1 entered promiscuous mode [ 3075.653073][T29489] debugfs: Directory 'hsr0' with parent '/' already present! [ 3075.749570][T29486] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3075.983522][T29489] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3076.092277][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3076.101948][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3076.118226][T29489] 8021q: adding VLAN 0 to HW filter on device team0 [ 3076.127260][T29497] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3076.239765][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3076.280811][T29498] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3076.292409][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3076.317762][T21598] bridge0: port 1(bridge_slave_0) entered blocking state [ 3076.324906][T21598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3076.389003][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3076.399006][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3076.408560][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3076.419131][T19213] bridge0: port 2(bridge_slave_1) entered blocking state [ 3076.426277][T19213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3076.811981][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 16:55:39 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3076.931983][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3076.941802][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3076.951237][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3077.031341][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3077.044269][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3077.068289][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3077.126762][T29504] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3077.176811][T29505] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3077.216312][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3077.231119][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3077.240541][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3077.250706][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3077.321085][T29489] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3077.421277][T29489] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3077.774303][T29515] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3077.790192][T29515] CPU: 0 PID: 29515 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3077.798297][T29515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3077.808353][T29515] Call Trace: [ 3077.811647][T29515] dump_stack+0x172/0x1f0 [ 3077.815980][T29515] dump_header+0x10b/0x82d [ 3077.820401][T29515] oom_kill_process.cold+0x10/0x15 [ 3077.825520][T29515] out_of_memory+0x79a/0x12c0 [ 3077.830217][T29515] ? __sched_text_start+0x8/0x8 [ 3077.835071][T29515] ? oom_killer_disable+0x280/0x280 [ 3077.840283][T29515] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3077.845836][T29515] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3077.851471][T29515] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3077.857282][T29515] ? cgroup_file_notify+0x140/0x1b0 [ 3077.862483][T29515] memory_max_write+0x262/0x3a0 [ 3077.867341][T29515] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3077.874101][T29515] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3077.879575][T29515] cgroup_file_write+0x241/0x790 [ 3077.884518][T29515] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3077.891274][T29515] ? cgroup_migrate_add_task+0x890/0x890 [ 3077.896915][T29515] ? kernfs_ops+0x9f/0x110 [ 3077.901321][T29515] ? kernfs_ops+0xbe/0x110 [ 3077.905735][T29515] ? cgroup_migrate_add_task+0x890/0x890 [ 3077.911364][T29515] kernfs_fop_write+0x2b8/0x480 [ 3077.916224][T29515] __vfs_write+0x8a/0x110 [ 3077.920563][T29515] ? kernfs_fop_open+0xd80/0xd80 [ 3077.925511][T29515] vfs_write+0x268/0x5d0 [ 3077.929753][T29515] ksys_write+0x14f/0x290 [ 3077.934086][T29515] ? __ia32_sys_read+0xb0/0xb0 [ 3077.938856][T29515] __x64_sys_write+0x73/0xb0 [ 3077.943443][T29515] do_syscall_64+0xfd/0x6a0 [ 3077.947942][T29515] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3077.953825][T29515] RIP: 0033:0x459829 [ 3077.957729][T29515] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3077.977425][T29515] RSP: 002b:00007fce1d70fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3077.985837][T29515] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3077.993802][T29515] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3078.001768][T29515] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3078.009733][T29515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce1d7106d4 [ 3078.017703][T29515] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3078.029329][T29515] memory: usage 3872kB, limit 0kB, failcnt 2838451 [ 3078.036209][T29515] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3078.043735][T29515] Memory cgroup stats for /syz4: [ 3078.045464][T29515] anon 2080768 [ 3078.045464][T29515] file 602112 [ 3078.045464][T29515] kernel_stack 65536 [ 3078.045464][T29515] slab 917504 [ 3078.045464][T29515] sock 0 [ 3078.045464][T29515] shmem 323584 [ 3078.045464][T29515] file_mapped 0 [ 3078.045464][T29515] file_dirty 0 [ 3078.045464][T29515] file_writeback 0 [ 3078.045464][T29515] anon_thp 2097152 [ 3078.045464][T29515] inactive_anon 270336 [ 3078.045464][T29515] active_anon 2080768 [ 3078.045464][T29515] inactive_file 0 [ 3078.045464][T29515] active_file 0 [ 3078.045464][T29515] unevictable 0 [ 3078.045464][T29515] slab_reclaimable 270336 [ 3078.045464][T29515] slab_unreclaimable 647168 [ 3078.045464][T29515] pgfault 104940 [ 3078.045464][T29515] pgmajfault 0 [ 3078.045464][T29515] workingset_refault 0 [ 3078.045464][T29515] workingset_activate 0 [ 3078.045464][T29515] workingset_nodereclaim 0 [ 3078.045464][T29515] pgrefill 0 [ 3078.045464][T29515] pgscan 37 [ 3078.045464][T29515] pgsteal 37 [ 3078.045464][T29515] pgactivate 0 [ 3078.141757][T29515] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29514,uid=0 [ 3078.165939][T29515] Memory cgroup out of memory: Killed process 29514 (syz-executor.4) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3078.185048][ T1057] oom_reaper: reaped process 29514 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:55:40 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0), 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:40 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xfffff000}, 0x0) 16:55:40 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000", 0x29}], 0x1}, 0x0) 16:55:40 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:40 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:55:40 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3078.613913][T29489] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3078.646550][T29523] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3078.666621][T29489] CPU: 0 PID: 29489 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3078.666699][T29517] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3078.674964][T29489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3078.674972][T29489] Call Trace: [ 3078.674994][T29489] dump_stack+0x172/0x1f0 [ 3078.675016][T29489] dump_header+0x10b/0x82d [ 3078.675029][T29489] ? oom_kill_process+0x94/0x3f0 [ 3078.675048][T29489] oom_kill_process.cold+0x10/0x15 [ 3078.675066][T29489] out_of_memory+0x79a/0x12c0 [ 3078.675083][T29489] ? lock_downgrade+0x920/0x920 [ 3078.675112][T29489] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3078.675129][T29489] ? oom_killer_disable+0x280/0x280 [ 3078.675158][T29489] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3078.675174][T29489] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3078.675195][T29489] ? do_raw_spin_unlock+0x57/0x270 [ 3078.675212][T29489] ? _raw_spin_unlock+0x2d/0x50 16:55:41 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000", 0x29}], 0x1}, 0x0) [ 3078.675230][T29489] try_charge+0xf4b/0x1440 [ 3078.675257][T29489] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3078.675272][T29489] ? percpu_ref_tryget_live+0x111/0x290 [ 3078.675292][T29489] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3078.675312][T29489] ? __kasan_check_read+0x11/0x20 [ 3078.675334][T29489] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3078.675354][T29489] mem_cgroup_try_charge+0x136/0x590 [ 3078.675378][T29489] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3078.675399][T29489] __handle_mm_fault+0x1e3a/0x3f20 [ 3078.675423][T29489] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3078.675456][T29489] ? __kasan_check_read+0x11/0x20 [ 3078.675483][T29489] handle_mm_fault+0x1b5/0x6b0 [ 3078.675508][T29489] __do_page_fault+0x536/0xdd0 [ 3078.675537][T29489] do_page_fault+0x38/0x590 [ 3078.675556][T29489] page_fault+0x39/0x40 [ 3078.675569][T29489] RIP: 0033:0x4034f2 [ 3078.675584][T29489] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 3078.675591][T29489] RSP: 002b:00007fff7a464f30 EFLAGS: 00010246 [ 3078.675604][T29489] RAX: 0000000000000000 RBX: 00000000002ef650 RCX: 0000000000413430 [ 3078.675612][T29489] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff7a466060 [ 3078.675621][T29489] RBP: 0000000000000002 R08: 0000000000000001 R09: 000055555659a940 [ 3078.675630][T29489] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff7a466060 [ 3078.675639][T29489] R13: 00007fff7a466050 R14: 0000000000000000 R15: 00007fff7a466060 [ 3078.686824][T29523] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3078.781849][T29489] memory: usage 1540kB, limit 0kB, failcnt 2838459 [ 3078.801096][T29528] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3078.918782][T29489] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 16:55:41 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000", 0x29}], 0x1}, 0x0) [ 3079.065433][T29489] Memory cgroup stats for /syz4: [ 3079.065540][T29489] anon 40960 [ 3079.065540][T29489] file 602112 [ 3079.065540][T29489] kernel_stack 0 [ 3079.065540][T29489] slab 917504 [ 3079.065540][T29489] sock 0 [ 3079.065540][T29489] shmem 323584 [ 3079.065540][T29489] file_mapped 0 [ 3079.065540][T29489] file_dirty 0 [ 3079.065540][T29489] file_writeback 0 [ 3079.065540][T29489] anon_thp 0 [ 3079.065540][T29489] inactive_anon 270336 [ 3079.065540][T29489] active_anon 40960 [ 3079.065540][T29489] inactive_file 0 [ 3079.065540][T29489] active_file 0 [ 3079.065540][T29489] unevictable 0 [ 3079.065540][T29489] slab_reclaimable 270336 [ 3079.065540][T29489] slab_unreclaimable 647168 [ 3079.065540][T29489] pgfault 104940 [ 3079.065540][T29489] pgmajfault 0 [ 3079.065540][T29489] workingset_refault 0 [ 3079.065540][T29489] workingset_activate 0 [ 3079.065540][T29489] workingset_nodereclaim 0 [ 3079.065540][T29489] pgrefill 0 [ 3079.065540][T29489] pgscan 37 [ 3079.065540][T29489] pgsteal 37 [ 3079.065540][T29489] pgactivate 0 [ 3079.176730][T29489] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29489,uid=0 [ 3079.194872][T29489] Memory cgroup out of memory: Killed process 29489 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB 16:55:41 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b", 0x2c}], 0x1}, 0x0) [ 3079.217995][T29522] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3079.246064][ T1057] oom_reaper: reaped process 29489 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 16:55:41 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b", 0x2c}], 0x1}, 0x0) 16:55:41 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xffffff7f}, 0x0) 16:55:41 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b", 0x2c}], 0x1}, 0x0) [ 3079.482768][T29547] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3079.509904][T29547] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3079.928404][T29529] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:42 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0), 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:42 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e", 0x2d}], 0x1}, 0x0) 16:55:42 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xffffff9e}, 0x0) [ 3080.230781][T29559] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3080.254252][T29559] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3080.305102][T29561] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3080.454838][T29567] IPVS: ftp: loaded support on port[0] = 21 [ 3081.297069][T29567] chnl_net:caif_netlink_parms(): no params data found [ 3081.340613][T29567] bridge0: port 1(bridge_slave_0) entered blocking state [ 3081.348988][T29567] bridge0: port 1(bridge_slave_0) entered disabled state [ 3081.357802][T29567] device bridge_slave_0 entered promiscuous mode [ 3081.367038][T29567] bridge0: port 2(bridge_slave_1) entered blocking state [ 3081.375367][T29567] bridge0: port 2(bridge_slave_1) entered disabled state [ 3081.384419][T29567] device bridge_slave_1 entered promiscuous mode [ 3081.410242][T29567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3081.422821][T29567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3081.487960][T29567] team0: Port device team_slave_0 added [ 3081.496513][T29567] team0: Port device team_slave_1 added [ 3081.556525][T29567] device hsr_slave_0 entered promiscuous mode [ 3081.603709][T29567] device hsr_slave_1 entered promiscuous mode [ 3081.653026][T29567] debugfs: Directory 'hsr0' with parent '/' already present! [ 3081.715381][T29567] bridge0: port 2(bridge_slave_1) entered blocking state [ 3081.722470][T29567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3081.729873][T29567] bridge0: port 1(bridge_slave_0) entered blocking state [ 3081.736974][T29567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3081.841101][T29567] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3081.857941][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3081.869170][ T854] bridge0: port 1(bridge_slave_0) entered disabled state [ 3081.878357][ T854] bridge0: port 2(bridge_slave_1) entered disabled state [ 3081.887646][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3081.942100][T29567] 8021q: adding VLAN 0 to HW filter on device team0 [ 3081.958372][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3081.984723][ T854] bridge0: port 1(bridge_slave_0) entered blocking state [ 3081.991823][ T854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3082.054870][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3082.073804][T19213] bridge0: port 2(bridge_slave_1) entered blocking state [ 3082.080872][T19213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3082.105864][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3082.165225][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3082.175018][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3082.237047][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3082.254472][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3082.265887][T29567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3082.294716][T29567] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3082.520156][T29576] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3082.531797][T29576] CPU: 1 PID: 29576 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3082.540146][T29576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3082.550292][T29576] Call Trace: [ 3082.553591][T29576] dump_stack+0x172/0x1f0 [ 3082.557918][T29576] dump_header+0x10b/0x82d [ 3082.562313][T29576] oom_kill_process.cold+0x10/0x15 [ 3082.567404][T29576] out_of_memory+0x79a/0x12c0 [ 3082.572060][T29576] ? __sched_text_start+0x8/0x8 [ 3082.577024][T29576] ? oom_killer_disable+0x280/0x280 [ 3082.582205][T29576] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3082.587725][T29576] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3082.593346][T29576] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3082.599137][T29576] ? cgroup_file_notify+0x140/0x1b0 [ 3082.604314][T29576] memory_max_write+0x262/0x3a0 [ 3082.609158][T29576] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3082.615913][T29576] ? lock_acquire+0x20b/0x410 [ 3082.620574][T29576] cgroup_file_write+0x241/0x790 [ 3082.625497][T29576] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3082.632231][T29576] ? cgroup_migrate_add_task+0x890/0x890 [ 3082.637846][T29576] ? cgroup_migrate_add_task+0x890/0x890 [ 3082.643461][T29576] kernfs_fop_write+0x2b8/0x480 [ 3082.648314][T29576] __vfs_write+0x8a/0x110 [ 3082.652649][T29576] ? kernfs_fop_open+0xd80/0xd80 [ 3082.657575][T29576] vfs_write+0x268/0x5d0 [ 3082.661799][T29576] ksys_write+0x14f/0x290 [ 3082.666216][T29576] ? __ia32_sys_read+0xb0/0xb0 [ 3082.671086][T29576] ? do_syscall_64+0x26/0x6a0 [ 3082.675760][T29576] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3082.681808][T29576] ? do_syscall_64+0x26/0x6a0 [ 3082.686464][T29576] __x64_sys_write+0x73/0xb0 [ 3082.691031][T29576] do_syscall_64+0xfd/0x6a0 [ 3082.695520][T29576] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3082.701398][T29576] RIP: 0033:0x459829 [ 3082.705272][T29576] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3082.724854][T29576] RSP: 002b:00007f86b05e2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3082.733250][T29576] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3082.741195][T29576] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3082.749145][T29576] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3082.757189][T29576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f86b05e36d4 [ 3082.765773][T29576] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3082.795006][T29576] memory: usage 3320kB, limit 0kB, failcnt 507656 [ 3082.801973][T29576] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3082.815999][T29576] Memory cgroup stats for /syz3: [ 3082.817242][T29576] anon 2060288 [ 3082.817242][T29576] file 155648 [ 3082.817242][T29576] kernel_stack 0 [ 3082.817242][T29576] slab 798720 [ 3082.817242][T29576] sock 0 [ 3082.817242][T29576] shmem 0 [ 3082.817242][T29576] file_mapped 0 [ 3082.817242][T29576] file_dirty 0 [ 3082.817242][T29576] file_writeback 0 [ 3082.817242][T29576] anon_thp 2097152 [ 3082.817242][T29576] inactive_anon 0 [ 3082.817242][T29576] active_anon 2060288 [ 3082.817242][T29576] inactive_file 0 [ 3082.817242][T29576] active_file 0 [ 3082.817242][T29576] unevictable 0 [ 3082.817242][T29576] slab_reclaimable 270336 [ 3082.817242][T29576] slab_unreclaimable 528384 [ 3082.817242][T29576] pgfault 79662 [ 3082.817242][T29576] pgmajfault 0 [ 3082.817242][T29576] workingset_refault 0 [ 3082.817242][T29576] workingset_activate 0 [ 3082.817242][T29576] workingset_nodereclaim 0 [ 3082.817242][T29576] pgrefill 0 [ 3082.817242][T29576] pgscan 371 [ 3082.817242][T29576] pgsteal 371 [ 3082.817242][T29576] pgactivate 0 [ 3082.916355][T29576] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29575,uid=0 [ 3082.939627][T29576] Memory cgroup out of memory: Killed process 29575 (syz-executor.3) total-vm:72580kB, anon-rss:2180kB, file-rss:35800kB, shmem-rss:0kB [ 3082.957635][ T1057] oom_reaper: reaped process 29575 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 16:55:45 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:45 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:55:45 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e", 0x2d}], 0x1}, 0x0) 16:55:45 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:45 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xfffffff0}, 0x0) 16:55:45 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0), 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3083.027491][T29567] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3083.074306][T29582] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3083.099578][T29584] __nla_validate_parse: 1 callbacks suppressed [ 3083.099627][T29584] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3083.103075][T29567] CPU: 0 PID: 29567 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3083.123153][T29567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3083.133208][T29567] Call Trace: [ 3083.136505][T29567] dump_stack+0x172/0x1f0 [ 3083.140868][T29567] dump_header+0x10b/0x82d [ 3083.145288][T29567] ? oom_kill_process+0x94/0x3f0 [ 3083.150228][T29567] oom_kill_process.cold+0x10/0x15 [ 3083.155341][T29567] out_of_memory+0x79a/0x12c0 [ 3083.160013][T29567] ? lock_downgrade+0x920/0x920 [ 3083.160031][T29567] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3083.160049][T29567] ? oom_killer_disable+0x280/0x280 [ 3083.160079][T29567] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3083.160112][T29567] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3083.160134][T29567] ? do_raw_spin_unlock+0x57/0x270 [ 3083.160167][T29567] ? _raw_spin_unlock+0x2d/0x50 [ 3083.160182][T29567] try_charge+0xf4b/0x1440 [ 3083.160204][T29567] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3083.207005][T29567] ? percpu_ref_tryget_live+0x111/0x290 [ 3083.207045][T29567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3083.207065][T29567] ? __kasan_check_read+0x11/0x20 [ 3083.207089][T29567] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3083.207109][T29567] mem_cgroup_try_charge+0x136/0x590 [ 3083.207133][T29567] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3083.207153][T29567] wp_page_copy+0x421/0x15e0 [ 3083.207172][T29567] ? find_held_lock+0x35/0x130 [ 3083.207194][T29567] ? pmd_pfn+0x1d0/0x1d0 [ 3083.207213][T29567] ? lock_downgrade+0x920/0x920 [ 3083.207234][T29567] ? swp_swapcount+0x540/0x540 [ 3083.207252][T29567] ? __kasan_check_read+0x11/0x20 [ 3083.207267][T29567] ? do_raw_spin_unlock+0x57/0x270 [ 3083.207286][T29567] do_wp_page+0x499/0x14d0 [ 3083.207308][T29567] ? finish_mkwrite_fault+0x570/0x570 [ 3083.223027][T29582] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3083.224090][T29567] __handle_mm_fault+0x22f7/0x3f20 [ 3083.224112][T29567] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3083.224142][T29567] ? __kasan_check_read+0x11/0x20 [ 3083.308449][T29567] handle_mm_fault+0x1b5/0x6b0 [ 3083.308711][T29586] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3083.313222][T29567] __do_page_fault+0x536/0xdd0 [ 3083.313248][T29567] do_page_fault+0x38/0x590 [ 3083.313268][T29567] page_fault+0x39/0x40 [ 3083.313279][T29567] RIP: 0033:0x430906 [ 3083.313292][T29567] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3083.313299][T29567] RSP: 002b:00007ffe80b511d0 EFLAGS: 00010206 [ 3083.365465][T29567] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 16:55:45 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e", 0x2d}], 0x1}, 0x0) [ 3083.373442][T29567] RDX: 00005555564c1930 RSI: 00005555564c9970 RDI: 0000000000000003 [ 3083.373451][T29567] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555564c0940 [ 3083.373458][T29567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3083.373465][T29567] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3083.493147][T29567] memory: usage 988kB, limit 0kB, failcnt 507664 [ 3083.501088][T29567] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3083.511323][T29583] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:55:45 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x0, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3083.659129][T29582] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3083.687084][T29582] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:55:46 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xfffffffc}, 0x0) [ 3083.811501][T29592] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3083.926821][T29602] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3083.948839][T29602] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3083.953166][T29567] Memory cgroup stats for /syz3: [ 3083.953269][T29567] anon 0 [ 3083.953269][T29567] file 155648 [ 3083.953269][T29567] kernel_stack 0 [ 3083.953269][T29567] slab 798720 [ 3083.953269][T29567] sock 0 [ 3083.953269][T29567] shmem 0 [ 3083.953269][T29567] file_mapped 0 [ 3083.953269][T29567] file_dirty 0 [ 3083.953269][T29567] file_writeback 0 [ 3083.953269][T29567] anon_thp 0 [ 3083.953269][T29567] inactive_anon 0 [ 3083.953269][T29567] active_anon 0 [ 3083.953269][T29567] inactive_file 0 [ 3083.953269][T29567] active_file 0 [ 3083.953269][T29567] unevictable 0 [ 3083.953269][T29567] slab_reclaimable 270336 [ 3083.953269][T29567] slab_unreclaimable 528384 [ 3083.953269][T29567] pgfault 79662 [ 3083.953269][T29567] pgmajfault 0 16:55:46 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) [ 3083.953269][T29567] workingset_refault 0 [ 3083.953269][T29567] workingset_activate 0 [ 3083.953269][T29567] workingset_nodereclaim 0 [ 3083.953269][T29567] pgrefill 0 [ 3083.953269][T29567] pgscan 371 [ 3083.953269][T29567] pgsteal 371 [ 3083.953269][T29567] pgactivate 0 [ 3083.953269][T29567] pgdeactivate 0 [ 3084.056926][T29567] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29567,uid=0 [ 3084.076720][T29567] Memory cgroup out of memory: Killed process 29567 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3084.117275][T29599] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3084.117406][ T1057] oom_reaper: reaped process 29567 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3084.135975][T29599] CPU: 1 PID: 29599 Comm: syz-executor.1 Not tainted 5.3.0-rc3+ #97 [ 3084.146515][T29599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3084.156570][T29599] Call Trace: [ 3084.159861][T29599] dump_stack+0x172/0x1f0 [ 3084.164196][T29599] dump_header+0x10b/0x82d [ 3084.168616][T29599] oom_kill_process.cold+0x10/0x15 [ 3084.173734][T29599] out_of_memory+0x79a/0x12c0 [ 3084.178409][T29599] ? __this_cpu_preempt_check+0x3a/0x210 [ 3084.184050][T29599] ? retint_kernel+0x2b/0x2b [ 3084.184069][T29599] ? oom_killer_disable+0x280/0x280 [ 3084.184097][T29599] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3084.184112][T29599] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3084.184133][T29599] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3084.193882][T29599] ? cgroup_file_notify+0x140/0x1b0 [ 3084.193903][T29599] memory_max_write+0x262/0x3a0 [ 3084.193926][T29599] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3084.193946][T29599] ? lock_acquire+0x190/0x410 [ 3084.232276][T29599] ? kernfs_fop_write+0x227/0x480 [ 3084.237296][T29599] cgroup_file_write+0x241/0x790 [ 3084.242237][T29599] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3084.248986][T29599] ? cgroup_migrate_add_task+0x890/0x890 [ 3084.254615][T29599] ? cgroup_migrate_add_task+0x890/0x890 [ 3084.260243][T29599] kernfs_fop_write+0x2b8/0x480 [ 3084.265092][T29599] __vfs_write+0x8a/0x110 [ 3084.269400][T29599] ? kernfs_fop_open+0xd80/0xd80 [ 3084.274324][T29599] vfs_write+0x268/0x5d0 [ 3084.278559][T29599] ksys_write+0x14f/0x290 [ 3084.282883][T29599] ? __ia32_sys_read+0xb0/0xb0 [ 3084.287645][T29599] __x64_sys_write+0x73/0xb0 [ 3084.292226][T29599] do_syscall_64+0xfd/0x6a0 [ 3084.296724][T29599] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3084.302605][T29599] RIP: 0033:0x459829 [ 3084.306483][T29599] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 16:55:46 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x3000000000000}, 0x0) [ 3084.326156][T29599] RSP: 002b:00007f540323ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3084.334550][T29599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3084.342501][T29599] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3084.350456][T29599] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3084.358409][T29599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f540323f6d4 [ 3084.366374][T29599] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3084.393950][T29599] memory: usage 5692kB, limit 0kB, failcnt 193266 [ 3084.418021][T29599] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3084.443643][T29610] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3084.445657][T29599] Memory cgroup stats for /syz1: [ 3084.448326][T29599] anon 2244608 [ 3084.448326][T29599] file 94208 [ 3084.448326][T29599] kernel_stack 65536 [ 3084.448326][T29599] slab 2973696 [ 3084.448326][T29599] sock 0 [ 3084.448326][T29599] shmem 0 [ 3084.448326][T29599] file_mapped 0 [ 3084.448326][T29599] file_dirty 0 [ 3084.448326][T29599] file_writeback 0 [ 3084.448326][T29599] anon_thp 2097152 [ 3084.448326][T29599] inactive_anon 0 [ 3084.448326][T29599] active_anon 2174976 [ 3084.448326][T29599] inactive_file 0 [ 3084.448326][T29599] active_file 0 [ 3084.448326][T29599] unevictable 0 [ 3084.448326][T29599] slab_reclaimable 1216512 [ 3084.448326][T29599] slab_unreclaimable 1757184 [ 3084.448326][T29599] pgfault 111903 [ 3084.448326][T29599] pgmajfault 0 [ 3084.448326][T29599] workingset_refault 0 [ 3084.448326][T29599] workingset_activate 0 [ 3084.448326][T29599] workingset_nodereclaim 0 [ 3084.448326][T29599] pgrefill 0 [ 3084.448326][T29599] pgscan 0 [ 3084.448326][T29599] pgsteal 0 [ 3084.448326][T29599] pgactivate 0 [ 3084.459627][T29610] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3084.581243][T29606] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:55:46 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3084.826793][T29621] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3084.959586][T29599] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=29598,uid=0 [ 3085.023736][T29599] Memory cgroup out of memory: Killed process 29598 (syz-executor.1) total-vm:72576kB, anon-rss:2200kB, file-rss:35852kB, shmem-rss:0kB [ 3085.056158][ T1057] oom_reaper: reaped process 29598 (syz-executor.1), now anon-rss:0kB, file-rss:34892kB, shmem-rss:0kB [ 3085.230192][T29610] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:55:47 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 3085.522851][T29622] IPVS: ftp: loaded support on port[0] = 21 [ 3085.861536][T29622] chnl_net:caif_netlink_parms(): no params data found [ 3085.906557][T29622] bridge0: port 1(bridge_slave_0) entered blocking state [ 3085.914171][T29622] bridge0: port 1(bridge_slave_0) entered disabled state [ 3085.922591][T29622] device bridge_slave_0 entered promiscuous mode [ 3085.931665][T29622] bridge0: port 2(bridge_slave_1) entered blocking state [ 3085.940044][T29622] bridge0: port 2(bridge_slave_1) entered disabled state [ 3085.948791][T29622] device bridge_slave_1 entered promiscuous mode [ 3086.028925][T29622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3086.041421][T29622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3086.101937][T29622] team0: Port device team_slave_0 added [ 3086.110434][T29622] team0: Port device team_slave_1 added [ 3086.166466][T29622] device hsr_slave_0 entered promiscuous mode [ 3086.213761][T29622] device hsr_slave_1 entered promiscuous mode [ 3086.253008][T29622] debugfs: Directory 'hsr0' with parent '/' already present! [ 3086.426705][T29622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3086.496267][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3086.504874][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3086.516905][T29622] 8021q: adding VLAN 0 to HW filter on device team0 [ 3086.529997][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3086.540264][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3086.549100][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 3086.556183][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3086.618925][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3086.644181][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3086.654871][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3086.663495][ T854] bridge0: port 2(bridge_slave_1) entered blocking state [ 3086.670580][ T854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3086.679892][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3086.759292][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3086.769084][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3086.778628][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3086.804260][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3086.866024][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3086.875553][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3086.893891][T29622] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 3086.904352][T29622] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3086.917456][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3086.927208][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3086.936464][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3086.945479][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3087.011766][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3087.032850][T29622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3087.325863][T29633] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3087.336943][T29633] CPU: 0 PID: 29633 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3087.344919][T29633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3087.354966][T29633] Call Trace: [ 3087.358254][T29633] dump_stack+0x172/0x1f0 [ 3087.362584][T29633] dump_header+0x10b/0x82d [ 3087.367003][T29633] oom_kill_process.cold+0x10/0x15 [ 3087.372112][T29633] out_of_memory+0x79a/0x12c0 [ 3087.376792][T29633] ? __sched_text_start+0x8/0x8 [ 3087.381639][T29633] ? oom_killer_disable+0x280/0x280 [ 3087.386847][T29633] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3087.392387][T29633] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3087.398022][T29633] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3087.403823][T29633] ? cgroup_file_notify+0x140/0x1b0 [ 3087.409020][T29633] memory_max_write+0x262/0x3a0 [ 3087.413872][T29633] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3087.420628][T29633] ? lock_acquire+0x190/0x410 [ 3087.425294][T29633] ? kernfs_fop_write+0x227/0x480 [ 3087.430318][T29633] cgroup_file_write+0x241/0x790 [ 3087.435252][T29633] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3087.442006][T29633] ? cgroup_migrate_add_task+0x890/0x890 [ 3087.447646][T29633] ? cgroup_migrate_add_task+0x890/0x890 [ 3087.453278][T29633] kernfs_fop_write+0x2b8/0x480 [ 3087.458136][T29633] __vfs_write+0x8a/0x110 [ 3087.462456][T29633] ? kernfs_fop_open+0xd80/0xd80 [ 3087.467392][T29633] vfs_write+0x268/0x5d0 [ 3087.472332][T29633] ksys_write+0x14f/0x290 [ 3087.476660][T29633] ? __ia32_sys_read+0xb0/0xb0 [ 3087.481420][T29633] ? do_syscall_64+0x26/0x6a0 [ 3087.486092][T29633] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3087.492146][T29633] ? do_syscall_64+0x26/0x6a0 [ 3087.496825][T29633] __x64_sys_write+0x73/0xb0 [ 3087.501411][T29633] do_syscall_64+0xfd/0x6a0 [ 3087.505919][T29633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3087.511801][T29633] RIP: 0033:0x459829 [ 3087.515693][T29633] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3087.535307][T29633] RSP: 002b:00007f23f7622c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3087.543717][T29633] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3087.551688][T29633] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3087.559676][T29633] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3087.567644][T29633] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23f76236d4 [ 3087.575625][T29633] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3087.604448][T29633] memory: usage 4000kB, limit 0kB, failcnt 2838460 [ 3087.611318][T29633] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3087.621104][T29633] Memory cgroup stats for /syz4: [ 3087.622893][T29633] anon 2220032 [ 3087.622893][T29633] file 602112 [ 3087.622893][T29633] kernel_stack 65536 [ 3087.622893][T29633] slab 917504 [ 3087.622893][T29633] sock 0 [ 3087.622893][T29633] shmem 323584 [ 3087.622893][T29633] file_mapped 0 [ 3087.622893][T29633] file_dirty 0 [ 3087.622893][T29633] file_writeback 0 [ 3087.622893][T29633] anon_thp 2097152 [ 3087.622893][T29633] inactive_anon 270336 [ 3087.622893][T29633] active_anon 2220032 [ 3087.622893][T29633] inactive_file 0 [ 3087.622893][T29633] active_file 0 [ 3087.622893][T29633] unevictable 0 [ 3087.622893][T29633] slab_reclaimable 270336 [ 3087.622893][T29633] slab_unreclaimable 647168 [ 3087.622893][T29633] pgfault 105006 [ 3087.622893][T29633] pgmajfault 0 [ 3087.622893][T29633] workingset_refault 0 [ 3087.622893][T29633] workingset_activate 0 [ 3087.622893][T29633] workingset_nodereclaim 0 [ 3087.622893][T29633] pgrefill 0 [ 3087.622893][T29633] pgscan 37 [ 3087.622893][T29633] pgsteal 37 [ 3087.622893][T29633] pgactivate 0 [ 3087.719648][T29633] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29632,uid=0 [ 3087.742161][T29633] Memory cgroup out of memory: Killed process 29632 (syz-executor.4) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 3087.760074][ T1057] oom_reaper: reaped process 29632 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:55:50 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:55:50 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) 16:55:50 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:50 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:50 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x40030000000000}, 0x0) 16:55:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{0x0}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 3087.831712][T29622] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3087.873741][T29636] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3087.890217][T29622] CPU: 0 PID: 29622 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3087.898307][T29622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3087.908359][T29622] Call Trace: [ 3087.911664][T29622] dump_stack+0x172/0x1f0 [ 3087.916001][T29622] dump_header+0x10b/0x82d [ 3087.920416][T29622] ? oom_kill_process+0x94/0x3f0 [ 3087.925360][T29622] oom_kill_process.cold+0x10/0x15 [ 3087.930479][T29622] out_of_memory+0x79a/0x12c0 [ 3087.935169][T29622] ? lock_downgrade+0x920/0x920 [ 3087.940124][T29622] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3087.945928][T29622] ? oom_killer_disable+0x280/0x280 [ 3087.951141][T29622] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3087.956687][T29622] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3087.962411][T29622] ? do_raw_spin_unlock+0x57/0x270 [ 3087.967529][T29622] ? _raw_spin_unlock+0x2d/0x50 [ 3087.972383][T29622] try_charge+0xf4b/0x1440 [ 3087.976828][T29622] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3087.982374][T29622] ? percpu_ref_tryget_live+0x111/0x290 [ 3087.987922][T29622] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3087.994168][T29622] ? __kasan_check_read+0x11/0x20 [ 3087.999196][T29622] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3088.004750][T29622] mem_cgroup_try_charge+0x136/0x590 [ 3088.010039][T29622] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3088.015676][T29622] __handle_mm_fault+0x1e3a/0x3f20 [ 3088.020797][T29622] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3088.026476][T29622] ? __kasan_check_read+0x11/0x20 [ 3088.031512][T29622] handle_mm_fault+0x1b5/0x6b0 [ 3088.036306][T29622] __do_page_fault+0x536/0xdd0 [ 3088.041083][T29622] do_page_fault+0x38/0x590 [ 3088.045596][T29622] page_fault+0x39/0x40 [ 3088.049755][T29622] RIP: 0033:0x4034f2 [ 3088.053647][T29622] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 3088.073341][T29622] RSP: 002b:00007ffe83cf1ee0 EFLAGS: 00010246 [ 3088.079407][T29622] RAX: 0000000000000000 RBX: 00000000002f1b8e RCX: 0000000000413430 [ 3088.087377][T29622] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe83cf3010 [ 3088.095350][T29622] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555ba1940 [ 3088.103321][T29622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe83cf3010 [ 3088.111311][T29622] R13: 00007ffe83cf3000 R14: 0000000000000000 R15: 00007ffe83cf3010 [ 3088.127840][T29636] __nla_validate_parse: 3 callbacks suppressed [ 3088.128802][T29636] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3088.163658][T29622] memory: usage 1668kB, limit 0kB, failcnt 2838472 [ 3088.170383][T29622] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3088.186019][T29639] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3088.205164][T29622] Memory cgroup stats for /syz4: [ 3088.205270][T29622] anon 0 [ 3088.205270][T29622] file 602112 [ 3088.205270][T29622] kernel_stack 0 [ 3088.205270][T29622] slab 917504 [ 3088.205270][T29622] sock 0 [ 3088.205270][T29622] shmem 323584 [ 3088.205270][T29622] file_mapped 0 [ 3088.205270][T29622] file_dirty 0 [ 3088.205270][T29622] file_writeback 0 [ 3088.205270][T29622] anon_thp 0 [ 3088.205270][T29622] inactive_anon 270336 [ 3088.205270][T29622] active_anon 0 [ 3088.205270][T29622] inactive_file 0 [ 3088.205270][T29622] active_file 0 [ 3088.205270][T29622] unevictable 0 [ 3088.205270][T29622] slab_reclaimable 270336 [ 3088.205270][T29622] slab_unreclaimable 647168 [ 3088.205270][T29622] pgfault 105006 [ 3088.205270][T29622] pgmajfault 0 [ 3088.205270][T29622] workingset_refault 0 [ 3088.205270][T29622] workingset_activate 0 [ 3088.205270][T29622] workingset_nodereclaim 0 16:55:50 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) [ 3088.205270][T29622] pgrefill 0 [ 3088.205270][T29622] pgscan 37 [ 3088.205270][T29622] pgsteal 37 [ 3088.205270][T29622] pgactivate 0 [ 3088.361853][T29646] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:50 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf0ffffffffffff}, 0x0) [ 3088.441838][T29649] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3088.444327][T29622] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29622,uid=0 [ 3088.473137][T29622] Memory cgroup out of memory: Killed process 29622 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3088.523952][T29654] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3088.536389][T28120] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 3088.537076][ T1057] oom_reaper: reaped process 29622 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3088.549643][T29654] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3088.572640][T28120] CPU: 1 PID: 28120 Comm: syz-executor.1 Not tainted 5.3.0-rc3+ #97 [ 3088.580631][T28120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3088.590685][T28120] Call Trace: [ 3088.593999][T28120] dump_stack+0x172/0x1f0 [ 3088.598347][T28120] dump_header+0x10b/0x82d [ 3088.602767][T28120] ? oom_kill_process+0x94/0x3f0 [ 3088.607713][T28120] oom_kill_process.cold+0x10/0x15 [ 3088.612838][T28120] out_of_memory+0x79a/0x12c0 [ 3088.617516][T28120] ? lock_downgrade+0x920/0x920 [ 3088.622371][T28120] ? oom_killer_disable+0x280/0x280 [ 3088.627582][T28120] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3088.633122][T28120] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3088.638767][T28120] ? do_raw_spin_unlock+0x57/0x270 [ 3088.643882][T28120] ? _raw_spin_unlock+0x2d/0x50 [ 3088.648752][T28120] try_charge+0xf4b/0x1440 [ 3088.653184][T28120] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3088.658744][T28120] ? find_held_lock+0x35/0x130 [ 3088.663505][T28120] ? get_mem_cgroup_from_mm+0x139/0x320 [ 3088.669035][T28120] ? lock_downgrade+0x920/0x920 [ 3088.673876][T28120] ? percpu_ref_tryget_live+0x111/0x290 [ 3088.679435][T28120] __memcg_kmem_charge_memcg+0x71/0xf0 [ 3088.684972][T28120] ? memcg_kmem_put_cache+0x50/0x50 [ 3088.690151][T28120] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3088.695792][T28120] __memcg_kmem_charge+0x13a/0x3a0 [ 3088.700884][T28120] __alloc_pages_nodemask+0x4f4/0x900 [ 3088.706768][T28120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3088.713012][T28120] ? __alloc_pages_slowpath+0x2520/0x2520 [ 3088.718711][T28120] ? copy_process+0x46d1/0x6b00 [ 3088.723549][T28120] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3088.728814][T28120] ? trace_hardirqs_on+0x67/0x240 [ 3088.733830][T28120] ? __kasan_check_read+0x11/0x20 [ 3088.738834][T28120] copy_process+0x3f8/0x6b00 [ 3088.743416][T28120] ? __kasan_check_read+0x11/0x20 [ 3088.748421][T28120] ? __lock_acquire+0x1702/0x4c30 [ 3088.753424][T28120] ? __kasan_check_read+0x11/0x20 [ 3088.758430][T28120] ? mark_lock+0xc0/0x11e0 [ 3088.762832][T28120] ? __cleanup_sighand+0x60/0x60 [ 3088.767747][T28120] ? find_held_lock+0x35/0x130 [ 3088.772501][T28120] _do_fork+0x146/0xfa0 [ 3088.776640][T28120] ? copy_init_mm+0x20/0x20 [ 3088.781123][T28120] ? __kasan_check_read+0x11/0x20 [ 3088.786122][T28120] ? _copy_to_user+0x118/0x160 [ 3088.790862][T28120] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3088.797077][T28120] ? put_timespec64+0xda/0x140 [ 3088.801930][T28120] __x64_sys_clone+0x18d/0x250 [ 3088.806680][T28120] ? __ia32_sys_vfork+0xc0/0xc0 [ 3088.811519][T28120] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3088.816785][T28120] ? trace_hardirqs_on+0x67/0x240 [ 3088.821808][T28120] do_syscall_64+0xfd/0x6a0 [ 3088.826298][T28120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3088.832165][T28120] RIP: 0033:0x457dfa [ 3088.836038][T28120] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 3088.855618][T28120] RSP: 002b:00007fff7e223d80 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3088.864010][T28120] RAX: ffffffffffffffda RBX: 00007fff7e223d80 RCX: 0000000000457dfa [ 3088.871977][T28120] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3088.879939][T28120] RBP: 00007fff7e223dc0 R08: 0000000000000001 R09: 0000555556756940 [ 3088.887888][T28120] R10: 0000555556756c10 R11: 0000000000000246 R12: 0000000000000001 [ 3088.895842][T28120] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff7e223e10 [ 3088.914882][T28120] memory: usage 3348kB, limit 0kB, failcnt 193274 [ 3088.921425][T28120] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3088.932753][T28120] Memory cgroup stats for /syz1: [ 3088.932846][T28120] anon 139264 [ 3088.932846][T28120] file 94208 [ 3088.932846][T28120] kernel_stack 0 [ 3088.932846][T28120] slab 2973696 [ 3088.932846][T28120] sock 0 [ 3088.932846][T28120] shmem 0 [ 3088.932846][T28120] file_mapped 0 [ 3088.932846][T28120] file_dirty 0 [ 3088.932846][T28120] file_writeback 0 [ 3088.932846][T28120] anon_thp 0 [ 3088.932846][T28120] inactive_anon 0 [ 3088.932846][T28120] active_anon 69632 [ 3088.932846][T28120] inactive_file 0 [ 3088.932846][T28120] active_file 0 [ 3088.932846][T28120] unevictable 0 [ 3088.932846][T28120] slab_reclaimable 1216512 [ 3088.932846][T28120] slab_unreclaimable 1757184 [ 3088.932846][T28120] pgfault 111936 [ 3088.932846][T28120] pgmajfault 0 [ 3088.932846][T28120] workingset_refault 0 [ 3088.932846][T28120] workingset_activate 0 [ 3088.932846][T28120] workingset_nodereclaim 0 [ 3088.932846][T28120] pgrefill 0 [ 3088.932846][T28120] pgscan 0 [ 3088.932846][T28120] pgsteal 0 [ 3088.932846][T28120] pgactivate 0 [ 3089.027161][T28120] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=28120,uid=0 [ 3089.043196][T28120] Memory cgroup out of memory: Killed process 28120 (syz-executor.1) total-vm:72444kB, anon-rss:108kB, file-rss:35776kB, shmem-rss:0kB [ 3089.062654][ T1057] oom_reaper: reaped process 28120 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 16:55:51 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:51 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3089.510276][T29664] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. 16:55:51 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x100000000000000}, 0x0) [ 3089.650559][T29672] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3089.662243][T29672] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3089.932556][T29659] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:55:52 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, 0x0}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3090.060836][T29671] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:52 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:52 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, 0x0}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3090.175777][T29673] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:52 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x200000000000000}, 0x0) 16:55:52 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3090.218196][T29666] IPVS: ftp: loaded support on port[0] = 21 [ 3090.413592][T29681] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:55:52 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3090.958461][T29666] chnl_net:caif_netlink_parms(): no params data found [ 3091.121774][T29666] bridge0: port 1(bridge_slave_0) entered blocking state [ 3091.129824][T29666] bridge0: port 1(bridge_slave_0) entered disabled state [ 3091.141020][T29666] device bridge_slave_0 entered promiscuous mode [ 3091.150630][T29666] bridge0: port 2(bridge_slave_1) entered blocking state [ 3091.157860][T29666] bridge0: port 2(bridge_slave_1) entered disabled state [ 3091.166724][T29666] device bridge_slave_1 entered promiscuous mode [ 3091.245600][T29666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3091.301129][T29666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3091.326971][T29666] team0: Port device team_slave_0 added [ 3091.380828][T29666] team0: Port device team_slave_1 added [ 3091.436327][T29666] device hsr_slave_0 entered promiscuous mode [ 3091.473796][T29666] device hsr_slave_1 entered promiscuous mode [ 3091.512986][T29666] debugfs: Directory 'hsr0' with parent '/' already present! [ 3091.589817][T29666] bridge0: port 2(bridge_slave_1) entered blocking state [ 3091.597040][T29666] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3091.604465][T29666] bridge0: port 1(bridge_slave_0) entered blocking state [ 3091.611527][T29666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3091.621940][T19213] bridge0: port 1(bridge_slave_0) entered disabled state [ 3091.630633][T19213] bridge0: port 2(bridge_slave_1) entered disabled state [ 3091.761011][T29666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3091.835071][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3091.844071][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3091.857209][T29666] 8021q: adding VLAN 0 to HW filter on device team0 [ 3091.953201][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3091.962240][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3091.980961][ T854] bridge0: port 1(bridge_slave_0) entered blocking state [ 3091.988098][ T854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3092.069647][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3092.080817][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3092.089822][ T854] bridge0: port 2(bridge_slave_1) entered blocking state [ 3092.096959][ T854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3092.117294][T29691] IPVS: ftp: loaded support on port[0] = 21 [ 3092.124702][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3092.193559][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3092.203297][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3092.212480][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3092.221568][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3092.230914][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3092.240059][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3092.310656][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3092.319886][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3092.342625][T29693] IPVS: ftp: loaded support on port[0] = 21 [ 3092.366188][T29666] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3092.383925][T29666] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3092.393194][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3092.401964][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3092.599938][T29691] chnl_net:caif_netlink_parms(): no params data found [ 3092.614170][T29666] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3092.875636][T29691] bridge0: port 1(bridge_slave_0) entered blocking state [ 3092.883638][T29691] bridge0: port 1(bridge_slave_0) entered disabled state [ 3092.892180][T29691] device bridge_slave_0 entered promiscuous mode [ 3092.972853][T29691] bridge0: port 2(bridge_slave_1) entered blocking state [ 3092.982660][T29691] bridge0: port 2(bridge_slave_1) entered disabled state [ 3092.985295][T29702] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3093.002583][T29702] CPU: 1 PID: 29702 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3093.005773][T29691] device bridge_slave_1 entered promiscuous mode [ 3093.010665][T29702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3093.010671][T29702] Call Trace: [ 3093.010689][T29702] dump_stack+0x172/0x1f0 [ 3093.010709][T29702] dump_header+0x10b/0x82d [ 3093.030330][T29702] oom_kill_process.cold+0x10/0x15 [ 3093.044121][T29702] out_of_memory+0x79a/0x12c0 [ 3093.044142][T29702] ? __sched_text_start+0x8/0x8 [ 3093.044157][T29702] ? oom_killer_disable+0x280/0x280 [ 3093.044184][T29702] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3093.058832][T29702] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3093.058861][T29702] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3093.070079][T29702] ? cgroup_file_notify+0x140/0x1b0 [ 3093.070104][T29702] memory_max_write+0x262/0x3a0 [ 3093.081062][T29702] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3093.081084][T29702] ? lock_acquire+0x190/0x410 [ 3093.092641][T29702] ? kernfs_fop_write+0x227/0x480 [ 3093.092661][T29702] cgroup_file_write+0x241/0x790 [ 3093.092682][T29702] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3093.102327][T29702] ? cgroup_migrate_add_task+0x890/0x890 [ 3093.102354][T29702] ? cgroup_migrate_add_task+0x890/0x890 [ 3093.113996][T29702] kernfs_fop_write+0x2b8/0x480 [ 3093.114017][T29702] __vfs_write+0x8a/0x110 [ 3093.114033][T29702] ? kernfs_fop_open+0xd80/0xd80 [ 3093.125245][T29702] vfs_write+0x268/0x5d0 [ 3093.125265][T29702] ksys_write+0x14f/0x290 [ 3093.125281][T29702] ? __ia32_sys_read+0xb0/0xb0 [ 3093.134417][T29702] ? do_syscall_64+0x26/0x6a0 [ 3093.134431][T29702] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3093.134446][T29702] ? do_syscall_64+0x26/0x6a0 [ 3093.143590][T29702] __x64_sys_write+0x73/0xb0 [ 3093.143607][T29702] do_syscall_64+0xfd/0x6a0 [ 3093.143631][T29702] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3093.152658][T29702] RIP: 0033:0x459829 [ 3093.152672][T29702] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3093.152683][T29702] RSP: 002b:00007ff3abcf6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3093.163367][T29702] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3093.163375][T29702] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3093.163383][T29702] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3093.163392][T29702] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3abcf76d4 [ 3093.163400][T29702] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3093.259195][T29702] memory: usage 3332kB, limit 0kB, failcnt 507665 [ 3093.266037][T29702] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3093.273108][T29702] Memory cgroup stats for /syz3: [ 3093.274335][T29702] anon 2179072 [ 3093.274335][T29702] file 155648 [ 3093.274335][T29702] kernel_stack 0 [ 3093.274335][T29702] slab 798720 [ 3093.274335][T29702] sock 0 [ 3093.274335][T29702] shmem 0 [ 3093.274335][T29702] file_mapped 0 [ 3093.274335][T29702] file_dirty 0 [ 3093.274335][T29702] file_writeback 0 [ 3093.274335][T29702] anon_thp 2097152 [ 3093.274335][T29702] inactive_anon 0 [ 3093.274335][T29702] active_anon 2179072 [ 3093.274335][T29702] inactive_file 0 [ 3093.274335][T29702] active_file 0 [ 3093.274335][T29702] unevictable 0 [ 3093.274335][T29702] slab_reclaimable 270336 [ 3093.274335][T29702] slab_unreclaimable 528384 [ 3093.274335][T29702] pgfault 79761 [ 3093.274335][T29702] pgmajfault 0 [ 3093.274335][T29702] workingset_refault 0 [ 3093.274335][T29702] workingset_activate 0 [ 3093.274335][T29702] workingset_nodereclaim 0 [ 3093.274335][T29702] pgrefill 0 [ 3093.274335][T29702] pgscan 371 [ 3093.274335][T29702] pgsteal 371 [ 3093.274335][T29702] pgactivate 0 [ 3093.373370][T29702] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29700,uid=0 [ 3093.391966][T29702] Memory cgroup out of memory: Killed process 29700 (syz-executor.3) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3093.410804][ T1057] oom_reaper: reaped process 29700 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 3093.434535][T29691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3093.568984][T29691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3093.655994][T29693] chnl_net:caif_netlink_parms(): no params data found [ 3093.732223][T29691] team0: Port device team_slave_0 added [ 3093.760190][T29691] team0: Port device team_slave_1 added 16:55:56 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{0x0}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:56 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:55:56 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x300000000000000}, 0x0) 16:55:56 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3093.817763][T29666] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3093.853345][T29707] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3093.879672][T29693] bridge0: port 1(bridge_slave_0) entered blocking state [ 3093.883501][T29666] CPU: 0 PID: 29666 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3093.889537][T29693] bridge0: port 1(bridge_slave_0) entered disabled state [ 3093.894689][T29666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3093.894696][T29666] Call Trace: [ 3093.894718][T29666] dump_stack+0x172/0x1f0 [ 3093.894738][T29666] dump_header+0x10b/0x82d [ 3093.894751][T29666] ? oom_kill_process+0x94/0x3f0 [ 3093.894769][T29666] oom_kill_process.cold+0x10/0x15 [ 3093.894788][T29666] out_of_memory+0x79a/0x12c0 [ 3093.894805][T29666] ? lock_downgrade+0x920/0x920 [ 3093.894821][T29666] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3093.894839][T29666] ? oom_killer_disable+0x280/0x280 [ 3093.894865][T29666] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3093.919502][T29666] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3093.919527][T29666] ? do_raw_spin_unlock+0x57/0x270 [ 3093.919546][T29666] ? _raw_spin_unlock+0x2d/0x50 [ 3093.919563][T29666] try_charge+0xf4b/0x1440 [ 3093.936757][T29693] device bridge_slave_0 entered promiscuous mode [ 3093.938683][T29666] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3093.938699][T29666] ? percpu_ref_tryget_live+0x111/0x290 [ 3093.938718][T29666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3093.938738][T29666] ? __kasan_check_read+0x11/0x20 [ 3093.980144][T29666] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3093.980165][T29666] mem_cgroup_try_charge+0x136/0x590 [ 3093.980189][T29666] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3094.019586][T29666] wp_page_copy+0x421/0x15e0 [ 3094.019605][T29666] ? find_held_lock+0x35/0x130 [ 3094.019629][T29666] ? pmd_pfn+0x1d0/0x1d0 [ 3094.019648][T29666] ? lock_downgrade+0x920/0x920 [ 3094.019668][T29666] ? swp_swapcount+0x540/0x540 [ 3094.019685][T29666] ? __kasan_check_read+0x11/0x20 [ 3094.019698][T29666] ? do_raw_spin_unlock+0x57/0x270 [ 3094.019719][T29666] do_wp_page+0x499/0x14d0 [ 3094.019741][T29666] ? finish_mkwrite_fault+0x570/0x570 [ 3094.019769][T29666] __handle_mm_fault+0x22f7/0x3f20 [ 3094.019788][T29666] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3094.019822][T29666] ? __kasan_check_read+0x11/0x20 [ 3094.019849][T29666] handle_mm_fault+0x1b5/0x6b0 [ 3094.019873][T29666] __do_page_fault+0x536/0xdd0 [ 3094.019901][T29666] do_page_fault+0x38/0x590 [ 3094.019923][T29666] page_fault+0x39/0x40 [ 3094.019935][T29666] RIP: 0033:0x430906 [ 3094.019951][T29666] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3094.019960][T29666] RSP: 002b:00007ffe02f6f0f0 EFLAGS: 00010206 [ 3094.019972][T29666] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3094.019981][T29666] RDX: 0000555555f54930 RSI: 0000555555f5c970 RDI: 0000000000000003 [ 3094.019990][T29666] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555f53940 [ 3094.019999][T29666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3094.020008][T29666] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3094.022223][T29712] __nla_validate_parse: 3 callbacks suppressed [ 3094.022233][T29712] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3094.051444][T29693] bridge0: port 2(bridge_slave_1) entered blocking state [ 3094.063330][T29707] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3094.088163][T29693] bridge0: port 2(bridge_slave_1) entered disabled state [ 3094.134631][T29666] memory: usage 996kB, limit 0kB, failcnt 507673 [ 3094.151874][T29666] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3094.208754][T29693] device bridge_slave_1 entered promiscuous mode [ 3094.237031][T29708] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3094.250770][T29666] Memory cgroup stats for /syz3: [ 3094.250883][T29666] anon 0 [ 3094.250883][T29666] file 155648 [ 3094.250883][T29666] kernel_stack 0 [ 3094.250883][T29666] slab 798720 [ 3094.250883][T29666] sock 0 [ 3094.250883][T29666] shmem 0 [ 3094.250883][T29666] file_mapped 0 [ 3094.250883][T29666] file_dirty 0 [ 3094.250883][T29666] file_writeback 0 [ 3094.250883][T29666] anon_thp 0 [ 3094.250883][T29666] inactive_anon 0 [ 3094.250883][T29666] active_anon 0 [ 3094.250883][T29666] inactive_file 0 [ 3094.250883][T29666] active_file 0 [ 3094.250883][T29666] unevictable 0 [ 3094.250883][T29666] slab_reclaimable 270336 [ 3094.250883][T29666] slab_unreclaimable 528384 [ 3094.250883][T29666] pgfault 79761 [ 3094.250883][T29666] pgmajfault 0 [ 3094.250883][T29666] workingset_refault 0 [ 3094.250883][T29666] workingset_activate 0 [ 3094.250883][T29666] workingset_nodereclaim 0 [ 3094.250883][T29666] pgrefill 0 [ 3094.250883][T29666] pgscan 371 [ 3094.250883][T29666] pgsteal 371 [ 3094.250883][T29666] pgactivate 0 [ 3094.250883][T29666] pgdeactivate 0 [ 3094.360380][T29666] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29666,uid=0 [ 3094.376799][T29666] Memory cgroup out of memory: Killed process 29666 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 3094.391958][ T1057] oom_reaper: reaped process 29666 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3094.415765][T29706] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3094.607524][T29691] device hsr_slave_0 entered promiscuous mode [ 3094.685478][T29691] device hsr_slave_1 entered promiscuous mode [ 3094.833222][T29691] debugfs: Directory 'hsr0' with parent '/' already present! 16:55:57 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x400000000000000}, 0x0) [ 3094.954209][T29721] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3094.962312][T29721] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:55:57 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{0x0}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:55:57 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x500000000000000}, 0x0) [ 3095.326935][T29693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3095.337854][T29716] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:55:57 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3095.390463][T29693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3095.416146][T29724] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3095.457164][T29724] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3095.540435][T29727] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3095.684867][T29693] team0: Port device team_slave_0 added [ 3095.698947][T29727] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3095.708193][T29693] team0: Port device team_slave_1 added [ 3095.915861][T29693] device hsr_slave_0 entered promiscuous mode [ 3095.953836][T29693] device hsr_slave_1 entered promiscuous mode [ 3095.992996][T29693] debugfs: Directory 'hsr0' with parent '/' already present! [ 3096.007555][T29691] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3096.106275][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3096.115293][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3096.137579][T29691] 8021q: adding VLAN 0 to HW filter on device team0 [ 3096.288505][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3096.298910][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3096.307857][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 3096.315087][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3096.345831][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3096.354137][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3096.363447][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3096.371884][T16629] bridge0: port 2(bridge_slave_1) entered blocking state [ 3096.378971][T16629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3096.389930][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3096.482128][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3096.491999][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3096.501676][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3096.577070][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3096.586195][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3096.595871][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3096.605528][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3096.614738][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3096.630497][T29691] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3096.644344][T29691] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3096.659158][T29693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3096.681008][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3096.691161][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3096.835388][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3096.844237][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3096.862368][T29691] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3096.875311][T29693] 8021q: adding VLAN 0 to HW filter on device team0 [ 3096.936627][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3096.953961][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3096.965568][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 3096.972626][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3097.082090][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3097.095401][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3097.105518][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3097.114992][T16629] bridge0: port 2(bridge_slave_1) entered blocking state [ 3097.122074][T16629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3097.222746][T29740] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3097.237919][T29740] CPU: 0 PID: 29740 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3097.246005][T29740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3097.256051][T29740] Call Trace: [ 3097.259345][T29740] dump_stack+0x172/0x1f0 [ 3097.263678][T29740] dump_header+0x10b/0x82d [ 3097.268189][T29740] oom_kill_process.cold+0x10/0x15 [ 3097.273298][T29740] out_of_memory+0x79a/0x12c0 [ 3097.277971][T29740] ? __sched_text_start+0x8/0x8 [ 3097.282818][T29740] ? oom_killer_disable+0x280/0x280 [ 3097.288059][T29740] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3097.293605][T29740] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3097.299245][T29740] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3097.305051][T29740] ? cgroup_file_notify+0x140/0x1b0 [ 3097.310253][T29740] memory_max_write+0x262/0x3a0 [ 3097.315111][T29740] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3097.321873][T29740] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3097.327337][T29740] cgroup_file_write+0x241/0x790 [ 3097.332275][T29740] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3097.339034][T29740] ? cgroup_migrate_add_task+0x890/0x890 [ 3097.344663][T29740] ? kernfs_ops+0x9f/0x110 [ 3097.349076][T29740] ? kernfs_ops+0xbe/0x110 [ 3097.353494][T29740] ? cgroup_migrate_add_task+0x890/0x890 [ 3097.359118][T29740] kernfs_fop_write+0x2b8/0x480 [ 3097.363976][T29740] __vfs_write+0x8a/0x110 [ 3097.368300][T29740] ? kernfs_fop_open+0xd80/0xd80 [ 3097.373240][T29740] vfs_write+0x268/0x5d0 [ 3097.377483][T29740] ksys_write+0x14f/0x290 [ 3097.381810][T29740] ? __ia32_sys_read+0xb0/0xb0 [ 3097.386581][T29740] ? do_syscall_64+0x26/0x6a0 [ 3097.391260][T29740] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3097.397322][T29740] ? do_syscall_64+0x26/0x6a0 [ 3097.402005][T29740] __x64_sys_write+0x73/0xb0 [ 3097.406594][T29740] do_syscall_64+0xfd/0x6a0 [ 3097.411102][T29740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3097.416990][T29740] RIP: 0033:0x459829 [ 3097.420881][T29740] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3097.440481][T29740] RSP: 002b:00007faa3af08c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3097.448887][T29740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3097.456885][T29740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3097.464853][T29740] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3097.472817][T29740] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faa3af096d4 [ 3097.480789][T29740] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3097.537248][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3097.545874][T29740] memory: usage 3928kB, limit 0kB, failcnt 2838473 [ 3097.554431][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3097.565907][T29740] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3097.576810][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3097.585268][T29740] Memory cgroup stats for /syz4: [ 3097.587754][T29740] anon 2097152 [ 3097.587754][T29740] file 602112 [ 3097.587754][T29740] kernel_stack 65536 [ 3097.587754][T29740] slab 917504 [ 3097.587754][T29740] sock 0 [ 3097.587754][T29740] shmem 323584 [ 3097.587754][T29740] file_mapped 0 [ 3097.587754][T29740] file_dirty 0 [ 3097.587754][T29740] file_writeback 0 [ 3097.587754][T29740] anon_thp 2097152 [ 3097.587754][T29740] inactive_anon 270336 [ 3097.587754][T29740] active_anon 2097152 [ 3097.587754][T29740] inactive_file 0 [ 3097.587754][T29740] active_file 0 [ 3097.587754][T29740] unevictable 0 [ 3097.587754][T29740] slab_reclaimable 270336 [ 3097.587754][T29740] slab_unreclaimable 647168 [ 3097.587754][T29740] pgfault 105072 [ 3097.587754][T29740] pgmajfault 0 [ 3097.587754][T29740] workingset_refault 0 [ 3097.587754][T29740] workingset_activate 0 [ 3097.587754][T29740] workingset_nodereclaim 0 [ 3097.587754][T29740] pgrefill 0 [ 3097.587754][T29740] pgscan 37 [ 3097.587754][T29740] pgsteal 37 [ 3097.587754][T29740] pgactivate 0 [ 3097.695463][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3097.726568][T29740] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29739,uid=0 [ 3097.744200][T29740] Memory cgroup out of memory: Killed process 29739 (syz-executor.4) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 3097.764309][ T1057] oom_reaper: reaped process 29739 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3097.783248][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3097.791704][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3097.882038][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3097.943580][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3097.952477][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3098.041156][T29693] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3098.106817][T29693] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3098.165179][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3098.176099][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 16:56:00 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, 0x0}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:00 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:00 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3098.329541][T29691] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3098.366438][T29691] CPU: 0 PID: 29691 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3098.374455][T29691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3098.384525][T29691] Call Trace: [ 3098.387820][T29691] dump_stack+0x172/0x1f0 [ 3098.392157][T29691] dump_header+0x10b/0x82d [ 3098.396567][T29691] ? oom_kill_process+0x94/0x3f0 [ 3098.401596][T29691] oom_kill_process.cold+0x10/0x15 [ 3098.406716][T29691] out_of_memory+0x79a/0x12c0 [ 3098.411398][T29691] ? lock_downgrade+0x920/0x920 [ 3098.416256][T29691] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3098.422064][T29691] ? oom_killer_disable+0x280/0x280 [ 3098.427273][T29691] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3098.432817][T29691] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3098.438454][T29691] ? do_raw_spin_unlock+0x57/0x270 [ 3098.443570][T29691] ? _raw_spin_unlock+0x2d/0x50 [ 3098.448426][T29691] try_charge+0xf4b/0x1440 [ 3098.452855][T29691] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3098.458397][T29691] ? percpu_ref_tryget_live+0x111/0x290 [ 3098.463943][T29691] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3098.470190][T29691] ? __kasan_check_read+0x11/0x20 [ 3098.475318][T29691] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3098.480867][T29691] mem_cgroup_try_charge+0x136/0x590 [ 3098.486152][T29691] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3098.491782][T29691] wp_page_copy+0x421/0x15e0 [ 3098.496369][T29691] ? find_held_lock+0x35/0x130 [ 3098.501146][T29691] ? pmd_pfn+0x1d0/0x1d0 [ 3098.505395][T29691] ? lock_downgrade+0x920/0x920 [ 3098.510248][T29691] ? swp_swapcount+0x540/0x540 [ 3098.515010][T29691] ? __kasan_check_read+0x11/0x20 [ 3098.520035][T29691] ? do_raw_spin_unlock+0x57/0x270 [ 3098.525144][T29691] do_wp_page+0x499/0x14d0 [ 3098.529563][T29691] ? finish_mkwrite_fault+0x570/0x570 [ 3098.534947][T29691] __handle_mm_fault+0x22f7/0x3f20 [ 3098.540526][T29691] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3098.546093][T29691] ? __kasan_check_read+0x11/0x20 [ 3098.551124][T29691] handle_mm_fault+0x1b5/0x6b0 [ 3098.555890][T29691] __do_page_fault+0x536/0xdd0 [ 3098.560790][T29691] do_page_fault+0x38/0x590 [ 3098.565293][T29691] page_fault+0x39/0x40 [ 3098.569440][T29691] RIP: 0033:0x4034f2 [ 3098.573329][T29691] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 3098.592933][T29691] RSP: 002b:00007ffc5a074bb0 EFLAGS: 00010246 [ 3098.599015][T29691] RAX: 0000000000000000 RBX: 00000000002f4251 RCX: 0000000000413430 [ 3098.606982][T29691] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc5a075ce0 [ 3098.614946][T29691] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556ae4940 [ 3098.622915][T29691] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc5a075ce0 [ 3098.630892][T29691] R13: 00007ffc5a075cd0 R14: 0000000000000000 R15: 00007ffc5a075ce0 [ 3098.646661][T29691] memory: usage 1600kB, limit 0kB, failcnt 2838481 [ 3098.665826][T29742] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3098.683789][T29691] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3098.690796][T29691] Memory cgroup stats for /syz4: [ 3098.690908][T29691] anon 0 [ 3098.690908][T29691] file 602112 [ 3098.690908][T29691] kernel_stack 65536 [ 3098.690908][T29691] slab 917504 [ 3098.690908][T29691] sock 0 [ 3098.690908][T29691] shmem 323584 [ 3098.690908][T29691] file_mapped 0 [ 3098.690908][T29691] file_dirty 0 [ 3098.690908][T29691] file_writeback 0 [ 3098.690908][T29691] anon_thp 0 [ 3098.690908][T29691] inactive_anon 270336 [ 3098.690908][T29691] active_anon 0 [ 3098.690908][T29691] inactive_file 0 [ 3098.690908][T29691] active_file 0 [ 3098.690908][T29691] unevictable 0 [ 3098.690908][T29691] slab_reclaimable 270336 [ 3098.690908][T29691] slab_unreclaimable 647168 [ 3098.690908][T29691] pgfault 105072 [ 3098.690908][T29691] pgmajfault 0 [ 3098.690908][T29691] workingset_refault 0 [ 3098.690908][T29691] workingset_activate 0 [ 3098.690908][T29691] workingset_nodereclaim 0 [ 3098.690908][T29691] pgrefill 0 [ 3098.690908][T29691] pgscan 37 [ 3098.690908][T29691] pgsteal 37 [ 3098.690908][T29691] pgactivate 0 [ 3098.913076][T29691] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29691,uid=0 [ 3098.950541][T29691] Memory cgroup out of memory: Killed process 29691 (syz-executor.4) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 3098.993771][ T1057] oom_reaper: reaped process 29691 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3099.384127][T29693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3099.677607][T29753] __nla_validate_parse: 1 callbacks suppressed [ 3099.677638][T29753] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3099.764574][T29753] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. 16:56:02 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:02 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x600000000000000}, 0x0) 16:56:02 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:02 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:02 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3100.092852][T29762] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3100.120193][T29764] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3100.148467][T29762] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3100.218531][T29765] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3100.236962][T29771] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:02 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x700000000000000}, 0x0) [ 3100.385908][T29770] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3100.505585][T29780] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3100.538970][T29775] IPVS: ftp: loaded support on port[0] = 21 [ 3100.560007][T29780] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3100.594500][T29764] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:56:03 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xa00000000000000}, 0x0) 16:56:03 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3100.824652][T29783] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3100.834418][T29783] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:56:03 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xe00000000000000}, 0x0) [ 3100.963402][T29790] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:03 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3101.980814][T29802] IPVS: ftp: loaded support on port[0] = 21 [ 3102.254289][T29775] chnl_net:caif_netlink_parms(): no params data found [ 3102.448028][T29775] bridge0: port 1(bridge_slave_0) entered blocking state [ 3102.457182][T29775] bridge0: port 1(bridge_slave_0) entered disabled state [ 3102.466016][T29775] device bridge_slave_0 entered promiscuous mode [ 3102.509442][T29775] bridge0: port 2(bridge_slave_1) entered blocking state [ 3102.517727][T29775] bridge0: port 2(bridge_slave_1) entered disabled state [ 3102.526330][T29775] device bridge_slave_1 entered promiscuous mode [ 3102.647104][T29802] chnl_net:caif_netlink_parms(): no params data found [ 3102.661316][T29775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3102.741927][T29775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3102.838238][T29802] bridge0: port 1(bridge_slave_0) entered blocking state [ 3102.846513][T29802] bridge0: port 1(bridge_slave_0) entered disabled state [ 3102.855425][T29802] device bridge_slave_0 entered promiscuous mode [ 3102.871863][T29802] bridge0: port 2(bridge_slave_1) entered blocking state [ 3102.880676][T29802] bridge0: port 2(bridge_slave_1) entered disabled state [ 3102.889737][T29802] device bridge_slave_1 entered promiscuous mode [ 3102.899813][T29775] team0: Port device team_slave_0 added [ 3102.989066][T29775] team0: Port device team_slave_1 added [ 3103.019467][T29802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3103.106752][T29802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3103.156334][T29775] device hsr_slave_0 entered promiscuous mode [ 3103.193698][T29775] device hsr_slave_1 entered promiscuous mode [ 3103.233000][T29775] debugfs: Directory 'hsr0' with parent '/' already present! [ 3103.320005][T29802] team0: Port device team_slave_0 added [ 3103.335870][T29802] team0: Port device team_slave_1 added [ 3103.456980][T29802] device hsr_slave_0 entered promiscuous mode [ 3103.483675][T29802] device hsr_slave_1 entered promiscuous mode [ 3103.533658][T29802] debugfs: Directory 'hsr0' with parent '/' already present! [ 3103.647666][T29775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3103.675510][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3103.684230][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3103.739287][T29775] 8021q: adding VLAN 0 to HW filter on device team0 [ 3103.763212][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3103.772055][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3103.781996][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 3103.789119][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3103.860052][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3103.868694][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3103.877807][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3103.886994][T16629] bridge0: port 2(bridge_slave_1) entered blocking state [ 3103.894115][T16629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3103.914540][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3103.979548][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3103.990881][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3104.000137][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3104.088954][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3104.097846][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3104.107330][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3104.117303][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3104.198138][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3104.210462][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3104.220649][T29775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3104.238334][T29802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3104.315135][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3104.324869][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3104.409136][T29775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3104.426959][T29802] 8021q: adding VLAN 0 to HW filter on device team0 [ 3104.443361][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3104.452319][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3104.471932][ T854] bridge0: port 1(bridge_slave_0) entered blocking state [ 3104.479165][ T854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3104.560996][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3104.570488][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3104.580711][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3104.589626][T17639] bridge0: port 2(bridge_slave_1) entered blocking state [ 3104.596742][T17639] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3104.669150][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3104.680852][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3104.735829][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3104.759787][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3104.783441][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3104.794006][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3104.855662][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3104.866379][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3104.886860][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3104.902886][T29811] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3104.923765][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3104.932480][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3104.942874][T29811] CPU: 1 PID: 29811 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3104.950859][T29811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3104.950866][T29811] Call Trace: [ 3104.950885][T29811] dump_stack+0x172/0x1f0 [ 3104.950906][T29811] dump_header+0x10b/0x82d [ 3104.972924][T29811] oom_kill_process.cold+0x10/0x15 [ 3104.978044][T29811] out_of_memory+0x79a/0x12c0 [ 3104.982725][T29811] ? __sched_text_start+0x8/0x8 [ 3104.982745][T29811] ? oom_killer_disable+0x280/0x280 [ 3104.992767][T29811] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3104.998318][T29811] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3105.003959][T29811] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3105.009762][T29811] ? cgroup_file_notify+0x140/0x1b0 [ 3105.014959][T29811] memory_max_write+0x262/0x3a0 [ 3105.019819][T29811] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3105.026578][T29811] ? lock_acquire+0x190/0x410 [ 3105.031263][T29811] ? kernfs_fop_write+0x227/0x480 [ 3105.036296][T29811] cgroup_file_write+0x241/0x790 [ 3105.041245][T29811] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3105.048001][T29811] ? cgroup_migrate_add_task+0x890/0x890 [ 3105.053641][T29811] ? cgroup_migrate_add_task+0x890/0x890 [ 3105.059267][T29811] kernfs_fop_write+0x2b8/0x480 [ 3105.064119][T29811] __vfs_write+0x8a/0x110 [ 3105.068446][T29811] ? kernfs_fop_open+0xd80/0xd80 [ 3105.073381][T29811] vfs_write+0x268/0x5d0 [ 3105.077624][T29811] ksys_write+0x14f/0x290 [ 3105.081953][T29811] ? __ia32_sys_read+0xb0/0xb0 [ 3105.086736][T29811] ? do_syscall_64+0x26/0x6a0 [ 3105.091429][T29811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3105.097494][T29811] ? do_syscall_64+0x26/0x6a0 [ 3105.102175][T29811] __x64_sys_write+0x73/0xb0 [ 3105.106763][T29811] do_syscall_64+0xfd/0x6a0 [ 3105.111264][T29811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3105.117147][T29811] RIP: 0033:0x459829 [ 3105.121037][T29811] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3105.140640][T29811] RSP: 002b:00007f4a85e49c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3105.149051][T29811] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3105.157143][T29811] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3105.165107][T29811] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3105.173077][T29811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4a85e4a6d4 [ 3105.181049][T29811] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3105.198373][T29811] memory: usage 3352kB, limit 0kB, failcnt 507674 [ 3105.206246][T29811] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3105.220136][T29802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3105.259930][T29811] Memory cgroup stats for /syz3: [ 3105.261537][T29811] anon 2179072 [ 3105.261537][T29811] file 155648 [ 3105.261537][T29811] kernel_stack 0 [ 3105.261537][T29811] slab 798720 [ 3105.261537][T29811] sock 0 [ 3105.261537][T29811] shmem 0 [ 3105.261537][T29811] file_mapped 0 [ 3105.261537][T29811] file_dirty 0 [ 3105.261537][T29811] file_writeback 0 [ 3105.261537][T29811] anon_thp 2097152 [ 3105.261537][T29811] inactive_anon 0 [ 3105.261537][T29811] active_anon 2179072 [ 3105.261537][T29811] inactive_file 0 [ 3105.261537][T29811] active_file 0 [ 3105.261537][T29811] unevictable 0 [ 3105.261537][T29811] slab_reclaimable 270336 [ 3105.261537][T29811] slab_unreclaimable 528384 [ 3105.261537][T29811] pgfault 79794 [ 3105.261537][T29811] pgmajfault 0 [ 3105.261537][T29811] workingset_refault 0 [ 3105.261537][T29811] workingset_activate 0 [ 3105.261537][T29811] workingset_nodereclaim 0 [ 3105.261537][T29811] pgrefill 0 [ 3105.261537][T29811] pgscan 371 [ 3105.261537][T29811] pgsteal 371 [ 3105.261537][T29811] pgactivate 0 [ 3105.269799][T29802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3105.356323][T29811] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29810,uid=0 [ 3105.357096][T29811] Memory cgroup out of memory: Killed process 29810 (syz-executor.3) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 3105.408349][ T1057] oom_reaper: reaped process 29810 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 16:56:08 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:08 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:08 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf00000000000000}, 0x0) 16:56:08 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:08 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3105.771479][T29775] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3105.801063][T29825] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3105.823211][T29775] CPU: 0 PID: 29775 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3105.831213][T29775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3105.841251][T29775] Call Trace: [ 3105.841276][T29775] dump_stack+0x172/0x1f0 [ 3105.841295][T29775] dump_header+0x10b/0x82d [ 3105.841305][T29775] ? oom_kill_process+0x94/0x3f0 [ 3105.841320][T29775] oom_kill_process.cold+0x10/0x15 [ 3105.841335][T29775] out_of_memory+0x79a/0x12c0 [ 3105.868079][T29775] ? lock_downgrade+0x920/0x920 [ 3105.872936][T29775] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3105.878744][T29775] ? oom_killer_disable+0x280/0x280 [ 3105.883962][T29775] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3105.889510][T29775] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3105.895150][T29775] ? do_raw_spin_unlock+0x57/0x270 [ 3105.900270][T29775] ? _raw_spin_unlock+0x2d/0x50 [ 3105.905122][T29775] try_charge+0xf4b/0x1440 [ 3105.905146][T29775] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3105.915063][T29775] ? percpu_ref_tryget_live+0x111/0x290 [ 3105.915083][T29775] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3105.915100][T29775] ? __kasan_check_read+0x11/0x20 [ 3105.915120][T29775] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3105.915139][T29775] mem_cgroup_try_charge+0x136/0x590 [ 3105.915159][T29775] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3105.931938][T29775] wp_page_copy+0x421/0x15e0 [ 3105.931958][T29775] ? find_held_lock+0x35/0x130 [ 3105.931985][T29775] ? pmd_pfn+0x1d0/0x1d0 [ 3105.948860][T29775] ? lock_downgrade+0x920/0x920 [ 3105.962395][T29775] ? swp_swapcount+0x540/0x540 [ 3105.962416][T29775] ? __kasan_check_read+0x11/0x20 [ 3105.962430][T29775] ? do_raw_spin_unlock+0x57/0x270 [ 3105.962449][T29775] do_wp_page+0x499/0x14d0 [ 3105.975375][T29830] __nla_validate_parse: 6 callbacks suppressed [ 3105.975402][T29830] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3105.977052][T29775] ? finish_mkwrite_fault+0x570/0x570 [ 3105.977100][T29775] __handle_mm_fault+0x22f7/0x3f20 [ 3105.977124][T29775] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3105.977158][T29775] ? __kasan_check_read+0x11/0x20 [ 3105.977181][T29775] handle_mm_fault+0x1b5/0x6b0 [ 3105.986807][T29775] __do_page_fault+0x536/0xdd0 [ 3105.986836][T29775] do_page_fault+0x38/0x590 [ 3105.986864][T29775] page_fault+0x39/0x40 [ 3106.002271][T29775] RIP: 0033:0x4034f2 [ 3106.002287][T29775] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 3106.002295][T29775] RSP: 002b:00007ffd32bf3d20 EFLAGS: 00010246 [ 3106.002311][T29775] RAX: 0000000000000000 RBX: 00000000002f6054 RCX: 0000000000413430 [ 3106.012745][T29775] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd32bf4e50 [ 3106.012753][T29775] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556eb8940 [ 3106.012761][T29775] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd32bf4e50 [ 3106.012769][T29775] R13: 00007ffd32bf4e40 R14: 0000000000000000 R15: 00007ffd32bf4e50 [ 3106.019032][T29825] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3106.177825][T29775] memory: usage 1020kB, limit 0kB, failcnt 507682 [ 3106.189421][T29775] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3106.193939][T29822] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3106.196430][T29775] Memory cgroup stats for /syz3: [ 3106.196542][T29775] anon 77824 [ 3106.196542][T29775] file 155648 [ 3106.196542][T29775] kernel_stack 0 [ 3106.196542][T29775] slab 798720 [ 3106.196542][T29775] sock 0 [ 3106.196542][T29775] shmem 0 [ 3106.196542][T29775] file_mapped 0 [ 3106.196542][T29775] file_dirty 0 [ 3106.196542][T29775] file_writeback 0 [ 3106.196542][T29775] anon_thp 0 [ 3106.196542][T29775] inactive_anon 0 [ 3106.196542][T29775] active_anon 77824 [ 3106.196542][T29775] inactive_file 0 [ 3106.196542][T29775] active_file 0 [ 3106.196542][T29775] unevictable 0 [ 3106.196542][T29775] slab_reclaimable 270336 [ 3106.196542][T29775] slab_unreclaimable 528384 [ 3106.196542][T29775] pgfault 79794 [ 3106.196542][T29775] pgmajfault 0 [ 3106.196542][T29775] workingset_refault 0 [ 3106.196542][T29775] workingset_activate 0 [ 3106.196542][T29775] workingset_nodereclaim 0 [ 3106.196542][T29775] pgrefill 0 [ 3106.196542][T29775] pgscan 371 [ 3106.196542][T29775] pgsteal 371 [ 3106.196542][T29775] pgactivate 0 [ 3106.196565][T29775] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29775,uid=0 [ 3106.300045][T29775] Memory cgroup out of memory: Killed process 29775 (syz-executor.3) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 3106.300870][ T1057] oom_reaper: reaped process 29775 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3106.301271][T29818] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3106.301353][T29818] CPU: 1 PID: 29818 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3106.301364][T29818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3106.301370][T29818] Call Trace: [ 3106.301391][T29818] dump_stack+0x172/0x1f0 [ 3106.301417][T29818] dump_header+0x10b/0x82d [ 3106.301440][T29818] oom_kill_process.cold+0x10/0x15 [ 3106.301461][T29818] out_of_memory+0x79a/0x12c0 [ 3106.301489][T29818] ? oom_killer_disable+0x280/0x280 [ 3106.301520][T29818] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3106.301538][T29818] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3106.301564][T29818] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3106.301589][T29818] ? cgroup_file_notify+0x140/0x1b0 [ 3106.301613][T29818] memory_max_write+0x262/0x3a0 [ 3106.301639][T29818] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3106.301658][T29818] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3106.301688][T29818] cgroup_file_write+0x241/0x790 [ 3106.301710][T29818] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3106.301733][T29818] ? cgroup_migrate_add_task+0x890/0x890 [ 3106.301752][T29818] ? write_comp_data+0x1e/0x70 [ 3106.301774][T29818] ? cgroup_migrate_add_task+0x890/0x890 [ 3106.301789][T29818] kernfs_fop_write+0x2b8/0x480 [ 3106.301812][T29818] __vfs_write+0x8a/0x110 [ 3106.301825][T29818] ? kernfs_fop_open+0xd80/0xd80 [ 3106.301844][T29818] vfs_write+0x268/0x5d0 [ 3106.301867][T29818] ksys_write+0x14f/0x290 [ 3106.301885][T29818] ? __ia32_sys_read+0xb0/0xb0 [ 3106.301903][T29818] ? do_syscall_64+0x26/0x6a0 [ 3106.301918][T29818] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3106.301932][T29818] ? do_syscall_64+0x26/0x6a0 [ 3106.301955][T29818] __x64_sys_write+0x73/0xb0 [ 3106.301974][T29818] do_syscall_64+0xfd/0x6a0 [ 3106.301995][T29818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3106.302008][T29818] RIP: 0033:0x459829 [ 3106.302026][T29818] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3106.302034][T29818] RSP: 002b:00007f2ef569ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3106.302049][T29818] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3106.302058][T29818] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3106.302067][T29818] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3106.302076][T29818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2ef569f6d4 [ 3106.302085][T29818] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3106.302137][T29818] memory: usage 3972kB, limit 0kB, failcnt 2838482 [ 3106.302206][T29818] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3106.302356][T29818] Memory cgroup stats for /syz4: [ 3106.304229][T29818] anon 2142208 [ 3106.304229][T29818] file 602112 [ 3106.304229][T29818] kernel_stack 65536 [ 3106.304229][T29818] slab 917504 [ 3106.304229][T29818] sock 0 [ 3106.304229][T29818] shmem 323584 [ 3106.304229][T29818] file_mapped 0 [ 3106.304229][T29818] file_dirty 0 [ 3106.304229][T29818] file_writeback 0 [ 3106.304229][T29818] anon_thp 2097152 [ 3106.304229][T29818] inactive_anon 270336 [ 3106.304229][T29818] active_anon 2142208 [ 3106.304229][T29818] inactive_file 0 [ 3106.304229][T29818] active_file 0 [ 3106.304229][T29818] unevictable 0 [ 3106.304229][T29818] slab_reclaimable 270336 [ 3106.304229][T29818] slab_unreclaimable 647168 [ 3106.304229][T29818] pgfault 105138 [ 3106.304229][T29818] pgmajfault 0 [ 3106.304229][T29818] workingset_refault 0 [ 3106.304229][T29818] workingset_activate 0 [ 3106.304229][T29818] workingset_nodereclaim 0 [ 3106.304229][T29818] pgrefill 0 [ 3106.304229][T29818] pgscan 37 [ 3106.304229][T29818] pgsteal 37 [ 3106.304229][T29818] pgactivate 0 [ 3106.383945][T29818] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29817,uid=0 [ 3106.739859][T29818] Memory cgroup out of memory: Killed process 29817 (syz-executor.4) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3106.755641][ T1057] oom_reaper: reaped process 29817 (syz-executor.4), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 3106.767393][T29826] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3106.823288][T29821] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. 16:56:09 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:09 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:09 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x2000000000000000}, 0x0) [ 3106.898376][T29802] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3106.953553][T29802] CPU: 0 PID: 29802 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3106.961655][T29802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3106.971715][T29802] Call Trace: [ 3106.975021][T29802] dump_stack+0x172/0x1f0 [ 3106.979369][T29802] dump_header+0x10b/0x82d [ 3106.983792][T29802] ? oom_kill_process+0x94/0x3f0 [ 3106.988747][T29802] oom_kill_process.cold+0x10/0x15 [ 3106.993872][T29802] out_of_memory+0x79a/0x12c0 [ 3106.998575][T29802] ? lock_downgrade+0x920/0x920 [ 3107.003434][T29802] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3107.009335][T29802] ? oom_killer_disable+0x280/0x280 [ 3107.014548][T29802] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3107.020090][T29802] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3107.025726][T29802] ? do_raw_spin_unlock+0x57/0x270 [ 3107.030841][T29802] ? _raw_spin_unlock+0x2d/0x50 [ 3107.035694][T29802] try_charge+0xf4b/0x1440 [ 3107.040131][T29802] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3107.045677][T29802] ? percpu_ref_tryget_live+0x111/0x290 [ 3107.051231][T29802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3107.057472][T29802] ? __kasan_check_read+0x11/0x20 [ 3107.062593][T29802] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3107.068143][T29802] mem_cgroup_try_charge+0x136/0x590 [ 3107.073439][T29802] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3107.079077][T29802] wp_page_copy+0x421/0x15e0 [ 3107.083671][T29802] ? find_held_lock+0x35/0x130 [ 3107.088442][T29802] ? pmd_pfn+0x1d0/0x1d0 [ 3107.092681][T29802] ? lock_downgrade+0x920/0x920 [ 3107.097532][T29802] ? swp_swapcount+0x540/0x540 [ 3107.102294][T29802] ? __kasan_check_read+0x11/0x20 [ 3107.107316][T29802] ? do_raw_spin_unlock+0x57/0x270 [ 3107.112434][T29802] do_wp_page+0x499/0x14d0 [ 3107.116859][T29802] ? finish_mkwrite_fault+0x570/0x570 [ 3107.122251][T29802] __handle_mm_fault+0x22f7/0x3f20 [ 3107.127373][T29802] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3107.132953][T29802] ? __kasan_check_read+0x11/0x20 [ 3107.137987][T29802] handle_mm_fault+0x1b5/0x6b0 [ 3107.142761][T29802] __do_page_fault+0x536/0xdd0 [ 3107.147539][T29802] do_page_fault+0x38/0x590 [ 3107.152046][T29802] page_fault+0x39/0x40 [ 3107.156202][T29802] RIP: 0033:0x430906 [ 3107.160089][T29802] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3107.179686][T29802] RSP: 002b:00007ffe24dd3160 EFLAGS: 00010206 [ 3107.185754][T29802] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3107.193718][T29802] RDX: 0000555555d7e930 RSI: 0000555555d86970 RDI: 0000000000000003 [ 3107.201687][T29802] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555d7d940 [ 3107.209651][T29802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3107.217615][T29802] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3107.272783][T29802] memory: usage 1636kB, limit 0kB, failcnt 2838494 [ 3107.280818][T29847] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3107.289325][T29802] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3107.296399][T29802] Memory cgroup stats for /syz4: [ 3107.296498][T29802] anon 40960 [ 3107.296498][T29802] file 602112 [ 3107.296498][T29802] kernel_stack 0 [ 3107.296498][T29802] slab 917504 [ 3107.296498][T29802] sock 0 [ 3107.296498][T29802] shmem 323584 [ 3107.296498][T29802] file_mapped 0 [ 3107.296498][T29802] file_dirty 0 [ 3107.296498][T29802] file_writeback 0 [ 3107.296498][T29802] anon_thp 0 [ 3107.296498][T29802] inactive_anon 270336 [ 3107.296498][T29802] active_anon 40960 [ 3107.296498][T29802] inactive_file 0 [ 3107.296498][T29802] active_file 0 [ 3107.296498][T29802] unevictable 0 [ 3107.296498][T29802] slab_reclaimable 270336 [ 3107.296498][T29802] slab_unreclaimable 647168 [ 3107.296498][T29802] pgfault 105138 [ 3107.296498][T29802] pgmajfault 0 [ 3107.296498][T29802] workingset_refault 0 [ 3107.296498][T29802] workingset_activate 0 [ 3107.296498][T29802] workingset_nodereclaim 0 [ 3107.296498][T29802] pgrefill 0 [ 3107.296498][T29802] pgscan 37 [ 3107.296498][T29802] pgsteal 37 [ 3107.296498][T29802] pgactivate 0 [ 3107.392194][T29847] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3107.401692][T29802] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29802,uid=0 [ 3107.417385][T29802] Memory cgroup out of memory: Killed process 29802 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 3107.431911][ T1057] oom_reaper: reaped process 29802 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3107.496854][T29842] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:09 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 3107.586336][T29847] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3107.596470][T29833] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3107.603424][T29847] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:56:09 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r7 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) sendmsg$kcm(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:10 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:10 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88", 0x1}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:10 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4000000000000000}, 0x0) [ 3108.278057][T29850] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. 16:56:10 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3108.348380][T29864] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:10 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:10 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4800000000000000}, 0x0) 16:56:10 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:10 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{0x0}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3108.653086][T29872] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:11 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c00000000000000}, 0x0) [ 3108.953097][T29884] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:11 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) 16:56:11 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6000000000000000}, 0x0) 16:56:11 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) [ 3109.366760][T29895] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:11 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3109.771770][T29902] IPVS: ftp: loaded support on port[0] = 21 [ 3110.069179][T29902] chnl_net:caif_netlink_parms(): no params data found [ 3110.215509][T29902] bridge0: port 1(bridge_slave_0) entered blocking state [ 3110.222707][T29902] bridge0: port 1(bridge_slave_0) entered disabled state [ 3110.244553][T29902] device bridge_slave_0 entered promiscuous mode [ 3110.328636][T29902] bridge0: port 2(bridge_slave_1) entered blocking state [ 3110.340611][T29902] bridge0: port 2(bridge_slave_1) entered disabled state [ 3110.350548][T29902] device bridge_slave_1 entered promiscuous mode [ 3110.368131][T29917] IPVS: ftp: loaded support on port[0] = 21 [ 3110.431767][T29902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3110.448198][T29902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3110.548638][T29902] team0: Port device team_slave_0 added [ 3110.560830][T29902] team0: Port device team_slave_1 added [ 3110.708190][T29902] device hsr_slave_0 entered promiscuous mode [ 3110.743833][T29902] device hsr_slave_1 entered promiscuous mode [ 3110.793008][T29902] debugfs: Directory 'hsr0' with parent '/' already present! [ 3110.916150][T29902] bridge0: port 2(bridge_slave_1) entered blocking state [ 3110.923302][T29902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3110.930672][T29902] bridge0: port 1(bridge_slave_0) entered blocking state [ 3110.937791][T29902] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3110.956313][T29917] chnl_net:caif_netlink_parms(): no params data found [ 3111.060578][T17639] bridge0: port 1(bridge_slave_0) entered disabled state [ 3111.069181][T17639] bridge0: port 2(bridge_slave_1) entered disabled state [ 3111.086153][T29917] bridge0: port 1(bridge_slave_0) entered blocking state [ 3111.093526][T29917] bridge0: port 1(bridge_slave_0) entered disabled state [ 3111.102097][T29917] device bridge_slave_0 entered promiscuous mode [ 3111.161166][T29917] bridge0: port 2(bridge_slave_1) entered blocking state [ 3111.168390][T29917] bridge0: port 2(bridge_slave_1) entered disabled state [ 3111.177334][T29917] device bridge_slave_1 entered promiscuous mode [ 3111.265634][T29917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3111.279130][T29917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3111.304130][T29917] team0: Port device team_slave_0 added [ 3111.360964][T29917] team0: Port device team_slave_1 added [ 3111.396957][T29902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3111.506898][T29917] device hsr_slave_0 entered promiscuous mode [ 3111.604005][T29917] device hsr_slave_1 entered promiscuous mode [ 3111.693075][T29917] debugfs: Directory 'hsr0' with parent '/' already present! [ 3111.708380][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3111.716810][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3111.770839][T29902] 8021q: adding VLAN 0 to HW filter on device team0 [ 3111.800776][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3111.810433][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3111.833843][T19213] bridge0: port 1(bridge_slave_0) entered blocking state [ 3111.840906][T19213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3111.915470][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3111.934331][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3111.945038][T16725] bridge0: port 2(bridge_slave_1) entered blocking state [ 3111.952104][T16725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3111.960690][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3111.970827][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3112.006642][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3112.016886][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3112.026261][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3112.037886][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3112.113874][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3112.122220][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3112.131456][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3112.148465][T29902] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3112.161441][T29902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3112.178159][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3112.187202][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3112.302711][T29917] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3112.403685][T29902] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3112.417952][T29917] 8021q: adding VLAN 0 to HW filter on device team0 [ 3112.428288][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3112.443945][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3112.504527][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3112.524077][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3112.532556][T21598] bridge0: port 1(bridge_slave_0) entered blocking state [ 3112.540146][T21598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3112.603022][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3112.614156][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3112.624309][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3112.632757][T19213] bridge0: port 2(bridge_slave_1) entered blocking state [ 3112.639854][T19213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3112.649237][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3112.717459][T29924] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3112.718061][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3112.728546][T29924] CPU: 0 PID: 29924 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3112.743858][T29924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3112.753910][T29924] Call Trace: [ 3112.754335][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3112.757196][T29924] dump_stack+0x172/0x1f0 [ 3112.769379][T29924] dump_header+0x10b/0x82d [ 3112.773801][T29924] oom_kill_process.cold+0x10/0x15 [ 3112.778917][T29924] out_of_memory+0x79a/0x12c0 [ 3112.783594][T29924] ? __sched_text_start+0x8/0x8 [ 3112.784285][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3112.788436][T29924] ? oom_killer_disable+0x280/0x280 [ 3112.801406][T29924] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3112.806955][T29924] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3112.812600][T29924] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3112.814206][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3112.818416][T29924] ? cgroup_file_notify+0x140/0x1b0 [ 3112.826739][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3112.830762][T29924] memory_max_write+0x262/0x3a0 [ 3112.839690][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3112.843452][T29924] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3112.843468][T29924] ? lock_acquire+0x190/0x410 [ 3112.843485][T29924] ? kernfs_fop_write+0x227/0x480 [ 3112.852084][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3112.858017][T29924] cgroup_file_write+0x241/0x790 [ 3112.858036][T29924] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3112.858052][T29924] ? cgroup_migrate_add_task+0x890/0x890 [ 3112.863492][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3112.867719][T29924] ? cgroup_migrate_add_task+0x890/0x890 [ 3112.881949][T29917] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3112.887138][T29924] kernfs_fop_write+0x2b8/0x480 [ 3112.887158][T29924] __vfs_write+0x8a/0x110 [ 3112.887172][T29924] ? kernfs_fop_open+0xd80/0xd80 [ 3112.894418][T29917] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3112.900490][T29924] vfs_write+0x268/0x5d0 [ 3112.907666][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3112.916395][T29924] ksys_write+0x14f/0x290 [ 3112.916409][T29924] ? __ia32_sys_read+0xb0/0xb0 [ 3112.916428][T29924] ? do_syscall_64+0x26/0x6a0 [ 3112.922404][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3112.925558][T29924] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3112.925573][T29924] ? do_syscall_64+0x26/0x6a0 [ 3112.925592][T29924] __x64_sys_write+0x73/0xb0 [ 3112.947592][T29917] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3112.949644][T29924] do_syscall_64+0xfd/0x6a0 [ 3112.958681][T29924] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3113.003305][T29924] RIP: 0033:0x459829 [ 3113.007174][T29924] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3113.026747][T29924] RSP: 002b:00007f85b776ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3113.035130][T29924] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3113.043076][T29924] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3113.051017][T29924] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3113.059143][T29924] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85b776b6d4 [ 3113.067103][T29924] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3113.118222][T29924] memory: usage 3376kB, limit 0kB, failcnt 507683 [ 3113.124992][T29924] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3113.131979][T29924] Memory cgroup stats for /syz3: [ 3113.138544][T29924] anon 2215936 [ 3113.138544][T29924] file 155648 [ 3113.138544][T29924] kernel_stack 65536 [ 3113.138544][T29924] slab 798720 [ 3113.138544][T29924] sock 0 [ 3113.138544][T29924] shmem 0 [ 3113.138544][T29924] file_mapped 0 [ 3113.138544][T29924] file_dirty 0 [ 3113.138544][T29924] file_writeback 0 [ 3113.138544][T29924] anon_thp 2097152 [ 3113.138544][T29924] inactive_anon 0 [ 3113.138544][T29924] active_anon 2215936 [ 3113.138544][T29924] inactive_file 0 [ 3113.138544][T29924] active_file 0 [ 3113.138544][T29924] unevictable 0 [ 3113.138544][T29924] slab_reclaimable 270336 [ 3113.138544][T29924] slab_unreclaimable 528384 [ 3113.138544][T29924] pgfault 79860 [ 3113.138544][T29924] pgmajfault 0 [ 3113.138544][T29924] workingset_refault 0 [ 3113.138544][T29924] workingset_activate 0 [ 3113.138544][T29924] workingset_nodereclaim 0 [ 3113.138544][T29924] pgrefill 0 [ 3113.138544][T29924] pgscan 371 [ 3113.138544][T29924] pgsteal 371 [ 3113.138544][T29924] pgactivate 0 [ 3113.235177][T29924] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29923,uid=0 [ 3113.252596][T29924] Memory cgroup out of memory: Killed process 29923 (syz-executor.3) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 3113.270825][ T1057] oom_reaper: reaped process 29923 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3113.371521][T29933] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3113.403038][T29933] CPU: 1 PID: 29933 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3113.411054][T29933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3113.421107][T29933] Call Trace: [ 3113.424400][T29933] dump_stack+0x172/0x1f0 [ 3113.428734][T29933] dump_header+0x10b/0x82d [ 3113.433157][T29933] oom_kill_process.cold+0x10/0x15 [ 3113.438272][T29933] out_of_memory+0x79a/0x12c0 [ 3113.442945][T29933] ? __sched_text_start+0x8/0x8 [ 3113.447799][T29933] ? oom_killer_disable+0x280/0x280 [ 3113.453000][T29933] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3113.458543][T29933] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3113.464183][T29933] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3113.469993][T29933] ? cgroup_file_notify+0x140/0x1b0 [ 3113.475196][T29933] memory_max_write+0x262/0x3a0 [ 3113.480051][T29933] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3113.486810][T29933] ? lock_acquire+0x190/0x410 [ 3113.491743][T29933] ? kernfs_fop_write+0x227/0x480 [ 3113.496769][T29933] cgroup_file_write+0x241/0x790 [ 3113.501706][T29933] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3113.508473][T29933] ? cgroup_migrate_add_task+0x890/0x890 [ 3113.514111][T29933] ? cgroup_migrate_add_task+0x890/0x890 [ 3113.519738][T29933] kernfs_fop_write+0x2b8/0x480 [ 3113.524596][T29933] __vfs_write+0x8a/0x110 [ 3113.528917][T29933] ? kernfs_fop_open+0xd80/0xd80 [ 3113.533855][T29933] vfs_write+0x268/0x5d0 [ 3113.538101][T29933] ksys_write+0x14f/0x290 [ 3113.542430][T29933] ? __ia32_sys_read+0xb0/0xb0 [ 3113.547194][T29933] ? do_syscall_64+0x26/0x6a0 [ 3113.551863][T29933] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3113.557952][T29933] ? do_syscall_64+0x26/0x6a0 [ 3113.562638][T29933] __x64_sys_write+0x73/0xb0 [ 3113.567226][T29933] do_syscall_64+0xfd/0x6a0 [ 3113.571733][T29933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3113.577612][T29933] RIP: 0033:0x459829 [ 3113.581506][T29933] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3113.601101][T29933] RSP: 002b:00007f4b3383ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3113.609505][T29933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3113.617470][T29933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3113.625434][T29933] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3113.633413][T29933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b3383f6d4 [ 3113.641375][T29933] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3113.697510][T29933] memory: usage 4104kB, limit 0kB, failcnt 2838495 [ 3113.704474][T29933] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3113.711413][T29933] Memory cgroup stats for /syz4: [ 3113.711524][T29933] anon 2170880 [ 3113.711524][T29933] file 602112 [ 3113.711524][T29933] kernel_stack 65536 [ 3113.711524][T29933] slab 1056768 [ 3113.711524][T29933] sock 0 [ 3113.711524][T29933] shmem 323584 [ 3113.711524][T29933] file_mapped 0 [ 3113.711524][T29933] file_dirty 0 [ 3113.711524][T29933] file_writeback 0 [ 3113.711524][T29933] anon_thp 2097152 [ 3113.711524][T29933] inactive_anon 270336 [ 3113.711524][T29933] active_anon 2170880 [ 3113.711524][T29933] inactive_file 0 [ 3113.711524][T29933] active_file 0 [ 3113.711524][T29933] unevictable 0 [ 3113.711524][T29933] slab_reclaimable 270336 [ 3113.711524][T29933] slab_unreclaimable 786432 [ 3113.711524][T29933] pgfault 105237 [ 3113.711524][T29933] pgmajfault 0 [ 3113.711524][T29933] workingset_refault 0 [ 3113.711524][T29933] workingset_activate 0 [ 3113.711524][T29933] workingset_nodereclaim 0 [ 3113.711524][T29933] pgrefill 0 16:56:16 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88", 0x1}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:16 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6800000000000000}, 0x0) 16:56:16 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:16 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x220) 16:56:16 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3113.711524][T29933] pgscan 37 [ 3113.711524][T29933] pgsteal 37 [ 3113.711524][T29933] pgactivate 0 [ 3113.808400][T29933] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29930,uid=0 [ 3113.825927][T29933] Memory cgroup out of memory: Killed process 29930 (syz-executor.4) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3113.881097][T29936] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3113.893283][T29939] __nla_validate_parse: 14 callbacks suppressed [ 3113.893306][T29939] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3113.914138][ T1057] oom_reaper: reaped process 29930 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3113.925480][T29902] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3113.965915][T29936] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3113.975774][T29902] CPU: 1 PID: 29902 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3113.983755][T29902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3113.983762][T29902] Call Trace: [ 3113.983783][T29902] dump_stack+0x172/0x1f0 [ 3113.983806][T29902] dump_header+0x10b/0x82d [ 3114.005885][T29902] ? oom_kill_process+0x94/0x3f0 [ 3114.005904][T29902] oom_kill_process.cold+0x10/0x15 [ 3114.005922][T29902] out_of_memory+0x79a/0x12c0 [ 3114.005938][T29902] ? lock_downgrade+0x920/0x920 [ 3114.005956][T29902] ? oom_killer_disable+0x280/0x280 [ 3114.030640][T29902] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3114.036187][T29902] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3114.041835][T29902] ? do_raw_spin_unlock+0x57/0x270 [ 3114.047084][T29902] ? _raw_spin_unlock+0x2d/0x50 [ 3114.051943][T29902] try_charge+0xf4b/0x1440 [ 3114.056372][T29902] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3114.062004][T29902] ? percpu_ref_tryget_live+0x111/0x290 [ 3114.067565][T29902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3114.073805][T29902] ? __kasan_check_read+0x11/0x20 [ 3114.078833][T29902] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3114.084388][T29902] mem_cgroup_try_charge+0x136/0x590 [ 3114.089683][T29902] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3114.095325][T29902] wp_page_copy+0x421/0x15e0 [ 3114.099914][T29902] ? find_held_lock+0x35/0x130 [ 3114.104681][T29902] ? pmd_pfn+0x1d0/0x1d0 [ 3114.108921][T29902] ? lock_downgrade+0x920/0x920 16:56:16 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3114.113774][T29902] ? swp_swapcount+0x540/0x540 [ 3114.118540][T29902] ? __kasan_check_read+0x11/0x20 [ 3114.123559][T29902] ? do_raw_spin_unlock+0x57/0x270 [ 3114.128667][T29902] do_wp_page+0x499/0x14d0 [ 3114.133105][T29902] ? finish_mkwrite_fault+0x570/0x570 [ 3114.138484][T29902] __handle_mm_fault+0x22f7/0x3f20 [ 3114.143592][T29902] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3114.143622][T29902] ? __kasan_check_read+0x11/0x20 [ 3114.143644][T29902] handle_mm_fault+0x1b5/0x6b0 [ 3114.143667][T29902] __do_page_fault+0x536/0xdd0 [ 3114.143690][T29902] do_page_fault+0x38/0x590 [ 3114.154243][T29902] page_fault+0x39/0x40 [ 3114.154254][T29902] RIP: 0033:0x430906 [ 3114.154268][T29902] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3114.154275][T29902] RSP: 002b:00007ffd14f60550 EFLAGS: 00010206 [ 3114.154287][T29902] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 16:56:16 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{0x0}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3114.154295][T29902] RDX: 0000555556087930 RSI: 000055555608f970 RDI: 0000000000000003 [ 3114.154304][T29902] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556086940 [ 3114.154312][T29902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3114.154320][T29902] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3114.220411][T29950] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3114.257894][T29952] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3114.283675][T29936] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3114.301251][T29936] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3114.303121][T29902] memory: usage 1040kB, limit 0kB, failcnt 507691 [ 3114.333409][T29902] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3114.345083][T29902] Memory cgroup stats for /syz3: [ 3114.345182][T29902] anon 0 [ 3114.345182][T29902] file 155648 [ 3114.345182][T29902] kernel_stack 65536 [ 3114.345182][T29902] slab 798720 [ 3114.345182][T29902] sock 0 [ 3114.345182][T29902] shmem 0 [ 3114.345182][T29902] file_mapped 0 [ 3114.345182][T29902] file_dirty 0 [ 3114.345182][T29902] file_writeback 0 [ 3114.345182][T29902] anon_thp 0 [ 3114.345182][T29902] inactive_anon 0 [ 3114.345182][T29902] active_anon 0 [ 3114.345182][T29902] inactive_file 0 [ 3114.345182][T29902] active_file 0 [ 3114.345182][T29902] unevictable 0 [ 3114.345182][T29902] slab_reclaimable 270336 [ 3114.345182][T29902] slab_unreclaimable 528384 [ 3114.345182][T29902] pgfault 79860 [ 3114.345182][T29902] pgmajfault 0 [ 3114.345182][T29902] workingset_refault 0 [ 3114.345182][T29902] workingset_activate 0 [ 3114.345182][T29902] workingset_nodereclaim 0 [ 3114.345182][T29902] pgrefill 0 [ 3114.345182][T29902] pgscan 371 [ 3114.345182][T29902] pgsteal 371 [ 3114.345182][T29902] pgactivate 0 [ 3114.345182][T29902] pgdeactivate 0 [ 3114.350134][T29902] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29902,uid=0 [ 3114.350232][T29902] Memory cgroup out of memory: Killed process 29902 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3114.374240][ T1057] oom_reaper: reaped process 29902 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3114.473622][T29917] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 3114.493374][T29917] CPU: 1 PID: 29917 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3114.501356][T29917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3114.511412][T29917] Call Trace: [ 3114.514710][T29917] dump_stack+0x172/0x1f0 [ 3114.519041][T29917] dump_header+0x10b/0x82d [ 3114.523522][T29917] ? oom_kill_process+0x94/0x3f0 [ 3114.528462][T29917] oom_kill_process.cold+0x10/0x15 [ 3114.533572][T29917] out_of_memory+0x79a/0x12c0 [ 3114.538627][T29917] ? lock_downgrade+0x920/0x920 [ 3114.543484][T29917] ? oom_killer_disable+0x280/0x280 [ 3114.548693][T29917] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3114.554353][T29917] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3114.559994][T29917] ? do_raw_spin_unlock+0x57/0x270 [ 3114.565113][T29917] ? _raw_spin_unlock+0x2d/0x50 [ 3114.569965][T29917] try_charge+0xf4b/0x1440 [ 3114.574392][T29917] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3114.579937][T29917] ? cache_grow_begin+0x122/0xd20 [ 3114.584961][T29917] ? find_held_lock+0x35/0x130 [ 3114.589727][T29917] ? cache_grow_begin+0x122/0xd20 [ 3114.594885][T29917] __memcg_kmem_charge_memcg+0x71/0xf0 [ 3114.600337][T29917] ? memcg_kmem_put_cache+0x50/0x50 [ 3114.606059][T29917] ? __kasan_check_read+0x11/0x20 [ 3114.611083][T29917] cache_grow_begin+0x627/0xd20 [ 3114.615951][T29917] ? write_comp_data+0x31/0x70 [ 3114.620709][T29917] ? mempolicy_slab_node+0x139/0x390 [ 3114.625997][T29917] fallback_alloc+0x1fd/0x2d0 [ 3114.630678][T29917] ____cache_alloc_node+0x1bc/0x1d0 [ 3114.635886][T29917] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3114.642123][T29917] kmem_cache_alloc+0x1ef/0x710 [ 3114.646971][T29917] ? stack_trace_save+0xac/0xe0 [ 3114.651821][T29917] __alloc_file+0x27/0x340 [ 3114.656239][T29917] alloc_empty_file+0x72/0x170 [ 3114.660996][T29917] path_openat+0xef/0x4630 [ 3114.665401][T29917] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3114.671194][T29917] ? kasan_slab_alloc+0xf/0x20 [ 3114.676035][T29917] ? kmem_cache_alloc+0x121/0x710 [ 3114.681038][T29917] ? getname_flags+0xd6/0x5b0 [ 3114.685690][T29917] ? getname+0x1a/0x20 [ 3114.689824][T29917] ? do_sys_open+0x2c9/0x5d0 [ 3114.694487][T29917] ? __x64_sys_open+0x7e/0xc0 [ 3114.699149][T29917] ? __kasan_check_read+0x11/0x20 [ 3114.704671][T29917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3114.710894][T29917] ? debug_smp_processor_id+0x3c/0x214 [ 3114.716424][T29917] ? perf_trace_lock+0xeb/0x4c0 [ 3114.721256][T29917] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 3114.726616][T29917] ? __lockdep_free_key_range+0x120/0x120 [ 3114.732321][T29917] ? __alloc_fd+0x487/0x620 [ 3114.736812][T29917] do_filp_open+0x1a1/0x280 [ 3114.741291][T29917] ? may_open_dev+0x100/0x100 [ 3114.745948][T29917] ? lock_downgrade+0x920/0x920 [ 3114.750779][T29917] ? rwlock_bug.part.0+0x90/0x90 [ 3114.755698][T29917] ? __kasan_check_read+0x11/0x20 [ 3114.760708][T29917] ? do_raw_spin_unlock+0x57/0x270 [ 3114.765803][T29917] ? _raw_spin_unlock+0x2d/0x50 [ 3114.770628][T29917] ? __alloc_fd+0x487/0x620 [ 3114.775115][T29917] do_sys_open+0x3fe/0x5d0 [ 3114.779513][T29917] ? filp_open+0x80/0x80 [ 3114.783737][T29917] ? __detach_mounts+0x2a0/0x2a0 [ 3114.788660][T29917] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3114.794102][T29917] ? do_syscall_64+0x26/0x6a0 [ 3114.798753][T29917] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3114.804794][T29917] ? do_syscall_64+0x26/0x6a0 [ 3114.809452][T29917] __x64_sys_open+0x7e/0xc0 [ 3114.813936][T29917] do_syscall_64+0xfd/0x6a0 [ 3114.818422][T29917] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3114.824289][T29917] RIP: 0033:0x4577a0 [ 3114.828166][T29917] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 3114.847746][T29917] RSP: 002b:00007ffe011e7a10 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 3114.856133][T29917] RAX: ffffffffffffffda RBX: 00000000002f8315 RCX: 00000000004577a0 [ 3114.864086][T29917] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffe011e8bf0 [ 3114.872034][T29917] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555560cd940 [ 3114.879982][T29917] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe011e8bf0 [ 3114.887930][T29917] R13: 00007ffe011e8be0 R14: 0000000000000000 R15: 00007ffe011e8bf0 [ 3114.913021][T29917] memory: usage 1724kB, limit 0kB, failcnt 2838507 [ 3114.920731][T29917] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3114.929064][T29917] Memory cgroup stats for /syz4: [ 3114.929177][T29917] anon 24576 [ 3114.929177][T29917] file 602112 [ 3114.929177][T29917] kernel_stack 0 [ 3114.929177][T29917] slab 1056768 [ 3114.929177][T29917] sock 0 [ 3114.929177][T29917] shmem 323584 [ 3114.929177][T29917] file_mapped 0 [ 3114.929177][T29917] file_dirty 0 [ 3114.929177][T29917] file_writeback 0 [ 3114.929177][T29917] anon_thp 0 [ 3114.929177][T29917] inactive_anon 270336 [ 3114.929177][T29917] active_anon 24576 [ 3114.929177][T29917] inactive_file 0 [ 3114.929177][T29917] active_file 0 [ 3114.929177][T29917] unevictable 0 [ 3114.929177][T29917] slab_reclaimable 270336 [ 3114.929177][T29917] slab_unreclaimable 786432 [ 3114.929177][T29917] pgfault 105237 [ 3114.929177][T29917] pgmajfault 0 [ 3114.929177][T29917] workingset_refault 0 [ 3114.929177][T29917] workingset_activate 0 [ 3114.929177][T29917] workingset_nodereclaim 0 [ 3114.929177][T29917] pgrefill 0 [ 3114.929177][T29917] pgscan 37 [ 3114.929177][T29917] pgsteal 37 [ 3114.929177][T29917] pgactivate 0 [ 3115.024877][T29917] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29917,uid=0 [ 3115.040370][T29941] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3115.042068][T29917] Memory cgroup out of memory: Killed process 29917 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 3115.066743][ T1057] oom_reaper: reaped process 29917 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3115.153876][T29940] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:17 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x6c00000000000000}, 0x0) [ 3115.248205][T29955] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:56:17 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3115.364909][T29963] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3115.423137][T29963] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3115.938719][T29966] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:18 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88", 0x1}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:18 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{0x0}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:18 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x7400000000000000}, 0x0) 16:56:18 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:18 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3116.203633][T29973] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:18 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:18 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:18 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x7a00000000000000}, 0x0) 16:56:18 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3116.525572][T29985] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:19 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x8e07000000000000}, 0x0) 16:56:19 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3116.892475][T29999] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:19 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x9effffff00000000}, 0x0) [ 3117.123910][T30004] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:19 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={r4, r3, 0x5, 0x2}, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:20 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xf0ffffff00000000}, 0x0) [ 3117.850494][T30018] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:20 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xfcffffff00000000}, 0x0) 16:56:20 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3118.034009][T30025] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3118.280186][T30032] IPVS: ftp: loaded support on port[0] = 21 [ 3118.631518][T30032] chnl_net:caif_netlink_parms(): no params data found [ 3118.684539][T30032] bridge0: port 1(bridge_slave_0) entered blocking state [ 3118.691689][T30032] bridge0: port 1(bridge_slave_0) entered disabled state [ 3118.700999][T30032] device bridge_slave_0 entered promiscuous mode [ 3118.778197][T30032] bridge0: port 2(bridge_slave_1) entered blocking state [ 3118.785595][T30032] bridge0: port 2(bridge_slave_1) entered disabled state [ 3118.795158][T30032] device bridge_slave_1 entered promiscuous mode [ 3118.824176][T30032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3118.890885][T30032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3118.934151][T30032] team0: Port device team_slave_0 added [ 3118.947061][T30037] IPVS: ftp: loaded support on port[0] = 21 [ 3118.955759][T30032] team0: Port device team_slave_1 added [ 3119.126789][T30032] device hsr_slave_0 entered promiscuous mode [ 3119.173966][T30032] device hsr_slave_1 entered promiscuous mode [ 3119.283110][T30032] debugfs: Directory 'hsr0' with parent '/' already present! [ 3119.465550][T30032] bridge0: port 2(bridge_slave_1) entered blocking state [ 3119.472657][T30032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3119.480070][T30032] bridge0: port 1(bridge_slave_0) entered blocking state [ 3119.487173][T30032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3119.511085][T30037] chnl_net:caif_netlink_parms(): no params data found [ 3119.662024][T19213] bridge0: port 1(bridge_slave_0) entered disabled state [ 3119.671313][T19213] bridge0: port 2(bridge_slave_1) entered disabled state [ 3119.784892][T30037] bridge0: port 1(bridge_slave_0) entered blocking state [ 3119.792287][T30037] bridge0: port 1(bridge_slave_0) entered disabled state [ 3119.803518][T30037] device bridge_slave_0 entered promiscuous mode [ 3119.816102][T30037] bridge0: port 2(bridge_slave_1) entered blocking state [ 3119.824408][T30037] bridge0: port 2(bridge_slave_1) entered disabled state [ 3119.832872][T30037] device bridge_slave_1 entered promiscuous mode [ 3119.981609][T30032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3120.002284][T30037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3120.026701][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3120.035298][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3120.046207][T30037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3120.116773][T30032] 8021q: adding VLAN 0 to HW filter on device team0 [ 3120.156677][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3120.173752][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3120.182309][T19213] bridge0: port 1(bridge_slave_0) entered blocking state [ 3120.189410][T19213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3120.199254][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3120.209203][T19213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3120.218089][T19213] bridge0: port 2(bridge_slave_1) entered blocking state [ 3120.225170][T19213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3120.235380][T30037] team0: Port device team_slave_0 added [ 3120.360019][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3120.369330][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3120.378637][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3120.388263][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3120.399422][T30037] team0: Port device team_slave_1 added [ 3120.469108][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3120.480403][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3120.489663][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3120.498719][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3120.507668][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3120.531600][T30032] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3120.544511][T30032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3120.632836][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3120.644372][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3120.838561][T30037] device hsr_slave_0 entered promiscuous mode [ 3120.894179][T30037] device hsr_slave_1 entered promiscuous mode [ 3120.933283][T30037] debugfs: Directory 'hsr0' with parent '/' already present! [ 3121.010080][T30032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3121.296673][T30037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3121.315529][T30045] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3121.326230][T30045] CPU: 1 PID: 30045 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3121.334206][T30045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3121.344265][T30045] Call Trace: [ 3121.347555][T30045] dump_stack+0x172/0x1f0 [ 3121.351885][T30045] dump_header+0x10b/0x82d [ 3121.356292][T30045] oom_kill_process.cold+0x10/0x15 [ 3121.361479][T30045] out_of_memory+0x79a/0x12c0 [ 3121.366133][T30045] ? __sched_text_start+0x8/0x8 [ 3121.370961][T30045] ? oom_killer_disable+0x280/0x280 [ 3121.376143][T30045] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3121.381661][T30045] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3121.387289][T30045] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3121.393067][T30045] ? cgroup_file_notify+0x140/0x1b0 [ 3121.398254][T30045] memory_max_write+0x262/0x3a0 [ 3121.403080][T30045] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3121.409831][T30045] ? lock_acquire+0x190/0x410 [ 3121.414492][T30045] ? kernfs_fop_write+0x227/0x480 [ 3121.419491][T30045] cgroup_file_write+0x241/0x790 [ 3121.424405][T30045] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3121.431144][T30045] ? cgroup_migrate_add_task+0x890/0x890 [ 3121.436753][T30045] ? cgroup_migrate_add_task+0x890/0x890 [ 3121.442358][T30045] kernfs_fop_write+0x2b8/0x480 [ 3121.447187][T30045] __vfs_write+0x8a/0x110 [ 3121.451490][T30045] ? kernfs_fop_open+0xd80/0xd80 [ 3121.456403][T30045] vfs_write+0x268/0x5d0 [ 3121.460623][T30045] ksys_write+0x14f/0x290 [ 3121.465622][T30045] ? __ia32_sys_read+0xb0/0xb0 [ 3121.470371][T30045] ? do_syscall_64+0x26/0x6a0 [ 3121.475021][T30045] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3121.481229][T30045] ? do_syscall_64+0x26/0x6a0 [ 3121.485906][T30045] __x64_sys_write+0x73/0xb0 [ 3121.490485][T30045] do_syscall_64+0xfd/0x6a0 [ 3121.494975][T30045] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3121.500839][T30045] RIP: 0033:0x459829 [ 3121.504812][T30045] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3121.524398][T30045] RSP: 002b:00007f82bbe6bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3121.532790][T30045] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3121.540733][T30045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3121.548677][T30045] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3121.556623][T30045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f82bbe6c6d4 [ 3121.564659][T30045] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3121.589237][T30045] memory: usage 4040kB, limit 0kB, failcnt 2838508 [ 3121.596076][T30045] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3121.603228][T30045] Memory cgroup stats for /syz4: [ 3121.605026][T30045] anon 2142208 [ 3121.605026][T30045] file 602112 [ 3121.605026][T30045] kernel_stack 65536 [ 3121.605026][T30045] slab 1056768 [ 3121.605026][T30045] sock 0 [ 3121.605026][T30045] shmem 323584 [ 3121.605026][T30045] file_mapped 0 [ 3121.605026][T30045] file_dirty 0 [ 3121.605026][T30045] file_writeback 0 [ 3121.605026][T30045] anon_thp 2097152 [ 3121.605026][T30045] inactive_anon 270336 [ 3121.605026][T30045] active_anon 2142208 [ 3121.605026][T30045] inactive_file 0 [ 3121.605026][T30045] active_file 0 [ 3121.605026][T30045] unevictable 0 [ 3121.605026][T30045] slab_reclaimable 270336 [ 3121.605026][T30045] slab_unreclaimable 786432 [ 3121.605026][T30045] pgfault 105303 [ 3121.605026][T30045] pgmajfault 0 [ 3121.605026][T30045] workingset_refault 0 [ 3121.605026][T30045] workingset_activate 0 [ 3121.605026][T30045] workingset_nodereclaim 0 [ 3121.605026][T30045] pgrefill 0 [ 3121.605026][T30045] pgscan 37 [ 3121.605026][T30045] pgsteal 37 [ 3121.605026][T30045] pgactivate 0 [ 3121.705194][T30045] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30044,uid=0 [ 3121.722263][T30045] Memory cgroup out of memory: Killed process 30044 (syz-executor.4) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 3121.741572][ T1057] oom_reaper: reaped process 30044 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3121.796296][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3121.814298][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3121.909994][T30037] 8021q: adding VLAN 0 to HW filter on device team0 [ 3121.941025][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3121.953834][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3121.973315][T21598] bridge0: port 1(bridge_slave_0) entered blocking state [ 3121.980383][T21598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3122.091183][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3122.101939][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3122.111315][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3122.121102][T16725] bridge0: port 2(bridge_slave_1) entered blocking state [ 3122.128192][T16725] bridge0: port 2(bridge_slave_1) entered forwarding state 16:56:24 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xffffff7f00000000}, 0x0) 16:56:24 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3122.137827][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3122.160592][T30032] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 3122.195163][T30032] CPU: 0 PID: 30032 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3122.195182][T30049] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3122.203255][T30032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3122.203262][T30032] Call Trace: [ 3122.203282][T30032] dump_stack+0x172/0x1f0 [ 3122.203303][T30032] dump_header+0x10b/0x82d [ 3122.203315][T30032] ? oom_kill_process+0x94/0x3f0 [ 3122.203331][T30032] oom_kill_process.cold+0x10/0x15 [ 3122.203349][T30032] out_of_memory+0x79a/0x12c0 [ 3122.203366][T30032] ? lock_downgrade+0x920/0x920 [ 3122.203382][T30032] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3122.203399][T30032] ? oom_killer_disable+0x280/0x280 [ 3122.203425][T30032] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3122.203441][T30032] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3122.203461][T30032] ? do_raw_spin_unlock+0x57/0x270 [ 3122.203479][T30032] ? _raw_spin_unlock+0x2d/0x50 [ 3122.203496][T30032] try_charge+0xf4b/0x1440 [ 3122.203515][T30032] ? __lock_acquire+0x850/0x4c30 [ 3122.203531][T30032] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3122.203549][T30032] ? cache_grow_begin+0x122/0xd20 [ 3122.203569][T30032] ? find_held_lock+0x35/0x130 [ 3122.228040][T30049] __nla_validate_parse: 20 callbacks suppressed [ 3122.228048][T30049] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3122.229264][T30032] ? cache_grow_begin+0x122/0xd20 [ 3122.229288][T30032] __memcg_kmem_charge_memcg+0x71/0xf0 [ 3122.335707][T30032] ? memcg_kmem_put_cache+0x50/0x50 [ 3122.340906][T30032] ? __kasan_check_read+0x11/0x20 [ 3122.345937][T30032] cache_grow_begin+0x627/0xd20 [ 3122.350788][T30032] ? write_comp_data+0x31/0x70 [ 3122.355548][T30032] ? mempolicy_slab_node+0x139/0x390 [ 3122.360825][T30032] fallback_alloc+0x1fd/0x2d0 [ 3122.365503][T30032] ____cache_alloc_node+0x1bc/0x1d0 [ 3122.370696][T30032] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3122.376934][T30032] kmem_cache_alloc+0x1ef/0x710 [ 3122.381781][T30032] ? stack_trace_save+0xac/0xe0 [ 3122.386636][T30032] __alloc_file+0x27/0x340 [ 3122.391051][T30032] alloc_empty_file+0x72/0x170 [ 3122.395825][T30032] path_openat+0xef/0x4630 [ 3122.400236][T30032] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3122.406037][T30032] ? kasan_slab_alloc+0xf/0x20 [ 3122.410794][T30032] ? kmem_cache_alloc+0x121/0x710 [ 3122.415819][T30032] ? getname_flags+0xd6/0x5b0 [ 3122.420491][T30032] ? getname+0x1a/0x20 [ 3122.424560][T30032] ? do_sys_open+0x2c9/0x5d0 [ 3122.429142][T30032] ? __x64_sys_open+0x7e/0xc0 [ 3122.433824][T30032] ? __kasan_check_read+0x11/0x20 [ 3122.438848][T30032] ? mark_lock+0xc0/0x11e0 [ 3122.443261][T30032] ? __kasan_check_read+0x11/0x20 [ 3122.448285][T30032] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 3122.453661][T30032] ? __alloc_fd+0x487/0x620 [ 3122.458167][T30032] do_filp_open+0x1a1/0x280 [ 3122.462668][T30032] ? may_open_dev+0x100/0x100 [ 3122.467345][T30032] ? lock_downgrade+0x920/0x920 [ 3122.472305][T30032] ? rwlock_bug.part.0+0x90/0x90 [ 3122.477254][T30032] ? __kasan_check_read+0x11/0x20 [ 3122.482362][T30032] ? do_raw_spin_unlock+0x57/0x270 [ 3122.487475][T30032] ? _raw_spin_unlock+0x2d/0x50 [ 3122.492321][T30032] ? __alloc_fd+0x487/0x620 [ 3122.496842][T30032] do_sys_open+0x3fe/0x5d0 [ 3122.501266][T30032] ? filp_open+0x80/0x80 [ 3122.505508][T30032] ? __detach_mounts+0x2a0/0x2a0 [ 3122.510445][T30032] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3122.515902][T30032] ? do_syscall_64+0x26/0x6a0 [ 3122.520576][T30032] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3122.526648][T30032] ? do_syscall_64+0x26/0x6a0 [ 3122.531327][T30032] __x64_sys_open+0x7e/0xc0 [ 3122.535830][T30032] do_syscall_64+0xfd/0x6a0 [ 3122.540334][T30032] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3122.546225][T30032] RIP: 0033:0x4577a0 [ 3122.548737][T30052] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3122.550117][T30032] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 3122.550126][T30032] RSP: 002b:00007fffdf78a570 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 3122.550144][T30032] RAX: ffffffffffffffda RBX: 00000000002fa05f RCX: 00000000004577a0 [ 3122.550154][T30032] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007fffdf78b750 [ 3122.550161][T30032] RBP: 0000000000000002 R08: 0000000000000001 R09: 000055555643c940 [ 3122.550175][T30032] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fffdf78b750 [ 3122.579108][T30032] R13: 00007fffdf78b740 R14: 0000000000000000 R15: 00007fffdf78b750 [ 3122.628692][T30032] memory: usage 1708kB, limit 0kB, failcnt 2838520 [ 3122.636079][T30032] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3122.636594][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3122.643185][T30032] Memory cgroup stats for /syz4: [ 3122.643280][T30032] anon 0 [ 3122.643280][T30032] file 602112 [ 3122.643280][T30032] kernel_stack 0 [ 3122.643280][T30032] slab 1056768 [ 3122.643280][T30032] sock 0 [ 3122.643280][T30032] shmem 323584 [ 3122.643280][T30032] file_mapped 0 [ 3122.643280][T30032] file_dirty 0 [ 3122.643280][T30032] file_writeback 0 [ 3122.643280][T30032] anon_thp 0 [ 3122.643280][T30032] inactive_anon 270336 [ 3122.643280][T30032] active_anon 0 [ 3122.643280][T30032] inactive_file 0 [ 3122.643280][T30032] active_file 0 [ 3122.643280][T30032] unevictable 0 [ 3122.643280][T30032] slab_reclaimable 270336 [ 3122.643280][T30032] slab_unreclaimable 786432 [ 3122.643280][T30032] pgfault 105303 [ 3122.643280][T30032] pgmajfault 0 [ 3122.643280][T30032] workingset_refault 0 [ 3122.643280][T30032] workingset_activate 0 [ 3122.643280][T30032] workingset_nodereclaim 0 [ 3122.643280][T30032] pgrefill 0 [ 3122.643280][T30032] pgscan 37 [ 3122.643280][T30032] pgsteal 37 [ 3122.643280][T30032] pgactivate 0 [ 3122.758627][T30032] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30032,uid=0 [ 3122.760107][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3122.782446][T30032] Memory cgroup out of memory: Killed process 30032 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3122.797240][ T1057] oom_reaper: reaped process 30032 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3122.817889][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3122.827247][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3122.836899][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3122.855750][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3122.880659][T30048] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3123.314712][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3123.323855][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3123.364429][T30037] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3123.404221][T30037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3123.434740][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3123.443950][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3123.535624][T30037] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3123.766208][T30063] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3123.779380][T30063] CPU: 0 PID: 30063 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3123.787370][T30063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3123.797506][T30063] Call Trace: [ 3123.800803][T30063] dump_stack+0x172/0x1f0 [ 3123.805145][T30063] dump_header+0x10b/0x82d [ 3123.809559][T30063] oom_kill_process.cold+0x10/0x15 [ 3123.814670][T30063] out_of_memory+0x79a/0x12c0 [ 3123.819347][T30063] ? __sched_text_start+0x8/0x8 [ 3123.824196][T30063] ? oom_killer_disable+0x280/0x280 [ 3123.829409][T30063] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3123.834945][T30063] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3123.840578][T30063] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3123.846381][T30063] ? cgroup_file_notify+0x140/0x1b0 [ 3123.851581][T30063] memory_max_write+0x262/0x3a0 [ 3123.856436][T30063] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3123.863209][T30063] ? lock_acquire+0x190/0x410 [ 3123.867881][T30063] ? kernfs_fop_write+0x227/0x480 [ 3123.872911][T30063] cgroup_file_write+0x241/0x790 [ 3123.877856][T30063] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3123.884616][T30063] ? cgroup_migrate_add_task+0x890/0x890 [ 3123.890250][T30063] ? cgroup_migrate_add_task+0x890/0x890 [ 3123.895877][T30063] kernfs_fop_write+0x2b8/0x480 [ 3123.900728][T30063] __vfs_write+0x8a/0x110 [ 3123.905053][T30063] ? kernfs_fop_open+0xd80/0xd80 [ 3123.909986][T30063] vfs_write+0x268/0x5d0 [ 3123.914232][T30063] ksys_write+0x14f/0x290 [ 3123.918556][T30063] ? __ia32_sys_read+0xb0/0xb0 [ 3123.923315][T30063] ? do_syscall_64+0x26/0x6a0 [ 3123.927998][T30063] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3123.934060][T30063] ? do_syscall_64+0x26/0x6a0 [ 3123.938754][T30063] __x64_sys_write+0x73/0xb0 [ 3123.943345][T30063] do_syscall_64+0xfd/0x6a0 [ 3123.947845][T30063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3123.953727][T30063] RIP: 0033:0x459829 [ 3123.957614][T30063] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3123.977297][T30063] RSP: 002b:00007fda3adccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3123.985702][T30063] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3123.993662][T30063] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3124.001621][T30063] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3124.009583][T30063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda3adcd6d4 [ 3124.017545][T30063] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3124.030614][T30063] memory: usage 3396kB, limit 0kB, failcnt 507692 [ 3124.044315][T30063] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3124.051267][T30063] Memory cgroup stats for /syz3: [ 3124.051367][T30063] anon 2174976 [ 3124.051367][T30063] file 155648 [ 3124.051367][T30063] kernel_stack 131072 [ 3124.051367][T30063] slab 798720 [ 3124.051367][T30063] sock 0 [ 3124.051367][T30063] shmem 0 [ 3124.051367][T30063] file_mapped 0 [ 3124.051367][T30063] file_dirty 0 [ 3124.051367][T30063] file_writeback 0 [ 3124.051367][T30063] anon_thp 2097152 [ 3124.051367][T30063] inactive_anon 0 [ 3124.051367][T30063] active_anon 2174976 [ 3124.051367][T30063] inactive_file 0 [ 3124.051367][T30063] active_file 0 [ 3124.051367][T30063] unevictable 0 [ 3124.051367][T30063] slab_reclaimable 270336 [ 3124.051367][T30063] slab_unreclaimable 528384 [ 3124.051367][T30063] pgfault 79926 [ 3124.051367][T30063] pgmajfault 0 [ 3124.051367][T30063] workingset_refault 0 [ 3124.051367][T30063] workingset_activate 0 [ 3124.051367][T30063] workingset_nodereclaim 0 [ 3124.051367][T30063] pgrefill 0 [ 3124.051367][T30063] pgscan 371 [ 3124.051367][T30063] pgsteal 371 [ 3124.051367][T30063] pgactivate 0 [ 3124.151075][T30063] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30061,uid=0 [ 3124.167643][T30063] Memory cgroup out of memory: Killed process 30061 (syz-executor.3) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3124.183515][ T1057] oom_reaper: reaped process 30061 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:56:26 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:26 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:26 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:26 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0xfffffffffffff000}, 0x0) 16:56:26 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:26 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3124.291304][T30037] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3124.320807][T30069] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3124.321387][T30070] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3124.359371][T30069] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3124.371111][T30037] CPU: 0 PID: 30037 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3124.379113][T30037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3124.389175][T30037] Call Trace: [ 3124.392479][T30037] dump_stack+0x172/0x1f0 [ 3124.396824][T30037] dump_header+0x10b/0x82d [ 3124.401240][T30037] ? oom_kill_process+0x94/0x3f0 [ 3124.406189][T30037] oom_kill_process.cold+0x10/0x15 [ 3124.411313][T30037] out_of_memory+0x79a/0x12c0 [ 3124.415990][T30037] ? lock_downgrade+0x920/0x920 [ 3124.420846][T30037] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3124.426654][T30037] ? oom_killer_disable+0x280/0x280 [ 3124.431867][T30037] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3124.437413][T30037] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3124.443056][T30037] ? do_raw_spin_unlock+0x57/0x270 [ 3124.448176][T30037] ? _raw_spin_unlock+0x2d/0x50 [ 3124.453030][T30037] try_charge+0xf4b/0x1440 [ 3124.453055][T30037] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3124.453068][T30037] ? percpu_ref_tryget_live+0x111/0x290 [ 3124.453085][T30037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3124.453102][T30037] ? __kasan_check_read+0x11/0x20 [ 3124.453123][T30037] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3124.453140][T30037] mem_cgroup_try_charge+0x136/0x590 [ 3124.453158][T30037] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3124.453176][T30037] wp_page_copy+0x421/0x15e0 [ 3124.453192][T30037] ? find_held_lock+0x35/0x130 [ 3124.453212][T30037] ? pmd_pfn+0x1d0/0x1d0 [ 3124.453229][T30037] ? lock_downgrade+0x920/0x920 [ 3124.453248][T30037] ? swp_swapcount+0x540/0x540 [ 3124.453263][T30037] ? __kasan_check_read+0x11/0x20 [ 3124.453276][T30037] ? do_raw_spin_unlock+0x57/0x270 [ 3124.453294][T30037] do_wp_page+0x499/0x14d0 [ 3124.453313][T30037] ? finish_mkwrite_fault+0x570/0x570 [ 3124.453338][T30037] __handle_mm_fault+0x22f7/0x3f20 [ 3124.453359][T30037] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3124.453389][T30037] ? __kasan_check_read+0x11/0x20 [ 3124.453413][T30037] handle_mm_fault+0x1b5/0x6b0 [ 3124.453434][T30037] __do_page_fault+0x536/0xdd0 [ 3124.453460][T30037] do_page_fault+0x38/0x590 [ 3124.453477][T30037] page_fault+0x39/0x40 [ 3124.453489][T30037] RIP: 0033:0x430906 [ 3124.453502][T30037] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3124.453510][T30037] RSP: 002b:00007fff327650d0 EFLAGS: 00010206 [ 3124.453521][T30037] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3124.453528][T30037] RDX: 00005555558f2930 RSI: 00005555558fa970 RDI: 0000000000000003 [ 3124.453536][T30037] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555558f1940 [ 3124.453543][T30037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3124.453551][T30037] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3124.551853][T30081] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3124.745934][T30037] memory: usage 1020kB, limit 0kB, failcnt 507704 [ 3124.757040][T30067] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3124.760403][T30037] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3124.809663][T30037] Memory cgroup stats for /syz3: [ 3124.809768][T30037] anon 0 [ 3124.809768][T30037] file 155648 [ 3124.809768][T30037] kernel_stack 0 [ 3124.809768][T30037] slab 798720 [ 3124.809768][T30037] sock 0 [ 3124.809768][T30037] shmem 0 [ 3124.809768][T30037] file_mapped 0 [ 3124.809768][T30037] file_dirty 0 [ 3124.809768][T30037] file_writeback 0 [ 3124.809768][T30037] anon_thp 0 [ 3124.809768][T30037] inactive_anon 0 [ 3124.809768][T30037] active_anon 0 [ 3124.809768][T30037] inactive_file 0 [ 3124.809768][T30037] active_file 0 [ 3124.809768][T30037] unevictable 0 [ 3124.809768][T30037] slab_reclaimable 270336 [ 3124.809768][T30037] slab_unreclaimable 528384 [ 3124.809768][T30037] pgfault 79926 [ 3124.809768][T30037] pgmajfault 0 [ 3124.809768][T30037] workingset_refault 0 [ 3124.809768][T30037] workingset_activate 0 [ 3124.809768][T30037] workingset_nodereclaim 0 [ 3124.809768][T30037] pgrefill 0 [ 3124.809768][T30037] pgscan 371 [ 3124.809768][T30037] pgsteal 371 [ 3124.809768][T30037] pgactivate 0 [ 3124.809768][T30037] pgdeactivate 0 [ 3124.982015][T30037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30037,uid=0 [ 3125.000635][T30037] Memory cgroup out of memory: Killed process 30037 (syz-executor.3) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 3125.018294][ T1057] oom_reaper: reaped process 30037 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3125.071644][T30071] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:27 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3125.315006][T30088] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3125.343150][T30088] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:56:28 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:28 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3125.694832][T30072] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. 16:56:28 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3125.845361][T30092] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:28 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, 0x0, 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:28 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:28 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:28 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3126.176103][T30110] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3126.616112][T30118] IPVS: ftp: loaded support on port[0] = 21 [ 3127.158420][T30118] chnl_net:caif_netlink_parms(): no params data found [ 3127.248490][T30118] bridge0: port 1(bridge_slave_0) entered blocking state [ 3127.257731][T30118] bridge0: port 1(bridge_slave_0) entered disabled state [ 3127.266668][T30118] device bridge_slave_0 entered promiscuous mode [ 3127.276103][T30118] bridge0: port 2(bridge_slave_1) entered blocking state [ 3127.283744][T30118] bridge0: port 2(bridge_slave_1) entered disabled state [ 3127.292126][T30118] device bridge_slave_1 entered promiscuous mode [ 3127.370538][T30118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3127.384046][T30118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3127.478100][T30118] team0: Port device team_slave_0 added [ 3127.486306][T30118] team0: Port device team_slave_1 added [ 3127.610979][T30118] device hsr_slave_0 entered promiscuous mode [ 3127.714096][T30118] device hsr_slave_1 entered promiscuous mode [ 3127.793175][T30118] debugfs: Directory 'hsr0' with parent '/' already present! [ 3127.867181][T30123] IPVS: ftp: loaded support on port[0] = 21 [ 3127.980952][T30118] bridge0: port 2(bridge_slave_1) entered blocking state [ 3127.988107][T30118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3127.995516][T30118] bridge0: port 1(bridge_slave_0) entered blocking state [ 3128.002575][T30118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3128.099349][T21598] bridge0: port 1(bridge_slave_0) entered disabled state [ 3128.108521][T21598] bridge0: port 2(bridge_slave_1) entered disabled state [ 3128.339489][T30118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3128.380181][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3128.390131][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3128.401495][T30118] 8021q: adding VLAN 0 to HW filter on device team0 [ 3128.409006][T30123] chnl_net:caif_netlink_parms(): no params data found [ 3128.454263][T30123] bridge0: port 1(bridge_slave_0) entered blocking state [ 3128.461610][T30123] bridge0: port 1(bridge_slave_0) entered disabled state [ 3128.470084][T30123] device bridge_slave_0 entered promiscuous mode [ 3128.478354][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3128.488073][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3128.497468][T16629] bridge0: port 1(bridge_slave_0) entered blocking state [ 3128.504568][T16629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3128.604126][T30123] bridge0: port 2(bridge_slave_1) entered blocking state [ 3128.604154][T30123] bridge0: port 2(bridge_slave_1) entered disabled state [ 3128.631007][T30123] device bridge_slave_1 entered promiscuous mode [ 3128.645428][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3128.654883][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3128.664008][T16629] bridge0: port 2(bridge_slave_1) entered blocking state [ 3128.671075][T16629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3128.679865][T16629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3128.710789][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3128.720890][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3128.730460][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3128.825461][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3128.834847][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3128.844208][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3128.869020][T30123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3128.881961][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3128.891383][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3128.902715][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3128.914333][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3129.106171][T30118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3129.124647][T30123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3129.175792][T30118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3129.273430][T30123] team0: Port device team_slave_0 added [ 3129.284113][T30123] team0: Port device team_slave_1 added [ 3129.346728][T30123] device hsr_slave_0 entered promiscuous mode [ 3129.393869][T30123] device hsr_slave_1 entered promiscuous mode [ 3129.433023][T30123] debugfs: Directory 'hsr0' with parent '/' already present! [ 3129.637142][T30131] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3129.649895][T30131] CPU: 1 PID: 30131 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3129.657889][T30131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3129.667938][T30131] Call Trace: [ 3129.671234][T30131] dump_stack+0x172/0x1f0 [ 3129.675569][T30131] dump_header+0x10b/0x82d [ 3129.679985][T30131] oom_kill_process.cold+0x10/0x15 [ 3129.685106][T30131] out_of_memory+0x79a/0x12c0 [ 3129.689785][T30131] ? retint_kernel+0x2b/0x2b [ 3129.694374][T30131] ? oom_killer_disable+0x280/0x280 [ 3129.699578][T30131] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3129.705650][T30131] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3129.711290][T30131] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3129.717124][T30131] ? cgroup_file_notify+0x140/0x1b0 [ 3129.722335][T30131] memory_max_write+0x262/0x3a0 [ 3129.724118][T30123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3129.727187][T30131] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3129.727203][T30131] ? lock_acquire+0x190/0x410 [ 3129.727220][T30131] ? kernfs_fop_write+0x227/0x480 [ 3129.750203][T30131] cgroup_file_write+0x241/0x790 [ 3129.755141][T30131] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3129.761909][T30131] ? cgroup_migrate_add_task+0x890/0x890 [ 3129.767639][T30131] ? cgroup_migrate_add_task+0x890/0x890 [ 3129.773269][T30131] kernfs_fop_write+0x2b8/0x480 [ 3129.778198][T30131] __vfs_write+0x8a/0x110 [ 3129.782509][T30131] ? kernfs_fop_open+0xd80/0xd80 [ 3129.787431][T30131] vfs_write+0x268/0x5d0 [ 3129.791659][T30131] ksys_write+0x14f/0x290 [ 3129.795978][T30131] ? __ia32_sys_read+0xb0/0xb0 [ 3129.800739][T30131] ? do_syscall_64+0x26/0x6a0 [ 3129.805393][T30131] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3129.811436][T30131] ? do_syscall_64+0x26/0x6a0 [ 3129.816091][T30131] __x64_sys_write+0x73/0xb0 [ 3129.820697][T30131] do_syscall_64+0xfd/0x6a0 [ 3129.825180][T30131] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3129.831056][T30131] RIP: 0033:0x459829 [ 3129.834926][T30131] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3129.854606][T30131] RSP: 002b:00007f3dd0c28c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3129.862992][T30131] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3129.870938][T30131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3129.878970][T30131] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3129.886933][T30131] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3dd0c296d4 [ 3129.894891][T30131] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3129.908973][T30131] memory: usage 4064kB, limit 0kB, failcnt 2838521 [ 3129.917376][T30131] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3129.924422][T30131] Memory cgroup stats for /syz4: [ 3129.925429][T30131] anon 2134016 [ 3129.925429][T30131] file 602112 [ 3129.925429][T30131] kernel_stack 65536 [ 3129.925429][T30131] slab 1056768 [ 3129.925429][T30131] sock 0 [ 3129.925429][T30131] shmem 323584 [ 3129.925429][T30131] file_mapped 0 [ 3129.925429][T30131] file_dirty 0 [ 3129.925429][T30131] file_writeback 0 [ 3129.925429][T30131] anon_thp 2097152 [ 3129.925429][T30131] inactive_anon 270336 [ 3129.925429][T30131] active_anon 2134016 [ 3129.925429][T30131] inactive_file 0 [ 3129.925429][T30131] active_file 0 [ 3129.925429][T30131] unevictable 0 [ 3129.925429][T30131] slab_reclaimable 270336 [ 3129.925429][T30131] slab_unreclaimable 786432 [ 3129.925429][T30131] pgfault 105369 [ 3129.925429][T30131] pgmajfault 0 [ 3129.925429][T30131] workingset_refault 0 [ 3129.925429][T30131] workingset_activate 0 [ 3129.925429][T30131] workingset_nodereclaim 0 [ 3129.925429][T30131] pgrefill 0 [ 3129.925429][T30131] pgscan 37 [ 3129.925429][T30131] pgsteal 37 [ 3129.925429][T30131] pgactivate 0 [ 3130.023992][T30131] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30129,uid=0 [ 3130.025306][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3130.040296][T30131] Memory cgroup out of memory: Killed process 30129 (syz-executor.4) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3130.064529][ T1057] oom_reaper: reaped process 30129 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3130.077149][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3130.090079][T30123] 8021q: adding VLAN 0 to HW filter on device team0 16:56:32 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:32 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:32 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:32 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:32 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3130.147185][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3130.156584][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3130.167388][T30118] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3130.202514][ T854] bridge0: port 1(bridge_slave_0) entered blocking state [ 3130.209652][ T854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3130.219648][T30118] CPU: 0 PID: 30118 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3130.225806][T30139] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3130.227718][T30118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3130.227724][T30118] Call Trace: [ 3130.227744][T30118] dump_stack+0x172/0x1f0 [ 3130.227764][T30118] dump_header+0x10b/0x82d [ 3130.257813][T30118] ? oom_kill_process+0x94/0x3f0 [ 3130.262759][T30118] oom_kill_process.cold+0x10/0x15 [ 3130.267876][T30118] out_of_memory+0x79a/0x12c0 [ 3130.272990][T30118] ? lock_downgrade+0x920/0x920 [ 3130.277959][T30118] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3130.283772][T30118] ? oom_killer_disable+0x280/0x280 [ 3130.288977][T30118] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3130.294618][T30118] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3130.297351][T30139] __nla_validate_parse: 9 callbacks suppressed [ 3130.297359][T30139] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3130.300246][T30118] ? do_raw_spin_unlock+0x57/0x270 [ 3130.300265][T30118] ? _raw_spin_unlock+0x2d/0x50 [ 3130.300281][T30118] try_charge+0xf4b/0x1440 [ 3130.300302][T30118] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3130.335542][T30118] ? percpu_ref_tryget_live+0x111/0x290 [ 3130.341093][T30118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3130.347338][T30118] ? __kasan_check_read+0x11/0x20 [ 3130.352369][T30118] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3130.358387][T30118] mem_cgroup_try_charge+0x136/0x590 [ 3130.363681][T30118] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3130.369312][T30118] wp_page_copy+0x421/0x15e0 [ 3130.373901][T30118] ? find_held_lock+0x35/0x130 [ 3130.378108][T30135] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3130.378749][T30118] ? pmd_pfn+0x1d0/0x1d0 [ 3130.378767][T30118] ? lock_downgrade+0x920/0x920 [ 3130.378786][T30118] ? swp_swapcount+0x540/0x540 [ 3130.378801][T30118] ? __kasan_check_read+0x11/0x20 [ 3130.378817][T30118] ? do_raw_spin_unlock+0x57/0x270 [ 3130.411963][T30118] do_wp_page+0x499/0x14d0 [ 3130.416379][T30118] ? finish_mkwrite_fault+0x570/0x570 [ 3130.421773][T30118] __handle_mm_fault+0x22f7/0x3f20 [ 3130.426902][T30118] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3130.432462][T30118] ? __kasan_check_read+0x11/0x20 [ 3130.437494][T30118] handle_mm_fault+0x1b5/0x6b0 [ 3130.442283][T30118] __do_page_fault+0x536/0xdd0 [ 3130.447075][T30118] do_page_fault+0x38/0x590 [ 3130.447097][T30118] page_fault+0x39/0x40 [ 3130.447109][T30118] RIP: 0033:0x430906 [ 3130.447124][T30118] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3130.447132][T30118] RSP: 002b:00007ffdc4c7d790 EFLAGS: 00010206 [ 3130.447144][T30118] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3130.447153][T30118] RDX: 00005555564b8930 RSI: 00005555564c0970 RDI: 0000000000000003 [ 3130.447161][T30118] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555564b7940 [ 3130.447170][T30118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3130.447178][T30118] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3130.471635][T30118] memory: usage 1720kB, limit 0kB, failcnt 2838529 [ 3130.546088][T30118] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3130.553414][T30118] Memory cgroup stats for /syz4: [ 3130.553525][T30118] anon 32768 [ 3130.553525][T30118] file 602112 [ 3130.553525][T30118] kernel_stack 0 [ 3130.553525][T30118] slab 1056768 [ 3130.553525][T30118] sock 0 [ 3130.553525][T30118] shmem 323584 [ 3130.553525][T30118] file_mapped 0 [ 3130.553525][T30118] file_dirty 0 [ 3130.553525][T30118] file_writeback 0 [ 3130.553525][T30118] anon_thp 0 [ 3130.553525][T30118] inactive_anon 270336 [ 3130.553525][T30118] active_anon 32768 [ 3130.553525][T30118] inactive_file 0 [ 3130.553525][T30118] active_file 0 [ 3130.553525][T30118] unevictable 0 [ 3130.553525][T30118] slab_reclaimable 270336 [ 3130.553525][T30118] slab_unreclaimable 786432 [ 3130.553525][T30118] pgfault 105369 [ 3130.553525][T30118] pgmajfault 0 [ 3130.553525][T30118] workingset_refault 0 [ 3130.553525][T30118] workingset_activate 0 [ 3130.553525][T30118] workingset_nodereclaim 0 [ 3130.553525][T30118] pgrefill 0 [ 3130.553525][T30118] pgscan 37 [ 3130.553525][T30118] pgsteal 37 [ 3130.553525][T30118] pgactivate 0 [ 3130.553546][T30118] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30118,uid=0 [ 3130.553644][T30118] Memory cgroup out of memory: Killed process 30118 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 3130.649631][ T1057] oom_reaper: reaped process 30118 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3130.716552][T30137] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3130.790458][T30138] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3130.932248][T30139] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3130.933284][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3130.950364][T30139] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3130.961082][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3130.971646][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3130.980798][T17639] bridge0: port 2(bridge_slave_1) entered blocking state [ 3130.987931][T17639] bridge0: port 2(bridge_slave_1) entered forwarding state 16:56:33 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3131.404233][T30156] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3131.411677][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3131.412481][T30156] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3131.422095][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:56:33 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c81", 0x18}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3131.449061][T30150] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:33 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3131.503935][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3131.524374][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3131.614891][T30160] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3131.637032][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3131.645099][T30160] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3131.674552][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3131.684863][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3131.694718][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3131.704644][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3131.722719][T30152] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3131.795686][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3131.812826][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3131.837531][T30123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3131.932226][T30123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3132.223788][T30170] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3132.234624][T30170] CPU: 0 PID: 30170 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3132.242599][T30170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3132.252655][T30170] Call Trace: [ 3132.255962][T30170] dump_stack+0x172/0x1f0 [ 3132.260294][T30170] dump_header+0x10b/0x82d [ 3132.264710][T30170] oom_kill_process.cold+0x10/0x15 [ 3132.269817][T30170] out_of_memory+0x79a/0x12c0 [ 3132.274499][T30170] ? __sched_text_start+0x8/0x8 [ 3132.279346][T30170] ? oom_killer_disable+0x280/0x280 [ 3132.284558][T30170] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3132.290097][T30170] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3132.295734][T30170] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3132.301539][T30170] ? cgroup_file_notify+0x140/0x1b0 [ 3132.306734][T30170] memory_max_write+0x262/0x3a0 [ 3132.311584][T30170] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3132.318357][T30170] ? cgroup_file_write+0x86/0x790 [ 3132.323384][T30170] cgroup_file_write+0x241/0x790 [ 3132.328323][T30170] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3132.335084][T30170] ? cgroup_migrate_add_task+0x890/0x890 [ 3132.340716][T30170] ? kernfs_ops+0x9f/0x110 [ 3132.345132][T30170] ? cgroup_migrate_add_task+0x890/0x890 [ 3132.350761][T30170] kernfs_fop_write+0x2b8/0x480 [ 3132.355609][T30170] __vfs_write+0x8a/0x110 [ 3132.359928][T30170] ? kernfs_fop_open+0xd80/0xd80 [ 3132.364966][T30170] vfs_write+0x268/0x5d0 [ 3132.369208][T30170] ksys_write+0x14f/0x290 [ 3132.373536][T30170] ? __ia32_sys_read+0xb0/0xb0 [ 3132.378298][T30170] ? do_syscall_64+0x26/0x6a0 [ 3132.382969][T30170] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3132.389027][T30170] ? do_syscall_64+0x26/0x6a0 [ 3132.393709][T30170] __x64_sys_write+0x73/0xb0 [ 3132.398296][T30170] do_syscall_64+0xfd/0x6a0 [ 3132.402800][T30170] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3132.408690][T30170] RIP: 0033:0x459829 [ 3132.412581][T30170] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3132.432188][T30170] RSP: 002b:00007f0398f2cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3132.440600][T30170] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3132.448571][T30170] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3132.456537][T30170] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3132.464506][T30170] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0398f2d6d4 [ 3132.473511][T30170] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3132.517983][T30170] memory: usage 3392kB, limit 0kB, failcnt 507705 [ 3132.525065][T30170] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3132.532154][T30170] Memory cgroup stats for /syz3: [ 3132.536251][T30170] anon 2174976 [ 3132.536251][T30170] file 155648 [ 3132.536251][T30170] kernel_stack 65536 [ 3132.536251][T30170] slab 933888 [ 3132.536251][T30170] sock 0 [ 3132.536251][T30170] shmem 0 [ 3132.536251][T30170] file_mapped 0 [ 3132.536251][T30170] file_dirty 0 [ 3132.536251][T30170] file_writeback 0 [ 3132.536251][T30170] anon_thp 2097152 [ 3132.536251][T30170] inactive_anon 0 [ 3132.536251][T30170] active_anon 2174976 [ 3132.536251][T30170] inactive_file 0 [ 3132.536251][T30170] active_file 0 [ 3132.536251][T30170] unevictable 0 [ 3132.536251][T30170] slab_reclaimable 270336 [ 3132.536251][T30170] slab_unreclaimable 663552 [ 3132.536251][T30170] pgfault 80025 [ 3132.536251][T30170] pgmajfault 0 [ 3132.536251][T30170] workingset_refault 0 [ 3132.536251][T30170] workingset_activate 0 [ 3132.536251][T30170] workingset_nodereclaim 0 [ 3132.536251][T30170] pgrefill 0 [ 3132.536251][T30170] pgscan 371 [ 3132.536251][T30170] pgsteal 371 [ 3132.536251][T30170] pgactivate 0 [ 3132.637982][T30170] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30169,uid=0 [ 3132.662569][T30170] Memory cgroup out of memory: Killed process 30169 (syz-executor.3) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 3132.682584][ T1057] oom_reaper: reaped process 30169 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:56:35 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c81", 0x18}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:35 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, 0x0, 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:35 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:35 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:35 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:35 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3133.230887][T30175] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3133.259754][T30123] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3133.285812][T30175] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3133.298589][T30123] CPU: 0 PID: 30123 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3133.306586][T30123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3133.316661][T30123] Call Trace: [ 3133.319957][T30123] dump_stack+0x172/0x1f0 [ 3133.324291][T30123] dump_header+0x10b/0x82d [ 3133.328702][T30123] ? oom_kill_process+0x94/0x3f0 [ 3133.333631][T30123] oom_kill_process.cold+0x10/0x15 [ 3133.338740][T30123] out_of_memory+0x79a/0x12c0 [ 3133.343429][T30123] ? lock_downgrade+0x920/0x920 [ 3133.348284][T30123] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3133.354107][T30123] ? oom_killer_disable+0x280/0x280 [ 3133.359428][T30123] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3133.365068][T30123] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3133.370700][T30123] ? do_raw_spin_unlock+0x57/0x270 [ 3133.370720][T30123] ? _raw_spin_unlock+0x2d/0x50 [ 3133.370739][T30123] try_charge+0xf4b/0x1440 [ 3133.370765][T30123] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3133.370776][T30123] ? percpu_ref_tryget_live+0x111/0x290 [ 3133.370797][T30123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3133.402370][T30123] ? __kasan_check_read+0x11/0x20 [ 3133.407407][T30123] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3133.407428][T30123] mem_cgroup_try_charge+0x136/0x590 [ 3133.407451][T30123] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3133.407468][T30123] wp_page_copy+0x421/0x15e0 [ 3133.407489][T30123] ? find_held_lock+0x35/0x130 [ 3133.433222][T30123] ? pmd_pfn+0x1d0/0x1d0 [ 3133.437467][T30123] ? lock_downgrade+0x920/0x920 [ 3133.437489][T30123] ? swp_swapcount+0x540/0x540 [ 3133.437509][T30123] ? __kasan_check_read+0x11/0x20 [ 3133.437524][T30123] ? do_raw_spin_unlock+0x57/0x270 [ 3133.437544][T30123] do_wp_page+0x499/0x14d0 [ 3133.437566][T30123] ? finish_mkwrite_fault+0x570/0x570 [ 3133.437591][T30123] __handle_mm_fault+0x22f7/0x3f20 [ 3133.437611][T30123] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3133.461707][T30123] ? __kasan_check_read+0x11/0x20 [ 3133.461736][T30123] handle_mm_fault+0x1b5/0x6b0 [ 3133.461762][T30123] __do_page_fault+0x536/0xdd0 [ 3133.461808][T30123] do_page_fault+0x38/0x590 [ 3133.487535][T30123] page_fault+0x39/0x40 [ 3133.487548][T30123] RIP: 0033:0x430906 [ 3133.487563][T30123] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3133.487572][T30123] RSP: 002b:00007ffca29eb890 EFLAGS: 00010206 [ 3133.487583][T30123] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3133.487592][T30123] RDX: 0000555556441930 RSI: 0000555556449970 RDI: 0000000000000003 [ 3133.487601][T30123] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556440940 [ 3133.487610][T30123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3133.487618][T30123] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3133.537849][T30123] memory: usage 1052kB, limit 0kB, failcnt 507713 [ 3133.553116][T30123] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3133.579372][T30123] Memory cgroup stats for /syz3: [ 3133.579484][T30123] anon 90112 [ 3133.579484][T30123] file 155648 [ 3133.579484][T30123] kernel_stack 0 [ 3133.579484][T30123] slab 933888 [ 3133.579484][T30123] sock 0 [ 3133.579484][T30123] shmem 0 [ 3133.579484][T30123] file_mapped 0 [ 3133.579484][T30123] file_dirty 0 [ 3133.579484][T30123] file_writeback 0 [ 3133.579484][T30123] anon_thp 0 [ 3133.579484][T30123] inactive_anon 0 [ 3133.579484][T30123] active_anon 90112 [ 3133.579484][T30123] inactive_file 0 [ 3133.579484][T30123] active_file 0 [ 3133.579484][T30123] unevictable 0 [ 3133.579484][T30123] slab_reclaimable 270336 [ 3133.579484][T30123] slab_unreclaimable 663552 [ 3133.579484][T30123] pgfault 80025 [ 3133.579484][T30123] pgmajfault 0 [ 3133.579484][T30123] workingset_refault 0 [ 3133.579484][T30123] workingset_activate 0 [ 3133.579484][T30123] workingset_nodereclaim 0 [ 3133.579484][T30123] pgrefill 0 [ 3133.579484][T30123] pgscan 371 [ 3133.579484][T30123] pgsteal 371 [ 3133.579484][T30123] pgactivate 0 [ 3133.680703][T30123] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30123,uid=0 [ 3133.698425][T30123] Memory cgroup out of memory: Killed process 30123 (syz-executor.3) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 3133.713346][ T1057] oom_reaper: reaped process 30123 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3133.930495][T30175] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:36 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, 0x0, 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:36 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:36 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r1, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3134.574319][T30196] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:36 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:37 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:37 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 3134.825647][T30207] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3135.344977][T30212] __nla_validate_parse: 12 callbacks suppressed [ 3135.345044][T30212] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3135.588970][T30217] IPVS: ftp: loaded support on port[0] = 21 [ 3135.850253][T30217] chnl_net:caif_netlink_parms(): no params data found [ 3135.949371][T30217] bridge0: port 1(bridge_slave_0) entered blocking state [ 3135.958333][T30217] bridge0: port 1(bridge_slave_0) entered disabled state [ 3135.967215][T30217] device bridge_slave_0 entered promiscuous mode [ 3136.018288][T30217] bridge0: port 2(bridge_slave_1) entered blocking state [ 3136.026637][T30217] bridge0: port 2(bridge_slave_1) entered disabled state [ 3136.035612][T30217] device bridge_slave_1 entered promiscuous mode [ 3136.062706][T30217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3136.132706][T30217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3136.159963][T30217] team0: Port device team_slave_0 added [ 3136.168908][T30217] team0: Port device team_slave_1 added [ 3136.236738][T30217] device hsr_slave_0 entered promiscuous mode [ 3136.293822][T30217] device hsr_slave_1 entered promiscuous mode [ 3136.333360][T30217] debugfs: Directory 'hsr0' with parent '/' already present! [ 3136.408244][T30222] IPVS: ftp: loaded support on port[0] = 21 [ 3136.426625][T30217] bridge0: port 2(bridge_slave_1) entered blocking state [ 3136.433729][T30217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3136.441029][T30217] bridge0: port 1(bridge_slave_0) entered blocking state [ 3136.448131][T30217] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3136.747946][T30217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3136.842670][T30222] chnl_net:caif_netlink_parms(): no params data found [ 3136.965324][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3136.975022][T25186] bridge0: port 1(bridge_slave_0) entered disabled state [ 3136.983873][T25186] bridge0: port 2(bridge_slave_1) entered disabled state [ 3136.995754][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3137.010558][T30217] 8021q: adding VLAN 0 to HW filter on device team0 [ 3137.082155][T30222] bridge0: port 1(bridge_slave_0) entered blocking state [ 3137.090458][T30222] bridge0: port 1(bridge_slave_0) entered disabled state [ 3137.099566][T30222] device bridge_slave_0 entered promiscuous mode [ 3137.110862][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3137.121444][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3137.130385][T16725] bridge0: port 1(bridge_slave_0) entered blocking state [ 3137.137574][T16725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3137.205663][T30222] bridge0: port 2(bridge_slave_1) entered blocking state [ 3137.212858][T30222] bridge0: port 2(bridge_slave_1) entered disabled state [ 3137.226307][T30222] device bridge_slave_1 entered promiscuous mode [ 3137.235491][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3137.245080][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3137.254586][T25186] bridge0: port 2(bridge_slave_1) entered blocking state [ 3137.261731][T25186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3137.291944][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3137.304293][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3137.313865][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3137.323543][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3137.421230][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3137.431358][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3137.441060][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3137.456762][T30222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3137.477793][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3137.486709][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3137.495595][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3137.506175][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3137.571515][T30222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3137.584184][T30217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3137.634213][T30222] team0: Port device team_slave_0 added [ 3137.702523][T30217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3137.712674][T30222] team0: Port device team_slave_1 added [ 3137.847334][T30222] device hsr_slave_0 entered promiscuous mode [ 3137.894580][T30222] device hsr_slave_1 entered promiscuous mode [ 3137.933413][T30222] debugfs: Directory 'hsr0' with parent '/' already present! [ 3138.168789][T30230] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3138.193407][T30230] CPU: 0 PID: 30230 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3138.201421][T30230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3138.211481][T30230] Call Trace: [ 3138.214783][T30230] dump_stack+0x172/0x1f0 [ 3138.219127][T30230] dump_header+0x10b/0x82d [ 3138.223551][T30230] oom_kill_process.cold+0x10/0x15 [ 3138.228668][T30230] out_of_memory+0x79a/0x12c0 [ 3138.233057][T30222] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3138.233343][T30230] ? __sched_text_start+0x8/0x8 [ 3138.244752][T30230] ? oom_killer_disable+0x280/0x280 [ 3138.249958][T30230] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3138.255504][T30230] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3138.261145][T30230] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3138.264860][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3138.266961][T30230] ? cgroup_file_notify+0x140/0x1b0 [ 3138.279321][T30230] memory_max_write+0x262/0x3a0 [ 3138.283818][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3138.284176][T30230] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3138.296830][T30222] 8021q: adding VLAN 0 to HW filter on device team0 [ 3138.298107][T30230] ? cgroup_file_write+0x86/0x790 [ 3138.309681][T30230] cgroup_file_write+0x241/0x790 [ 3138.314623][T30230] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3138.321401][T30230] ? cgroup_migrate_add_task+0x890/0x890 [ 3138.324075][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3138.327037][T30230] ? cgroup_migrate_add_task+0x890/0x890 [ 3138.340778][T30230] kernfs_fop_write+0x2b8/0x480 [ 3138.344579][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3138.345633][T30230] __vfs_write+0x8a/0x110 [ 3138.357903][T30230] ? kernfs_fop_open+0xd80/0xd80 [ 3138.362840][T30230] vfs_write+0x268/0x5d0 [ 3138.363482][T16725] bridge0: port 1(bridge_slave_0) entered blocking state [ 3138.367110][T30230] ksys_write+0x14f/0x290 [ 3138.374187][T16725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3138.378415][T30230] ? __ia32_sys_read+0xb0/0xb0 [ 3138.390335][T30230] ? do_syscall_64+0x26/0x6a0 [ 3138.395014][T30230] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3138.401082][T30230] ? do_syscall_64+0x26/0x6a0 [ 3138.405767][T30230] __x64_sys_write+0x73/0xb0 [ 3138.410375][T30230] do_syscall_64+0xfd/0x6a0 [ 3138.414971][T30230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3138.420861][T30230] RIP: 0033:0x459829 [ 3138.424752][T30230] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3138.425921][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3138.444346][T30230] RSP: 002b:00007fd0a32b2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3138.444359][T30230] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3138.444366][T30230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3138.444391][T30230] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3138.444398][T30230] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0a32b36d4 [ 3138.444406][T30230] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3138.504211][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3138.513935][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3138.522492][T25186] bridge0: port 2(bridge_slave_1) entered blocking state [ 3138.529588][T25186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3138.540597][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3138.552468][T30230] memory: usage 4072kB, limit 0kB, failcnt 2838530 [ 3138.559485][T30230] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3138.567515][T30230] Memory cgroup stats for /syz4: [ 3138.569659][T30230] anon 2146304 [ 3138.569659][T30230] file 602112 [ 3138.569659][T30230] kernel_stack 65536 [ 3138.569659][T30230] slab 1056768 [ 3138.569659][T30230] sock 0 [ 3138.569659][T30230] shmem 323584 [ 3138.569659][T30230] file_mapped 0 [ 3138.569659][T30230] file_dirty 0 [ 3138.569659][T30230] file_writeback 0 [ 3138.569659][T30230] anon_thp 2097152 [ 3138.569659][T30230] inactive_anon 270336 [ 3138.569659][T30230] active_anon 2146304 [ 3138.569659][T30230] inactive_file 0 [ 3138.569659][T30230] active_file 0 [ 3138.569659][T30230] unevictable 0 [ 3138.569659][T30230] slab_reclaimable 270336 [ 3138.569659][T30230] slab_unreclaimable 786432 [ 3138.569659][T30230] pgfault 105435 [ 3138.569659][T30230] pgmajfault 0 [ 3138.569659][T30230] workingset_refault 0 [ 3138.569659][T30230] workingset_activate 0 [ 3138.569659][T30230] workingset_nodereclaim 0 [ 3138.569659][T30230] pgrefill 0 [ 3138.569659][T30230] pgscan 37 [ 3138.569659][T30230] pgsteal 37 [ 3138.569659][T30230] pgactivate 0 [ 3138.674404][T30230] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30229,uid=0 [ 3138.690596][T30230] Memory cgroup out of memory: Killed process 30229 (syz-executor.4) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 3138.723189][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3138.732772][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3138.742551][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 16:56:41 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c81", 0x18}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:41 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380)=r4, 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:41 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r1, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:41 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:41 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3138.786076][T30217] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3138.834366][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3138.843371][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3138.877731][T30217] CPU: 1 PID: 30217 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3138.885750][T30217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3138.895816][T30217] Call Trace: [ 3138.899110][T30217] dump_stack+0x172/0x1f0 [ 3138.903452][T30217] dump_header+0x10b/0x82d [ 3138.907865][T30217] ? oom_kill_process+0x94/0x3f0 [ 3138.912804][T30217] oom_kill_process.cold+0x10/0x15 [ 3138.917922][T30217] out_of_memory+0x79a/0x12c0 [ 3138.922609][T30217] ? lock_downgrade+0x920/0x920 [ 3138.927465][T30217] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3138.933279][T30217] ? oom_killer_disable+0x280/0x280 [ 3138.938499][T30217] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3138.944062][T30217] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3138.949707][T30217] ? do_raw_spin_unlock+0x57/0x270 [ 3138.954826][T30217] ? _raw_spin_unlock+0x2d/0x50 [ 3138.959275][T30247] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3138.959690][T30217] try_charge+0xf4b/0x1440 [ 3138.959716][T30217] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3138.959734][T30217] ? percpu_ref_tryget_live+0x111/0x290 [ 3138.984457][T30217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3138.990806][T30217] ? __kasan_check_read+0x11/0x20 [ 3138.990830][T30217] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3138.990849][T30217] mem_cgroup_try_charge+0x136/0x590 [ 3139.001411][T30217] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3139.001430][T30217] wp_page_copy+0x421/0x15e0 [ 3139.012315][T30217] ? find_held_lock+0x35/0x130 [ 3139.012340][T30217] ? pmd_pfn+0x1d0/0x1d0 [ 3139.012376][T30217] ? lock_downgrade+0x920/0x920 [ 3139.012397][T30217] ? swp_swapcount+0x540/0x540 [ 3139.012417][T30217] ? __kasan_check_read+0x11/0x20 [ 3139.025954][T30217] ? do_raw_spin_unlock+0x57/0x270 [ 3139.025975][T30217] do_wp_page+0x499/0x14d0 [ 3139.025997][T30217] ? finish_mkwrite_fault+0x570/0x570 [ 3139.026026][T30217] __handle_mm_fault+0x22f7/0x3f20 [ 3139.026049][T30217] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3139.026080][T30217] ? __kasan_check_read+0x11/0x20 [ 3139.035658][T30217] handle_mm_fault+0x1b5/0x6b0 [ 3139.035684][T30217] __do_page_fault+0x536/0xdd0 [ 3139.035713][T30217] do_page_fault+0x38/0x590 [ 3139.035735][T30217] page_fault+0x39/0x40 [ 3139.035751][T30217] RIP: 0033:0x4034f2 [ 3139.046625][T30238] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3139.050268][T30217] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 3139.055753][T30238] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3139.060708][T30217] RSP: 002b:00007fff3e198d50 EFLAGS: 00010246 [ 3139.060721][T30217] RAX: 0000000000000000 RBX: 00000000002fe239 RCX: 0000000000413430 [ 3139.060729][T30217] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff3e199e80 [ 3139.060738][T30217] RBP: 0000000000000002 R08: 0000000000000001 R09: 000055555575a940 [ 3139.060746][T30217] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff3e199e80 [ 3139.060762][T30217] R13: 00007fff3e199e70 R14: 0000000000000000 R15: 00007fff3e199e80 [ 3139.181861][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3139.185181][T30217] memory: usage 1748kB, limit 0kB, failcnt 2838538 [ 3139.201073][T30237] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3139.202309][T30217] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3139.218050][T30217] Memory cgroup stats for /syz4: [ 3139.218161][T30217] anon 0 [ 3139.218161][T30217] file 602112 [ 3139.218161][T30217] kernel_stack 0 [ 3139.218161][T30217] slab 1056768 [ 3139.218161][T30217] sock 0 [ 3139.218161][T30217] shmem 323584 [ 3139.218161][T30217] file_mapped 0 [ 3139.218161][T30217] file_dirty 0 [ 3139.218161][T30217] file_writeback 0 [ 3139.218161][T30217] anon_thp 0 [ 3139.218161][T30217] inactive_anon 270336 [ 3139.218161][T30217] active_anon 0 [ 3139.218161][T30217] inactive_file 0 [ 3139.218161][T30217] active_file 0 [ 3139.218161][T30217] unevictable 0 [ 3139.218161][T30217] slab_reclaimable 270336 [ 3139.218161][T30217] slab_unreclaimable 786432 [ 3139.218161][T30217] pgfault 105435 [ 3139.218161][T30217] pgmajfault 0 [ 3139.218161][T30217] workingset_refault 0 [ 3139.218161][T30217] workingset_activate 0 [ 3139.218161][T30217] workingset_nodereclaim 0 [ 3139.218161][T30217] pgrefill 0 [ 3139.218161][T30217] pgscan 37 [ 3139.218161][T30217] pgsteal 37 [ 3139.218161][T30217] pgactivate 0 [ 3139.312954][T30217] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30217,uid=0 [ 3139.313233][T30217] Memory cgroup out of memory: Killed process 30217 (syz-executor.4) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 3139.314030][ T1057] oom_reaper: reaped process 30217 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 16:56:41 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3139.404734][T30232] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3139.500455][T30236] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3139.645275][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3139.667608][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 16:56:42 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3139.691502][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3139.708113][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3139.722007][T30222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3139.753178][T30260] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3139.761348][T30260] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3140.078980][T30253] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. 16:56:42 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd", 0x24}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3140.162759][T30243] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:42 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r1, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:42 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:42 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3140.305480][T30222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3140.379915][T30265] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3140.450301][T30265] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3140.474797][T30270] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3140.576237][T30271] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3140.622614][T30281] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3140.918540][T30286] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3140.953159][T30286] CPU: 0 PID: 30286 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3140.961296][T30286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3140.971553][T30286] Call Trace: [ 3140.974855][T30286] dump_stack+0x172/0x1f0 [ 3140.979243][T30286] dump_header+0x10b/0x82d [ 3140.983666][T30286] oom_kill_process.cold+0x10/0x15 [ 3140.983687][T30286] out_of_memory+0x79a/0x12c0 [ 3140.983710][T30286] ? retint_kernel+0x2b/0x2b [ 3140.983726][T30286] ? oom_killer_disable+0x280/0x280 [ 3140.983748][T30286] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 3140.983772][T30286] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3140.983789][T30286] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3140.983815][T30286] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3140.983833][T30286] ? cgroup_file_notify+0x140/0x1b0 [ 3140.983856][T30286] memory_max_write+0x262/0x3a0 [ 3140.983880][T30286] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3140.983903][T30286] ? lock_acquire+0x190/0x410 [ 3140.983916][T30286] ? kernfs_fop_write+0x227/0x480 [ 3140.983937][T30286] cgroup_file_write+0x241/0x790 [ 3141.009150][T30286] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3141.009169][T30286] ? cgroup_migrate_add_task+0x890/0x890 [ 3141.009191][T30286] ? cgroup_migrate_add_task+0x890/0x890 [ 3141.009207][T30286] kernfs_fop_write+0x2b8/0x480 [ 3141.009229][T30286] __vfs_write+0x8a/0x110 [ 3141.009244][T30286] ? kernfs_fop_open+0xd80/0xd80 [ 3141.020384][T30286] vfs_write+0x268/0x5d0 [ 3141.020405][T30286] ksys_write+0x14f/0x290 [ 3141.020424][T30286] ? __ia32_sys_read+0xb0/0xb0 [ 3141.020445][T30286] ? do_syscall_64+0x26/0x6a0 [ 3141.020462][T30286] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3141.020475][T30286] ? do_syscall_64+0x26/0x6a0 [ 3141.020495][T30286] __x64_sys_write+0x73/0xb0 [ 3141.036287][T30286] do_syscall_64+0xfd/0x6a0 [ 3141.036311][T30286] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3141.036324][T30286] RIP: 0033:0x459829 [ 3141.036339][T30286] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3141.036347][T30286] RSP: 002b:00007f315d196c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3141.036360][T30286] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3141.036369][T30286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3141.036377][T30286] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3141.036384][T30286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f315d1976d4 [ 3141.036391][T30286] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3141.153137][T30286] memory: usage 3476kB, limit 0kB, failcnt 507714 [ 3141.214917][T30286] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3141.250601][T30286] Memory cgroup stats for /syz3: [ 3141.251295][T30286] anon 2154496 [ 3141.251295][T30286] file 155648 [ 3141.251295][T30286] kernel_stack 0 [ 3141.251295][T30286] slab 933888 [ 3141.251295][T30286] sock 0 [ 3141.251295][T30286] shmem 0 [ 3141.251295][T30286] file_mapped 0 [ 3141.251295][T30286] file_dirty 0 [ 3141.251295][T30286] file_writeback 0 [ 3141.251295][T30286] anon_thp 2097152 [ 3141.251295][T30286] inactive_anon 0 [ 3141.251295][T30286] active_anon 2154496 [ 3141.251295][T30286] inactive_file 0 [ 3141.251295][T30286] active_file 0 [ 3141.251295][T30286] unevictable 0 [ 3141.251295][T30286] slab_reclaimable 270336 [ 3141.251295][T30286] slab_unreclaimable 663552 [ 3141.251295][T30286] pgfault 80058 [ 3141.251295][T30286] pgmajfault 0 [ 3141.251295][T30286] workingset_refault 0 [ 3141.251295][T30286] workingset_activate 0 [ 3141.251295][T30286] workingset_nodereclaim 0 [ 3141.251295][T30286] pgrefill 0 [ 3141.251295][T30286] pgscan 371 [ 3141.251295][T30286] pgsteal 371 [ 3141.251295][T30286] pgactivate 0 [ 3141.283152][T30286] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30284,uid=0 [ 3141.381336][T30286] Memory cgroup out of memory: Killed process 30284 (syz-executor.3) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 3141.400052][ T1057] oom_reaper: reaped process 30284 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:56:44 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) 16:56:44 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd", 0x24}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:44 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:44 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:44 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:44 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r1, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3141.733962][T30222] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3141.778297][T30294] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3141.783419][T30222] CPU: 0 PID: 30222 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3141.794383][T30222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3141.804448][T30222] Call Trace: [ 3141.807750][T30222] dump_stack+0x172/0x1f0 [ 3141.812088][T30222] dump_header+0x10b/0x82d [ 3141.816504][T30222] ? oom_kill_process+0x94/0x3f0 [ 3141.821446][T30222] oom_kill_process.cold+0x10/0x15 [ 3141.822298][T30294] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3141.826558][T30222] out_of_memory+0x79a/0x12c0 [ 3141.826576][T30222] ? lock_downgrade+0x920/0x920 [ 3141.826591][T30222] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3141.826607][T30222] ? oom_killer_disable+0x280/0x280 [ 3141.826635][T30222] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3141.826650][T30222] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3141.826670][T30222] ? do_raw_spin_unlock+0x57/0x270 [ 3141.826687][T30222] ? _raw_spin_unlock+0x2d/0x50 [ 3141.826705][T30222] try_charge+0xf4b/0x1440 [ 3141.881943][T30222] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3141.887490][T30222] ? percpu_ref_tryget_live+0x111/0x290 [ 3141.893064][T30222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3141.899312][T30222] ? __kasan_check_read+0x11/0x20 [ 3141.904819][T30222] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3141.909614][T30296] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3141.910374][T30222] mem_cgroup_try_charge+0x136/0x590 [ 3141.910398][T30222] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3141.910420][T30222] wp_page_copy+0x421/0x15e0 [ 3141.935139][T30222] ? find_held_lock+0x35/0x130 [ 3141.939916][T30222] ? pmd_pfn+0x1d0/0x1d0 [ 3141.939939][T30222] ? lock_downgrade+0x920/0x920 [ 3141.939960][T30222] ? swp_swapcount+0x540/0x540 [ 3141.939979][T30222] ? __kasan_check_read+0x11/0x20 [ 3141.939992][T30222] ? do_raw_spin_unlock+0x57/0x270 [ 3141.940011][T30222] do_wp_page+0x499/0x14d0 [ 3141.958877][T30222] ? finish_mkwrite_fault+0x570/0x570 [ 3141.958906][T30222] __handle_mm_fault+0x22f7/0x3f20 [ 3141.958929][T30222] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3141.958963][T30222] ? __kasan_check_read+0x11/0x20 [ 3141.958986][T30222] handle_mm_fault+0x1b5/0x6b0 [ 3141.973861][T30222] __do_page_fault+0x536/0xdd0 [ 3141.973889][T30222] do_page_fault+0x38/0x590 [ 3141.973911][T30222] page_fault+0x39/0x40 [ 3141.973923][T30222] RIP: 0033:0x430906 [ 3141.973939][T30222] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3141.973948][T30222] RSP: 002b:00007ffe542bc540 EFLAGS: 00010206 [ 3141.973960][T30222] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3141.973970][T30222] RDX: 00005555555e4930 RSI: 00005555555ec970 RDI: 0000000000000003 [ 3141.973978][T30222] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555555e3940 [ 3141.973986][T30222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3141.973995][T30222] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3142.213067][T30222] memory: usage 1136kB, limit 0kB, failcnt 507722 [ 3142.220964][T30222] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3142.236067][T30222] Memory cgroup stats for /syz3: [ 3142.236185][T30222] anon 0 [ 3142.236185][T30222] file 155648 [ 3142.236185][T30222] kernel_stack 0 [ 3142.236185][T30222] slab 933888 [ 3142.236185][T30222] sock 0 [ 3142.236185][T30222] shmem 0 [ 3142.236185][T30222] file_mapped 0 [ 3142.236185][T30222] file_dirty 0 [ 3142.236185][T30222] file_writeback 0 [ 3142.236185][T30222] anon_thp 0 [ 3142.236185][T30222] inactive_anon 0 [ 3142.236185][T30222] active_anon 0 [ 3142.236185][T30222] inactive_file 0 [ 3142.236185][T30222] active_file 0 [ 3142.236185][T30222] unevictable 0 [ 3142.236185][T30222] slab_reclaimable 270336 [ 3142.236185][T30222] slab_unreclaimable 663552 [ 3142.236185][T30222] pgfault 80091 [ 3142.236185][T30222] pgmajfault 0 [ 3142.236185][T30222] workingset_refault 0 [ 3142.236185][T30222] workingset_activate 0 [ 3142.236185][T30222] workingset_nodereclaim 0 [ 3142.236185][T30222] pgrefill 0 [ 3142.236185][T30222] pgscan 371 [ 3142.236185][T30222] pgsteal 371 [ 3142.236185][T30222] pgactivate 0 [ 3142.236185][T30222] pgdeactivate 0 [ 3142.490418][T30222] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30222,uid=0 [ 3142.525603][T30222] Memory cgroup out of memory: Killed process 30222 (syz-executor.3) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3142.588771][ T1057] oom_reaper: reaped process 30222 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3142.628714][T30295] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. 16:56:45 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3142.745492][T30304] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:45 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r1, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3142.859779][T30310] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3142.884757][T30310] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:56:45 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3143.273707][T30313] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. 16:56:45 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 3143.376482][T30320] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:45 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:45 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:45 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r7 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r7, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r7, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 3143.518488][T30323] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3144.039490][T30335] IPVS: ftp: loaded support on port[0] = 21 [ 3144.302017][T30335] chnl_net:caif_netlink_parms(): no params data found [ 3144.386261][T30335] bridge0: port 1(bridge_slave_0) entered blocking state [ 3144.393864][T30335] bridge0: port 1(bridge_slave_0) entered disabled state [ 3144.402167][T30335] device bridge_slave_0 entered promiscuous mode [ 3144.411321][T30335] bridge0: port 2(bridge_slave_1) entered blocking state [ 3144.420982][T30335] bridge0: port 2(bridge_slave_1) entered disabled state [ 3144.429819][T30335] device bridge_slave_1 entered promiscuous mode [ 3144.520836][T30335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3144.534674][T30335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3144.620495][T30335] team0: Port device team_slave_0 added [ 3144.629747][T30335] team0: Port device team_slave_1 added [ 3144.696743][T30335] device hsr_slave_0 entered promiscuous mode [ 3144.743834][T30335] device hsr_slave_1 entered promiscuous mode [ 3144.792984][T30335] debugfs: Directory 'hsr0' with parent '/' already present! [ 3144.858349][T30335] bridge0: port 2(bridge_slave_1) entered blocking state [ 3144.865478][T30335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3144.872816][T30335] bridge0: port 1(bridge_slave_0) entered blocking state [ 3144.879961][T30335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3145.016402][T30335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3145.070367][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3145.079382][ T854] bridge0: port 1(bridge_slave_0) entered disabled state [ 3145.087557][ T854] bridge0: port 2(bridge_slave_1) entered disabled state [ 3145.096966][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3145.132633][T30335] 8021q: adding VLAN 0 to HW filter on device team0 [ 3145.204682][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3145.214039][ T854] bridge0: port 1(bridge_slave_0) entered blocking state [ 3145.221103][ T854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3145.307173][T26749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3145.316700][T26749] bridge0: port 2(bridge_slave_1) entered blocking state [ 3145.323809][T26749] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3145.344703][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3145.354734][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3145.363913][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3145.377452][T30339] IPVS: ftp: loaded support on port[0] = 21 [ 3145.406081][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3145.415059][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3145.424090][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3145.446471][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3145.456413][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3145.465108][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3145.474003][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3145.526234][T30335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3145.639353][T30335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3145.816482][T30339] chnl_net:caif_netlink_parms(): no params data found [ 3146.051967][T30339] bridge0: port 1(bridge_slave_0) entered blocking state [ 3146.066686][T30347] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3146.078123][T30339] bridge0: port 1(bridge_slave_0) entered disabled state [ 3146.085463][T30347] CPU: 1 PID: 30347 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3146.093442][T30347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3146.103484][T30347] Call Trace: [ 3146.103510][T30347] dump_stack+0x172/0x1f0 [ 3146.103533][T30347] dump_header+0x10b/0x82d [ 3146.103552][T30347] oom_kill_process.cold+0x10/0x15 [ 3146.103570][T30347] out_of_memory+0x79a/0x12c0 [ 3146.124407][T30339] device bridge_slave_0 entered promiscuous mode [ 3146.125313][T30347] ? __sched_text_start+0x8/0x8 [ 3146.136472][T30347] ? oom_killer_disable+0x280/0x280 [ 3146.141700][T30347] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3146.147243][T30347] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3146.147748][T30339] bridge0: port 2(bridge_slave_1) entered blocking state [ 3146.152885][T30347] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3146.165366][T30339] bridge0: port 2(bridge_slave_1) entered disabled state [ 3146.165670][T30347] ? cgroup_file_notify+0x140/0x1b0 [ 3146.177930][T30347] memory_max_write+0x262/0x3a0 [ 3146.179131][T30339] device bridge_slave_1 entered promiscuous mode [ 3146.182783][T30347] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3146.195830][T30347] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3146.195855][T30347] cgroup_file_write+0x241/0x790 [ 3146.195874][T30347] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3146.195891][T30347] ? cgroup_migrate_add_task+0x890/0x890 [ 3146.206250][T30347] ? kernfs_ops+0x5a/0x110 [ 3146.206272][T30347] ? cgroup_migrate_add_task+0x890/0x890 [ 3146.206285][T30347] kernfs_fop_write+0x2b8/0x480 [ 3146.206306][T30347] __vfs_write+0x8a/0x110 [ 3146.218667][T30347] ? kernfs_fop_open+0xd80/0xd80 [ 3146.228675][T30347] vfs_write+0x268/0x5d0 [ 3146.237822][T30347] ksys_write+0x14f/0x290 [ 3146.246946][T30347] ? __ia32_sys_read+0xb0/0xb0 [ 3146.246964][T30347] ? do_syscall_64+0x26/0x6a0 [ 3146.246981][T30347] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3146.246992][T30347] ? do_syscall_64+0x26/0x6a0 [ 3146.247012][T30347] __x64_sys_write+0x73/0xb0 [ 3146.256058][T30347] do_syscall_64+0xfd/0x6a0 [ 3146.256081][T30347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3146.256091][T30347] RIP: 0033:0x459829 [ 3146.256108][T30347] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3146.266798][T30347] RSP: 002b:00007fbfb02ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3146.266812][T30347] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3146.266819][T30347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3146.266827][T30347] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3146.266839][T30347] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbfb02ed6d4 [ 3146.276060][T30347] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3146.361128][T30347] memory: usage 4144kB, limit 0kB, failcnt 2838539 [ 3146.368066][T30347] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3146.375169][T30347] Memory cgroup stats for /syz4: [ 3146.391707][T30347] anon 2097152 [ 3146.391707][T30347] file 602112 [ 3146.391707][T30347] kernel_stack 65536 [ 3146.391707][T30347] slab 1056768 [ 3146.391707][T30347] sock 0 [ 3146.391707][T30347] shmem 323584 [ 3146.391707][T30347] file_mapped 0 [ 3146.391707][T30347] file_dirty 0 [ 3146.391707][T30347] file_writeback 0 [ 3146.391707][T30347] anon_thp 2097152 [ 3146.391707][T30347] inactive_anon 270336 [ 3146.391707][T30347] active_anon 2097152 [ 3146.391707][T30347] inactive_file 0 [ 3146.391707][T30347] active_file 0 [ 3146.391707][T30347] unevictable 0 [ 3146.391707][T30347] slab_reclaimable 270336 [ 3146.391707][T30347] slab_unreclaimable 786432 [ 3146.391707][T30347] pgfault 105501 [ 3146.391707][T30347] pgmajfault 0 [ 3146.391707][T30347] workingset_refault 0 [ 3146.391707][T30347] workingset_activate 0 [ 3146.391707][T30347] workingset_nodereclaim 0 [ 3146.391707][T30347] pgrefill 0 [ 3146.391707][T30347] pgscan 37 [ 3146.391707][T30347] pgsteal 37 [ 3146.391707][T30347] pgactivate 0 [ 3146.500511][T30347] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30346,uid=0 [ 3146.517119][T30347] Memory cgroup out of memory: Killed process 30346 (syz-executor.4) total-vm:72712kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB [ 3146.537108][ T1057] oom_reaper: reaped process 30346 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 3146.730133][T30339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3146.758847][T30339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 16:56:49 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:49 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:49 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r1, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:49 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd", 0x24}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:49 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3146.877459][T30335] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 3146.877714][T30339] team0: Port device team_slave_0 added [ 3146.908433][T30339] team0: Port device team_slave_1 added [ 3146.954825][T30335] CPU: 1 PID: 30335 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3146.955621][T30356] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3146.962840][T30335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3146.962847][T30335] Call Trace: [ 3146.962873][T30335] dump_stack+0x172/0x1f0 [ 3146.962896][T30335] dump_header+0x10b/0x82d [ 3146.962907][T30335] ? oom_kill_process+0x94/0x3f0 [ 3146.962922][T30335] oom_kill_process.cold+0x10/0x15 [ 3146.962941][T30335] out_of_memory+0x79a/0x12c0 [ 3146.973344][T30356] __nla_validate_parse: 6 callbacks suppressed [ 3146.973353][T30356] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3146.981048][T30335] ? lock_downgrade+0x920/0x920 [ 3146.981068][T30335] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3146.981093][T30335] ? oom_killer_disable+0x280/0x280 [ 3147.039001][T30335] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3147.044557][T30335] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3147.045491][T30361] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3147.050202][T30335] ? do_raw_spin_unlock+0x57/0x270 [ 3147.050231][T30335] ? _raw_spin_unlock+0x2d/0x50 [ 3147.069661][T30335] try_charge+0xf4b/0x1440 [ 3147.074092][T30335] ? __lock_acquire+0x850/0x4c30 [ 3147.079055][T30335] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3147.085110][T30335] ? cache_grow_begin+0x122/0xd20 [ 3147.090247][T30335] ? find_held_lock+0x35/0x130 [ 3147.095017][T30335] ? cache_grow_begin+0x122/0xd20 [ 3147.095045][T30335] __memcg_kmem_charge_memcg+0x71/0xf0 [ 3147.095060][T30335] ? memcg_kmem_put_cache+0x50/0x50 [ 3147.095078][T30335] ? __kasan_check_read+0x11/0x20 [ 3147.095100][T30335] cache_grow_begin+0x627/0xd20 [ 3147.105576][T30335] ? write_comp_data+0x31/0x70 [ 3147.105597][T30335] ? mempolicy_slab_node+0x139/0x390 [ 3147.105618][T30335] fallback_alloc+0x1fd/0x2d0 [ 3147.105639][T30335] ____cache_alloc_node+0x1bc/0x1d0 [ 3147.105652][T30335] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3147.105670][T30335] kmem_cache_alloc+0x1ef/0x710 [ 3147.105687][T30335] ? stack_trace_save+0xac/0xe0 [ 3147.105711][T30335] __alloc_file+0x27/0x340 [ 3147.120737][T30335] alloc_empty_file+0x72/0x170 [ 3147.120760][T30335] path_openat+0xef/0x4630 [ 3147.120776][T30335] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3147.120789][T30335] ? kasan_slab_alloc+0xf/0x20 [ 3147.120802][T30335] ? kmem_cache_alloc+0x121/0x710 [ 3147.120824][T30335] ? getname_flags+0xd6/0x5b0 [ 3147.151922][T30335] ? getname+0x1a/0x20 [ 3147.151936][T30335] ? do_sys_open+0x2c9/0x5d0 [ 3147.151952][T30335] ? __x64_sys_open+0x7e/0xc0 [ 3147.165933][T30335] ? __kasan_check_read+0x11/0x20 [ 3147.165950][T30335] ? mark_lock+0xc0/0x11e0 [ 3147.165965][T30335] ? __kasan_check_read+0x11/0x20 [ 3147.165992][T30335] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 3147.166014][T30335] ? __alloc_fd+0x487/0x620 [ 3147.166035][T30335] do_filp_open+0x1a1/0x280 [ 3147.166049][T30335] ? may_open_dev+0x100/0x100 [ 3147.166066][T30335] ? lock_downgrade+0x920/0x920 [ 3147.242139][T30335] ? rwlock_bug.part.0+0x90/0x90 [ 3147.247092][T30335] ? __kasan_check_read+0x11/0x20 [ 3147.252104][T30335] ? do_raw_spin_unlock+0x57/0x270 [ 3147.257204][T30335] ? _raw_spin_unlock+0x2d/0x50 [ 3147.262049][T30335] ? __alloc_fd+0x487/0x620 [ 3147.266537][T30335] do_sys_open+0x3fe/0x5d0 [ 3147.270961][T30335] ? filp_open+0x80/0x80 [ 3147.275209][T30335] ? __detach_mounts+0x2a0/0x2a0 [ 3147.280128][T30335] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3147.285568][T30335] ? do_syscall_64+0x26/0x6a0 [ 3147.290223][T30335] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3147.296264][T30335] ? do_syscall_64+0x26/0x6a0 [ 3147.300920][T30335] __x64_sys_open+0x7e/0xc0 [ 3147.305402][T30335] do_syscall_64+0xfd/0x6a0 [ 3147.309887][T30335] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3147.315755][T30335] RIP: 0033:0x4577a0 [ 3147.319641][T30335] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 3147.339240][T30335] RSP: 002b:00007ffd777aa8f0 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 3147.347633][T30335] RAX: ffffffffffffffda RBX: 00000000003000fc RCX: 00000000004577a0 [ 3147.355599][T30335] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffd777abad0 [ 3147.363564][T30335] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555a69940 [ 3147.371520][T30335] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffd777abad0 [ 3147.379483][T30335] R13: 00007ffd777abac0 R14: 0000000000000000 R15: 00007ffd777abad0 [ 3147.402527][T30335] memory: usage 1768kB, limit 0kB, failcnt 2838551 [ 3147.410464][T30335] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3147.425369][T30335] Memory cgroup stats for /syz4: [ 3147.425479][T30335] anon 0 [ 3147.425479][T30335] file 602112 [ 3147.425479][T30335] kernel_stack 0 [ 3147.425479][T30335] slab 1056768 [ 3147.425479][T30335] sock 0 [ 3147.425479][T30335] shmem 323584 [ 3147.425479][T30335] file_mapped 0 [ 3147.425479][T30335] file_dirty 0 [ 3147.425479][T30335] file_writeback 0 [ 3147.425479][T30335] anon_thp 0 [ 3147.425479][T30335] inactive_anon 270336 [ 3147.425479][T30335] active_anon 0 [ 3147.425479][T30335] inactive_file 0 [ 3147.425479][T30335] active_file 0 [ 3147.425479][T30335] unevictable 0 [ 3147.425479][T30335] slab_reclaimable 270336 [ 3147.425479][T30335] slab_unreclaimable 786432 [ 3147.425479][T30335] pgfault 105501 [ 3147.425479][T30335] pgmajfault 0 [ 3147.425479][T30335] workingset_refault 0 [ 3147.425479][T30335] workingset_activate 0 [ 3147.425479][T30335] workingset_nodereclaim 0 [ 3147.425479][T30335] pgrefill 0 [ 3147.425479][T30335] pgscan 37 [ 3147.425479][T30335] pgsteal 37 [ 3147.425479][T30335] pgactivate 0 [ 3147.430744][T30335] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30335,uid=0 [ 3147.542563][T30335] Memory cgroup out of memory: Killed process 30335 (syz-executor.4) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB [ 3147.557661][ T1057] oom_reaper: reaped process 30335 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3147.604397][T30350] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3147.675482][T30355] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3147.764574][T30356] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3147.774062][T30356] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3147.783527][T30354] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3148.006645][T30339] device hsr_slave_0 entered promiscuous mode [ 3148.166907][T30339] device hsr_slave_1 entered promiscuous mode [ 3148.253074][T30339] debugfs: Directory 'hsr0' with parent '/' already present! 16:56:50 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427ea", 0x2a}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:50 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) r4 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3148.580677][T30363] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:56:50 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3148.748098][T30375] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3148.767421][T30375] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3148.785720][T30371] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. 16:56:51 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427ea", 0x2a}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:51 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3148.891894][T30368] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:51 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3149.039026][T30382] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3149.608423][T30339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3149.842789][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3149.851845][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3150.002836][T30339] 8021q: adding VLAN 0 to HW filter on device team0 [ 3150.020290][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3150.029775][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3150.050245][T16725] bridge0: port 1(bridge_slave_0) entered blocking state [ 3150.057413][T16725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3150.116331][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3150.125400][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3150.134554][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3150.143793][T25186] bridge0: port 2(bridge_slave_1) entered blocking state [ 3150.150861][T25186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3150.229128][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3150.239245][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3150.248949][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3150.259743][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3150.285818][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3150.353255][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3150.367144][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3150.376047][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3150.385476][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3150.401944][T30339] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3150.414833][T30339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3150.509653][T26749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3150.524174][T26749] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3150.620741][T30394] IPVS: ftp: loaded support on port[0] = 21 [ 3150.686387][T30339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3150.930451][T30394] chnl_net:caif_netlink_parms(): no params data found 16:56:53 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r7 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r7, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r7, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 16:56:53 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:53 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:53 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) r4 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:53 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3151.089704][T30394] bridge0: port 1(bridge_slave_0) entered blocking state [ 3151.098324][T30405] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3151.106772][T30394] bridge0: port 1(bridge_slave_0) entered disabled state [ 3151.154162][T30394] device bridge_slave_0 entered promiscuous mode 16:56:53 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3151.392326][T30428] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3151.430201][T30394] bridge0: port 2(bridge_slave_1) entered blocking state [ 3151.438379][T30394] bridge0: port 2(bridge_slave_1) entered disabled state [ 3151.448714][T30394] device bridge_slave_1 entered promiscuous mode 16:56:54 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r7 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r7, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r7, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 16:56:54 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3151.909781][T30394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3151.979430][T30434] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3151.992381][T30421] __nla_validate_parse: 10 callbacks suppressed [ 3151.992391][T30421] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3152.017847][T30394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 16:56:54 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) r4 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3152.043287][T30434] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3152.158320][T30394] team0: Port device team_slave_0 added [ 3152.200235][T30394] team0: Port device team_slave_1 added [ 3152.230843][T30437] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3152.230945][T30422] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3152.477741][T30394] device hsr_slave_0 entered promiscuous mode [ 3152.554051][T30394] device hsr_slave_1 entered promiscuous mode [ 3152.623187][T30394] debugfs: Directory 'hsr0' with parent '/' already present! [ 3152.650066][T30437] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3153.047083][T30394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3153.089641][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3153.098619][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3153.111318][T30394] 8021q: adding VLAN 0 to HW filter on device team0 [ 3153.182790][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3153.193166][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3153.201844][T25186] bridge0: port 1(bridge_slave_0) entered blocking state [ 3153.208957][T25186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3153.239176][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3153.248334][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3153.258512][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3153.268129][T16725] bridge0: port 2(bridge_slave_1) entered blocking state [ 3153.275278][T16725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3153.284633][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3153.359132][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3153.377803][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3153.388387][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3153.398428][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3153.408519][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3153.479001][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3153.488209][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3153.497656][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3153.512760][T30394] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3153.525829][T30394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3153.537886][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3153.547690][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3153.644722][T30394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3153.929845][T30452] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3153.942012][T30452] CPU: 1 PID: 30452 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3153.949995][T30452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3153.960050][T30452] Call Trace: [ 3153.963353][T30452] dump_stack+0x172/0x1f0 [ 3153.967689][T30452] dump_header+0x10b/0x82d [ 3153.972096][T30452] oom_kill_process.cold+0x10/0x15 [ 3153.977197][T30452] out_of_memory+0x79a/0x12c0 [ 3153.981866][T30452] ? __sched_text_start+0x8/0x8 [ 3153.986785][T30452] ? oom_killer_disable+0x280/0x280 [ 3153.991984][T30452] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3153.997505][T30452] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3154.003256][T30452] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3154.009136][T30452] ? cgroup_file_notify+0x140/0x1b0 [ 3154.014312][T30452] memory_max_write+0x262/0x3a0 [ 3154.019166][T30452] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3154.025920][T30452] ? lock_acquire+0x190/0x410 [ 3154.030576][T30452] ? kernfs_fop_write+0x227/0x480 [ 3154.035584][T30452] cgroup_file_write+0x241/0x790 [ 3154.040498][T30452] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3154.047239][T30452] ? cgroup_migrate_add_task+0x890/0x890 [ 3154.052851][T30452] ? cgroup_migrate_add_task+0x890/0x890 [ 3154.058468][T30452] kernfs_fop_write+0x2b8/0x480 [ 3154.063296][T30452] __vfs_write+0x8a/0x110 [ 3154.067610][T30452] ? kernfs_fop_open+0xd80/0xd80 [ 3154.072526][T30452] vfs_write+0x268/0x5d0 [ 3154.076748][T30452] ksys_write+0x14f/0x290 [ 3154.081055][T30452] ? __ia32_sys_read+0xb0/0xb0 [ 3154.085801][T30452] ? do_syscall_64+0x26/0x6a0 [ 3154.090451][T30452] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3154.096541][T30452] ? do_syscall_64+0x26/0x6a0 [ 3154.101197][T30452] __x64_sys_write+0x73/0xb0 [ 3154.105763][T30452] do_syscall_64+0xfd/0x6a0 [ 3154.110252][T30452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3154.116236][T30452] RIP: 0033:0x459829 [ 3154.120109][T30452] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3154.139695][T30452] RSP: 002b:00007ff77fba0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3154.148088][T30452] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3154.156039][T30452] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3154.163985][T30452] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3154.171931][T30452] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff77fba16d4 [ 3154.179880][T30452] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3154.218852][T30452] memory: usage 4164kB, limit 0kB, failcnt 2838552 [ 3154.226624][T30452] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3154.236477][T30452] Memory cgroup stats for /syz4: [ 3154.238022][T30452] anon 2220032 [ 3154.238022][T30452] file 602112 [ 3154.238022][T30452] kernel_stack 65536 [ 3154.238022][T30452] slab 1056768 [ 3154.238022][T30452] sock 0 [ 3154.238022][T30452] shmem 323584 [ 3154.238022][T30452] file_mapped 0 [ 3154.238022][T30452] file_dirty 0 [ 3154.238022][T30452] file_writeback 0 [ 3154.238022][T30452] anon_thp 2097152 [ 3154.238022][T30452] inactive_anon 270336 [ 3154.238022][T30452] active_anon 2220032 [ 3154.238022][T30452] inactive_file 0 [ 3154.238022][T30452] active_file 0 [ 3154.238022][T30452] unevictable 0 [ 3154.238022][T30452] slab_reclaimable 270336 [ 3154.238022][T30452] slab_unreclaimable 786432 [ 3154.238022][T30452] pgfault 105567 [ 3154.238022][T30452] pgmajfault 0 [ 3154.238022][T30452] workingset_refault 0 [ 3154.238022][T30452] workingset_activate 0 [ 3154.238022][T30452] workingset_nodereclaim 0 [ 3154.238022][T30452] pgrefill 0 [ 3154.238022][T30452] pgscan 37 [ 3154.238022][T30452] pgsteal 37 [ 3154.238022][T30452] pgactivate 0 [ 3154.346326][T30452] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30451,uid=0 [ 3154.363508][T30452] Memory cgroup out of memory: Killed process 30451 (syz-executor.4) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3154.382044][ T1057] oom_reaper: reaped process 30451 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:56:57 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427ea", 0x2a}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:57 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:57 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:57 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) r4 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:57 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:57 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3154.839233][T30394] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3154.855006][T30459] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3154.867402][T30458] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3154.876095][T30394] CPU: 0 PID: 30394 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3154.884086][T30394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3154.894273][T30394] Call Trace: [ 3154.897573][T30394] dump_stack+0x172/0x1f0 [ 3154.901923][T30394] dump_header+0x10b/0x82d [ 3154.906342][T30394] ? oom_kill_process+0x94/0x3f0 [ 3154.906360][T30394] oom_kill_process.cold+0x10/0x15 [ 3154.906379][T30394] out_of_memory+0x79a/0x12c0 [ 3154.916838][T30394] ? lock_downgrade+0x920/0x920 [ 3154.916855][T30394] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3154.916872][T30394] ? oom_killer_disable+0x280/0x280 [ 3154.916899][T30394] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3154.916916][T30394] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3154.916938][T30394] ? do_raw_spin_unlock+0x57/0x270 [ 3154.916960][T30394] ? _raw_spin_unlock+0x2d/0x50 [ 3154.916975][T30394] try_charge+0xf4b/0x1440 [ 3154.917003][T30394] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3154.963247][T30458] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3154.968513][T30394] ? percpu_ref_tryget_live+0x111/0x290 [ 3154.968537][T30394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3154.968555][T30394] ? __kasan_check_read+0x11/0x20 [ 3154.968576][T30394] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3154.993578][T30471] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3154.994636][T30394] mem_cgroup_try_charge+0x136/0x590 [ 3154.994660][T30394] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3154.994682][T30394] wp_page_copy+0x421/0x15e0 [ 3154.994699][T30394] ? find_held_lock+0x35/0x130 [ 3154.994722][T30394] ? pmd_pfn+0x1d0/0x1d0 [ 3154.994740][T30394] ? lock_downgrade+0x920/0x920 [ 3154.994760][T30394] ? swp_swapcount+0x540/0x540 [ 3155.009563][T30394] ? __kasan_check_read+0x11/0x20 [ 3155.009580][T30394] ? do_raw_spin_unlock+0x57/0x270 [ 3155.009600][T30394] do_wp_page+0x499/0x14d0 [ 3155.009622][T30394] ? finish_mkwrite_fault+0x570/0x570 [ 3155.009651][T30394] __handle_mm_fault+0x22f7/0x3f20 [ 3155.009671][T30394] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3155.009699][T30394] ? __kasan_check_read+0x11/0x20 [ 3155.048784][T30394] handle_mm_fault+0x1b5/0x6b0 [ 3155.048812][T30394] __do_page_fault+0x536/0xdd0 [ 3155.048841][T30394] do_page_fault+0x38/0x590 [ 3155.048863][T30394] page_fault+0x39/0x40 [ 3155.048874][T30394] RIP: 0033:0x430906 [ 3155.048893][T30394] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3155.068909][T30394] RSP: 002b:00007ffd41958560 EFLAGS: 00010206 [ 3155.068923][T30394] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3155.068932][T30394] RDX: 00005555565ac930 RSI: 00005555565b4970 RDI: 0000000000000003 [ 3155.068946][T30394] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555565ab940 [ 3155.068955][T30394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3155.068963][T30394] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3155.075709][T30394] memory: usage 1784kB, limit 0kB, failcnt 2838560 [ 3155.164266][T30394] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3155.174285][T30394] Memory cgroup stats for /syz4: [ 3155.174401][T30394] anon 0 [ 3155.174401][T30394] file 602112 [ 3155.174401][T30394] kernel_stack 0 [ 3155.174401][T30394] slab 1056768 [ 3155.174401][T30394] sock 0 [ 3155.174401][T30394] shmem 323584 [ 3155.174401][T30394] file_mapped 0 [ 3155.174401][T30394] file_dirty 0 [ 3155.174401][T30394] file_writeback 0 [ 3155.174401][T30394] anon_thp 0 [ 3155.174401][T30394] inactive_anon 270336 [ 3155.174401][T30394] active_anon 0 [ 3155.174401][T30394] inactive_file 0 [ 3155.174401][T30394] active_file 0 [ 3155.174401][T30394] unevictable 0 [ 3155.174401][T30394] slab_reclaimable 270336 [ 3155.174401][T30394] slab_unreclaimable 786432 [ 3155.174401][T30394] pgfault 105567 [ 3155.174401][T30394] pgmajfault 0 [ 3155.174401][T30394] workingset_refault 0 [ 3155.174401][T30394] workingset_activate 0 [ 3155.174401][T30394] workingset_nodereclaim 0 [ 3155.174401][T30394] pgrefill 0 [ 3155.174401][T30394] pgscan 37 [ 3155.174401][T30394] pgsteal 37 [ 3155.174401][T30394] pgactivate 0 [ 3155.188910][T30394] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30394,uid=0 [ 3155.198887][T30461] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3155.303159][T30394] Memory cgroup out of memory: Killed process 30394 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 3155.331997][ T1057] oom_reaper: reaped process 30394 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3155.494009][T30463] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.3'. 16:56:58 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3155.753144][T30482] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:58 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a9", 0x2d}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:58 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:58 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) r4 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:58 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a9", 0x2d}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:56:58 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3156.299755][T30485] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:58 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r1, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:56:58 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:58 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3156.512522][T30496] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:56:59 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3156.899985][T30514] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3157.259781][T30514] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3157.272469][T30514] __nla_validate_parse: 12 callbacks suppressed [ 3157.272479][T30514] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3157.300812][T30494] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. 16:56:59 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:56:59 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3157.424486][T30510] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. 16:56:59 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3157.474149][T30519] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3157.482266][T30519] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:56:59 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3157.565192][T30520] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3157.575493][T30507] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:56:59 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3157.725514][T30524] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3157.772280][T30534] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3157.792499][T30534] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3157.894173][T30522] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. 16:57:00 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r1, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3157.946797][T30532] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3158.048013][T30534] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3158.420402][T30546] IPVS: ftp: loaded support on port[0] = 21 [ 3158.887894][T30546] chnl_net:caif_netlink_parms(): no params data found [ 3159.029976][T30546] bridge0: port 1(bridge_slave_0) entered blocking state [ 3159.039310][T30546] bridge0: port 1(bridge_slave_0) entered disabled state [ 3159.048494][T30546] device bridge_slave_0 entered promiscuous mode [ 3159.057900][T30546] bridge0: port 2(bridge_slave_1) entered blocking state [ 3159.065552][T30546] bridge0: port 2(bridge_slave_1) entered disabled state [ 3159.075254][T30546] device bridge_slave_1 entered promiscuous mode [ 3159.166926][T30546] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3159.179529][T30546] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3159.338136][T30546] team0: Port device team_slave_0 added [ 3159.346721][T30546] team0: Port device team_slave_1 added [ 3159.415749][T30546] device hsr_slave_0 entered promiscuous mode [ 3159.454625][T30546] device hsr_slave_1 entered promiscuous mode [ 3159.493055][T30546] debugfs: Directory 'hsr0' with parent '/' already present! [ 3159.607649][T30546] bridge0: port 2(bridge_slave_1) entered blocking state [ 3159.614881][T30546] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3159.622253][T30546] bridge0: port 1(bridge_slave_0) entered blocking state [ 3159.629375][T30546] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3159.820069][T30546] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3159.839632][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3159.851558][T17639] bridge0: port 1(bridge_slave_0) entered disabled state [ 3159.861537][T17639] bridge0: port 2(bridge_slave_1) entered disabled state [ 3159.872058][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3160.039442][T30546] 8021q: adding VLAN 0 to HW filter on device team0 [ 3160.062015][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3160.071538][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3160.080647][T17639] bridge0: port 1(bridge_slave_0) entered blocking state [ 3160.087751][T17639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3160.165662][T26749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3160.175290][T26749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3160.184407][T26749] bridge0: port 2(bridge_slave_1) entered blocking state [ 3160.191472][T26749] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3160.200855][T26749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3160.350330][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3160.360369][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3160.370214][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3160.379907][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3160.389900][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3160.401218][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3160.498462][T26749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3160.507768][T26749] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3160.522401][T30546] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3160.538337][T30546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3160.596195][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3160.610149][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3160.651864][T30546] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3160.856350][T30558] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3160.867213][T30558] CPU: 1 PID: 30558 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3160.875198][T30558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3160.885253][T30558] Call Trace: [ 3160.888552][T30558] dump_stack+0x172/0x1f0 [ 3160.892911][T30558] dump_header+0x10b/0x82d [ 3160.897328][T30558] oom_kill_process.cold+0x10/0x15 [ 3160.902438][T30558] out_of_memory+0x79a/0x12c0 [ 3160.907106][T30558] ? __sched_text_start+0x8/0x8 [ 3160.912091][T30558] ? oom_killer_disable+0x280/0x280 [ 3160.917273][T30558] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3160.922799][T30558] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3160.928521][T30558] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3160.934304][T30558] ? cgroup_file_notify+0x140/0x1b0 [ 3160.939498][T30558] memory_max_write+0x262/0x3a0 [ 3160.944330][T30558] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3160.951071][T30558] ? lock_acquire+0x190/0x410 [ 3160.955727][T30558] ? kernfs_fop_write+0x227/0x480 [ 3160.960733][T30558] cgroup_file_write+0x241/0x790 [ 3160.965647][T30558] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3160.972380][T30558] ? cgroup_migrate_add_task+0x890/0x890 [ 3160.977990][T30558] ? cgroup_migrate_add_task+0x890/0x890 [ 3160.983598][T30558] kernfs_fop_write+0x2b8/0x480 [ 3160.991595][T30558] __vfs_write+0x8a/0x110 [ 3160.995901][T30558] ? kernfs_fop_open+0xd80/0xd80 [ 3161.000816][T30558] vfs_write+0x268/0x5d0 [ 3161.005038][T30558] ksys_write+0x14f/0x290 [ 3161.009449][T30558] ? __ia32_sys_read+0xb0/0xb0 [ 3161.014191][T30558] ? do_syscall_64+0x26/0x6a0 [ 3161.018845][T30558] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3161.024887][T30558] ? do_syscall_64+0x26/0x6a0 [ 3161.029555][T30558] __x64_sys_write+0x73/0xb0 [ 3161.034123][T30558] do_syscall_64+0xfd/0x6a0 [ 3161.038613][T30558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3161.044478][T30558] RIP: 0033:0x459829 [ 3161.048353][T30558] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3161.067943][T30558] RSP: 002b:00007f87c723dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3161.076425][T30558] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3161.084405][T30558] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3161.092352][T30558] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3161.100301][T30558] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f87c723e6d4 [ 3161.108249][T30558] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3161.139092][T30558] memory: usage 4112kB, limit 0kB, failcnt 2838561 [ 3161.145934][T30558] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3161.153206][T30558] Memory cgroup stats for /syz4: [ 3161.155023][T30558] anon 2183168 [ 3161.155023][T30558] file 602112 [ 3161.155023][T30558] kernel_stack 65536 [ 3161.155023][T30558] slab 1056768 [ 3161.155023][T30558] sock 0 [ 3161.155023][T30558] shmem 323584 [ 3161.155023][T30558] file_mapped 0 [ 3161.155023][T30558] file_dirty 0 [ 3161.155023][T30558] file_writeback 0 [ 3161.155023][T30558] anon_thp 2097152 [ 3161.155023][T30558] inactive_anon 270336 [ 3161.155023][T30558] active_anon 2183168 [ 3161.155023][T30558] inactive_file 0 [ 3161.155023][T30558] active_file 0 [ 3161.155023][T30558] unevictable 0 [ 3161.155023][T30558] slab_reclaimable 270336 [ 3161.155023][T30558] slab_unreclaimable 786432 [ 3161.155023][T30558] pgfault 105633 [ 3161.155023][T30558] pgmajfault 0 [ 3161.155023][T30558] workingset_refault 0 [ 3161.155023][T30558] workingset_activate 0 [ 3161.155023][T30558] workingset_nodereclaim 0 [ 3161.155023][T30558] pgrefill 0 [ 3161.155023][T30558] pgscan 37 [ 3161.155023][T30558] pgsteal 37 [ 3161.155023][T30558] pgactivate 0 [ 3161.251930][T30558] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30556,uid=0 [ 3161.278773][T30558] Memory cgroup out of memory: Killed process 30556 (syz-executor.4) total-vm:72580kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB [ 3161.297751][ T1057] oom_reaper: reaped process 30556 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:57:03 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a9", 0x2d}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:57:03 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:57:03 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:57:03 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:57:03 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:57:03 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000004c0), 0x4) r2 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380), 0x4) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r1, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3161.710965][T30546] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3161.715780][T30566] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3161.760156][T30546] CPU: 1 PID: 30546 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3161.768255][T30546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3161.778304][T30546] Call Trace: [ 3161.781602][T30546] dump_stack+0x172/0x1f0 [ 3161.785936][T30546] dump_header+0x10b/0x82d [ 3161.790462][T30546] ? oom_kill_process+0x94/0x3f0 [ 3161.795407][T30546] oom_kill_process.cold+0x10/0x15 [ 3161.800535][T30546] out_of_memory+0x79a/0x12c0 [ 3161.805215][T30546] ? lock_downgrade+0x920/0x920 [ 3161.805238][T30546] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3161.815862][T30546] ? oom_killer_disable+0x280/0x280 [ 3161.815893][T30546] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3161.815908][T30546] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3161.815928][T30546] ? do_raw_spin_unlock+0x57/0x270 [ 3161.815946][T30546] ? _raw_spin_unlock+0x2d/0x50 [ 3161.815961][T30546] try_charge+0xf4b/0x1440 [ 3161.815992][T30546] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3161.816005][T30546] ? percpu_ref_tryget_live+0x111/0x290 [ 3161.816023][T30546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3161.816039][T30546] ? __kasan_check_read+0x11/0x20 [ 3161.816057][T30546] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3161.816074][T30546] mem_cgroup_try_charge+0x136/0x590 [ 3161.816095][T30546] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3161.816115][T30546] wp_page_copy+0x421/0x15e0 [ 3161.837541][T30546] ? find_held_lock+0x35/0x130 [ 3161.837567][T30546] ? pmd_pfn+0x1d0/0x1d0 [ 3161.837587][T30546] ? lock_downgrade+0x920/0x920 [ 3161.846822][T30546] ? swp_swapcount+0x540/0x540 [ 3161.864083][T30546] ? __kasan_check_read+0x11/0x20 [ 3161.864099][T30546] ? do_raw_spin_unlock+0x57/0x270 [ 3161.864117][T30546] do_wp_page+0x499/0x14d0 [ 3161.864134][T30546] ? finish_mkwrite_fault+0x570/0x570 [ 3161.864157][T30546] __handle_mm_fault+0x22f7/0x3f20 [ 3161.864178][T30546] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3161.864204][T30546] ? __kasan_check_read+0x11/0x20 [ 3161.864222][T30546] handle_mm_fault+0x1b5/0x6b0 [ 3161.864241][T30546] __do_page_fault+0x536/0xdd0 [ 3161.864261][T30546] do_page_fault+0x38/0x590 [ 3161.864278][T30546] page_fault+0x39/0x40 [ 3161.864287][T30546] RIP: 0033:0x430906 [ 3161.864299][T30546] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 3161.864306][T30546] RSP: 002b:00007fffa58ce100 EFLAGS: 00010206 [ 3161.864316][T30546] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 3161.864323][T30546] RDX: 0000555556651930 RSI: 0000555556659970 RDI: 0000000000000003 [ 3161.864330][T30546] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556650940 [ 3161.864336][T30546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 3161.864343][T30546] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 3161.922049][T30546] memory: usage 1780kB, limit 0kB, failcnt 2838569 [ 3162.001535][T30546] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3162.083106][T30546] Memory cgroup stats for /syz4: [ 3162.083211][T30546] anon 81920 [ 3162.083211][T30546] file 602112 [ 3162.083211][T30546] kernel_stack 0 [ 3162.083211][T30546] slab 1056768 [ 3162.083211][T30546] sock 0 [ 3162.083211][T30546] shmem 323584 [ 3162.083211][T30546] file_mapped 0 [ 3162.083211][T30546] file_dirty 0 [ 3162.083211][T30546] file_writeback 0 [ 3162.083211][T30546] anon_thp 0 [ 3162.083211][T30546] inactive_anon 270336 [ 3162.083211][T30546] active_anon 81920 [ 3162.083211][T30546] inactive_file 0 [ 3162.083211][T30546] active_file 0 [ 3162.083211][T30546] unevictable 0 [ 3162.083211][T30546] slab_reclaimable 270336 [ 3162.083211][T30546] slab_unreclaimable 786432 [ 3162.083211][T30546] pgfault 105633 [ 3162.083211][T30546] pgmajfault 0 [ 3162.083211][T30546] workingset_refault 0 [ 3162.083211][T30546] workingset_activate 0 [ 3162.083211][T30546] workingset_nodereclaim 0 [ 3162.083211][T30546] pgrefill 0 [ 3162.083211][T30546] pgscan 37 [ 3162.083211][T30546] pgsteal 37 [ 3162.083211][T30546] pgactivate 0 16:57:04 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3162.184261][T30546] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30546,uid=0 [ 3162.200419][T30546] Memory cgroup out of memory: Killed process 30546 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB [ 3162.328943][T30582] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3162.347542][T30582] __nla_validate_parse: 8 callbacks suppressed [ 3162.347551][T30582] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:57:05 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a6", 0x2f}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:57:05 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3162.753337][T30573] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. 16:57:05 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r5 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3162.872487][T30586] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3162.901267][T30572] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. 16:57:05 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3162.944164][T30586] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:57:05 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a6", 0x2f}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:57:05 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3163.058096][T30588] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3163.058460][T30579] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:57:05 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x1f06, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0xfffffec2}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x20) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) openat$tun(0xffffffffffffff9c, 0x0, 0xcc539d13aa130b24, 0x0) write$cgroup_int(r7, 0x0, 0x0) [ 3163.179869][T30594] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:57:05 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3163.385715][T30593] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3163.543248][T30606] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:57:05 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3163.588169][T30606] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3163.675578][T30596] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. 16:57:06 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:57:06 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r4 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000002c0), 0x220) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3163.822485][T30615] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3163.838060][T30603] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3163.853532][T30603] CPU: 0 PID: 30603 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #97 [ 3163.861628][T30603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3163.871676][T30603] Call Trace: [ 3163.871701][T30603] dump_stack+0x172/0x1f0 [ 3163.871724][T30603] dump_header+0x10b/0x82d [ 3163.871746][T30603] oom_kill_process.cold+0x10/0x15 [ 3163.871765][T30603] out_of_memory+0x79a/0x12c0 [ 3163.871784][T30603] ? __sched_text_start+0x8/0x8 [ 3163.871802][T30603] ? oom_killer_disable+0x280/0x280 [ 3163.871833][T30603] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3163.871850][T30603] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3163.871877][T30603] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3163.871896][T30603] ? cgroup_file_notify+0x140/0x1b0 [ 3163.871919][T30603] memory_max_write+0x262/0x3a0 [ 3163.871943][T30603] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3163.871967][T30603] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3163.871989][T30603] cgroup_file_write+0x241/0x790 [ 3163.872010][T30603] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3163.872025][T30603] ? cgroup_migrate_add_task+0x890/0x890 [ 3163.872046][T30603] ? kernfs_ops+0x9f/0x110 [ 3163.872064][T30603] ? cgroup_migrate_add_task+0x890/0x890 [ 3163.872079][T30603] kernfs_fop_write+0x2b8/0x480 [ 3163.872103][T30603] __vfs_write+0x8a/0x110 [ 3163.872115][T30603] ? kernfs_fop_open+0xd80/0xd80 [ 3163.872131][T30603] vfs_write+0x268/0x5d0 [ 3163.872153][T30603] ksys_write+0x14f/0x290 [ 3163.872171][T30603] ? __ia32_sys_read+0xb0/0xb0 [ 3163.872190][T30603] ? do_syscall_64+0x26/0x6a0 [ 3163.872206][T30603] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3163.872220][T30603] ? do_syscall_64+0x26/0x6a0 [ 3163.872243][T30603] __x64_sys_write+0x73/0xb0 [ 3163.872262][T30603] do_syscall_64+0xfd/0x6a0 [ 3163.872284][T30603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3163.872297][T30603] RIP: 0033:0x459829 [ 3163.872313][T30603] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3163.872321][T30603] RSP: 002b:00007f121e8b4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3163.872336][T30603] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3163.872345][T30603] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3163.872359][T30603] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3163.872368][T30603] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f121e8b56d4 [ 3163.872378][T30603] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3163.941198][T30603] memory: usage 4344kB, limit 0kB, failcnt 507723 [ 3164.148436][T30603] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3164.191160][T30615] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3164.208444][T30603] Memory cgroup stats for /syz3: [ 3164.208559][T30603] anon 2256896 [ 3164.208559][T30603] file 155648 [ 3164.208559][T30603] kernel_stack 65536 [ 3164.208559][T30603] slab 1474560 [ 3164.208559][T30603] sock 0 [ 3164.208559][T30603] shmem 0 [ 3164.208559][T30603] file_mapped 0 [ 3164.208559][T30603] file_dirty 0 [ 3164.208559][T30603] file_writeback 0 [ 3164.208559][T30603] anon_thp 2097152 [ 3164.208559][T30603] inactive_anon 0 [ 3164.208559][T30603] active_anon 2183168 [ 3164.208559][T30603] inactive_file 0 [ 3164.208559][T30603] active_file 0 [ 3164.208559][T30603] unevictable 0 [ 3164.208559][T30603] slab_reclaimable 540672 [ 3164.208559][T30603] slab_unreclaimable 933888 [ 3164.208559][T30603] pgfault 80685 [ 3164.208559][T30603] pgmajfault 0 [ 3164.208559][T30603] workingset_refault 0 [ 3164.208559][T30603] workingset_activate 0 [ 3164.208559][T30603] workingset_nodereclaim 0 16:57:06 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3164.208559][T30603] pgrefill 0 [ 3164.208559][T30603] pgscan 371 [ 3164.208559][T30603] pgsteal 371 [ 3164.208559][T30603] pgactivate 0 [ 3164.389757][T30603] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=30602,uid=0 [ 3164.406043][T30603] Memory cgroup out of memory: Killed process 30602 (syz-executor.3) total-vm:72708kB, anon-rss:2200kB, file-rss:35840kB, shmem-rss:0kB [ 3164.424312][ T1057] oom_reaper: reaped process 30602 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 16:57:06 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:57:06 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3164.566267][T30632] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:57:07 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:57:07 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3164.827821][T30637] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3165.237572][T30645] IPVS: ftp: loaded support on port[0] = 21 [ 3165.664134][T30645] chnl_net:caif_netlink_parms(): no params data found [ 3165.785658][T30645] bridge0: port 1(bridge_slave_0) entered blocking state [ 3165.792790][T30645] bridge0: port 1(bridge_slave_0) entered disabled state [ 3165.801587][T30645] device bridge_slave_0 entered promiscuous mode [ 3165.855243][T30645] bridge0: port 2(bridge_slave_1) entered blocking state [ 3165.862322][T30645] bridge0: port 2(bridge_slave_1) entered disabled state [ 3165.884754][T30645] device bridge_slave_1 entered promiscuous mode [ 3165.972683][T30645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3165.997115][T30645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3166.093721][T30645] team0: Port device team_slave_0 added [ 3166.104019][T30645] team0: Port device team_slave_1 added [ 3166.216807][T30645] device hsr_slave_0 entered promiscuous mode [ 3166.274023][T30645] device hsr_slave_1 entered promiscuous mode [ 3166.313088][T30645] debugfs: Directory 'hsr0' with parent '/' already present! [ 3166.385842][T30645] bridge0: port 2(bridge_slave_1) entered blocking state [ 3166.393058][T30645] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3166.400412][T30645] bridge0: port 1(bridge_slave_0) entered blocking state [ 3166.407533][T30645] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3166.623896][T30645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3166.670452][ T854] bridge0: port 1(bridge_slave_0) entered disabled state [ 3166.684744][ T854] bridge0: port 2(bridge_slave_1) entered disabled state [ 3166.706726][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 3166.795166][T30645] 8021q: adding VLAN 0 to HW filter on device team0 [ 3166.802427][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3166.824642][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3166.898881][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3166.924105][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3166.932682][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state [ 3166.939810][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3166.963726][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3166.972773][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3167.003549][ T3517] bridge0: port 2(bridge_slave_1) entered blocking state [ 3167.010608][ T3517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3167.097823][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3167.114482][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3167.200637][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3167.226461][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3167.236238][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3167.254688][T17639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3167.336744][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3167.354253][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3167.373605][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3167.382490][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3167.414304][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3167.437425][T30645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3167.579206][T30645] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3167.898166][T30655] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3167.909001][T30655] CPU: 1 PID: 30655 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3167.916991][T30655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3167.927048][T30655] Call Trace: [ 3167.930343][T30655] dump_stack+0x172/0x1f0 [ 3167.934769][T30655] dump_header+0x10b/0x82d [ 3167.939192][T30655] oom_kill_process.cold+0x10/0x15 [ 3167.944306][T30655] out_of_memory+0x79a/0x12c0 [ 3167.948985][T30655] ? __sched_text_start+0x8/0x8 [ 3167.953839][T30655] ? oom_killer_disable+0x280/0x280 [ 3167.959044][T30655] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3167.964598][T30655] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3167.970234][T30655] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 3167.976043][T30655] ? cgroup_file_notify+0x140/0x1b0 [ 3167.981245][T30655] memory_max_write+0x262/0x3a0 [ 3167.986100][T30655] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3167.992856][T30655] ? lock_acquire+0x190/0x410 [ 3167.997523][T30655] ? kernfs_fop_write+0x227/0x480 [ 3168.002552][T30655] cgroup_file_write+0x241/0x790 [ 3168.007495][T30655] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 3168.014267][T30655] ? cgroup_migrate_add_task+0x890/0x890 [ 3168.019901][T30655] ? cgroup_migrate_add_task+0x890/0x890 [ 3168.025523][T30655] kernfs_fop_write+0x2b8/0x480 [ 3168.030375][T30655] __vfs_write+0x8a/0x110 [ 3168.034693][T30655] ? kernfs_fop_open+0xd80/0xd80 [ 3168.039653][T30655] vfs_write+0x268/0x5d0 [ 3168.043896][T30655] ksys_write+0x14f/0x290 [ 3168.048224][T30655] ? __ia32_sys_read+0xb0/0xb0 [ 3168.052989][T30655] ? do_syscall_64+0x26/0x6a0 [ 3168.057661][T30655] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3168.063727][T30655] ? do_syscall_64+0x26/0x6a0 [ 3168.068406][T30655] __x64_sys_write+0x73/0xb0 [ 3168.072988][T30655] do_syscall_64+0xfd/0x6a0 [ 3168.077490][T30655] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3168.083369][T30655] RIP: 0033:0x459829 [ 3168.087262][T30655] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3168.106866][T30655] RSP: 002b:00007f028b854c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3168.115471][T30655] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 3168.123436][T30655] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 3168.131398][T30655] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3168.139360][T30655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f028b8556d4 [ 3168.147321][T30655] R13: 00000000004c99a3 R14: 00000000004e1028 R15: 00000000ffffffff [ 3168.175109][T30655] memory: usage 4136kB, limit 0kB, failcnt 2838570 [ 3168.181868][T30655] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3168.190271][T30655] Memory cgroup stats for /syz4: [ 3168.192095][T30655] anon 2187264 [ 3168.192095][T30655] file 602112 [ 3168.192095][T30655] kernel_stack 0 [ 3168.192095][T30655] slab 1056768 [ 3168.192095][T30655] sock 0 [ 3168.192095][T30655] shmem 323584 [ 3168.192095][T30655] file_mapped 0 [ 3168.192095][T30655] file_dirty 0 [ 3168.192095][T30655] file_writeback 0 [ 3168.192095][T30655] anon_thp 2097152 [ 3168.192095][T30655] inactive_anon 270336 [ 3168.192095][T30655] active_anon 2187264 [ 3168.192095][T30655] inactive_file 0 [ 3168.192095][T30655] active_file 0 [ 3168.192095][T30655] unevictable 0 [ 3168.192095][T30655] slab_reclaimable 270336 [ 3168.192095][T30655] slab_unreclaimable 786432 [ 3168.192095][T30655] pgfault 105699 [ 3168.192095][T30655] pgmajfault 0 [ 3168.192095][T30655] workingset_refault 0 [ 3168.192095][T30655] workingset_activate 0 [ 3168.192095][T30655] workingset_nodereclaim 0 [ 3168.192095][T30655] pgrefill 0 [ 3168.192095][T30655] pgscan 37 [ 3168.192095][T30655] pgsteal 37 [ 3168.192095][T30655] pgactivate 0 [ 3168.289411][T30655] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30653,uid=0 [ 3168.312584][T30655] Memory cgroup out of memory: Killed process 30653 (syz-executor.4) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB [ 3168.333147][ T1057] oom_reaper: reaped process 30653 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:57:11 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a6", 0x2f}], 0x1}, 0x10) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:57:11 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:57:11 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r4 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000002c0), 0x220) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:57:11 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:57:11 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3168.716931][T30645] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3168.729066][T30645] CPU: 1 PID: 30645 Comm: syz-executor.4 Not tainted 5.3.0-rc3+ #97 [ 3168.737054][T30645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3168.747108][T30645] Call Trace: [ 3168.750397][T30645] dump_stack+0x172/0x1f0 [ 3168.754735][T30645] dump_header+0x10b/0x82d [ 3168.759161][T30645] ? oom_kill_process+0x94/0x3f0 [ 3168.764120][T30645] oom_kill_process.cold+0x10/0x15 [ 3168.769235][T30645] out_of_memory+0x79a/0x12c0 [ 3168.773998][T30645] ? lock_downgrade+0x920/0x920 [ 3168.778843][T30645] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3168.784638][T30645] ? oom_killer_disable+0x280/0x280 [ 3168.789878][T30645] mem_cgroup_out_of_memory+0x1d8/0x240 [ 3168.795412][T30645] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 3168.801032][T30645] ? do_raw_spin_unlock+0x57/0x270 [ 3168.806126][T30645] ? _raw_spin_unlock+0x2d/0x50 [ 3168.810959][T30645] try_charge+0xf4b/0x1440 [ 3168.815371][T30645] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3168.820898][T30645] ? percpu_ref_tryget_live+0x111/0x290 [ 3168.826429][T30645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3168.832655][T30645] ? __kasan_check_read+0x11/0x20 [ 3168.837669][T30645] ? get_mem_cgroup_from_mm+0x156/0x320 [ 3168.843202][T30645] mem_cgroup_try_charge+0x136/0x590 [ 3168.848475][T30645] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3168.854098][T30645] __handle_mm_fault+0x1e3a/0x3f20 [ 3168.859199][T30645] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3168.864746][T30645] ? __kasan_check_read+0x11/0x20 [ 3168.869762][T30645] handle_mm_fault+0x1b5/0x6b0 [ 3168.874523][T30645] __do_page_fault+0x536/0xdd0 [ 3168.879284][T30645] do_page_fault+0x38/0x590 [ 3168.883778][T30645] page_fault+0x39/0x40 [ 3168.887912][T30645] RIP: 0033:0x42fd7c [ 3168.891789][T30645] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d ea 51 64 00 77 70 89 ef [ 3168.911372][T30645] RSP: 002b:00007ffe8abc8f70 EFLAGS: 00010202 [ 3168.917430][T30645] RAX: 0000000000000020 RBX: 0000000000715640 RCX: 0000000000458b94 [ 3168.925385][T30645] RDX: 00007ffe8abc9060 RSI: 0000000000008030 RDI: 0000000000715640 [ 3168.933336][T30645] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000555556c2a940 [ 3168.941289][T30645] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe8abca240 [ 3168.949242][T30645] R13: 00007ffe8abca230 R14: 0000000000000000 R15: 00007ffe8abca240 [ 3168.966092][T30661] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3168.974463][T30661] __nla_validate_parse: 12 callbacks suppressed [ 3168.974472][T30661] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3169.012813][T30666] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3169.023319][T30645] memory: usage 1796kB, limit 0kB, failcnt 2838578 [ 3169.029857][T30645] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3169.051588][T30645] Memory cgroup stats for /syz4: [ 3169.051690][T30645] anon 86016 [ 3169.051690][T30645] file 602112 [ 3169.051690][T30645] kernel_stack 0 [ 3169.051690][T30645] slab 1056768 [ 3169.051690][T30645] sock 0 [ 3169.051690][T30645] shmem 323584 [ 3169.051690][T30645] file_mapped 0 [ 3169.051690][T30645] file_dirty 0 [ 3169.051690][T30645] file_writeback 0 [ 3169.051690][T30645] anon_thp 0 [ 3169.051690][T30645] inactive_anon 270336 [ 3169.051690][T30645] active_anon 86016 [ 3169.051690][T30645] inactive_file 0 [ 3169.051690][T30645] active_file 0 [ 3169.051690][T30645] unevictable 0 [ 3169.051690][T30645] slab_reclaimable 270336 16:57:11 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3169.051690][T30645] slab_unreclaimable 786432 [ 3169.051690][T30645] pgfault 105699 [ 3169.051690][T30645] pgmajfault 0 [ 3169.051690][T30645] workingset_refault 0 [ 3169.051690][T30645] workingset_activate 0 [ 3169.051690][T30645] workingset_nodereclaim 0 [ 3169.051690][T30645] pgrefill 0 [ 3169.051690][T30645] pgscan 37 [ 3169.051690][T30645] pgsteal 37 [ 3169.051690][T30645] pgactivate 0 [ 3169.134099][T30668] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3169.183414][T30663] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3169.248329][T30677] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3169.274585][T30677] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3169.284305][T30645] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30645,uid=0 [ 3169.300166][T30645] Memory cgroup out of memory: Killed process 30645 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB [ 3169.315589][ T1057] oom_reaper: reaped process 30645 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 3169.338401][T30662] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:57:11 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3169.600462][T30680] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3169.623009][T30680] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:57:12 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0x30}], 0x1}, 0x0) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) [ 3170.133378][T30675] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. 16:57:12 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3170.271603][T30664] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3170.295297][T30683] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3170.349529][T30683] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3190.546063][ T468] device bridge_slave_1 left promiscuous mode [ 3190.552316][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3190.624036][ T468] device bridge_slave_0 left promiscuous mode [ 3190.630269][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3190.705377][ T468] device bridge_slave_1 left promiscuous mode [ 3190.711603][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3190.774103][ T468] device bridge_slave_0 left promiscuous mode [ 3190.780306][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3195.573589][ T468] device hsr_slave_0 left promiscuous mode [ 3195.613651][ T468] device hsr_slave_1 left promiscuous mode [ 3195.694534][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3195.735826][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3195.767837][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3195.837245][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3195.989230][ T468] bond0 (unregistering): Released all slaves [ 3196.173942][ T468] device hsr_slave_0 left promiscuous mode [ 3196.213196][ T468] device hsr_slave_1 left promiscuous mode [ 3196.295420][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3196.323947][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3196.360243][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3196.426305][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3196.601512][ T468] bond0 (unregistering): Released all slaves 16:58:16 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000300)=0x3) r5 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x220) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:58:16 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:58:16 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:58:16 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@isdn={0x22, 0x400, 0x100000000, 0x0, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000040)="95c67462e15a0a2ccb96d34b582828f6d42606c79a595c811c901cbab2aa0f8b7da638bd0eee7da427eaf176a979a63c", 0x30}], 0x1}, 0x0) socket$kcm(0xa, 0x2, 0x11) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(r1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r5, &(0x7f0000000480)='pids.current\x00', 0x0, 0x0) r7 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r4, 0x0, 0x1, 0x0, 0x0}, 0x20) r8 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r8, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000640)=[{&(0x7f0000000240)="c12723", 0x3}], 0x1}, 0xfc00) sendmsg$kcm(r8, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)="88e7", 0x2}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000001) write$cgroup_int(r7, 0x0, 0x0) 16:58:16 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r4 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000002c0), 0x220) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 16:58:16 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3234.138735][T30712] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3234.164783][T30712] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3234.236315][T30715] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3239.541225][T30710] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3239.623111][T30709] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3239.663176][T30711] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3239.729497][T30719] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3239.768737][T30724] IPVS: ftp: loaded support on port[0] = 21 16:58:22 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) 16:58:22 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000300)=0x3) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3239.776151][T30726] IPVS: ftp: loaded support on port[0] = 21 [ 3239.872437][T30721] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. 16:58:22 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) r3 = socket$kcm(0x2, 0x7, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r4, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x10) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000300)=0x3) r6 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000440)={0xffffffffffffffff, r3, 0x5, 0x2}, 0x10) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r4, 0x220) sendmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3239.925320][T30732] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3239.948615][T30732] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3245.156192][T30731] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. 16:58:27 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3245.273520][T30736] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3245.359828][T30733] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3245.381270][T30744] netlink: 'syz-executor.0': attribute type 3 has an invalid length. 16:58:27 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf58, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x14, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="2e00000010008108040f80ecdb4cb9c00a480e1813000000ff050005bf008600002000000000000000ecff6b7e42", 0x2e}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x84) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfb, 0x20, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x29, 0x23, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000004c0), 0x4) socket$kcm(0x2, 0x7, 0x0) recvmsg(r2, &(0x7f0000000c00)={&(0x7f0000000dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffea0, &(0x7f0000000d00), 0x73e82230f3c96c1, &(0x7f0000000cc0)=""/25, 0x19}, 0x21) r4 = socket$kcm(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000002c0), 0x220) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) [ 3245.423964][T30744] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. 16:58:33 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000504ed0080648c6394f20231d200100003402c00000001000080020000011400f88000f01700d0bd", 0x2e}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 3250.775911][T30747] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3250.826093][T30755] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 3250.837361][T30755] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3250.855925][T30740] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 3255.940841][T30751] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3265.769531][T30724] chnl_net:caif_netlink_parms(): no params data found [ 3265.825753][T30726] chnl_net:caif_netlink_parms(): no params data found [ 3265.932138][T30726] bridge0: port 1(bridge_slave_0) entered blocking state [ 3265.939935][T30726] bridge0: port 1(bridge_slave_0) entered disabled state [ 3265.948325][T30726] device bridge_slave_0 entered promiscuous mode [ 3265.963447][T30724] bridge0: port 1(bridge_slave_0) entered blocking state [ 3265.970564][T30724] bridge0: port 1(bridge_slave_0) entered disabled state [ 3265.982170][T30724] device bridge_slave_0 entered promiscuous mode [ 3266.037569][T30724] bridge0: port 2(bridge_slave_1) entered blocking state [ 3266.045805][T30724] bridge0: port 2(bridge_slave_1) entered disabled state [ 3266.054611][T30724] device bridge_slave_1 entered promiscuous mode [ 3266.061753][T30726] bridge0: port 2(bridge_slave_1) entered blocking state [ 3266.068986][T30726] bridge0: port 2(bridge_slave_1) entered disabled state [ 3266.077686][T30726] device bridge_slave_1 entered promiscuous mode [ 3266.166098][T30724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3266.180169][T30726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3266.192046][T30724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3266.210103][T30726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3266.281190][T30724] team0: Port device team_slave_0 added [ 3266.290318][T30726] team0: Port device team_slave_0 added [ 3266.297894][T30724] team0: Port device team_slave_1 added [ 3266.305252][T30726] team0: Port device team_slave_1 added [ 3266.417675][T30726] device hsr_slave_0 entered promiscuous mode [ 3266.494077][T30726] device hsr_slave_1 entered promiscuous mode [ 3266.636460][T30724] device hsr_slave_0 entered promiscuous mode [ 3266.703863][T30724] device hsr_slave_1 entered promiscuous mode [ 3266.742984][T30724] debugfs: Directory 'hsr0' with parent '/' already present! [ 3267.005484][T30724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3267.018087][T30726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3267.111208][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3267.119802][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3267.132313][T30724] 8021q: adding VLAN 0 to HW filter on device team0 [ 3267.159107][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3267.175140][T25186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3267.189979][T30726] 8021q: adding VLAN 0 to HW filter on device team0 [ 3267.235751][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3267.245679][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3267.254558][T16725] bridge0: port 1(bridge_slave_0) entered blocking state [ 3267.261606][T16725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3267.296817][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3267.305559][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3267.314864][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3267.325596][T21598] bridge0: port 1(bridge_slave_0) entered blocking state [ 3267.332657][T21598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3267.341806][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3267.351361][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3267.360498][T21598] bridge0: port 2(bridge_slave_1) entered blocking state [ 3267.367596][T21598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3267.376924][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3267.386192][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3267.395992][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3267.404970][T21598] bridge0: port 2(bridge_slave_1) entered blocking state [ 3267.412018][T21598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3267.420582][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3267.431213][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3267.495739][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3267.504540][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3267.523612][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3267.532490][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3267.543896][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3267.552828][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3267.639528][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3267.648955][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3267.658638][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3267.672381][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3267.682102][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3267.692225][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3267.701617][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3267.710903][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3267.720302][T21598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3267.735036][T30724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3267.746299][ T468] device bridge_slave_1 left promiscuous mode [ 3267.752518][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3267.794704][ T468] device bridge_slave_0 left promiscuous mode [ 3267.800902][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3267.875825][ T468] device bridge_slave_1 left promiscuous mode [ 3267.882128][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3267.964709][ T468] device bridge_slave_0 left promiscuous mode [ 3267.971012][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3268.025131][ T468] device bridge_slave_1 left promiscuous mode [ 3268.031401][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3268.084441][ T468] device bridge_slave_0 left promiscuous mode [ 3268.090645][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3268.155351][ T468] device bridge_slave_1 left promiscuous mode [ 3268.161565][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3268.214545][ T468] device bridge_slave_0 left promiscuous mode [ 3268.220759][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3268.285321][ T468] device bridge_slave_1 left promiscuous mode [ 3268.291545][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3268.334628][ T468] device bridge_slave_0 left promiscuous mode [ 3268.340842][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3268.395648][ T468] device bridge_slave_1 left promiscuous mode [ 3268.401871][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3268.454414][ T468] device bridge_slave_0 left promiscuous mode [ 3268.460637][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3268.525796][ T468] device bridge_slave_1 left promiscuous mode [ 3268.531990][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3268.594585][ T468] device bridge_slave_0 left promiscuous mode [ 3268.600915][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3268.645403][ T468] device bridge_slave_1 left promiscuous mode [ 3268.652141][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3268.694442][ T468] device bridge_slave_0 left promiscuous mode [ 3268.700654][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3268.755634][ T468] device bridge_slave_1 left promiscuous mode [ 3268.762056][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3268.814464][ T468] device bridge_slave_0 left promiscuous mode [ 3268.820694][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3268.885282][ T468] device bridge_slave_1 left promiscuous mode [ 3268.891496][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3268.934284][ T468] device bridge_slave_0 left promiscuous mode [ 3268.940482][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3269.025449][ T468] device bridge_slave_1 left promiscuous mode [ 3269.031666][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3269.084302][ T468] device bridge_slave_0 left promiscuous mode [ 3269.090496][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3269.217831][ T468] device bridge_slave_1 left promiscuous mode [ 3269.224941][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3269.394368][ T468] device bridge_slave_0 left promiscuous mode [ 3269.400676][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3269.455822][ T468] device bridge_slave_1 left promiscuous mode [ 3269.462024][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3269.534495][ T468] device bridge_slave_0 left promiscuous mode [ 3269.540718][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3269.635407][ T468] device bridge_slave_1 left promiscuous mode [ 3269.641745][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3269.694022][ T468] device bridge_slave_0 left promiscuous mode [ 3269.700170][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3269.855507][ T468] device bridge_slave_1 left promiscuous mode [ 3269.861790][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3269.934550][ T468] device bridge_slave_0 left promiscuous mode [ 3269.940759][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3270.007779][ T468] device bridge_slave_1 left promiscuous mode [ 3270.015029][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3270.074308][ T468] device bridge_slave_0 left promiscuous mode [ 3270.080526][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3270.165407][ T468] device bridge_slave_1 left promiscuous mode [ 3270.171620][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3270.234282][ T468] device bridge_slave_0 left promiscuous mode [ 3270.240484][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3270.305125][ T468] device bridge_slave_1 left promiscuous mode [ 3270.311360][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3270.374393][ T468] device bridge_slave_0 left promiscuous mode [ 3270.380605][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3270.435395][ T468] device bridge_slave_1 left promiscuous mode [ 3270.441609][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3270.514501][ T468] device bridge_slave_0 left promiscuous mode [ 3270.520731][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3270.604800][ T468] device bridge_slave_1 left promiscuous mode [ 3270.611023][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3270.654597][ T468] device bridge_slave_0 left promiscuous mode [ 3270.660825][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3270.725405][ T468] device bridge_slave_1 left promiscuous mode [ 3270.731625][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3270.804444][ T468] device bridge_slave_0 left promiscuous mode [ 3270.810662][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3270.924557][ T468] device bridge_slave_1 left promiscuous mode [ 3270.930883][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3271.004440][ T468] device bridge_slave_0 left promiscuous mode [ 3271.010659][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3271.065188][ T468] device bridge_slave_1 left promiscuous mode [ 3271.071404][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3271.134501][ T468] device bridge_slave_0 left promiscuous mode [ 3271.140704][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3271.225547][ T468] device bridge_slave_1 left promiscuous mode [ 3271.231780][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3271.314421][ T468] device bridge_slave_0 left promiscuous mode [ 3271.320669][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3271.385501][ T468] device bridge_slave_1 left promiscuous mode [ 3271.391715][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3271.456697][ T468] device bridge_slave_0 left promiscuous mode [ 3271.463771][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3271.535701][ T468] device bridge_slave_1 left promiscuous mode [ 3271.542056][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3271.604258][ T468] device bridge_slave_0 left promiscuous mode [ 3271.610567][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3271.696146][ T468] device bridge_slave_1 left promiscuous mode [ 3271.702363][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3271.764402][ T468] device bridge_slave_0 left promiscuous mode [ 3271.770622][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3271.855675][ T468] device bridge_slave_1 left promiscuous mode [ 3271.862015][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3271.924470][ T468] device bridge_slave_0 left promiscuous mode [ 3271.930672][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3271.985286][ T468] device bridge_slave_1 left promiscuous mode [ 3271.991491][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3272.074140][ T468] device bridge_slave_0 left promiscuous mode [ 3272.080448][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3272.165364][ T468] device bridge_slave_1 left promiscuous mode [ 3272.171569][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3272.234369][ T468] device bridge_slave_0 left promiscuous mode [ 3272.240571][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3272.315388][ T468] device bridge_slave_1 left promiscuous mode [ 3272.321593][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3272.394193][ T468] device bridge_slave_0 left promiscuous mode [ 3272.400408][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3272.455387][ T468] device bridge_slave_1 left promiscuous mode [ 3272.462217][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3272.504142][ T468] device bridge_slave_0 left promiscuous mode [ 3272.510381][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3272.575624][ T468] device bridge_slave_1 left promiscuous mode [ 3272.581963][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3272.624592][ T468] device bridge_slave_0 left promiscuous mode [ 3272.630805][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3272.685448][ T468] device bridge_slave_1 left promiscuous mode [ 3272.691662][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3272.754157][ T468] device bridge_slave_0 left promiscuous mode [ 3272.760594][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3272.825288][ T468] device bridge_slave_1 left promiscuous mode [ 3272.831510][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3272.874373][ T468] device bridge_slave_0 left promiscuous mode [ 3272.880597][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3272.945506][ T468] device bridge_slave_1 left promiscuous mode [ 3272.951726][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3273.004216][ T468] device bridge_slave_0 left promiscuous mode [ 3273.010418][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3273.075266][ T468] device bridge_slave_1 left promiscuous mode [ 3273.081698][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3273.134368][ T468] device bridge_slave_0 left promiscuous mode [ 3273.140590][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3273.195243][ T468] device bridge_slave_1 left promiscuous mode [ 3273.201460][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3273.263526][ T468] device bridge_slave_0 left promiscuous mode [ 3273.269761][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3273.375672][ T468] device bridge_slave_1 left promiscuous mode [ 3273.381999][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3273.514229][ T468] device bridge_slave_0 left promiscuous mode [ 3273.520465][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3273.665277][ T468] device bridge_slave_1 left promiscuous mode [ 3273.671533][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3273.754382][ T468] device bridge_slave_0 left promiscuous mode [ 3273.760590][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3273.825377][ T468] device bridge_slave_1 left promiscuous mode [ 3273.831593][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3273.884103][ T468] device bridge_slave_0 left promiscuous mode [ 3273.890318][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3273.945180][ T468] device bridge_slave_1 left promiscuous mode [ 3273.951389][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3274.003440][ T468] device bridge_slave_0 left promiscuous mode [ 3274.009666][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3274.065409][ T468] device bridge_slave_1 left promiscuous mode [ 3274.071650][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3274.143998][ T468] device bridge_slave_0 left promiscuous mode [ 3274.150191][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3274.235160][ T468] device bridge_slave_1 left promiscuous mode [ 3274.241462][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3274.324588][ T468] device bridge_slave_0 left promiscuous mode [ 3274.330816][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3274.435221][ T468] device bridge_slave_1 left promiscuous mode [ 3274.441442][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3274.504083][ T468] device bridge_slave_0 left promiscuous mode [ 3274.510290][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3274.595214][ T468] device bridge_slave_1 left promiscuous mode [ 3274.601520][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3274.704908][ T468] device bridge_slave_0 left promiscuous mode [ 3274.711139][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3274.935234][ T468] device bridge_slave_1 left promiscuous mode [ 3274.941560][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 3275.014023][ T468] device bridge_slave_0 left promiscuous mode [ 3275.020325][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 3403.493394][ T468] device hsr_slave_0 left promiscuous mode [ 3403.553108][ T468] device hsr_slave_1 left promiscuous mode [ 3403.610111][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3403.626417][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3403.639865][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3403.710007][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3403.834014][ T468] bond0 (unregistering): Released all slaves [ 3403.973804][ T468] device hsr_slave_0 left promiscuous mode [ 3404.033112][ T468] device hsr_slave_1 left promiscuous mode [ 3404.089264][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3404.107846][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3404.121029][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3404.210306][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3404.388223][ T468] bond0 (unregistering): Released all slaves [ 3404.533749][ T468] device hsr_slave_0 left promiscuous mode [ 3404.593293][ T468] device hsr_slave_1 left promiscuous mode [ 3404.650141][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3404.666405][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3404.682758][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3404.750350][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3404.862649][ T468] bond0 (unregistering): Released all slaves [ 3405.113725][ T468] device hsr_slave_0 left promiscuous mode [ 3405.153158][ T468] device hsr_slave_1 left promiscuous mode [ 3405.249439][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3405.265733][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3405.278942][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3405.382419][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3405.547343][ T468] bond0 (unregistering): Released all slaves [ 3405.753895][ T468] device hsr_slave_0 left promiscuous mode [ 3405.813134][ T468] device hsr_slave_1 left promiscuous mode [ 3405.910382][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3405.926579][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3405.940220][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3406.032140][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3406.182819][ T468] bond0 (unregistering): Released all slaves [ 3406.455540][ T468] device hsr_slave_0 left promiscuous mode [ 3406.513338][ T468] device hsr_slave_1 left promiscuous mode [ 3406.660238][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3406.676461][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3406.690995][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3406.810555][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3406.963795][ T468] bond0 (unregistering): Released all slaves [ 3407.133999][ T468] device hsr_slave_0 left promiscuous mode [ 3407.203266][ T468] device hsr_slave_1 left promiscuous mode [ 3407.279791][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3407.297897][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3407.315076][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3407.370031][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3407.528036][ T468] bond0 (unregistering): Released all slaves [ 3407.753816][ T468] device hsr_slave_0 left promiscuous mode [ 3407.803147][ T468] device hsr_slave_1 left promiscuous mode [ 3407.944792][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3407.958737][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3407.974351][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3408.040018][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3408.168647][ T468] bond0 (unregistering): Released all slaves [ 3408.303855][ T468] device hsr_slave_0 left promiscuous mode [ 3408.353166][ T468] device hsr_slave_1 left promiscuous mode [ 3408.421251][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3408.437426][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3408.452598][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3408.520456][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3408.660589][ T468] bond0 (unregistering): Released all slaves [ 3408.893816][ T468] device hsr_slave_0 left promiscuous mode [ 3408.933399][ T468] device hsr_slave_1 left promiscuous mode [ 3408.990245][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3409.007534][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3409.021488][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3409.096403][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3409.298062][ T468] bond0 (unregistering): Released all slaves [ 3409.483825][ T468] device hsr_slave_0 left promiscuous mode [ 3409.633188][ T468] device hsr_slave_1 left promiscuous mode [ 3409.730606][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3409.747270][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3409.762498][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3409.831512][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3409.950784][ T468] bond0 (unregistering): Released all slaves [ 3410.123815][ T468] device hsr_slave_0 left promiscuous mode [ 3410.183061][ T468] device hsr_slave_1 left promiscuous mode [ 3410.264387][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3410.278463][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3410.291879][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3410.410780][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3410.527138][ T468] bond0 (unregistering): Released all slaves [ 3410.813882][ T468] device hsr_slave_0 left promiscuous mode [ 3410.853225][ T468] device hsr_slave_1 left promiscuous mode [ 3410.930451][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3410.947015][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3410.963844][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3411.010104][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3411.120742][ T468] bond0 (unregistering): Released all slaves [ 3411.273867][ T468] device hsr_slave_0 left promiscuous mode [ 3411.333300][ T468] device hsr_slave_1 left promiscuous mode [ 3411.399958][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3411.416631][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3411.434296][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3411.499940][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3411.602775][ T468] bond0 (unregistering): Released all slaves [ 3411.793897][ T468] device hsr_slave_0 left promiscuous mode [ 3411.873212][ T468] device hsr_slave_1 left promiscuous mode [ 3411.974825][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3411.988722][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3412.001744][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3412.062430][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3412.194646][ T468] bond0 (unregistering): Released all slaves [ 3412.433950][ T468] device hsr_slave_0 left promiscuous mode [ 3412.563253][ T468] device hsr_slave_1 left promiscuous mode [ 3412.691159][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3412.706861][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3412.724596][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3412.794653][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3412.902594][ T468] bond0 (unregistering): Released all slaves [ 3413.103786][ T468] device hsr_slave_0 left promiscuous mode [ 3413.143330][ T468] device hsr_slave_1 left promiscuous mode [ 3413.199577][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3413.216639][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3413.230151][ T468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3413.308757][ T468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3413.416731][ T468] bond0 (unregistering): Released all slaves [ 3413.614053][ T468] device hsr_slave_0 left promiscuous mode [ 3413.683205][ T468] device hsr_slave_1 left promiscuous mode [ 3413.693317][ T1056] INFO: task kworker/1:16:16725 blocked for more than 143 seconds. [ 3413.701214][ T1056] Not tainted 5.3.0-rc3+ #97 [ 3413.706842][ T1056] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3413.715851][ T1056] kworker/1:16 D25840 16725 2 0x80004000 [ 3413.722200][ T1056] Workqueue: events switchdev_deferred_process_work [ 3413.729297][ T1056] Call Trace: [ 3413.732601][ T1056] __schedule+0x755/0x1580 [ 3413.738213][ T1056] ? __sched_text_start+0x8/0x8 [ 3413.743452][ T1056] ? __kasan_check_read+0x11/0x20 [ 3413.748481][ T1056] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3413.754063][ T1056] schedule+0xa8/0x270 [ 3413.758133][ T1056] schedule_preempt_disabled+0x13/0x20 [ 3413.764115][ T1056] __mutex_lock+0x7b0/0x13c0 [ 3413.768706][ T1056] ? rtnl_lock+0x17/0x20 [ 3413.773443][ T1056] ? mutex_lock_io_nested+0x1260/0x1260 [ 3413.778999][ T1056] ? mark_held_locks+0xf0/0xf0 [ 3413.784135][ T1056] ? lock_downgrade+0x920/0x920 [ 3413.789640][ T1056] mutex_lock_nested+0x16/0x20 [ 3413.795071][ T1056] ? mutex_lock_nested+0x16/0x20 [ 3413.800014][ T1056] rtnl_lock+0x17/0x20 [ 3413.804578][ T1056] switchdev_deferred_process_work+0xe/0x20 [ 3413.810472][ T1056] process_one_work+0x9af/0x1740 [ 3413.815775][ T1056] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3413.821145][ T1056] ? lock_acquire+0x190/0x410 [ 3413.826244][ T1056] worker_thread+0x98/0xe40 [ 3413.830745][ T1056] ? trace_hardirqs_on+0x67/0x240 [ 3413.836152][ T1056] kthread+0x361/0x430 [ 3413.840216][ T1056] ? process_one_work+0x1740/0x1740 [ 3413.845888][ T1056] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3413.852131][ T1056] ret_from_fork+0x24/0x30 [ 3413.857051][ T1056] INFO: task kworker/1:2:21598 blocked for more than 143 seconds. [ 3413.866075][ T468] kobject: 'rx-0' (0000000033653020): kobject_cleanup, parent 000000000f62c8a9 [ 3413.875109][ T1056] Not tainted 5.3.0-rc3+ #97 [ 3413.880205][ T1056] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3413.888986][ T468] kobject: 'rx-0' (0000000033653020): auto cleanup 'remove' event [ 3413.897238][ T468] kobject: 'rx-0' (0000000033653020): kobject_uevent_env [ 3413.904550][ T1056] kworker/1:2 D26288 21598 2 0x80004000 [ 3413.910896][ T1056] Workqueue: ipv6_addrconf addrconf_dad_work [ 3413.913061][ T468] kobject: 'rx-0' (0000000033653020): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3413.917105][ T1056] Call Trace: [ 3413.931029][ T1056] __schedule+0x755/0x1580 [ 3413.935669][ T1056] ? __sched_text_start+0x8/0x8 [ 3413.940519][ T1056] ? __kasan_check_read+0x11/0x20 [ 3413.942994][ T468] kobject: 'rx-0' (0000000033653020): auto cleanup kobject_del [ 3413.945723][ T1056] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3413.958367][ T1056] schedule+0xa8/0x270 [ 3413.962436][ T1056] schedule_preempt_disabled+0x13/0x20 [ 3413.968119][ T1056] __mutex_lock+0x7b0/0x13c0 [ 3413.968236][ T468] kobject: 'rx-0' (0000000033653020): calling ktype release [ 3413.972706][ T1056] ? rtnl_lock+0x17/0x20 [ 3413.984450][ T1056] ? mutex_lock_io_nested+0x1260/0x1260 [ 3413.989989][ T1056] ? mark_lock+0xc0/0x11e0 [ 3413.992992][ T468] kobject: 'rx-0': free name [ 3413.995513][ T1056] mutex_lock_nested+0x16/0x20 [ 3413.999144][ T468] kobject: 'tx-0' (00000000fb5a455c): kobject_cleanup, parent 000000000f62c8a9 [ 3414.004215][ T1056] ? mutex_lock_nested+0x16/0x20 [ 3414.018179][ T1056] rtnl_lock+0x17/0x20 [ 3414.022243][ T1056] addrconf_dad_work+0xad/0x1150 [ 3414.027657][ T1056] ? addrconf_dad_completed+0xbb0/0xbb0 [ 3414.032964][ T468] kobject: 'tx-0' (00000000fb5a455c): auto cleanup 'remove' event [ 3414.033471][ T1056] process_one_work+0x9af/0x1740 [ 3414.040972][ T468] kobject: 'tx-0' (00000000fb5a455c): kobject_uevent_env [ 3414.046358][ T1056] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3414.058705][ T1056] ? lock_acquire+0x190/0x410 [ 3414.063802][ T1056] worker_thread+0x98/0xe40 [ 3414.068391][ T1056] ? trace_hardirqs_on+0x67/0x240 [ 3414.073038][ T468] kobject: 'tx-0' (00000000fb5a455c): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3414.073867][ T1056] kthread+0x361/0x430 [ 3414.084268][ T468] kobject: 'tx-0' (00000000fb5a455c): auto cleanup kobject_del [ 3414.096045][ T468] kobject: 'tx-0' (00000000fb5a455c): calling ktype release [ 3414.102944][ T1056] ? process_one_work+0x1740/0x1740 [ 3414.103814][ T468] kobject: 'tx-0': free name [ 3414.108539][ T1056] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3414.113397][ T468] kobject: 'queues' (000000000f62c8a9): kobject_cleanup, parent 000000006ff208ed [ 3414.119549][ T1056] ret_from_fork+0x24/0x30 [ 3414.128854][ T468] kobject: 'queues' (000000000f62c8a9): calling ktype release [ 3414.140585][ T468] kobject: 'queues' (000000000f62c8a9): kset_release [ 3414.142921][ T1056] INFO: task kworker/1:3:25186 blocked for more than 143 seconds. [ 3414.147720][ T468] kobject: 'queues': free name [ 3414.160722][ T468] kobject: 'hsr0' (000000003b1b932e): kobject_uevent_env [ 3414.168015][ T468] kobject: 'hsr0' (000000003b1b932e): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3414.172917][ T1056] Not tainted 5.3.0-rc3+ #97 [ 3414.180504][ T468] kobject: 'batman_adv' (00000000f31c7247): kobject_uevent_env [ 3414.191553][ T468] kobject: 'batman_adv' (00000000f31c7247): kobject_uevent_env: filter function caused the event to drop! [ 3414.192896][ T1056] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3414.211708][ T1056] kworker/1:3 D26648 25186 2 0x80004000 [ 3414.218097][ T1056] Workqueue: events linkwatch_event [ 3414.223016][ T468] kobject: 'batman_adv' (00000000f31c7247): kobject_cleanup, parent 000000006ff208ed [ 3414.223422][ T1056] Call Trace: [ 3414.232807][ T468] kobject: 'batman_adv' (00000000f31c7247): calling ktype release [ 3414.236014][ T1056] __schedule+0x755/0x1580 [ 3414.236050][ T1056] ? __sched_text_start+0x8/0x8 [ 3414.236078][ T1056] ? __kasan_check_read+0x11/0x20 [ 3414.236110][ T1056] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3414.236141][ T1056] schedule+0xa8/0x270 [ 3414.236171][ T1056] schedule_preempt_disabled+0x13/0x20 [ 3414.236196][ T1056] __mutex_lock+0x7b0/0x13c0 [ 3414.252967][ T468] kobject: (00000000f31c7247): dynamic_kobj_release [ 3414.253728][ T1056] ? rtnl_lock+0x17/0x20 [ 3414.258263][ T468] kobject: 'batman_adv': free name [ 3414.264303][ T1056] ? mutex_lock_io_nested+0x1260/0x1260 [ 3414.283112][ T468] kobject: 'rx-0' (000000009f9d9198): kobject_cleanup, parent 00000000067e4aee [ 3414.292908][ T1056] ? mark_held_locks+0xf0/0xf0 [ 3414.294163][ T468] kobject: 'rx-0' (000000009f9d9198): auto cleanup 'remove' event [ 3414.299071][ T1056] ? lock_downgrade+0x920/0x920 [ 3414.308299][ T468] kobject: 'rx-0' (000000009f9d9198): kobject_uevent_env [ 3414.334102][ T468] kobject: 'rx-0' (000000009f9d9198): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3414.334621][ T1056] mutex_lock_nested+0x16/0x20 [ 3414.345678][ T468] kobject: 'rx-0' (000000009f9d9198): auto cleanup kobject_del [ 3414.357962][ T468] kobject: 'rx-0' (000000009f9d9198): calling ktype release [ 3414.362977][ T1056] ? mutex_lock_nested+0x16/0x20 [ 3414.365680][ T468] kobject: 'rx-0': free name [ 3414.370171][ T1056] rtnl_lock+0x17/0x20 [ 3414.375079][ T468] kobject: 'tx-0' (000000007ec3e40d): kobject_cleanup, parent 00000000067e4aee [ 3414.388204][ T468] kobject: 'tx-0' (000000007ec3e40d): auto cleanup 'remove' event [ 3414.392908][ T1056] linkwatch_event+0xf/0x70 [ 3414.396251][ T468] kobject: 'tx-0' (000000007ec3e40d): kobject_uevent_env [ 3414.400484][ T1056] process_one_work+0x9af/0x1740 [ 3414.413536][ T1056] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3414.414220][ T468] kobject: 'tx-0' (000000007ec3e40d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3414.418907][ T1056] ? lock_acquire+0x190/0x410 [ 3414.434789][ T1056] worker_thread+0x98/0xe40 [ 3414.439302][ T1056] ? trace_hardirqs_on+0x67/0x240 [ 3414.442960][ T468] kobject: 'tx-0' (000000007ec3e40d): auto cleanup kobject_del [ 3414.445060][ T1056] kthread+0x361/0x430 [ 3414.452235][ T468] kobject: 'tx-0' (000000007ec3e40d): calling ktype release [ 3414.456540][ T1056] ? process_one_work+0x1740/0x1740 [ 3414.469029][ T1056] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3414.475570][ T1056] ret_from_fork+0x24/0x30 [ 3414.480092][ T1056] INFO: task kworker/0:14:30696 blocked for more than 144 seconds. [ 3414.483188][ T468] kobject: 'tx-0': free name [ 3414.492578][ T468] kobject: 'queues' (00000000067e4aee): kobject_cleanup, parent 000000006ff208ed [ 3414.502172][ T468] kobject: 'queues' (00000000067e4aee): calling ktype release [ 3414.503341][ T1056] Not tainted 5.3.0-rc3+ #97 [ 3414.509885][ T468] kobject: 'queues' (00000000067e4aee): kset_release [ 3414.522036][ T468] kobject: 'queues': free name [ 3414.522887][ T1056] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3414.527341][ T468] kobject: 'hsr_slave_1' (000000009b8d9093): kobject_uevent_env [ 3414.543814][ T468] kobject: 'hsr_slave_1' (000000009b8d9093): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3414.553602][ T1056] kworker/0:14 D27112 30696 2 0x80004000 [ 3414.557400][ T468] kobject: 'batman_adv' (00000000af2ce375): kobject_uevent_env [ 3414.561513][ T1056] Workqueue: ipv6_addrconf addrconf_dad_work [ 3414.569397][ T468] kobject: 'batman_adv' (00000000af2ce375): kobject_uevent_env: filter function caused the event to drop! [ 3414.587044][ T468] kobject: 'batman_adv' (00000000af2ce375): kobject_cleanup, parent 000000006ff208ed [ 3414.592913][ T1056] Call Trace: [ 3414.596950][ T468] kobject: 'batman_adv' (00000000af2ce375): calling ktype release [ 3414.599863][ T1056] __schedule+0x755/0x1580 [ 3414.612402][ T1056] ? __sched_text_start+0x8/0x8 [ 3414.617553][ T1056] ? __kasan_check_read+0x11/0x20 [ 3414.622581][ T1056] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3414.623009][ T468] kobject: (00000000af2ce375): dynamic_kobj_release [ 3414.628190][ T1056] schedule+0xa8/0x270 [ 3414.634479][ T468] kobject: 'batman_adv': free name [ 3414.638837][ T1056] schedule_preempt_disabled+0x13/0x20 [ 3414.649400][ T1056] __mutex_lock+0x7b0/0x13c0 [ 3414.653088][ T468] kobject: 'rx-0' (000000004a88147e): kobject_cleanup, parent 00000000e7c20d68 [ 3414.654314][ T1056] ? rtnl_lock+0x17/0x20 [ 3414.667481][ T1056] ? mutex_lock_io_nested+0x1260/0x1260 [ 3414.672922][ T468] kobject: 'rx-0' (000000004a88147e): auto cleanup 'remove' event [ 3414.674054][ T1056] ? mark_lock+0xc0/0x11e0 [ 3414.680796][ T468] kobject: 'rx-0' (000000004a88147e): kobject_uevent_env [ 3414.685935][ T1056] mutex_lock_nested+0x16/0x20 [ 3414.697707][ T1056] ? mutex_lock_nested+0x16/0x20 [ 3414.702642][ T1056] rtnl_lock+0x17/0x20 [ 3414.707112][ T1056] addrconf_dad_work+0xad/0x1150 [ 3414.712055][ T1056] ? addrconf_dad_completed+0xbb0/0xbb0 [ 3414.717865][ T468] kobject: 'rx-0' (000000004a88147e): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3414.728972][ T1056] process_one_work+0x9af/0x1740 [ 3414.734172][ T468] kobject: 'rx-0' (000000004a88147e): auto cleanup kobject_del [ 3414.741759][ T468] kobject: 'rx-0' (000000004a88147e): calling ktype release [ 3414.749509][ T1056] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3414.755154][ T1056] ? lock_acquire+0x190/0x410 [ 3414.759843][ T1056] worker_thread+0x98/0xe40 [ 3414.764797][ T468] kobject: 'rx-0': free name [ 3414.769457][ T468] kobject: 'tx-0' (000000006037d6dc): kobject_cleanup, parent 00000000e7c20d68 [ 3414.778712][ T1056] kthread+0x361/0x430 [ 3414.782779][ T1056] ? process_one_work+0x1740/0x1740 [ 3414.788338][ T1056] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3414.794839][ T468] kobject: 'tx-0' (000000006037d6dc): auto cleanup 'remove' event [ 3414.802628][ T468] kobject: 'tx-0' (000000006037d6dc): kobject_uevent_env [ 3414.810902][ T468] kobject: 'tx-0' (000000006037d6dc): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3414.813128][ T1056] ret_from_fork+0x24/0x30 [ 3414.822359][ T468] kobject: 'tx-0' (000000006037d6dc): auto cleanup kobject_del [ 3414.832925][ T1056] INFO: task syz-executor.4:30724 blocked for more than 144 seconds. [ 3414.834006][ T468] kobject: 'tx-0' (000000006037d6dc): calling ktype release [ 3414.841694][ T1056] Not tainted 5.3.0-rc3+ #97 [ 3414.849393][ T468] kobject: 'tx-0': free name [ 3414.859255][ T468] kobject: 'queues' (00000000e7c20d68): kobject_cleanup, parent 000000006ff208ed [ 3414.868711][ T468] kobject: 'queues' (00000000e7c20d68): calling ktype release [ 3414.873033][ T1056] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3414.876455][ T468] kobject: 'queues' (00000000e7c20d68): kset_release [ 3414.891607][ T468] kobject: 'queues': free name [ 3414.896725][ T1056] syz-executor.4 D24040 30724 1 0x00000004 [ 3414.904213][ T468] kobject: 'veth1_to_hsr' (000000002ca8a10d): kobject_uevent_env [ 3414.911920][ T468] kobject: 'veth1_to_hsr' (000000002ca8a10d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3414.923814][ T1056] Call Trace: [ 3414.927105][ T1056] __schedule+0x755/0x1580 [ 3414.931511][ T1056] ? __sched_text_start+0x8/0x8 [ 3414.937542][ T1056] ? lock_downgrade+0x920/0x920 [ 3414.942413][ T1056] ? rwlock_bug.part.0+0x90/0x90 [ 3414.949262][ T468] kobject: 'batman_adv' (000000004684f635): kobject_uevent_env [ 3414.957174][ T1056] schedule+0xa8/0x270 [ 3414.961242][ T1056] schedule_preempt_disabled+0x13/0x20 [ 3414.967159][ T468] kobject: 'batman_adv' (000000004684f635): kobject_uevent_env: filter function caused the event to drop! [ 3414.978763][ T1056] __mutex_lock+0x7b0/0x13c0 [ 3414.983745][ T1056] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 3414.988860][ T1056] ? mutex_lock_io_nested+0x1260/0x1260 [ 3414.994785][ T468] kobject: 'batman_adv' (000000004684f635): kobject_cleanup, parent 000000006ff208ed [ 3415.004594][ T468] kobject: 'batman_adv' (000000004684f635): calling ktype release [ 3415.012381][ T468] kobject: (000000004684f635): dynamic_kobj_release [ 3415.013038][ T1056] ? find_held_lock+0x35/0x130 [ 3415.019281][ T468] kobject: 'batman_adv': free name [ 3415.029436][ T468] kobject: 'rx-0' (000000003efae0ae): kobject_cleanup, parent 00000000735d7e45 [ 3415.032936][ T1056] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 3415.038724][ T468] kobject: 'rx-0' (000000003efae0ae): auto cleanup 'remove' event [ 3415.051432][ T468] kobject: 'rx-0' (000000003efae0ae): kobject_uevent_env [ 3415.052969][ T1056] ? lock_downgrade+0x920/0x920 [ 3415.059203][ T468] kobject: 'rx-0' (000000003efae0ae): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3415.072930][ T1056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3415.075171][ T468] kobject: 'rx-0' (000000003efae0ae): auto cleanup kobject_del [ 3415.080320][ T1056] mutex_lock_nested+0x16/0x20 [ 3415.088155][ T468] kobject: 'rx-0' (000000003efae0ae): calling ktype release [ 3415.100248][ T468] kobject: 'rx-0': free name [ 3415.105277][ T468] kobject: 'tx-0' (00000000640c84bd): kobject_cleanup, parent 00000000735d7e45 [ 3415.114551][ T1056] ? mutex_lock_nested+0x16/0x20 [ 3415.119485][ T1056] rtnetlink_rcv_msg+0x40a/0xb00 [ 3415.124744][ T468] kobject: 'tx-0' (00000000640c84bd): auto cleanup 'remove' event [ 3415.132539][ T468] kobject: 'tx-0' (00000000640c84bd): kobject_uevent_env [ 3415.139954][ T1056] ? rtnetlink_put_metrics+0x580/0x580 [ 3415.145767][ T1056] ? lock_downgrade+0x920/0x920 [ 3415.150616][ T1056] ? netlink_deliver_tap+0x22d/0xbf0 [ 3415.156213][ T468] kobject: 'tx-0' (00000000640c84bd): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3415.167355][ T1056] ? find_held_lock+0x35/0x130 [ 3415.172119][ T1056] netlink_rcv_skb+0x177/0x450 [ 3415.177178][ T468] kobject: 'tx-0' (00000000640c84bd): auto cleanup kobject_del [ 3415.185080][ T1056] ? rtnetlink_put_metrics+0x580/0x580 [ 3415.190533][ T1056] ? netlink_ack+0xb30/0xb30 [ 3415.195475][ T468] kobject: 'tx-0' (00000000640c84bd): calling ktype release [ 3415.202740][ T468] kobject: 'tx-0': free name [ 3415.208658][ T468] kobject: 'queues' (00000000735d7e45): kobject_cleanup, parent 000000006ff208ed [ 3415.213106][ T1056] ? __kasan_check_read+0x11/0x20 [ 3415.218160][ T468] kobject: 'queues' (00000000735d7e45): calling ktype release [ 3415.222795][ T1056] ? netlink_deliver_tap+0x254/0xbf0 [ 3415.230597][ T468] kobject: 'queues' (00000000735d7e45): kset_release [ 3415.242426][ T468] kobject: 'queues': free name [ 3415.248367][ T468] kobject: 'hsr_slave_0' (000000002fd6013f): kobject_uevent_env [ 3415.253009][ T1056] rtnetlink_rcv+0x1d/0x30 [ 3415.256313][ T468] kobject: 'hsr_slave_0' (000000002fd6013f): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3415.260392][ T1056] netlink_unicast+0x531/0x710 [ 3415.273924][ T468] kobject: 'batman_adv' (000000007e2ba54d): kobject_uevent_env [ 3415.284358][ T468] kobject: 'batman_adv' (000000007e2ba54d): kobject_uevent_env: filter function caused the event to drop! [ 3415.296347][ T1056] ? netlink_attachskb+0x7c0/0x7c0 [ 3415.301473][ T1056] ? _copy_from_iter_full+0x25d/0x8a0 [ 3415.307244][ T468] kobject: 'batman_adv' (000000007e2ba54d): kobject_cleanup, parent 000000006ff208ed [ 3415.316988][ T1056] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3415.322705][ T1056] ? __check_object_size+0x3d/0x43c [ 3415.328222][ T468] kobject: 'batman_adv' (000000007e2ba54d): calling ktype release [ 3415.337147][ T468] kobject: (000000007e2ba54d): dynamic_kobj_release [ 3415.344066][ T1056] netlink_sendmsg+0x8a5/0xd60 [ 3415.348845][ T1056] ? netlink_unicast+0x710/0x710 [ 3415.354048][ T468] kobject: 'batman_adv': free name [ 3415.359335][ T468] kobject: 'rx-0' (000000002cdcbc58): kobject_cleanup, parent 00000000aa5fab30 [ 3415.368697][ T1056] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3415.374487][ T1056] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3415.379933][ T1056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3415.386451][ T468] kobject: 'rx-0' (000000002cdcbc58): auto cleanup 'remove' event [ 3415.394505][ T1056] ? security_socket_sendmsg+0x8d/0xc0 [ 3415.399957][ T1056] ? netlink_unicast+0x710/0x710 [ 3415.405200][ T1056] sock_sendmsg+0xd7/0x130 [ 3415.409615][ T1056] __sys_sendto+0x262/0x380 [ 3415.412995][ T468] kobject: 'rx-0' (000000002cdcbc58): kobject_uevent_env [ 3415.414464][ T1056] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3415.421241][ T468] kobject: 'rx-0' (000000002cdcbc58): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3415.426968][ T1056] ? lock_downgrade+0x920/0x920 [ 3415.442559][ T1056] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3415.448203][ T1056] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 3415.453327][ T468] kobject: 'rx-0' (000000002cdcbc58): auto cleanup kobject_del [ 3415.455239][ T1056] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3415.461398][ T468] kobject: 'rx-0' (000000002cdcbc58): calling ktype release [ 3415.467891][ T1056] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3415.479914][ T1056] ? do_syscall_64+0x26/0x6a0 [ 3415.484991][ T1056] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3415.491055][ T1056] __x64_sys_sendto+0xe1/0x1a0 [ 3415.496098][ T468] kobject: 'rx-0': free name [ 3415.500738][ T468] kobject: 'tx-0' (00000000d44f6810): kobject_cleanup, parent 00000000aa5fab30 [ 3415.510029][ T1056] do_syscall_64+0xfd/0x6a0 [ 3415.514781][ T1056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3415.520659][ T1056] RIP: 0033:0x413673 [ 3415.524901][ T468] kobject: 'tx-0' (00000000d44f6810): auto cleanup 'remove' event [ 3415.532775][ T468] kobject: 'tx-0' (00000000d44f6810): kobject_uevent_env [ 3415.540278][ T1056] Code: b0 20 41 00 41 b8 a4 d6 65 00 ba 04 00 00 00 bf 9a 38 44 00 ff 15 15 a0 24 00 85 c0 0f 85 cf fc ff ff 45 31 c9 31 c9 31 f6 41 70 d6 65 00 ba 0b 00 00 00 bf af 38 44 00 e8 09 2f 02 00 85 c0 [ 3415.560321][ T468] kobject: 'tx-0' (00000000d44f6810): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3415.571360][ T1056] RSP: 002b:00007ffeeb3ba9c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 3415.580296][ T468] kobject: 'tx-0' (00000000d44f6810): auto cleanup kobject_del [ 3415.588100][ T1056] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413673 [ 3415.597415][ T468] kobject: 'tx-0' (00000000d44f6810): calling ktype release [ 3415.605102][ T468] kobject: 'tx-0': free name [ 3415.609712][ T468] kobject: 'queues' (00000000aa5fab30): kobject_cleanup, parent 000000006ff208ed [ 3415.613011][ T1056] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 3415.619459][ T468] kobject: 'queues' (00000000aa5fab30): calling ktype release [ 3415.634664][ T468] kobject: 'queues' (00000000aa5fab30): kset_release [ 3415.641337][ T468] kobject: 'queues': free name [ 3415.642992][ T1056] RBP: 00007ffeeb3baa30 R08: 00007ffeeb3ba9d0 R09: 000000000000000c [ 3415.646958][ T468] kobject: 'veth0_to_hsr' (000000001a9b5b0d): kobject_uevent_env [ 3415.661991][ T468] kobject: 'veth0_to_hsr' (000000001a9b5b0d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3415.662923][ T1056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 3415.681570][ T1056] R13: 00000000004bea69 R14: 0000000000000000 R15: 0000000000000006 [ 3415.689652][ T1056] INFO: task syz-executor.3:30726 blocked for more than 145 seconds. [ 3415.690546][ T468] team0 (unregistering): Port device team_slave_1 removed [ 3415.698058][ T1056] Not tainted 5.3.0-rc3+ #97 [ 3415.710498][ T1056] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3415.719399][ T1056] syz-executor.3 D24320 30726 1 0x00004004 [ 3415.724133][ T468] kobject: 'batman_adv' (0000000079193751): kobject_uevent_env [ 3415.726029][ T1056] Call Trace: [ 3415.736803][ T1056] __schedule+0x755/0x1580 [ 3415.741220][ T1056] ? __sched_text_start+0x8/0x8 [ 3415.742903][ T468] kobject: 'batman_adv' (0000000079193751): kobject_uevent_env: filter function caused the event to drop! [ 3415.746365][ T1056] ? lock_downgrade+0x920/0x920 [ 3415.762533][ T1056] ? rwlock_bug.part.0+0x90/0x90 [ 3415.767748][ T1056] schedule+0xa8/0x270 [ 3415.771807][ T1056] schedule_preempt_disabled+0x13/0x20 [ 3415.772943][ T468] kobject: 'batman_adv' (0000000079193751): kobject_cleanup, parent 000000006ff208ed [ 3415.777896][ T1056] __mutex_lock+0x7b0/0x13c0 [ 3415.791540][ T1056] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 3415.796913][ T468] kobject: 'batman_adv' (0000000079193751): calling ktype release [ 3415.796937][ T468] kobject: (0000000079193751): dynamic_kobj_release [ 3415.796978][ T468] kobject: 'batman_adv': free name [ 3415.797274][ T468] kobject: 'rx-0' (0000000019bc780d): kobject_cleanup, parent 00000000f4f7698c [ 3415.805419][ T1056] ? mutex_lock_io_nested+0x1260/0x1260 [ 3415.816873][ T468] kobject: 'rx-0' (0000000019bc780d): auto cleanup 'remove' event [ 3415.826110][ T1056] ? find_held_lock+0x35/0x130 [ 3415.842944][ T468] kobject: 'rx-0' (0000000019bc780d): kobject_uevent_env [ 3415.844447][ T1056] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 3415.851120][ T468] kobject: 'rx-0' (0000000019bc780d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3415.856822][ T1056] ? lock_downgrade+0x920/0x920 [ 3415.872320][ T1056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3415.878898][ T1056] mutex_lock_nested+0x16/0x20 [ 3415.883901][ T1056] ? mutex_lock_nested+0x16/0x20 [ 3415.888833][ T1056] rtnetlink_rcv_msg+0x40a/0xb00 [ 3415.893101][ T468] kobject: 'rx-0' (0000000019bc780d): auto cleanup kobject_del [ 3415.894142][ T1056] ? rtnetlink_put_metrics+0x580/0x580 [ 3415.901322][ T468] kobject: 'rx-0' (0000000019bc780d): calling ktype release [ 3415.907042][ T1056] ? lock_downgrade+0x920/0x920 [ 3415.919374][ T1056] ? netlink_deliver_tap+0x22d/0xbf0 [ 3415.924931][ T1056] ? find_held_lock+0x35/0x130 [ 3415.929704][ T1056] netlink_rcv_skb+0x177/0x450 [ 3415.932917][ T468] kobject: 'rx-0': free name [ 3415.934877][ T1056] ? rtnetlink_put_metrics+0x580/0x580 [ 3415.943310][ T468] kobject: 'tx-0' (000000004d53857a): kobject_cleanup, parent 00000000f4f7698c [ 3415.944800][ T1056] ? netlink_ack+0xb30/0xb30 [ 3415.958238][ T1056] ? __kasan_check_read+0x11/0x20 [ 3415.962901][ T468] kobject: 'tx-0' (000000004d53857a): auto cleanup 'remove' event [ 3415.963551][ T1056] ? netlink_deliver_tap+0x254/0xbf0 [ 3415.971037][ T468] kobject: 'tx-0' (000000004d53857a): kobject_uevent_env [ 3415.976600][ T1056] rtnetlink_rcv+0x1d/0x30 [ 3415.988212][ T1056] netlink_unicast+0x531/0x710 [ 3415.993257][ T1056] ? netlink_attachskb+0x7c0/0x7c0 [ 3415.998366][ T1056] ? _copy_from_iter_full+0x25d/0x8a0 [ 3416.003708][ T468] kobject: 'tx-0' (000000004d53857a): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3416.004077][ T1056] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3416.014799][ T468] kobject: 'tx-0' (000000004d53857a): auto cleanup kobject_del [ 3416.028139][ T468] kobject: 'tx-0' (000000004d53857a): calling ktype release [ 3416.032937][ T1056] ? __check_object_size+0x3d/0x43c [ 3416.036017][ T468] kobject: 'tx-0': free name [ 3416.040603][ T1056] netlink_sendmsg+0x8a5/0xd60 [ 3416.045543][ T468] kobject: 'queues' (00000000f4f7698c): kobject_cleanup, parent 000000006ff208ed [ 3416.059563][ T468] kobject: 'queues' (00000000f4f7698c): calling ktype release [ 3416.062968][ T1056] ? netlink_unicast+0x710/0x710 [ 3416.067325][ T468] kobject: 'queues' (00000000f4f7698c): kset_release [ 3416.071933][ T1056] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3416.079041][ T468] kobject: 'queues': free name [ 3416.089886][ T468] kobject: 'team_slave_1' (0000000002286024): kobject_uevent_env [ 3416.098206][ T1056] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3416.103986][ T468] kobject: 'team_slave_1' (0000000002286024): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3416.116038][ T1056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3416.122372][ T1056] ? security_socket_sendmsg+0x8d/0xc0 [ 3416.130965][ T468] kobject: 'batman_adv' (000000002dffb225): kobject_uevent_env [ 3416.138945][ T1056] ? netlink_unicast+0x710/0x710 [ 3416.144249][ T1056] sock_sendmsg+0xd7/0x130 [ 3416.148668][ T1056] __sys_sendto+0x262/0x380 [ 3416.153602][ T468] kobject: 'batman_adv' (000000002dffb225): kobject_uevent_env: filter function caused the event to drop! [ 3416.165155][ T1056] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3416.170544][ T1056] ? lock_downgrade+0x920/0x920 [ 3416.175880][ T468] kobject: 'batman_adv' (000000002dffb225): kobject_cleanup, parent 000000006ff208ed [ 3416.185641][ T1056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3416.191887][ T1056] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3416.197738][ T468] kobject: 'batman_adv' (000000002dffb225): calling ktype release [ 3416.205849][ T1056] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3416.211330][ T1056] ? do_syscall_64+0x26/0x6a0 [ 3416.216384][ T1056] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3416.222463][ T1056] __x64_sys_sendto+0xe1/0x1a0 [ 3416.222991][ T468] kobject: (000000002dffb225): dynamic_kobj_release [ 3416.227596][ T1056] do_syscall_64+0xfd/0x6a0 [ 3416.238739][ T1056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3416.242915][ T468] kobject: 'batman_adv': free name [ 3416.244956][ T1056] RIP: 0033:0x413673 [ 3416.249912][ T468] kobject: 'rx-0' (000000009442872f): kobject_cleanup, parent 000000005eda5e10 [ 3416.254739][ T1056] Code: b0 20 41 00 41 b8 a4 d6 65 00 ba 04 00 00 00 bf 9a 38 44 00 ff 15 15 a0 24 00 85 c0 0f 85 cf fc ff ff 45 31 c9 31 c9 31 f6 41 70 d6 65 00 ba 0b 00 00 00 bf af 38 44 00 e8 09 2f 02 00 85 c0 [ 3416.272899][ T468] kobject: 'rx-0' (000000009442872f): auto cleanup 'remove' event [ 3416.282741][ T1056] RSP: 002b:00007ffcdaa8def8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 3416.298791][ T468] kobject: 'rx-0' (000000009442872f): kobject_uevent_env [ 3416.305921][ T468] kobject: 'rx-0' (000000009442872f): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3416.316886][ T1056] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413673 [ 3416.316909][ T1056] RDX: 000000000000003c RSI: 0000000000a70070 RDI: 0000000000000003 [ 3416.316930][ T1056] RBP: 0000000000000000 R08: 00007ffcdaa8df00 R09: 000000000000000c [ 3416.316950][ T1056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 3416.316958][ T1056] R13: 0000000000000003 R14: 00007ffcdaa8dfa8 R15: 0000000000000006 [ 3416.317029][ T1056] [ 3416.317029][ T1056] Showing all locks held in the system: [ 3416.325055][ T468] kobject: 'rx-0' (000000009442872f): auto cleanup kobject_del [ 3416.325202][ T468] kobject: 'rx-0' (000000009442872f): calling ktype release [ 3416.325223][ T468] kobject: 'rx-0': free name [ 3416.325374][ T468] kobject: 'tx-0' (000000008d2f1339): kobject_cleanup, parent 000000005eda5e10 [ 3416.352922][ T1056] 7 locks held by kworker/u4:3/468: [ 3416.357769][ T468] kobject: 'tx-0' (000000008d2f1339): auto cleanup 'remove' event [ 3416.382901][ T1056] 1 lock held by khungtaskd/1056: [ 3416.384743][ T468] kobject: 'tx-0' (000000008d2f1339): kobject_uevent_env [ 3416.402895][ T1056] #0: 00000000755d4faa (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 3416.406717][ T468] kobject: 'tx-0' (000000008d2f1339): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3416.411652][ T1056] 1 lock held by rsyslogd/8341: [ 3416.421102][ T468] kobject: 'tx-0' (000000008d2f1339): auto cleanup kobject_del [ 3416.451630][ T468] kobject: 'tx-0' (000000008d2f1339): calling ktype release [ 3416.453004][ T1056] #0: 000000004fa8a83a (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 3416.459285][ T468] kobject: 'tx-0': free name [ 3416.472380][ T468] kobject: 'queues' (000000005eda5e10): kobject_cleanup, parent 000000006ff208ed [ 3416.481767][ T468] kobject: 'queues' (000000005eda5e10): calling ktype release [ 3416.482898][ T1056] 2 locks held by getty/8431: [ 3416.492965][ T468] kobject: 'queues' (000000005eda5e10): kset_release [ 3416.494478][ T1056] #0: 000000000580b91a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3416.500700][ T468] kobject: 'queues': free name [ 3416.515479][ T468] kobject: 'veth1_to_team' (00000000f1d9215d): kobject_uevent_env [ 3416.522930][ T1056] #1: 00000000c5cfbe39 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3416.523625][ T468] kobject: 'veth1_to_team' (00000000f1d9215d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3416.532820][ T1056] 2 locks held by getty/8432: [ 3416.550165][ T1056] #0: 00000000814d0fc9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3416.559161][ T1056] #1: 0000000068dcc111 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3416.568894][ T1056] 2 locks held by getty/8433: [ 3416.573738][ T1056] #0: 000000009c795bff (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3416.582678][ T1056] #1: 000000007ed7a4f4 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3416.592303][ T1056] 2 locks held by getty/8434: [ 3416.597011][ T1056] #0: 0000000068e1f232 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3416.606023][ T1056] #1: 00000000be141750 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3416.615628][ T1056] 2 locks held by getty/8435: [ 3416.620285][ T1056] #0: 00000000564625a9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3416.629309][ T1056] #1: 0000000088b019cf (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3416.638942][ T1056] 2 locks held by getty/8436: [ 3416.643709][ T1056] #0: 00000000786903e0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3416.652649][ T1056] #1: 000000008ca7246a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3416.662585][ T1056] 2 locks held by getty/8437: [ 3416.667469][ T1056] #0: 00000000a6041c57 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3416.677453][ T1056] #1: 0000000064c2d686 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3416.687657][ T1056] 3 locks held by kworker/1:16/16725: [ 3416.693310][ T1056] #0: 0000000015a21a55 ((wq_completion)events){+.+.}, at: process_one_work+0x88b/0x1740 [ 3416.703494][ T1056] #1: 000000009008c837 (deferred_process_work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3416.713596][ T1056] #2: 000000001f6a6ed0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3416.721591][ T1056] 2 locks held by kworker/1:0/19213: [ 3416.727202][ T1056] #0: 00000000198b1ae4 ((wq_completion)rcu_gp){+.+.}, at: process_one_work+0x88b/0x1740 [ 3416.737386][ T1056] #1: 00000000d7d8ccde ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3416.748629][ T1056] 3 locks held by kworker/1:2/21598: [ 3416.754251][ T1056] #0: 000000005a2ff4a0 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x88b/0x1740 [ 3416.765126][ T1056] #1: 00000000fb1f4038 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3416.777017][ T1056] #2: 000000001f6a6ed0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3416.785297][ T1056] 2 locks held by kworker/u4:2/22412: [ 3416.790866][ T1056] 3 locks held by kworker/1:3/25186: [ 3416.796441][ T1056] #0: 0000000015a21a55 ((wq_completion)events){+.+.}, at: process_one_work+0x88b/0x1740 [ 3416.807437][ T1056] #1: 00000000eb386861 ((linkwatch_work).work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3416.817540][ T1056] #2: 000000001f6a6ed0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3416.825897][ T1056] 3 locks held by kworker/0:14/30696: [ 3416.831263][ T1056] #0: 000000005a2ff4a0 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x88b/0x1740 [ 3416.841982][ T1056] #1: 0000000071a5aae8 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3416.854014][ T1056] #2: 000000001f6a6ed0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3416.862014][ T1056] 1 lock held by syz-executor.4/30724: [ 3416.867710][ T1056] #0: 000000001f6a6ed0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 3416.876816][ T1056] 1 lock held by syz-executor.3/30726: [ 3416.882255][ T1056] #0: 000000001f6a6ed0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 3416.891433][ T1056] [ 3416.892369][ T468] team0 (unregistering): Port device team_slave_0 removed [ 3416.894731][ T1056] ============================================= [ 3416.894731][ T1056] [ 3416.902372][ T468] kobject: 'batman_adv' (000000005253b77f): kobject_uevent_env [ 3416.909870][ T1056] NMI backtrace for cpu 0 [ 3416.921503][ T1056] CPU: 0 PID: 1056 Comm: khungtaskd Not tainted 5.3.0-rc3+ #97 [ 3416.929115][ T1056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3416.939156][ T1056] Call Trace: [ 3416.942442][ T1056] dump_stack+0x172/0x1f0 [ 3416.942994][ T468] kobject: 'batman_adv' (000000005253b77f): kobject_uevent_env: filter function caused the event to drop! [ 3416.946761][ T1056] nmi_cpu_backtrace.cold+0x70/0xb2 [ 3416.963184][ T1056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3416.969423][ T1056] ? lapic_can_unplug_cpu.cold+0x45/0x45 [ 3416.973089][ T468] kobject: 'batman_adv' (000000005253b77f): kobject_cleanup, parent 000000006ff208ed [ 3416.975046][ T1056] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 3416.990453][ T1056] arch_trigger_cpumask_backtrace+0x14/0x20 [ 3416.993008][ T468] kobject: 'batman_adv' (000000005253b77f): calling ktype release [ 3416.996345][ T1056] watchdog+0x9d0/0xef0 [ 3417.008268][ T1056] kthread+0x361/0x430 [ 3417.012329][ T1056] ? reset_hung_task_detector+0x30/0x30 [ 3417.017863][ T1056] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3417.023008][ T468] kobject: (000000005253b77f): dynamic_kobj_release [ 3417.024095][ T1056] ret_from_fork+0x24/0x30 [ 3417.030653][ T468] kobject: 'batman_adv': free name [ 3417.035147][ T1056] Sending NMI from CPU 0 to CPUs 1: [ 3417.036014][ C1] NMI backtrace for cpu 1 [ 3417.036019][ C1] CPU: 1 PID: 468 Comm: kworker/u4:3 Not tainted 5.3.0-rc3+ #97 [ 3417.036024][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3417.036027][ C1] Workqueue: netns cleanup_net [ 3417.036034][ C1] RIP: 0010:check_memory_region+0x105/0x1a0 [ 3417.036043][ C1] Code: eb 0c 49 83 c0 01 4c 89 c8 4d 39 c8 74 10 41 80 38 00 74 ee 4b 8d 44 25 00 4d 85 c0 75 31 49 89 d9 49 29 c1 e9 68 ff ff ff 5b 01 00 00 00 41 5c 41 5d 5d c3 4d 85 c9 74 ef 4d 01 e1 eb 09 48 [ 3417.036047][ C1] RSP: 0018:ffff8880ae909b38 EFLAGS: 00000046 [ 3417.036054][ C1] RAX: fffffbfff14a8f44 RBX: 00000000000000d7 RCX: ffffffff81588cac [ 3417.036059][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8a547a18 [ 3417.036063][ C1] RBP: ffff8880ae909b48 R08: 1ffffffff14a8f43 R09: fffffbfff14a8f44 [ 3417.036067][ C1] R10: fffffbfff14a8f43 R11: ffffffff8a547a1f R12: fffffbfff14a8f43 [ 3417.036072][ C1] R13: 1667abebcbeb7ebe R14: ffffffff89a5baf0 R15: 0000000000000001 [ 3417.036077][ C1] FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 3417.036081][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3417.036085][ C1] CR2: 00000000018d7890 CR3: 00000000a1fb8000 CR4: 00000000001406e0 [ 3417.036090][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3417.036094][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3417.036097][ C1] Call Trace: [ 3417.036099][ C1] [ 3417.036102][ C1] __kasan_check_read+0x11/0x20 [ 3417.036105][ C1] __lock_acquire+0x19fc/0x4c30 [ 3417.036108][ C1] ? __queue_work+0x599/0x1270 [ 3417.036112][ C1] ? debug_object_deactivate+0x1d9/0x320 [ 3417.036115][ C1] ? find_held_lock+0x35/0x130 [ 3417.036118][ C1] ? mark_held_locks+0xf0/0xf0 [ 3417.036121][ C1] ? lock_downgrade+0x920/0x920 [ 3417.036124][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 3417.036127][ C1] lock_acquire+0x190/0x410 [ 3417.036130][ C1] ? call_timer_fn+0xe0/0x780 [ 3417.036133][ C1] call_timer_fn+0x12c/0x780 [ 3417.036137][ C1] ? call_timer_fn+0xe0/0x780 [ 3417.036140][ C1] ? queue_work_node+0x380/0x380 [ 3417.036143][ C1] ? msleep_interruptible+0x150/0x150 [ 3417.036147][ C1] ? queue_work_node+0x380/0x380 [ 3417.036150][ C1] ? __kasan_check_read+0x11/0x20 [ 3417.036153][ C1] ? do_raw_spin_unlock+0x57/0x270 [ 3417.036157][ C1] ? queue_work_node+0x380/0x380 [ 3417.036160][ C1] run_timer_softirq+0x478/0x17a0 [ 3417.036162][ C1] ? add_timer+0x930/0x930 [ 3417.036165][ C1] __do_softirq+0x262/0x98c [ 3417.036168][ C1] ? sched_clock_cpu+0x1b/0x1b0 [ 3417.036170][ C1] irq_exit+0x19b/0x1e0 [ 3417.036173][ C1] smp_apic_timer_interrupt+0x1a3/0x610 [ 3417.036176][ C1] apic_timer_interrupt+0xf/0x20 [ 3417.036178][ C1] [ 3417.036181][ C1] RIP: 0010:vprintk_emit+0x5df/0x700 [ 3417.036190][ C1] Code: 00 48 b8 00 00 00 00 00 fc ff df 41 80 3c 06 00 0f 85 f8 00 00 00 48 83 3d 1d db 76 07 00 74 6a e8 86 71 16 00 48 89 df 57 9d <0f> 1f 44 00 00 e9 06 ff ff ff e8 72 71 16 00 49 c1 ee 03 e8 69 ed [ 3417.036193][ C1] RSP: 0018:ffff8880a8e876c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 3417.036200][ C1] RAX: ffff8880a8e7e180 RBX: 0000000000000293 RCX: 0000000000000006 [ 3417.036204][ C1] RDX: 0000000000000000 RSI: ffffffff815c17fa RDI: 0000000000000293 [ 3417.036208][ C1] RBP: ffff8880a8e87710 R08: 1ffffffff14a8f43 R09: fffffbfff14a8f44 [ 3417.036212][ C1] R10: fffffbfff14a8f43 R11: ffffffff8a547a1f R12: 0000000000000020 [ 3417.036216][ C1] R13: 0000000000000200 R14: 1ffffffff11a5e62 R15: ffff8880a7e6a380 [ 3417.036218][ C1] ? vprintk_emit+0x5da/0x700 [ 3417.036221][ C1] vprintk_default+0x28/0x30 [ 3417.036224][ C1] vprintk_func+0x7e/0x189 [ 3417.036226][ C1] printk+0xba/0xed [ 3417.036229][ C1] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 3417.036232][ C1] ? trace_hardirqs_on+0x67/0x240 [ 3417.036235][ C1] ? dynamic_kobj_release+0x2c/0x30 [ 3417.036237][ C1] kobject_put.cold+0x2ab/0x2e6 [ 3417.036240][ C1] batadv_sysfs_del_hardif+0x6f/0xb8 [ 3417.036244][ C1] batadv_hardif_remove_interface+0x7d/0x170 [ 3417.036247][ C1] batadv_hard_if_event+0x2cb/0xf80 [ 3417.036250][ C1] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3417.036253][ C1] notifier_call_chain+0xc2/0x230 [ 3417.036256][ C1] raw_notifier_call_chain+0x2e/0x40 [ 3417.036259][ C1] call_netdevice_notifiers_info+0x3f/0x90 [ 3417.036262][ C1] rollback_registered_many+0x8ba/0xdd0 [ 3417.036265][ C1] ? veth_disable_xdp+0x7f0/0x7f0 [ 3417.036267][ C1] ? generic_xdp_install+0x3d0/0x3d0 [ 3417.036271][ C1] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3417.036274][ C1] ? unregister_netdevice_queue+0x1d2/0x2c0 [ 3417.036277][ C1] unregister_netdevice_many.part.0+0x1b/0x1f0 [ 3417.036281][ C1] default_device_exit_batch+0x34e/0x410 [ 3417.036284][ C1] ? unregister_netdevice_many+0x50/0x50 [ 3417.036286][ C1] ? rtnl_unlock+0xe/0x10 [ 3417.036290][ C1] ? prepare_to_wait_exclusive+0x320/0x320 [ 3417.036293][ C1] ? rtnl_unlock+0xe/0x10 [ 3417.036296][ C1] ? unregister_netdevice_many+0x50/0x50 [ 3417.036299][ C1] ? dev_change_net_namespace+0xc60/0xc60 [ 3417.036302][ C1] ops_exit_list.isra.0+0xfc/0x150 [ 3417.036305][ C1] cleanup_net+0x4e2/0xa70 [ 3417.036308][ C1] ? netns_install+0x1d0/0x1d0 [ 3417.036310][ C1] process_one_work+0x9af/0x1740 [ 3417.036313][ C1] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3417.036316][ C1] ? lock_acquire+0x190/0x410 [ 3417.036319][ C1] worker_thread+0x98/0xe40 [ 3417.036321][ C1] kthread+0x361/0x430 [ 3417.036324][ C1] ? process_one_work+0x1740/0x1740 [ 3417.036327][ C1] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3417.036330][ C1] ret_from_fork+0x24/0x30 [ 3417.040320][ T1056] Kernel panic - not syncing: hung_task: blocked tasks [ 3417.053826][ T468] kobject: 'rx-0' (00000000f8e556fd): kobject_cleanup, parent 00000000773c2405 [ 3417.058642][ T1056] CPU: 0 PID: 1056 Comm: khungtaskd Not tainted 5.3.0-rc3+ #97 [ 3417.082953][ T468] kobject: 'rx-0' (00000000f8e556fd): auto cleanup 'remove' event [ 3417.098861][ T1056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3417.098867][ T1056] Call Trace: [ 3417.098893][ T1056] dump_stack+0x172/0x1f0 [ 3417.098915][ T1056] panic+0x2dc/0x755 [ 3417.098930][ T1056] ? add_taint.cold+0x16/0x16 [ 3417.098946][ T1056] ? lapic_can_unplug_cpu.cold+0x45/0x45 [ 3417.098963][ T1056] ? ___preempt_schedule+0x16/0x20 [ 3417.098981][ T1056] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 3417.098995][ T1056] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 3417.099008][ T1056] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 3417.099026][ T1056] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 3417.123064][ T468] kobject: 'rx-0' (00000000f8e556fd): kobject_uevent_env [ 3417.128932][ T1056] watchdog+0x9e1/0xef0 [ 3417.152969][ T468] kobject: 'rx-0' (00000000f8e556fd): kobject_uevent_env: uevent_suppress caused the event to drop! [ 3417.153736][ T1056] kthread+0x361/0x430 [ 3417.160284][ T468] kobject: 'rx-0' (00000000f8e556fd): auto cleanup kobject_del [ 3417.168238][ T1056] ? reset_hung_task_detector+0x30/0x30 [ 3417.168251][ T1056] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3417.168268][ T1056] ret_from_fork+0x24/0x30 [ 3417.177473][ T1056] Kernel Offset: disabled [ 3417.734730][ T1056] Rebooting in 86400 seconds..